Network security

download Network security

of 58

  • date post

  • Category


  • view

  • download


Embed Size (px)



Transcript of Network security

  • 1. Trish Miller Network Security


  • Types of Attacks
  • Attacks on the OSI & TCP/IP Model
  • Attack Methods
  • Prevention
  • Switch Vulnerabilities and Hacking
  • Cisco Routers
  • Interesting links

Objectives Trish Miller 3.

  • Physical Access Attacks
    • Wiretapping
    • Server Hacking
    • Vandalism
  • Dialog Attacks
    • Eavesdropping
    • Impersonation
    • Message Alteration

Types of Attacks Trish Miller 4.

  • Social Engineering
    • Opening Attachments
    • Password Theft
    • Information Theft

Types of Attacks (Cont.)

  • Penetration Attacks
    • Scanning (Probing)
    • Break-in
    • Denial of Service
    • Malware
      • Viruses
      • Worms

Trish Miller 5. Risk Analysis of the Attack

  • What is the cost if the attack succeeds?
  • What is the probability of occurrence?
  • What is the severity of the threat?
  • What is the countermeasure cost?
  • What is the value to protect the system
  • Determine if the countermeasure should be implemented.
  • Finally determine its priority.

Trish Miller 6. OSI & TCP/IP Related Attacks Trish Miller 7.

  • Session
    • Password theft
    • Unauthorized Access with Root permission
  • Transport & Network:
    • Forged TCP/IP addresses
    • DoS Attacks

OSI Model Related Attacks

  • Application layer:
    • Attacks on web
    • Attacks are typically virus
  • Presentation:
    • Cracking of encrypted transmissions by short encryption key

Trish Miller 8.

  • Data Link & Physical
    • Network Sniffers
    • Wire Taps
    • Trojan Horses
    • Malicious code

OSI Model Related Attacks Trish Miller 9. Attacks Related to TCP Packet

  • Port Number
    • Applications are identified by their Port numbers
    • Well-known ports (0-1023)
      • HTTP=80, Telnet=23, FTP=21 for supervision, 20 for data transfer, SMTP=25
    • Allows applications to be accessed by the root user

Trish Miller 10.

  • IP address spoofing
    • Change the source IP address
    • To conceal identity of the attacker
    • To have the victim think the packet comes from a trusted host
    • LAND attack

Attacks Related to TCP Packet Trish Miller 11. Attacks Related to TCP Packet

  • Port Number
    • Registered ports (1024-49152) for any application
    • Not all operating systems uses these port ranges, although all use well-known ports

Trish Miller 12. Attack Methods Trish Miller 13.

  • Host Scanning
  • Network Scanning
  • Port Scanning
  • Fingerprinting

Attack Methods Trish Miller 14.

  • Host Scanning
    • Ping range ofIP addresses or use alternative scanning messages
    • Identifies victims
    • Types of Host scanning
      • Ping Scanning
      • TCP SYN/ACK attacks

Attack Methods (Cont.) Trish Miller 15.

  • Network Scanning
    • Discovery of the network infrastructure (switches, routers, subnets, etc.)
    • Tracert and applications similar identifies all routers along the route to a destination host

Attack Methods (Cont.) Trish Miller 16.

  • Port Scanning
    • Once a host is identified, scan all ports to find out if it is a server and what type it is
    • Two types:
      • Server Port Scanning
        • TCP
        • UDP
      • Client Port Scanning
        • NetBIOS
        • Ports 135 139 used for NetBIOS ports used for file and print services.
        • a free website that scan your pc for open ports.

Attack Methods (Cont.) Trish Miller 17.

  • Fingerprinting
    • Discovers the host operating system and applications as well as the version
      • Active (sends)
      • Passive (listen)
    • Nmap does all major scanning methods

Attack Methods (Cont.) Trish Miller 18.

  • Denial-of-Service (DoS) Attacks
    • Attacks on availability
    • SYN flooding attacks overload a host or network with connection attempts
    • Stopping DoS attacks is very hard.

Attack Methods (Cont.) Trish Miller 19.

  • The Break-In
    • Password guessing
    • Take advantage of unpatched vulnerabilities
    • Session hijacking

Attack Methods (Cont.) Trish Miller 20.

  • Download rootkit via TFTP
  • Delete audit log files
  • Create backdoor account or Trojan backdoor programs

After the Compromise Trish Miller 21.

  • Weaken security
  • Access to steal information, do damage
  • Install malicious software (RAT, DoS zombie, spam relay, etc.)

After the Compromise (Cont.) Trish Miller 22. Prevention Trish Miller 23. Preventions

  • Stealth Scanning
  • Access Control
  • Firewalls
  • Proxy Servers
  • IPsec
  • Security Policies
  • DMZ
  • Host Security

Trish Miller 24.

  • Noisiness of Attacks
  • Exposure of the Attackers IP Address
  • Reduce the rate of Attack below the IDS Threshold
  • Scan Selective Ports

Stealth Scanning Trish Miller 25.

  • The goal of access control is to prevent attackers from gaining access, and stops them if they do.
  • The best way to accomplish this is by:
    • Determine who needs access to the resources located on the server.
    • Decide the access permissions for each resource.
    • Implement specific access control policies for each resource.
    • Record mission critical resources.
    • Harden the server against attacks.
    • Disableinvalid accountsand establish policies

Access Control Trish Miller 26. Firewalls

  • Firewalls are designed to protect you from outside attempts to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

Trish Miller 27. Firewalls (Cont.)

  • Hardware
    • Provides a strong degree of protection from the outside world.
    • Can be effective with little or no setup
    • Can protect multiple systems
  • Software
    • Better suite to protect against Trojans and worms.
    • Allows you to configure the ports you wish to monitor. It gives you more fine control.
    • Protects a single system.

Trish Miller 28. Firewalls

  • Can Prevent
    • Discovery
      • Network
      • Traceroute