DOCSLIB.ORG

Network Security Secrets and Solutions, Third Edition / Mcclure, Scambray & Kurtz / 9381-6 / Front Composite Default Screen Matter

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network Security Secrets and Solutions, Third Edition / Mcclure, Scambray & Kurtz / 9381-6 / Front Composite Default Screen Matter Color profile:ProLib8 Generic/ Hacking CMYK Exposed: printer profile Network Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Front Composite Default screen Matter HACKING EXPOSED: NETWORK SECURITY SECRETS AND SOLUTIONS, THIRD EDITION STUART McCLURE JOEL SCAMBRAY GEORGE KURTZ Osborne/McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto P:\010Comp\Hacking\381-6\fm.vp Monday, September 10, 2001 2:11:09 PM Color profile:ProLib8 Generic/ Hacking CMYK Exposed: printer profile Network Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Front Composite Default screen Matter Osborne/McGraw-Hill 2600 Tenth Street Berkeley, California 94710 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact Osborne/McGraw-Hill at the above address. For information on transla- tions or book distributors outside the U.S.A., please see the International Contact Infor- mation page immediately following the index of this book. Hacking Exposed: Network Security Secrets and Solutions, Third Edition Copyright © 2001 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 1234567890 CUS CUS 01987654321 Book p/n 0-07-219382-4 and CD p/n 0-07-219383-2 parts of ISBN 0-07-219381-6 Publisher Proofreaders Brandon A. Nordin Stefany Otis, Linda Medoff, Vice President & Associate Publisher Paul Medoff Scott Rogers Indexer Acquisitions Editor Karin Arrigoni Jane K. Brownlow Computer Designers Project Editor Carie Abrew, Elizabeth Jang, LeeAnn Pickrell Melinda Lytle Acquisitions Coordinator Illustrators Emma Acker Michael Mueller, Lyssa Wald Technical Editors Series Design Tom Lee, Eric Schultze Dick Schwartz, Peter F. Hancik Copy Editor Cover Design Janice A. Jue Dodie Shoemaker This book was composed with Corel VENTURA™ Publisher. Information has been obtained by Osborne/McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, Osborne/McGraw-Hill, or others, Osborne/McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from use of such information. P:\010Comp\Hacking\381-6\fm.vp Monday, September 10, 2001 2:11:09 PM ColorProLib8 profile:/ Hacking Generic Exposed: CMYK printer Network profile Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Chapter 16 Composite Default screen CHAPTER 16 Hacking the Internet User 635 P:\010Comp\Hacking\381-6\ch16.vp Monday, September 10, 2001 9:44:14 AM ColorProLib8 profile:/ Hacking Generic Exposed: CMYK printer Network profile Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Chapter 16 Composite Default screen 636 Hacking Exposed: Network Security Secrets and Solutions e’ve spent a lot of time in this book talking about common techniques for break- ing into systems that are owned by companies and run by experienced adminis- Wtrators. After all, that’s where all the valuables are, right? What could malicious hackers possibly hope to attain from breaking into the average home computer? The reality is, the home computer is only part of the picture. Everyone uses the prod- ucts preyed upon in this chapter: web browsers, email readers, and all manner of Internet client software. Everyone is thus a potential victim, and the information on their system is likely just as critical as the stuff sitting on a web server, if not more so. The sheer distrib- uted nature of the problem also makes it much harder to address than its counterpart on the server side. The tools and techniques highlighted in this chapter affect not just individuals, but can also have a devastating impact on the organizations they work for. If you consider that everyone from CEO to shipping clerk uses this software for nearly 90 percent of their daily activities (namely, email reading and web browsing), it might dawn on you that this is indeed a serious issue for corporate users, as well as for the average consumer Internet surfer. Also consider the potential public relations embarrassment and potential down- stream liability for a company that perpetuated the spread of malicious code like worms by not taking the appropriate security measures. Worried yet? Hacking the Internet user is snowballing in popularity among the underground if the hail of Internet client software security advisories released in 2001 is any indication. Client- side hacking requires only a slightly different mindset from that which seeks to compro- mise major Internet servers such as www.amazon.com. The difference is one of degree of effort and scale. Instead of focusing intense intellectual effort against one unique target or specific web server application, user hacking seeks to find a common denominator among the widest range of potential victims. Typically, this common denominator is a combination of frequent Internet usage, Microsoft’s overwhelmingly popular and widely used software products, and lack of security savvy among the biological organisms oper- ating that software. We’ve already covered some of the many ways that these omnipresent factors can be exploited. Chapter 4 discussed attacks against Microsoft’s consumer operating systems most used by Internet denizens (Win 9x/ME/XP HE). Chapters 4 and 14 covered Trojans and back doors often planted on unsuspecting user’s systems, as well as the technique of “social engineering” that is so effective in getting a computer’s human operator to per- form the malicious hacker’s bidding by nontechnical means. This chapter will build on some of this work. It will introduce entirely different and more insidious paths by which back doors can be planted, as well as a more technical route for launching some of the most subliminal social attacks (that is, the subject line of an email message). Before we begin, we must warn those of faint heart that what we are about to show you is incredibly volatile if used unwisely. Unquestionably, we will be criticized for ex- plaining in detail how all these attacks are actually implemented. To which we will an- swer, as we have throughout this book: only in understanding the ways of the enemy in intimate detail will we protect potential victims. Our own journey of discovery through the material presented here was quite a jarring eye-opener. Read on to learn how to pro- tect your personal slice of the Internet. P:\010Comp\Hacking\381-6\ch16.vp Monday, September 10, 2001 9:44:14 AM ColorProLib8 profile:/ Hacking Generic Exposed: CMYK printer Network profile Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Chapter 16 Composite Default screen Chapter 16: Hacking the Internet User 637 MALICIOUS MOBILE CODE Mobile code was important in the genesis of the Internet from a static, document-based medium to the dynamic, spontaneously generated community that it is today. Some evo- lution of current mobile code technologies may yet prove to be the dominant model for computing of the future. However, current trends have moved away from reliance on such client-side execution models and toward dynamic HTML (DHTML), style sheets, and server-side scripting functionality. (Some may argue that the execution is still occur- ring on the client side, it’s just migrating deeper into the web browser.) In any case, mo- bile code, which traverses a network during its lifetime and executes at a destination machine, remains a critical part of the fabric of the Net today (see http://www.computer .org/internet/v2n6/w6gei.htm). The two dominant paradigms for mobile code, Sun’s Java and Microsoft’s ActiveX, will still be found executing in browsers everywhere and thus are critically important to any discussion of Internet client security. See Chapter 6 for a discussion of Microsoft’s .NET Frameworks, a new mobile code paradigm around which the company is building its next-generation software products. Inevitably, comparisons are drawn between ActiveX and Java. We won’t get into the debate here, but rather will talk neutrally about actual vulnerabilities discovered in each system. For a strong technical discussion of the pluses and minuses of the two mobile code models from a security perspective, see “A Comparison Between Java and ActiveX Security” by David Hopwood at http://www.users.zetnet.co.uk/hopwood/papers/ compsec97.html. Microsoft ActiveX Microsoft dubbed its first attempt at a mobile code model ActiveX. ActiveX is often de- scribed simply as Object Linking and Embedding (OLE) compound-document technology revamped for the Web. This is a vast oversimplification of the set of APIs, specifications, and ambitious development paradigms, such as COM, that actually undergird the technol- ogy, but it is the easiest way to grasp it. ActiveX applications, or controls, can be written to perform specific functions (such as displaying a movie or sound file). They can be embed- ded in a web page to provide this functionality, just like OLE supports embedding of Excel spreadsheets within Word documents. ActiveX controls typically have the file extension .ocx. (ActiveX controls written in Java are an exception.) They are embedded within web pages using the <OBJECT> tag, which specifies where the control is downloaded from. When Internet Explorer encounters a web page with an embedded ActiveX control (or multiple controls), it first checks the user’s lo- cal system Registry to find out if that component is available on his or her machine.
Load more

Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • Computer Virus Tutorial
    Computer Virus Tutorial Computer Virus Tutorial License Copyright 1996-2005, Computer Knowledge. All Rights Reserved The Computer Knowledge Virus Tutorial is a copyright product of Computer Knowledge. It also contains copyrighted material from others (used with permission). Please honor the copyrights. Read the tutorial, learn from the tutorial, download and run the PDF version of the tutorial on your computer, link to the tutorial. But, please don't copy it and claim it as your own in whole or part. The PDF version of the Computer Knowledge Virus Tutorial is NOT in the public domain. It is copyrighted by Computer Knowledge and it and all accompanying materials are protected by United States copyright law and also by international treaty provisions. The tutorial requires no payment of license fees for its use as an educational tool. If you are paying to use the tutorial please advise Computer Knowledge (PO Box 5818,www.co-bw.com Santa Maria, CA 93456 USA). Please provide contact information for those charging the fee; even a distribution fee. License for Distribution of the PDF Version No royalties are required for distribution. No fees may be charged for distribution of the tutorial. You may not use, copy, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the licensed program except as provided in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license. In no case may this product be bundled with hardware or other software without written permission from Computer Knowledge (PO Box 5818, Santa Maria, CA 93456 USA).
    [Show full text]
  • INFOSEC UPDATE 2001 Student Workbook Norwich University Eprotectit Conference March 21-22, 2001
    INFOSEC UPDATE 2001 Student Workbook Norwich University eProtectIT Conference March 21-22, 2001 M. E. Kabay, PhD, CISSP Security Leader, AtomicTangerine, Inc. [email protected] Category 11 Breaches of confidentiality Page 1 Copyright © 2001 M. E. Kabay. All rights reserved. INFOSEC UPDATE WORKSHOP -- March 20-21, 2001 11 Breaches of confidentiality 2000-02-06 Keywords: bank financial system leak confidentiality windfall investors market RISKS Vol 20 # 78 An error at the Reserve Bank of Australia caused e-mail to be sent to 64 subscribers of the bank's alert service informing them of a planned 0.5% increase in the prime interest rate. However, the message was sent out six minutes early, allowing some of those traders to sell A$3B of treasury bill and bond futures -- and making some people a great deal of money. 2000-02-06 Keywords: confidentiality human factors workstations home computer Web browsing RISKS, New York Times <http://www.nytimes.com/yr/mo/day/news/washpol/cia-impeach- deutch.html > Vol 20 # 78 The former director of the CIA, John Deutch, kept thousands of highly classified documents on his unsecured home Macintosh computer. Critics pointed out that the system was also used for browsing the Web, opening the cache of documents up to unauthorized access of various kinds. Category 11 Breaches of confidentiality Page 2 Copyright © 2001 M. E. Kabay. All rights reserved. INFOSEC UPDATE WORKSHOP -- March 20-21, 2001 2000-02-20 Keywords: confidentiality Web site RISKS, CNet < http://news.cnet.com/category/0-1005-200-1550948.html > Vol 20 # 80 H&R Block had to shut down its Web-based online tax-filing system after the financial records of at least 50 customers were divulged to other customers.
    [Show full text]
  • Antivirus HAX! Presented by Ehab Hussein Synapse Malware Research Team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) Saadtalaat (Egypt) Amr Thabet (Egypt)
    AntiVirus HAX! Presented by Ehab Hussein Synapse Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) SaadTalaat (Egypt) Amr Thabet (Egypt) http://www.synapse-labs.com [email protected] Synapse Intro History AV Detection Techniques Bypassing Sophos :) Demo Student Bounty Challenge $$$ http://www.synapse-labs.com [email protected] Security Corporate Services Services Solution Development Trainings http://www.synapse-labs.com [email protected] Viruses don't harm, ignorance does! « The Evolution of malware within the last ten years is described by the evolution of people who develop that » (Eugene kaspersky) http://www.synapse-labs.com [email protected] http://www.synapse-labs.com [email protected] – 1948 – 1966 (First theroical Approach) John von Neumann « Theory of self-reproducing automata » http://www.synapse-labs.com [email protected] – 1971 (First Worm) Robert (Bob) H. Thomas (BBN technologies) "I'm the creeper, catch me if you can!" Machine : PDP-10 System : TENEX Transport : ARPANET was the world's first operational packet switching network and the core network of a set that came to compose the global Internet. Funded by Darpa http://www.synapse-labs.com [email protected] WORM http://www.synapse-labs.com [email protected] TROJAN HORSE http://www.synapse-labs.com [email protected] – 1974/1975 (First Trojan Virus) John Walker « ANIMAL » UNIVAC 1108 http://www.synapse-labs.com [email protected] – 1982/1982 (First microcomputer Virus) Rich Skrenta « Elk Cloner » Apple II Boot Sector http://www.synapse-labs.com [email protected] BOOT SECTOR http://www.synapse-labs.com [email protected] – 1986 (First IBM-PC Virus) Basit & Amjad Farooq Alvi « Brain Boot Sector » « Pakistan Flu » « Lahore » http://www.synapse-labs.com [email protected] – 1986 (First File Infector Virus) VirDem Ver.: 1.06 (Generation #) aktive.
    [Show full text]
  • Virus Bulletin, February 2000
    ISSN 0956-9979 FEBRUARY 2000 THE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Francesca Thorneloe CONTENTS Technical Consultant: Fraser Howard Technical Editor: Jakub Kaminski COMMENT Media: Insight or Incitement? 2 Consulting Editors: VIRUS PREVALENCE TABLE 3 Nick FitzGerald, Independent consultant, NZ Ian Whalley, IBM Research, USA NEWS Richard Ford, Independent consultant, USA 1. Sunshine Conference 3 Edward Wilding, Maxima Group Plc, UK 2. Nothing if not Predictable 3 3. Feeding the Hand that Bites? 3 4. CD-ing is Believing 3 IN THIS ISSUE: LETTERS 4 • Happy Birthday Virus Bulletin! VB’s annual conference VIRUS ANALYSES is ten years old this year. Information about where, what, 1. Digital Rivers of Babylonia 6 how and who can be found on p.3. 2. Cryptomaniac 8 • How DOS your scanner rate? Thirteen FEATURE SERIES products line up in this month’s Comparative – starting on p.16 – competing for the first 1. Malware Do You Want To Go Today? Part 2 10 VB 100% awards of the new millennium. 2. Lotus Notes and Email Risks – Part 2 12 • New and Improved? Two recently discovered Windows INSIGHT file viruses are examined to reveal ever more complex Nick, Nick – Who’s There? 14 infection methods. Our analyses start on p.6. COMPARATIVE REVIEW Prescribing the Right DOS 16 OVERVIEW Exchange of Ideas 22 END NOTES AND NEWS 24 VIRUS BULLETIN ©2000 Virus Bulletin Ltd, The Pentagon, Abingdon, Oxfordshire, OX14 3YP, England. www.virusbtn.com /2000/$0.00+2.50 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form without the prior written permission of the publishers.
    [Show full text]
  • The Ultimate Cybersecurity Guide for the It Professional
    THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL { 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 } THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL 2019 Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of expo- sure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe. With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you: • Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks <pg num="001" /> <pg num="005" /> <pg num="007" /> 04 05 06 Terms to Know Experts to Blogs to Read <pg num="009" /> Follow <pg num="014" /> <pg num="013" /> 07 08 09 Events to Books to Read Movies + Shows Attend <pg num="017" /> to Watch <pg num="015" /> <pg num="019" /> 10 11 12 Communities Become a References to Engage Threat Hunter <pg num="023" /> <pg num="021" /> <pg num="022" /> 13 Appendices <pg num="024" /> <pg num="001" /> SEC.
    [Show full text]
  • Virus Bulletin, March 2000
    ISSN 0956-9979 MARCH 2000 THE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Francesca Thorneloe CONTENTS Technical Consultant: Fraser Howard Technical Editor: Jakub Kaminski COMMENT What Support Technicians Really, Really Want 2 Consulting Editors: NEWS & VIRUS PREVALENCE TABLE 3 Nick FitzGerald, Independent consultant, NZ Ian Whalley, IBM Research, USA LETTERS 4 Richard Ford, Independent consultant, USA VIRUS ANALYSES Edward Wilding, Maxima Group Plc, UK 1. 20/20 Visio 6 2. Kak-astrophic? 7 IN THIS ISSUE: OPINION Add-in Insult to Injury 8 • Limited editions: Make sure you don’t miss out on the chance to own one of Virus Bulletin’s 10 year anniversary EXCHANGE T-shirts. Details of how to order and pay are on p.3. Hollow Vic-tory 10 • Is it a bird? Is it a plane? Our corporate case study this CASE STUDY month comes from Boeing’s Computer Security Product Boeing all the Way 12 Manager, starting on p.12. FEATURE • Denial of service with a smile: Nick FitzGerald explains the latest menace and what you can or cannot do to avoid it, The File Virus Swansong? 15 starting on p.16. TUTORIAL • Exchange & mark: We kick off our new series of What DDoS it all Mean? 16 groupware anti-virus product reviews with GroupShield for Exchange on p.20. OVERVIEW Testing Exchange 18 PRODUCT REVIEWS 1. FRISK F-PROT v3.06a 19 2. NAI GroupShield v4.04 for Exchange 20 END NOTES AND NEWS 24 VIRUS BULLETIN ©2000 Virus Bulletin Ltd, The Pentagon, Abingdon, Oxfordshire, OX14 3YP, England. www.virusbtn.com /2000/$0.00+2.50 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form without the prior written permission of the publishers.
    [Show full text]
  • Computer Virus Tutorial
    Computer Virus Tutorial Computer Virus Tutorial License Copyright 1996-2005, Computer Knowledge. All Rights Reserved The Computer Knowledge Virus Tutorial is a copyright product of Computer Knowledge. It also contains copyrighted material from others (used with permission). Please honor the copyrights. Read the tutorial, learn from the tutorial, download and run the PDF version of the tutorial on your computer, link to the tutorial. But, please don't copy it and claim it as your own in whole or part. The PDF version of the Computer Knowledge Virus Tutorial is NOT in the public domain. It is copyrighted by Computer Knowledge and it and all accompanying materials are protected by United States copyright law and also by international treaty provisions. The tutorial requires no payment of license fees for its use as an educational tool. If you are paying to use the tutorial please advise Computer Knowledge (PO Box 5818, Santa Maria, CA 93456 USA). Please provide contact information for those charging the fee; even a distribution fee. License for Distribution of the PDF Version No royalties are required for distribution. No fees may be charged for distribution of the tutorial. You may not use, copy, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the licensed program except as provided in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license. In no case may this product be bundled with hardware or other software without written permission from Computer Knowledge (PO Box 5818, Santa Maria, CA 93456 USA). All distribution of the Computer Knowledge Virus Tutorial is further restricted with regard to sources which also distribute virus source code and related virus construction/creation materials.
    [Show full text]
  • The 10 Most Critical Inet Security Vulnerabilities
    The Ten Most Critical Internet Security Vulnerabilities (Updated) The Experts’ Consensus Version 2.100 October 2, 2001 Copyright 2001, The SANS Institute Stop the Break-Ins! The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws. Most of the systems compromised in the Solar Sunrise Pentagon hacking incident were attacked through a single vulnerability. A related flaw was exploited to break into many of the computers later used in massive distributed denial of service attacks. Recent compromises of Windows NT-based web servers are typically traced to entry via a well-known vulnerability. Another vulnerability is widely thought to be the means used to compromise more than 30,000 Linux systems. A few software vulnerabilities account for the majority of successful attacks because attackers are opportunistic – taking the easiest and most convenient route. They exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, by scanning the Internet for vulnerable systems. System administrators report that they have not corrected these flaws because they simply do not know which of over 500 potential problems are the ones that are most dangerous, and they are too busy to correct them all. A step by step tutorial by Mary Chaddock to help system administators get started with the top ten is available here. The information security community is meeting this problem head on by identifying the most critical Internet security problem areas – the clusters of vulnerabilities that system administrators need to eliminate immediately.
    [Show full text]
  • Research in Computer Viruses and Worms.Pdf
    Research in Computer Viruses and Worms Tom Chen SMU [email protected] Outline • About Me and SMU • Background on Viruses/Worms • Research Activities - Virus research lab - Early detection - Epidemic modeling TC/Londonmet/10-6-04 SMU Engineering p. 2 About Me • PhD in electrical engineering from U. California, Berkeley • GTE (Verizon) Labs: research in ATM switching, traffic modeling/control, network operations • 1997 joined EE Dept at SMU: traffic control, mobile agents, network security TC/Londonmet/10-6-04 SMU Engineering p. 3 About SMU • Small private university with 6 schools - engineering, sciences, arts, business, law, theology • 6,300 undergrads, 3,600 grads, 1,200 professional (law, theology) students • School of Engineering: 51 faculty in 5 departments • Dept of EE: specialization in signal processing, communications, networking, optics TC/Londonmet/10-6-04 SMU Engineering p. 4 Background on Viruses and Worms Motivations Can one IP packet cripple the Internet within 10 minutes? TC/Londonmet/10-6-04 SMU Engineering p. 6 IP/UDP 376 bytes Internet one UDP packet 25 January 2003 example - More than 1.2 billion US dollars damage - Widespread Internet congestion - Attack peaked in 10 minutes - 70% South Korea’s network paralyzed - 300,000 ISP subscribers in Portugal knocked off line - 13,000 Bank of America machines shut down - Continental Airline’s ticketing system crippled TC/Londonmet/10-6-04 SMU Engineering p. 7 IP/UDP 376 bytes Internet one UDP packet 25 January 2003 example SQL Sapphire/Slammer worm TC/Londonmet/10-6-04 SMU Engineering p. 8 Top Viruses/Worms • 70,000+ viruses are known -- only hundreds “in the wild” • A few viruses cause the most damage Worldwide economic impact $8.7 B (US$ billions) up to 2001 $2.6 B $1.1 B $1.1 B $1.0 B Love Letter Code Red Sircam Melissa ExploreZip *estimated by Computer Economics 2001 TC/Londonmet/10-6-04 SMU Engineering p.
    [Show full text]
  • Virus Protection for Windows by Roger A
    Malicious Mobile Code: Virus Protection for Windows By Roger A. Grimes Publisher: O'Reilly Pub Date: August 2001 ISBN: 1-56592-682-X Table of Pages: 542 • Contents • Index • Reviews Reader • Reviews • Errata Copyright Preface About This Book Why Another Book on Viruses? What This Book Doesn't Cover Organization of the Book Conventions Used in This Book Software Covered in This Book Comments and Questions Acknowledgments Chapter 1. Introduction Section 1.1. The Hunt Section 1.2. What Is Malicious Mobile Code? Section 1.3. Malicious Code and the Law Section 1.4. Malicious Code-Writing Subculture Section 1.5. MMC Terminology Section 1.6. Summary Chapter 2. DOS Computer Viruses Section 2.1. Introduction Section 2.2. DOS Technologies Section 2.3. DOS Virus Technologies Section 2.4. Types of DOS Viruses Section 2.5. Virus Defense Mechanisms Section 2.6. Examples of DOS Viruses Section 2.7. Detecting a DOS-Based Computer Virus Section 2.8. Removing a DOS Virus Section 2.9. Protecting Yourself from Viruses Section 2.10. Risk Assessment -- Low Section 2.11. Summary Chapter 3. Windows Technologies Section 3.1. Windows Technologies Section 3.2. New Windows Versions Section 3.3. Summary Chapter 4. Viruses in a Windows World Section 4.1. DOS Viruses on Windows Platforms Section 4.2. Windows Viruses on Windows Platforms Section 4.3. Signs and Symptoms of Windows NT Virus Infections Section 4.4. Windows Virus Examples Section 4.5. Detecting a Windows Virus Section 4.6. Removing Viruses Section 4.7. Removing Infected Files Section 4.8.
    [Show full text]
  • AIR POWER Journal of Air Power and Space Studies
    AIR POWER Journal of Air Power and Space Studies Vol. 8 No. 3, Monsoon 2013 (July-September) AIR POWER CENTRE FOR AIR POWER STUDIES New Delhi AIR POWER is published quarterly by the Forum for National Security Studies for Centre for Air Power Studies, New Delhi. Board of Trustees Shri M.K. Rasgotra, former Foreign Secretary and former High Commissioner to the UK Chairman Air Chief Marshal O.P. Mehra, PVSM, former Chief of the Air Staff and former Governor Maharashtra and Rajasthan Air Chief Marshal S.P. Tyagi, PVSM AVSM VM, former Chief of the Air Staff Secretary Defence (Finance), Ministry of Defence, 139 South Block, New Delhi (Ex Officio) Dr. Sanjaya Baru, former Media Advisor to the Prime Minister Captain Ajay Singh, Vice President, Jet Lite Airways, former Deputy Director Air Defence, Air HQ Managing Trustee Air Marshal Vinod Patney, SYSM PVSM AVSM VrC, former Vice Chief of Air Staff and Director, Centre for Air Power Studies (Ex Officio) AIR POWER Journal welcomes research articles on defence, military affairs and strategy (especially air power and space issues) of contemporary and historical interest. Articles in the Journal reflect the views and conclusions of the authors and not necessarily the opinions or policy of the Centre or any other institution. Editor-in-Chief Air Marshal Vinod Patney, SYSM PVSM AVSM VrC, (Retd) Consulting Editor Lt Col R Ghose, SM (Retd) Distributor KW Publishers Pvt. Ltd. All correspondence may be addressed to Editor-in-Chief AIR POWER Arjan Path, Subroto Park, New Delhi 110 010 Telephone: (91.11) 25699131-32 Fax: (91.11) 25682533 e-mail: [email protected] [email protected] website: www.centreforairpowerstudies.com www.centreforairpowerstudies.in www.centreforairpowerstudies.org www.aerospaceindia.org © Centre for Air Power Studies All rights reserved.
    [Show full text]