View
224
Download
0
Tags:
Embed Size (px)
Citation preview
Security+ Guide to Network Security Fundamentals, Third EditionChapter 4Network Vulnerabilities and Attacks
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
Explain the types of network vulnerabilities List categories of network attacks Define different methods of network attacks
2
Security+ Guide to Network Security Fundamentals, Third Edition
Network Vulnerabilities
There are _________ broad categories of network vulnerabilities: Those based on the network transport ________ Those found in the network ________ themselves
Let’s take a look at each…
3
Security+ Guide to Network Security Fundamentals, Third Edition
Media-Based Vulnerabilities ______________ network traffic
Helps network administrator to _______________________ ________________________________
Monitoring traffic can be done in _________ ways:1. Use a __________________________________
Configure a switch to ____________________ that flows through some or all ports ___________________________ on the switch
See graphic on next slide…
2. Install a __________________ (test access point) A _______________________ that can be installed _____________
___________________, such as a switch, router, or firewall, to ______________________
See graphic two slides down…
4
Security+ Guide to Network Security Fundamentals, Third Edition 5
Media-Based Vulnerabilities (continued)
Security+ Guide to Network Security Fundamentals, Third Edition 6
Media-Based Vulnerabilities (continued)
Media-Based Vulnerabilities (continued) ________________ computer
Can be a ______________________________ Can be a regular computer running
_____________________________ software Also known as a ____________________ _____________________________________________
____________________________-
See example on next slide…
Security+ Guide to Network Security Fundamentals, Third Edition
Media-Based Vulnerabilities (continued) Just as network taps and protocol analyzers
can be used for legitimate purposes They also can be used by ______________ to
intercept and view network traffic Attackers can access the wired network in the
following ways: False ceilings Exposed wiring Unprotected RJ-45 jacks
9
Security+ Guide to Network Security Fundamentals, Third Edition 10
Media-Based Vulnerabilities (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Four common Network Device Vulnerabilities
1. ___________________________ A password is a secret combination of letters and
numbers that serves to _____________ (validate) a user by what he knows
Password paradox Lengthy and complex passwords should be used and
__________________________ It is very difficult to memorize these types of passwords Passwords can be set to expire after a set period of time,
and a new one must be created Therefore a password can provide ___________
11
Security+ Guide to Network Security Fundamentals, Third Edition
Network Device Vulnerabilities (continued) Characteristics of weak passwords:
A _______________ used as a password ____________ passwords unless forced to do so Passwords that are _____________ __________________ in a password Using the __________________ for all accounts _____________ the password down
12
Security+ Guide to Network Security Fundamentals, Third Edition
Four common Network Device Vulnerabilities
(continued)2. _______________________
A user account on a device that is ____________________ by the ______________ instead of by an administrator
Used to make the _____________________ and installation of the device easier
Intended to be __________________________ is completed, but often they are not
Default accounts are often the first targets that attackers seek Why?
13
Security+ Guide to Network Security Fundamentals, Third Edition
Four common Network Device Vulnerabilities
(continued)3. ________________________
An account that is ___________ without the administrator’s knowledge or permission, that _____________________, and that ____________________________________ Can by created by programmer of software to allow
convenient access to device for troubleshooting Back doors can be created on a network device in
two ways: The network device can be ____________________ using
a virus, worm, or Trojan horse to insert the back door A ________________________________ creates a back
door on the device
14
Security+ Guide to Network Security Fundamentals, Third Edition
Four common Network Device Vulnerabilities
(continued)
4. __________________ (talked about in Chapter 2) It is possible to _____________________ in the
_______________________ to gain access to resources that the user would normally be restricted from obtaining
15
Security+ Guide to Network Security Fundamentals, Third Edition
Categories of Attacks Conducted Against Networks..
Include Denial of service Spoofing Man-in-the-middle Replay attacks
16
Security+ Guide to Network Security Fundamentals, Third Edition
Denial of Service (DoS) Denial of service (DoS) attack
Attempts to ___________________________________ __________________________________________________________________________________________
Distributed denial of service (DDoS) attack A _____________ of the DoS May use hundreds or thousands of ________________ in
a botnet to _________________________________- Impossible to identify and block the source of the attack
Example: _________________ attack See Figure 4-4
17
Security+ Guide to Network Security Fundamentals, Third Edition 18
SYN
SYN
SYN
SYN
SYN
SYN+ ACK
SYN+ ACK
SYN+ ACK
SYN+ ACK
SYN+ ACK
Server waiting several minutes for ACK replies but not receiving it from any computer
- Server runs out of resources and can no longer function
Security+ Guide to Network Security Fundamentals, Third Edition
Example #1 of DoS attack
19
- Attacker can flood the radio frequency spectrum with interference to prevent legitimate communication from getting through
Security+ Guide to Network Security Fundamentals, Third Edition 20
Example #2 of DoS attack
1.3.
2.
If the ACK is not returned, the packet is resent
Security+ Guide to Network Security Fundamentals, Third Edition
Example #3 of DoS attack
21
Forces device to temporarily disconnect from the wireless network
Security+ Guide to Network Security Fundamentals, Third Edition
Spoofing AKA impersonation
________________________________________ by ________________________________
Variety of different attacks use spoofing Attacker may _______________________ so that her
malicious actions would be attributed to a valid user Attacker may _____________________________
_____________________________________ Attacker can set up his AP device and trick all
___________________________________________________________________________-
22
Security+ Guide to Network Security Fundamentals, Third Edition
Man-in-the-Middle attack Works by _________________ (attacker)
________________________________________________________________________ Makes it seem that two computers are
communicating with each other directly when actually there is a “middle man” seeing/modifying the traffic
________ attacks _______________________ before they are sent on to the recipient
________ attacks ________________________, _____________ and _______ to original recipient
23
Replay attack Similar to a passive man-in-the-middle attack
Instead of sending traffic to the recipient immediately, the captured data is ________________________________________
A simple replay would involve the man-in-the-middle ____________________ between the computer and the server and attempting to login at a later time
A more sophisticated attack takes advantage of the communications between a __________________ Administrative messages that contain specific network requests are
frequently sent between a network device and a server A replay attack could _______________________________________
_____________________. The server might respond thinking the message came from a _______________________________________
Security+ Guide to Network Security Fundamentals 24
Methods of Network Attacks
Protocol-based Targeting vulnerabilities in network protocols is a
common method of attack since the ___________ is ____________________________ itself Any system that uses this protocol is vulnerable
Wireless Attacks unique to wireless networks have been
created
More to come…
Security+ Guide to Network Security Fundamentals, Third Edition 25
Protocol-Based Attacks Antiquated protocols
_____________ protocols have been updated often to address __________________________
__________ is another updated protocol Used for __________________________ between
networked devices The use of community strings in the first two versions of
the protocol- SNMPv1 and SNMPv2- created several vulnerabilities Also information was not sent in encrypted fashion
SNMPv3 is much more secure Uses ___________________________________
Security+ Guide to Network Security Fundamentals, Third Edition 26
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol-Based Attacks (continued) DNS attacks
Domain Name System (_______________) is the basis for ____________________________ today
DNS ____________________ ___________ a ________________________ so
that when a user enters a symbolic name, she is ____________________________________
27
Security+ Guide to Network Security Fundamentals, Third Edition 28
Protocol-Based Attacks (continued)
Fraudulent IP address
How can this IP address substitution take place?
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol-Based Attacks (continued) Substituting a fraudulent IP address can be
done in one of two different _____________:1. TCP/IP ___________________ name system
If no entry exists for the requested name entered, the external DNS system is referenced
Attackers can target the __________________
Or – the second location..
29
Protocol-Based Attacks (continued)2. External _____________________
Attack is called ____________________ (also called _________________)
DNS servers exchange information between themselves AKA ________________________ Attacker attempts to convince the authentic DNS server
to ______________________________ sent from the _____________________________________
See Figure 4-11 on following slide
Security+ Guide to Network Security Fundamentals, Third Edition 31
Attacker sends a request to resolve a URL to IP address…
Valid DNS server doesn’t know and asks DNS server controlled by attacker
Name server sends IP addresses to the valid (victim) DNS server- which are actually IP addresses to the attacker’s addresses.
-These IP addresses map to legit URL’s
Request from any users will go to attacker’s IP address
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol-Based Attacks (continued) DNS poisoning can be ________________
________________________ software, _______ (Berkeley Internet Name Domain) or __________ (DNS Security Extensions)
______________________ Almost the ___________________________ Attacker asks the _______________________
_______________, known as a DNS transfer Possible for the attacker to _____________________
________ of the organization supporting the DNS server
32
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol-Based Attacks (continued) Address Resolution Protocol (_______)
_______________________________________________________________________________
The IP address and the corresponding MAC address are stored in an ARP cache for future reference
ARP ____________________ An attacker could ________________________
________________ so that the corresponding IP address would ______________________
33
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol-Based Attacks (continued) TCP/IP hijacking takes advantage of a weakness in
the TCP/IP protocol The TCP header consists of _____________ that
are used as _____________________________ Updated as packets are sent and received between
devices Packets may arrive out of order
________________ any packets with ___________ sequence numbers than has been ____________________________
Receiving device will _______________ any packets with __________________________ numbers than has been received and acknowledged
34
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol-Based Attacks (continued)
If both sender and receiver have incorrect sequence numbers, the connection will “hang”
TCP/IP hijacking In a TCP/IP hijacking attack, the attacker creates
fictitious (“spoofed”) TCP packets to take advantage of the weaknesses
See handout for example of TCP/IP hijacking
35
Wireless Attacks
In addition to TCP/IP attacks such as TCP/IP hijacking and ARP poisoning, attacks _____ __________________ have been created
Security+ Guide to Network Security Fundamentals, Third Edition
Rogue Access Points Access Point that is _________________
_________________ (in a vulnerable location) behind the firewall
An attacker who can access the network through a rogue access point is _________ ________________________________ Can ________ attack all devices on the network
Rogue APs ________________________ and opens the entire network and all users to direct attacks
37
War Driving
____________________ At regular intervals, a wireless AP sends a beacon frame to
______________________________________________________________________ that want to join the network Used to establish and maintain communications
Scanning Wireless devices which _______________________
Wireless location mapping AKA _____________ ______________________________________________
RF transmission Process of finding a WLAN signal and recording
information about it
Security+ Guide to Network Security Fundamentals, Third Edition 39
War Driving (continued)
War driving can involve using an ________ to search for wireless signals over a large area but also _________ or a ____________ could be used
Tools for conducting war driving: __________________ device _________________ adapters ________________ Global positioning system receiver
To precisely locate the wireless network _______________ to connect to the wireless network
Security+ Guide to Network Security Fundamentals, Third Edition 40
What is Bluetooth? A wireless technology that uses short-range RF
transmissions and ________________________ _____________________ to a wide range of computing / telecommuncation _____________
Provides for ________________________ between devices
The __________________ standard was adapted and expanded from the existing Bluetooth standard
Two types of 802.15.1 network topologies ___________ – Same channel contains __________ and
at _____________________ ______________ – Connection in which ____________
__________________________________________
Security+ Guide to Network Security Fundamentals, Third Edition 41
Bluesnarfing and Blue Jacking ____________________
The ___________________________ from a wireless device __________________________
Allows an attacker to _____________________, contact lists, etc By simply connecting to that Bluetooth device
_________ the _____________________________
__________________ _______________________ from Bluetooth to
Bluetooth-enabled devices No data is stolen
Security+ Guide to Network Security Fundamentals, Third Edition 42
Other Attacks and Frauds Null sessions
_______________________ to a Microsoft __________________________ computer that ________________________________
Could allow an attacker to connect to open a channel over which he could gather information about the device
Pose a serious ________________ to vulnerable computers and _______________________ to the operating systems
Later versions of Windows are not vulnerable to null session attacks
Security+ Guide to Network Security Fundamentals, Third Edition 43
Security+ Guide to Network Security Fundamentals, Third Edition
Other Attacks and Frauds (continued) Domain Name Kiting
A type of fraud that involves _______________ ______________ to do something unscrupulous __________________________
________________ are organizations that are ____________________________ ________________________________ A five-day Add Grade Period (AGP) permits
registrars to delete any newly registered Internet domain names and give a full refund of the registration fee
44
Security+ Guide to Network Security Fundamentals, Third Edition
Other Attacks and Frauds (continued) Domain Name Kiting (continued)
Unscrupulous registrants attempt to _________ _______________________ by ____________ _____________________________________
Recently expired domain names are indexed by search engines
Visitors are _________________________________ Which is usually a single page Web with paid advertisement
links Visitors who click on these links _____________
___________________________________
45
Summary
Network vulnerabilities include media-based vulnerabilities and vulnerabilities in network devices
The same tools that network administrators use to monitor network traffic and troubleshoot network problems can also be used by attackers
Network devices often contain weak passwords, default accounts, back doors, and vulnerabilities that permit privilege escalation
Network attacks can be grouped into four categories
Security+ Guide to Network Security Fundamentals, Third Edition 46
Summary (continued)
Protocol-based attacks take advantage of vulnerabilities in network protocols
Attacks on wireless systems have increased along with the popularity of wireless networks
Other network attacks include null sessions, which are unauthenticated connections to a system using a legacy version of Microsoft windows
Domain Name Kiting is fraud that involves the use of a grace period to delete newly registered domain names
Security+ Guide to Network Security Fundamentals, Third Edition 47