Click to edit Master subtitle style Chapter 14: Network Threats and Mitigation Instructor: Click to edit Master subtitle style
Chapter 14 Objectives The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter: 5.4 Explain common threats, vulnerabilities, and mitigation techniques. Wireless: War driving War chalking WEP cracking WPA cracking Evil twin Rogue access point 2
Chapter 14 Objectives (Cont) Attacks: DoS DDoS Man in the middle Social engineering Virus Worms Buffer overflow Packet sniffing FTP bounce Smurf Mitigation techniques: Training and awareness Patch management Policies and procedures Incident response 3
Recognizing Security Threats Viruses are common threats that we hear about all the time, but, there are many other nasty things out there as well. Bad guys who create threats to a network generally have one of two purposes in mind: destruction reconnaissance 4
Denial of Service (DoS) A denial of service (DoS) attack prevents users from accessing the network and/or its resources. DoS attacks come in a variety of flavors. The Ping of Death In a Ping of Death attack, a oversized ICMP packet is sent to the remote victim flooding the victim’s buffer and causing the system to reboot or hang helplessly. 5
Denial of Service (DoS) Smurf The attacker spoofs the intended victim’s IP address and then sends a large number of pings to IP broadcasts. The receiving router responds by delivering the broadcast to all hosts on the network, and all the hosts on the network respond to the victim with an IP echo reply all of them at the same time. 6
Denial of Service (DoS) SYN Flood In the SYN flood, the attacker send a SYN, the victim sends back a SYN/ACK, and the attacker leaves the victim waiting for the final ACK. While the server is waiting for the response, a small part of memory is reserved for it. As the SYNs continue to arrive, memory is gradually consumed. Any further incoming connections to the victimized device will be rejected. 7
Distributed Denial of Service (DDoS) Tribe Flood Network (TFN) Tribe Flood Network 2000 (TFN2K) More complex assaults which initiate synchronized DoS attacks from multiple sources and can target multiple devices. Uses Zombies to carry out the attack Called distributed denial of service (DDos) attacks. Make use of IP spoofing. 8
Viruses Viruses typically have catchy names like Chernobyl, Michelangelo, Melissa, I Love You, and Love Bug Receive a lot of media coverage as they proliferate and cause damage to a large number of people. Viruses are little programs causing a variety of bad things to happen on your computer ranging from merely annoying to totally devastating. They can display a message, delete files, or even send out huge amounts of meaningless data over a network to block legitimate messages. 9
Viruses A key trait of viruses is that they can’t replicate themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them. There are several different kinds of viruses, but the most popular ones are file viruses, macro (data file) viruses, and boot-sector viruses. 10
Viruses Multipartite Viruses A multipartite virus is one that affects both the boot sector and files on your computer, making such a virus particularly dangerous and exasperatingly difficult to remove. 11
Wireless Threats War Driving WEP Cracking WPA Cracking Rogue Access Points Evil Twin 12
Attackers and Their Tools IP Spoofing- process of sending packets with a fake source address Application-Layer Attacks Application-layer attacks focus on well-known holes in software that’s running on our servers. Active-X Attacks Attacks your computer through ActiveX and Java programs (applets). Autorooters Autorooters are a kind of hacker automaton. Hackers use something called a rootkit to probe, scan, and then capture data on a strategically positioned computer. Backdoors Backdoors are simply paths leading into a computer or network. Network Reconnaissance Attackers gather all the information they can about it, because the more they know about the network, the better they can compromise it. 13
Attackers and Their Tools Packet Sniffers A network adapter card is set to promiscuous mode so it will receive all packets from the network’s Physical layer to gather highly valuable sensitive data. Password Attacks Password attacks are used discover user passwords so the thief can pretend they’re a valid user and then access that user’s privileges and resources. Brute-Force Attacks A brute-force attack is another software-oriented attack that employs a program running on a targeted network trying to log in to some type of shared network resource like a server. Port-Redirection Attacks A port-redirection attack requires a host machine the hacker has broken into uses to get traffic into a network which wouldn’t be allowed passage through a firewall. Trust-Exploitation Attacks Uses a trust relationship inside your network making the servers really vulnerable because they’re all on the same segment. 14
Attackers and Their Tools Man-in-the-Middle Attacks A man-in-the-middle attack happens when someone intercepts packets intended for one computer and reads the data. A common guilty party could be someone working for your very own ISP using a packet sniffer and augmenting it with routing and transport protocols. Rogue ATM machines and even credit-card swipers are tools also increasingly used for this type of attack. 15
Attackers and Their Tools IP Spoofing Protection A hacker attempting an IP spoof and the spoofed IP address being denied access to the network by the firewall 16
Attackers and Their Tools Rogue Access Points Properly securing a wireless network has become a critical task for most network administrators. With a wired network, you know where the cables start and stop; but with a wireless network, you don’t. A rogue access point is one that’s been installed on a network without the administrator’s knowledge. These can be unintentional—when a user innocently plugs a wireless router or wireless access point in to the end of a network cable in your building it is clearly unsecured. Rogue access points are very useful to someone who wants to set up a man-in-the-middle attack. Social Engineering (Phishing) Hackers are more sophisticated today, they just asked the network’s users for it. Social engineering, or phishing is the act of attempting to obtain sensitive information by pretending to be a credible source. Common phishing tactics include emails, phone calls, or even starting up a conversation in person. 17
Understanding Mitigation Techniques Active Detection Software that searches for hackers attempting known attack methods and scans for the kind of suspicious activity. Passive Detection Video cameras are a good example of passive intrusion-detection systems. Proactive Defense A proactive defense is something you do or implement to ensure that your network is impenetrable. 18
Policies and Procedures Security Policies Security Audit Clean-Desk Policy Recording Equipment DMZ 19
Patches and Upgrades Automatic Updates through Windows Update It’s really easy to get updates for Windows-based operating systems from Windows 2000 on, through Windows Update If you need to get more information: www.microsoft.com 20
Antivirus Components The definition files The engine A typical antivirus program consists of two components: The definition files The engine 21
Antivirus Maintenance Upgrade (keep current) your Antivirus Engine Updating the Antivirus Definition Files Scanning for Viruses Regularly Fix Infected Computers 22
Summary Summary Exam Essentials Section Written Labs Review Questions 23