1 / 72

SYP: Network Security

SYP: Network Security . Security. Why is it important to understand how attacks work ? Golden Age of Hacking How bad is the problem? How did this happen?. Security Breach Example. 2003 group of hackers were “testing” security of various banks and noticed that one was extremely vulnerable

Download Presentation

SYP: Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. SYP: Network Security

  2. Security • Why is it important to understand how attacks work ? • Golden Age of Hacking • How bad is the problem? • How did this happen?

  3. Security Breach Example • 2003 group of hackers were “testing” security of various banks and noticed that one was extremely vulnerable • Within a couple of hours, they transferred over $10 million dollars from the bank to a private account • Due to bank’s poor network security, attackers tracks were difficult to find • To ensure no prosecution, hackers contacted bank president and gave two options: • Bank could prosecute, but attackers would deny everything and notify media on bank’s poor security • Sign proposal indicating that hacker’s were forming a security assessment at bank’s request for $5 million dollars and hackers would then return the other $5 million. • What choice do you think the bank president chose?

  4. Organizational Problems • Why companies don’t report attacks • Ignorance • Bad publicity • Cost and ineffectiveness of Fixing Existing Systems • Intangible Nature of Security Benefits

  5. The Attacker’s Process • Many ways an attacker can gain access or exploit a system • Some basic steps that hackers follow: • Passive reconnaissance • Active reconnaissance (scanning) • Exploiting the system • Uploading programs • Downloading data • Keeping access by using backdoors and trojan horses • Covering tracks

  6. Passive Reconnaissance • To exploit a system an attacker must have some general information about the user or company • Information gathering • Sniffing

  7. Active Reconnaissance • At this point, an attacker has enough information to try active probing or scanning against a site. • Key information that an attacker will try to discover: • Hosts that are accessible • Locations of routers and firewalls • Operating systems running on key components • Ports that are open • Services that are running • Versions of applications that are running

  8. Exploiting the System • 3 areas to exploit on a system: • Gaining access • Operating system attacks • Application-level attacks • Scripts and sample program attacks • Misconfiguration attacks • Elevation of privileges • Denial of service

  9. Uploading and Downloading Programs • After an attacker has gained access, they usually perform some set of actions on the server. • Most often, hacker will load some programs to the system. • With some attacks, such as corporate espionage, an attacker is after information

  10. Keeping Access • Most cases, after attacker gains access to a system, he will put a back door so that he can return whenever he wants. • Basic back door: are highly detectable • Sophisticated back door: more difficult to detect • Gaining access to the system and create a back door simultaneously

  11. Covering Tracks • After an attacker compromises a machine and creates a back door, the last thing he does is make certain that he does not get caught • Clean up log files • Turn off logging • To protect against hackers – use a program that makes sure key files on the system have not been changed

  12. Information Gathering

  13. Information Gathering • Many companies only concentrate on protecting their systems from a specific exploit when they start building a security infrastructure • Key for a user or organization to know what information an attacker can acquire about them and minimize the potential damage • If the attacker can only gain limited information about the network, they will most likely move on to the next victim

  14. Step 1 Gathering Initial Information • Find out initial information: • Open Source • Whois • Nslookup

  15. Step 2: Discover address range of the network • Find out address range of the network: • ARIN (American Registry for Internet Numbers) • Traceroute

  16. Step 3 Discovering Active Machines • Find active machines: • Ping

  17. Step 4Find Open Ports or Access Points • Applications used to find open ports or access points: • Portscanners • Nmap • ScanPort • War Dialers • THC-Scan

  18. Step 5Figure Out the Operating System • Tools used to determine Operating Systems • Queso • Nmap

  19. Step 6: Figure Out Which Services are Running on Each Port • Tools used to determine which services are running on each port • Default port and OS • Telnet • Vulnerability scanners

  20. Step 7 Map Out the Network • Tools used to map out the network • Traceroute • Visual Ping • Cheops

  21. Spoofing

  22. Types of Spoofing • Types of Spoofing Techniques • IP Spoofing • Email Spoofing • Web Spoofing • Non-Technical Spoofing

  23. IP Spoofing • Basic Address Change • Protection Against Address Changes

  24. IP Spoofing Continued • Source Routing • Allows you to specify the path a packet will take through the Internet • Types: • Loose Source Routing (LSR) • Strict Source Routing (SSR) • Protection Against Source Routing

  25. IP Spoofing Continued • Trust Relationships • Protection Against Trust Relationships

  26. EMAIL Spoofing • Similar Email Address • Protection Against Similar Email Address

  27. EMAIL Spoofing • Modifying a Mail Client • Protection Against Modifying a Mail Client

  28. EMAIL Spoofing • Telnet to Port 25 • Protection Against Telnetting to Port 25

  29. Web Spoofing • Basic Web Spoofing • Protection Against Basic Web Spoofing

  30. Web Spoofing • Man-in-the-Middle Attacks • Protection Against Man-in-the-Middle Attacks

  31. Web Spoofing • URL Rewriting • Protection Against URL Rewriting From Anonymizer.com

  32. Web Spoofing Tracking State: • Cookies • Protection Against Cookies

  33. Web Spoofing Tracking State: • URL Session Tracking • Protection Against URL Session Tracking

  34. Web Spoofing Tracking State: • Hidden Form Elements • Protection Against Hidden Form Elements

  35. General Web Spoofing Protection • Disable JavaScript, ActiveX, etc. • Validate that application is properly tracking users • Make certain users can’t customize their browsers to display important information • Educate the users • Make certain that any form of ID used to track user is long and random

  36. Non-Technical Spoofing • Social Engineering • Reverse Social Engineering • Non-Technical Spoofing Protection

  37. Denial of Service (DOS)

  38. What is a DOS Attack? • Attack through which a person can render a system unusable or significantly reduced by overloading the system’s resources • DOS attacks can be intentional or accidental • Often used by an attacker if they are unable to gain access to a network or machine

  39. Some Types of DOS Attacks • Ping of Death • SSPing • Smurf • CPU Hog

  40. Password Security

  41. Typical Attack • Two of the most common weaknesses on computer systems: • Weak Passwords • Modems

  42. Current State of Passwords • Current state of passwords in most companies and home systems are poor • Software often has default passwords that are rarely changed • Passwords are often chosen that are trivial to guess or have no password at all • Password intervals are too long

  43. History of Passwords • Users often choose simple passwords • Wife’s name • Favorite sport • Date of user’s birthday • Complex passwords are often written down since they are difficult to remember • Ex: W#hg@5d4%d10

  44. Future of Passwords • Single Sign On (SSO) • One password for user’s various applications • Biometrics • Fingerprint scan • Hand scan • Retinal scan • Facial scan • Voice scan

  45. Strong Passwords • Subject to technology • Strong Password criteria: • Changes every 45 days • Minimum length of 10 characters • Must contain at least on alpha, one number, and one special character • Alpha, number, and special characters must be mixed up and not append to the end • Ex: abdheus#7 = Bad • Ex: fg#g3^hs5gw = Good • Cannot contain dictionary workds • Cannot reuse previous five passwords • Minimum password age of 10 days • After 3 failed logon attempts, password is locked for several hours

  46. Why is Password Cracking Important? • To audit the strength of passwords • To recover forgotten/unknown passwords • To migrate users • To use a checks and balance system

  47. Types of Password Attacks • Dictionary Attacks • Brute Force Attacks • Hybrid Attacks • Social Engineering Attacks

  48. SecuringMicrosoft Passwords

  49. Where Are Passwords Stored in Microsoft? • Password hashes for each account are stored in the Security Account Manager (SAM) • \Windows-directory\system32\config\SAM • \Windows-directory\repair

  50. How Does MS Encrypt Passwords? • 2 hash algorithms • One for regular NT hash • MD4 hash algorithm • One for LANMAN hash • Pad password with 0’s to equal 14 character • Combined to attain 16-byte hash value

More Related