Intrusion Detection: Understanding Intruders, Hackers, and Their Patterns of Behavior, Slides of Computer Security

Download Intrusion Detection: Understanding Intruders, Hackers, and Their Patterns of Behavior and more Slides Computer Security in PDF only on Docsity! Lecture 10 Intrusion Detection Docsity.com Intruders classes:  two most publicized threats to security are malware and intruders  generally referred to as a hacker or cracker masquerader • likely to be an insider • an unauthorized individual who penetrates a system to exploit a legitimate user account misfeasor • generally an insider • legitimate user who misuses privileges clandestine user • can be either insider or outsider • individual who seizes supervisory control to evade auditing and access controls or to suppress audit collection Docsity.com Hacker Patterns of Behavior 1 select the target using IP lookup tools such as NSLookup, Dig, and others 2 map network for accessible services using tools such as NMAP 3 identify potentially vulnerable services (in this case, pcAnywhere) 4 brute force (guess) pcAnywhere password 5 install remote administration tool called DameWare 6 wait for administrator to log on and capture his password 7 use that password to access remainder of network Docsity.com Criminals • organized groups of hackers now a threat – corporation / government / loosely affiliated gangs – typically young – meet in underground forums – common target is credit card files on e-commerce servers • criminal hackers usually have specific targets – once penetrated act quickly and get out • IDS / IPS can be used but less effective • sensitive data should be encrypted Docsity.com Criminal Enterprise Patterns of Behavior act quickly and precisely to make their activities harder to detect exploit perimeter via vulnerable ports use Trojan horses (hidden software) to leave back doors for re-entry use sniffers to capture passwords do not stick around until noticed Docsity.com