Transcript - SlideBoom

Network Security
Objectives
•
•
•
•
•
•
•
Types of Attacks
Attacks on the OSI & TCP/IP Model
Attack Methods
Prevention
Switch Vulnerabilities and Hacking
Cisco Routers
Interesting links
https://www.pass4sureexam.com/640-554.html
Types of Attacks
• Physical Access
Attacks
– Wiretapping
– Server Hacking
– Vandalism
https://www.pass4sureexam.com/640-554.html
Trish Miller
• Dialog Attacks
– Eavesdropping
– Impersonation
– Message Alteration
Types of Attacks (Cont.)
• Penetration Attacks
–
–
–
–
Scanning (Probing)
Break-in
Denial of Service
Malware
• Viruses
• Worms
https://www.pass4sureexam.com/640-554.html
Trish Miller
• Social Engineering
– Opening Attachments
– Password Theft
– Information Theft
Risk Analysis of the Attack
•
•
•
•
•
•
What is the cost if the attack succeeds?
What is the probability of occurrence?
What is the severity of the threat?
What is the countermeasure cost?
What is the value to protect the system
Determine if the countermeasure should be
implemented.
• Finally determine its priority.
OSI & TCP/IP Related
Attacks
https://www.pass4sureexam.com/640-554.html
OSI Model Related Attacks
• Application layer:
– Attacks on web
– Attacks are typically
virus
• Presentation:
– Cracking of encrypted
transmissions by short
encryption key
• Session
– Password theft
– Unauthorized Access
with Root permission
• Transport & Network:
– Forged TCP/IP
addresses
– DoS Attacks
OSI Model Related Attacks
• Data Link &
Physical
–
–
–
–
Network Sniffers
Wire Taps
Trojan Horses
Malicious code
https://www.pass4sureexam.com/640-554.html
Attacks Related to TCP Packet
• Port Number
– Applications are identified by their Port
numbers
– Well-known ports (0-1023)
• HTTP=80, Telnet=23, FTP=21 for supervision,
20 for data transfer, SMTP=25
– Allows applications to be accessed by the
root user
Attacks Related to TCP Packet
• IP address spoofing
– Change the source IP address
– To conceal identity of the attacker
– To have the victim think the packet comes
from a trusted host
– LAND attack
Attacks Related to TCP Packet
• Port Number
– Registered ports (1024-49152) for any
application
– Not all operating systems uses these port
ranges, although all use well-known ports
Attack Methods
https://www.pass4sureexam.com/640-554.html
Attack Methods
•
•
•
•
Host Scanning
Network Scanning
Port Scanning
Fingerprinting
Attack Methods (Cont.)
• Host Scanning
– Ping range of IP addresses or use
alternative scanning messages
– Identifies victims
– Types of Host scanning
• Ping Scanning
• TCP SYN/ACK attacks
Attack Methods (Cont.)
• Network Scanning
– Discovery of the network infrastructure
(switches, routers, subnets, etc.)
– Tracert and applications similar identifies all
routers along the route to a destination host
Attack Methods (Cont.)
• Port Scanning
– Once a host is identified, scan all ports to find
out if it is a server and what type it is
– Two types:
• Server Port Scanning
– TCP
– UDP
• Client Port Scanning
– NetBIOS
– Ports 135 – 139 used for NetBIOS ports used for file
and print services.
– GRC.com a free website that scan your pc for open
ports.
Attack Methods (Cont.)
• Fingerprinting
– Discovers the host operating system and
applications as well as the version
• Active (sends)
• Passive (listen)
– Nmap does all major scanning methods
Attack Methods (Cont.)
• Denial-of-Service (DoS) Attacks
– Attacks on availability
– SYN flooding attacks overload a host or
network with connection attempts
– Stopping DoS attacks is very hard.
Attack Methods (Cont.)
• The Break-In
– Password guessing
– Take advantage of unpatched vulnerabilities
– Session hijacking
After the Compromise
• Download rootkit via TFTP
• Delete audit log files
• Create backdoor account or Trojan
backdoor programs
After the Compromise (Cont.)
• Weaken security
• Access to steal information, do
damage
• Install malicious software (RAT, DoS
zombie, spam relay, etc.)
Prevention
https://www.pass4sureexam.com/640-554.html
Preventions
•
•
•
•
Stealth Scanning
Access Control
Firewalls
Proxy Servers
•
•
•
•
IPsec
Security Policies
DMZ
Host Security
Stealth Scanning
• Noisiness of Attacks
• Exposure of the Attacker’s IP Address
• Reduce the rate of Attack below the IDS
Threshold
• Scan Selective Ports
Access Control
• The goal of access control is to prevent
attackers from gaining access, and stops them if
they do.
• The best way to accomplish this is by:
– Determine who needs access to the resources
located on the server.
– Decide the access permissions for each resource.
– Implement specific access control policies for each
resource.
– Record mission critical resources.
– Harden the server against attacks.
– Disable invalid accounts and establish policies
Firewalls
• Firewalls are designed to protect
you from outside attempts to
access your computer, either for
the purpose of eavesdropping on
your activities, stealing data,
sabotage, or using your machine as
a means to launch an attack on a
third party.
Firewalls (Cont.)
• Hardware
– Provides a strong degree of
protection from the outside
world.
– Can be effective with little or no
setup
– Can protect multiple systems
• Software
– Better suite to protect against
Trojans and worms.
– Allows you to configure the ports
you wish to monitor. It gives you
more fine control.
– Protects a single system.
Firewalls
• Can Prevent
– Discovery
• Network
• Traceroute
– Penetration
•
•
•
•
•
Synflood
Garbage
UDP Ping
TCP Ping
Ping of Death
Proxy
• A proxy server is a buffer between your network and the
outside world.
• Use an anonymous Proxy to prevent attacks.
https://www.pass4sureexam.com/640-554.html
IPSec
• Provides various security services for traffic at
the IP layer
• These security services include
– Authentication
– Integrity
– Confidentiality
https://www.pass4sureexam.com/640-554.html
IPsec overview - how IPsec helps
Problem
How IPsec
helps
Details
Unauthorized
system access
Authentication,
tamperproofing
Defense in depth by isolating
trusted from untrusted
systems
Targeted
attacks of highvalue servers
Authentication,
tamperproofing
Locking down servers with
IPsec. Examples: HR
servers, Outlook® Web
Access (OWA), DC
replication
Eavesdropping
Authentication,
confidentiality
Defense in depth against
password or information
gathering by untrusted
systems
Government
guideline
compliance
Authentication,
confidentiality
Example: “All
communications between
financial servers must be
encrypted.”
DMZ Image
https://www.pass4sureexam.com/640-554.html
Host Security
•
•
•
•
•
Hardening Servers
Cisco IOS
Upgrades and Patches
Unnecessary Services
Network Monitoring tools
Switch Vulnerabilities and
Hacking
https://www.pass4sureexam.com/640-554.html
CDP Protocol
• Used to locate IP address, version, and
model.
• Mass amounts of packets being sent can
fake a crash
• Used to troubleshoot network, but should
be disabled.
ARP Poisoning
• Give users data by poisoning ARP cache
of end node.
• MAC address used to determine
destination. Device driver does not check.
• User can forge ARP datagram for man in
the middle attack.
SNMP
• SNMP manages the network.
• Authentication is weak. Public and
Private community keys are clear text.
• Uses UDP protocol which is prone to
spoofing.
• Enable SNMPv3 without backwards
compatibility.
Spanning Tree Attacks
• Standard STP takes 30-45 seconds to
deal with a failure or Root bridge
change.
• Purpose: Spanning Tree Attack reviews
the traffic on the backbone.
Spanning Tree Attacks
• Only devices affected by the failure
notice the change
• The attacker can create DoS condition
on the network by sending BPDUs
from the attacker.
Trish Miller
Spanning Tree Attacks (Cont.)
• STEP 1: MAC flood the access switch
• STEP 2: Advertise as a priority zero
bridge.
SpanningTree
TreeAttacks
Attacks (Cont.)
(Cont.)
Spanning
• STEP 3: The attacker becomes the
Root bridge!
– Spanning Tree recalculates.
– The backbone from the original network is
now the backbone from the attacking host
to the other switches on the network.
STP Attack Prevention
• Disabling STP can introduce
another attack.
• BPDU Guard
– Disables ports using portfast upon
detection of a BPDU message on
the port.
– Enabled on any ports running
portfast
STP Attack Prevention
• Root Guard
– Prevents any ports that can become the
root bridge due to their BPDU
CSM and CSM-S
• Cisco Content Switching Modules
• Cisco Content Switching Module with
SSL
https://www.pass4sureexam.com/640-554.html
CDM
• Cisco Secure Desktop
– 3 major vulnerabilities
• Maintains information after an Internet
browsing session. This occurs after an SSL
VPN session ends.
• Evades the system via the system policies
preventing logoff, this will allow a VPN
connection to be activated.
• Allow local users to elevate their privileges.
• Prevention
– Cisco has software to address the
vulnerabilities.
– There are workarounds available to mitigate
the effects of some of these vulnerabilities.
Trish Miller
Cisco Routers
https://www.pass4sureexam.com/640-554.html
Cisco Routers
• Two potential issues with Cisco
Routers
– Problems with certain IOS software
– SNMP
https://www.pass4sureexam.com/640-554.html
• Devices running Cisco IOS versions
12.0S, 12.2, 12.3 or 12.4
– Problem with the software
– Confidential information can be leaked out
– Software updates on the CISCO site can fix
this problem
•Virtual Private Networks
Virtual connection 1
Virtual Connection 2
•Virtual Private Networks
Error
Connection
Information leak
Trish Miller
• Cisco uBR10012 series devices automatically
enable SNMP read/write access
• Since there are no access restrictions on this
community string , attackers can exploit this to
gain complete control of the device
https://www.pass4sureexam.com/640-554.html
CISCO
Router
Attacking
Computer
By sending an SNMP set request with a spoofed source IP address
the attacker will be able to get the Victim router to send him its
configuration file.
CISCO
Router
With this information, the remote computer will be able to
have complete control over this router
Attacking
Computer
• Fixes- Software updates available on
the CICSO site that will fix the
Read/Write problem
https://www.pass4sureexam.com/640-554.html
Links
•
•
•
•
•
http://sectools.org/tools2.html
http://insecure.org/sploits/l0phtcrack.lanman.problems.html
http://www.testbells.com/
http://www.examcollectionvce.com/
http://www.hidemyass.com/
References
• http://www.bmighty.com/network/showArticle.jhtml;jsessionid=2YYDWJHHX3
FL2QSNDLPSKHSCJUNN2JVN?articleID=202401432&pgno=2
• http://www.juniper.net/security/auto/vulnerabilities/vuln19998.html
• http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-converyswitches.pdf
• http://www.askapache.com/security/hacking-vlan-switched-networks.html
• http://marc.info/?l=bugtraq&m=116300682804339&w=2
• http://www.secureroot.com/security/advisories/9809702147.html
https://www.pass4sureexam.com/640-554.html