CHAPTER 5 : ATTACKS

Get Started. It's Free
or sign up with your email address
CHAPTER 5 : ATTACKS by Mind Map: CHAPTER 5 : ATTACKS

1. BACKDOOR

1.1. A backdoor is a malicious computer program that is used to provide the attacker with unauthorized remote access to a compromised PC system by exploiting security vulnerabilities.

1.2. HOW DO BACKDOORS SPREAD THEMSELVES

1.2.1. Unaware PC users can accidentally install typical backdoors on their computers. They can come attached to the e-mail messages or file-sharing programs. Their authors give them unsuspicious names and trick users into opening or executing such files.

1.2.2. Backdoors are often installed by other parasites like viruses, trojans or even spyware. They get into the system without user’s knowledge and consent, and affect each of users who uses a compromised computer. Some threats can be manually installed by malicious users who have sufficient privileges for the software installation. The small part of backdoors can spread by exploiting remote systems with certain security vulnerabilities.

2. VIRUS

2.1. A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.

2.2. Boot Sector Virus – This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media. Direct Action Virus – This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance. Resident Virus – Unlike direct action viruses, resident viruses get installed on the computer. It is difficult to identify the virus and it is even difficult to remove a resident virus.

3. SMURF ATTACK

3.1. MEANING

3.1.1. Smurf is a network layer distributed denial of service (DDoS) attack, named after the DDoS.Smurf malware that enables it execution.

3.1.2. Smurf attacks are somewhat similar to ping floods, as both are carried out by sending a slews of ICMP Echo request packets.

4. SYN FLOOD ATTACK

4.1. MEANING

4.1.1. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

5. SESSION HIJAKING

5.1. MEANING

5.1.1. Session hijacking is when a hacker takes control of a user session after the user has successfully authenticated with a server.

5.1.2. Session hijacking involves an attack identifying the current session IDs of a client/server communication and taking over the client’s session.

5.2. HOW TO PREVENT SESSION HIJAKING

5.2.1. The best way to prevent session hijacking is enabling the protection from the client side. It is recommended that taking preventive measures for the session hijacking on the client side. The users should have efficient antivirus, anti-malware software, and should keep the software up to date.

6. Web Application Vulnerabilities And The Countermeasures

6.1. SQL INJECTION

6.1.1. SQL injection attacks allow attackers to spoof identity, tamper with existing data, voiding transactions and user’s balance, allow the complete disclosure of all data on the system which otherwise should only be accessible to administrator user of the database.

6.1.2. COUNTERMEASURES

6.1.2.1. Low privilege connections to the database server, passwords, bank account details, credit card information, bank routing number all such information should be redacted. Such information should be encrypted before storing them to the database to avoid identity theft.

6.2. COMMAND INJECTION

6.2.1. The hacker inserts programming commands into a web form.

6.2.2. COUNTERMEASURES

6.2.2.1. * Do not use input data directly in commands: An attacker may use clever formatting so that input is treated as its own separate command instead of as data. Therefore, validate the input and explicitly type it as data so that it cannot be interpreted as a command even if it contains one. * Avoid using command interpreters: Although not always practical, using a well maintained API will have better results than invoking commands through an interpreter or external process.

6.3. BUFFER OVERFLOW

6.3.1. Huge amounts of data are sent to a web application through a web form to execute commands.

6.3.2. COUNTERMEASURES

6.3.2.1. Various techniques have been used to detect or prevent buffer overflows, with various tradeoffs. The most reliable way to avoid or prevent buffer overflows is to use automatic protection at the language level. This sort of protection, however, cannot be applied to legacy code, and often technical, business, or cultural constraints call for a vulnerable language. The following sections describe the choices and implementations available.

6.4. COOKIE POISONING AND SNOOPING

6.4.1. The hacker corrupts or steals cookies.

6.5. AUTHENTICATION HIJACKING

6.5.1. The hacker steals a session once a user has authenticated.

6.6. DIRECTORY TRAVERSAL/UNICODE

6.6.1. The hacker browses through the folders on a system via a web browser or Windows explorer.

7. VIRUS

7.1. A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.

7.2. TYPES OF VIRUSES

7.2.1. Direct Action Virus

7.2.1.1. This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.

7.2.2. Multipartite Virus

7.2.2.1. This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

7.2.3. Polymorphic Virus

7.2.3.1. These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.

8. TROJAN

8.1. A Trojan Horse hides malware in what appears to be a normal file. Most Trojans are typically aimed at taking control of a user’s computer, stealing data and inserting more malware on to a victim’s computer.

8.2. TYPES OF TROJAN

8.2.1. Backdoor Trojan

8.2.1.1. Gives the hacker remote control over the infected computer. They can be used to pull together a number of separate, infected machines to form a botnet or zombie network that can be put to nefarious use.

8.2.2. Trojan-downloader

8.2.2.1. Is downloads and installs new versions of malware, including adware and new Trojans.

8.2.3. Rootkit Trojan

8.2.3.1. They are primarily used to avoid being detected by security software, buying time to take further advantage of the hack.

8.2.4. Exploit Trojan

8.2.4.1. Is a program that contains code that takes advantage of a known vulnerability within a piece of software running on the infected computer

8.2.5. Trojan-Spy

8.2.5.1. Is aptly named in that it spies and logs your activity doing everything from copying every keyboard button pushed to taking screenshots and then sending that data out to a hacker or hacker network.

9. WIRELESS HACKING TECHNIQUE

9.1. cracking encryption and authentication mechanisms.

9.2. eavesdropping or sniffing

9.3. denial of service

9.4. AP masquerading or spoofing

9.5. MAC Spoofing