CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Similar documents
NETWORK SECURITY. Ch. 3: Network Attacks

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Endpoint Security - what-if analysis 1

How Insecure is Wireless LAN?

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Chapter 11: It s a Network. Introduction to Networking

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

CTS2134 Introduction to Networking. Module 08: Network Security

Accounting Information Systems

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Chapter 11: Networks

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Firewalls, Tunnels, and Network Intrusion Detection

Lab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?

Mobile Security Fall 2013

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

CHAPTER 8 SECURING INFORMATION SYSTEMS

AN INTRODUCTION TO ARP SPOOFING

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Ethical Hacking and Prevention

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Wireless LAN Security (RM12/2002)

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Chapter 4. Network Security. Part I

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

5. Execute the attack and obtain unauthorized access to the system.

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

ARP Inspection and the MAC Address Table for Transparent Firewall Mode

Introduction to Security. Computer Networks Term A15

Hacking Terminology. Mark R. Adams, CISSP KPMG LLP

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

CIS 5373 Systems Security

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

ch02 True/False Indicate whether the statement is true or false.

1. Which network design consideration would be more important to a large corporation than to a small business?

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

GCIH. GIAC Certified Incident Handler.

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

Access Controls. CISSP Guide to Security Essentials Chapter 2

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

DNS Security. Ch 1: The Importance of DNS Security. Updated

A Framework for Optimizing IP over Ethernet Naming System

ELEC5616 COMPUTER & NETWORK SECURITY

Systems and Network Security (NETW-1002)

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Wireless Network Security

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Handout 20 - Quiz 2 Solutions

Wireless Network Security Spring 2016

CompTIA E2C Security+ (2008 Edition) Exam Exam.

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Wireless Network Security Spring 2015

e-commerce Study Guide Test 2. Security Chapter 10

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Web Cash Fraud Prevention Best Practices

Configuring NAT for IP Address Conservation

Finding Feature Information

CSC 574 Computer and Network Security. TCP/IP Security

N exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

Computer Networks. Wenzhong Li. Nanjing University

Last time. Trusted Operating System Design. Security in Networks. Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance

Curso: Ethical Hacking and Countermeasures

Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic

ARP Inspection and the MAC Address Table

Linux Network Administration

Chapter 6 Network and Internet Security and Privacy

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Securing Information Systems

Wireless technology Principles of Security

Authentication Security

Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Managing Rogue Devices

What is Eavedropping?

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

CS 161 Computer Security

Lecture 12. Application Layer. Application Layer 1

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Security and Authentication

Frequently Asked Questions WPA2 Vulnerability (KRACK)

(2½ hours) Total Marks: 75

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

CIT 380: Securing Computer Systems. Network Security Concepts

Chapter 10: Security and Ethical Challenges of E-Business

Protection and Security. Sarah Diesburg Operating Systems CS 3430

PRODUCT GUIDE Wireless Intrusion Prevention Systems

CCNP Switch Questions/Answers Securing Campus Infrastructure

Copyright

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Managing Rogue Devices

Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE

Network Security and Cryptography. 2 September Marking Scheme

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018

Wireless Security and Monitoring. Training materials for wireless trainers

Unique Phishing Attacks (2008 vs in thousands)

Transcription:

CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks

Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of network attacks 2

Network Vulnerabilities There are two broad categories of network vulnerabilities: Those based on the network transport media Those found in the network devices themselves 3

Media-Based Vulnerabilities Monitoring network traffic Helps to identify and troubleshoot network problems Monitoring traffic can be done in two ways Use a switch with port mirroring To redirect traffic that occurs on some or all ports to a designated monitoring port on the switch Install a network tap (test access point) A separate device that can be installed between two network devices, such as a switch, router, or firewall, to monitor traffic 4

5

6

Media-Based Vulnerabilities (continued) 7

Media-Based Vulnerabilities (continued) Just as network taps and protocol analyzers can be used for legitimate purposes They also can be used by attackers to intercept and view network traffic Attackers can access the wired network in the following ways: False ceilings Exposed wiring Unprotected RJ-45 jacks 8

Media-Based Vulnerabilities (continued) 9

Network Device Vulnerabilities Weak passwords A password is a secret combination of letters and numbers that serves to authenticate (validate) a user by what he knows Password paradox Lengthy and complex passwords should be used and never written down It is very difficult to memorize these types of passwords Passwords can be set to expire after a set period of time, and a new one must be created 10

Network Device Vulnerabilities (continued) Characteristics of weak passwords A common word used as a password Not changing g passwords unless forced to do so Passwords that are short Personal information in a password Using the same password for all accounts Writing the password down 11

Network Device Vulnerabilities Default account (continued) A user account on a device that is created automatically by the device instead of by an administrator Used to make the initial setup and installation of the device (often by outside personnel) easier Although default accounts are intended to be deleted after the installation is completed, often they are not Default accounts are often the first targets that attackers seek 12

Network Device Vulnerabilities (continued) 13

Network Device Vulnerabilities Back door (continued) An account that is secretly set up without the administrator s knowledge or permission, that cannot be easily detected, and that allows for remote access to the device Back doors can be created on a network device in two ways The network device can be infected by an attacker using a virus, worm, or Trojan horse A programmer of the software creates a back door on the device 14

Network Device Vulnerabilities Privilege escalation (continued) It is possible to exploit a vulnerability in the network device s software to gain access to resources that the user would normally be restricted from obtaining 15

Categories of Attacks Categories include denial of service, spoofing, man-in-the-middle, and replay attacks 16

Denial of Service (DoS) Denial of service (DoS) attack Attempts to consume network resources so that the network or its devices cannot respond to legitimate requests Example: SYN flood attack See Figure 4-4 Distributed denial of service (DDoS) attack A variant of the DoS May use hundreds or thousands of zombie computers in a botnet to flood a device with requests 17

18

Denial of Service (DoS) (continued) 19

20

Denial of Service (DoS) (continued) 21

Spoofing Spoofing is impersonation Pretends to be someone or something else by presenting false information Variety of different attacks use spoofing Attacker may spoof her address so that her malicious actions would be attributed to a valid user Attacker may spoof his network address with an address of a known and trusted host Attacker can set up his AP device and trick all wireless devices to communicate with the imposter device 22

Man-in-the-Middle Middle Man-in-the-middle attack Intercepts legitimate communication and forges a fictitious response to the sender See Figure 4-8 Common on networks Can be active or passive Active attacks intercept and alter the contents before they are sent on to the recipient 23

Man-in-the-Middle Middle (continued) 24

Replay attack Replay Similar to a passive man-in-the-middle middle attack Captured data is used at a later time A simple replay would involve the man-in-the- middle capturing login credentials between the computer and the server A more sophisticated attack takes advantage of the communications between a device and a server Administrative messages that contain specific network requests ests are frequently entl sent between een a network device and a server 25

Methods of Network Attacks Network attack methods can be protocolbased or wireless As well as other methods 26

Protocol-Based Attacks Antiquated protocols TCP/IP protocols have been updated often to address security vulnerabilities SNMP is another updated protocol Used for exchanging management information between networked devices The use of community strings in the first two versions of SNMP, SNMPv1 and SNMPv2, created several vulnerabilities SNMPv3 was introduced in 1998 27

Protocol-Based Attacks (continued) DNS attacks Domain Name System (DNS) is the basis for name resolution to IP addresses today DNS poisoning Substitute a fraudulent IP address so that when a user enters a symbolic name, she is directed to the fraudulent computer site 28

Protocol-Based Attacks (continued) 29

Protocol-Based Attacks (continued) DNS poisoning (continued) Substituting a fraudulent IP address can be done in one of two different locations TCP/IP host table name system (See Figure 4-10) External DNS server Attack is called DNS poisoning (also called DNS spoofing) See Figure 4-11 DNS poisoning can be prevented by using the latest editions of the DNS software, BIND (Berkeley Internet Name Domain) 30

31

32

Protocol-Based Attacks (continued) DNS transfers Almost the reverse of DNS poisoning Attacker asks the valid DNS server for a zone transfer, known as a DNS transfer Possible for the attacker to map the entire internal network of the organization supporting the DNS server 33

Protocol-Based Attacks (continued) ARP poisoning Address Resolution Protocol (ARP) Used by TCP/IP on an Ethernet network to find the MAC address of another device The IP address and the corresponding MAC address are stored in an ARP cache for future reference An attacker could alter the MAC address in the ARP cache so that the corresponding IP address would point to a different computer 34

Protocol-Based Attacks (continued) 35

Protocol-Based Attacks (continued) TCP/IP hijacking Takes advantage of a weakness in the TCP/IP protocol The TCP header consists of two 32-bit fields that are used as packet counters Updated as packets are sent and received between devices Packets may arrive out of order Receiving device will drop any packets with lower sequence numbers 36

Protocol-Based Attacks (continued) TCP/IP hijacking (continued) If both sender and receiver have incorrect sequence numbers, the connection will hang In a TCP/IP hijacking attack, the attacker creates fictitious ( spoofed ) TCP packets to take advantage of the weaknesses 37

38

Wireless Attacks Rogue access points Rogue means someone or something that is deceitful or unreliable Bypass all of the network security and opens the entire network and all users to direct attacks An attacker who can access the network through a rogue access point is behind the firewall Can directly attack all devices on the network 39

Wireless Attacks (continued) 40

Wireless Attacks (continued) War driving Beaconing At regular intervals, a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network Scanning Each wireless device looks for those beacon frames Unapproved wireless devices can likewise pick up the beaconing RF transmission i Formally known as wireless location mapping 41

Wireless Attacks (continued) War driving (continued) War driving technically involves using an automobile to search for wireless signals over a large area Tools for conducting war driving: Mobile computing device Wireless NIC adapters Antennas Global positioning system receiver Software 42

Wireless Attacks (continued) Bluesnarfing Bluetooth A wireless technology that uses short-range RF transmissions Provides for rapid on the fly and ad hoc connections between devices The IEEE 802.15.1 standard was adapted and expanded from the existing Bluetooth standard Two types of 802.15.1 1 network topologies Piconet (See Figure 4-14) Scatternet (See Figure 4-15) 43

Wireless Attacks (continued) 44

Wireless Attacks (continued) 45

Wireless Attacks (continued) Bluesnarfing (continued) The unauthorized access of information from a wireless device through a Bluetooth connection Allows an attacker to access e-mails, calendars, contact lists, and cell phone pictures and videos By simply connecting to that t Bluetooth th device without t the owner s knowledge or permission Blue jacking Sending unsolicited messages from Bluetooth to Bluetooth-enabled devices 46

Other Attacks and Frauds Null sessions Unauthenticated connections to a Microsoft Windows 2000 or Windows NT computer that do not require a username or a password Could allow an attacker to connect to open a channel over which he could gather information about the device Pose a serious security threat to vulnerable computers and cannot be fixed by patches to the operating systems 47

Other Attacks and Frauds Check kiting (continued) A type of fraud that involves the unlawful use of checking accounts to gain additional time before the fraud is detected Domain Name Kiting Registrars are organizations that are approved by ICANN to sell and register Internet domain names A five-day Add Grade Period (AGP) permits registrars to delete any newly registered Internet domain names and receive a full refund of the registration fee 48

Other Attacks and Frauds (continued) Domain Name Kiting (continued) Unscrupulous registrars attempt to take advantage of the AGP by registering g thousands of Internet domain names and then deleting them Recently expired domain names are indexed by search engines Visitors are directed to a re-registered site Which is usually a single page Web with paid advertisement links Visitors who click on these links generate money for the registrar 49

Summary Network vulnerabilities include media-based vulnerabilities and vulnerabilities in network devices The same tools that network administrators use to monitor network traffic and troubleshoot network problems can also be used by attackers Network devices often contain weak passwords, default accounts, back doors, and vulnerabilities that permit privilege escalation Network attacks can be grouped into four categories 50

Summary (continued) Protocol-based attacks take advantage of vulnerabilities in network protocols Attacks on wireless systems have increased along with the popularity of wireless networks Other network attacks include null sessions, which are unauthenticated tcated connections ecto to a system using a legacy version of Microsoft windows Domain Name Kiting is fraud that involves the use of a grace period to delete newly registered domain names 51

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback