KEMBAR78
Ch04 Network Vulnerabilities and Attacks | PPT
IT
Uploaded byInformation Technology
PPT, PDF4,924 views

Ch04 Network Vulnerabilities and Attacks

Chapter 4 discusses various network vulnerabilities and attacks, highlighting incidents like the 'Titan Rain' cyberattacks and the DDoS attack on Estonia. It covers methods of attack, including password vulnerabilities, denial of service (DoS), spoofing, and DNS issues, along with techniques attackers use to exploit weaknesses in network protocols. Additionally, it addresses countermeasures, such as using strong passwords and updated DNS server software to mitigate risks.

EducationTechnology
In this document
Powered by AI

Introduction to network vulnerabilities and different types of attacks.

Key incidents like 'Titan Rain' and the 2007 Estonia attack highlighting the impact of cyberwar.

Aims to explain types of vulnerabilities and network attacks, and methods of attacks.

Techniques for monitoring traffic to identify issues, including port mirroring and network taps.

Details on methods like port mirroring, sniffers, and network taps for traffic examination.

Methods used by attackers to capture network traffic through vulnerabilities in network access.

Methods employed to redirect switched traffic potentially compromising network integrity.

The importance of strong, complex passwords and solutions like password manager software.

Identifies common traits of weak passwords and the risks associated with them.

Risks posed by default accounts and their potential as primary attack targets.

Case of ATM hacks using default passwords to exploit machine operations.

Description of unauthorized accounts allowing stealthy remote access to devices.

Concerns about foreign chips in military equipment potentially containing vulnerabilities.

Methods by which users can gain elevated access rights in a network.

Overview of DoS and DDoS attacks aimed at overwhelming network resources.

Reference to a real-world DDoS attack illustration integrating visual aids.

Techniques for conducting denial of service attacks over wireless networks.

Techniques where attackers impersonate trusted entities to divert actions.

Description of interception techniques where attackers can read or modify traffic.

Simple method of capturing and re-sending data such as passwords.

Presentation of captured passwords in a public display at the DEFCON conference.

How cookies can be exploited for unauthorized access to user accounts.

Vulnerabilities in older SNMP versions affecting network device management.

Risks associated with the DNS system and its inherent lack of security design.

Various methods of DNS poisoning, including local and cache poisoning.

Strategies and tools to handle DNS vulnerabilities, including DNSSEC.

The role of ARP in resolving IP addresses and associated spoofing risks.

Impact and outcomes from ARP attacks on network functionality.

Exploitation of weaknesses in TCP/IP protocols to hijack communication.

Risks from rogue access points facilitating direct network attacks.

Specific techniques like war driving and Bluetooth vulnerabilities in wireless security.

Concerns regarding null sessions on legacy Windows systems allowing data extraction.

Fraudulent practices related to domain name registrations affecting legitimate web traffic.

Downloaded 531 times
Chapter 4 Network Vulnerabilities and Attacks
Cyberwar and Cyberterrorism "Titan Rain" - Attacks on US gov't and military computers from China breached hundreds of systems in 2005 (link Ch 4a) In 2007, Estonia was attacked by Russian computers as a political statement Using DDoS (Distributed Denial of Service) with botnets (Ch 4b)
Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of network attacks
 
Media-Based Vulnerabilities Monitoring network traffic Helps to identify and troubleshoot network problems Monitoring traffic can be done in two ways Use a switch with port mirroring Copies all traffic to a designated monitoring port on the switch Install a network tap (test access point) A device that installed between two network devices, such as a switch, router, or firewall, to monitor traffic
Port Mirroring
Sniffer
Network Tap
Sniffing Attacks Just as network taps and protocol analyzers can be used for legitimate purposes They also can be used by attackers to intercept and view network traffic Attackers can access the wired network in the following ways: False ceilings Exposed wiring Unprotected RJ-45 jacks
Ways to Redirect Switched Traffic
Network Device Vulnerabilities Passwords Passwords should be long and complex Should be changed frequently Should not be written down But that is a difficult task Solution: Password Manager Software (link Ch 4d)
Characteristics of Weak Passwords A common word used as a password Not changing passwords unless forced to do so Passwords that are short Personal information in a password Using the same password for all accounts Writing the password down
Network Device Vulnerabilities Default account A user account on a device that is created automatically by the device instead of by an administrator Used to make the initial setup and installation of the device (often by outside personnel) easier Although default accounts are intended to be deleted after the installation is completed, often they are not Default accounts are often the first targets that attackers seek
ATM Passwords In 2008, these men used default passwords to reprogram ATM machines to hand out $20 bills like they were $1 bills Link Ch 4e
Network Device Vulnerabilities Back door An account that is secretly set up without the administrator’s knowledge or permission, that cannot be easily detected, and that allows for remote access to the device Back doors can be created: By a virus, worm, or Trojan horse By a programmer of the software on the device Built into the hardware chips
Hardware Trojans Military equipment contains chips from foreign countries Those chips can contain backdoors or kill switches Link Ch 4e
Network Device Vulnerabilities Privilege escalation Changing a limited user to an Administrator Link Ch 4g
 
Denial of Service (DoS) Attempts to consume network resources so that the network or its devices cannot respond to legitimate requests Example: SYN flood attack See Figure 4-4 Distributed denial of service (DDoS) attack A variant of the DoS May use hundreds or thousands of zombie computers in a botnet to flood a device with requests
 
Real DDoS Attack Link Ch 4i
Wireless DoS Requires a powerful transmitter
An Easier Wireless DoS
Spoofing Spoofing is impersonation Attacker pretends to be someone else Malicious actions would be attributed to another user Spoof the network address of a known and trusted host Spoof a wireless router to intercept traffic
Man-in-the-Middle Attack Passive --attacker reads traffic Active --attacker changes traffic Common on networks
Replay Attack Attacker captures data Resends the same data later A simple attack: capture passwords and save them
Wall of Sheep Captured passwords projected on the wall at DEFCON Link Ch 4j
Sidejacking Records cookies and replays them (link Ch 4k) This technique breaks into Gmail accounts Technical name: Cross Site Request Forgery Almost all social networking sites are vulnerable to this attack Facebook, MySpace, Yahoo, etc.
 
SNMP (Simple Network Management Protocol) Used to manage switches, routers, and other network devices Early versions did not encrypt passwords, and had other security flaws But the old versions are still commonly used
DNS (Domain Name System) DNS is used to resolve domain names like www.ccsf.edu to IP addresses like 147.144.1.254 DNS has many vulnerabilities It was never designed to be secure Where is www.ccsf.edu ? www.ccsf.edu is at 147.144.1.254
DNS Poisoning
Local DNS Poisoning Put false entries into the Hosts file C:\Windows\System32\Drivers\etc\hosts
DNS Cache Poisoning Attacker sends many spoofed DNS responses Target just accepts the first one it gets Where is www.ccsf.edu ? www.ccsf.edu is at 147.144.1.254 www.ccsf.edu is at 63.145.23.12
Sending Extra DNS Records
DNS Transfers Intended to let a new DNS server copy the records from an existing one Can be used by attackers to get a list of all the machines in a company, like a network diagram Usually blocked by modern DNS servers
Protection from DNS Attacks Antispyware software will warn you when the hosts file is modified Using updated versions of DNS server software prevents older DNS attacks against the server But many DNS flaws cannot be patched Eventually: Switch to DNSSEC (Domain Name System Security Extensions) But DNSSEC is not widely deployed yet, and it has its own problems Link Ch 4l
ARP (Address Resolution Protocol) ARP is used to convert IP addresses like 147.144.1.254 into MAC addresses like 00-30-48-82-11-34 Where is 147.144.1.254 ? 147.144.1.254 is at 00-30-48-82-11-34
ARP Cache Poisoning Attacker sends many spoofed ARP responses Target just accepts the first one it gets Where is 147.144.1.254 ? 147.144.1.254 is at 00-30-48-82-11-34 147.144.1.254 is at 00-00-00-4A-AB-07
Results of ARP Poisoning Attacks
TCP/IP Hijacking Takes advantage of a weakness in the TCP/IP protocol The TCP header contains of two 32-bit fields that are used as packet counters Sequence and Acknowledgement numbers Packets may arrive out of order Receiver uses the Sequence numbers to put the packets back in order
 
Wireless Attacks Rogue access points Employees often set up home wireless routers for convenience at work This allows attackers to bypass all of the network security and opens the entire network and all users to direct attacks An attacker who can access the network through a rogue access point is behind the company's firewall Can directly attack all devices on the network
 
Wireless Attacks (continued) War driving Beaconing At regular intervals, a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network Scanning Each wireless device looks for those beacon frames Unapproved wireless devices can likewise pick up the beaconing RF transmission Formally known as wireless location mapping
Wireless Attacks (continued) War driving (continued) War driving technically involves using an automobile to search for wireless signals over a large area Tools for conducting war driving: Mobile computing device Wireless NIC adapters Antennas Global positioning system receiver Software
Wireless Attacks (continued) Bluetooth A wireless technology that uses short-range RF transmissions Provides for rapid “on the fly” and ad hoc connections between devices Bluesnarfing Stealing data through a Bluetooth connection E-mails, calendars, contact lists, and cell phone pictures and videos, …
 
Null Sessions Connections to a Microsoft Windows 2000 or Windows NT computer with a blank username and password Attacker can collect a lot of data from a vulnerable system Cannot be fixed by patches to the operating systems Much less of a problem with modern Windows versions, Win XP SP2, Vista, or Windows 7
Domain Name Kiting Check kiting A type of fraud that involves the unlawful use of checking accounts to gain additional time before the fraud is detected Domain Name Kiting Registrars are organizations that are approved by ICANN to sell and register Internet domain names A five-day Add Grade Period (AGP) permits registrars to delete any newly registered Internet domain names and receive a full refund of the registration fee
Domain Name Kiting Unscrupulous registrars register thousands of Internet domain names and then delete them Recently expired domain names are indexed by search engines Visitors are directed to a re-registered site Which is usually a single page Web with paid advertisement links Visitors who click on these links generate money for the registrar

More Related Content

PPTX
Malware attack Social engineering attack
bytaufiq463421
 
PPTX
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
PPTX
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
PPT
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
PPTX
Different types of attacks in internet
byRohan Bharadwaj
 
PPTX
Password sniffing
bySRIMCA
 
PPTX
Network scanning
byoceanofwebs
 
PPTX
Spoofing Techniques
byRaza_Abidi
 
Malware attack Social engineering attack
bytaufiq463421
 
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
Different types of attacks in internet
byRohan Bharadwaj
 
Password sniffing
bySRIMCA
 
Network scanning
byoceanofwebs
 
Spoofing Techniques
byRaza_Abidi
 

What's hot

PPT
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
PDF
Advanced persistent threats(APT)
byNetwork Intelligence India
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PPTX
What is Cryptography and Types of attacks in it
bylavakumar Thatisetti
 
PDF
Network Security Fundamentals
byRahmat Suhatman
 
PPTX
Network security (vulnerabilities, threats, and attacks)
byFabiha Shahzad
 
PPTX
Database security
byMaryamAsghar9
 
PPTX
Mobile security in Cyber Security
byGeo Marian
 
PPTX
Database security
bySoftware Engineering
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PPTX
Web application security
byKapil Sharma
 
PPTX
Types of cyber attacks
bykrishh sivakrishna
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
PPTX
Security & protection in operating system
byAbou Bakr Ashraf
 
PPTX
Intrusion detection
byCAS
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PPTX
System security
bysommerville-videos
 
PDF
12 types of DDoS attacks
byHaltdos
 
PPT
Cyber security for an organization
byTejas Wasule
 
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
Advanced persistent threats(APT)
byNetwork Intelligence India
 
Advanced persistent threat (apt)
bymmubashirkhan
 
What is Cryptography and Types of attacks in it
bylavakumar Thatisetti
 
Network Security Fundamentals
byRahmat Suhatman
 
Network security (vulnerabilities, threats, and attacks)
byFabiha Shahzad
 
Database security
byMaryamAsghar9
 
Mobile security in Cyber Security
byGeo Marian
 
Database security
bySoftware Engineering
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
Web application security
byKapil Sharma
 
Types of cyber attacks
bykrishh sivakrishna
 
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
Security & protection in operating system
byAbou Bakr Ashraf
 
Intrusion detection
byCAS
 
Intrusion detection system ppt
bySheetal Verma
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
System security
bysommerville-videos
 
12 types of DDoS attacks
byHaltdos
 
Cyber security for an organization
byTejas Wasule
 

Viewers also liked

PPT
Microsoft Operating System Vulnerabilities
byInformation Technology
 
PPT
Ch03 Protecting Systems
byInformation Technology
 
PPT
Ch10 Conducting Audits
byInformation Technology
 
PPT
Ch09 Performing Vulnerability Assessments
byInformation Technology
 
PPT
Ch13 Business Continuity Planning and Procedures
byInformation Technology
 
PPT
Ch05 Network Defenses
byInformation Technology
 
PPT
Ch01 Introduction to Security
byInformation Technology
 
PPT
Ch14 Policies and Legislation
byInformation Technology
 
PPTX
Web303
byInformation Technology
 
PPT
Ch02 System Threats and Risks
byInformation Technology
 
PPT
Ch12 Cryptographic Protocols and Public Key Infrastructure
byInformation Technology
 
PPT
Ch08 Authentication
byInformation Technology
 
PPT
Ch11 Basic Cryptography
byInformation Technology
 
PPT
Ch06 Wireless Network Security
byInformation Technology
 
PPT
Web Hacking
byInformation Technology
 
PPT
Ch07 Access Control Fundamentals
byInformation Technology
 
PPTX
PACE-IT, Security+3.4: Summary of Wireless Attacks
byPace IT at Edmonds Community College
 
PDF
Cc code cards
byysolanki78
 
PDF
OSCON 2008: Porting to Python 3.0
byguest4d09
 
PPTX
Introduction to Graphics
byprimeteacher32
 
Microsoft Operating System Vulnerabilities
byInformation Technology
 
Ch03 Protecting Systems
byInformation Technology
 
Ch10 Conducting Audits
byInformation Technology
 
Ch09 Performing Vulnerability Assessments
byInformation Technology
 
Ch13 Business Continuity Planning and Procedures
byInformation Technology
 
Ch05 Network Defenses
byInformation Technology
 
Ch01 Introduction to Security
byInformation Technology
 
Ch14 Policies and Legislation
byInformation Technology
 
Web303
byInformation Technology
 
Ch02 System Threats and Risks
byInformation Technology
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
byInformation Technology
 
Ch08 Authentication
byInformation Technology
 
Ch11 Basic Cryptography
byInformation Technology
 
Ch06 Wireless Network Security
byInformation Technology
 
Web Hacking
byInformation Technology
 
Ch07 Access Control Fundamentals
byInformation Technology
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
byPace IT at Edmonds Community College
 
Cc code cards
byysolanki78
 
OSCON 2008: Porting to Python 3.0
byguest4d09
 
Introduction to Graphics
byprimeteacher32
 

Similar to Ch04 Network Vulnerabilities and Attacks

PPT
Hacking
bySUNY Oneonta
 
PPTX
Lec 2- Hardening and whitelisting of devices
byBilalMehmood44
 
PPT
Lec21 security
byVijay Kanth
 
PPTX
Attacks and Malicious Software - Information security
byMuhammadAli854909
 
PPT
Lec21 security
byNarayan Suthar
 
PPT
Lec21 security
bysureshfsp
 
PPT
Network security
byShaikh Muhammed
 
PPT
Network seurity
byNaqash Rasheed
 
PDF
Network Security & Attacks
byNetwax Lab
 
PPT
Network security
byMD. IFTEKARUL ALAM
 
PPT
Threats to network
byQ4Points.com
 
PPT
Introduction To Information Security
bybelsis
 
PPT
Network Security R U Secure???
bytrendy updates
 
PPTX
UNIT 5 (2).pptx
byjanani603976
 
PPT
Hacking Cisco
byguestd05b31
 
PPTX
NIS1ppt (1).pptxhgfchgfhgfhgfgjdgfdhgdhgfehft
bybalajihegade1648
 
PPT
Network security
by-jyothish kumar sirigidi
 
PPTX
Lesson 3 - Network Security.pptx
bycalf_ville86
 
PPT
EC3401 Networks security PRAVEEN KUMAR K
bypraveenme12
 
PPT
Network Security Attacks, and Solutions.
bygregtap1
 
Hacking
bySUNY Oneonta
 
Lec 2- Hardening and whitelisting of devices
byBilalMehmood44
 
Lec21 security
byVijay Kanth
 
Attacks and Malicious Software - Information security
byMuhammadAli854909
 
Lec21 security
byNarayan Suthar
 
Lec21 security
bysureshfsp
 
Network security
byShaikh Muhammed
 
Network seurity
byNaqash Rasheed
 
Network Security & Attacks
byNetwax Lab
 
Network security
byMD. IFTEKARUL ALAM
 
Threats to network
byQ4Points.com
 
Introduction To Information Security
bybelsis
 
Network Security R U Secure???
bytrendy updates
 
UNIT 5 (2).pptx
byjanani603976
 
Hacking Cisco
byguestd05b31
 
NIS1ppt (1).pptxhgfchgfhgfhgfgjdgfdhgdhgfehft
bybalajihegade1648
 
Network security
by-jyothish kumar sirigidi
 
Lesson 3 - Network Security.pptx
bycalf_ville86
 
EC3401 Networks security PRAVEEN KUMAR K
bypraveenme12
 
Network Security Attacks, and Solutions.
bygregtap1
 

More from Information Technology

PDF
Sql Server Security Best Practices
byInformation Technology
 
PPT
SAN
byInformation Technology
 
PPT
SAN Review
byInformation Technology
 
PPT
SQL 2005 Disk IO Performance
byInformation Technology
 
PPT
RAID Review
byInformation Technology
 
PPT
Review of SQL
byInformation Technology
 
PPT
Sql 2005 high availability
byInformation Technology
 
PPT
IIS 7: The Administrator’s Guide
byInformation Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part2
byInformation Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part1
byInformation Technology
 
PPT
Clustering and High Availability
byInformation Technology
 
PDF
F5 beyond load balancer (nov 2009)
byInformation Technology
 
PPT
WSS 3.0 & SharePoint 2007
byInformation Technology
 
PPT
SharePoint Topology
byInformation Technology
 
PDF
Sharepoint Deployments
byInformation Technology
 
PPT
Microsoft Clustering
byInformation Technology
 
PDF
Scalable Internet Servers and Load Balancing
byInformation Technology
 
PPT
Migration from ASP to ASP.NET
byInformation Technology
 
PPT
Internet Traffic Monitoring and Analysis
byInformation Technology
 
PPT
Windows network security
byInformation Technology
 
Sql Server Security Best Practices
byInformation Technology
 
SAN
byInformation Technology
 
SAN Review
byInformation Technology
 
SQL 2005 Disk IO Performance
byInformation Technology
 
RAID Review
byInformation Technology
 
Review of SQL
byInformation Technology
 
Sql 2005 high availability
byInformation Technology
 
IIS 7: The Administrator’s Guide
byInformation Technology
 
MOSS 2007 Deployment Fundamentals -Part2
byInformation Technology
 
MOSS 2007 Deployment Fundamentals -Part1
byInformation Technology
 
Clustering and High Availability
byInformation Technology
 
F5 beyond load balancer (nov 2009)
byInformation Technology
 
WSS 3.0 & SharePoint 2007
byInformation Technology
 
SharePoint Topology
byInformation Technology
 
Sharepoint Deployments
byInformation Technology
 
Microsoft Clustering
byInformation Technology
 
Scalable Internet Servers and Load Balancing
byInformation Technology
 
Migration from ASP to ASP.NET
byInformation Technology
 
Internet Traffic Monitoring and Analysis
byInformation Technology
 
Windows network security
byInformation Technology
 

Recently uploaded

PDF
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
PPTX
DBP - BITA Introduction Slides Oct 202526
byGreat Files
 
PDF
Umlando kaMufi. IsiZulu Ulimi Lwebele...
byNokwandaNzuza2
 
PPTX
Welcome to our Open Evening 2025 Ballinrobe CS
byjacollins1515
 
PPTX
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
DOCX
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
PPTX
THERAPEUTIC ENVIORNMENT.............pptx
byAneetaSharma15
 
PPTX
🧪“Blood Chemistry Tests in Pharmacy Practice: Clinical Laboratory Guide for P...
byBanny S.V
 
PDF
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
PPTX
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
PPTX
Basics for Conducting Bibliometric Analysis - Dr Ahsan Riaz
bySystematic Reviews Network (SRN)
 
PPTX
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
PPTX
How to Create a Manifest File in Odoo 18
byCeline George
 
PPTX
Capital Budgeting - Risk Analysis Using Payback Period Method
bySundar B N
 
PPTX
DO 34 s 2025 - ammendment of DO 24 s 2025.pptx
byJeanalynEstrellado3
 
PPTX
Classification and Applied Aspects of Joints.pptx
byMathew Joseph
 
PDF
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 
PDF
The purpose of Ethics and Values in a project context webinar, 14 October 202...
byAssociation for Project Management
 
PDF
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
DOCX
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
DBP - BITA Introduction Slides Oct 202526
byGreat Files
 
Umlando kaMufi. IsiZulu Ulimi Lwebele...
byNokwandaNzuza2
 
Welcome to our Open Evening 2025 Ballinrobe CS
byjacollins1515
 
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
THERAPEUTIC ENVIORNMENT.............pptx
byAneetaSharma15
 
🧪“Blood Chemistry Tests in Pharmacy Practice: Clinical Laboratory Guide for P...
byBanny S.V
 
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
Basics for Conducting Bibliometric Analysis - Dr Ahsan Riaz
bySystematic Reviews Network (SRN)
 
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
How to Create a Manifest File in Odoo 18
byCeline George
 
Capital Budgeting - Risk Analysis Using Payback Period Method
bySundar B N
 
DO 34 s 2025 - ammendment of DO 24 s 2025.pptx
byJeanalynEstrellado3
 
Classification and Applied Aspects of Joints.pptx
byMathew Joseph
 
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 
The purpose of Ethics and Values in a project context webinar, 14 October 202...
byAssociation for Project Management
 
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 

Ch04 Network Vulnerabilities and Attacks

  • 1.
    Chapter 4 NetworkVulnerabilities and Attacks
  • 2.
    Cyberwar and Cyberterrorism"Titan Rain" - Attacks on US gov't and military computers from China breached hundreds of systems in 2005 (link Ch 4a) In 2007, Estonia was attacked by Russian computers as a political statement Using DDoS (Distributed Denial of Service) with botnets (Ch 4b)
  • 3.
    Objectives Explain thetypes of network vulnerabilities List categories of network attacks Define different methods of network attacks
  • 4.
  • 5.
    Media-Based Vulnerabilities Monitoringnetwork traffic Helps to identify and troubleshoot network problems Monitoring traffic can be done in two ways Use a switch with port mirroring Copies all traffic to a designated monitoring port on the switch Install a network tap (test access point) A device that installed between two network devices, such as a switch, router, or firewall, to monitor traffic
  • 6.
  • 7.
  • 8.
  • 9.
    Sniffing Attacks Justas network taps and protocol analyzers can be used for legitimate purposes They also can be used by attackers to intercept and view network traffic Attackers can access the wired network in the following ways: False ceilings Exposed wiring Unprotected RJ-45 jacks
  • 10.
    Ways to RedirectSwitched Traffic
  • 11.
    Network Device VulnerabilitiesPasswords Passwords should be long and complex Should be changed frequently Should not be written down But that is a difficult task Solution: Password Manager Software (link Ch 4d)
  • 12.
    Characteristics of WeakPasswords A common word used as a password Not changing passwords unless forced to do so Passwords that are short Personal information in a password Using the same password for all accounts Writing the password down
  • 13.
    Network Device VulnerabilitiesDefault account A user account on a device that is created automatically by the device instead of by an administrator Used to make the initial setup and installation of the device (often by outside personnel) easier Although default accounts are intended to be deleted after the installation is completed, often they are not Default accounts are often the first targets that attackers seek
  • 14.
    ATM Passwords In2008, these men used default passwords to reprogram ATM machines to hand out $20 bills like they were $1 bills Link Ch 4e
  • 15.
    Network Device VulnerabilitiesBack door An account that is secretly set up without the administrator’s knowledge or permission, that cannot be easily detected, and that allows for remote access to the device Back doors can be created: By a virus, worm, or Trojan horse By a programmer of the software on the device Built into the hardware chips
  • 16.
    Hardware Trojans Militaryequipment contains chips from foreign countries Those chips can contain backdoors or kill switches Link Ch 4e
  • 17.
    Network Device VulnerabilitiesPrivilege escalation Changing a limited user to an Administrator Link Ch 4g
  • 18.
  • 19.
    Denial of Service(DoS) Attempts to consume network resources so that the network or its devices cannot respond to legitimate requests Example: SYN flood attack See Figure 4-4 Distributed denial of service (DDoS) attack A variant of the DoS May use hundreds or thousands of zombie computers in a botnet to flood a device with requests
  • 20.
  • 21.
    Real DDoS AttackLink Ch 4i
  • 22.
    Wireless DoS Requiresa powerful transmitter
  • 23.
  • 24.
    Spoofing Spoofing is impersonation Attacker pretends to be someone else Malicious actions would be attributed to another user Spoof the network address of a known and trusted host Spoof a wireless router to intercept traffic
  • 25.
    Man-in-the-Middle Attack Passive--attacker reads traffic Active --attacker changes traffic Common on networks
  • 26.
    Replay Attack Attackercaptures data Resends the same data later A simple attack: capture passwords and save them
  • 27.
    Wall of SheepCaptured passwords projected on the wall at DEFCON Link Ch 4j
  • 28.
    Sidejacking Records cookiesand replays them (link Ch 4k) This technique breaks into Gmail accounts Technical name: Cross Site Request Forgery Almost all social networking sites are vulnerable to this attack Facebook, MySpace, Yahoo, etc.
  • 29.
  • 30.
    SNMP (Simple NetworkManagement Protocol) Used to manage switches, routers, and other network devices Early versions did not encrypt passwords, and had other security flaws But the old versions are still commonly used
  • 31.
    DNS (Domain NameSystem) DNS is used to resolve domain names like www.ccsf.edu to IP addresses like 147.144.1.254 DNS has many vulnerabilities It was never designed to be secure Where is www.ccsf.edu ? www.ccsf.edu is at 147.144.1.254
  • 32.
  • 33.
    Local DNS PoisoningPut false entries into the Hosts file C:\Windows\System32\Drivers\etc\hosts
  • 34.
    DNS Cache PoisoningAttacker sends many spoofed DNS responses Target just accepts the first one it gets Where is www.ccsf.edu ? www.ccsf.edu is at 147.144.1.254 www.ccsf.edu is at 63.145.23.12
  • 35.
  • 36.
    DNS Transfers Intendedto let a new DNS server copy the records from an existing one Can be used by attackers to get a list of all the machines in a company, like a network diagram Usually blocked by modern DNS servers
  • 37.
    Protection from DNSAttacks Antispyware software will warn you when the hosts file is modified Using updated versions of DNS server software prevents older DNS attacks against the server But many DNS flaws cannot be patched Eventually: Switch to DNSSEC (Domain Name System Security Extensions) But DNSSEC is not widely deployed yet, and it has its own problems Link Ch 4l
  • 38.
    ARP (Address ResolutionProtocol) ARP is used to convert IP addresses like 147.144.1.254 into MAC addresses like 00-30-48-82-11-34 Where is 147.144.1.254 ? 147.144.1.254 is at 00-30-48-82-11-34
  • 39.
    ARP Cache PoisoningAttacker sends many spoofed ARP responses Target just accepts the first one it gets Where is 147.144.1.254 ? 147.144.1.254 is at 00-30-48-82-11-34 147.144.1.254 is at 00-00-00-4A-AB-07
  • 40.
    Results of ARPPoisoning Attacks
  • 41.
    TCP/IP Hijacking Takesadvantage of a weakness in the TCP/IP protocol The TCP header contains of two 32-bit fields that are used as packet counters Sequence and Acknowledgement numbers Packets may arrive out of order Receiver uses the Sequence numbers to put the packets back in order
  • 42.
  • 43.
    Wireless Attacks Rogueaccess points Employees often set up home wireless routers for convenience at work This allows attackers to bypass all of the network security and opens the entire network and all users to direct attacks An attacker who can access the network through a rogue access point is behind the company's firewall Can directly attack all devices on the network
  • 44.
  • 45.
    Wireless Attacks (continued)War driving Beaconing At regular intervals, a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network Scanning Each wireless device looks for those beacon frames Unapproved wireless devices can likewise pick up the beaconing RF transmission Formally known as wireless location mapping
  • 46.
    Wireless Attacks (continued)War driving (continued) War driving technically involves using an automobile to search for wireless signals over a large area Tools for conducting war driving: Mobile computing device Wireless NIC adapters Antennas Global positioning system receiver Software
  • 47.
    Wireless Attacks (continued)Bluetooth A wireless technology that uses short-range RF transmissions Provides for rapid “on the fly” and ad hoc connections between devices Bluesnarfing Stealing data through a Bluetooth connection E-mails, calendars, contact lists, and cell phone pictures and videos, …
  • 48.
  • 49.
    Null Sessions Connectionsto a Microsoft Windows 2000 or Windows NT computer with a blank username and password Attacker can collect a lot of data from a vulnerable system Cannot be fixed by patches to the operating systems Much less of a problem with modern Windows versions, Win XP SP2, Vista, or Windows 7
  • 50.
    Domain Name KitingCheck kiting A type of fraud that involves the unlawful use of checking accounts to gain additional time before the fraud is detected Domain Name Kiting Registrars are organizations that are approved by ICANN to sell and register Internet domain names A five-day Add Grade Period (AGP) permits registrars to delete any newly registered Internet domain names and receive a full refund of the registration fee
  • 51.
    Domain Name KitingUnscrupulous registrars register thousands of Internet domain names and then delete them Recently expired domain names are indexed by search engines Visitors are directed to a re-registered site Which is usually a single page Web with paid advertisement links Visitors who click on these links generate money for the registrar