OV 13 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. Network Security Threats and...

OV 13 - 1Copyright © 2011 Element K Content LLC. All rights reserved.

Network Security Threats and Attacks

Network-Based Security Threats and Attacks Apply Threat Mitigation Techniques Educate Users


Physical Security

The implementation and practice of various control mechanisms that are intended to restrict physical access to facilities.

Assuring the reliability of certain infrastructure elements such as electrical power, data networks, and fire suppression systems.

Physical security may be challenged by a wide variety of events or situations, including: Facilities intrusions Electrical grid failures Fire Personnel illnesses Data network interruptions


Physical Security Threats and Vulnerabilities

Internal – It is important to always consider what is happening inside organizations, especially when physical security is concerned.

External – It is impossible for any organization to fully control external security threats.

Natural – Although natural threats are easy to overlook, they can pose a significant risk to the physical security of a facility.

Man-made – Whether intentional or accidental, people can cause a number of physical threats.


Social Engineering Attacks

User Name Password

Target

Attacker

An attacker gets sensitive data from unsuspecting users

An attacker gets sensitive data from unsuspecting users


Social Engineering Types

Spoofing - This is a human- or software-based attack where the goal is to pretend to be someone else for the purpose of concealing their identity.

Impersonation - This is a human-based attack where an attacker pretends to be someone he is not.

Phishing - This is a common type of email-based social engineering attack. Vishing - This is a human-based attack where the goal is to extract

personal, financial, or confidential information from the victim. Whaling - This is a form of phishing that targets individuals who are known

to possess a good deal of wealth. Spam and spim - Spam is an email-based threat where the user’s inbox is

flooded with emails. Spim is an IM-based attack similar to spam. Hoax - Hoax is any type of incorrect or misleading information that is

disseminated to multiple users through unofficial channels.


Malicious Code Attacks

Attacker inserts unauthorized software or malware to attack

target systems

Attacker inserts unauthorized software or malware to attack

target systems


Types of Malicious Code Attacks

Virus - A sample of code that spreads from one computer to another by attaching itself to other files.

Worm - A piece of code that spreads from one computer to another on its own, not by attaching itself to another file.

Trojan horse - An insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks.

Logic bomb - A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date.


Types of Malicious Code Attacks (Cont.)

Spyware - Surreptitiously installed malicious software that is intended to track and report the usage of a target system, or collect other data the author wishes to obtain.

Adware - Software that automatically displays or downloads advertisements when it is used.

Rootkit - Code that is intended to take full or partial control of a system at the lowest levels.

Botnet - A set of computers that have been infected by a control program called a bot that enables attackers to exploit them to mount attacks.


Types of Viruses

Boot sector - Infects any disk based media. Macro - A macro is a group of application-specific instructions that execute

within a specific application. Mailer and mass mailer - A mailer virus sends itself to other users through

the email system. Polymorphic - This type of virus can change as it moves around, acting

differently on different systems. Script - A small program that runs code using the Windows scripting host on

Windows operating systems. Stealth - A stealth virus moves and attempts to conceal itself until it can

propagate.


Buffer Overflow

An attack that: Targets system vulnerability to cause the device operating system to crash

or reboot May result in loss of data or execute rogue code on devices Typically targets desktop and server applications, but may target

applications on wireless devices.

RADIUS, Diameter and TACACS+ subject to buffer overflow attacks.


Wireless Security

Security protocols prevent unauthorized

network access

Security protocols prevent unauthorized

network access


Wireless Vulnerabilities

Rogue access point - This is an unauthorized wireless access point on a corporate or private network.

Evil twins - These are rogue access points on a network that appear to be legitimate.

Interference - In wireless networking, this is the phenomenon by which radio waves interfere with the 802.11 wireless signals.

Bluejacking - This is a method used by attackers to send out unwanted Bluetooth signals from PDAs, mobile phones, and laptops to other Bluetooth-enabled devices.

Bluesnarfing - This is a method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-foot Bluetooth transmission limit.


Wireless Vulnerabilities (Cont.)

War driving - The act of searching for instances of wireless networks using wireless tracking devices such as PDAs, mobile phones, or laptops.

WEP and WPA cracking - The method used to crack the encryption keys used in WEP and WPA installations to gain access to private wireless networks.

War chalking - The act of using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network which may be offering Internet access.

IV attack - In this attack, the attacker is able to predict or control the Initialization Vector (IV) of an encryption process.

Packet sniffing - An attack on wireless networks where an attacker captures data and registers data flows, which allow the attacker to analyze the data contained in a packet.


Password Attacks

xxxxxxxxxxPxxxxxxxxPassxxxxxPass1234!Pass1234

A password attack shows up as repeated failed logons and

then a successful logon

A password attack shows up as repeated failed logons and

then a successful logon


Types of Password Attacks

Guessing - Is the simplest type of password attack and involves an individual making repeated attempts to guess a password by entering different common password values.

Stealing - Passwords can be stolen by various means, including sniffing network communications, reading handwritten password notes, or observing a user in the act of entering the password.

Dictionary attack - Automates password guessing by comparing encrypted passwords against a predetermined list of possible password values.

Brute force attack - The attacker uses password-cracking software to attempt every possible alphanumeric password combination.

Hybrid password attack - Utilizes multiple attack vectors including dictionary, brute-force, and other attack methodologies when trying to crack a password.


IP Spoofing Attacks

IP packet

Target192.168.0.77

Real IP address:10.10.10.25

Real IP address:10.10.10.25

Source IP address: 192.168.0.10Destination IP address: 192.168.0.77

Source IP address: 192.168.0.10Destination IP address: 192.168.0.77


Session Hijacking Attacks

Legitimate computer session

Legitimate computer session

Stealing an active session

cookie

Stealing an active session

cookie


DoS Attacks

Attempts todisrupt or disable systems

that provide network services

Attempts todisrupt or disable systems

that provide network services


DDoS Attacks

DronesDrones

Uses multiple computers

to launch the attack from many sources

Uses multiple computers

to launch the attack from many sources


Man-in-the-Middle Attacks

Controlling the information that travels between the

two victims

Controlling the information that travels between the

two victims


Port Scanning Attacks

Port Protocol State

21 FTP Open

53 DNS Closed

80 HTTP Open

110 POP3 Closed

119 NNTP Closed

443 HTTPS Open

Scans the computersand devices to determine active

TCP and UDP ports

Scans the computersand devices to determine active

TCP and UDP ports


Replay Attacks

1:00 P.M.1:00 P.M.

10:00 A.M.10:00 A.M.Captures network

traffic and stores it for retransmission

Captures network traffic and stores it for

retransmission

Retransmits later to gain unauthorized

access

Retransmits later to gain unauthorized

access


FTP Bounce Attacks

Target the FTP vulnerability, which permits connected clients to open other connections on any port on the FTP server.

Allow a user with anonymous FTP connection to attack other systems by opening a service port on the third system and sending commands to that service.


ARP Poisoning Attacks

Redirects IP address to selfRedirects IP address to self

IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65

IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65IP address: 192.168.0.10MAC address: 00-00-86-47-F6-65


Software Updates

Software manufacturers regularly issue different types of system

updates: Patch - A small unit of supplemental code Hotfix - Issued on an emergency basis to address a specific security flaw Rollup - A collection of previously issued patches and hotfixes Service pack - A larger compilation of system updates with new features


Patch Management

Evaluate

Test

Implement

Non-Production System


Antivirus Software

Scans computer for malicious programsScans computer for malicious programs


Internet Email Virus Protection

Antivirus deployed on Internet gatewayAntivirus deployed on Internet gateway

Antivirus deployed on mail connector

Antivirus deployed on mail connector

Antivirus deployed on systemsAntivirus deployed on systems


Anti-Spam Software

Anti-spam solutions protect specific spam target areas such as: End users – Protects end users against the flood of spam using different

methods Administrators – Enables administrators to use many different systems and

services to guard against spam within their organization Email senders – Protects email senders by using a number of automated

methods Research and law enforcement – Allows updated anti-spam solutions to be

implemented


Security Policies

Formal policy statement

Formal policy statement

Implementation measures

Implementation measures

Individual policyIndividual policy

Resources to protect

Resources to protect


Common Security Policy Types

Common security policy types include: Acceptable user policy - Defines the acceptable use of an organization’s

physical and intellectual resources. Audit policy - Details the requirements and parameters for risk assessment

and audits of the organization’s information and resources. Extranet policy - Sets the requirements for third-party entities that desire

access to an organization’s networks. Password policy - Defines standards for creating password complexity. Wireless standards policy - Defines what wireless devices can connect to an

organization’s network and how to use them in a safe manner.


Security Incident Management

A specific instance of a risk event occurring, whether or not it causes damage.

A set of practices and procedures that govern how an organization will respond to an incident in progress.

Goals of incident management: Contain an incident appropriately. Minimize any damage that may occur as a result of the incident.


IRPs

Incident Response Policy (IRP) is the security policy that: Determines the actions that an organization will take following a confirmed

or potential security breach. Usually specifies:

Who determines and declares if an actual security incident has occurred. What individuals or departments will be notified. How and when they are notified. Who will respond to the incident. Guidelines for the appropriate response.


Change Management

Systematic way of approving and executing change to IT services

Systematic way of approving and executing change to IT services


Employee Education

The employee education process should include the following steps:1. Awareness - Education begins with awareness.

2. Communication - Once employees are aware of security issues and the role they play in protecting the organization’s assets, the lines of communication between employees and the security team must remain open.

3. Education - Employees should be trained and educated in security procedures, practices, and expectations from the moment they walk through the door.


User Security Responsibilities

User security responsibilities include: Physical security - Employees should not allow anyone in the building

without proper ID. System security - Employees must use their user IDs and passwords

properly. Device security - Employees must use correct procedures to log off all

systems and shut down computers when not in use.


Reflective Questions

1. What type of attack is of the most concern in your environment?

2. Which type of attack do you think might be the most difficult to guard against?

OV 13 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. Network Security Threats and...

Documents

Transcript of OV 13 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. Network Security Threats and...