Transcript Chapter 1
7.2 Threats in Networks
Network Security / G. Steffen
1
In This Section
What makes a network Vulnerable
Reasons for network attacks
Who Attacks Networks?
Who are the attackers? Why people attack?
Threats in Transit: Eavesdropping and Wiretapping
Different ways attackers attack a victim
Network Security / G. Steffen
2
What Makes a Network Vulnerable 1
How network differ from a stand-alone environment:
Anonymity
Attacker can mount an attack from thousands of miles away;
passes through many hosts
Many points of attack
Both targets and origins
An attack can come from any host to any host
Sharing
More users have the potential to access networked systems
than on single computers
Network Security / G. Steffen
3
What Makes a Network Vulnerable 2
How network differ from a stand-alone environment:
Complexity of System
Reliable security is difficult to obtain
Complex as many users do not know what their computers are
doing at any moment
Unknown Perimeter
One host may be a node on two different networks
Causing uncontrolled groups of possibly malicious users
Unknown Path
Can have multiple paths from one host to another.
Network Security / G. Steffen
4
Who Attacks Networks
Challenge – what would happen if I tried this approach or
technique? Can I defeat this network?
Fame
Money and Espionage
Organized Crime
Ideaology
Hacktivism – breaking into a computer system with the
intent of disrupting normal operations but not causing
serious damage
Cyberterroism- more dangerous than hacktivism can cause
grave harm such as loss of life or severe economic damage
Network Security / G. Steffen
5
Reconnaissance 1
How attackers perpetrate attacks?
Port Scan
For a particular IP address, the program will gather network
information.
It tells an attacker which standard ports are being used, which
OS is installed on the target system, & what applications and
which versions are present.
Social Engineering
It gives an external picture of the network to the attacker.
Intelligence
Gathering all the information and making a plan.
Network Security / G. Steffen
6
Reconnaissance 2
How attackers perpetrate attacks?
Operating System & Application Fingerprinting
Determining what commercial application server application
is running, what version…
Bulletin Boards & Charts
Exchanging information and techniques online
Availability of Documentation
Vendors provide information on website about their product
in order to develop compatible, complementary applications.
For instance Microsoft
Network Security / G. Steffen
7
Threats in Transit
Eavesdropping
Overhearing without expending any extra effort
Causing harm that can occur between a sender and a
receiver
Wiretapping
Passive wiretapping
Similar to eavesdropping
Active wiretapping
Injecting something into the communication
Network Security / G. Steffen
8
Wiretapping Communication Mediums 1
Cable
Packet sniffer – A device that can retrieve all packets of LAN
Inductance – a process where an intruder can tap a wire and read
radiated signals without making physical contact with the cable
Microwave
Signals are broadcasted through air, making more accessible to
hackers
Signals are not usually shielded or isolated to prevent interception
Satellite Communication
Dispersed over a great area than the indented point of reception
Communications are multiplexed, the risk is small that any one
communication will be interrupted
Greater potential than microwave signals
Network Security / G. Steffen
9
Wiretapping Communication Mediums 2
Optical Fiber
Not possible to tap an optical signal without detection
Inductive tap is not possible as optical fiber carries light
energy
Hackers can obtain data from repeaters, splices , and
taps along a cable
Wireless
Major threat is interception
Network Security / G. Steffen
10
Wiretap Vulnerabilities
Network Security / G. Steffen
11
Other Threats
Protocol Flaws
Authentication Foiled by Guessing
Authentication Thwarted by Eavesdropping or
Wiretapping
Authentication Foiled by Avoidance
Nonexistent Authentication
Well-Known Authentication
Trusted Authentication
Network Security / G. Steffen
12
Other Threats
Impersonation
Easier than wiretapping for obtaining information on a network
More significant threat in WAN than in LAN
Spoofing
An attacker obtains network credentials illegally and carries false
conversations
Masquerade
One hosts pretends to be another
Phishing is a variation of this kind of an attack.
Session hijacking
Intercepting & carrying a session begun by another entity
Man-in-the-Middle Attack
One entity intrudes between two others.
Network Security / G. Steffen
13
Key Interception by a Man-in-the
Middle Attack
Network Security / G. Steffen
14
Message Confidentiality Threats
Misdelivery
Message can be delivered to someone other than the
intended recipient
Exposure
Passive wiretapping is a source of message exposure
Traffic Flow Analysis
Protecting both the content of the message & the header
information that identifies the sender and receiver
Network Security / G. Steffen
15
Message Integrity Threats
Falsification of Messages
An attacker may change content of the message on the
way to the receiver
An attacker may destroy or delete a message
These attacks can be perpetrated by active wiretapping,
Trojan horse, preempted hosts etc
Noise
These are unintentional interferences
Network Security / G. Steffen
16
Denial of Service (DOS)/ Availability Attacks
Transmission Failure
Line cut
Network noise making a packet unrecognizable or
undeliverable
Connection Flooding
Sending too much data
Protocol attacks: TCP, UDP, ICMP (Internet Control
Message Protocol)
Network Security / G. Steffen
17
DOS Attacks 1
Echo-Chargen
Attack works between two hosts
Ping of Death
Flood network with ping packets
Attack limited by the smallest bandwidth to victim
Smurf
It is a variation of ping attack
Syn Flood
Attack uses the TCP protocol suite
Network Security / G. Steffen
18
Distributed Denial of Service (DDoS)
To perpetrate a DDoS attack, an attacker
first plants a Trojan horse on a target
machine. This process is repeated with many
targets. Each of these targets systems then
become what is known as zombie. Then the
attacker chooses a victim and sends a signal
to all the zombies to launch the attack.
It means the victim counters n attacks from
the n zombies all acting at once.
Network Security / G. Steffen
19
Summary
Threats are raised against the key aspects of security :
confidentiality, integrity, and availability.
Target
Vulnerability
Precursors to attack
•Port Scan
•Social Engineering
•Reconnaissance
•OS & Application Fingerprinting
Authentication Failures
•Impersonation
•Guessing
•Eavesdropping
•Spoofing
•Man-in-the Middle Attack
Network Security / G. Steffen
20
Summary
Target
Vulnerability
Programming Flaws
•Buffer Overflow
•Addressing Errors
•Parameter Modifications
•Cookie
•Malicious Typed Code
Confidentiality
•Protocol Flaw
•Eavesdropping
•Passive Wiretap
•Misdelivery
•Cookie
Network Security / G. Steffen
21
Summary
Target
Vulnerability
Integrity
•Protocol Flaw
•Active Wiretap
•Noise
•Impersonation
•Falsification of Message
Availability
•Protocol Flaw
•Connection flooding, e.g., smurf
•DNS Attack
•Traffic Redirection
•DDoS
Network Security / G. Steffen
22