4.3 Internet & Cyber Attacks

Loading...

From the course by Yonsei University

Introduction to TCP/IP

212 оценки

Yonsei University

Introduction to TCP/IP

212 оценки

You use the Internet through your PC (Personal Computer), laptop, tablet, smartpad, and smartphone every day in everything you do. Through your own PC/laptop, you can easily learn everything about the Internet, and that is what this course is focused on. In this course ‘Introduction to TCP/IP,’ you will learn the operational functions of Internet technologies (which include IPv4, IPv6, TCP, UDP, addressing, routing, domain names, etc.) and your PC/laptop's security and gateway Internet setup and basic principles. In addition, through a simple Wireshark experiment, you will see the TCP/IP packets and security systems in action that are serving your PC/laptop, that serves you.

From the lesson

Internet Security

The module ‘Internet Security’ focuses on the most popular Internet attack types and describes the methods used by your PC/laptop/smartphone to prevent and defend against cyber attacks. The first lecture ‘Top Ranking Internet Attacks’ describes the most commonly occurring attack types and ranks them based on the percentage of attack incidents. Your PC/laptop/smartphone has been receiving these attacks 100%, you just did not know it, but now you will. The lecture ‘Growing Security & Threat Issues’ discusses about zombie computers and botnets and other emerging attack techniques, which may be contaminating your PC/laptop/smartphone. The lectures in ‘Internet & Cyber Attacks’ include the most serious cyber attack types of Phishing, DoS (Denial of Service) & DDoS (Distributed DoS), Overflow, MITM (Man-in-the-Middle) Attack, and SQL (Structured Query Language) Injection. The lectures in ‘Internet Security & Protection’ focus on the most commonly used attack defense/security techniques used by your PC/laptop/smartphone, which include Firewalls, IDS (Intrusion Detection System), TLS (Transport Layer Security), WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), WPA2, and SSH (Secure Shell).

4.3 Internet & Cyber Attacks9:17

Meet the Instructors

Jong-Moon Chung
Professor, School of Electrical & Electronic Engineering
Director, Communications & Networking Laboratory

Now let's look into internet and cyber attacks.

We're going to start off with phishing.

Hacker phishing around to

obtain resources and information by disguising as a trustworthy entity,

is what we call phishing.

Typically e-mail is used and

the information types that are hunted around are for user names,

passwords, credit card information, and money.

Phishing e-mails commonly contain

attachment files and web links that are infected with malware,

so you have to be very careful.

Spear phishing is one type.

Here, phishing to an individual or a company,

and it uses personal information of the individual to increase the success probability.

In other words, with personal information about you,

it can fool you.

In addition, most common and successful types of security attacks are phishing,

where it accounts for over 90%,

and I'm sure throughout the process you may

have experienced this as I have several times.

The second type is clone phishing.

Here, legitimate, previously delivered e-mail,

is resent to the receiver,

containing an attachment file or a website link that is infected with malware.

It fools the receiver as if it is an update or a replied e-mail.

Then there is whaling.

This is a phishing attack made on a high-ranked executive of

the company to attack important business files using executive level access.

Because this is a big fish,

we call it whaling.

Link manipulation.

Here, phishing website link that is

infected with malware or connects to a hacker website.

It looks like a popular, legitimate, website link.

The hacker's web address is disguised under text or a tab that is not shown.

The next phishing type is filter evasion.

Here, phishing e-mails that use images instead of

text to avoid anti-phishing filters used in security systems.

The next type is website forgery.

Here, phishing website replaces the user address bar

or web site with the hacker's address bar or website.

The user is fooled into providing important login information,

password information, and account information to the hacker.

The next type is covert redirect.

In this type, this corrupts a website to have

a malicious login pop up

dialogue box that covertly redirects a login to the hacker's website.

So after login, you're giving up your important information,

in addition you're logging into a website that you're not supposed to.

Next is social engineering.

This provokes a user to click on a malicious link or a hacker's website.

In other words, it uses fake news to provoke a user.

Then once you are logged into a hacker website,

basically you are under the hacker's control.

The next type is phone phishing.

Here, a telephone call or

an SMS text message to trick people into giving up personal information,

is a way that the phishing attack is made.

Next we're going to study about DoS and DDoS attacks.

Here, DoS stands for denial of service and this is a very popular type of an attack.

This is a cyber attack that disables a device or a network by

making operational resources unavailable through overloading or malfunctioning.

The next one is a distributed DoS attack which is called a DDoS attack.

Here, the DoS attack is made by using

multiple distributed systems which are botnets or zombie computers,

or other types of computers that are contaminated with malware.

These DoS and DDoS attacks are

enabled by other types of technologies that are combined together,

and I'll explain some of them in the following descriptions.

This is overflow. As you can see,

buffer overflow which is also known as buffer overrun,

is used in DoS and DDoS attacks.

Anomaly program, which is a malware overruns

the buffer boundary and overwrites into adjacent memory locations.

Some of the possible defense schemes that you can have include;

randomizing the layout of your memory,

deliberately leaving space between buffers,

monitor actions that write into adjacent memory spaces.

Two representative types of buffer overflow are stack overflow and heap overflow.

Let's look into these.

Stack buffer overflow is created by

a manipulation of a local variable related to the vulnerable buffer on the stack.

Manipulate the return address in a stack frame,

manipulate the function pointer or exception handler to create operation malfunction,

or to manipulate the stack frame's local pointer or local variable.

Then there's heat overflow.

This is used in dynamic memory allocation and

the heap is used for applications in runtime.

The heap overflow is a buffer overflow that occurs in the heap data area.

Protection methods to prevent heap overflow

include to separate the code and data to prevent execution of the payload.

In addition, randomize the heap location so it is not located at a fixed offset position.

In addition, periodically check the condition of the heap.

All of these methods are commonly applied in

operating systems and apps that you have been using.

The next one is about man-in-the middle attack.

A man-in-the-middle attack secretly relays and

manipulates packets between communicating users and servers.

This results in an active eavesdropping and manipulation of the information.

Defense against man-in-the-middle attacks include

enhanced authentication using a certificate authority

based on verified certificates from a trusted third party.

In addition, latency examination based on tamper examination.

This means that if there's a man in the middle that's taking operation and relaying,

then there should be some extra time delay process

due to the process of the man-in-the- middle,

and if you can detect that,

then maybe you can detect the man-in-the-middle.

In addition, HTTP public key pinning which is also known as certificate pinning,

is another way to do it.

Some extra details are the HHTP server first announces, pins up,

a list of public key hashes that can be used for message and data encryption.

Next is SQL Injection.

Now SQL stands for structured query language and it's pronounced as sequel.

What is it? This is used for RDBMS and RDSMS processing.

RDBMS is Relational Database Management System and

RDSMS stands for Relational Data Stream Management System.

These are database technologies.

SQL injection is a code injection technique

used to attack SQL databases and data driven applications.

Attacker finds security vulnerability in an application and

inserts SQL statements to spoof identity,

tamper with existing data,

voiding or changing transactions, changing account balances,

disclosure of data, destroy of data,

ransom data and applications.

In addition, hijack administrator role of the server or the application.

As you can see, each one of these are very serious.

These are the references that I used,

and I recommend them to you.

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2018 Все права защищены.

Загрузить из App Store

Загрузить в Google Play