Nothing Special   »   [go: up one dir, main page]
Scribd Logo
Upload

Welcome to Scribd!

  • 25 views

    (Notes) 02 02 Modern Network Security Threats - Evolution of Network Security

    Uploaded by

    Erica Mae Vidal
    The document discusses how the sophistication of attacker tools has increased over time relative to the technical knowledge required of attackers. In 1985, technical knowledge was more important, but by 2010 tools existed that allowed even less knowledgeable attackers to carry out sophisticated attacks. Key factors driving this trend include increased internet availability and vulnerabilities in software. Early examples that demonstrated this shift included the Morris Worm in 1988 and the Code Red worm in 2001. Both exploited known vulnerabilities to self-propagate and impacted many systems. The incidents highlighted the need for organizations to quickly patch systems.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    (Notes) 02 02 Modern Network Security Threats - Evolution of Network Security

    Uploaded by

    Erica Mae Vidal
    25 views5 pages
    The document discusses how the sophistication of attacker tools has increased over time relative to the technical knowledge required of attackers. In 1985, technical knowledge was more important, but by 2010 tools existed that allowed even less knowledgeable attackers to carry out sophisticated attacks. Key factors driving this trend include increased internet availability and vulnerabilities in software. Early examples that demonstrated this shift included the Morris Worm in 1988 and the Code Red worm in 2001. Both exploited known vulnerabilities to self-propagate and impacted many systems. The incidents highlighted the need for organizations to quickly patch systems.

    Original Description:

    Original Title

    [notes] 02 02 Modern Network Security Threats - Evolution of Network Security

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses how the sophistication of attacker tools has increased over time relative to the technical knowledge required of attackers. In 1985, technical knowledge was more important, but by 2010 tools existed that allowed even less knowledgeable attackers to carry out sophisticated attacks. Key factors driving this trend include increased internet availability and vulnerabilities in software. Early examples that demonstrated this shift included the Morris Worm in 1988 and the Code Red worm in 2001. Both exploited known vulnerabilities to self-propagate and impacted many systems. The incidents highlighted the need for organizations to quickly patch systems.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    25 views5 pages

    (Notes) 02 02 Modern Network Security Threats - Evolution of Network Security

    Uploaded by

    Erica Mae Vidal
    The document discusses how the sophistication of attacker tools has increased over time relative to the technical knowledge required of attackers. In 1985, technical knowledge was more important, but by 2010 tools existed that allowed even less knowledgeable attackers to carry out sophisticated attacks. Key factors driving this trend include increased internet availability and vulnerabilities in software. Early examples that demonstrated this shift included the Morris Worm in 1988 and the Code Red worm in 2001. Both exploited known vulnerabilities to self-propagate and impacted many systems. The incidents highlighted the need for organizations to quickly patch systems.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 5

    Sophistication of Tools vs Technical Knowledge

    1985 – by year 1985 the sophistication of attacker tools is lower it's more on the technical knowledge of
    the intruders

    2010 up to now – The knowledge or the level of knowledge required by intruders is getting
    steadily lowered yet their ability to perpetrate sophisticated attacks against the survivability of
    the system has increased
    We have the sophistication of attacker tools much higher compared to the technical knowledge
    an intruder must possess
    Intruders or hackers nowadays more relies on the sophistication of attacker tools than the
    technical knowledge but if you have the technical knowledge to get ins into the system then you
    are a great hacker
    Contributing factors that drives this sophistication of attacker tools higher compared to technical
    knowledge

     The explosion of computer and the internet availability


     Increased and broadband availability in residential areas
     Low priority of security for software developers
     Difficulty patching vulnerabilities on all systems
     The use of the graphical user interface or gui that exploit known software vulnerabilities
     Availability of malware or the malicious software authoring and editing tools
     Introduction of tools that attempt to exploit multiple vulnerabilities
    Morris Worm

     The Morris worm or Internet worm was the first


    computer worm distributed via the Internet.
     It was written by a student at Cornell University,
    Robert Tappan Morris, and launched on November
    2, 1988 from MIT.
     It is considered the first worm and was certainly the
    first to gain significant mainstream media attention.
    o It also resulted in the first conviction in the
    US under the 1986 Computer Fraud and
    Abuse Act.
    Morris Worm

     According to Morris, the worm was not written to cause damage, but to gauge the size of
    the Internet.
    o But the worm was released from MIT, not Cornell where Morris was a student.
     The Morris worm worked by exploiting known vulnerabilities in Unix send mail, Finger,
    rsh/rexec and weak passwords.
     It is usually reported that around 6,000 major Unix machines were infected by the Morris
    worm.
    o The cost of the damage was estimated at $10M-100M.

    Good Thing

     The Morris worm prompted DARPA to fund the establishment of the CERT/CC at
    Carnegie Mellon University to give experts a central point for coordinating responses to
    network emergencies.
     Robert Morris was tried and convicted of violating the 1986 Computer Fraud and Abuse
    Act.
    o After appeals he was sentenced to three-year probation, 400 hours of community
    service, and a fine of $10,000.
    What is "Code Red"?
    The Code Red worm was a DoS attack and was released on July 19, 2001 and attacked web
    servers globally, infecting over 350,000 hosts and in turn affected millions of users.

    What is “Code Red"?


    Code Red:

     Defaced web pages.


     Disrupted access to the infected servers and local networks hosting the servers,
    making them very slow or unusable.
    Network professionals responded slowly to system patches which only exacerbated the
    problem.
    What did I do?
    The "Code Red" worm attempted to connect to TCP port 80 on a randomly chosen host
    assuming that a web server will be found.
    Upon a successful connection to port 80, the attacking host sends a crafted HTTP GET
    request to the victim, attempting to exploit a buffer overflow in the Indexing Service.
    The same exploit (HTTP GET request) is sent to other randomly chosen hosts due to the self-
    propagating nature of the worm.
    However, depending on the configuration of the host which receives this request, there
    are varied consequences.
    If the exploit was successful, the worm began executing on the victim host.
    In the earlier variant of the worm, victim hosts experienced the following defacement on all
    pages requested from the server:
    Actual worm activity on a compromised machine was time sensitive and different activity
    occurred based on the date of the system clock:

     Day 1 - 19: The infected host will attempt to connect to TCP port 80 of randomly chosen
    IP addresses in order to further propagate the worm.
     Day 20 - 27: A packet-flooding denial of service attack will be launched against a
    particular fixed IP address.
     Day 28 - end of the month: The worm "sleeps"; no active connections or denial of
    service.
    Has it stopped?
    Although the worm resides entirely in memory, a reboot of the machine will purge it from the
    system.
    However, patching the system for the underlying vulnerability remains imperative since
    the likelihood of re-infection is quite high due to the rapid propagation of the worm.
    Network security professionals must develop and implement a security policy which includes a
    process to continually keep tabs on security advisories and patches.
    That is why we are encouraged to update the software that we have.
    Code Red - A good thing?
    It was a wakeup call for network administrators.
    It made it very apparent that network security administrators must patch their systems
    regularly.
    If security patches had been applied in a timely manner, the Code Red worm would only merit a
    footnote in network security history.
    CERT Code Red (Computer Emergency Response Team)
    Alternative: Computer Emergency Readiness Team || Computer Security Incident Response
    http://www.cert.org/advisories/CA-2001-19.html
    This is an expert group that handles computer security incidents
    Has been designated to serve as the national agency to perform the following functions in the
    area of cyber security

     Collection analysis and dissemination of information on cyber incidents


     Forecasts and alerts of cyber security incidents
     Emergency measure for handling cyber security incidents
    NEW THREATS

     Every day a lot of intruders develop an application that will hamper the operation of the
    organization
     They develop something that would totally stop okay so the operation of the victim. It
    could either be via email it could either be via any platform available wherein the new
    threats can be sent and would cause damage to the organization.

    You might also like