1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Slides:

Advertisements

Similar presentations

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

1 Reading Log Files. 2 Segment Format

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

System Security Scanning and Discovery Chapter 14.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

CCNA 1 v3.1 Module 11 Review.

Firewalls and Intrusion Detection Systems

Computer Security and Penetration Testing

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

OSI Model Routing Connection-oriented/Connectionless Network Services.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

FIREWALL Mạng máy tính nâng cao-V1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Chapter 6: Packet Filtering

CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

--Harish Reddy Vemula Distributed Denial of Service.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

DoS/DDoS attack and defense

Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.

Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.

Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified

DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Working at a Small-to-Medium Business or ISP – Chapter 8

Domain 4 – Communication and Network Security

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Introduction to Networking

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

1 CHAPTER 3 CLASSES OF ATTACK

2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when availability to resource is intentionally blocked or degraded Degrading processes, storage capability, destroying files or shutting down parts of the system or processes Degrading processes, storage capability, destroying files or shutting down parts of the system or processes Degrading the processes by reduces the performance through overload the target system Degrading the processes by reduces the performance through overload the target system

3 Denial of Service (DoS) Degrading processes can also directed at a network application such as FTP, Simple Mail Transfer Protocol (SMTP) or network service IP (Internet Protocol) or Internet Control Message Protocol (ICMP) Degrading processes can also directed at a network application such as FTP, Simple Mail Transfer Protocol (SMTP) or network service IP (Internet Protocol) or Internet Control Message Protocol (ICMP) Example attacks that degrade processes are snork and chargen Example attacks that degrade processes are snork and chargen Both affect Windows NT except if have Service Pack 4 and higher Both affect Windows NT except if have Service Pack 4 and higher

4 Denial of Service (DoS) Snork Snork –send spoofed Remote Procedure Control (RPC) datagrams to the User Datagram Protocol (UDP) destination port 135 –Giving appearance as an attacked RPC server –RPC server sent bad data to another RPC server, then replies with reject packet –Creating a loop that is not broken until a packet is dropped –Waste processor resources and network bandwith

5 Denial of Service (DoS) Chargen Chargen –Functions against Windows NT systems that have the Simple TCP/IP Services –Flood of UDP datagrams is sent from a spoofed source IP address to port 19 (chargen port) to the subnet broadcast adress –Affected Windows NT systems respond to each broadcast –Creating a flood of UDP datagrams on the network

6 Denial of Service (DoS) Smurf Smurf –Performs a network level attack against the target host –Using a router (smurf amplifier) spoofing the source IP address, generates a large amount of ICMP echo traffic –Host that received respond back with an echo reply –Degraded network service availability

7 Denial of Service (DoS) SYN (synchronization) SYN (synchronization) –Accomplished by sending Transmission Control Protocol (TCP) connection requests faster than a system can process them Storage Capability (Degrading) Storage Capability (Degrading) –Use all storage resources –Example The Love Letter Worm –UNIX also not exempted –Destroying Files »Bat, exe, com, dll and sys

8 Denial of Service (DoS) Storage Capability (Degrading) Storage Capability (Degrading) –Shutdown System »Ping of death sending ICMP echo packet of just over bytes »Default packet size 64 bytes –Latest Distributed Denial of Service (DDoS)

9 Information Leakage Gather info from target as much as possible Gather info from target as much as possible Use finger or DNS to get info on layout of network Use finger or DNS to get info on layout of network DNS, determine system names and locations DNS, determine system names and locations Advertising type of search engine or FTP server used, help determine the type of Web server being used Advertising type of search engine or FTP server used, help determine the type of Web server being used Occur in SMTP through application banner, SNMP (Simple Network Management Protocol) Occur in SMTP through application banner, SNMP (Simple Network Management Protocol)

10 File Creation, Reading, Modification, Removal Capability exist in NFS ( Network File System) in statd Capability exist in NFS ( Network File System) in statd Never validate info that received from the remote lockd Never validate info that received from the remote lockd Statd and lockd is used by NFS to maintain crash and recovery functions for file locking Statd and lockd is used by NFS to maintain crash and recovery functions for file locking

11 Misinformation Log files cannot be trusted Log files cannot be trusted

12 Special File/ Database Access Access registry for NT can take over the system, can attack NT that used SP1 and SP 2 Access registry for NT can take over the system, can attack NT that used SP1 and SP 2 DB use standard security, need to put password for all users account DB use standard security, need to put password for all users account

13 How To Secure Against These Classes of Attacks Using commercial scanning software such as Internet Security System, Internet Scanner, Nessus Security Scanner Using commercial scanning software such as Internet Security System, Internet Scanner, Nessus Security Scanner –Scan purpose only, you still need to fix the problem Intrusion Detection System (IDS) such as Network Flight Recorder (NFR) Intrusion Detection System (IDS) such as Network Flight Recorder (NFR) –Purpose to detect / alert of any attacks –Cannot prevent or patch it –Need to find the patches or report to organization that responsible to create patches

14 How To Secure Against These Classes of Attacks Denial of Service (DoS) Denial of Service (DoS) –Windows NT close port 139 (NetBIOS Session Service) that vulnerable to Winnuke at router / firewall –Cisco Routers, to prevent SYN flood, can be prevent by utilizing features in Internetwork Operating System (IOS)11.3 and higher »Has feature TCP intercept

15 How To Secure Against These Classes of Attacks Denial of Service (DoS) Denial of Service (DoS) –Smurf »Disable IP-directed broadcast at each routers »If possible, configure OS not to respond to ICMP packets sent to IP broadcast addresses –DDoS »Block default ports that used by DDoS tools –Traffic flood »Need to contact ISP to prevent it

16 How To Secure Against These Classes of Attacks Information Leakage Information Leakage –Hide banner, version number, OS etc, that could give attacker any info –Changing finger print of your OS File Creation, Reading, Modification, Removal File Creation, Reading, Modification, Removal –Apply all precautions available including patching known vulnerabilities

17 How To Secure Against These Classes of Attacks Misinformation Misinformation –Use Tripwire and keep your system logs on a protected server to prevent them from being tampered with –Tripwire creates a database of all files in your systems and then compares the integrity of them the next time Tripwire is run –LogCheck is useful for verifying you immediately by of problems and security violations that appear in your log

18 How To Secure Against These Classes of Attacks Special File / Database Access Special File / Database Access –Protecting by blocking port 135 (Location Service), 137 (NetBIOS Name Service), 138 NetBIOS Datagram Service), 139 (NetBIOS Session Service) at boundary router so attacker cannot gain access from internet –To protect from inside ensure the winreg key is set in the proper location to limit who has access to the Registries remotely

19 End Of Chapter 3