Intruders Intrusion Techniques Password Protection Password Selection Strategies Intrusion Detection Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus Approaches Advanced Antivirus Techniques Recommended Reading and WEB Sites | Chapter 9 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden Henric Johnson Outline Intruders Intrusion Techniques Password Protection Password Selection Strategies Intrusion Detection Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus Approaches Advanced Antivirus Techniques Recommended Reading and WEB Sites Henric Johnson Intruders Three classes of intruders (hackers or crackers): Masquerader Misfeasor Clandestine user Henric Johnson Intrusion Techniques System maintain a file that associates a password with each authorized user. Password file can be protected with: One-way encryption Access Control Henric Johnson Intrusion Techniques Techniques for guessing passwords: Try default passwords. Try all short words, 1 to 3 characters long. Try all the words in an electronic dictionary(60,000). Collect information about the user’s hobbies, family names, birthday, | Chapter 9 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden Henric Johnson Outline Intruders Intrusion Techniques Password Protection Password Selection Strategies Intrusion Detection Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus Approaches Advanced Antivirus Techniques Recommended Reading and WEB Sites Henric Johnson Intruders Three classes of intruders (hackers or crackers): Masquerader Misfeasor Clandestine user Henric Johnson Intrusion Techniques System maintain a file that associates a password with each authorized user. Password file can be protected with: One-way encryption Access Control Henric Johnson Intrusion Techniques Techniques for guessing passwords: Try default passwords. Try all short words, 1 to 3 characters long. Try all the words in an electronic dictionary(60,000). Collect information about the user’s hobbies, family names, birthday, etc. Try user’s phone number, social security number, street address, etc. Try all license plate numbers (MUP103). Use a Trojan horse Tap the line between a remote user and the host system. Prevention: Enforce good password selection (Ij4Gf4Se%f#) Henric Johnson UNIX Password Scheme Loading a new password Henric Johnson UNIX Password Scheme Verifying a password file Henric Johnson Storing UNIX Passwords UNIX passwords were kept in in a publicly readable file, etc/passwords. Now they are kept in a “shadow” directory and only visible by “root”. Henric Johnson ”Salt” The salt serves three purposes: Prevents duplicate passwords. Effectively increases the length of the password. Prevents the use of hardware implementations of DES Henric Johnson Password Selecting Strategies User ducation Computer-generated passwords Reactive password checking Proactive password checking Henric Johnson Markov Model Henric Johnson Transition Matrix Determine the frequency matrix f,
