Network Vulnerabilities and Attacks. Dr. John Abraham UTPA. Media Based Vulnerabilities. Port mirroring Protocol sniffers Network tap These can be used to monitor traffic at the same time can be used to steal information. False ceilings, easy access to add an RJ45 Exposed wiring
Network Vulnerabilities and Attacks Dr. John Abraham UTPA
Media Based Vulnerabilities • Port mirroring • Protocol sniffers • Network tap • These can be used to monitor traffic at the same time can be used to steal information. • False ceilings, easy access to add an RJ45 • Exposed wiring • Unused rj-45 jacks
How attacker can see traffic • Switch flooding – then a switch acts like a hub • Mac address impersonation • Fake network redirect • Router advertisements • Fake device redirect (table 4-1 p.123)
Network Device vulnerabilities Weak passwords Default accounts Back doors Privilege escalation
Weak passwords Do not use names or single word –attackers can use dictionary. Change passwords as frequently as you can Keep passwords to include several words and numbers Do not use same password for all accounts Do not write down passwords
Default accounts User accounts on devices you buy These passwords are available on the internet
Back Doors Done by programmers or consultants Even backdoor passwords are installed in firmware.
Categories of Attacks Denial of Service – consume network resources. Example, continuous SYN Distributed denial of service (DDoS) Use hundreds of zombie computers. See figure 4-4 p.127. Spoofing-impersonation. Attacker may use IP address of a trusted source. Man-in-the-middle. Middle computer replaces messages going back and forth. Replay. Middle computer makes a copy of the message before sending it.
Methods of network attacks Protocol based Antiquated protocols-some equipment still support old protocols such as old SNMP DNS attacks-DNS poisoning. Altering IP addresses ARP poisoning – altering MAC address TCP/IP hijacking – Spoofed TCP packets.
Wireless Attacks Rogue Access Points – access points installed without sufficient security by unauthorized person who has access to wired LAN. WAR driving. Searching for wireless beaconing. Bluesnarfing – unauthorized access of information through bluetooth.