Transcript Presentation

Secure
Communication and
Intrusion Detection
James Hidahl, Josh
McCandless, Kyle Ray
Focused Topics
 Secure Communications
 Intrusion Detection
 Methods Used by Intruders
Secure Communications
 What is security?
 Access Codes
 Strong Passwords
 S/Key
 Challenge Response
 Smart Cards
What is Security?
Security in the computer
industry, refers to
technique for ensuring that
data stored in a computer
cannot be read or
compromised by any
individuals without
authorization.
Access Codes
Access code is just another
word used to describe a
password. Passwords are a
secret series of characters
that enables a user to
access a computer, certain
files, and programs.
Strong Passwords
A strong password that is
difficult to detect by both
humans and computer
programs, protecting data
from unauthorized access.
Usually a combination of
both numbers and letters,
exceeding 6 characters.
S/ Key
Developed by Bellecore,
S/Key is used to eliminate
the need for the same
password to be processed
over a network each time a
password is needed for
access. It is also a wellknown challenge response
password scheme.
Challenge Response
A commonly used technique that
prompts the user to provide private
information. Most security systems
that rely on smart cards are based
on challenge-response. A user is
given a code which he or she enters
into the smart card. The smart card
then displays a new code that the
user can present to log in.
Smart Cards
A small electronic device
about the size of a credit
card that contains electronic
memory, and possibly an
embedded integrated circuit
(IC). Smart cards
containing an IC are
sometimes called
Integrated Circuit
Cards(ICC’s)
Intrusion Detection
 Firewalls
 Virus Scanners
 Intrusion Detectors
Firewalls
System designed to
prevent unauthorized
access to or from a private
network or single computer
Virus Scanners
 You should know what that
means. Basically scans your
computer for known viruses.
The effectiveness depends
on the database. Here are
examples.
 Norton
 Housecall
 AVG
Intrusion Detectors
An intrusion detection system (IDS) inspects all
inbound and outbound network activity and
identifies suspicious patterns that may indicate a
network or system attack from someone
attempting to break into or compromise a
system.
There are several ways to categorize an IDS:
Misuse Detection vs.
Anomaly Detection
 In misuse detection, the IDS analyzes the
information it gathers and compares it to
large databases of attack signatures.
Essentially, the IDS looks for a specific attack
that has already been documented. Like a
virus detection system, misuse detection
software is only as good as the database of
attack signatures that it uses to compare
packets against. In anomaly detection, the
system administrator defines the baseline, or
normal, state of the network’s traffic load,
breakdown, protocol, and typical packet size.
The anomaly detector monitors network
segments to compare their state to the
normal baseline and look for anomalies.
Network-Based vs. HostBased Systems
 in a network-based system, or
NIDS, the individual packets
flowing through a network are
analyzed. The NIDS can detect
malicious packets that are
designed to be overlooked by a
firewall’s simplistic filtering rules.
In a host-based system, the IDS
examines at the activity on each
individual computer or host.
Passive System vs. Reactive
System
 In a passive system, the IDS
detects a potential security
breach, logs the information and
signals an alert. In a reactive
system, the IDS responds to the
suspicious activity by logging off
a user or by reprogramming the
firewall to block network traffic
from the suspected malicious
source.
 Though they both relate to
network security, an IDS differs
from a firewall in that a firewall
looks out for intrusions in order
to stop them from happening.
The firewall limits the access
between networks in order to
prevent intrusion and does not
signal an attack from inside the
network. An IDS evaluates a
suspected intrusion once it has
taken place and signals an
alarm. An IDS also watches for
attacks that originate from
within a system.
Intrusion Methods
 Hacker vs. Cracker
 Backdoor
 Port Scanning
 Sniffer
 Smurf
Hacker vs. Cracker
 Hacker- A slang term for a computer
enthusiast, i.e., a person who enjoys learning
programming languages and computer
systems and can often be considered an
expert on the subject(s). Among professional
programmers, depending on how it used, the
term can be either complimentary or
derogatory, although it is developing an
increasingly derogatory connotation. The
pejorative sense of hacker is becoming more
prominent largely because the popular press
has co opted the term to refer to individuals
who gain unauthorized access to computer
systems for the purpose of stealing and
corrupting data. Hackers, themselves,
maintain that the proper term for such
individuals is cracker.
Hacker vs. Cracker (cont)
 Crack- (1) To break into a computer system. The
term was coined in the mid-80s by hackers who
wanted to differentiate themselves from individuals
whose sole purpose is to sneak through security
systems. Whereas crackers sole aim is to break
into secure systems, hackers are more interested
in gaining knowledge about computer systems and
possibly using this knowledge for playful pranks.
Although hackers still argue that there's a big
difference between what they do and what
crackers do, the mass media has failed to
understand the distinction, so the two terms -hack and crack -- are often used interchangeably.
 (2) To copy commercial software illegally by
breaking (cracking) the various copy-protection
and registration techniques being used.
Backdoor
 Also called a trapdoor. An
undocumented way of gaining
access to a program, online
service or an entire computer
system. The backdoor is written
by the programmer who creates
the code for the program. It is
often only known by the
programmer. A backdoor is a
potential security risk.
Port Scanning
 The act of systematically scanning a
computer's ports. Since a port is a
place where information goes into and
out of a computer, port scanning
identifies open doors to a computer.
Port scanning has legitimate uses in
managing networks, but port scanning
also can be malicious in nature if
someone is looking for a weakened
access point to break into your
computer.
Port Scanning (cont)
 Types of port scans:







vanilla: the scanner attempts to connect to all
65,535 ports
strobe: a more focused scan looking only for
known services to exploit
fragmented packets: the scanner sends packet
fragments that get through simple packet filters in
a firewall
UDP: the scanner looks for open UDP ports
sweep: the scanner connects to the same port on
more than one machine
FTP bounce: the scanner goes through an FTP
server in order to disguise the source of the scan
stealth scan: the scanner blocks the scanned
computer from recording the port scan activities.
Sniffer
 A program and/or device that monitors data
traveling over a network. Sniffers can be used
both for legitimate network management
functions and for stealing information off a
network. Unauthorized sniffers can be
extremely dangerous to a network's security
because they are virtually impossible to
detect and can be inserted almost anywhere.
This makes them a favorite weapon in the
hacker's arsenal.
 On TCP/IP networks, where they sniff
packets, they're often called packet sniffers.
Smurfing

A type of network security breach in which a network
connected to the Internet is swamped with replies to
ICMP echo (PING) requests. A smurf attacker sends PING
requests to an Internet broadcast address. These are
special addresses that broadcast all received messages to
the hosts connected to the subnet. Each broadcast
address can support up to 255 hosts, so a single PING
request can be multiplied 255 times. The return address
of the request itself is spoofed to be the address of the
attacker's victim. All the hosts receiving the PING request
reply to this victim's address instead of the real sender's
address. A single attacker sending hundreds or thousands
of these PING messages per second can fill the victim's
T-1 (or even T-3) line with ping replies, bring the entire
Internet service to its knees.

Smurfing falls under the general category of Denial of
Service attacks -- security attacks that don't try to steal
information, but instead attempt to disable a computer or
network.
The End