ch04_network-vulnerabilities-and-attacks.pdf
abacusgtuc
7 views
51 slides
Aug 01, 2024
Slide 1 of 51
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
About This Presentation
Network Vulnerability
Slide Content
Security+ Guide to Network
Security Fundamentals, Third
Edition
Chapter 4
Network Vulnerabilities and Attacks
Security Fundamentals, Third
Edition
Chapter 4
Network Vulnerabilities and Attacks
Objectives
• Explain the types of network vulnerabilities
• List categories of network attacks
• Define different methods of network attacks
Security+ Guide to Network Security Fundamentals, Third Edition 2
• Explain the types of network vulnerabilities
• List categories of network attacks
• Define different methods of network attacks
Security+ Guide to Network Security Fundamentals, Third Edition 2
Network Vulnerabilities
• There are two broad categories of network
vulnerabilities:
– Those based on the network transport media
– Those found in the network devices themselves
Security+ Guide to Network Security Fundamentals, Third Edition 3
• There are two broad categories of network
vulnerabilities:
– Those based on the network transport media
– Those found in the network devices themselves
Security+ Guide to Network Security Fundamentals, Third Edition 3
Media-Based Vulnerabilities
• Monitoring network traffic
– Helps to identify and troubleshoot network problems – Monitoring traffic can be done in two ways SUse a switch with port mirroring
Security+ Guide to Network Security Fundamentals, Third Edition
• To redirect traffic that occurs on some or all por ts to a
designated monitoring port on the switch
SInstall a network tap (test access point)
• A separate device that can be installed between tw o
network devices, such as a switch,
router, or firewall, to
monitor traffic
4
• Monitoring network traffic
– Helps to identify and troubleshoot network problems – Monitoring traffic can be done in two ways SUse a switch with port mirroring
Security+ Guide to Network Security Fundamentals, Third Edition
• To redirect traffic that occurs on some or all por ts to a
designated monitoring port on the switch
SInstall a network tap (test access point)
• A separate device that can be installed between tw o
network devices, such as a switch,
router, or firewall, to
monitor traffic
4
Security+ Guide to Network Security Fundamentals, Third Edition 5
Security+ Guide to Network Security Fundamentals, Third Edition 6
Media-Based Vulnerabilities
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition 7
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition 7
Media-Based Vulnerabilities
(continued)
• Just as network taps and protocol analyzers can be
used for legitimate purposes
– They also can be used by attackers to intercept and
view network traffic
•
Attackers can access the wired network in the
Security+ Guide to Network Security Fundamentals, Third Edition •
Attackers can access the wired network in the following ways:
– False ceilings
– Exposed wiring
– Unprotected RJ-45 jacks
8
(continued)
• Just as network taps and protocol analyzers can be
used for legitimate purposes
– They also can be used by attackers to intercept and
view network traffic
•
Attackers can access the wired network in the
Security+ Guide to Network Security Fundamentals, Third Edition •
Attackers can access the wired network in the following ways:
– False ceilings
– Exposed wiring
– Unprotected RJ-45 jacks
8
9
10
Media-Based Vulnerabilities
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition 11
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition 11
Network Device Vulnerabilities
•Weak passwords
– A passwordis a secret combination of letters and
numbers that serves to authenticate (validate) a user
by what he knows
–
Password paradox
Security+ Guide to Network Security Fundamentals, Third Edition
–
Password paradox
• Lengthy and complex passwords should be used and
never written down
• It is very difficult to memorize these types of pa sswords
– Passwords can be set to expire after a set period of
time, and a new one must be created
12
•Weak passwords
– A passwordis a secret combination of letters and
numbers that serves to authenticate (validate) a user
by what he knows
–
Password paradox
Security+ Guide to Network Security Fundamentals, Third Edition
–
Password paradox
• Lengthy and complex passwords should be used and
never written down
• It is very difficult to memorize these types of pa sswords
– Passwords can be set to expire after a set period of
time, and a new one must be created
12
Network Device Vulnerabilities
(continued)
• Characteristics of weak passwords
– A common word used as a password
– Not changing passwords unless forced to do so
– Passwords that are short
Security+ Guide to Network Security Fundamentals, Third Edition
– Personal information in a password
– Using the same password for all accounts
– Writing the password down
13
(continued)
• Characteristics of weak passwords
– A common word used as a password
– Not changing passwords unless forced to do so
– Passwords that are short
Security+ Guide to Network Security Fundamentals, Third Edition
– Personal information in a password
– Using the same password for all accounts
– Writing the password down
13
Network Device Vulnerabilities
(continued)
•Default account
– A user account on a device that is created
automatically by the device instead of by an
administrator
–
Used to make the initial setup and installation of the
Security+ Guide to Network Security Fundamentals, Third Edition
–
Used to make the initial setup and installation of the device (often by outside personnel) easier
• Although default accounts are intended to be deleted
after the installation is completed, often they are not
• Default accounts are often the first targets that attacke rs
seek
14
(continued)
•Default account
– A user account on a device that is created
automatically by the device instead of by an
administrator
–
Used to make the initial setup and installation of the
Security+ Guide to Network Security Fundamentals, Third Edition
–
Used to make the initial setup and installation of the device (often by outside personnel) easier
• Although default accounts are intended to be deleted
after the installation is completed, often they are not
• Default accounts are often the first targets that attacke rs
seek
14
Network Device Vulnerabilities
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition 15
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition 15
Network Device Vulnerabilities
(continued)
•Back door
– An account that is secretly set up without the
administrator’s knowledge or permission, that cannot
be easily detected, and that allows for remote access
to the device
Security+ Guide to Network Security Fundamentals, Third Edition
to the device
– Back doors can be created on a network device in two
ways
• The network device can be infected by an attacker using a
virus, worm, or Trojan horse
• A programmer of the software creates a back door on the
device
16
(continued)
•Back door
– An account that is secretly set up without the
administrator’s knowledge or permission, that cannot
be easily detected, and that allows for remote access
to the device
Security+ Guide to Network Security Fundamentals, Third Edition
to the device
– Back doors can be created on a network device in two
ways
• The network device can be infected by an attacker using a
virus, worm, or Trojan horse
• A programmer of the software creates a back door on the
device
16
Network Device Vulnerabilities
(continued)
•Privilege escalation
– It is possible to exploit a vulnerability in the networ k
device’s software to gain access to resources that the
user would normally be restricted from obtaining
Security+ Guide to Network Security Fundamentals, Third Edition 17
(continued)
•Privilege escalation
– It is possible to exploit a vulnerability in the networ k
device’s software to gain access to resources that the
user would normally be restricted from obtaining
Security+ Guide to Network Security Fundamentals, Third Edition 17
Categories of Attacks
• Attacks categories
– Denial of service
– Spoofing
–
Man
-
in
-
the
-
middle
Security+ Guide to Network Security Fundamentals, Third Edition
–
Man
-
in
-
the
-
middle
– Replay attacks
18
• Attacks categories
– Denial of service
– Spoofing
–
Man
-
in
-
the
-
middle
Security+ Guide to Network Security Fundamentals, Third Edition
–
Man
-
in
-
the
-
middle
– Replay attacks
18
Denial of Service (DoS)
•Denial of service (DoS)attack
– Attempts to consume network resources so that the
network or its devices cannot respond to legitimate
requests
Security+ Guide to Network Security Fundamentals, Third Edition
– DoS attack type:
• SYN flood attack
• Distributed Denial of service (DDoS)
• Wireless Dos attack
19
•Denial of service (DoS)attack
– Attempts to consume network resources so that the
network or its devices cannot respond to legitimate
requests
Security+ Guide to Network Security Fundamentals, Third Edition
– DoS attack type:
• SYN flood attack
• Distributed Denial of service (DDoS)
• Wireless Dos attack
19
Denial of Service (DoS) (continued)
•SYN flood attack
Ref: http://en.wikipedia.org/wiki/SYN_flood20
20
http://
Normal Operation
Of three way handshake
SYN Flood
•SYN flood attack
Ref: http://en.wikipedia.org/wiki/SYN_flood20
20
http://
Normal Operation
Of three way handshake
SYN Flood
Denial of Service (DoS) (continued)
•Distributed denial of service (DDoS)attack
– A variant of the DoS
– May use hundreds or thousands of zombie
computers in a botnet to flood a device with requests
Security+ Guide to Network Security Fundamentals, Third Edition 21
•Distributed denial of service (DDoS)attack
– A variant of the DoS
– May use hundreds or thousands of zombie
computers in a botnet to flood a device with requests
Security+ Guide to Network Security Fundamentals, Third Edition 21
Security+ Guide to Network Security Fundamentals, Third Edition 22
DDoS attack
DDoS attack
Denial of Service (DoS) (continued)
•Wireless Dos attack
-Flooding the RF spectrum attack
-Attack takes advantage of CSMA/CA procedure
-Attack uses disassociation frames
Security+ Guide to Network Security Fundamentals, Third Edition 23
•Wireless Dos attack
-Flooding the RF spectrum attack
-Attack takes advantage of CSMA/CA procedure
-Attack uses disassociation frames
Security+ Guide to Network Security Fundamentals, Third Edition 23
Denial of Service (DoS) (continued)
•Flooding the RF spectrum attack
Security+ Guide to Network Security Fundamentals, Third Edition 24
•Flooding the RF spectrum attack
Security+ Guide to Network Security Fundamentals, Third Edition 24
Security+ Guide to Network Security Fundamentals, Third Edition 25
Denial of Service (DoS) (continued)
•Attack uses disassociation frames
Security+ Guide to Network Security Fundamentals, Third Edition 26
•Attack uses disassociation frames
Security+ Guide to Network Security Fundamentals, Third Edition 26
Spoofing
•Spoofing
is impersonation
– Pretends to be someone or something else by
presenting false information
• Variety of different attacks use spoofing
–
Attacker may spoof her address so that her maliciou s actions
Security+ Guide to Network Security Fundamentals, Third Edition
–
Attacker may spoof her address so that her maliciou s actions would be attributed to a valid user
– Attacker may spoof his network address with an address of a
known and trusted host
– A fictitious login screen may allow an attacker to capture valid
user credentials
– Attacker can set up his AP device and trick all wi reless devices
to communicate with the imposter device
27
•Spoofing
is impersonation
– Pretends to be someone or something else by
presenting false information
• Variety of different attacks use spoofing
–
Attacker may spoof her address so that her maliciou s actions
Security+ Guide to Network Security Fundamentals, Third Edition
–
Attacker may spoof her address so that her maliciou s actions would be attributed to a valid user
– Attacker may spoof his network address with an address of a
known and trusted host
– A fictitious login screen may allow an attacker to capture valid
user credentials
– Attacker can set up his AP device and trick all wi reless devices
to communicate with the imposter device
27
Ref: Security+ Guide to Network Security Fundamentals, Second Edition 28
Man-in-the-Middle
•Man-in-the-middleattack
– Intercepts legitimate communication and forges a
fictitious response to the sender
– Common on networks
–
Can be active or passive
Security+ Guide to Network Security Fundamentals, Third Edition
–
Can be active or passive
• Active attacks intercept and alter the contents be fore
they are sent on to the recipient
29
•Man-in-the-middleattack
– Intercepts legitimate communication and forges a
fictitious response to the sender
– Common on networks
–
Can be active or passive
Security+ Guide to Network Security Fundamentals, Third Edition
–
Can be active or passive
• Active attacks intercept and alter the contents be fore
they are sent on to the recipient
29
Man-in-the-Middle (continued)
Security+ Guide to Network Security Fundamentals, Third Edition 30
Security+ Guide to Network Security Fundamentals, Third Edition 30
Replay
•Replayattack
– Similar to a passive man-in-the-middle attack
– Captured data is used at a later time •
A simple replay would involve the man
-
in
-
the
-
middle
•
A simple replay would involve the man
-
in
-
the
-
middle
capturing login credentials between the computer and
the server
• A more sophisticated attack takes advantage of the
communications between a device and a server
– Administrative messages that contain specific
network requests are frequently sent between a
network device and a server
Security+ Guide to Network Security Fundamentals31
•Replayattack
– Similar to a passive man-in-the-middle attack
– Captured data is used at a later time •
A simple replay would involve the man
-
in
-
the
-
middle
•
A simple replay would involve the man
-
in
-
the
-
middle
capturing login credentials between the computer and
the server
• A more sophisticated attack takes advantage of the
communications between a device and a server
– Administrative messages that contain specific
network requests are frequently sent between a
network device and a server
Security+ Guide to Network Security Fundamentals31
Replay (continued)
Sender Attacker File server 1. Sends message 2. Intercepts message
3. Sends message to create
link with the file server
Creates link with
attacker
4. Alters message and sends
to the file server
Reject altered
message
5. Alters message correctly
and send to file server
Accepted correctly
altered message
Security+ Guide to Network Security Fundamentals, Second Edition 32
Sender Attacker File server 1. Sends message 2. Intercepts message
3. Sends message to create
link with the file server
Creates link with
attacker
4. Alters message and sends
to the file server
Reject altered
message
5. Alters message correctly
and send to file server
Accepted correctly
altered message
Security+ Guide to Network Security Fundamentals, Second Edition 32
Methods of Network Attacks
• Network attack methods can be:
-Protocol-based
• Antiquated protcols
• DNS attacks
• ARP poisoning
• TCP/IP hijacking
-Wireless
will not be covered
-As well as other methods
will not be covered
Security+ Guide to Network Security Fundamentals, Third Edition 33
• Network attack methods can be:
-Protocol-based
• Antiquated protcols
• DNS attacks
• ARP poisoning
• TCP/IP hijacking
-Wireless
will not be covered
-As well as other methods
will not be covered
Security+ Guide to Network Security Fundamentals, Third Edition 33
Protocol-Based Attacks
•Antiquated protocols
– TCP/IP protocols have been updated often to
address security vulnerabilities
– SNMP is example of updated protocol
Security+ Guide to Network Security Fundamentals, Third Edition 34
•Antiquated protocols
– TCP/IP protocols have been updated often to
address security vulnerabilities
– SNMP is example of updated protocol
Security+ Guide to Network Security Fundamentals, Third Edition 34
Protocol-Based Attacks (continued)
•SNMP
– Used for exchanging management information between
networked devices
– And enables system admin to remotely monitor, manage
and configure network devices. and configure network devices.
– Each SNMP managed device must have an agent that is
protected with the community string.
• The use of community strings in the first two vers ions
of SNMP, SNMPv1 and SNMPv2, created several
vulnerabilities
• SNMPv3 uses encryption to protect the community
strings
Security+ Guide to Network Security Fundamentals, Third Edition 35
•SNMP
– Used for exchanging management information between
networked devices
– And enables system admin to remotely monitor, manage
and configure network devices. and configure network devices.
– Each SNMP managed device must have an agent that is
protected with the community string.
• The use of community strings in the first two vers ions
of SNMP, SNMPv1 and SNMPv2, created several
vulnerabilities
• SNMPv3 uses encryption to protect the community
strings
Security+ Guide to Network Security Fundamentals, Third Edition 35
Protocol-Based Attacks (continued)
•DNS attacks
–Domain Name System (DNS)is the basis for name
resolution to IP addresses today
–
It includes DNS poisoning and DNS transfers attacks.
Security+ Guide to Network Security Fundamentals, Third Edition
–
It includes DNS poisoning and DNS transfers attacks.
• DNS poisoning – Substitute a fraudulent IP address so that when a
user enters a symbolic name, she is directed to the
fraudulent computer site
36
•DNS attacks
–Domain Name System (DNS)is the basis for name
resolution to IP addresses today
–
It includes DNS poisoning and DNS transfers attacks.
Security+ Guide to Network Security Fundamentals, Third Edition
–
It includes DNS poisoning and DNS transfers attacks.
• DNS poisoning – Substitute a fraudulent IP address so that when a
user enters a symbolic name, she is directed to the
fraudulent computer site
36
Protocol-Based Attacks (continued)
Security+ Guide to Network Security Fundamentals, Third Edition 37
Security+ Guide to Network Security Fundamentals, Third Edition 37
Protocol-Based Attacks (continued)
•DNS poisoning (continued)
– Substituting a fraudulent IP address can be done in
one of two different locations
•
TCP/IP host table name system (See Figure
4
-
10
)
Security+ Guide to Network Security Fundamentals, Third Edition
•
TCP/IP host table name system (See Figure
4
-
10
)
• External DNS server
–Attack is called DNS poisoning (also called DNS
spoofing)
–See Figure 4-11
– DNS poisoning can be prevented by using the latest
editions of the DNS software, BIND (Berkeley
Internet Name Domain)
38
•DNS poisoning (continued)
– Substituting a fraudulent IP address can be done in
one of two different locations
•
TCP/IP host table name system (See Figure
4
-
10
)
Security+ Guide to Network Security Fundamentals, Third Edition
•
TCP/IP host table name system (See Figure
4
-
10
)
• External DNS server
–Attack is called DNS poisoning (also called DNS
spoofing)
–See Figure 4-11
– DNS poisoning can be prevented by using the latest
editions of the DNS software, BIND (Berkeley
Internet Name Domain)
38
Security+ Guide to Network Security Fundamentals, Third Edition 39
Security+ Guide to Network Security Fundamentals, Third Edition 40
Protocol-Based Attacks (continued)
•DNS transfers
– Almost the reverse of DNS poisoning
– Attacker asks the valid DNS server for a zone
transfer, known as a DNS transfer
Security+ Guide to Network Security Fundamentals, Third Edition
transfer, known as a DNS transfer
– Possible for the attacker to map the entire internal
network of the organization supporting the DNS
server
41
•DNS transfers
– Almost the reverse of DNS poisoning
– Attacker asks the valid DNS server for a zone
transfer, known as a DNS transfer
Security+ Guide to Network Security Fundamentals, Third Edition
transfer, known as a DNS transfer
– Possible for the attacker to map the entire internal
network of the organization supporting the DNS
server
41
Protocol-Based Attacks (continued)
•ARP poisoning
–Address Resolution Protocol (ARP)
• Used by TCP/IP on an Ethernet network to find the
MAC address of another device
Security+ Guide to Network Security Fundamentals, Third Edition
MAC address of another device
• The IP address and the corresponding MAC address
are stored in an ARP cache for future reference
– An attacker could alter the MAC address in the ARP
cache so that the corresponding IP address would
point to a different computer
42
•ARP poisoning
–Address Resolution Protocol (ARP)
• Used by TCP/IP on an Ethernet network to find the
MAC address of another device
Security+ Guide to Network Security Fundamentals, Third Edition
MAC address of another device
• The IP address and the corresponding MAC address
are stored in an ARP cache for future reference
– An attacker could alter the MAC address in the ARP
cache so that the corresponding IP address would
point to a different computer
42
Protocol-Based Attacks (continued)
Security+ Guide to Network Security Fundamentals, Third Edition 43
Security+ Guide to Network Security Fundamentals, Third Edition 43
Protocol-Based Attacks (continued)
•TCP/IP hijacking
– Takes advantage of a weakness in the TCP/IP
protocol
–
The TCP header consists of two
32
-
bit fields that are
Security+ Guide to Network Security Fundamentals, Third Edition
–
The TCP header consists of two
32
-
bit fields that are
used as packet counters
• Updated as packets are sent and received between
devices
– Packets may arrive out of order
• Receiving device will drop any packets with lower
sequence numbers
44
•TCP/IP hijacking
– Takes advantage of a weakness in the TCP/IP
protocol
–
The TCP header consists of two
32
-
bit fields that are
Security+ Guide to Network Security Fundamentals, Third Edition
–
The TCP header consists of two
32
-
bit fields that are
used as packet counters
• Updated as packets are sent and received between
devices
– Packets may arrive out of order
• Receiving device will drop any packets with lower
sequence numbers
44
Protocol-Based Attacks (continued)
•TCP/IP hijacking(continued)
– If both sender and receiver have incorrect sequence
numbers, the connection will “hang”
–
In a TCP/IP hijacking attack, the attacker creates
Security+ Guide to Network Security Fundamentals, Third Edition
–
In a TCP/IP hijacking attack, the attacker creates fictitious (“spoofed”) TCP packets to take advantage
of the weaknesses
45
•TCP/IP hijacking(continued)
– If both sender and receiver have incorrect sequence
numbers, the connection will “hang”
–
In a TCP/IP hijacking attack, the attacker creates
Security+ Guide to Network Security Fundamentals, Third Edition
–
In a TCP/IP hijacking attack, the attacker creates fictitious (“spoofed”) TCP packets to take advantage
of the weaknesses
45
Security+ Guide to Network Security Fundamentals, Third Edition 46
Security+ Guide to Network Security Fundamentals, Third Edition 47
Security+ Guide to Network Security Fundamentals, Third Edition 48
Security+ Guide to Network Security Fundamentals, Third Edition 49
Summary
• Network vulnerabilities include media-based
vulnerabilities and vulnerabilities in network
devices
• The same tools that network administrators use to
monitor network traffic and troubleshoot network monitor network traffic and troubleshoot network problems can also be used by attackers
• Network devices often contain weak passwords,
default accounts, back doors, and vulnerabilities
that permit privilege escalation
Security+ Guide to Network Security Fundamentals, Third Edition 50
• Network vulnerabilities include media-based
vulnerabilities and vulnerabilities in network
devices
• The same tools that network administrators use to
monitor network traffic and troubleshoot network monitor network traffic and troubleshoot network problems can also be used by attackers
• Network devices often contain weak passwords,
default accounts, back doors, and vulnerabilities
that permit privilege escalation
Security+ Guide to Network Security Fundamentals, Third Edition 50
Summary (continued)
• Network attacks can be grouped into four
categories
• Protocol-based attacks take advantage of
vulnerabilities in network protocols
Security+ Guide to Network Security Fundamentals, Third Edition 51
• Network attacks can be grouped into four
categories
• Protocol-based attacks take advantage of
vulnerabilities in network protocols
Security+ Guide to Network Security Fundamentals, Third Edition 51
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 51
- Age 489 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views