Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Fourth Edition

Similar presentations


Presentation on theme: "Security+ Guide to Network Security Fundamentals, Fourth Edition"— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Fourth Edition
Chapter 3 Application and Network Attacks

2 Objectives List and explain the different types of Web application attacks Define client-side attacks Explain how a buffer overflow attack works List different types of denial of service attacks Describe interception and poisoning attacks Security+ Guide to Network Security Fundamentals, Fourth Edition

3 Application Attacks Attacks that target applications Zero day attacks
Category continues to grow Web application attacks Client-side attacks Buffer overflow attacks Zero day attacks Exploit previously unknown vulnerabilities Victims have no time to prepare or defend Security+ Guide to Network Security Fundamentals, Fourth Edition

4 Web Application Attacks
Web applications an essential element of organizations today Approach to securing Web applications Hardening the Web server Protecting the network Security+ Guide to Network Security Fundamentals, Fourth Edition

5 Figure 3-1 Web application infrastructure
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

6 Web Application Attacks (cont’d.)
Common Web application attacks Cross-site scripting SQL injection XML injection Command injection / directory traversal Security+ Guide to Network Security Fundamentals, Fourth Edition

7 Figure 3-2 Web application security
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

8 Cross-Site Scripting (XSS)
Injecting scripts into a Web application server Directs attacks at clients Figure 3-3 XSS attacks © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

9 Cross-Site Scripting (cont’d.)
When victim visits injected Web site: Malicious instructions sent to victim’s browser Browser cannot distinguish between valid code and malicious script Requirements of the targeted Web site Accepts user input without validation Uses input in a response without encoding it Some XSS attacks designed to steal information: Retained by the browser Security+ Guide to Network Security Fundamentals, Fourth Edition

10 Figure 3-4 Bookmark page that accepts user input
without validating and provides unencoded response © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

11 Figure 3-5 Input used as response
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

12 SQL Injection Targets SQL servers by injecting commands
SQL (Structured Query Language) Used to manipulate data stored in relational database Forgotten password example Attacker enters incorrectly formatted address Response lets attacker know whether input is being validated Security+ Guide to Network Security Fundamentals, Fourth Edition

13 SQL Injection (cont’d.)
Forgotten password example (cont’d.) Attacker enters field in SQL statement Statement processed by the database Example statement: SELECT fieldlist FROM table WHERE field = ‘whatever’ or ‘a’=‘a’ Result: All user addresses will be displayed Security+ Guide to Network Security Fundamentals, Fourth Edition

14 SQL Injection (cont’d.)
Table 3-1 SQL injection statements Security+ Guide to Network Security Fundamentals, Fourth Edition

15 XML Injection Markup language HTML XML
Method for adding annotations to text HTML Uses tags surrounded by brackets Instructs browser to display text in specific format XML Carries data instead of indicating how to display it No predefined set of tags Users define their own tags Security+ Guide to Network Security Fundamentals, Fourth Edition

16 XML Injection (cont’d.)
XML attack Similar to SQL injection attack Attacker discovers Web site that does not filter user data Injects XML tags and data into the database Xpath injection Specific type of XML injection attack Attempts to exploit XML Path Language queries Security+ Guide to Network Security Fundamentals, Fourth Edition

17 Command Injection / Directory Traversal
Web server users typically restricted to root directory Users may be able to access subdirectories: But not parallel or higher level directories Sensitive files to protect from unauthorized user access Cmd.exe can be used to enter text-based commands Passwd (Linux) contains user account information Security+ Guide to Network Security Fundamentals, Fourth Edition

18 Command Injection / Directory Traversal (cont’d.)
Directory traversal attack Takes advantage of software vulnerability Attacker moves from root directory to restricted directories Command injection attack Attacker enters commands to execute on a server Security+ Guide to Network Security Fundamentals, Fourth Edition

19 Client-Side Attacks Web application attacks are server-side attacks
Client-side attacks target vulnerabilities in client applications Interacting with a compromised server Client initiates connection with server, which could result in an attack Security+ Guide to Network Security Fundamentals, Fourth Edition

20 Client-Side Attacks (cont’d.)
Drive-by download Client computer compromised simply by viewing a Web page Attackers inject content into vulnerable Web server Gain access to server’s operating system Attackers craft a zero pixel frame to avoid visual detection Embed an HTML document inside main document Client’s browser downloads malicious script Instructs computer to download malware Security+ Guide to Network Security Fundamentals, Fourth Edition

21 Client-Side Attacks (cont’d.)
Header manipulation HTTP header contains fields that characterize data being transmitted Headers can originate from a Web browser Browsers do not normally allow this Attacker’s short program can allow modification Examples of header manipulation Referer Accept-language Security+ Guide to Network Security Fundamentals, Fourth Edition

22 Client-Side Attacks (cont’d.)
Referer field indicates site that generated the Web page Attacker can modify this field to hide fact it came from another site Modified Web page hosted from attacker’s computer Accept-language Some Web applications pass contents of this field directly to database Attacker could inject SQL command by modifying this header Security+ Guide to Network Security Fundamentals, Fourth Edition

23 Client-Side Attacks (cont’d.)
Cookies and Attachments Cookies store user-specific information on user’s local computer Web sites use cookies to identify repeat visitors Examples of information stored in a cookie Travel Web sites may store user’s travel itinerary Personal information provided when visiting a site Only the Web site that created a cookie can read it Security+ Guide to Network Security Fundamentals, Fourth Edition

24 Client-Side Attacks (cont’d.)
First-party cookie Cookie created by Web site user is currently visiting Third-party cookie Site advertisers place a cookie to record user preferences Session cookie Stored in RAM and expires when browser is closed Security+ Guide to Network Security Fundamentals, Fourth Edition

25 Client-Side Attacks (cont’d.)
Persistent cookie Recorded on computer’s hard drive Does not expire when browser closes Secure cookie Used only when browser visits server over secure connection Always encrypted Security+ Guide to Network Security Fundamentals, Fourth Edition

26 Client-Side Attacks (cont’d.)
Flash cookie Uses more memory than traditional cookie Cannot be deleted through browser configuration settings See Project 3-6 to change Flash cookie settings Cookies pose security and privacy risks May be stolen and used to impersonate user Used to tailor advertising Can be exploited by attackers Security+ Guide to Network Security Fundamentals, Fourth Edition

27 Client-Side Attacks (cont’d.)
Session hijacking Attacker attempts to impersonate user by stealing or guessing session token Malicious add-ons Browser extensions provide multimedia or interactive Web content Active X add-ons have several security concerns Security+ Guide to Network Security Fundamentals, Fourth Edition

28 Figure 3-7 Session hijacking
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

29 Client-Side Attacks (cont’d.)
Buffer overflow attacks Process attempts to store data in RAM beyond boundaries of fixed-length storage buffer Data overflows into adjacent memory locations May cause computer to stop functioning Attacker can change “return address” Redirects to memory address containing malware code Security+ Guide to Network Security Fundamentals, Fourth Edition

30 Figure 3-8 Buffer overflow attack
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

31 Network Attacks Denial of service (DoS)
Attempts to prevent system from performing normal functions Ping flood attack Ping utility used to send large number of echo request messages Overwhelms Web server Smurf attack Ping request with originating address changed Appears as if target computer is asking for response from all computers on the network Security+ Guide to Network Security Fundamentals, Fourth Edition

32 Network Attacks Denial of service (DoS) (cont’d.)
SYN flood attack Takes advantage of procedures for establishing a connection Distributed denial of service (DDoS) Attacker uses many zombie computers in a botnet to flood a device with requests Virtually impossible to identify and block source of attack Security+ Guide to Network Security Fundamentals, Fourth Edition

33 Figure 3-9 SYN flood attack
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

34 Interception Man-in-the-middle Replay attacks
Interception of legitimate communication Forging a fictitious response to the sender Passive attack records transmitted data Active attack alters contents of transmission before sending to recipient Replay attacks Similar to passive man-in-the-middle attack Security+ Guide to Network Security Fundamentals, Fourth Edition

35 Interception (cont’d.)
Replay attacks (cont’d.) Attacker makes copy of transmission Uses copy at a later time Example: capturing logon credentials More sophisticated replay attacks Attacker captures network device’s message to server Later sends original, valid message to server Establishes trust relationship between attacker and server Security+ Guide to Network Security Fundamentals, Fourth Edition

36 Poisoning ARP poisoning
Attacker modifies MAC address in ARP cache to point to different computer Table 3-3 ARP poisoning attack Security+ Guide to Network Security Fundamentals, Fourth Edition

37 Poisoning (cont’d.) Table 3-4 Attacks from ARP poisoning
Security+ Guide to Network Security Fundamentals, Fourth Edition

38 Poisoning (cont’d.) DNS poisoning Two locations for DNS poisoning
Domain Name System is current basis for name resolution to IP address DNS poisoning substitutes DNS addresses to redirect computer to another device Two locations for DNS poisoning Local host table External DNS server Security+ Guide to Network Security Fundamentals, Fourth Edition

39 Figure 3-12 DNS poisoning © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

40 Attacks on Access Rights
Privilege escalation Exploiting software vulnerability to gain access to restricted data Lower privilege user accesses functions restricted to higher privilege users User with restricted privilege accesses different restricted privilege of a similar user Security+ Guide to Network Security Fundamentals, Fourth Edition

41 Attacks on Access Rights (cont’d.)
Transitive access Attack involving a third party to gain access rights Has to do with whose credentials should be used when accessing services Different users have different access rights Security+ Guide to Network Security Fundamentals, Fourth Edition

42 Summary Web application flaws are exploited through normal communication channels XSS attack uses Web sites that accept user input without validating it Uses server to launch attacks on computers that access it Client-side attack targets vulnerabilities in client applications Client interacts with compromised server Security+ Guide to Network Security Fundamentals, Fourth Edition

43 Summary (cont’d.) Session hijacking Buffer overflow attack
Attacker steals session token and impersonates user Buffer overflow attack Attempts to compromise computer by pushing data into inappropriate memory locations Denial of service attack attempts to overwhelm system so that it cannot perform normal functions In ARP and DNS poisoning, valid addresses are replaced with fraudulent addresses Access rights and privileges may also be exploited Security+ Guide to Network Security Fundamentals, Fourth Edition


Download ppt "Security+ Guide to Network Security Fundamentals, Fourth Edition"

Similar presentations


Ads by Google