Attack vectors and mitigations
Download
1 / 12

Attack Vectors and Mitigations - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Attack Vectors and Mitigations. Attack Vectors ?. http://en.wikipedia.org/wiki/Vector_%28epidemiology%29 : In epidemiology, a vector is any agent (person, animal or microorganism) that carries and transmits an infectious pathogen into another living organism.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Attack Vectors and Mitigations' - rupali


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Attack vectors
Attack Vectors ?

  • http://en.wikipedia.org/wiki/Vector_%28epidemiology%29:

    • In epidemiology, a vector is any agent (person, animal or microorganism) that carries and transmits an infectious pathogen into another living organism.

  • http://searchsecurity.techtarget.com/definition/attack-vector:

    • In computing, a vectoror attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.

    • Attack vectors enable hackers to exploit system vulnerabilities, including the human element.

    • Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception. All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses.

Network Security


Vector vs payload
Vector vs Payload

  • http://cybercoyote.org/security/vectors.shtml:

    • Don't confuse attack vectors with payloads.

    • payload : malicious code carried by attack vectors -- spyware, Trojan-horses, dialers, destructive code and other malware. Some attacks deliver multiple payloads (warheads).

    • For example, worms attack through the network connection to get in. That's just the first step. Worms usually carry an installer for malware, such as spyware or botware as their payload. The worm's work is done when the payload is installed and running on the computer.

Network Security


Vulnerabilities
Vulnerabilities

  • The million buck question:

    Why not remove all vulnerabilities from the systems?

  • At least two reasons:

    • The computer and networking systems that we use today were designed and developed long before security was considered an important factor in computing. e.g., TCP/IP

    • New attacking schemes keep coming up.

      Q: Is it possible to define a ‘perfectly secure’ system?

      e.g., The castle was an almost perfect defense mechanism until big guns and airplanes emerged.

Network Security


Types of attacks
Types of Attacks

  • Reconnaissance

    • Discovery and mapping of systems, services, or vulnerabilities

  • Unauthorized access

  • Unauthorized modifications

  • Denial of service

    • A service/resource is blocked, degraded, disabled, or corrupted and becomes unavailable to authorized users.

  • Pattern of attack:

    • Mapping the potential victim’s system(s)

    • Gaining access to a user account

    • Escalating privilege

    • Exploiting the system (or using it as a jumping board)

Network Security


Types of attack vectors
Types of Attack Vectors

  • Viruses, Worms, Trojans, Password crackers

  • Buffer overflows

  • IP spoofing, ARP spoofing

  • TCP hijacking (a type of man-in-the-middle attacks)

  • Ping sweeps, Port scanners

  • Packet sniffers

  • Flooding, DoS/DDoS attacks

  • Rootkits and botnets (aka zombie army)

    • The most prevailing threats as reported by the Kaspersky Labs and the Symantec.

    • A master thesis (2011): A comparative analysis of rootkit detection techniques (available at http://sceweb.sce.uhcl.edu/yang/research/sampleTheses.htm)

Network Security


Rootkits and botnets
Rootkits and botnets

  • http://searchsecurity.techtarget.com/definition/botnet:

    • A zombie or bot is often created through an Internet port that has been left open and through which a small Trojan horse program can be left for future activation.

  • http://en.wikipedia.org/wiki/Botnet:

    • Computers are often recruited into a botnet by running malicious software. This may be achieved by luring users with a drive-by download, exploiting web browser vulnerabilities, or tricking the user into running a Trojan horse program, possibly in an email attachment. It will typically install modules which allow the computer to be commanded and controlled by the botnet's owner. The Trojan may delete itself, or may remain present to update and maintain the modules.

    • The controller (aka master) of a botnet directs these compromised computers via standards-based network protocols such as IRC (Internet Relay Chat) and HTTP (Hypertext Transfer Protocol).

Network Security


Mitigation techniques against the attacks
Mitigation Techniques against the Attacks

  • What can and should be done to mitigate these attacks?

    • Viruses, Worms, Trojans, Password crackers

    • Buffer overflows

    • IP spoofing, ARP spoofing

    • TCP hijacking (a type of man-in-the-middle attacks)

    • Ping sweeps, Port scanners

    • Packet sniffers

    • Flooding, DoS/DDoS attacks

    • Rootkits and botnets (aka zombie army)

  • Principles: defense in depth, controls at multiple layers

Network Security


Mitigations at layer 3
Mitigations at Layer 3

  • Deployed on layer-3 devices

    • Firewalls

    • Routers

    • Layer-3 switches

  • Example attacks at layer 3:

    • ICMP Flood (Smurf Attacks)

    • SYN Flood

    • DoS Attacks

    • IP Spoofing

    • Packet interception ?

Network Security


L 3 mitigation techniques
L-3 Mitigation Techniques

  • Mechanisms in IOS

    • Traffic characterization using ACL

    • IP source tracker

    • Antispoofing with ACL, uRPF, IP source guard

    • Packet classification and marking

    • Committed access rate (CAR)

    • Modular QoS CLI (MQC)

    • Traffic policing

    • Network-Based Application Recognition (NBAR)

    • TCP Intercept

    • Policy-Based Routing (PBR)

    • uRPF

    • NetFlow

Network Security


Mitigations at layer 2
Mitigations at Layer 2

  • Deployed on layer-2 devices

  • Bhaiji:

    • Layer 2 attacks are difficult to achieve from outside the network.

    • The attacker needs to be inside the network to be able to abuse layer 2.

  • True? How about attacks against WLAN?

Network Security


Example layer 2 attacks and mitigations
Example Layer-2 Attacks (and mitigations)

Network Security


ad