Cyber Threat Indicators
Many network attacks can be prevented by sharing information about attack indicators. Each attack has unique identifiable attributes. These are known as cyber threat indicators or simply attack indicators.
For instance, a user receives an email claiming they have won a big prize (Figure 1). Clicking on the link in the email results in an attack. The attack indicators could include the fact the user did not enter that contest, the IP address of the sender, the email subject line, the included link to click, or an attachment to download, among others.
Governments are now actively promoting cybersecurity. For instance, the U.S. Department of Homeland Security (DHS) and United States Computer Emergency Readiness Team (US-CERT) are leading efforts to automate the sharing of cybersecurity information with public and private organizations at no cost. DHS and US-CERT use a system called Automated Indicator Sharing (AIS). AIS enables the sharing of attack indicators between the US government and the private sector as soon as the threat is verified.
Click here for more information on AIS.
The DHS also promotes cybersecurity to all users. For instance, they have an annual campaign in October called “Cybersecurity Awareness Month”. This campaign was developed to promote and raise awareness about cybersecurity. As shown in Figure 2, the DHS also promotes the “Stop. Think. Connect.” campaign to encourage all citizens to be safer and more secure online. The campaign provides material on a wide variety of security topics including:
- Best Practices for Creating a Password
- Best Practices for Using Public Wi-Fi
- Five Every Day Steps Towards Online Safety
- How to Recognize and Prevent Cybercrime
- Five Steps to Protecting Your Digital Home
- Click here for a complete list of topics made available by the DHS “Stop. Think. Connect.” Campaign.
Figure 1 symbolizes a victim of a phishing attack by displaying a happy but naïve lady who believes she has won a contest and must now click on the provided malicious link. Figure 2 is displaying advertising for the annual “National Cyber Security Awareness Month” promoted by the United State Department of Homeland Security.
Indikator Ancaman Cyber
Banyak serangan jaringan dapat dicegah dengan berbagi informasi tentang indikator serangan. Setiap serangan memiliki atribut unik yang dapat diidentifikasi. Ini dikenal sebagai indikator ancaman dunia maya atau hanya indikator serangan.
Misalnya, pengguna menerima email yang mengklaim bahwa mereka telah memenangkan hadiah besar (Gambar 1). Mengklik tautan di email menghasilkan serangan. Indikator serangan dapat mencakup fakta bahwa pengguna tidak mengikuti kontes itu, alamat IP pengirim, baris subjek email, tautan yang disertakan untuk diklik, atau lampiran untuk diunduh, antara lain.
Pemerintah sekarang secara aktif mempromosikan keamanan siber. Misalnya, Departemen Keamanan Dalam Negeri AS (DHS) dan Tim Kesiapan Darurat Komputer Amerika Serikat (US-CERT) memimpin upaya untuk mengotomatiskan pembagian informasi keamanan siber dengan organisasi publik dan swasta tanpa biaya. DHS dan US-CERT menggunakan sistem yang disebut Automated Indicator Sharing (AIS). AIS memungkinkan pembagian indikator serangan antara pemerintah AS dan sektor swasta segera setelah ancaman diverifikasi.
Klik di sini untuk informasi lebih lanjut tentang AIS.
DHS juga mempromosikan keamanan siber kepada semua pengguna. Misalnya, mereka memiliki kampanye tahunan di bulan Oktober yang disebut “Bulan Kesadaran Keamanan Siber”. Kampanye ini dikembangkan untuk mempromosikan dan meningkatkan kesadaran tentang keamanan siber. Seperti yang ditunjukkan pada Gambar 2, DHS juga mempromosikan "Stop. Berpikir. Menghubung." kampanye untuk mendorong semua warga untuk lebih aman dan lebih aman online. Kampanye ini memberikan materi tentang berbagai topik keamanan termasuk:
- Praktik Terbaik untuk Membuat Kata Sandi
- Praktik Terbaik untuk Menggunakan Wi-Fi Publik
- Lima Langkah Setiap Hari Menuju Keamanan Online
- Cara Mengenali dan Mencegah Kejahatan Dunia Maya
- Lima Langkah untuk Melindungi Rumah Digital Anda
- Klik di sini untuk daftar lengkap topik yang disediakan oleh DHS “Stop. Berpikir. Menghubung." Kampanye.
Gambar 1 melambangkan korban serangan phishing dengan menampilkan seorang wanita bahagia tapi naif yang percaya bahwa dia telah memenangkan kontes dan sekarang harus mengklik tautan berbahaya yang disediakan. Gambar 2 menampilkan iklan untuk “Bulan Kesadaran Keamanan Siber Nasional” tahunan yang dipromosikan oleh Departemen Keamanan Dalam Negeri Amerika Serikat.
Example wireless hacking tools:
- aircrack-ng
- kismet
- inSSIDer
- KisMAC
- Firesheep
- netStumber
Network scanning f
- Nmap
- Suoerscan
- Angry IP scanner
- NetScab Tools
packet crafting tools :
these tool is probe andf test a firewall's robustness using specially crafted oackets , tools : Hping
- Scapy
- Socat
- Yersinia
- Netcat
- Nping and Nemesis
Packert sniffers:
to capture and analyzes packet in tradisonal ethernet LAN or WAN , tools :
- Ettercap
- Dsniff
- EthweerApe
- Paros
- Fiddler
- Ratproxy
- SSLstrip
Rootkit detector
used by white hat to identity installed root kit, example tools :
- AIDE
- netfilter
- PF:Open BSD packet filter
Eavesdropping attack : it is happen when a haccker capture and listens to the network traffic . this attack also referr as sniffing or snooping
Denial of service : DOS attack prevent normal use of computer or network by valid user. after gaining accesss to your computer . A DoS attxk can crash applicaion or network services . A DoS attack can also lood the computer or network with traffic until a shutdown accur because of over load
A DoS attack can also block traffic , which result in aloss of access to network resources by autherized users
Sniffer attack : aplication or device can read, monitor and capture network data exchange and read network packet . if packet are not encrypted, a sniffer can full view data inside of packet.
Trojan Horses
The term Trojan horse originated from Greek mythology. Greek warriors offered the people of Troy (the Trojans) a giant hollow horse as a gift, as shown in the figure. The Trojans brought the giant horse into their walled city, unaware that it contained many Greek warriors. At night, after most Trojans were asleep, the warriors burst out of the horse, opened the city gates, and allowed a sizeable force to enter and take over the city.
Trojan horse malware is software that appears to be legitimate, but it contains malicious code which exploits the privileges of the user that runs it. Often, Trojans are found attached to online games.
Users are commonly tricked into loading and executing the Trojan horse on their systems. While playing the game, the user will not notice a problem. In the background, the Trojan horse has been installed on the user's system. The malicious code from the Trojan horse continues operating even after the game has been closed.
The Trojan horse concept is flexible. It can cause immediate damage, provide remote access to the system, or access through a back door. It can also perform actions as instructed remotely, such as "send me the password file once per week." This tendency of malware to send data back to the cybercriminal highlights the need to monitor outbound traffic for attack indicators.
Custom-written Trojan horses, such as those with a specific target, are difficult to detect.
Kuda Troya
Istilah kuda Troya berasal dari mitologi Yunani. Prajurit Yunani menawarkan kepada orang-orang Troy (Troy) sebuah kuda berongga raksasa sebagai hadiah, seperti yang ditunjukkan pada gambar. Trojan membawa kuda raksasa ke kota bertembok mereka, tidak menyadari bahwa itu berisi banyak prajurit Yunani. Pada malam hari, setelah sebagian besar Trojan tertidur, para prajurit keluar dari kuda, membuka gerbang kota, dan membiarkan pasukan yang cukup besar masuk dan mengambil alih kota.
Malware Trojan horse adalah perangkat lunak yang tampaknya sah, tetapi berisi kode berbahaya yang mengeksploitasi hak istimewa pengguna yang menjalankannya. Seringkali, Trojan ditemukan melekat pada game online.
Pengguna biasanya ditipu untuk memuat dan menjalankan kuda Trojan di sistem mereka. Saat bermain game, pengguna tidak akan melihat masalah. Di latar belakang, kuda Trojan telah diinstal pada sistem pengguna. Kode berbahaya dari kuda Trojan terus beroperasi bahkan setelah permainan ditutup.
Konsep kuda Trojan fleksibel. Ini dapat menyebabkan kerusakan langsung, memberikan akses jarak jauh ke sistem, atau akses melalui pintu belakang. Itu juga dapat melakukan tindakan seperti yang diinstruksikan dari jarak jauh, seperti "kirim saya file kata sandi sekali seminggu." Kecenderungan malware untuk mengirim data kembali ke penjahat dunia maya menyoroti kebutuhan untuk memantau lalu lintas keluar untuk indikator serangan.
Kuda Trojan yang ditulis khusus, seperti yang memiliki target tertentu, sulit dideteksi.
Comments
Post a Comment