1
Name:
DATE: Wednesday May 17th 2011
CLASS: Networking
TOPIC: Attackers and their attacks (continued).
Per:
AIM: What are some attack methods attackers use?
H.W. # 81:
1) What is Social Engineering?
2) What is Phishing?
3) Explain how an attacker would use a mathematical attack?
DO NOW:
The easiest way to attack a computer system requires almost no technical ability and is usually highly successful. Look up the term Social
Engineering at www.techweb.com/encyclopedia. What is social Engineering?
True or False:
Social Engineering is the easiest way to attack a computer system, requires almost no technical ability, and is usually highly successful.
Sample Test Question:
1) As part of your training program, you’re trying to educate users on the importance of security. You explain to them that not every
attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcoming to
gain access that should otherwise be denied. What term do you use to describe attacks of this type?
A) Social engineering
B) IDS System
C) Perimeter Security
D) Biometrics
2) Several users in your network have had their passwords stolen. Culprits tricked the users into divulging the passwords. This an
example of which type of attack?
A) Social Engineering
B) IDS System
C) Perimeter Security
D) Biometrics
3) Your help desk has informed you that they received an urgent call from the vice president last night requesting his logon ID and
password. What type of attack is this?
A) Spoofing
B) Replay attack
C) Social engineering
D) Trojan Horse
4) Why is password length important?
A) Longer passwords are impossible to hack
B) Longer passwords are harder to hack
C) Windows requires long passwords in a domain environment
D) Longer passwords can prevent password cracking programs from working properly.
PROCEDURE:
Write the AIM and DO NOW.
Get students working!
Take attendance.
Go Over HW
Collect HW
Go over the Do Now
Social engineering is not limited to telephone calls. Another approach is called phishing. Look up the term phishing and it variants at
www.techweb.com/encyclopedia. What is Phishing?
2
Social Engineering is defeated in two ways. First, you should develop strong procedures in the form of instructions or company policies
when passwords are given out, who can enter the premises, and what do to when asked questions by another employee that may reveal
protected information. The second way to defeat social engineering is by education all employees about the policies and ensuring that
these policies are followed.
True or False:
There is no defense for social engineering.
Assignment #1:
Look up the term cryptography at www.techweb.com/encyclopedia. What is cryptography?
Assignment #2:
Look up the term secret key cryptography at www.techweb.com/encyclopedia. What is secret key cryptography?
Assignment #3:
Look up the term public key cryptography at www.techweb.com/encyclopedia. What is public key cryptography?
Assignment #4:
Go to www.howstuffworks.com and look up “How Encryption works”
Assignment #5:
I. A digital certificate is a means of showing that a file is from a trusted user. Windows XP has several digital certificates installed that
have been issued by Computer Authorities. This means that Windows XP can download, install, and use software from one of these
agencies without first asking you for permission because the software is from a trusted source. In this activity, you view the settings of a
certificate.
1) On Windows XP, click Start, and then click Run.
2) Type MMC in the Open text box, and then click OK. The Console1 window opens.
3) Click File in the menu bar, and then click Add/Remove Snap-in to display the Add/Remove Snap-in dialog box.
4) Click Add to display the Add Standalone Snap-in dialog box.
5) Click Certificates in the Snap-in list, and then click Add.
6) Click My user account if it is not already selected, and then click Finish
7) Click Close in the Add Standalone Snap-in dialog box
8) In the Add/Remove Snap-in dialog box, make sure the Certificates-Current User is displayed in the Snap-in. Click OK
9) In the Console1 window now lists certificates for the current user. In the left pane, click the + sign next to Certificates – Current User
to display the certificates issued to the current user.
10) Click the + sign next to Trusted Root Certification Authorities, and then click Certificates. The certificates that have been issued are
list in the right pane.
11) Scroll down the right pane and double-click Microsoft Root Authority to display Certificate dialog box. Then click the details
Details tab.
12) In the top pane, scroll down and click Public Key to view the key in the bottom pane
13) Click OK to close the Certificate dialog box
14) Close the console1 dialog box by clicking File in the menu bar and then clicking Exit. Click No
3
Assignment #6:
Go to www.techweb.com/encyclopedia and look up the term cryptanalysis. What is cryptanalysis?
One type of cryptanalysis is a mathematical attack. A mathematical attack refers to breaking the encryption by intercepting large
quantities of encrypted information and using mathematical and statistical analysis to find the common factor (i.e. the key) or a hole in the
encryption algorithm (a backdoor). A known example is cracking WEP by using a publicly available utility such as aircrack. When
sufficient packets are ‘sniffed’ from the network, it often takes only a matter of minutes to find the key.
Assignment #7:
One
type
of
mathematical
attack
is
a
http://www.javvin.com/networksecurity/BirthdayAttack.html.
birthday
attack.
Look
up
birthday
attack
at
Assignment #8:
Another category of attacks are those in which the attacker attempts to assume the identity of a valid user. The first of these types of
identity attacks is
1) Man in the Middle Attack – Ever receive a letter from a teacher meant for your parent, sign it for your parent, then send it back
to the teacher. That is an analogy for a Man in the Middle Attack. An actual example of a Man in the Middle Attack is a hacker
who sets up his own Web site to look like a legitimate site. The hacker then intercepts the data intended for the real site to steal
passwords and credit card numbers. He can also send data back to the unsuspecting user from his own Web site.
2) Replay Attack – Similar to an active Man in the Middle Attack, however, whereas an active Man in the Middle Attack changes
the content of a message before sending it on, a replay attack only captures the message and then sends it again later (replays it).
3) TCP/IP Hijacking - By sending forged ARP information to the server, containing the MAC address of the attacker’s system
mapped to the IP address of the original client’s system, or by using ICMP Redirect message in an attempt to change the server’s
local routing table, the attacker can reroute and receive the information from the server. This allows an attacker to take over an
established session between typically a client and a server. The attacker first needs to impersonate the legitimate client and then
disconnect the legitimate client
Assignment #8:
Go to www.techweb.com/encyclopedia and look up a Smurf Attack. What is a Smurf Attack?
Assignment #9:
Malicious code, also called malware, consists of computer programs designed to break into computers or to create havoc on computers.
The most common types of malware are viruses, worms, logic bombs, Trojan horses and back doors.
Research each of the above mentioned malware types.