Network Security
Lecture 2
Modern Network Security
Threats
!"#" $%&#'
‫ت‬#&)*%+‫ ا‬#-').)/01 $-*2
‫ت‬#-3&‫ا‬45.‫ ا‬678
‫س‬:/;+‫=)ر ا‬2:.‫ا‬
>‫ا‬:5? 6@40.‫ا‬:5? ‫رث‬#B.‫ا‬
Viruses
l
l
l
l
l
l
Virus: It is a malicious software, which attaches to
another program to execute a specific unwanted
function on a computer.
Cannot spread on their own.
Often require a host program to live in.
Infected program: a host program with virus.
Uninfected program (healthy program): a program
cleared of all viruses
Disinfected program: a program once infected but
now cleared of viruses
Virus Malicious Code
l
l
l
l
Overview a segment of an existing program.
Insert itself at the beginning, in the middle, or
at the end of an uninfected host program
Break itself into segments and insert each
segment in a different location of host
program
Virus has the same access rights as the host
program
Virus Malicious Code (Diagram)
Worms
l
l
l
Worm: It is executes arbitrary code and installs
copies of itself in the memory of the infected
computer, which then infects other hosts.
is a small piece of software that uses computer
networks and security vulnerabilities. to replicate
itself.
Worms usually slow down networks
Viruses and Worms
l
l
l
Worm is a self-replicating program, similar to
a computer virus.
A virus attaches itself to, and becomes part
of, another executable program; however, a
worm is self-contained and does not need to
be part of another program to propagate
itself.
Viruses requires a host program to run,
worms can run by themselves.
Components of Worms
Enabling vulnerability
A worm installs itself using an exploit mechanism
(email attachment, executable file, Trojan Horse) on a
vulnerable system.
l  Propagation mechanism
After gaining access to a device, the worm replicates
itself and locates new targets.
l  Payload
Any malicious code that results in some action
l
Trojan Horses
l
l
l
l
l
Trojan Horse: It is an application written to look like
something else. When a Trojan Horse is downloaded
and opened, it attacks the end-user computer from
within.
A program that appears to have some useful
functions but contains a malicious payload.
Cannot replicate itself automatically.
A virus or worm could carry a Trojan Horses.
Games can often have a Trojan Horse attached to
them
Classified of Trojan Horses
l
l
l
l
l
l
l
Remote-access Trojan Horse (enables unauthorized remote
access)
Data sending Trojan Horse (provides the attacker with sensitive
data such as passwords)
Destructive Trojan Horse (corrupts or deletes files)
Proxy Trojan Horse (user’s computer functions as a proxy
server)
FTP Trojan Horse (opens port 21)
Security software disabler Trojan Horse (stops anti-virus
programs or firewalls from functioning)
Denial of Service Trojan Horse (slows or halts network activity)
Specific Network Attacks
l
l
l
Reconnaissance Attacks
Access Attacks
Denial of Service Attacks
Reconnaissance Attacks
l
l
l
l
l
l
It is involve the unauthorized discovery and
mapping of systems, services, or
vulnerabilities.
Important information that can be compiled
during a reconnaissance attack includes the
following:
Ports open on a server
Ports open on a firewall
IP addresses on the host network
Hostnames associated with the IP addresses
Methods of Reconnaissance Attacks
l
l
l
l
Packet sniffers (also known as network
monitors)
Ping sweeps
Port scans
Information queries
Packet sniffers
l
It is a software program or a piece of
hardware with software used by hackers for
less than noble purposes such as spying on
network user traffic and collecting
passwords.
Ping Sweeps
l
l
l
A ping sweep is a basic network scanning
technique used to determine which of a
range of IP addresses map to live hosts
(computers).
a ping sweep consists of ICMP (Internet
Control Message Protocol)
Ping sweeps are among the older and slower
methods used to scan a network.
Port Scans
l
A port scanner is a software program that
surveys a host network for open ports.
Because ports are associated with
applications, the hacker can use the port and
application information to determine a way to
attack the network
Application Using TCP
Application Using UDP
Information Queries
l
l
Information queries can be sent via the
Internet to resolve hostnames from IP
addresses or vice versa.
Nslookup: is a network administration
command-line tool available for many
computer operating systems for querying the
Domain Name System (DNS) to obtain
domain name or IP address mapping or for
any other specific DNS record.