Trish Miller Network Security. Trish Miller Types of Attacks Attacks on the OSI & TCP/IP Model Attack Methods Prevention Switch Vulnerabilities and Hacking.

Slides:



Advertisements
Similar presentations
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
Advertisements

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
System Security Scanning and Discovery Chapter 14.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Web Server Administration TEC 236 Securing the Web Environment.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
COEN 252: Computer Forensics Router Investigation.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Network Security Philadelphia UniversityAhmad Al-Ghoul Module 9 TCP/IP Layers and Vulnerabilities  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Storage Security and Management: Security Framework
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Module 11: Designing Security for Network Perimeters.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Security fundamentals Topic 6 Securing the network infrastructure.
Security fundamentals Topic 1 Addressing security threats and vulnerabilities.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Network System Security - Task 2. Russell Johnston.
CompTIA Security+ Study Guide (SY0-401)
Working at a Small-to-Medium Business or ISP – Chapter 8
Instructor Materials Chapter 7 Network Security
Security in Networking
CompTIA Security+ Study Guide (SY0-401)
* Essential Network Security Book Slides.
Firewalls (March 2, 2016) © Abdou Illia – Spring 2016.
– Chapter 3 – Device Security (B)
Test 3 review FTP & Cybersecurity
Presentation transcript:

Trish Miller Network Security

Trish Miller Types of Attacks Attacks on the OSI & TCP/IP Model Attack Methods Prevention Switch Vulnerabilities and Hacking Cisco Routers Interesting links Objectives

Trish Miller Physical Access Attacks –Wiretapping –Server Hacking –Vandalism Dialog Attacks –Eavesdropping –Impersonation –Message Alteration Types of Attacks

Trish Miller Social Engineering –Opening Attachments –Password Theft –Information Theft Types of Attacks (Cont.) Penetration Attacks –Scanning (Probing) –Break-in –Denial of Service –Malware Viruses Worms

Trish Miller Risk Analysis of the Attack What is the cost if the attack succeeds? What is the probability of occurrence? What is the severity of the threat? What is the countermeasure cost? What is the value to protect the system Determine if the countermeasure should be implemented. Finally determine its priority.

Trish Miller OSI & TCP/IP Related Attacks

Trish Miller Session –Password theft –Unauthorized Access with Root permission Transport & Network: –Forged TCP/IP addresses –DoS Attacks OSI Model Related Attacks Application layer: –Attacks on web –Attacks are typically virus Presentation: –Cracking of encrypted transmissions by short encryption key

Trish Miller Data Link & Physical –Network Sniffers –Wire Taps –Trojan Horses –Malicious code OSI Model Related Attacks

Trish Miller Attacks Related to TCP Packet Port Number –Applications are identified by their Port numbers –Well-known ports (0-1023) HTTP=80, Telnet=23, FTP=21 for supervision, 20 for data transfer, SMTP=25 –Allows applications to be accessed by the root user

Trish Miller IP address spoofing –Change the source IP address –To conceal identity of the attacker –To have the victim think the packet comes from a trusted host –LAND attack Attacks Related to TCP Packet

Trish Miller Attacks Related to TCP Packet Port Number –Registered ports ( ) for any application –Not all operating systems uses these port ranges, although all use well-known ports

Trish Miller Attack Methods

Trish Miller Host Scanning Network Scanning Port Scanning Fingerprinting Attack Methods

Trish Miller Host Scanning –Ping range of IP addresses or use alternative scanning messages –Identifies victims –Types of Host scanning Ping Scanning TCP SYN/ACK attacks Attack Methods (Cont.)

Trish Miller Network Scanning –Discovery of the network infrastructure (switches, routers, subnets, etc.) –Tracert and applications similar identifies all routers along the route to a destination host Attack Methods (Cont.)

Trish Miller Port Scanning –Once a host is identified, scan all ports to find out if it is a server and what type it is –Two types: Server Port Scanning –TCP –UDP Client Port Scanning –NetBIOS –Ports 135 – 139 used for NetBIOS ports used for file and print services. –GRC.com a free website that scan your pc for open ports. Attack Methods (Cont.)

Trish Miller Fingerprinting –Discovers the host operating system and applications as well as the version Active (sends) Passive (listen) –Nmap does all major scanning methods Attack Methods (Cont.)

Trish Miller Denial-of-Service (DoS) Attacks –Attacks on availability –SYN flooding attacks overload a host or network with connection attempts –Stopping DoS attacks is very hard. Attack Methods (Cont.)

Trish Miller The Break-In –Password guessing –Take advantage of unpatched vulnerabilities –Session hijacking Attack Methods (Cont.)

Trish Miller Download rootkit via TFTP Delete audit log files Create backdoor account or Trojan backdoor programs After the Compromise

Trish Miller Weaken security Access to steal information, do damage Install malicious software (RAT, DoS zombie, spam relay, etc.) After the Compromise (Cont.)

Trish Miller Prevention

Trish Miller Preventions Stealth Scanning Access Control Firewalls Proxy Servers IPsec Security Policies DMZ Host Security

Trish Miller Noisiness of Attacks Exposure of the Attacker’s IP Address Reduce the rate of Attack below the IDS Threshold Scan Selective Ports Stealth Scanning

Trish Miller The goal of access control is to prevent attackers from gaining access, and stops them if they do. The best way to accomplish this is by: –Determine who needs access to the resources located on the server. –Decide the access permissions for each resource. –Implement specific access control policies for each resource. –Record mission critical resources. –Harden the server against attacks. –Disable invalid accounts and establish policies Access Control

Trish Miller Firewalls Firewalls are designed to protect you from outside attempts to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

Trish Miller Firewalls (Cont.) Hardware –Provides a strong degree of protection from the outside world. –Can be effective with little or no setup –Can protect multiple systems Software –Better suite to protect against Trojans and worms. –Allows you to configure the ports you wish to monitor. It gives you more fine control. –Protects a single system.

Trish Miller Firewalls Can Prevent –Discovery Network Traceroute –Penetration Synflood Garbage UDP Ping TCP Ping Ping of Death

Trish Miller Proxy A proxy server is a buffer between your network and the outside world. Use an anonymous Proxy to prevent attacks.

Trish Miller IPSec Provides various security services for traffic at the IP layer These security services include –Authentication –Integrity –Confidentiality

Trish Miller IPsec overview - how IPsec helps ProblemHow IPsec helps Details Unauthorized system access Authentication, tamperproofing Defense in depth by isolating trusted from untrusted systems Targeted attacks of high- value servers Authentication, tamperproofing Locking down servers with IPsec. Examples: HR servers, Outlook® Web Access (OWA), DC replication EavesdroppingAuthentication, confidentiality Defense in depth against password or information gathering by untrusted systems Government guideline compliance Authentication, confidentiality Example: “All communications between financial servers must be encrypted.”

Trish Miller DMZ Image

Trish Miller Hardening Servers Cisco IOS Upgrades and Patches Unnecessary Services Network Monitoring tools Host Security

Trish Miller Switch Vulnerabilities and Hacking

Trish Miller Used to locate IP address, version, and model. Mass amounts of packets being sent can fake a crash Used to troubleshoot network, but should be disabled. CDP Protocol

Trish Miller Give users data by poisoning ARP cache of end node. MAC address used to determine destination. Device driver does not check. User can forge ARP datagram for man in the middle attack. ARP Poisoning

Trish Miller SNMP manages the network. Authentication is weak. Public and Private community keys are clear text. Uses UDP protocol which is prone to spoofing. Enable SNMPv3 without backwards compatibility. SNMP

Trish Miller Standard STP takes seconds to deal with a failure or Root bridge change. Purpose: Spanning Tree Attack reviews the traffic on the backbone. Spanning Tree Attacks

Trish Miller Only devices affected by the failure notice the change The attacker can create DoS condition on the network by sending BPDUs from the attacker. Spanning Tree Attacks

Trish Miller STEP 1: MAC flood the access switch STEP 2: Advertise as a priority zero bridge. Spanning Tree Attacks (Cont.)

Trish Miller Spanning Tree Attacks (Cont.) STEP 3: The attacker becomes the Root bridge! –Spanning Tree recalculates. –The backbone from the original network is now the backbone from the attacking host to the other switches on the network. Spanning Tree Attacks (Cont.)

Trish Miller Disabling STP can introduce another attack. BPDU Guard –Disables ports using portfast upon detection of a BPDU message on the port. –Enabled on any ports running portfast STP Attack Prevention

Trish Miller Root Guard –Prevents any ports that can become the root bridge due to their BPDU STP Attack Prevention

Trish Miller Cisco Content Switching Modules Cisco Content Switching Module with SSL CSM and CSM-S

Trish Miller Cisco Secure Desktop –3 major vulnerabilities Maintains information after an Internet browsing session. This occurs after an SSL VPN session ends. Evades the system via the system policies preventing logoff, this will allow a VPN connection to be activated. Allow local users to elevate their privileges. CDM

Trish Miller Prevention –Cisco has software to address the vulnerabilities. –There are workarounds available to mitigate the effects of some of these vulnerabilities.

Trish Miller Cisco Routers

Trish Miller Two potential issues with Cisco Routers –Problems with certain IOS software –SNMP Cisco Routers

Trish Miller Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 –Problem with the software –Confidential information can be leaked out –Software updates on the CISCO site can fix this problem

Trish Miller Virtual Private Networks Virtual connection 1 Virtual Connection 2

Trish Miller Virtual Private Networks Information leak Error Connection

Trish Miller Cisco uBR10012 series devices automatically enable SNMP read/write access Since there are no access restrictions on this community string, attackers can exploit this to gain complete control of the device

Trish Miller CISCO Router Attacking Computer By sending an SNMP set request with a spoofed source IP address the attacker will be able to get the Victim router to send him its configuration file.

Trish Miller CISCO Router Attacking Computer With this information, the remote computer will be able to have complete control over this router

Trish Miller Fixes- Software updates available on the CICSO site that will fix the Read/Write problem

Trish Miller Links n.problems.htmlhttp://insecure.org/sploits/l0phtcrack.lanma n.problems.html

Trish Miller References onid=2YYDWJHHX3FL2QSNDLPSKHSCJUNN2JVN?ar ticleID= &pgno=2http:// onid=2YYDWJHHX3FL2QSNDLPSKHSCJUNN2JVN?ar ticleID= &pgno= htmlhttp:// 998.html 02-convery-switches.pdfhttp:// 02-convery-switches.pdf switched-networks.htmlhttp:// switched-networks.html htmlhttp:// 47.html

Trish Miller