Chapter 7 7.2 Threats in Networks Network Security / G. Steffen

In This Section What makes a network Vulnerable Who Attacks Networks? Reasons for network attacks Who Attacks Networks? Who are the attackers? Why people attack? Threats in Transit: Eavesdropping and Wiretapping Different ways attackers attack a victim Network Security / G. Steffen

What Makes a Network Vulnerable 1 How network differ from a stand-alone environment: Anonymity Attacker can mount an attack from thousands of miles away; passes through many hosts Many points of attack Both targets and origins An attack can come from any host to any host Sharing More users have the potential to access networked systems than on single computers Network Security / G. Steffen

What Makes a Network Vulnerable 2 How network differ from a stand-alone environment: Complexity of System Reliable security is difficult to obtain Complex as many users do not know what their computers are doing at any moment Unknown Perimeter One host may be a node on two different networks Causing uncontrolled groups of possibly malicious users Unknown Path Can have multiple paths from one host to another. Network Security / G. Steffen

Who Attacks Networks Challenge – what would happen if I tried this approach or technique? Can I defeat this network? Fame Money and Espionage Organized Crime Ideaology Hacktivism – breaking into a computer system with the intent of disrupting normal operations but not causing serious damage Cyberterroism- more dangerous than hacktivism can cause grave harm such as loss of life or severe economic damage Network Security / G. Steffen

Reconnaissance 1 How attackers perpetrate attacks? Port Scan For a particular IP address, the program will gather network information. It tells an attacker which standard ports are being used, which OS is installed on the target system, & what applications and which versions are present. Social Engineering It gives an external picture of the network to the attacker. Intelligence Gathering all the information and making a plan. Network Security / G. Steffen

Reconnaissance 2 How attackers perpetrate attacks? Operating System & Application Fingerprinting Determining what commercial application server application is running, what version… Bulletin Boards & Charts Exchanging information and techniques online Availability of Documentation Vendors provide information on website about their product in order to develop compatible, complementary applications. For instance Microsoft Network Security / G. Steffen

Threats in Transit Eavesdropping Wiretapping Overhearing without expending any extra effort Causing harm that can occur between a sender and a receiver Wiretapping Passive wiretapping Similar to eavesdropping Active wiretapping Injecting something into the communication Network Security / G. Steffen

Wiretapping Communication Mediums 1 Cable Packet sniffer – A device that can retrieve all packets of LAN Inductance – a process where an intruder can tap a wire and read radiated signals without making physical contact with the cable Microwave Signals are broadcasted through air, making more accessible to hackers Signals are not usually shielded or isolated to prevent interception Satellite Communication Dispersed over a great area than the indented point of reception Communications are multiplexed, the risk is small that any one communication will be interrupted Greater potential than microwave signals Network Security / G. Steffen

Wiretapping Communication Mediums 2 Optical Fiber Not possible to tap an optical signal without detection Inductive tap is not possible as optical fiber carries light energy Hackers can obtain data from repeaters, splices , and taps along a cable Wireless Major threat is interception Network Security / G. Steffen

Wiretap Vulnerabilities Network Security / G. Steffen

Other Threats Protocol Flaws Authentication Foiled by Guessing Authentication Thwarted by Eavesdropping or Wiretapping Authentication Foiled by Avoidance Nonexistent Authentication Well-Known Authentication Trusted Authentication Network Security / G. Steffen

Other Threats Impersonation Spoofing Masquerade Session hijacking Easier than wiretapping for obtaining information on a network More significant threat in WAN than in LAN Spoofing An attacker obtains network credentials illegally and carries false conversations Masquerade One hosts pretends to be another Phishing is a variation of this kind of an attack. Session hijacking Intercepting & carrying a session begun by another entity Man-in-the-Middle Attack One entity intrudes between two others. Network Security / G. Steffen

Key Interception by a Man-in-the Middle Attack Network Security / G. Steffen

Message Confidentiality Threats Misdelivery Message can be delivered to someone other than the intended recipient Exposure Passive wiretapping is a source of message exposure Traffic Flow Analysis Protecting both the content of the message & the header information that identifies the sender and receiver Network Security / G. Steffen

Message Integrity Threats Falsification of Messages An attacker may change content of the message on the way to the receiver An attacker may destroy or delete a message These attacks can be perpetrated by active wiretapping, Trojan horse, preempted hosts etc Noise These are unintentional interferences Network Security / G. Steffen

Denial of Service (DOS)/ Availability Attacks Transmission Failure Line cut Network noise making a packet unrecognizable or undeliverable Connection Flooding Sending too much data Protocol attacks: TCP, UDP, ICMP (Internet Control Message Protocol) Network Security / G. Steffen

DOS Attacks 1 Echo-Chargen Ping of Death Smurf Syn Flood Attack works between two hosts Ping of Death Flood network with ping packets Attack limited by the smallest bandwidth to victim Smurf It is a variation of ping attack Syn Flood Attack uses the TCP protocol suite Network Security / G. Steffen

Distributed Denial of Service (DDoS) To perpetrate a DDoS attack, an attacker first plants a Trojan horse on a target machine. This process is repeated with many targets. Each of these targets systems then become what is known as zombie. Then the attacker chooses a victim and sends a signal to all the zombies to launch the attack. It means the victim counters n attacks from the n zombies all acting at once. Network Security / G. Steffen

Summary Threats are raised against the key aspects of security : confidentiality, integrity, and availability. Target Vulnerability Precursors to attack Port Scan Social Engineering Reconnaissance OS & Application Fingerprinting Authentication Failures Impersonation Guessing Eavesdropping Spoofing Man-in-the Middle Attack Network Security / G. Steffen

Summary Target Vulnerability Programming Flaws Buffer Overflow Addressing Errors Parameter Modifications Cookie Malicious Typed Code Confidentiality Protocol Flaw Eavesdropping Passive Wiretap Misdelivery Network Security / G. Steffen

Summary Target Vulnerability Integrity Protocol Flaw Active Wiretap Noise Impersonation Falsification of Message Availability Connection flooding, e.g., smurf DNS Attack Traffic Redirection DDoS Network Security / G. Steffen