OV 13 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. Network Security Threats and...
-
Upload
miles-lyons -
Category
Documents
-
view
218 -
download
1
Transcript of OV 13 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. Network Security Threats and...
OV 13 - 1Copyright © 2011 Element K Content LLC. All rights reserved.
Network Security Threats and Attacks
Network-Based Security Threats and Attacks Apply Threat Mitigation Techniques Educate Users
OV 13 - 2Copyright © 2011 Element K Content LLC. All rights reserved.
Physical Security
The implementation and practice of various control mechanisms that are intended to restrict physical access to facilities.
Assuring the reliability of certain infrastructure elements such as electrical power, data networks, and fire suppression systems.
Physical security may be challenged by a wide variety of events or situations, including: Facilities intrusions Electrical grid failures Fire Personnel illnesses Data network interruptions
OV 13 - 3Copyright © 2011 Element K Content LLC. All rights reserved.
Physical Security Threats and Vulnerabilities
Internal – It is important to always consider what is happening inside organizations, especially when physical security is concerned.
External – It is impossible for any organization to fully control external security threats.
Natural – Although natural threats are easy to overlook, they can pose a significant risk to the physical security of a facility.
Man-made – Whether intentional or accidental, people can cause a number of physical threats.
OV 13 - 4Copyright © 2011 Element K Content LLC. All rights reserved.
Social Engineering Attacks
User Name Password
Target
Attacker
An attacker gets sensitive data from unsuspecting users
An attacker gets sensitive data from unsuspecting users
OV 13 - 5Copyright © 2011 Element K Content LLC. All rights reserved.
Social Engineering Types
Spoofing - This is a human- or software-based attack where the goal is to pretend to be someone else for the purpose of concealing their identity.
Impersonation - This is a human-based attack where an attacker pretends to be someone he is not.
Phishing - This is a common type of email-based social engineering attack. Vishing - This is a human-based attack where the goal is to extract
personal, financial, or confidential information from the victim. Whaling - This is a form of phishing that targets individuals who are known
to possess a good deal of wealth. Spam and spim - Spam is an email-based threat where the user’s inbox is
flooded with emails. Spim is an IM-based attack similar to spam. Hoax - Hoax is any type of incorrect or misleading information that is
disseminated to multiple users through unofficial channels.
OV 13 - 6Copyright © 2011 Element K Content LLC. All rights reserved.
Malicious Code Attacks
Attacker inserts unauthorized software or malware to attack
target systems
Attacker inserts unauthorized software or malware to attack
target systems
OV 13 - 7Copyright © 2011 Element K Content LLC. All rights reserved.
Types of Malicious Code Attacks
Virus - A sample of code that spreads from one computer to another by attaching itself to other files.
Worm - A piece of code that spreads from one computer to another on its own, not by attaching itself to another file.
Trojan horse - An insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks.
Logic bomb - A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date.
OV 13 - 8Copyright © 2011 Element K Content LLC. All rights reserved.
Types of Malicious Code Attacks (Cont.)
Spyware - Surreptitiously installed malicious software that is intended to track and report the usage of a target system, or collect other data the author wishes to obtain.
Adware - Software that automatically displays or downloads advertisements when it is used.
Rootkit - Code that is intended to take full or partial control of a system at the lowest levels.
Botnet - A set of computers that have been infected by a control program called a bot that enables attackers to exploit them to mount attacks.
OV 13 - 9Copyright © 2011 Element K Content LLC. All rights reserved.
Types of Viruses
Boot sector - Infects any disk based media. Macro - A macro is a group of application-specific instructions that execute
within a specific application. Mailer and mass mailer - A mailer virus sends itself to other users through
the email system. Polymorphic - This type of virus can change as it moves around, acting
differently on different systems. Script - A small program that runs code using the Windows scripting host on
Windows operating systems. Stealth - A stealth virus moves and attempts to conceal itself until it can
propagate.
OV 13 - 10Copyright © 2011 Element K Content LLC. All rights reserved.
Buffer Overflow
An attack that: Targets system vulnerability to cause the device operating system to crash
or reboot May result in loss of data or execute rogue code on devices Typically targets desktop and server applications, but may target
applications on wireless devices.
RADIUS, Diameter and TACACS+ subject to buffer overflow attacks.
OV 13 - 11Copyright © 2011 Element K Content LLC. All rights reserved.
Wireless Security
Security protocols prevent unauthorized
network access
Security protocols prevent unauthorized
network access
OV 13 - 12Copyright © 2011 Element K Content LLC. All rights reserved.
Wireless Vulnerabilities
Rogue access point - This is an unauthorized wireless access point on a corporate or private network.
Evil twins - These are rogue access points on a network that appear to be legitimate.
Interference - In wireless networking, this is the phenomenon by which radio waves interfere with the 802.11 wireless signals.
Bluejacking - This is a method used by attackers to send out unwanted Bluetooth signals from PDAs, mobile phones, and laptops to other Bluetooth-enabled devices.
Bluesnarfing - This is a method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-foot Bluetooth transmission limit.
OV 13 - 13Copyright © 2011 Element K Content LLC. All rights reserved.
Wireless Vulnerabilities (Cont.)
War driving - The act of searching for instances of wireless networks using wireless tracking devices such as PDAs, mobile phones, or laptops.
WEP and WPA cracking - The method used to crack the encryption keys used in WEP and WPA installations to gain access to private wireless networks.
War chalking - The act of using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network which may be offering Internet access.
IV attack - In this attack, the attacker is able to predict or control the Initialization Vector (IV) of an encryption process.
Packet sniffing - An attack on wireless networks where an attacker captures data and registers data flows, which allow the attacker to analyze the data contained in a packet.
OV 13 - 14Copyright © 2011 Element K Content LLC. All rights reserved.
Password Attacks
xxxxxxxxxxPxxxxxxxxPassxxxxxPass1234!Pass1234
A password attack shows up as repeated failed logons and
then a successful logon
A password attack shows up as repeated failed logons and
then a successful logon
OV 13 - 15Copyright © 2011 Element K Content LLC. All rights reserved.
Types of Password Attacks
Guessing - Is the simplest type of password attack and involves an individual making repeated attempts to guess a password by entering different common password values.
Stealing - Passwords can be stolen by various means, including sniffing network communications, reading handwritten password notes, or observing a user in the act of entering the password.
Dictionary attack - Automates password guessing by comparing encrypted passwords against a predetermined list of possible password values.
Brute force attack - The attacker uses password-cracking software to attempt every possible alphanumeric password combination.
Hybrid password attack - Utilizes multiple attack vectors including dictionary, brute-force, and other attack methodologies when trying to crack a password.
OV 13 - 16Copyright © 2011 Element K Content LLC. All rights reserved.
IP Spoofing Attacks
IP packet
Target192.168.0.77
Real IP address:10.10.10.25
Real IP address:10.10.10.25
Source IP address: 192.168.0.10Destination IP address: 192.168.0.77
Source IP address: 192.168.0.10Destination IP address: 192.168.0.77
OV 13 - 17Copyright © 2011 Element K Content LLC. All rights reserved.
Session Hijacking Attacks
Legitimate computer session
Legitimate computer session
Stealing an active session
cookie
Stealing an active session
cookie
OV 13 - 18Copyright © 2011 Element K Content LLC. All rights reserved.
DoS Attacks
Attempts todisrupt or disable systems
that provide network services
Attempts todisrupt or disable systems
that provide network services
OV 13 - 19Copyright © 2011 Element K Content LLC. All rights reserved.
DDoS Attacks
DronesDrones
Uses multiple computers
to launch the attack from many sources
Uses multiple computers
to launch the attack from many sources
OV 13 - 20Copyright © 2011 Element K Content LLC. All rights reserved.
Man-in-the-Middle Attacks
Controlling the information that travels between the
two victims
Controlling the information that travels between the
two victims
OV 13 - 21Copyright © 2011 Element K Content LLC. All rights reserved.
Port Scanning Attacks
Port Protocol State
21 FTP Open
53 DNS Closed
80 HTTP Open
110 POP3 Closed
119 NNTP Closed
443 HTTPS Open
Scans the computersand devices to determine active
TCP and UDP ports
Scans the computersand devices to determine active
TCP and UDP ports
OV 13 - 22Copyright © 2011 Element K Content LLC. All rights reserved.
Replay Attacks
1:00 P.M.1:00 P.M.
10:00 A.M.10:00 A.M.Captures network
traffic and stores it for retransmission
Captures network traffic and stores it for
retransmission
Retransmits later to gain unauthorized
access
Retransmits later to gain unauthorized
access
OV 13 - 23Copyright © 2011 Element K Content LLC. All rights reserved.
FTP Bounce Attacks
Target the FTP vulnerability, which permits connected clients to open other connections on any port on the FTP server.
Allow a user with anonymous FTP connection to attack other systems by opening a service port on the third system and sending commands to that service.
OV 13 - 24Copyright © 2011 Element K Content LLC. All rights reserved.
ARP Poisoning Attacks
Redirects IP address to selfRedirects IP address to self
IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65
IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65
OV 13 - 25Copyright © 2011 Element K Content LLC. All rights reserved.
Software Updates
Software manufacturers regularly issue different types of system
updates: Patch - A small unit of supplemental code Hotfix - Issued on an emergency basis to address a specific security flaw Rollup - A collection of previously issued patches and hotfixes Service pack - A larger compilation of system updates with new features
OV 13 - 26Copyright © 2011 Element K Content LLC. All rights reserved.
Patch Management
Evaluate
Test
Implement
Non-Production System
OV 13 - 27Copyright © 2011 Element K Content LLC. All rights reserved.
Antivirus Software
Scans computer for malicious programsScans computer for malicious programs
OV 13 - 28Copyright © 2011 Element K Content LLC. All rights reserved.
Internet Email Virus Protection
Antivirus deployed on Internet gatewayAntivirus deployed on Internet gateway
Antivirus deployed on mail connector
Antivirus deployed on mail connector
Antivirus deployed on systemsAntivirus deployed on systems
OV 13 - 29Copyright © 2011 Element K Content LLC. All rights reserved.
Anti-Spam Software
Anti-spam solutions protect specific spam target areas such as: End users – Protects end users against the flood of spam using different
methods Administrators – Enables administrators to use many different systems and
services to guard against spam within their organization Email senders – Protects email senders by using a number of automated
methods Research and law enforcement – Allows updated anti-spam solutions to be
implemented
OV 13 - 30Copyright © 2011 Element K Content LLC. All rights reserved.
Security Policies
Formal policy statement
Formal policy statement
Implementation measures
Implementation measures
Individual policyIndividual policy
Resources to protect
Resources to protect
OV 13 - 31Copyright © 2011 Element K Content LLC. All rights reserved.
Common Security Policy Types
Common security policy types include: Acceptable user policy - Defines the acceptable use of an organization’s
physical and intellectual resources. Audit policy - Details the requirements and parameters for risk assessment
and audits of the organization’s information and resources. Extranet policy - Sets the requirements for third-party entities that desire
access to an organization’s networks. Password policy - Defines standards for creating password complexity. Wireless standards policy - Defines what wireless devices can connect to an
organization’s network and how to use them in a safe manner.
OV 13 - 32Copyright © 2011 Element K Content LLC. All rights reserved.
Security Incident Management
A specific instance of a risk event occurring, whether or not it causes damage.
A set of practices and procedures that govern how an organization will respond to an incident in progress.
Goals of incident management: Contain an incident appropriately. Minimize any damage that may occur as a result of the incident.
OV 13 - 33Copyright © 2011 Element K Content LLC. All rights reserved.
IRPs
Incident Response Policy (IRP) is the security policy that: Determines the actions that an organization will take following a confirmed
or potential security breach. Usually specifies:
Who determines and declares if an actual security incident has occurred. What individuals or departments will be notified. How and when they are notified. Who will respond to the incident. Guidelines for the appropriate response.
OV 13 - 34Copyright © 2011 Element K Content LLC. All rights reserved.
Change Management
Systematic way of approving and executing change to IT services
Systematic way of approving and executing change to IT services
OV 13 - 35Copyright © 2011 Element K Content LLC. All rights reserved.
Employee Education
The employee education process should include the following steps:1. Awareness - Education begins with awareness.
2. Communication - Once employees are aware of security issues and the role they play in protecting the organization’s assets, the lines of communication between employees and the security team must remain open.
3. Education - Employees should be trained and educated in security procedures, practices, and expectations from the moment they walk through the door.
OV 13 - 36Copyright © 2011 Element K Content LLC. All rights reserved.
User Security Responsibilities
User security responsibilities include: Physical security - Employees should not allow anyone in the building
without proper ID. System security - Employees must use their user IDs and passwords
properly. Device security - Employees must use correct procedures to log off all
systems and shut down computers when not in use.
OV 13 - 37Copyright © 2011 Element K Content LLC. All rights reserved.
Reflective Questions
1. What type of attack is of the most concern in your environment?
2. Which type of attack do you think might be the most difficult to guard against?