7.2 threats in networks network security / g. steffen1
TRANSCRIPT
7.2 Threats in Networks
Network Security / G. Steffen 1
In This SectionWhat makes a network Vulnerable
Reasons for network attacks
Who Attacks Networks?Who are the attackers? Why people attack?
Threats in Transit: Eavesdropping and WiretappingDifferent ways attackers attack a victim
Network Security / G. Steffen 2
What Makes a Network Vulnerable 1How network differ from a stand-alone
environment:Anonymity
Attacker can mount an attack from thousands of miles away; passes through many hosts
Many points of attack Both targets and origins An attack can come from any host to any host
Sharing More users have the potential to access networked
systems than on single computers
Network Security / G. Steffen 3
How network differ from a stand-alone environment:Complexity of System
Reliable security is difficult to obtain Complex as many users do not know what their
computers are doing at any momentUnknown Perimeter
One host may be a node on two different networks Causing uncontrolled groups of possibly malicious users
Unknown Path Can have multiple paths from one host to another.
Network Security / G. Steffen 4
What Makes a Network Vulnerable 2
Who Attacks NetworksChallenge – what would happen if I tried this
approach or technique? Can I defeat this network?FameMoney and EspionageOrganized CrimeIdeaology
Hacktivism – breaking into a computer system with the intent of disrupting normal operations but not causing serious damage
Cyberterroism- more dangerous than hacktivism can cause grave harm such as loss of life or severe economic damage
Network Security / G. Steffen 5
Reconnaissance 1How attackers perpetrate attacks?
Port Scan For a particular IP address, the program will gather
network information. It tells an attacker which standard ports are being
used, which OS is installed on the target system, & what applications and which versions are present.
Social Engineering It gives an external picture of the network to the
attacker. Intelligence
Gathering all the information and making a plan. Network Security / G. Steffen 6
How attackers perpetrate attacks?Operating System & Application Fingerprinting
Determining what commercial application server application is running, what version…
Bulletin Boards & Charts Exchanging information and techniques online
Availability of Documentation Vendors provide information on website about their
product in order to develop compatible, complementary applications. For instance Microsoft
Network Security / G. Steffen 7
Reconnaissance 2
Threats in TransitEavesdropping
Overhearing without expending any extra effort
Causing harm that can occur between a sender and a receiver
WiretappingPassive wiretapping
Similar to eavesdroppingActive wiretapping
Injecting something into the communication
Network Security / G. Steffen 8
Wiretapping Communication Mediums 1Cable
Packet sniffer – A device that can retrieve all packets of LAN Inductance – a process where an intruder can tap a wire and
read radiated signals without making physical contact with the cable
MicrowaveSignals are broadcasted through air, making more accessible to
hackersSignals are not usually shielded or isolated to prevent
interceptionSatellite Communication
Dispersed over a great area than the indented point of receptionCommunications are multiplexed, the risk is small that any one
communication will be interruptedGreater potential than microwave signals
Network Security / G. Steffen 9
Wiretapping Communication Mediums 2Optical Fiber
Not possible to tap an optical signal without detection
Inductive tap is not possible as optical fiber carries light energy
Hackers can obtain data from repeaters, splices , and taps along a cable
WirelessMajor threat is interception
Network Security / G. Steffen 10
Wiretap Vulnerabilities
Network Security / G. Steffen 11
Other ThreatsProtocol FlawsAuthentication Foiled by GuessingAuthentication Thwarted by Eavesdropping
or WiretappingAuthentication Foiled by AvoidanceNonexistent AuthenticationWell-Known AuthenticationTrusted Authentication
Network Security / G. Steffen 12
Other ThreatsImpersonation
Easier than wiretapping for obtaining information on a network
More significant threat in WAN than in LANSpoofing
An attacker obtains network credentials illegally and carries false conversations
MasqueradeOne hosts pretends to be anotherPhishing is a variation of this kind of an attack.
Session hijacking Intercepting & carrying a session begun by another
entityMan-in-the-Middle Attack
One entity intrudes between two others.Network Security / G. Steffen 13
Key Interception by a Man-in-the Middle Attack
Network Security / G. Steffen 14
Message Confidentiality ThreatsMisdelivery
Message can be delivered to someone other than the intended recipient
ExposurePassive wiretapping is a source of message exposure
Traffic Flow AnalysisProtecting both the content of the message & the
header information that identifies the sender and receiver
Network Security / G. Steffen 15
Message Integrity ThreatsFalsification of Messages
An attacker may change content of the message on the way to the receiver
An attacker may destroy or delete a messageThese attacks can be perpetrated by active
wiretapping, Trojan horse, preempted hosts etc
NoiseThese are unintentional interferences
Network Security / G. Steffen 16
Denial of Service (DOS)/ Availability AttacksTransmission Failure
Line cutNetwork noise making a packet unrecognizable
or undeliverableConnection Flooding
Sending too much dataProtocol attacks: TCP, UDP, ICMP (Internet
Control Message Protocol)
Network Security / G. Steffen 17
DOS Attacks 1Echo-Chargen
Attack works between two hostsPing of Death
Flood network with ping packetsAttack limited by the smallest bandwidth to
victimSmurf
It is a variation of ping attackSyn Flood
Attack uses the TCP protocol suiteNetwork Security / G. Steffen 18
Distributed Denial of Service (DDoS)
Network Security / G. Steffen 19
To perpetrate a DDoS attack, an attacker first plants a Trojan horse on a target machine. This process is repeated with many targets. Each of these targets systems then become what is known as zombie. Then the attacker chooses a victim and sends a signal to all the zombies to launch the attack.
It means the victim counters n attacks from the n zombies all acting at once.
SummaryThreats are raised against the key aspects of
security : confidentiality, integrity, and availability.
Network Security / G. Steffen 20
Target Vulnerability
Precursors to attack •Port Scan•Social Engineering•Reconnaissance•OS & Application Fingerprinting
Authentication Failures •Impersonation•Guessing•Eavesdropping•Spoofing•Man-in-the Middle Attack
Summary
Network Security / G. Steffen 21
Target Vulnerability
Programming Flaws •Buffer Overflow•Addressing Errors•Parameter Modifications•Cookie•Malicious Typed Code
Confidentiality •Protocol Flaw•Eavesdropping•Passive Wiretap•Misdelivery•Cookie
Summary
Network Security / G. Steffen 22
Target Vulnerability
Integrity •Protocol Flaw•Active Wiretap•Noise•Impersonation•Falsification of Message
Availability •Protocol Flaw•Connection flooding, e.g., smurf•DNS Attack•Traffic Redirection•DDoS