Network Security
Download
1 / 58

Network security - PowerPoint PPT Presentation


  • 259 Views
  • Uploaded on

Network Security. Objectives. Types of Attacks Attacks on the OSI & TCP/IP Model Attack Methods Prevention Switch Vulnerabilities and Hacking Cisco Routers Interesting links. Physical Access Attacks Wiretapping Server Hacking Vandalism. Dialog Attacks Eavesdropping Impersonation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Network security' - Rita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Objectives l.jpg
Objectives

  • Types of Attacks

  • Attacks on the OSI & TCP/IP Model

  • Attack Methods

  • Prevention

  • Switch Vulnerabilities and Hacking

  • Cisco Routers

  • Interesting links


Types of attacks l.jpg

Physical Access Attacks

Wiretapping

Server Hacking

Vandalism

Dialog Attacks

Eavesdropping

Impersonation

Message Alteration

Types of Attacks


Types of attacks cont l.jpg

Social Engineering

Opening Attachments

Password Theft

Information Theft

Penetration Attacks

Scanning (Probing)

Break-in

Denial of Service

Malware

Viruses

Worms

Types of Attacks (Cont.)


Risk analysis of the attack l.jpg
Risk Analysis of the Attack

  • What is the cost if the attack succeeds?

  • What is the probability of occurrence?

  • What is the severity of the threat?

  • What is the countermeasure cost?

  • What is the value to protect the system

  • Determine if the countermeasure should be implemented.

  • Finally determine its priority.



Osi model related attacks l.jpg

Session

Password theft

Unauthorized Access with Root permission

Transport & Network:

Forged TCP/IP addresses

DoS Attacks

Application layer:

Attacks on web

Attacks are typically virus

Presentation:

Cracking of encrypted transmissions by short encryption key

OSI Model Related Attacks


Osi model related attacks8 l.jpg

Data Link & Physical

Network Sniffers

Wire Taps

Trojan Horses

Malicious code

OSI Model Related Attacks


Attacks related to tcp packet l.jpg
Attacks Related to TCP Packet

  • Port Number

    • Applications are identified by their Port numbers

    • Well-known ports (0-1023)

      • HTTP=80, Telnet=23, FTP=21 for supervision, 20 for data transfer, SMTP=25

    • Allows applications to be accessed by the root user


Attacks related to tcp packet10 l.jpg
Attacks Related to TCP Packet

  • IP address spoofing

    • Change the source IP address

    • To conceal identity of the attacker

    • To have the victim think the packet comes from a trusted host

    • LAND attack


Attacks related to tcp packet11 l.jpg
Attacks Related to TCP Packet

  • Port Number

    • Registered ports (1024-49152) for any application

    • Not all operating systems uses these port ranges, although all use well-known ports



Attack methods13 l.jpg
Attack Methods

  • Host Scanning

  • Network Scanning

  • Port Scanning

  • Fingerprinting


Attack methods cont l.jpg
Attack Methods (Cont.)

  • Host Scanning

    • Ping range of IP addresses or use alternative scanning messages

    • Identifies victims

    • Types of Host scanning

      • Ping Scanning

      • TCP SYN/ACK attacks


Attack methods cont15 l.jpg
Attack Methods (Cont.)

  • Network Scanning

    • Discovery of the network infrastructure (switches, routers, subnets, etc.)

    • Tracert and applications similar identifies all routers along the route to a destination host


Attack methods cont16 l.jpg
Attack Methods (Cont.)

  • Port Scanning

    • Once a host is identified, scan all ports to find out if it is a server and what type it is

    • Two types:

      • Server Port Scanning

        • TCP

        • UDP

      • Client Port Scanning

        • NetBIOS

        • Ports 135 – 139 used for NetBIOS ports used for file and print services.

        • GRC.com a free website that scan your pc for open ports.


Attack methods cont17 l.jpg
Attack Methods (Cont.)

  • Fingerprinting

    • Discovers the host operating system and applications as well as the version

      • Active (sends)

      • Passive (listen)

    • Nmap does all major scanning methods


Attack methods cont18 l.jpg
Attack Methods (Cont.)

  • Denial-of-Service (DoS) Attacks

    • Attacks on availability

    • SYN flooding attacks overload a host or network with connection attempts

    • Stopping DoS attacks is very hard.


Attack methods cont19 l.jpg
Attack Methods (Cont.)

  • The Break-In

    • Password guessing

    • Take advantage of unpatched vulnerabilities

    • Session hijacking


After the compromise l.jpg
After the Compromise

  • Download rootkit via TFTP

  • Delete audit log files

  • Create backdoor account or Trojan backdoor programs


After the compromise cont l.jpg
After the Compromise (Cont.)

  • Weaken security

  • Access to steal information, do damage

  • Install malicious software (RAT, DoS zombie, spam relay, etc.)



Preventions l.jpg

Stealth Scanning

Access Control

Firewalls

Proxy Servers

IPsec

Security Policies

DMZ

Host Security

Preventions


Stealth scanning l.jpg
Stealth Scanning

  • Noisiness of Attacks

  • Exposure of the Attacker’s IP Address

  • Reduce the rate of Attack below the IDS Threshold

  • Scan Selective Ports


Access control l.jpg
Access Control

  • The goal of access control is to prevent attackers from gaining access, and stops them if they do.

  • The best way to accomplish this is by:

    • Determine who needs access to the resources located on the server.

    • Decide the access permissions for each resource.

    • Implement specific access control policies for each resource.

    • Record mission critical resources.

    • Harden the server against attacks.

    • Disable invalid accounts and establish policies


Firewalls l.jpg

Firewalls are designed to protect you from outside attempts to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

Firewalls


Firewalls cont l.jpg

Hardware to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

Provides a strong degree of protection from the outside world.

Can be effective with little or no setup

Can protect multiple systems

Software

Better suite to protect against Trojans and worms.

Allows you to configure the ports you wish to monitor. It gives you more fine control.

Protects a single system.

Firewalls (Cont.)


Firewalls28 l.jpg
Firewalls to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Can Prevent

    • Discovery

      • Network

      • Traceroute

    • Penetration

      • Synflood

      • Garbage

      • UDP Ping

      • TCP Ping

      • Ping of Death


Proxy l.jpg
Proxy to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • A proxy server is a buffer between your network and the outside world.

  • Use an anonymous Proxy to prevent attacks.


Ipsec l.jpg
IPSec to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Provides various security services for traffic at the IP layer

  • These security services include

    • Authentication

    • Integrity

    • Confidentiality


Ipsec overview how ipsec helps l.jpg
IPsec overview - how IPsec helps to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.


Dmz image l.jpg
DMZ Image to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.


Host security l.jpg
Host Security to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Hardening Servers

  • Cisco IOS

  • Upgrades and Patches

  • Unnecessary Services

  • Network Monitoring tools


Switch vulnerabilities and hacking l.jpg

Switch Vulnerabilities and Hacking to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.


Cdp protocol l.jpg
CDP Protocol to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Used to locate IP address, version, and model.

  • Mass amounts of packets being sent can fake a crash

  • Used to troubleshoot network, but should be disabled.


Arp poisoning l.jpg
ARP Poisoning to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Give users data by poisoning ARP cache of end node.

  • MAC address used to determine destination. Device driver does not check.

  • User can forge ARP datagram for man in the middle attack.


Slide37 l.jpg
SNMP to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • SNMP manages the network.

  • Authentication is weak. Public and Private community keys are clear text.

  • Uses UDP protocol which is prone to spoofing.

  • Enable SNMPv3 without backwards compatibility.


Spanning tree attacks l.jpg
Spanning Tree Attacks to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Standard STP takes 30-45 seconds to deal with a failure or Root bridge change.

  • Purpose: Spanning Tree Attack reviews the traffic on the backbone.


Spanning tree attacks39 l.jpg
Spanning Tree Attacks to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Only devices affected by the failure notice the change

  • The attacker can create DoS condition on the network by sending BPDUs from the attacker.


Slide40 l.jpg

Spanning Tree Attacks (Cont.) to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • STEP 1: MAC flood the access switch

  • STEP 2: Advertise as a priority zero bridge.


Spanning tree attacks cont l.jpg
Spanning Tree Attacks (Cont.) to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

Spanning Tree Attacks (Cont.)

  • STEP 3: The attacker becomes the Root bridge!

    • Spanning Tree recalculates.

    • The backbone from the original network is now the backbone from the attacking host to the other switches on the network.


Stp attack prevention l.jpg
STP Attack Prevention to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Disabling STP can introduce another attack.

  • BPDU Guard

    • Disables ports using portfast upon detection of a BPDU message on the port.

    • Enabled on any ports running portfast


Stp attack prevention43 l.jpg
STP Attack Prevention to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Root Guard

    • Prevents any ports that can become the root bridge due to their BPDU


Csm and csm s l.jpg
CSM and CSM-S to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Cisco Content Switching Modules

  • Cisco Content Switching Module with SSL


Slide45 l.jpg

CDM to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Cisco Secure Desktop

    • 3 major vulnerabilities

      • Maintains information after an Internet browsing session. This occurs after an SSL VPN session ends.

      • Evades the system via the system policies preventing logoff, this will allow a VPN connection to be activated.

      • Allow local users to elevate their privileges.


Slide46 l.jpg

  • Prevention to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

    • Cisco has software to address the vulnerabilities.

    • There are workarounds available to mitigate the effects of some of these vulnerabilities.


Cisco routers l.jpg

Cisco Routers to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.


Cisco routers48 l.jpg
Cisco Routers to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

  • Two potential issues with Cisco Routers

    • Problems with certain IOS software

    • SNMP


Slide49 l.jpg

  • Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

    • Problem with the software

    • Confidential information can be leaked out

    • Software updates on the CISCO site can fix this problem


Slide50 l.jpg

  • Virtual Private Networks to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

Virtual connection 1

Virtual Connection 2


Slide51 l.jpg

  • Virtual Private Networks to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.

Error

Connection

Information leak


Slide52 l.jpg

Cisco uBR10012 series devices automatically enable SNMP read/write access

Since there are no access restrictions on this community string , attackers can exploit this to gain complete control of the device


Slide53 l.jpg

Attacking read/write access

Computer

CISCO Router

By sending an SNMP set request with a spoofed source IP address the attacker will be able to get the Victim router to send him its configuration file.


Slide54 l.jpg

Attacking read/write access

Computer

CISCO Router

With this information, the remote computer will be able to have complete control over this router



Links l.jpg
Links will fix the Read/Write problem

  • http://sectools.org/tools2.html

  • http://insecure.org/sploits/l0phtcrack.lanman.problems.html

  • http://www.grc.com/intro.htm

  • http://www.riskythinking.com

  • http://www.hidemyass.com/


References l.jpg
References will fix the Read/Write problem

  • http://www.bmighty.com/network/showArticle.jhtml;jsessionid=2YYDWJHHX3FL2QSNDLPSKHSCJUNN2JVN?articleID=202401432&pgno=2

  • http://www.juniper.net/security/auto/vulnerabilities/vuln19998.html

  • http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf

  • http://www.askapache.com/security/hacking-vlan-switched-networks.html

  • http://marc.info/?l=bugtraq&m=116300682804339&w=2

  • http://www.secureroot.com/security/advisories/9809702147.html


Slide58 l.jpg

Thank You ! will fix the Read/Write problem

Thank You !

Trish Miller

Trish Miller


ad