Network Attack & Defense
network attack & defense
- introduction
- network attacks
- overview
- port-scans
- nessus
- summary
- references
introduction
- IBM: increases of network attacks
number of the attacks on networks of state institutions between july and august last yearly around 55 % risen
- 80% of all network attacks are committed within the firewall
of protected range ComputerWorld, Januar 2002
historical outline
- 1971 John Draper find out that a toy whistle from a Muesli box
reproduces exactly the clay/tone that a free voice grade channel opens
- 1984 in the USA are discharged the Comprehensive Crime
control act, a law that more possibilities to the secret service gives to put to credit card cheats and hackers the handicraft
- 1986 in the USA two further laws, which concern themselves
with attacks on computer systems, are adopted: The computer Fraud and electronics Communications Privacy act
- 1988 Robert Morris bring 6.000 computers in the internet with
a virus to the crash and to a punishment of $10.000 are condemned
- 1994, summer Vladimir Levin, graduate of the pc. Petersburg
Universit, steal with a Russian group of hackers 10 millions $ of the Citibank. He is arrested 1995 in London.
- 1998, 19 May members of the group of hackers of L0pht warn
of serious safety gaps. They maintain the internet in a half hour to paralyze to be able.
network attacks
overview
- term clarifying
- the term network attack is legally problematic
- The legal definition of an attack assumes this took place only if someone arrived into the network!
- possible aggressors - Hackers (private or professional)
- classically
- overcoming of entrance barriers
- no destruction of data
- no change of data
- criminal (Cracker)
- spying data
- manipulation of data
- destruction of data and systems
- classically
- possible attack targets
- everyone is endangers
- everyone is a goal
- nearly everyone was already a goal
- goals of the aggressor
- feigning a wrong identity
- seeing confidential enterprise data
- changing and falsifying data/messages
- transfer of dangerous programs into the system
- enterprises in discredit bring
- motivation
- tests of the own abilities and borders
- monetary goals
- revenge of quit coworkers
- feigning a wrong identity
- seeing confidential enterprise data
- changing and falsifying data/messages
- transfer of dangerous programs into the system
- enterprises in discredit bring
- motivation
- tests of the own abilities and borders
- monetary goals
- revenge of quit coworkers
- points of attack and weak points
- what can we do?
- network analysis
port-scans
nessus
summary
- there is no chance to be save
- but you can be close to
references
- http://www.computec.ch/dokumente/allgemein/angriffsmoeglichkeiten_auf_netzwerke/angriffsmoeglichkeiten_auf_netzwerke.pdf
- http://www.telematik-institut.de/publikationen/online-vorlesungen/weitere_vorlesungen_und_skripte/SION-kap-3.4.pdf
- http://www1.logistik.fh-dortmund.de/IT-Sicherheit/50_AdministratorenTools.pdf