Download - Threats in Networks- Mani
-
7/31/2019 Threats in Networks- Mani
1/28
Click to edit Master subtitle style
7/12/12
THREATS IN NETWORKS
Presented by,Mani K. Mathew
-
7/31/2019 Threats in Networks- Mani
2/28
7/12/12
Introduction
Network
Client-Server Networks
-
7/31/2019 Threats in Networks- Mani
3/28
7/12/12
-
7/31/2019 Threats in Networks- Mani
4/28
7/12/12
Network Characteristics
1) SHAPE & SIZE
Topology
Boundary Ownership
Control
2) Mode of Communication Analog
Digital
-
7/31/2019 Threats in Networks- Mani
5/28
7/12/12
3) Media
Cable
UTP
Coaxial
Optical fiber
Wireless
Microwave Infrared
Satellite
-
7/31/2019 Threats in Networks- Mani
6/28
7/12/12
4)Protocols
ISO OSI reference model
TCP/IP
5)Type of Networks
LAN
WAN
Internet
-
7/31/2019 Threats in Networks- Mani
7/28
7/12/12
Threats in Networks
CAUSE:
Anonymity
Many points of attack-both targetsand origins
Sharing
Complexity
Unknown perimeter
Unknown path
-
7/31/2019 Threats in Networks- Mani
8/28
7/12/12
Categories of Attack
Active v/s Passive Active:- affects availability, integrity and
authenticity
Passive:- affects confidentiality
Insider attack v/s Outsider attack
Insider attack:-authorized user
Outsider attack:- Unauthorized or illegaluser
-
7/31/2019 Threats in Networks- Mani
9/28
7/12/12
Who??
Why??
How??
When??
-
7/31/2019 Threats in Networks- Mani
10/28
7/12/12
Who??
ANYONE
-
7/31/2019 Threats in Networks- Mani
11/28
7/12/12
Why??
Challenge
Fame
Money & Espionage Organized crime
Ideology
Hactivism
Cyber terrorism
-
7/31/2019 Threats in Networks- Mani
12/28
7/12/12
How??
Attack the vulnerabilities
Reconnaissance(1)Port scan
Which standard ports or services are running
on target system What OS is installed on target system
Versions of applications present
Gets an external picture of network portsopen/closed
-
7/31/2019 Threats in Networks- Mani
13/28
7/12/12
Pinging
Quickest way to determine whetherhost is alive or not
Use ICMP packets Port numbers are defined by 16bit
integers
Total 65536 ports Port scanning accomplished in
different ways
-
7/31/2019 Threats in Networks- Mani
14/28
7/12/12
1) TCP Connect (Not Stealth)
Used by the OS to initiate a TCPconnection to a remote device
Uses 3 way handshake
Hence log will be made
ClosedPort
OpenPort
-
7/31/2019 Threats in Networks- Mani
15/28
7/12/12
2) TCP SYN/Half-Open(Stealth)
SYN packet sentIf listening SYN+ACK comes back
Not listening RST packet received
Usually no logs made
-
7/31/2019 Threats in Networks- Mani
16/28
7/12/12
3) FIN
FIN packet sent
If host alive and not listening RSTpacket sent
If listening, it will not respond
Not applicable in windows machines asRST packet sent back always
-
7/31/2019 Threats in Networks- Mani
17/28
7/12/12
4) XMAS
TCP packet with FIN URG & PUSH flagset is sent
If host listening RST packet sent
If not listening, it will not respond
5) NULLTCP pkt with all flags off is sent
If port is listening, will not respond
Else RST kt sent back
-
7/31/2019 Threats in Networks- Mani
18/28
7/12/12
Countermeasures
Configure firewall to block ICMP
Drop all ACK packets that does notbelong to an established connection
Use stateful firewalls
-
7/31/2019 Threats in Networks- Mani
19/28
7/12/12
Reconnaissance
(2) Social Engineering
Uses social skills and personalinteraction to gain information
(3) Intelligence
Gathering discrete bits of informationand solving puzzle
Includes eavesdropping
-
7/31/2019 Threats in Networks- Mani
20/28
7/12/12
(4) OS and Application fingerprinting
Responses to commands differ withdifferent OS
New functionalities will be absent inolder versions
(5)Bulletin Boards and Chats
(6)Availability of documentation
-
7/31/2019 Threats in Networks- Mani
21/28
7/12/12
When??
Opportunity
-
7/31/2019 Threats in Networks- Mani
22/28
7/12/12
Threats in Transit
Harm that could occur to databetween a sender and a receiver
(1)Eavesdropping
(2)Wiretapping
Passive Wiretapping
Active wiretapping
-
7/31/2019 Threats in Networks- Mani
23/28
7/12/12
1) Wiretapping in Cables
Using packet sniffer- An interface isreprogrammed to have id of anotherhost and it fetches the required
packets Inductance method
-
7/31/2019 Threats in Networks- Mani
24/28
7/12/12
2) Software based packetsniffing Sniffer is a program that sets an NIC
into promiscuous mode
Passive and active attacks
Can be customized to capturespecific traffic
Countermeasure: Use switches insteadof hubs, Anti sniff, Network monitor
-
7/31/2019 Threats in Networks- Mani
25/28
7/12/12
3) Wiretapping in Microwave andSatellite communication
Both have the problem of signalbeing dispersed over an area greaterthan intended point of reception
4) Wiretapping in Optical fiber
Optical fiber uses light energy totransmit msgs
Advantage: Inductance and splicingcant be used
Disadvantage: Tapping can be done at
-
7/31/2019 Threats in Networks- Mani
26/28
7/12/12
5) Wireless media tapping
Major threat: Interception
Strong signals can be picked up byusing tuned antenna
Another Threat: Theft of Service
-
7/31/2019 Threats in Networks- Mani
27/28
7/12/12
Threats in transit contd..
(3) Protocol Flaws
Protocols are well documented andpublished
Flaws identified and utilized
(4) Impersonation
Guess identity & authenticationdetails
Use identity obtained by wiretapping
or other means
-
7/31/2019 Threats in Networks- Mani
28/28
7/12/12
THANKS