SlideShare ist ein Scribd-Unternehmen logo
1 von 36
Chapter 7
Intruders
Key Points
• Unauthorized intrusion into a computer system or network
is one of the most serious threats to computer security.
• Intrusion detection systems have been developed to provide
early warning of an intrusion so that defensive action can
be taken to prevent or minimize damage.
• Intrusion detection involves detecting unusual patterns of
activity or patterns of activity that are known to correlate
with intrusions.
• One important element of intrusion prevention is password
management, with the goal of preventing unauthorized
users from having access to the passwords of others.
Intruders
• Three classes of intruders:

Masquerader

• An individual who is not authorized to use the
computer and who penetrates a system’s access
controls to exploit a legitimate user’s account

Misfeasor

• A legitimate user who accesses data, programs, or
resources for which such access is not authorized, or
who is authorized for such access but misuses his or
her privileges

Clandestine
user

• An individual who seizes supervisory control of the
system and uses this control to evade auditing and
access controls or to suppress audit collection
Examples of Intrusion
• Performing a remote root
compromise of an e-mail server
• Defacing a Web server
• Guessing and cracking passwords
• Copying a database containing
credit card numbers
• Viewing sensitive data, including
payroll records and medical
information, without
authorization

• Running a packet sniffer on a
workstation to capture usernames
and passwords

• Using a permission error on an
anonymous FTP server to distribute
pirated software and music files
• Dialing into an unsecured modem
and gaining internal network access
• Posing as an executive, calling the
help desk, resetting the executive’s email password, and learning the new
password
• Using an unattended, logged-in
workstation without permission
Hackers
• Traditionally, those who hack into computers do so for the thrill
of it or for status
• Intrusion detection systems (IDSs) and intrusion prevention
systems (IPSs) are designed to counter hacker threats
• In addition to using such systems, organizations can consider
restricting remote logons to specific IP addresses and/or use virtual
private network technology

• CERTs
• Computer emergency response teams
• These cooperative ventures collect information about system
vulnerabilities and disseminate it to systems managers
• Hackers also routinely read CERT reports
• It is important for system administrators to quickly insert all software
patches to discovered vulnerabilities
Criminal hackers
• Organized groups of hackers
• Usually have specific targets, or at least classes of targets in
mind
• Once a site is penetrated, the attacker acts quickly,
scooping up as much valuable information as possible and
exiting

• IDSs and IPSs can be used for these types of attackers, but
may be less effective because of the quick in-and-out nature
of the attack
Insider Attacks
• Among the most difficult to detect and prevent
• Can be motivated by revenge or simply a feeling of
entitlement
• Countermeasures:
Enforce least privilege, only allowing access to the resources employees need to do their job

Set logs to see what users access and what commands they are entering
Protect sensitive resources with strong authentication
Upon termination, delete employee’s computer and network access
Upon termination, make a mirror image of employee’s hard drive before reissuing it (used as
evidence if your company information turns up at a competitor
Intrusion Techniques
• Objective of the intruder is to gain access to a system or to
increase the range of privileges accessible on a system
• Most initial attacks use system or software vulnerabilities
that allow a user to execute code that opens a backdoor into
the system
• Ways to protect a password file:
One-way functioning
• The system stores only
the value of a function
based on the user’s
password

Access control
• Access to the password
file is limited to one or a
very few accounts
Password Guessing
1. Try default passwords used with standard accounts that are shipped
with the system. Many administrators do not bother to change these defaults.
2. Exhaustively try all short passwords (those of one to three characters).
3. Try words in the system’s online dictionary or a list of likely passwords.
Examples of the latter are readily available on hacker bulletin boards.

4. Collect information about users, such as their full names, the names of their
spouse and children, pictures in their office, and books in their office that are
related to hobbies.
5. Try users’ phone numbers, Social Security numbers, and room numbers.
6. Try all legitimate license plate numbers for this state.
7. Use a Trojan horse to bypass restrictions on access.
8. Tap the line between a remote user and the host system.
countermeasures
• Detection
• Learning of an attack, either before or after it
success.
• Prevention
• Attempts to thwart all possible attacks (a very
challenging task)
• The attacker is free to try to find the weakest link
in the defence chain and attack at that point.
Intrusion Detection
• A system’s second line of defense
• Is based on the assumption that the behavior of the intruder
differs from that of a legitimate user in ways that can be
quantified
• Considerations:
• If an intrusion is detected quickly enough, the intruder can be
identified and ejected from the system before any damage is done or
any data are compromised
• An effective intrusion detection system can serve as a deterrent, so
acting to prevent intrusions
• Intrusion detection enables the collection of information about
intrusion techniques that can be used to strengthen the intrusion
prevention facility
Intrusion Detection
• Symptoms:
• A buffer overflow has been exploited, and now
attack code is being executed inside a legitimate
program.
• Outsider gained access to a protected resource.
• A program or file has been modified.
• System is not behaving “as it should”.
Based on assumption that behavior of intruder
differs from legitimate user.
BAIT1103 Chapter 7
Approaches to
Intrusion Detection
• Statistical anomaly detection
• Involves the collection of data relating to the behavior of legitimate
users over a period of time
• Then statistical tests are applied to observed behavior to determine
whether that behavior is not legitimate user behavior
• Threshold detection
• This approach involves defining thresholds, independent of user, for the
frequency of occurrence of various events

• Profile based
• A profile of the activity of each user is developed and used to detect
changes in the behavior of individual accounts

• Rule-based detection
• Involves an attempt to define a set of rules or attack patterns that can
be used to decide that a given behavior is that of an intruder
• Often referred to as signature detection
Audit Records
• Fundamental tool for intrusion detection

Native audit
records

Detection-specific
audit records

Virtually all multiuser operating systems
include accounting software that collects
information on user activity

A collection facility can be implemented
that generates audit records containing
only that information required by the
intrusion detection system

The advantage of using this information is
that no additional collection software is
needed

One advantage of such an approach is that
it could be made vendor independent and
ported to a variety of systems

The disadvantage is that the native audit
records may not contain the needed
information or may contain it in a
convenient form

The disadvantage is the extra overhead
involved in having two accounting
packages running on a machine
Statistical Anomaly
Detection
• Threshold detection
• Involves counting the number
of occurrences of a specific
event type over an interval of
time
• If the count surpasses what is
considered a reasonable
number that one might expect
to occur, then intrusion is
assumed
• By itself is a crude and
ineffective detector of even
moderately sophisticated
attacks

• Profile-based
• Focuses on characterizing the
past behavior of individual
users or related groups of
users and then detecting
significant deviations
• A profile may consist of a set
of parameters, so that
deviation on just a single
parameter may not be
sufficient in itself to signal an
alert
Rule-Based Intrusion
Detection
• Techniques detect intrusion by observing events in the
system and applying a set of rules that lead to a decision
regarding whether a given pattern of activity is or is not
suspicious

Rule-based
Intrusion
Detection

Rule-based
anomaly
detection
Rule-based
penetration
identification
Rule-Based Intrusion
Detection
• Rule-based anomaly detection
• Is similar in terms of its approach and strengths to statistical anomaly
detection
• Historical audit records are analyzed to identify usage patterns and to
automatically generate rules that describe those patterns
• Current behavior is then observed, and each transaction is matched against
the set of rules to determine if it conforms to any historically observed
pattern of behavior
• In order for this approach to be effective, a rather large database of rules
will be needed

• Rule-based penetration identification
• Typically, the rules used in these systems are specific to the machine and
operating system
• The most fruitful approach to developing such rules is to analyze attack
tools and scripts collected on the Internet
• These rules can be supplemented with rules generated by knowledgeable
security personnel
Statistical anomaly detection vs
rule-based detection
• Statistical approaches attempt to define normal, or expected
behavior.
• Whereas rule-based approaches attempt to define proper
behavior.
• Statistical works better against masqueraders, who are
unlikely to mimic the behavior patterns of the accounts they
appropriate. However, it is not effective against misfeasors.
• Rule-based is better for misfeasors.
• In practice, both approaches are used.
Measures used for intrusion
detection
• Login frequency by day and time.
• Frequency of login at different locations.
• Time since last login.
• Password failures at login.
• Execution frequency.
• Execution denials.

• Read, write, create, delete frequency.
• Failure count for read, write, create and delete.
Distributed
Intrusion Detection
• Traditional systems focused on single-system stand-alone
facilities
• The typical organization, however, needs to defend a distributed
collection of hosts supported by a LAN or internetwork
• A more effective defense can be achieved by coordination and
cooperation among intrusion detection systems across the
network

• Major design issues:
A distributed
intrusion detection
system may need to
deal with different
audit record
formats

One or more nodes
in the network will
serve as collection
and analysis points
for the data from
the systems on the
network

Either a centralized
or decentralized
architecture can be
used
Host agent module:
An audit collection module
operating as a background
process on a monitored
system. It’s a purpose is to
collect data on securityrelated events on the host
and transmit these to the
central manager
LAN monitor agent module:
Operates in the same fashion
as a host agent module
except that is analyzes LAN
traffic and reports the results
to the central manager.
Central manager module:
Receives reports from LAN
monitor and host agents and
processes and correlates
these reports to detect
intrusion.
1. The agent captures each audit
record produced by the native
audit collection system.
2. A filter is applied that retains
only those records that are of
security interest.
3. These records are then
reformatted into standardized
format as host audit record
(HAR).
4. A template-driven logic module
analyzes the records for
suspicious activity.
5. The agent scans for notable
events that are of interest
independent of any past events.
6. The agent looks for anomalous
behavior of an individual user
based on a historical profile of
that user.
7. When suspicious activity is
detected, an alert is sent to the
central manager.
8. The central manager includes an
expert system that can draw
inferences from received data.
Honeypots
• Decoy systems that are designed to lure a potential attacker away from critical systems

Has no
production
value
Designed to:

• These systems are filled with fabricated information designed to
appear valuable but that a legitimate user of the system wouldn’t
access
• Thus, any attempt to communicate with the system is most likely
a probe, scan, or attack

• Divert an attacker from accessing critical systems
• Collect information about the attacker’s activity
• Encourage the attacker to stay on the system long enough for
administrators to respond

• Because any attack against the honeypot is made to seem successful, administrators
have time to mobilize and log and track the attacker without ever exposing productive
systems
• Recent research has focused on building entire honeypot networks that emulate an
enterprise, possible with actual or simulated traffic and data
A honeypot outside the external
firewall (location 1) is useful for
tracking attempts to connect to
unused IP addresses within the
scope of the network. A
honeypot at this location does
not increase the risk for the
internal network. The
danger of having a
compromised system behind
the firewall is avoided.

The network of externally
available services, such as
Web and mail, often
called the DMZ (demilitarized
zone), is another candidate for
locating a honeypot
(location 2). The security
administrator must assure that
the other systems in the
DMZ are secure against any
activity generated by the
honeypot.
A fully internal honeypot
(location 3)

Advantages
• It can catch internal attacks.
• It can also detect a
misconfigured firewall that
forwards impermissible
traffic from the Internet to the
internal network.
Disadvantages
• If the honeypot is
compromised so that it can
attack other internal
systems.
• Any further traffic from the
Internet to the attacker is not
blocked by the firewall
because it is regarded as
traffic to the honeypot only.
• The firewall must adjust its
filtering to allow traffic to the
honeypot, thus complicating
firewall configuration and
potentially compromising the
internal network.
Password Management
• Front line of defense against intruders
• Virtually all multiuser systems require that a user provide not
only a name or identifier (ID) but also a password
• Password serves to authenticate the ID of the individual logging
on to the system
• The ID provides security by:
• Determining whether the user is authorized to gain access to a
system
• Determining the privileges accorded to the user
• Used in discretionary access control
Attack strategies and
countermeasures
Workstation hijacking

Exploiting user mistakes

• The attacker waits until a logged-in workstation is
unattended
• The standard countermeasure is automatically
logging the workstation out after a period of
inactivity

• Attackers are frequently successful in obtaining
passwords by using social engineering tactics that
trick the user or an account manager into revealing a
password; a user may intentionally share a password
to enable a colleague to share files; users tend to
write passwords down because it is difficult to
remember them
• Countermeasures include user training, intrusion
detection, and simpler passwords combined with
another authentication mechanism

Offline dictionary attack

Specific account attack

• Determined hackers can frequently bypass access
controls and gain access to the system’s password file
• Countermeasures include controls to prevent
unauthorized access to the password file, intrusion
detection measures to identify a compromise, and
rapid reissuance of passwords should the password
file be compromised

• The attacker targets a specific account and submits
password guesses until the correct password is
discovered
• The standard countermeasure is an account lockout
mechanism, which locks out access to the account
after a number of failed login attempts
Attack strategies and
countermeasures
Electronic monitoring
• If a password is communicated across a
network to log on to a remote system, it is
vulnerable to eavesdropping
• Simple encryption will not fix this problem,
because the encrypted password is, in effect,
the password and can be observed and
reused by an adversary

Password guessing against single
user
• The attacker attempts to gain knowledge
about the account holder and system
password policies and uses that knowledge
to guess the password
• Countermeasures include training in and
enforcement of password policies that make
passwords difficult to guess

Exploiting multiple password use

Popular password attack

• Attacks can become much more effective or
damaging if different network devices share
the same or a similar password for a given
user
• Countermeasures include a policy that
forbids the same or similar password on
particular network devices

• Attack is to use a popular password and try
it against a wide range of user IDs
• Countermeasures include policies to inhibit
the selection by users of common
passwords and scanning the IP addresses of
authentication requests and client cookies
for submission patterns
A widely used password security technique
is the use of hashed passwords and a salt
value. This scheme is found on virtually all
UNIX variants as well as on a number of
other operating systems.
To load a new password into the system,
the user selects or is assigned a password.
This password is combined with a fixedlength salt value.
In older implementations, this value is
related to the time at which the password is
assigned to the user. Newer
implementations use a pseudorandom or
random number. The password and salt
serve as inputs to a hashing algorithm to
produce a fixed-length hash code.
The hash algorithm is designed to be slow
to execute to thwart attacks. The hashed
password is then stored, together with a
plaintext copy of the salt, in the password
file for the corresponding user ID. The
hashed-password method has been shown
to be secure against a variety of
cryptanalytic attacks.
Unix implementations
• Crypt(3)
•
•
•

Was designed to discourage guessing attacks
This particular implementation is now considered inadequate
Despite its known weaknesses, this UNIX scheme is still often required for
compatibility with existing account management software or in multivendor
environments

• MD5 secure hash algorithm
•
•

The recommended hash function for many UNIX systems, including Linux, Solaris,
and FreeBSD
Far slower than crypt(3)

• Bcrypt
•
•
•
•
•

Developed for OpenBSD
Probably the most secure version of the UNIX hash/salt scheme
Uses a hash function based on the Blowfish symmetric block cipher
Slow to execute
Includes a cost variable
Password selection
strategies
• The goal is to
eliminate
guessable
passwords while
allowing the
user to select a
password that is
memorable
• Four basic
techniques are
in use:

User education
•Users can be told the
importance of using hardto-guess passwords and can
be provided with guidelines
for selecting strong
passwords

Computer-generated
passwords
•Computer-generated
password schemes have a
history of poor acceptance
by users
•Users have difficulty
remembering them

Reactive password
checking

Proactive password
checking

•A strategy in which the
system periodically runs its
own password cracker to
find guessable passwords

•A user is allowed to select
his or her own password,
however, at the time of
selection, the system checks
to see if the password is
allowable and, if not, rejects
it
Password selection
strategies
• User education
• Users can be told the importance of using hard-to-guess passwords and
can be provided with guidelines for selecting strong passwords. This user
education strategy is unlikely to succeed at most installations, particularly
where there is a large user population or a lot of turnover. Many users will
simply ignore the guidelines.
• Others may not be good judges of what is a strong password. For
example, many users (mistakenly) believe that reversing a word or
capitalizing the last letter makes a password unguessable.

• Computer generated passwords
• Computer-generated passwords also have problems. If the passwords are

quite random in nature, users will not be able to remember them. Even if
the password is pronounceable, the user may have difficulty remembering
it and so be tempted to write it down. In general, computer-generated
password schemes have a history of poor acceptance by users.
Password selection
strategies
• Reactive password checking
•

A reactive password checking strategy is one in which the system periodically runs its own
password cracker to find guessable passwords. The system cancels any passwords that are
guessed and notifies the user. This tactic has a number of drawbacks. First, it is resource
intensive if the job is done right. Because a determined opponent who is able to steal a
password file can devote full CPU time to the task for hours or even days, an effective
reactive password checker is at a distinct disadvantage. Furthermore, any existing passwords
remain vulnerable until the reactive password checker finds them.

• Proactive password checking
•

•

The most promising approach to improved password security is a proactive password
checker . In this scheme, a user is allowed to select his or her own password. However, at the
time of selection, the system checks to see if the password is allowable and, if not, rejects it.
Such checkers are based on the philosophy that, with sufficient guidance from the system,
users can select memorable passwords from a fairly large password space that are not likely
to be guessed in a dictionary attack.
The trick with a proactive password checker is to strike a balance between user acceptability
and strength. If the system rejects too many passwords, users will complain that it is too
hard to select a password. If the system uses some simple algorithm to define what is
acceptable, this provides guidance to password crackers to refine their guessing technique.
In the remainder of this subsection, we look at possible approaches to proactive password
checking.
Summary
• Intruders
• Behavior patterns
• Intrusion techniques

• Intrusion detection

• Password management
• The vulnerability of
passwords
• The use of hashed
passwords

• Audit records

• User password choices

• Statistical anomaly detection

• Password selection strategies

• Rule-based intrusion
detection
• Distributed intrusion
detection
• Honeypots

Weitere ähnliche Inhalte

Was ist angesagt?

Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Convolution Neural Network (CNN)
Convolution Neural Network (CNN)Convolution Neural Network (CNN)
Convolution Neural Network (CNN)Suraj Aavula
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural networkDEEPASHRI HK
 
Presentation on supervised learning
Presentation on supervised learningPresentation on supervised learning
Presentation on supervised learningTonmoy Bhagawati
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Congestion control
Congestion controlCongestion control
Congestion controlAman Jaiswal
 
State Space Representation and Search
State Space Representation and SearchState Space Representation and Search
State Space Representation and SearchHitesh Mohapatra
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Artificial Neural Networks - ANN
Artificial Neural Networks - ANNArtificial Neural Networks - ANN
Artificial Neural Networks - ANNMohamed Talaat
 
Issues in knowledge representation
Issues in knowledge representationIssues in knowledge representation
Issues in knowledge representationSravanthi Emani
 
Reinforcement learning, Q-Learning
Reinforcement learning, Q-LearningReinforcement learning, Q-Learning
Reinforcement learning, Q-LearningKuppusamy P
 

Was ist angesagt? (20)

Max net
Max netMax net
Max net
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
User authentication
User authenticationUser authentication
User authentication
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Convolution Neural Network (CNN)
Convolution Neural Network (CNN)Convolution Neural Network (CNN)
Convolution Neural Network (CNN)
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication Service
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural network
 
Presentation on supervised learning
Presentation on supervised learningPresentation on supervised learning
Presentation on supervised learning
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Congestion control
Congestion controlCongestion control
Congestion control
 
State Space Representation and Search
State Space Representation and SearchState Space Representation and Search
State Space Representation and Search
 
Cryptography
CryptographyCryptography
Cryptography
 
Email security
Email securityEmail security
Email security
 
Cnn
CnnCnn
Cnn
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
Artificial Neural Networks - ANN
Artificial Neural Networks - ANNArtificial Neural Networks - ANN
Artificial Neural Networks - ANN
 
Issues in knowledge representation
Issues in knowledge representationIssues in knowledge representation
Issues in knowledge representation
 
Reinforcement learning, Q-Learning
Reinforcement learning, Q-LearningReinforcement learning, Q-Learning
Reinforcement learning, Q-Learning
 

Andere mochten auch

Pulling Together: information flow throughout the scholarly supply chain
Pulling Together: information flow throughout the scholarly supply chainPulling Together: information flow throughout the scholarly supply chain
Pulling Together: information flow throughout the scholarly supply chainRinggold Inc
 
S1 manajemen a1 2013 513 256
S1 manajemen a1 2013 513 256S1 manajemen a1 2013 513 256
S1 manajemen a1 2013 513 256Ajeng Pandumi
 
4th Pillar Council
4th Pillar Council4th Pillar Council
4th Pillar Councilbwatson
 
2.2b deep dive ect financial position 27 jan 16 v3 final
2.2b deep dive ect financial position 27 jan 16 v3 final2.2b deep dive ect financial position 27 jan 16 v3 final
2.2b deep dive ect financial position 27 jan 16 v3 finalMatthew Cunningham
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentationolka11211121
 
#IMPACTv #LiveTalk by Elizabeth Newman
#IMPACTv #LiveTalk by Elizabeth Newman#IMPACTv #LiveTalk by Elizabeth Newman
#IMPACTv #LiveTalk by Elizabeth Newmanimpactv
 
2015 Broken Hill Resources Investment Symposium - Richard Morrow
2015 Broken Hill Resources Investment Symposium - Richard Morrow2015 Broken Hill Resources Investment Symposium - Richard Morrow
2015 Broken Hill Resources Investment Symposium - Richard MorrowSymposium
 
#IMPACTv #LiveTalk by Madeline Di Nonno
#IMPACTv #LiveTalk by Madeline Di Nonno#IMPACTv #LiveTalk by Madeline Di Nonno
#IMPACTv #LiveTalk by Madeline Di Nonnoimpactv
 
Revista Oficial Dreamcast #11
Revista Oficial Dreamcast #11Revista Oficial Dreamcast #11
Revista Oficial Dreamcast #11museodreamcast
 
Historia de fausto
Historia de faustoHistoria de fausto
Historia de faustom23rm
 
Immunity and virus
Immunity and virusImmunity and virus
Immunity and virusjayarajgr
 
Study on Exiled or Banned writers in respect to Cultural Studies.
Study on Exiled or Banned writers in respect to Cultural Studies.Study on Exiled or Banned writers in respect to Cultural Studies.
Study on Exiled or Banned writers in respect to Cultural Studies.JaytiThakar94
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Craig Larman - Scaling Lean & Agile Development
Craig Larman - Scaling Lean & Agile Development Craig Larman - Scaling Lean & Agile Development
Craig Larman - Scaling Lean & Agile Development Valtech
 
Cerita rakyat legenda aryo menak
Cerita rakyat legenda aryo menakCerita rakyat legenda aryo menak
Cerita rakyat legenda aryo menakResdianto
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 

Andere mochten auch (20)

Pulling Together: information flow throughout the scholarly supply chain
Pulling Together: information flow throughout the scholarly supply chainPulling Together: information flow throughout the scholarly supply chain
Pulling Together: information flow throughout the scholarly supply chain
 
S1 manajemen a1 2013 513 256
S1 manajemen a1 2013 513 256S1 manajemen a1 2013 513 256
S1 manajemen a1 2013 513 256
 
4th Pillar Council
4th Pillar Council4th Pillar Council
4th Pillar Council
 
Makalah ilmu sosial budaya
Makalah ilmu sosial budayaMakalah ilmu sosial budaya
Makalah ilmu sosial budaya
 
2.2b deep dive ect financial position 27 jan 16 v3 final
2.2b deep dive ect financial position 27 jan 16 v3 final2.2b deep dive ect financial position 27 jan 16 v3 final
2.2b deep dive ect financial position 27 jan 16 v3 final
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
#IMPACTv #LiveTalk by Elizabeth Newman
#IMPACTv #LiveTalk by Elizabeth Newman#IMPACTv #LiveTalk by Elizabeth Newman
#IMPACTv #LiveTalk by Elizabeth Newman
 
2015 Broken Hill Resources Investment Symposium - Richard Morrow
2015 Broken Hill Resources Investment Symposium - Richard Morrow2015 Broken Hill Resources Investment Symposium - Richard Morrow
2015 Broken Hill Resources Investment Symposium - Richard Morrow
 
#IMPACTv #LiveTalk by Madeline Di Nonno
#IMPACTv #LiveTalk by Madeline Di Nonno#IMPACTv #LiveTalk by Madeline Di Nonno
#IMPACTv #LiveTalk by Madeline Di Nonno
 
Revista Oficial Dreamcast #11
Revista Oficial Dreamcast #11Revista Oficial Dreamcast #11
Revista Oficial Dreamcast #11
 
Historia de fausto
Historia de faustoHistoria de fausto
Historia de fausto
 
Immunity and virus
Immunity and virusImmunity and virus
Immunity and virus
 
Study on Exiled or Banned writers in respect to Cultural Studies.
Study on Exiled or Banned writers in respect to Cultural Studies.Study on Exiled or Banned writers in respect to Cultural Studies.
Study on Exiled or Banned writers in respect to Cultural Studies.
 
SSC
SSCSSC
SSC
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Dalagang pilipina
Dalagang pilipinaDalagang pilipina
Dalagang pilipina
 
Craig Larman - Scaling Lean & Agile Development
Craig Larman - Scaling Lean & Agile Development Craig Larman - Scaling Lean & Agile Development
Craig Larman - Scaling Lean & Agile Development
 
Spot'it- 22.11-28.11 -שבוע רביעי
Spot'it- 22.11-28.11 -שבוע רביעיSpot'it- 22.11-28.11 -שבוע רביעי
Spot'it- 22.11-28.11 -שבוע רביעי
 
Cerita rakyat legenda aryo menak
Cerita rakyat legenda aryo menakCerita rakyat legenda aryo menak
Cerita rakyat legenda aryo menak
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 

Ähnlich wie BAIT1103 Chapter 7

Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testingsakshisoni076
 
Cs8792 cns - unit v
Cs8792   cns - unit vCs8792   cns - unit v
Cs8792 cns - unit vArthyR3
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptxdotco
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarDr. Shivashankar
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i  auditing operating systems and networksChapter 3 security part i  auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksjayussuryawan
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i  auditing operating systems and networksChapter 3 security part i  auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksTommy Zul Hidayat
 

Ähnlich wie BAIT1103 Chapter 7 (20)

Penentration testing
Penentration testingPenentration testing
Penentration testing
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Intruders
IntrudersIntruders
Intruders
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
 
Cs8792 cns - unit v
Cs8792   cns - unit vCs8792   cns - unit v
Cs8792 cns - unit v
 
ch18 ABCD.pdf
ch18 ABCD.pdfch18 ABCD.pdf
ch18 ABCD.pdf
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
ch08.ppt
ch08.pptch08.ppt
ch08.ppt
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. Shivashankar
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i  auditing operating systems and networksChapter 3 security part i  auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
Attackers process
Attackers processAttackers process
Attackers process
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i  auditing operating systems and networksChapter 3 security part i  auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 

Mehr von limsh

BAIT2164 Topics for Revision
BAIT2164 Topics for RevisionBAIT2164 Topics for Revision
BAIT2164 Topics for Revisionlimsh
 
BAIT2164 Tutorial 9
BAIT2164 Tutorial 9BAIT2164 Tutorial 9
BAIT2164 Tutorial 9limsh
 
BAIT2164 Tutorial 8
BAIT2164 Tutorial 8BAIT2164 Tutorial 8
BAIT2164 Tutorial 8limsh
 
BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)limsh
 
BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)limsh
 
BAIT2164 Tutorial 5
BAIT2164 Tutorial 5BAIT2164 Tutorial 5
BAIT2164 Tutorial 5limsh
 
BAIT2164 Tutorial 4
BAIT2164 Tutorial 4BAIT2164 Tutorial 4
BAIT2164 Tutorial 4limsh
 
BAIT2164 Tutorial 3
BAIT2164 Tutorial 3BAIT2164 Tutorial 3
BAIT2164 Tutorial 3limsh
 
BAIT2164 Tutorial 2
BAIT2164 Tutorial 2BAIT2164 Tutorial 2
BAIT2164 Tutorial 2limsh
 
BAIT2164 Tutorial 1
BAIT2164 Tutorial 1BAIT2164 Tutorial 1
BAIT2164 Tutorial 1limsh
 
BAIT1103 Assignment Presentation
BAIT1103 Assignment PresentationBAIT1103 Assignment Presentation
BAIT1103 Assignment Presentationlimsh
 
BAIT1103 Tutorial 8
BAIT1103 Tutorial 8BAIT1103 Tutorial 8
BAIT1103 Tutorial 8limsh
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
BAIT1103 Tutorial 7
BAIT1103 Tutorial 7BAIT1103 Tutorial 7
BAIT1103 Tutorial 7limsh
 
BAIT1103 Tutorial 6
BAIT1103 Tutorial 6BAIT1103 Tutorial 6
BAIT1103 Tutorial 6limsh
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
BAIT1103 Tutorial 5
BAIT1103 Tutorial 5BAIT1103 Tutorial 5
BAIT1103 Tutorial 5limsh
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
BAIT1103 Tutorial 4
BAIT1103 Tutorial 4BAIT1103 Tutorial 4
BAIT1103 Tutorial 4limsh
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 

Mehr von limsh (20)

BAIT2164 Topics for Revision
BAIT2164 Topics for RevisionBAIT2164 Topics for Revision
BAIT2164 Topics for Revision
 
BAIT2164 Tutorial 9
BAIT2164 Tutorial 9BAIT2164 Tutorial 9
BAIT2164 Tutorial 9
 
BAIT2164 Tutorial 8
BAIT2164 Tutorial 8BAIT2164 Tutorial 8
BAIT2164 Tutorial 8
 
BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)
 
BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)
 
BAIT2164 Tutorial 5
BAIT2164 Tutorial 5BAIT2164 Tutorial 5
BAIT2164 Tutorial 5
 
BAIT2164 Tutorial 4
BAIT2164 Tutorial 4BAIT2164 Tutorial 4
BAIT2164 Tutorial 4
 
BAIT2164 Tutorial 3
BAIT2164 Tutorial 3BAIT2164 Tutorial 3
BAIT2164 Tutorial 3
 
BAIT2164 Tutorial 2
BAIT2164 Tutorial 2BAIT2164 Tutorial 2
BAIT2164 Tutorial 2
 
BAIT2164 Tutorial 1
BAIT2164 Tutorial 1BAIT2164 Tutorial 1
BAIT2164 Tutorial 1
 
BAIT1103 Assignment Presentation
BAIT1103 Assignment PresentationBAIT1103 Assignment Presentation
BAIT1103 Assignment Presentation
 
BAIT1103 Tutorial 8
BAIT1103 Tutorial 8BAIT1103 Tutorial 8
BAIT1103 Tutorial 8
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
BAIT1103 Tutorial 7
BAIT1103 Tutorial 7BAIT1103 Tutorial 7
BAIT1103 Tutorial 7
 
BAIT1103 Tutorial 6
BAIT1103 Tutorial 6BAIT1103 Tutorial 6
BAIT1103 Tutorial 6
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
BAIT1103 Tutorial 5
BAIT1103 Tutorial 5BAIT1103 Tutorial 5
BAIT1103 Tutorial 5
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
 
BAIT1103 Tutorial 4
BAIT1103 Tutorial 4BAIT1103 Tutorial 4
BAIT1103 Tutorial 4
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 

Kürzlich hochgeladen

How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...CaraSkikne1
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapitolTechU
 
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRATanmoy Mishra
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
Protein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptxProtein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptxvidhisharma994099
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
How to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using CodeHow to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using CodeCeline George
 
Optical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxOptical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxPurva Nikam
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17Celine George
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTDR. SNEHA NAIR
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.raviapr7
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 
EBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting BlEBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting BlDr. Bruce A. Johnson
 
Work Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sashaWork Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sashasashalaycock03
 

Kürzlich hochgeladen (20)

How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptx
 
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Protein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptxProtein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptx
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
How to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using CodeHow to Send Emails From Odoo 17 Using Code
How to Send Emails From Odoo 17 Using Code
 
Optical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptxOptical Fibre and It's Applications.pptx
Optical Fibre and It's Applications.pptx
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 
EBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting BlEBUS5423 Data Analytics and Reporting Bl
EBUS5423 Data Analytics and Reporting Bl
 
Work Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sashaWork Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sasha
 

BAIT1103 Chapter 7

  • 2. Key Points • Unauthorized intrusion into a computer system or network is one of the most serious threats to computer security. • Intrusion detection systems have been developed to provide early warning of an intrusion so that defensive action can be taken to prevent or minimize damage. • Intrusion detection involves detecting unusual patterns of activity or patterns of activity that are known to correlate with intrusions. • One important element of intrusion prevention is password management, with the goal of preventing unauthorized users from having access to the passwords of others.
  • 3. Intruders • Three classes of intruders: Masquerader • An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account Misfeasor • A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges Clandestine user • An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
  • 4. Examples of Intrusion • Performing a remote root compromise of an e-mail server • Defacing a Web server • Guessing and cracking passwords • Copying a database containing credit card numbers • Viewing sensitive data, including payroll records and medical information, without authorization • Running a packet sniffer on a workstation to capture usernames and passwords • Using a permission error on an anonymous FTP server to distribute pirated software and music files • Dialing into an unsecured modem and gaining internal network access • Posing as an executive, calling the help desk, resetting the executive’s email password, and learning the new password • Using an unattended, logged-in workstation without permission
  • 5. Hackers • Traditionally, those who hack into computers do so for the thrill of it or for status • Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are designed to counter hacker threats • In addition to using such systems, organizations can consider restricting remote logons to specific IP addresses and/or use virtual private network technology • CERTs • Computer emergency response teams • These cooperative ventures collect information about system vulnerabilities and disseminate it to systems managers • Hackers also routinely read CERT reports • It is important for system administrators to quickly insert all software patches to discovered vulnerabilities
  • 6. Criminal hackers • Organized groups of hackers • Usually have specific targets, or at least classes of targets in mind • Once a site is penetrated, the attacker acts quickly, scooping up as much valuable information as possible and exiting • IDSs and IPSs can be used for these types of attackers, but may be less effective because of the quick in-and-out nature of the attack
  • 7. Insider Attacks • Among the most difficult to detect and prevent • Can be motivated by revenge or simply a feeling of entitlement • Countermeasures: Enforce least privilege, only allowing access to the resources employees need to do their job Set logs to see what users access and what commands they are entering Protect sensitive resources with strong authentication Upon termination, delete employee’s computer and network access Upon termination, make a mirror image of employee’s hard drive before reissuing it (used as evidence if your company information turns up at a competitor
  • 8. Intrusion Techniques • Objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system • Most initial attacks use system or software vulnerabilities that allow a user to execute code that opens a backdoor into the system • Ways to protect a password file: One-way functioning • The system stores only the value of a function based on the user’s password Access control • Access to the password file is limited to one or a very few accounts
  • 9. Password Guessing 1. Try default passwords used with standard accounts that are shipped with the system. Many administrators do not bother to change these defaults. 2. Exhaustively try all short passwords (those of one to three characters). 3. Try words in the system’s online dictionary or a list of likely passwords. Examples of the latter are readily available on hacker bulletin boards. 4. Collect information about users, such as their full names, the names of their spouse and children, pictures in their office, and books in their office that are related to hobbies. 5. Try users’ phone numbers, Social Security numbers, and room numbers. 6. Try all legitimate license plate numbers for this state. 7. Use a Trojan horse to bypass restrictions on access. 8. Tap the line between a remote user and the host system.
  • 10. countermeasures • Detection • Learning of an attack, either before or after it success. • Prevention • Attempts to thwart all possible attacks (a very challenging task) • The attacker is free to try to find the weakest link in the defence chain and attack at that point.
  • 11. Intrusion Detection • A system’s second line of defense • Is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified • Considerations: • If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system before any damage is done or any data are compromised • An effective intrusion detection system can serve as a deterrent, so acting to prevent intrusions • Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility
  • 12. Intrusion Detection • Symptoms: • A buffer overflow has been exploited, and now attack code is being executed inside a legitimate program. • Outsider gained access to a protected resource. • A program or file has been modified. • System is not behaving “as it should”.
  • 13. Based on assumption that behavior of intruder differs from legitimate user.
  • 15. Approaches to Intrusion Detection • Statistical anomaly detection • Involves the collection of data relating to the behavior of legitimate users over a period of time • Then statistical tests are applied to observed behavior to determine whether that behavior is not legitimate user behavior • Threshold detection • This approach involves defining thresholds, independent of user, for the frequency of occurrence of various events • Profile based • A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts • Rule-based detection • Involves an attempt to define a set of rules or attack patterns that can be used to decide that a given behavior is that of an intruder • Often referred to as signature detection
  • 16. Audit Records • Fundamental tool for intrusion detection Native audit records Detection-specific audit records Virtually all multiuser operating systems include accounting software that collects information on user activity A collection facility can be implemented that generates audit records containing only that information required by the intrusion detection system The advantage of using this information is that no additional collection software is needed One advantage of such an approach is that it could be made vendor independent and ported to a variety of systems The disadvantage is that the native audit records may not contain the needed information or may contain it in a convenient form The disadvantage is the extra overhead involved in having two accounting packages running on a machine
  • 17. Statistical Anomaly Detection • Threshold detection • Involves counting the number of occurrences of a specific event type over an interval of time • If the count surpasses what is considered a reasonable number that one might expect to occur, then intrusion is assumed • By itself is a crude and ineffective detector of even moderately sophisticated attacks • Profile-based • Focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations • A profile may consist of a set of parameters, so that deviation on just a single parameter may not be sufficient in itself to signal an alert
  • 18. Rule-Based Intrusion Detection • Techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious Rule-based Intrusion Detection Rule-based anomaly detection Rule-based penetration identification
  • 19. Rule-Based Intrusion Detection • Rule-based anomaly detection • Is similar in terms of its approach and strengths to statistical anomaly detection • Historical audit records are analyzed to identify usage patterns and to automatically generate rules that describe those patterns • Current behavior is then observed, and each transaction is matched against the set of rules to determine if it conforms to any historically observed pattern of behavior • In order for this approach to be effective, a rather large database of rules will be needed • Rule-based penetration identification • Typically, the rules used in these systems are specific to the machine and operating system • The most fruitful approach to developing such rules is to analyze attack tools and scripts collected on the Internet • These rules can be supplemented with rules generated by knowledgeable security personnel
  • 20. Statistical anomaly detection vs rule-based detection • Statistical approaches attempt to define normal, or expected behavior. • Whereas rule-based approaches attempt to define proper behavior. • Statistical works better against masqueraders, who are unlikely to mimic the behavior patterns of the accounts they appropriate. However, it is not effective against misfeasors. • Rule-based is better for misfeasors. • In practice, both approaches are used.
  • 21. Measures used for intrusion detection • Login frequency by day and time. • Frequency of login at different locations. • Time since last login. • Password failures at login. • Execution frequency. • Execution denials. • Read, write, create, delete frequency. • Failure count for read, write, create and delete.
  • 22. Distributed Intrusion Detection • Traditional systems focused on single-system stand-alone facilities • The typical organization, however, needs to defend a distributed collection of hosts supported by a LAN or internetwork • A more effective defense can be achieved by coordination and cooperation among intrusion detection systems across the network • Major design issues: A distributed intrusion detection system may need to deal with different audit record formats One or more nodes in the network will serve as collection and analysis points for the data from the systems on the network Either a centralized or decentralized architecture can be used
  • 23. Host agent module: An audit collection module operating as a background process on a monitored system. It’s a purpose is to collect data on securityrelated events on the host and transmit these to the central manager LAN monitor agent module: Operates in the same fashion as a host agent module except that is analyzes LAN traffic and reports the results to the central manager. Central manager module: Receives reports from LAN monitor and host agents and processes and correlates these reports to detect intrusion.
  • 24. 1. The agent captures each audit record produced by the native audit collection system. 2. A filter is applied that retains only those records that are of security interest. 3. These records are then reformatted into standardized format as host audit record (HAR). 4. A template-driven logic module analyzes the records for suspicious activity. 5. The agent scans for notable events that are of interest independent of any past events. 6. The agent looks for anomalous behavior of an individual user based on a historical profile of that user. 7. When suspicious activity is detected, an alert is sent to the central manager. 8. The central manager includes an expert system that can draw inferences from received data.
  • 25. Honeypots • Decoy systems that are designed to lure a potential attacker away from critical systems Has no production value Designed to: • These systems are filled with fabricated information designed to appear valuable but that a legitimate user of the system wouldn’t access • Thus, any attempt to communicate with the system is most likely a probe, scan, or attack • Divert an attacker from accessing critical systems • Collect information about the attacker’s activity • Encourage the attacker to stay on the system long enough for administrators to respond • Because any attack against the honeypot is made to seem successful, administrators have time to mobilize and log and track the attacker without ever exposing productive systems • Recent research has focused on building entire honeypot networks that emulate an enterprise, possible with actual or simulated traffic and data
  • 26. A honeypot outside the external firewall (location 1) is useful for tracking attempts to connect to unused IP addresses within the scope of the network. A honeypot at this location does not increase the risk for the internal network. The danger of having a compromised system behind the firewall is avoided. The network of externally available services, such as Web and mail, often called the DMZ (demilitarized zone), is another candidate for locating a honeypot (location 2). The security administrator must assure that the other systems in the DMZ are secure against any activity generated by the honeypot.
  • 27. A fully internal honeypot (location 3) Advantages • It can catch internal attacks. • It can also detect a misconfigured firewall that forwards impermissible traffic from the Internet to the internal network. Disadvantages • If the honeypot is compromised so that it can attack other internal systems. • Any further traffic from the Internet to the attacker is not blocked by the firewall because it is regarded as traffic to the honeypot only. • The firewall must adjust its filtering to allow traffic to the honeypot, thus complicating firewall configuration and potentially compromising the internal network.
  • 28. Password Management • Front line of defense against intruders • Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password • Password serves to authenticate the ID of the individual logging on to the system • The ID provides security by: • Determining whether the user is authorized to gain access to a system • Determining the privileges accorded to the user • Used in discretionary access control
  • 29. Attack strategies and countermeasures Workstation hijacking Exploiting user mistakes • The attacker waits until a logged-in workstation is unattended • The standard countermeasure is automatically logging the workstation out after a period of inactivity • Attackers are frequently successful in obtaining passwords by using social engineering tactics that trick the user or an account manager into revealing a password; a user may intentionally share a password to enable a colleague to share files; users tend to write passwords down because it is difficult to remember them • Countermeasures include user training, intrusion detection, and simpler passwords combined with another authentication mechanism Offline dictionary attack Specific account attack • Determined hackers can frequently bypass access controls and gain access to the system’s password file • Countermeasures include controls to prevent unauthorized access to the password file, intrusion detection measures to identify a compromise, and rapid reissuance of passwords should the password file be compromised • The attacker targets a specific account and submits password guesses until the correct password is discovered • The standard countermeasure is an account lockout mechanism, which locks out access to the account after a number of failed login attempts
  • 30. Attack strategies and countermeasures Electronic monitoring • If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping • Simple encryption will not fix this problem, because the encrypted password is, in effect, the password and can be observed and reused by an adversary Password guessing against single user • The attacker attempts to gain knowledge about the account holder and system password policies and uses that knowledge to guess the password • Countermeasures include training in and enforcement of password policies that make passwords difficult to guess Exploiting multiple password use Popular password attack • Attacks can become much more effective or damaging if different network devices share the same or a similar password for a given user • Countermeasures include a policy that forbids the same or similar password on particular network devices • Attack is to use a popular password and try it against a wide range of user IDs • Countermeasures include policies to inhibit the selection by users of common passwords and scanning the IP addresses of authentication requests and client cookies for submission patterns
  • 31. A widely used password security technique is the use of hashed passwords and a salt value. This scheme is found on virtually all UNIX variants as well as on a number of other operating systems. To load a new password into the system, the user selects or is assigned a password. This password is combined with a fixedlength salt value. In older implementations, this value is related to the time at which the password is assigned to the user. Newer implementations use a pseudorandom or random number. The password and salt serve as inputs to a hashing algorithm to produce a fixed-length hash code. The hash algorithm is designed to be slow to execute to thwart attacks. The hashed password is then stored, together with a plaintext copy of the salt, in the password file for the corresponding user ID. The hashed-password method has been shown to be secure against a variety of cryptanalytic attacks.
  • 32. Unix implementations • Crypt(3) • • • Was designed to discourage guessing attacks This particular implementation is now considered inadequate Despite its known weaknesses, this UNIX scheme is still often required for compatibility with existing account management software or in multivendor environments • MD5 secure hash algorithm • • The recommended hash function for many UNIX systems, including Linux, Solaris, and FreeBSD Far slower than crypt(3) • Bcrypt • • • • • Developed for OpenBSD Probably the most secure version of the UNIX hash/salt scheme Uses a hash function based on the Blowfish symmetric block cipher Slow to execute Includes a cost variable
  • 33. Password selection strategies • The goal is to eliminate guessable passwords while allowing the user to select a password that is memorable • Four basic techniques are in use: User education •Users can be told the importance of using hardto-guess passwords and can be provided with guidelines for selecting strong passwords Computer-generated passwords •Computer-generated password schemes have a history of poor acceptance by users •Users have difficulty remembering them Reactive password checking Proactive password checking •A strategy in which the system periodically runs its own password cracker to find guessable passwords •A user is allowed to select his or her own password, however, at the time of selection, the system checks to see if the password is allowable and, if not, rejects it
  • 34. Password selection strategies • User education • Users can be told the importance of using hard-to-guess passwords and can be provided with guidelines for selecting strong passwords. This user education strategy is unlikely to succeed at most installations, particularly where there is a large user population or a lot of turnover. Many users will simply ignore the guidelines. • Others may not be good judges of what is a strong password. For example, many users (mistakenly) believe that reversing a word or capitalizing the last letter makes a password unguessable. • Computer generated passwords • Computer-generated passwords also have problems. If the passwords are quite random in nature, users will not be able to remember them. Even if the password is pronounceable, the user may have difficulty remembering it and so be tempted to write it down. In general, computer-generated password schemes have a history of poor acceptance by users.
  • 35. Password selection strategies • Reactive password checking • A reactive password checking strategy is one in which the system periodically runs its own password cracker to find guessable passwords. The system cancels any passwords that are guessed and notifies the user. This tactic has a number of drawbacks. First, it is resource intensive if the job is done right. Because a determined opponent who is able to steal a password file can devote full CPU time to the task for hours or even days, an effective reactive password checker is at a distinct disadvantage. Furthermore, any existing passwords remain vulnerable until the reactive password checker finds them. • Proactive password checking • • The most promising approach to improved password security is a proactive password checker . In this scheme, a user is allowed to select his or her own password. However, at the time of selection, the system checks to see if the password is allowable and, if not, rejects it. Such checkers are based on the philosophy that, with sufficient guidance from the system, users can select memorable passwords from a fairly large password space that are not likely to be guessed in a dictionary attack. The trick with a proactive password checker is to strike a balance between user acceptability and strength. If the system rejects too many passwords, users will complain that it is too hard to select a password. If the system uses some simple algorithm to define what is acceptable, this provides guidance to password crackers to refine their guessing technique. In the remainder of this subsection, we look at possible approaches to proactive password checking.
  • 36. Summary • Intruders • Behavior patterns • Intrusion techniques • Intrusion detection • Password management • The vulnerability of passwords • The use of hashed passwords • Audit records • User password choices • Statistical anomaly detection • Password selection strategies • Rule-based intrusion detection • Distributed intrusion detection • Honeypots