CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

Slides:



Advertisements
Similar presentations
Module X Session Hijacking
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Web server security Dr Jim Briggs WEBP security1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security and Penetration Testing
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
INTRODUCTION TO WEB DATABASE PROGRAMMING
Session Hijacking & ARP Poisoning Why web security depends on communications security and how TLS everywhere is the only solution.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Chapter 13 – Network Security
Networks QUME 185 Introduction to Computer Applications.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Jozef Goetz, Application Layer PART VI Jozef Goetz, Position of application layer The application layer enables the user, whether human.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Protecting Students on the School Computer Network Enfield High School.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2 Security Controls 3.3 Views 3.4 Security in Oracle 3.5 Web.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
CHAPTER 9 Sniffing.
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
Department of Information Engineering1 About your assignment 5 -layers Model Application Layer(HTTP, DNS,...) TCP Layer(add sequence number to packets)
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence.
Internet Security and Firewall Design Chapter 32.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Presentation on ip spoofing BY
Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.
Introduction to Networking
Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.
Network Security: IP Spoofing and Firewall
Computer Networks ARP and RARP
Wireless Spoofing Attacks on Mobile Devices
Presentation transcript:

CHAPTER 11 Spoofing Attack

INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The objective is providing false information about principal’s identity to obtain unauthorized access to systems and their services Spoofing Is Tampering Activity Spoofing is a tampering activity because the hacker convinces a host computer that the hacker is another, trusted host computer, and therefore should receive information.

INTRODUCTION Spoofing Is Identity Forgery The concept of assuming the identity of another is central to the nature of the spoof Example: IP spoofing attack Spoofing Is an Active Attack Against Identity Checking Procedures Spoofing at its core involves sending message that is not what is claims to be Message that been sent belong to different people more trusted than the actual Identity of the sender was left recorded in error

INTRODUCTION Spoofing Is Possible at All Layers of Communication Spoofing can operate at all layers in between the client and server For example: the simplest level of spoof involves physically overpowering or incepting trusted communication Splicing into a trusted fiber optic link and inserting malicious streams of data is a definite spoof

INTRODUCTION Spoofing Is Always Intentional Somebody plan to do it either directly or indirectly Such as malfunction or misconfiguration that cause the network down is treat as spoofing attack Spoofing May Be Blind or Informed Blind spoofing involves submitting identifying information without the full breadth of knowledge that the legitimate user has access to

INTRODUCTION Attacker can only send and has to make assumptions or guess about reply Informed attacks in which the attacker can monitor Participate in bidirectional communications Spoofing does not involve supplying the exact credentials of the legitimate identity

INTRODUCTION Spoofing Is Not the Same Thing as Betrayal Users abuse their powers and cause a security breach, they’ve not spoofed anything They were granted the power and the freedom to use them Spoofing Is Nothing New Attack against identity are nothing new in human existence

INTRODUCTION Spoofing Is Not Always Malicious Spoofing is not always attack Some network redundancy schemes rely on automated spoofing in order to take over the identity of a downed server

TYPES OF SPOOFING TCP/IP Spoofing A hacker can use IP source routing to specify a direct route to a destination and a return path back to the origination. The hacker is able to intercept or modify transmissions without encountering packets destined for the true host by using routers. Thus, the IP spoofing attack is an extraordinary method of gaining access because in it, the cracker never uses a username or password. IP spoofing is quite complex and very easily prevented.

TYPES OF SPOOFING Hyperlink Spoofing Hyperlink spoofing is one common attack hackers can use against computer communications using the hypertext transport protocol (HTTP). Hackers can perform attacks on the Secure Socket Layers (SSL) server authentication protocol used in creating secure Web browsers and servers. A “man-in-the-middle” hacker can persuade the browser to connect to a fake server while the browser presents the usual appearances of a secure session.

TYPES OF SPOOFING Web Spoofing Web spoofing allows the hacker to observe or modify any data going from the victim to Web servers. The hacker can control all return traffic from Web servers to the victim. The false Web looks like the real one, including all the same pages and links as the real Web. However, the hacker completely controls the false Web so that all network traffic between the victim’s browser and the Web goes through the hacker.

IMPACTS OF SPOOFING Subtle Spoofs And Economic Sabotage Subtlety Will Get You Everywhere Selective Failure for Selecting Recovery Attacking SSL through Intermittent Failures

WHAT TO SPOOF? For the moment the list of vulnerable services is short indeed: Configuration using Sun RPC calls Sun RPC refers to Sun Microsystems' standard of Remote Procedure Calls, which are methods of issuing system calls that work transparently over networks. Network service that utilizes IP address authentication IP address authentication uses the IP address as an index.

WHAT TO SPOOF? The target machine authenticates a session between itself and other machines by examining the IP address of the requesting machine. The R services In the UNIX environment, the R services are rlogin and rsh. The r represents the word remote. These two programs are designed to provide users with remote access to other machines on the Internet. The R services are vulnerable to IP spoofing attacks.

SPOOFING PROTECTION TCP/IP Spoofing The best defense against IP spoofing attacks is to filter packets as the packets enter your router from the Internet, thereby blocking any packet that claims to have originated inside your local domain. This is most commonly done with a router. Some of the router brands that support packet- filtering include: 1. Bay Networks/Wellfleet, version 5 and later 2. Cabletron with LAN secure 3. Cisco, RIS software version 9.21 and later

SPOOFING PROTECTION Hyperlink Spoofing One possible solution to prevent hyperlink spoofing is to make the users’ browsers start up on a secure page, so that users can trust their initial links and a hacker can never send them anywhere suspicious. trustworthy sites can be determined based on the following two criteria: 1. The site is securely-run. 2. The site only serves pages with hyperlinks to sites that are run securely.

SPOOFING PROTECTION Web Spoofing Although Web spoofing is nearly an undetectable security attack, the best defense is: 1. Disable JavaScript, Java, and VBScript in your browser so the hacker cannot hide the evidence of the attack. 2. Make sure your browser’s location line is always visible. 3. Pay attention to the URLs your browser’s location line displays, making sure the URLs always point to the server to which you think you are connected.