Assignment One
• Due right NOW.
• Place your assignment on the table at the front of the room
AdminTrivia
• First Exam will be on September 27• Exam will be Open Notes• No electronic devices permitted
– Cell phones off– Computers in their cases– PDA’s off and in their cases– Anything else that can contain data or
communicate off and out of reach
Spyware and Adware
Basic Attack Types
Spyware
• Spyware can be considered a kind of Trojan horse software.
• Spyware software is distinguished by having a surveillance function.
Basic Attack Types
Spyware
• Various kinds of spyware may– Install a keylogger, which records users’
keystrokes, and can be used to get passwords.
– Turn on webcams or microphones.– Record the web sites a user visits.
Basic Attack Types
Adware• A variation on spyware, called adware, is typically
installed with a user’s permission, usually as part of a legitimate software installation.
• The adware spyware is installed in addition to the desired software.
• Often the user authorizes this as part of the licensing agreement for the desired software.
Basic Attack Types
Adware
• Adware may reconfigure a user’s computer and web browser to display extra, unwanted advertisements.
• Like spyware, it may collect and report various data.
Module Twelve
Modern Attack Types
Modern Attack Types
Combination Attacks
• In reality, viruses, Trojan horses, spyware, etc. are not distinct from one another.
• For example, spyware may also– Introduce a backdoor into a user’s
computer so the attacker can access it ,or– Recruit the computer for a zombie network.
Modern Attack Types
Blended Threats
• Similarly, modern attacks often use the basic attacks we have described as building blocks.
• These building blocks are simple pieces the attackers combine to make more complex malware.
Modern Attack Types
Blended Threats
• These combined, complex, multi-pronged attacks are known as blended threats.– They have several different ways of taking
over a computer.– Once in control, they have several different
illicit activities.
A modern blended Threat
The W32.Spybot.KEG worm
Modern Attack Types
Blended Threats
• An example of a blended threat is the worm known as W32.Spybot.KEG.
• It combines several of the attack characteristics we have described.
Modern Attack Types
Blended Threats
• W32.Spybot.KEG has several ways of attacking a computer:– It has a list of 129 common passwords that it uses
to attempt to access computers.– For example:
• “123”, • “access”, • “changeme”, • “password”, • “qwerty”
Modern Attack Types
Blended Threats
• W32.Spybot.KEG has several ways of attacking a computer:– It checks for backdoor entry methods left
by other, earlier attacks (e.g. Beagle, Sasser).
Modern Attack Types
Blended Threats
• W32.Spybot.KEG has several ways of attacking a computer:– It checks to see if a computer can be
attacked using about a half dozen different buffer overflow vulnerabilities.
Modern Attack Types
Blended Threats
• Once W32.Spybot.KEG has control over a computer, it– Copies itself onto the compromised
computer,– Attempts to attack other computers, and– Creates a back door channel for
commands, turning the computer into part of a zombie network.
Modern Attack Types
Blended Threats
• The W32.Spybot.KEG zombie network computers can then receive commands to do (among other things)– Log keystrokes at the computer,– Eavesdrop on the local network,– Start a web or file server,– Capture screenshots and webcam images,– Launch Denial of Service Attacks.
Modern Attack Types
Blended Threats• The W32.Spybot.KEG worm is typical of
modern attacks.• It shows show complex modern attacks are.• And how flexible -
– It has multiple ways to take over a computer, and– Once in control, has a wide variety of illicit
activities it can do.
Attack Kits
Modern Attack Types
Attack Kits
• An important goal of legitimate software developers is to make it easier to write useful, bug-free computer code.
Modern Attack Types
Attack Kits
• This is also true in the world of attack software, where “kits” are available where non-experts can piece together custom made attack programs.
Modern Attack Types
Attack Kits
• This is an important development.• It allows amateur attackers (script
kiddies) to mount attacks that they could not if they had to write the code themselves.
• This increases the number of attacks enormously.
Unit Two
Operating Systems
Operating Systems
Unit OutlineModule 1: Operating System BasicsModule 2: Attacking Operating Systems: ImpersonationModule 3: Attacking Operating Systems: Exploits
Module One
Operating System Basics
Operating System Basics
Introduction
• A Computer’s Operating System typically does two major things.
1. It controls access to the various resources of the computer, and
2. It provides an interface - a way for the user to communicate with the computer.
Operating System Basics
Introduction
• From a computer security perspective, we are mostly interested in the first part:
1. It controls access to the various resources of the computer.
2. It provides an interface - a way for the user to communicate with the computer.
Operating System Basics
Resources
• The operating system is the computer program responsible for making the various parts of the computer available and useful to the user.
Operating System Basics
Resources
• For example, the magnetic data on a disk drive is available to the user as directories and files.
Operating System Basics
File Systems
• The way the computer organizes the – disks, CDs, and other storage media
as – files and folders
is known as the computer’s file system.
Operating System Basics
File Systems
• The – design and – maintenance
of a file system is one of the operating system’s primary responsibilities.
Operating System Basics
Access
• In addition to presenting data as files and folders, the operating system is responsible for controlling access to the parts of the file system.
Operating System Basics
Access
• For instance, computers can have multiple users, and the computer has to ensure that users only access files, folders, etc. to which they have legitimate rights.
Operating System Basics
Access Control
• Here we begin to see how operating systems relate to security.
Operating System Basics
Access Control
• An operating system is responsible for ensuring that– A user cannot read or write files belonging
to another user who wishes to keep them private.
– A user cannot access sensitive files used to administer the computer, e.g. a file containing all the users’ password information.
Operating System Basics
Controlling Access• Operating systems security can be thought of as
simultaneously – Sharing, and – protecting
the resources of the computers, such as:– Memory,– Input/Output devices,– Printers,– Programs,– Data, and– Networks.
Operating System Basics
Privileges and Permissions
• Controlling access to resources is done using the concepts of – Privileges, and – Permissions.
Operating System Basics
Privileges and Permissions
• Files, directories, and other resources on a computer have permissions associated with them.
• These permissions determine what privileges the various users on a computer have to read, write or otherwise access those resources.
Operating System Basics
Privileges and Permissions
• For example, – User A can set the permissions on most of
her files and directories so that only she can read or write them.
Operating System Basics
Privileges and Permissions
• For example, – However, she may set up a directory,
perhaps called Public, with permissions allowing anyone to read its contents.
Operating System Basics
Privileges and Permissions
• For example, – She might also set up a directory, called
Dropbox, where others can put copies of files.
Operating System Basics
Privileges and Permissions
• The idea is that she can control the access others have over her files and folders.
Operating System Basics
Privileges and Permissions• The operating system enforces these
permission and privileges.• Whenever a user requests access to a file or
directory, that request goes through the operating system, which checks to see if the user has permission to access that file before it is granted.
Operating System Basics
Administrative Users• Most operating systems recognize a
distinction between the privileges of ordinary users, and one or more users that are allowed to administer the computer.
• This prevents ordinary users from accessing critical system functions– Prevents accidentally damaging the system– Limits the damage done if an ordinary users
account is compromised
Operating System Basics
Administrative Users• These administrative users, known as
– Superusers, – Admins, or – Root
have complete control over the machine.– Read and Modify any users files– Control any system resource– Create and destroy file systems on disks– Control network access to the machine
Administrative Users
• Very attractive to hackers to become the Administrative User on a machine
• Most modern operating systems have ways of distributing administrative functions over other uses– Called roles– Often, “root” or “admin” logins disallowed
Attacking Operating Systems: Impersonation
Authentication
• In order to have accounts for individual users, there must be methods to ensure that only the authorized people can use the accounts.
• The methods to do this are known as authentication.
• This is especially important for administrator accounts.
Attacking Operating Systems: Impersonation
Passwords• There are many different ways of
authenticating users.• The most common method is user IDs and
passwords.• A user ID is the identifier for the user
(typically a variation on their name or role).• A password is some sequence of characters
(e.g. a word or phrase, a word-like nonsense sequence, a random sequence of keyboard characters).
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Don’t change passwords given them to start an account, or those provided with a new computer or software package
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Choose passwords that are easy to guess (c.f. the list of passwords used by the W32.Spybot.KEG worm)
Attacking Operating Systems: Impersonation
Password Problems• An Internet search can easily find lists of common passwords.• One such list is at
http://geodsoft.com/howto/password/common.htm
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Share them with others
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Leave them written down in insecure locations
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Use the same passwords for multiple accounts or uses
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Are willing to give them to people impersonating system administrators.
Attacking Operating Systems: Impersonation
Password Problems
• Because of these types of problems, passwords are an imperfect method of authentication.
Attacking Operating Systems: Impersonation
Password Problems• In addition there are other problems with
password authentication:– Eavesdropping or wiretapping to find passwords.
Attacking Operating Systems: Impersonation
Password Problems• In addition there are other problems with
password authentication:– Guest or anonymous accounts on computers with
no password or easy to guess passwords.
Cracking Passwords
Attacking Operating Systems: Impersonation
Cracking Passwords
• There is a series of programs, L0phtcrack, that attempt to find all of the passwords on a computer system.
• How L0phtcrack and similar programs work shows how weak passwords can be exploited.
Attacking Operating Systems: Impersonation
Storing Passwords
• In general, computers do not store the actual user passwords on the computer.
Attacking Operating Systems: Impersonation
Storing Passwords
• Instead, they are encoded.• The encoded versions are stored on the
computer.– The encoded version are called one-way
hashes.
Attacking Operating Systems: Impersonation
Storing Passwords
• When a user types a password, it is – Encoded, and – Compared to the stored version.
• If the new and stored hashes match, the user is allowed access to the computer.
A Successful Password Match
A Failed Password Match
Attacking Operating Systems: Impersonation
Attacking Passwords
• This method is more secure than storing a list of actual passwords on the computer.
Attacking Operating Systems: Impersonation
Attacking Passwords
• However, if an attacker can read the list of hashes, they can often use them to find the original passwords.
Attacking Operating Systems: Impersonation
Attacking Passwords
• Modern computers are fast enough that attackers can try a brute force approach.
• A brute force approach consists of trying all possible passwords.– More or less.
Attacking Operating Systems: Impersonation
Brute Force
• The brute force approach is very simple.• For each guess at a password,
generate its hash.– If it matches the stored hash, the attacker
now knows that password.– If it does not match, try the next guess.
Module Two
Attacking Operating Systems: Impersonation
Attacking Operating Systems: Impersonation
Introduction
• One of the goals of attackers is to gain administrative access to computers.
• This allows them to access all of the files and other resources on those systems.
• This access gives them almost absolute control of a computer and any information on it.
Attacking Operating Systems: Impersonation
Ways of Attack
• There are two primary ways for an attacker to get administrative access to a computer– Impersonation,– Exploit weaknesses in the operating
system.
Attacking Operating Systems: Impersonation
Passwords• Passwords are a common authentication
method because– It is low-cost
• The software to compare passwords is well-known and easy to implement.
• Users can change their own passwords, minimizing overhead.
– It is relatively convenient• Users can memorize their passwords, or keep a copy in
a secured location.• There is no extra hardware used in authentication.
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Don’t change passwords given them to start an account, or those provided with a new computer or software package
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Choose passwords that are easy to guess (c.f. the list of passwords used by the W32.Spybot.KEG worm)
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Share them with others
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Leave them written down in insecure locations
Attacking Operating Systems: Impersonation
Password Problems• However, passwords are often an insecure method of
authentication.• For example, users often
– Use the same passwords for multiple accounts or uses