Transcript Viruses

Chapter 14: Network Threats and
Mitigation
• Click to edit Master subtitle
style
Chapter 14 Objectives
• The Following CompTIA Network+ Exam Objectives
Are Covered in This Chapter:
• 2.5 Given a scenario, install and apply patches and
updates
• • OS updates
• • Firmware updates
• • Driver updates
• • Feature changes/updates
• • Major vs minor updates
• • Vulnerability patches
• • Upgrading vs downgrading
• o Configuration backup
2
Chapter 14 Objectives
(Cont)
• 3.2 Compare and contrast common network
vulnerabilities and threats
• • Attacks/threats
• o Denial of service
• - Distributed DoS
• Botnet
• Traffic spike
• Coordinated attack
• - Reflective/amplified
• DNS
• NTP
• Smurfing
• - Friendly/unintentional DoS
• - Physical attack
• Permanent DoS
3
Chapter 14 Objectives
(Cont)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
o Wireless
- Evil twin
- Rogue AP
- War driving
- War chalking
- Bluejackng
- Bluesnarfing
- WPA/WEP/WPS attacks
o Brute force
o Session hijacking
o Social engineering
o Man-in-the-middle
o VLAN hopping
o Compromised system
4
Chapter 14 Objectives
(Cont)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
• Vulnerabilities
o Unnecessary running services
o Open ports
o Unpatched/legacy systems
o Unencrypted channels
o Clear text credentials
o TEMPEST/RF emanation
3.3 Given a scenario, implement network hardening
techniques
• Anti-malware software:
o Host-based
o Cloud/server-based
o Security policies
• Disable unneeded network services
5
• Wireless security
Chapter 14 Objectives
(Cont)
• 4.7 Given a scenario, troubleshoot and resolve
common security issues
• • Misconfigured firewall
• • Misconfigured ACLs/applications
• • Malware
• • Denial of service
• • Open/closed ports
• • ICMP related issues
• o Ping of death
• o Unreachable default gateway
• • Unpatched firmware/OSs
• • Malicious users
• o Trusted
• o Untrusted users
• o Packet sniffing
6
Chapter 14 Objectives
(Cont)
•
•
•
•
•
•
•
•
•
•
•
3.7 Summarize basic forensic concepts
• First responder
• Secure the area
o Escalate when necessary
• Document the scene
• eDiscovery
• Evidence/data collection
• Chain of custody
• Data transport
• Forensics report
• Legal hold
7
Recognizing Security Threats
•
•
Viruses are common threats that we hear about all the
time, but, there are many other nasty things out there
as well.
Bad guys who create threats to a network generally
have one of two purposes in mind:
– destruction
– reconnaissance
8
Denial of Service (DoS)
A denial of service (DoS) attack prevents users
from accessing the network and/or its resources.
•
DoS attacks come in a variety of flavors.
•
The Ping of Death
– In a Ping of Death attack, a oversized ICMP packet is
sent to the remote victim flooding the victim’s buffer and
causing the system to reboot or hang helplessly.
9
Figure 14.1
Distributed Denial of Service
(DDoS)
•
Tribe Flood Network (TFN)
Tribe Flood Network 2000 (TFN2K)
– More complex assaults which initiate synchronized
DoS attacks from multiple sources and can target
multiple devices.
– Uses Zombies to carry out the attack
– Called distributed denial of service (DDos) attacks.
– Make use of IP spoofing.
11
Figure 14.2
Denial of Service (DoS)
Attacker
Attacker send ICMP broadcast
To network with false IP address.
Internet
Network overloads victim
with ICMP response.
Victim
13
Denial of Service (DoS)
Attacker sends
multiple SYN
requests to a
Web server.
Web server sends
SYN-ACK replies.
Web Server
?
Web server waits
to complete threeWeb Server Way handshake.
Valid user sends
SYN request.
Web server is
unavailable.
Web Server
SYN Flood
14
Figure 14.5
Figure 14.6
Figure 14.7
Viruses
•
•
•
•
Viruses typically have catchy names like Chernobyl,
Michelangelo, Melissa, I Love You, and Love Bug
Receive a lot of media coverage as they proliferate and cause
damage to a large number of people.
Viruses are little programs causing a variety of bad things to
happen on your computer ranging from merely annoying to
totally devastating.
They can display a message, delete files, or even send out
huge amounts of meaningless data over a network to block
legitimate messages.
18
Viruses
•
•
A key trait of
viruses is that they
can’t replicate
themselves to
other computers
or systems without
a user doing
something like
opening an
executable
attachment in an
email to propagate
them.
Virus
Virus
Virus
Virus
Virus
There are several different kinds of viruses, but the most
popular ones are file viruses, macro (data file) viruses, and
19
boot-sector viruses.
Viruses
•
Multipartite Viruses
– A multipartite virus is one that affects both the boot
sector and files on your computer, making such a
virus particularly dangerous and exasperatingly
difficult to remove.
Memory
Multipartite
Virus
Disk Files
Boot Sector
20
Wireless Threats
•
•
•
•
•
•
War Driving
War Driving
WEP Cracking
WPA Cracking
Rogue Access Points
Evil Twin
21
Attackers and Their Tools
•
IP Spoofing–
•
process of sending packets with a fake source address
Application-Layer Attacks
– Application-layer attacks focus on well-known holes in
software that’s running on our servers.
•
Active-X Attacks
– Attacks your computer through ActiveX and Java
programs (applets).
•
Autorooters
– Autorooters are a kind of hacker automaton. Hackers use
something called a rootkit to probe, scan, and then
capture data on a strategically positioned computer.
•
Backdoors
– Backdoors are simply paths leading into a computer or
network.
•
Network Reconnaissance
– Attackers gather all the information they can about it,
because the more they know about the network, the
22
better they can compromise it.
Attackers and Their Tools
•
Packet Sniffers
– A network adapter card is set to promiscuous mode so it will
receive all packets from the network’s Physical layer to gather
highly valuable sensitive data.
•
Password Attacks
– Password attacks are used discover user passwords so the thief
can pretend they’re a valid user and then access that user’s
privileges and resources.
•
Brute-Force Attacks
– A brute-force attack is another software-oriented attack that
employs a program running on a targeted network trying to log in to
some type of shared network resource like a server.
•
Port-Redirection Attacks
– A port-redirection attack requires a host machine the hacker has
broken into uses to get traffic into a network which wouldn’t be
allowed passage through a firewall.
•
Trust-Exploitation Attacks
– Uses a trust relationship inside your network making the servers
really vulnerable because they’re all on the same segment.
23
Attackers and Their Tools
•
Man-in-the-Middle Attacks
– A man-in-the-middle attack happens when someone intercepts
packets intended for one computer and reads the data.
– A common guilty party could be someone working for your very
own ISP using a packet sniffer and augmenting it with routing
and transport protocols.
– Rogue ATM machines and even credit-card swipers are tools
also increasingly used for this type of attack.
Client
Man in the Middle
Server
24
Attackers and Their Tools
•
IP Spoofing Protection
A hacker attempting an IP spoof and the spoofed IP
address being denied access to the network by the
firewall
25
Attackers and Their Tools
•
Social Engineering (Phishing)
– Hackers are more sophisticated today, they just asked the
network’s users for it.
– Social engineering, or phishing is the act of attempting to obtain
sensitive information by pretending to be a credible source.
– Common phishing tactics include emails, phone calls, or even
starting up a conversation in person.
26
Understanding Mitigation
Techniques
•
•
•
Active Detection
– Software that searches for hackers attempting known
attack methods and scans for the kind of suspicious
activity.
Passive Detection
– Video cameras are a good example of passive intrusiondetection systems.
Proactive Defense
– A proactive defense is something you do or implement to
ensure that your network is impenetrable.
27
Policies and Procedures
•
Security Policies
– Security Audit
– Clean-Desk Policy
– Recording Equipment
– DMZ
DMZ
Web Servers
Internet
Firewall
28
Private
Patches and Upgrades
•
Automatic Updates through Windows Update
– It’s really easy to get updates for Windows-based operating
systems through Windows Update
– If you need to get more information: www.microsoft.com
29
Antivirus Components
A typical antivirus program consists of
two components:
• The definition files
• The engine
30
Antivirus Maintenance
•
• Upgrade (keep current) your Antivirus
Engine
• Updating the Antivirus Definition Files
• Scanning for Viruses Regularly
• Fix Infected Computers
31
Summary
•
•
•
•
Summary
Exam Essentials Section
Written Labs
Review Questions
32