• Click to edit Master subtitle style

Chapter 14: Network Threats and MitigationInstructor:

Chapter 14 Objectives

• The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter:

5.4 Explain common threats, vulnerabilities, and mitigation techniques.

• Wireless:– War driving– War chalking– WEP cracking– WPA cracking– Evil twin– Rogue access point

2

Chapter 14 Objectives(Cont)

• Attacks:– DoS– DDoS– Man in the middle– Social engineering– Virus– Worms– Buffer overflow– Packet sniffing– FTP bounce– Smurf

• Mitigation techniques:– Training and awareness– Patch management– Policies and procedures– Incident response

3

Recognizing Security Threats

4

• Viruses are common threats that we hear about all the time, but, there are many other nasty things out there as well.

• Bad guys who create threats to a network generally have one of two purposes in mind:

– destruction – reconnaissance

Denial of Service (DoS)

5

• DoS attacks come in a variety of flavors.

• The Ping of Death

– In a Ping of Death attack, a oversized ICMP packet is sent to the remote victim flooding the victim’s buffer and causing the system to reboot or hang helplessly.

A denial of service (DoS) attack prevents users from accessing the network and/or its resources.

Denial of Service (DoS)

6

• Smurf

– The attacker spoofs the intended victim’s IP address and then sends a large number of pings to IP broadcasts.

– The receiving router responds by delivering the broadcast to all hosts on the network, and all the hosts on the network respond to the victim with an IP echo reply all of them at the same time.

Denial of Service (DoS)

7

• SYN Flood– In the SYN flood, the attacker send a SYN, the victim sends back

a SYN/ACK, and the attacker leaves the victim waiting for the final ACK. While the server is waiting for the response, a small part of memory is reserved for it. As the SYNs continue to arrive, memory is gradually consumed. Any further incoming connections to the victimized device will be rejected.

Distributed Denial of Service (DDoS)

8

• Tribe Flood Network (TFN) Tribe Flood Network 2000 (TFN2K)

– More complex assaults which initiate synchronized DoS attacks from multiple sources and can target multiple devices.

– Uses Zombies to carry out the attack

– Called distributed denial of service (DDos) attacks.

– Make use of IP spoofing.

Viruses

9

• Viruses typically have catchy names like Chernobyl, Michelangelo, Melissa, I Love You, and Love Bug

• Receive a lot of media coverage as they proliferate and cause damage to a large number of people.

• Viruses are little programs causing a variety of bad things to happen on your computer ranging from merely annoying to totally devastating.

• They can display a message, delete files, or even send out huge amounts of meaningless data over a network to block legitimate messages.

Viruses

10

• A key trait of viruses is that they can’t replicate themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them.

• There are several different kinds of viruses, but the most popular ones are file viruses, macro (data file) viruses, and boot-sector viruses.

Viruses

11

• Multipartite Viruses

– A multipartite virus is one that affects both the boot sector and files on your computer, making such a virus particularly dangerous and exasperatingly difficult to remove.

Wireless Threats

12

• War Driving• War Driving• WEP Cracking• WPA Cracking• Rogue Access Points• Evil Twin

Attackers and Their Tools

13

• IP Spoofing- – process of sending packets with a fake source address

• Application-Layer Attacks– Application-layer attacks focus on well-known holes in

software that’s running on our servers.

• Active-X Attacks– Attacks your computer through ActiveX and Java programs

(applets).

• Autorooters– Autorooters are a kind of hacker automaton. Hackers use

something called a rootkit to probe, scan, and then capture data on a strategically positioned computer.

• Backdoors– Backdoors are simply paths leading into a computer or

network.

• Network Reconnaissance– Attackers gather all the information they can about it, because

the more they know about the network, the better they can compromise it.

Attackers and Their Tools

14

• Packet Sniffers– A network adapter card is set to promiscuous mode so it will receive all

packets from the network’s Physical layer to gather highly valuable sensitive data.

• Password Attacks– Password attacks are used discover user passwords so the thief can pretend

they’re a valid user and then access that user’s privileges and resources.

• Brute-Force Attacks– A brute-force attack is another software-oriented attack that employs a

program running on a targeted network trying to log in to some type of shared network resource like a server.

• Port-Redirection Attacks– A port-redirection attack requires a host machine the hacker has broken into

uses to get traffic into a network which wouldn’t be allowed passage through a firewall.

• Trust-Exploitation Attacks– Uses a trust relationship inside your network making the servers really

vulnerable because they’re all on the same segment.

Attackers and Their Tools

15

• Man-in-the-Middle Attacks– A man-in-the-middle attack happens when someone intercepts

packets intended for one computer and reads the data. – A common guilty party could be someone working for your very

own ISP using a packet sniffer and augmenting it with routing and transport protocols.

– Rogue ATM machines and even credit-card swipers are tools also increasingly used for this type of attack.

Attackers and Their Tools

16

• IP Spoofing Protection

A hacker attempting an IP spoof and the spoofed IP address being denied access to the network by the firewall

Attackers and Their Tools

17

• Rogue Access Points– Properly securing a wireless network has become a critical task for most

network administrators. – With a wired network, you know where the cables start and stop; but with

a wireless network, you don’t.– A rogue access point is one that’s been installed on a network without the

administrator’s knowledge. – These can be unintentional—when a user innocently plugs a wireless

router or wireless access point in to the end of a network cable in your building it is clearly unsecured.

– Rogue access points are very useful to someone who wants to set up a man-in-the-middle attack.

• Social Engineering (Phishing)– Hackers are more sophisticated today, they just asked the network’s

users for it.– Social engineering, or phishing is the act of attempting to obtain sensitive

information by pretending to be a credible source. – Common phishing tactics include emails, phone calls, or even starting up

a conversation in person.

Understanding Mitigation Techniques

18

• Active Detection

– Software that searches for hackers attempting known attack methods and scans for the kind of suspicious activity.

• Passive Detection

– Video cameras are a good example of passive intrusion-detection systems.

• Proactive Defense

– A proactive defense is something you do or implement to ensure that your network is impenetrable.

Policies and Procedures

19

• Security Policies

– Security Audit

– Clean-Desk Policy

– Recording Equipment

– DMZ

Patches and Upgrades

20

• Automatic Updates through Windows Update

– It’s really easy to get updates for Windows-based operating systems from Windows 2000 on, through Windows Update

– If you need to get more information: www.microsoft.com

Antivirus Components

21

A typical antivirus program consists of two components:

• The definition files

• The engine

Antivirus Maintenance

22

•

• Upgrade (keep current) your Antivirus Engine

• Updating the Antivirus Definition Files• Scanning for Viruses Regularly• Fix Infected Computers

Summary

23

• Summary

• Exam Essentials Section

• Written Labs

• Review Questions