Unit 3

The Need For Security

1
 Learning Objectives
Upon completion of this lecture, you should be able to:
• Understand the need for information security.
• Understand a successful information security program is the
responsibility of an organization’s general management and
IT management.
• Understand the threats posed to information security and
the more common attacks associated with those threats.
• Differentiate threats to information systems from attacks
against information systems.

Slide 2
 Business Needs First, Technology Needs Last

Information security performs four important functions for an

organization:
• Protects the organization’s ability to function
• Enables the safe operation of applications implemented on the
organization’s IT systems
• Protects data that organizations collects and uses
• Safeguards the technology assets in use at the organization

Slide 3
 Protecting the Ability to Function
• General Management & IT Management is responsible for
implementing IS
• Information security is
• a management issue
• a people issue
• Communities of interest must argue for information security in
terms of impact and cost.

Slide
 Enabling Safe Operation
• Organizations must create integrated, efficient, and capable
applications
• Organization need environments that safeguard applications
using organizations IT Systems
• Applications OS platforms, E-mails, instant messaging
application
• Management must not abdicate to the IT department its
responsibility to make choices and enforce decisions

Slide 5
 Protecting Data

• One of the most valuable assets is data

• Without data, an organization loses its record of transactions
and/or its ability to deliver value to its customers.
• An effective information security program is essential to the
protection of the integrity and value of the organization’s data
• Protecting Data in motion
• Protecting Data in rest

Slide 6
 Safeguarding Technology Assets

• Organizations must have secure infrastructure services

based on the size and scope of the enterprise.
• Additional security services may have to be provided. Ex
encryption methdologies, legal agreements
• More robust solutions may be needed to replace security
programs the organization has outgrown

Slide 7
 Threats
• Management must be informed
of the various kinds of threats
facing the organization
• A threat is an object, person,
or other entity that
represents a constant danger
to an asset
• By examining each threat
category in turn, management
effectively protects its
information through policy,
education and training, and
technology controls

Slide 8
 Threats
• The CSI/FBI survey found:
• 90% of organizations responding detected computer security breaches within
the last year
• 80% lost money to computer breaches, totaling over $455,848,000 up from
$377,828,700 .
• The number of attacks that came across the Internet rose from 70% to 74% .
• Only 34% of organizations reported their attacks to law enforcement

Slide 9
Threats to Information Security

Slide 10
 1. Acts of Human Error or Failure
• Includes acts done without
malicious intent
• Caused by:
• Inexperience
• Improper training
• Incorrect assumptions
• Other circumstances
• Employees are greatest threats
to information security – They
are closest to the organizational
data

Slide 11
 1. Acts of Human Error or Failure
• Employee mistakes can easily
lead to the following:
• revelation of classified data
• entry of erroneous data
• accidental deletion or modification
of data
• storage of data in unprotected
areas
• failure to protect information
• Many of these threats can be
prevented with controls

Slide 12
Slide 13
Examples: Sony Pictures Entertainment

• The 2014 breach against Sony Pictures Entertainment began when attackers sent many of
Sony's top executives fake Apple ID verification emails. Each email led to a phishing site
that stole a target's Apple credentials.
• In the hope that someone had reused their Apple ID information across multiple accounts,
the hackers abused those usernames and passwords in conjunction with employees'
LinkedIn profiles to guess their way onto Sony's network.
• Upon gaining access, the hackers used Wiper malware to cripple the company's computer
networks and make off with 100 terabytes of data. The hackers, who the United States
believes were working for North Korea, eventually posted much of that information online.
• Sony Pictures Entertainment spent $35 million repairing its IT system, though the total cost
of the breach could be significantly higher than that amount.

14
Target

• On November 15, 2013, attackers broke into Target's network using network credentials
stolen from Fazio Mechanical Services, a provider of refrigeration and HVAC systems.
• Two sources close to the investigation told that attackers used Citadel, a password-stealing
malware which is a derivative of the ZeuS banking trojan.
• After gaining access to the retailer's network, the attackers installed malware on the point-
of-sale (POS) terminals at one of Target's stores.
• That malware facilitated the theft of 40 million credit- and debit-card records, as well as an
additional 70 million customer records (including addresses and phone numbers).
• Accounting for tax deductions and insurance reimbursement, the breach cost Target
approximately $105 million.

15
Five major categories, covering employee
security mistakes
1. Weak Password Security
o Using simple password
o Sharing passwords
2. Careless handling of data
o Sending data via email by mistake
o Accidentally deleting files
3. Inadequate software security
o Neglecting updates
o Intentionally disabling security features
4. Low security awareness
o Clicking on malicious email links
o Using and downloading unauthorized software
o Plugging unknown or insecure devices
5. Ineffective data access management
o Having too many privileges
o Performing unauthorized system changes

16
 2. Compromises to Intellectual
Property(IP)
• Intellectual property is “the ownership of ideas and control over the tangible or
virtual representation of those ideas”
• Many organizations are in business to create intellectual property
• Trade secrets - Trade secrets are like copyright, except that it's about reasonable
protections to protect something that gives you a competitive advantage. Examples
include client lists and strategy plans, or the formula to Coca-Cola.
• Copyrights - Copyright protects the expression of an idea, not the idea itself.
• Trademarks - A trademark is a word or symbol that designates the source or
sponsorship of a particular good or service.
• Patents - Patents cover IDEAS themselves, not just (as copyright does) an idea's
expression. Patents can be methods, devices, new ways, new uses, new applications.
• The most common IP breach is the unlawful use or duplication of software
based IP , known as software piracy.

Slide 17
 3. Espionage/Trespass
Broad category of electronic and human activities that breach confidentiality
of information.
Unauthorized user accessing of information
Attackers use many different techniques, some are legal some are illegal.

1. Competitive intelligence: Some information gathering techniques are legal

,as using web browser to perform market research.

2. Industrial espionage : when information's gatherers employ techniques that

cross the threshold of what is legal or ethical.

3. Shoulder surfing can occur any place a person is accessing confidential

information. Official Desks, ATM Machines etc
• Controls implemented to mark the boundaries
of an organization’s virtual territory giving notice
to trespassers that they are encroaching on
the organization’s cyberspace.

Slide 18
Slide 19
 3. Espionage/Trespass

• The culprit of deliberate act of espionage or trespass is the hacker.

• Hackers are people who use and create computer software to gain
access to information illegally.
• Generally two skill levels among hackers:
• Expert hacker
• develops software scripts and codes exploits
• usually a master of many skills
• will often create attack software and share with others
• Script kiddies
• hackers of limited skill
• use expert-written software to exploit a system
• do not usually fully understand the systems they hack

Slide 20
Slide 21
 3. Espionage/Trespass

• Other terms for system rule breakers:

• Cracker - an individual who “cracks” or removes
protection from software designed to prevent
unauthorized duplication

• Phreaker - hacks the public telephone network

Slide 22
 Examples

1. Drilling for Secrets

• Hackers stole proprietary information from six U.S. and European energy companies,
including Exxon Mobil, Royal Dutch Shell, and BP, according to investigators and one of the
companies.
• McAfee said the attacks resulted in the loss of "project-financing information with regard
to oil and gas field bids and operations."
• It also said the attacks, dubbed Night Dragon, originated "primarily in China" and began in
November 2009.
• Marathon Oil, ConocoPhillips, and Baker Hughes were also hit, according to people familiar
with the investigations.
• Hackers targeted computerized topographical maps worth "millions of dollars" that locate
potential oil reserves, said Ed Skoudis of InGuardians, a security company

23
2. Snowden
• is an American computer professional, former Central Intelligence Agency (CIA) employee,
and former contractor for the United States government who copied and leaked classified
information from the National Security Agency (NSA) in 2013 without authorization.
• His disclosures revealed numerous global surveillance programs, many run by the
NSA with the cooperation of telecommunication companies and European governments.
• On May 20, 2013, Snowden flew to Hong Kong after leaving his job at an NSA facility in
Hawaii, and in early June he revealed thousands of classified NSA documents to journalists.
• On June 21, 2013, the U.S. Department of Justice unsealed charges against Snowden of two
counts of violating the Espionage Act of 1917 and theft of government property

24
 4. Information Extortion
• Information extortion is an
attacker or formerly trusted
insider stealing information
from a computer system and
demanding compensation for
its return or non-use
• Extortion found in credit card
number theft

Slide 25
 5. Sabotage or Vandalism
• Individual or group who want to deliberately sabotage/damage the operations of a
computer system or business, or perform acts of vandalism to either destroy an
asset or damage the image of the organization.
• These threats can range from petty vandalism to organized sabotage
• Organizations rely on image so Web defacing can lead to dropping consumers
confidence and sales.
• Vandalism within the network is more malicious.

Hacktivist/Cyberactivists:
• Another form of online Vandalism.
• Which disrupt system to protest the
Operations, policies, actions of an
organization or govt agency.

Cyberterrorism:
• they hack system to conduct terrorist
activities via network.

Slide 26
 6. Deliberate Acts of Theft

• Illegal taking of another’s property - physical, electronic, or

intellectual
• The value of information suffers when it is copied and taken
away without the owner’s knowledge
• Physical theft can be controlled - a wide variety of measures
used from locked doors to guards or alarm systems
• Electronic theft is a more complex problem to manage and
control - organizations may not even know it has occurred

Slide 27
 7. Deliberate Software Attacks
• When an individual or group designs software to attack
systems, they create malicious code/software called malware
• Designed to damage, destroy, or deny service to the target
systems

• Includes:
• macro virus
• boot virus Trojan
• worms Horse
• Trojan horses M
• logic bombs R
• back door or trap door
O
W Virus
• denial-of-service attacks
• polymorphic
• hoaxes
Bomb
Slide 28
 7. Deliberate Software Attacks
VIRUS
• Virus is a computer program or segment of codes that attaches itself to an
executable file or application.
• It can replicate itself, usually through an executable program attached to an e-
mail.
• Viruses can be passes from machine to machine via physical media as email,
data transmission devices.
• You must prevent viruses from being installed on computers in your
organizations.

Slide 29
Contd…

• Most common types :

• Macro Virus: embedded in automatically executing macro code used
by word processors, spread sheets, database applications
• Boot Virus : which infects the key OS files located in a computers
boot sector.
• There is no foolproof method of preventing them from attaching
themselves to your computer
• Antivirus software compares virus signature files against the
programming code of know viruses.
• Regularly update virus signature files is crucial.

30
 7. Deliberate Software Attacks
WORM
• worm is a malicious program that replicates itself without having to attach itself to
a host until they completely fill the available resource .
• Infected sources can be memory , hard drive space & network bandwidth.
• Most infamous worms are Code Red and Nimda.
• Cost businesses millions of dollars in damage as a result of lost productivity
• Computer downtime and the time spent recovering lost data, reinstalling
programming's, operating systems, and hiring or contracting IT personnel.

Slide 31
32
 7. Deliberate Software Attacks

Trojan Horses
• It is a program in which malicious or harmful code is contained inside an
apparently harmless or useful code.
• Software programs that hide their true nature & reveal their designed
behavior only when activated.
• Trojan Programs disguise themselves as useful computer programs or
applications and can install a backdoor or rootkit on a computer.
• Backdoors or rootkits are computer programs that give attackers a
means of regaining access to the attacked computer later.

Slide 33
Slide 34
7. Deliberate Software Attacks

35
7. Deliberate Software Attacks

36
7. Deliberate Software Attacks

• Spyware
• A Spyware program sends info from the infected computer to the
person who initiated the spyware program on your computer
• Spyware program can register each keystroke entered.
• Adware
• Main purpose is to determine a user’s purchasing habits so that Web
browsers can display advertisements tailored to that user.
• Slow down the computer it’s running on.
• Adware sometimes displays a banner that notifies the user of its
presence
• Both programs can be installed without the user being aware
of their presence

Slide 38
7. Protecting against Deliberate Software
Attacks

• Educating Your Users

• Many U.S. government organizations make security
awareness programs mandatory, and many private-sector
companies are following their example.
• Email monthly security updates to all employees.
• Update virus signature files as soon as possible.
• Protect a network by implementing a firewall.
• Avoiding Fear Tactics
• Your approach to users or potential customers should be
promoting awareness rather than instilling fear.
• When training users, be sure to build on the knowledge
they already have.

Slide 39
 8.Forces of Nature
• Forces of nature, or acts of God are dangerous because they are unexpected and
can occur with very little warning
• Can disrupt not only the lives of individuals, but also the storage, transmission,
and use of information
• Include fire, flood, earthquake, and lightning as well as volcanic eruption and
Windstorm. Floods Earthquakes
• Since it is not possible toWindstorms
avoid many of these threats, management must
Thunderstorms
implement controls toHumidity
limit damage and also prepare Tornadoes
contingency plans for
continued operations
Avalanche Volcanoes

Landslides Hurricanes

Fire Snowstorms

Slide 40
9. Deviations in Quality of Service by Service Providers

• Situations of product or services not delivered as

expected
• Information system depends on many inter-dependent
support systems.
• Availability Disruption.
• Three sets of service issues that dramatically affect the
availability of information and systems are
• Internet service
• Communications
• Power irregularities

Slide 41
9. Internet Service Issues

• Loss of Internet service can lead to considerable loss in

the availability of information
• organizations have sales staff and telecommuters working at
remote locations
• When an organization outsources its web servers, the
outsourcer assumes responsibility for
• All Internet Services
• The hardware and operating system software used to operate
the web site

Slide 42
9. Communications and Other
Services
• Other utility services have potential impact
• Among these are
• telephone
• water & wastewater
• trash pickup
• cable television
• natural or propane gas
• custodial services
• The threat of loss of services can lead to inability to function
properly

Slide 43
9. Power Irregularities

Voltage levels can increase, decrease, or cease:

• spike – momentary increase
• surge – prolonged increase
• sag – momentary low voltage
• brownout – prolonged drop
• fault – momentary loss of power
• blackout – prolonged loss
• Electronic equipment is susceptible to fluctuations,
controls can be applied to manage power quality

Slide 44
10. Technical Hardware Failures
or Errors

• Technical hardware failures or errors occur when a

manufacturer distributes to users equipment containing flaws
• These defects can cause the system to perform outside of
expected parameters, resulting in unreliable service or lack of
availability
• Some errors are terminal, in that they result in the
unrecoverable loss of the equipment
• Some errors are intermittent, in that they only periodically
manifest themselves, resulting in faults that are not easily
repeated

Slide 45
 11. Technical software Failure or Errors

• This category of threats comes from purchasing software with

unrevealed faults
• Large quantities of computer code are written, debugged,
published, and sold only to determine that not all bugs were
resolved
• Sometimes, unique combinations of certain software and hardware
reveal new bugs
• Sometimes, these items aren’t errors, but are purposeful shortcuts
left by programmers for honest or dishonest reasons

Slide 46
 12.Technological Obsolescence

• When the infrastructure becomes antiquated or outdated, it leads

to unreliable and untrustworthy systems
• Management must recognize that when technology becomes
outdated, there is a risk of loss of data integrity to threats and
attacks
• Ideally, proper planning by management should prevent the risks
from technology obsolesce, but when obsolescence is identified,
management must take action

Slide 47
Attacks

• An attack is the deliberate act that exploits

vulnerability.
• It is accomplished by a threat-agent to damage or
steal an organization’s information or physical asset
• An exploit is a technique to compromise a system
• A vulnerability is an identified weakness of a controlled
system whose controls are not present or are no longer
effective
• An attack is then the use of an exploit to achieve the
compromise of a controlled system

Slide 48
 Types of Attacks
1. Malicious codes
2. Hoaxes
3. Back Doors
4. Password Crack
Brute force
Dictionary
Rainbow
5. Denial-of-service (DoS) and Distributed Denial-of-service (DDoS)
6. Spoofing
7. Man-in-the-Middle
8. Spam
9. Mail Bombing
10. Sniffers
11. Social Engineering

49
 1. Malicious
Code
• This kind of attack includes the execution of viruses, worms, Trojan horses, and active
web scripts with the intent to destroy or steal information.
• The multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities
in commonly found information system devices.

Slide 50
Attack Vectors

Slide 51
2. Virus Hoaxes

• A false warning about a computer virus.

• A more devious approach to attacking computer systems is the
transmission of a virus hoax, with a real virus attached
• A virus hoax is a false warning about a computer virus.
• Typically, the warning arrives in an e-mail note or is distributed through a
note in a company's internal network.
• These notes are usually forwarded using distribution lists and they will
typically suggest that the recipient forward the note to other distribution
lists.

52
Characteristics

• Most hoaxes are sensational in nature and easily identified by the fact that they indicate
that the virus will do nearly impossible things, like blow up the recipient's computer and
set it on fire, or less sensationally, delete everything on the user's computer.
• They often include fake announcements claimed to originate from reputable computer
organizations together with mainstream news media.
• These bogus sources are quoted in order to give the hoax more credibility.
• Typically, the warnings use emotive language, stress the urgent nature of the threat and
encourage readers to forward the message to other people as soon as possible.
• Examples of this type include the jdbgmgr.exe virus hoax and the SULFNBK.EXE hoax.

53
Examples

• There have been famous virus hoax examples that have raised awareness of this issue
including:
• Good Times (was supposedly an e-mail virus that would delete the contents of your hard
disk);
• Pen Pal Greetings (was supposedly an e-mail borne virus that would infect the boot sector
of your PC and delete the contents of your hard drive);
• Deeyenda (supposedly an e-mail virus that re-writes your hard drive);
• Sulfnbk.exe - particularly destructive because it requested users to delete (of which many
did) this executable which is used to restore and backup long file names in Windows
95/98.;
• Bud Frogs – claims that if you download the screen saver it will crash your hard drive

54
Damage/Cost

• The cost of a virus hoax is hidden but includes:

Loss of productivity of users;
Network utilisation damage as messages are sent;
Reputation of your organisation (when responsible for forwarding virus hoax warnings);
and
 A relaxing in attitude of users to real virus warnings

55
 3. Back Doors - Attack Descriptions

• A backdoor is a method, often secret, of bypassing normal authentication or encryption in

a computer system, a product, or an embedded device or its embodiment, e.g. as part of
a cryptosystem, an algorithm, a chipset.
• Backdoors are often used for securing remote access to a computer, or obtaining access
to plaintext in cryptographic systems.
• A backdoor may take the form of a hidden part of a program one uses, a separate program
(e.g. Back Orifice may subvert the system through a rootkit), or code in the firmware of ones
hardware or parts of ones operating system.
• A backdoor virus is a program that enters a computer system without being detected, and
runs in the background to open ports.
• Although normally surreptitiously installed, in some cases backdoors are deliberate and
widely known.
• These kinds of backdoors might have "legitimate" uses such as providing the manufacturer
with a way to restore user passwords.

Slide 56
Types of backdoors

• Backdoor is: A security vulnerability

That can be used to bypass security policies and mechanisms in a system .

• Two main types of backdoors:

1. Conventional (hidden parameters, redundant interfaces, etc.)
2. Unconventional

Considering relative risk, exposure and damage – the unconventional backdoors are more
dangerous

57
Common backdoors

1.Administration and Management Interfaces Exposed

2.Redundant interfaces/functions/features
3.Hidden parameters
4.Redundant users
5.Authentication and Authorization between application components – Unconventional
6.Old Users in Systems

58
4. Password Crack

• In cryptanalysis and computer security, password cracking is the process of

recovering passwords from data that have been stored in or transmitted by a computer
system.
• The time to crack a password is related to bit strength (see password strength), which is a
measure of the password's entropy, and the details of how the password is stored.
• Most methods of password cracking require the computer to produce many candidate
passwords, each of which is checked.

• Three commonly used methods are

1. Brute force attack
2. Dictionary Method
3. Using Rainbow tables

59
1. Brute Force

• Brute force password attacks are a last resort to cracking a password as they are the least
efficient.
• In the most simple terms, brute force means to systematically try all the combinations for
a password.
• This method is quite efficient for short passwords, but would start to become infeasible to
try, even on modern hardware, with a password of 7 characters or larger.
• Assuming only alphabetical characters, all in capitals or all in lower-case, it would take
267 (8,031,810,176) guesses.
• This also assumes that the cracker knows the length of the password. Other factors include
number, case-sensitivity, and other symbols on the keyboard.
• The complexity of the password depends upon the creativity of the user and the
complexity of the program that is using the password.
• The upside to the brute force attack is that it will ALWAYS find the password, no matter it's
complexity. The downside is whether or not you will still be alive when it finally guesses it.
• Example of program that use brute force attacks: John the Ripper.

60
6. Dictionary

• Dictionary Attacks are a method of using a program to try a list of words on the interface or
program that is protecting the area that you want to gain access to.
• The most simple password crackers using dictionary attacks use a list of common single
words, ie., a "dictionary".
• More advanced programs often use a dictionary on top of mixing in numbers or common
symbols at the beginning or end of the guessed words.
• Some can even be given a set of personal information or a profile of the user and pick out
important words to guess, even if they are not proper words, such as pronouns like last
names and names of relatives.
• A weakness of dictionary attacks is that it obviously relies on words supplied by a user,
typically real words, to function.
• If the password is misspelled, is in another language, or very simply uses a word that is not
in the dictionary or profile, it cannot succeed. Most of the time, even using two words in
one password can thwart a dictionary attack.
• Examples of programs that use dictionary attacks: John the Ripper, L0phtCrack, and Cain
And Abel.

61
• Rainbow tables are a type of pre-computed password attack.
• The previous two attacks, Dictionary and Brute-Force, enter a password into the locked
program, the program then hashes the entry and compares the hash to the correct
password hash.
• Rainbow tables compute hashes for each word in a dictionary, store all of the hashes into a
hash table, retrieve the hash of the password to be cracked, and do a comparison between
each password hash and the real password hash.
• This method assumes that you can retrieve the hash of the password to be guessed and
that the hashing algorithm is the same between the rainbow table and the password.
• Rainbow tables have only become an efficient technique recently, as the hard drive space
needed to store the hashes was slightly cumbersome until memory became cheaper

62
• To give you an idea of how large a rainbow table can be:

• Character Set Length Table Size

• ABCDEFGHIJKLMNOPQRSTUVWXYZ 14 0.6GB
• ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 14 3GB
• ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= 14 24GB
• ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ 14 64
GB

Examples of programs that use rainbow tables: OphCrack, Oracle, and RainbowCrack

63
• To give an idea of the speed of modern password crackers, brute-force mode, takes:

• 10 seconds to calculate all 5 ascii character combinations (265)

• 5 minutes to calculate all 6 ascii character combinations (266)
• 2 hours to calculate all 7 ascii character combinations (267)
• 2,1 days to calculate all 8 ascii character combinations (268)
• 57 days to calculate all 9 ascii character combinations (269)
• 4 years to calculate all 10 ascii character combinations (2610)

64
 7. Denial-of-service (DoS)

• DOS is an attack used to deny legitimate users access to a resource such as accessing a website, network, emails,
etc. or making it extremely slow.
• DoS is the acronym for Denial of Service.
• This type of attack is usually implemented by hitting the target resource such as a web server with too many
requests at the same time.
• This results in the server failing to respond to all the requests.
• The effect of this can either be crashing the servers or slowing them down.
• Cutting off some business from the internet can lead to significant loss of business or money.
• The internet and computer networks power a lot of businesses.
• Some organizations such as payment gateways, e-commerce sites entirely depend on the internet to do business.

Slide 65
Types of Dos Attacks

• There are two types of Dos attacks namely;

• DoS– this type of attack is performed by a single host
• Distributed DoS– this type of attack is performed by a number of compromised machines
that all target the same victim. It floods the network with data packets.

66
DDOS attack

67
Slide 68
 Five common types of DOS attacks
• Ping of Death - Attacker creates an ICMP packet that is larger than the maximum allowed 65,535
bytes. The large packet is fragmented into smaller packets and reassembled at its destination.
• Smurf - A large numbers of Internet Control Message Protocol (ICMP) packets with the intended
victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.
Most devices on a network will, by default, respond to this by sending a reply to the source IP
address.
• Buffer Overflow - Application error occurs when more data is sent to a buffer than it can
handle
• Teardrop - Involves sending fragmented packets to a target machine.
Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP
fragmentation reassembly, the packets overlap one another, crashing the target network device.
• SYN attack - Attacker sends a succession of SYN requests to a target's system in an attempt to
consume enough server resources to make the system unresponsive to legitimate traffic.

69
Symptoms of DoS

• Unusually slow network performance.

• Unavailability of a particular web site.
• Inability to access any web site.
• Dramatic increase in the number of spam emails received.
• Long term denial of access to the web or any internet services.
• Unavailability of a particular website.

70
Spoofing

• A spoofing attack is a situation in which one person or program successfully masquerades

as another by falsifying data, thereby gaining an illegitimate advantage.
• A spoofing attack is when an attacker or malicious program successfully acts on another
person’s (or program’s) behalf by impersonating data.
• Some common types of spoofing attacks include
1. DNS server spoofing – Modifies a DNS server in order to redirect a domain name
to a different IP address. It's typically used to spread viruses.
2. ARP spoofing – Links a perpetrator’s MAC address to a legitimate IP address
through spoofed ARP messages. It's typically used in denial of service (DoS) and man-
in-the- middle assaults.
3. IP address spoofing – Disguises an attacker’s origin IP. It's typically used in DoS
assaults.

• These types of spoofing attacks are typically used to attack networks, spread malware and
to access confidential information and data.

71
Example

72
Slide 73
 Man-in-the-Middle Attack

• MITM is one in which the attacker secretly intercepts and relays messages between two
parties who believe they are communicating directly with each other.
• A man-in-the-middle attack allows a malicious actor to intercept, send and receive data
meant for someone else, or not meant to be sent at all, without either outside party knowing
until it is too late.
• The goal of an attack is to steal personal information, such as login credentials, account details
and credit card numbers.
• Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and
other websites where logging in is required.
• Information obtained during an attack could be used for many purposes, including identity
theft, unapproved fund transfers or an illicit password change.

Slide 74
Example

75
Slide 76
 11. Sniffers

• A sniffer is an application or device that can read, monitor, and capture network data exchanges and
read network packets.
• If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.
• Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the
attacker does not have access to the key.
• Using a sniffer, an attacker can do any of the following:
1. Analyze your network and gain information to eventually cause your network to crash or to become
corrupted.
2. Read your communications.

Slide 77
12.Social Engineering

• Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions.
• It uses psychological manipulation to trick users into making security mistakes or giving
away sensitive information.
• Social engineering attacks happen in one or more steps.
• A perpetrator first investigates the intended victim to gather necessary background
information, such as potential points of entry and weak security protocols, needed to
proceed with the attack.
• Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent
actions that break security practices, such as revealing sensitive information or granting
access to critical resources.
• What makes social engineering especially dangerous is that it relies on human error, rather
than vulnerabilities in software and operating systems.
• Mistakes made by legitimate users are much less predictable, making them harder to
identify and thwart than a malware-based intrusion.

78
79
Social engineering attack techniques

• Social engineering attacks come in many different forms and can be performed anywhere
where human interaction is involved.
• The following are the most common forms of digital social engineering assaults.
1. Baiting
• As its name implies, baiting attacks use a false promise to pique a victim’s greed or
curiosity.
• They lure users into a trap that steals their personal information or inflicts their systems
with malware. Eg: The most reviled form of baiting uses physical media to disperse
malware.
2. Phishing
• As one of the most popular social engineering attack types, phishing scams are email and
text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims.
• It then prods them into revealing sensitive information, clicking on links to malicious
websites, or opening attachments that contain malware.

80
 3. Spear phishing
• This is a more targeted version of the phishing scam whereby an attacker chooses specific
individuals or enterprises.
• They then tailor their messages based on characteristics, job positions, and contacts
belonging to their victims to make their attack less conspicuous.
• Spear phishing requires much more effort on behalf of the perpetrator and may take
weeks and months to pull off.
• They’re much harder to detect and have better success rates if done skillfully.

81
Timing Attack

• relatively new
• works by exploring the contents of a web browser’s cache
• can allow collection of information on access to password-protected sites
• another attack by the same name involves attempting to intercept cryptographic elements to
determine keys and encryption algorithms

Slide 82