ITOP 2204: Computing Security

Architecture
Module 7 – Application/Network Attacks
 • Markup language 3
• Method for adding annotations
to text
• HTML
Markup • Uses tags surrounded by
brackets
Language • Instructs browser to display text
HTML and in specific format
XML • XML
• Carries data instead of indicating
how to display it
• No predefined set of tags
• Users define their own tags
 4

XML
Code
 5

XML attack
• Similar to SQL injection attack
• Attacker discovers Web site that does not filter
XML user data
Injection • Injects XML tags and data into the database

(cont’d.)
Xpath injection
• Specific type of XML injection attack
• Attempts to exploit XML Path Language
queries
 6

Directory traversal attack

Directory • Takes advantage of software vulnerability

• Attacker moves from root directory of
Traversal and Web Server to restricted directories
Command
Injection Command injection attack
• Attacker enters commands to execute on
a server
 7

Client-side attacks
target vulnerabilities
Client-Side in client applications
Attacks
• Client initiates connection
with server, which could
result in an attack
 8

Client-side code is JavaScript code that runs on a user’s

machine.

Client-side code is typically code that is executed by the

Client-Side web browser

Attacks Browser-based games are one popular platform for client-

side code, since the client-side code can ensure the game
runs smoothly regardless of connectivity issues.

Code that runs client side is very popular in modern web

development. In fact, cross-site scripting attacks have hit
major sites such as YouTube, Facebook, and Twitter.
 9
• Drive-by download
• Client computer compromised
simply by viewing a Web page
• Attackers inject content into
vulnerable Web server
Client-Side • Gain access to server’s
Attacks operating system
• Embed an HTML document
(cont’d.) inside main document
• Client’s browser downloads
malicious script
• Instructs computer to download
malware
 10

Header manipulation
Client-Side
Attacks • HTTP header contains fields that
characterize data being transmitted
(cont’d.) • Attacker’s short program can allow
modification
 11

Cookies and Attachments

• Cookies store user-specific information on user’s local
computer

Client-Side Web sites use cookies to identify repeat visitors

Attacks
(cont’d.) Examples of information stored in a cookie
• Travel Web sites may store user’s travel itinerary
• Personal information provided when visiting a site

Only the Web site that created a cookie can read

it
 12

First-party cookie

• Cookie created by Web site user is currently

visiting

Client-Side Third-party cookie

Attacks • Site advertisers place a cookie to record
(cont’d.) user preferences

Session cookie

• Stored in RAM and expires when browser is

closed
 13

Persistent cookie
• Recorded on computer’s hard drive
Client-Side • Does not expire when browser closes

Attacks
(cont’d.) Secure cookie
• Used only when browser visits server
over secure connection
• Always encrypted
 14

Flash cookie

• Cookies associated with Adobe Flash

• Uses more memory than traditional
cookie
Client-Side • Cannot be deleted through browser
Attacks configuration settings

(cont’d.) Cookies pose security and privacy risks

• May be stolen and used to impersonate user

• Used to tailor advertising
• Can be exploited by attackers
 15

Session hijacking

• Attacker attempts to impersonate user

by stealing or guessing session token
Client-Side
Malicious add-ons Attacks
• Browser extensions provide multimedia (cont’d.)
or interactive Web content
• Active X add-ons have several security
concerns
 • Buffer overflow attacks
16
• Involves a process that attempts
to store data in RAM beyond
boundaries of fixed-length
storage buffer
• Data overflows into adjacent
Client-Side memory locations
• May cause computer to stop
Attacks functioning
(cont’d.) • Attacker can change “return
address”
• Redirects to memory
address containing malware
code
Network Attacks
 18

Review Networking

OSI Model
Network Packet
19
20
21
 • Denial of Service (DoS)
• Attempts to prevent system from
performing normal functions
Network • Ping flood attack
Attacks • Ping utility used to send large
number of echo request
messages
• Overwhelms Web server

22
 • Denial of Service (DoS)
• Attempts to prevent system from
performing normal functions
Network • Smurf attack
• Ping request with originating
Attacks address changed
• Appears as if target computer
is asking for response from all
computers on the network

23
 24

Denial of Service (DoS) (cont’d.)

Network • SYN flood attack
Attacks • Takes advantage of procedures for
establishing a connection
TCP Three Way Handshake

25
DOS Attack

26
 27

Distributed Denial of Service

Network (DDoS)
Attacks • Attacker uses many zombie computers in a
botnet to flood a device with requests
• Virtually impossible to identify and block
sources of attack
 28

Man-in-the-middle
• Interception of legitimate communication
• Forging a fictitious response to the sender
• Passive attack records transmitted data
Interception • Active attack alters contents of transmission
before sending to recipient

Replay attacks
• Similar to passive man-in-the-middle attack
 29

Replay attacks (cont’d.)

• Attacker makes copy of transmission
• Uses copy at a later time

Interception • Example: capturing logon credentials

More sophisticated replay attacks

(cont’d.) • Attacker captures network device’s message to
server
• Later sends original, valid message to server
• Establishes trust relationship between attacker
and server
ARP Poisoning – Windows ARP
Command

30
Populating the ARP Table

31
 32

• ARP poisoning
• Attacker modifies MAC address in
the victims ARP cache to point to
attacker’s computer
ARP
Poisoning

ARP poisoning attack

 33

Poisoning (cont’d.)
ATTACKS FROM ARP POISONING
 34

DNS poisoning

• Domain Name System is current basis for

name resolution to IP address
Poisoning • DNS poisoning substitutes DNS addresses
to redirect computer to another device

(cont’d.) Two locations for DNS poisoning

• Local host table

• External DNS server
35
 36

• Privilege escalation
• Exploiting software vulnerability
to gain access to restricted data
Attacks on • Lower privilege user accesses
functions restricted to higher
Access Rights privilege users
• User with restricted privilege
accesses different restricted
privilege of a similar user
 37
• Transitive access
• Attack involving a third
party to gain access
Attacks on rights
Access Rights • Has to do with whose
(cont’d.) credentials should be
used when accessing
services
• Different users have
different access rights
38 2024-07-02 vcc.ca