INTRUDERS
BY VISHAKHA RAUT
TE COMP
411151
OUTLINE
•
•
•
•
•
•
INTRODUCTION
TYPES OF INTRUDERS
INTRUDER BEHAVIOR PATTERNS
INTRUSION TECHNIQUES
QUESTIONS ON INTRUDERS
REFERENCES
INTRODUCTION
•
•
•
•
Publicized threats to security.
Referred to as hacker or cracker.
Intruder attacks ranges from benign to serious.
The objective of the intruder is to gain access to a
system or to increase the range of privileges accessible
on a system.
• EXAMPLES:




Defacing a web server.
Guessing and cracking passwords.
Copying a database containing credit card numbers.
Dialing into an unsecured modem and gaining internal network
access.
TYPES OF INTRUDERS
( pg no:643)
1) MASQUERADER:
 Individual who is not authorized to use the computer.
 Penetrates a system’s access controls to exploit a legitimate user’s account.
 Likely to be an outsider.
2) MISFEASOR:
 A legitimate user who accesses data, programs, or resources for which
such access is not authorized, or who is authorized for such acess but
misuses his or her privileges.
 Generally is an insider.
3) CLANDESTINE USER:
 An individual who seizes supervisory control of the system.
 Uses this control to evade auditing and access controls or to suppress audit
collection.
 Either an outsider or an insider.
INTRUDER BEHAVIOR
PATTERNS (pg no: 644-646)
1)HACKERS: (pg no:644-645)





Traditional hackers look for targets of opportunity
and then share the information with others.
Hack into the computers for thrill of it or status.
The hacking community is a strong meritocracy in
which status is determined by level of competence.
Intrusion detection systems (IDSs) and intrusion
prevention systems (IPSs) is used to counter this
type of hacker.
Organization need to restrict remote logons to
specific IP adresses and/or use virtual private n/w
technology.
2) CRIMINALS:
(pg no:645-646)
 Criminal hackers have specific targets in mind.
 Organized groups of hackers have become threat to internet –
based systems.
 Meet in underground forums to trade tips, data and coordinate
attacks.
 A common target is a credit card file at e-commerce server and
attempt to gain root acess.
 Intrusion detection systems (IDSs) and intrusion prevention
systems (IPSs) is used for this type of attack but may be less
effective becoz of quick in-and-out nature of the attack..
 Database encryption should be used for sensitive customer
information.
3) INSIDER ATTACKS:
(pg no:646)
 Difficult to detect and prevent.
 Motivated by revenge or simply a feeling of
entitlement.
 Intrusion detection systems (IDSs) and
intrusion prevention systems (IPSs) is used
to counter insider attack.
 Protect sensitive resources with strong
authentication.
 Upon termination, delete employee’s
computer and n/w acess.
 Set logs to see what users access and what
commands they are entering.
INTRUSION TECHNIQUES
(pg no:646-647)
• Most initial attacks use system or software vulnerabilities
that allow a user to execute code that opens a back door
into a system.
• Intruders can get access to a system by exploiting
attacks such as buffer overflows on a program that runs
with certain privileges.
• The intruder attempts to acquire information (user
password) that should have been protected .
• With knowledge of some other user’s password, an
intruders can log in to a system and exercise all the
privileges accorded to the legitimate user.
QUESTIONS ON INTRUDERS
1)Write a short note on intruders
(4 to 5 mks).
2) What are intruders
(3 mks).
REFERENCES
• Operating System Internals and Design
Principles (sixth edition).
By William Stallings.
Part 7 (Security).
Chp 14-Computer Security Threats
Pg no: 643-647
ANY QUESTIONS ???
THANKYOU 