security+ guide to network security fundamentals, third edition chapter 4 network vulnerabilities...

Security+ Guide to Network Security Fundamentals, Third EditionChapter 4Network Vulnerabilities and Attacks

Security+ Guide to Network Security Fundamentals, Third Edition

Objectives

Explain the types of network vulnerabilities List categories of network attacks Define different methods of network attacks

2


Network Vulnerabilities

There are _________ broad categories of network vulnerabilities: Those based on the network transport ________ Those found in the network ________ themselves

Let’s take a look at each…

3


Media-Based Vulnerabilities ______________ network traffic

Helps network administrator to _______________________ ________________________________

Monitoring traffic can be done in _________ ways:1. Use a __________________________________

Configure a switch to ____________________ that flows through some or all ports ___________________________ on the switch

See graphic on next slide…

2. Install a __________________ (test access point) A _______________________ that can be installed _____________

___________________, such as a switch, router, or firewall, to ______________________

See graphic two slides down…

4

Security+ Guide to Network Security Fundamentals, Third Edition 5

Media-Based Vulnerabilities (continued)

Media-Based Vulnerabilities (continued) ________________ computer

Can be a ______________________________ Can be a regular computer running

_____________________________ software Also known as a ____________________ _____________________________________________

____________________________-

See example on next slide…


Media-Based Vulnerabilities (continued) Just as network taps and protocol analyzers

can be used for legitimate purposes They also can be used by ______________ to

intercept and view network traffic Attackers can access the wired network in the

following ways: False ceilings Exposed wiring Unprotected RJ-45 jacks

9


Four common Network Device Vulnerabilities

1. ___________________________ A password is a secret combination of letters and

numbers that serves to _____________ (validate) a user by what he knows

Password paradox Lengthy and complex passwords should be used and

__________________________ It is very difficult to memorize these types of passwords Passwords can be set to expire after a set period of time,

and a new one must be created Therefore a password can provide ___________

11


Network Device Vulnerabilities (continued) Characteristics of weak passwords:

A _______________ used as a password ____________ passwords unless forced to do so Passwords that are _____________ __________________ in a password Using the __________________ for all accounts _____________ the password down

12



(continued)2. _______________________

A user account on a device that is ____________________ by the ______________ instead of by an administrator

Used to make the _____________________ and installation of the device easier

Intended to be __________________________ is completed, but often they are not

Default accounts are often the first targets that attackers seek Why?

13



(continued)3. ________________________

An account that is ___________ without the administrator’s knowledge or permission, that _____________________, and that ____________________________________ Can by created by programmer of software to allow

convenient access to device for troubleshooting Back doors can be created on a network device in

two ways: The network device can be ____________________ using

a virus, worm, or Trojan horse to insert the back door A ________________________________ creates a back

door on the device

14



(continued)

4. __________________ (talked about in Chapter 2) It is possible to _____________________ in the

_______________________ to gain access to resources that the user would normally be restricted from obtaining

15


Categories of Attacks Conducted Against Networks..

Include Denial of service Spoofing Man-in-the-middle Replay attacks

16


Denial of Service (DoS) Denial of service (DoS) attack

Attempts to ___________________________________ __________________________________________________________________________________________

Distributed denial of service (DDoS) attack A _____________ of the DoS May use hundreds or thousands of ________________ in

a botnet to _________________________________- Impossible to identify and block the source of the attack

Example: _________________ attack See Figure 4-4

17


SYN

SYN

SYN

SYN

SYN

SYN+ ACK

SYN+ ACK

SYN+ ACK

SYN+ ACK

SYN+ ACK

Server waiting several minutes for ACK replies but not receiving it from any computer

- Server runs out of resources and can no longer function


Example #1 of DoS attack

19

- Attacker can flood the radio frequency spectrum with interference to prevent legitimate communication from getting through



1.3.

2.

If the ACK is not returned, the packet is resent



21

Forces device to temporarily disconnect from the wireless network


Spoofing AKA impersonation

________________________________________ by ________________________________

Variety of different attacks use spoofing Attacker may _______________________ so that her

malicious actions would be attributed to a valid user Attacker may _____________________________

_____________________________________ Attacker can set up his AP device and trick all

___________________________________________________________________________-

22


Man-in-the-Middle attack Works by _________________ (attacker)

________________________________________________________________________ Makes it seem that two computers are

communicating with each other directly when actually there is a “middle man” seeing/modifying the traffic

________ attacks _______________________ before they are sent on to the recipient

________ attacks ________________________, _____________ and _______ to original recipient

23

Replay attack Similar to a passive man-in-the-middle attack

Instead of sending traffic to the recipient immediately, the captured data is ________________________________________

A simple replay would involve the man-in-the-middle ____________________ between the computer and the server and attempting to login at a later time

A more sophisticated attack takes advantage of the communications between a __________________ Administrative messages that contain specific network requests are

frequently sent between a network device and a server A replay attack could _______________________________________

_____________________. The server might respond thinking the message came from a _______________________________________

Security+ Guide to Network Security Fundamentals 24

Methods of Network Attacks

Protocol-based Targeting vulnerabilities in network protocols is a

common method of attack since the ___________ is ____________________________ itself Any system that uses this protocol is vulnerable

Wireless Attacks unique to wireless networks have been

created

More to come…


Protocol-Based Attacks Antiquated protocols

_____________ protocols have been updated often to address __________________________

__________ is another updated protocol Used for __________________________ between

networked devices The use of community strings in the first two versions of

the protocol- SNMPv1 and SNMPv2- created several vulnerabilities Also information was not sent in encrypted fashion

SNMPv3 is much more secure Uses ___________________________________



Protocol-Based Attacks (continued) DNS attacks

Domain Name System (_______________) is the basis for ____________________________ today

DNS ____________________ ___________ a ________________________ so

that when a user enters a symbolic name, she is ____________________________________

27


Protocol-Based Attacks (continued)

Fraudulent IP address

How can this IP address substitution take place?


Protocol-Based Attacks (continued) Substituting a fraudulent IP address can be

done in one of two different _____________:1. TCP/IP ___________________ name system

If no entry exists for the requested name entered, the external DNS system is referenced

Attackers can target the __________________

Or – the second location..

29

Protocol-Based Attacks (continued)2. External _____________________

Attack is called ____________________ (also called _________________)

DNS servers exchange information between themselves AKA ________________________ Attacker attempts to convince the authentic DNS server

to ______________________________ sent from the _____________________________________

See Figure 4-11 on following slide


Attacker sends a request to resolve a URL to IP address…

Valid DNS server doesn’t know and asks DNS server controlled by attacker

Name server sends IP addresses to the valid (victim) DNS server- which are actually IP addresses to the attacker’s addresses.

-These IP addresses map to legit URL’s

Request from any users will go to attacker’s IP address


Protocol-Based Attacks (continued) DNS poisoning can be ________________

________________________ software, _______ (Berkeley Internet Name Domain) or __________ (DNS Security Extensions)

______________________ Almost the ___________________________ Attacker asks the _______________________

_______________, known as a DNS transfer Possible for the attacker to _____________________

________ of the organization supporting the DNS server

32


Protocol-Based Attacks (continued) Address Resolution Protocol (_______)

_______________________________________________________________________________

The IP address and the corresponding MAC address are stored in an ARP cache for future reference

ARP ____________________ An attacker could ________________________

________________ so that the corresponding IP address would ______________________

33


Protocol-Based Attacks (continued) TCP/IP hijacking takes advantage of a weakness in

the TCP/IP protocol The TCP header consists of _____________ that

are used as _____________________________ Updated as packets are sent and received between

devices Packets may arrive out of order

________________ any packets with ___________ sequence numbers than has been ____________________________

Receiving device will _______________ any packets with __________________________ numbers than has been received and acknowledged

34


Protocol-Based Attacks (continued)

If both sender and receiver have incorrect sequence numbers, the connection will “hang”

TCP/IP hijacking In a TCP/IP hijacking attack, the attacker creates

fictitious (“spoofed”) TCP packets to take advantage of the weaknesses

See handout for example of TCP/IP hijacking

35

Wireless Attacks

In addition to TCP/IP attacks such as TCP/IP hijacking and ARP poisoning, attacks _____ __________________ have been created


Rogue Access Points Access Point that is _________________

_________________ (in a vulnerable location) behind the firewall

An attacker who can access the network through a rogue access point is _________ ________________________________ Can ________ attack all devices on the network

Rogue APs ________________________ and opens the entire network and all users to direct attacks

37


Rogue Access Points (continued)

38

War Driving

____________________ At regular intervals, a wireless AP sends a beacon frame to

______________________________________________________________________ that want to join the network Used to establish and maintain communications

Scanning Wireless devices which _______________________

Wireless location mapping AKA _____________ ______________________________________________

RF transmission Process of finding a WLAN signal and recording

information about it


War Driving (continued)

War driving can involve using an ________ to search for wireless signals over a large area but also _________ or a ____________ could be used

Tools for conducting war driving: __________________ device _________________ adapters ________________ Global positioning system receiver

To precisely locate the wireless network _______________ to connect to the wireless network


What is Bluetooth? A wireless technology that uses short-range RF

transmissions and ________________________ _____________________ to a wide range of computing / telecommuncation _____________

Provides for ________________________ between devices

The __________________ standard was adapted and expanded from the existing Bluetooth standard

Two types of 802.15.1 network topologies ___________ – Same channel contains __________ and

at _____________________ ______________ – Connection in which ____________

__________________________________________


Bluesnarfing and Blue Jacking ____________________

The ___________________________ from a wireless device __________________________

Allows an attacker to _____________________, contact lists, etc By simply connecting to that Bluetooth device

_________ the _____________________________

__________________ _______________________ from Bluetooth to

Bluetooth-enabled devices No data is stolen


Other Attacks and Frauds Null sessions

_______________________ to a Microsoft __________________________ computer that ________________________________

Could allow an attacker to connect to open a channel over which he could gather information about the device

Pose a serious ________________ to vulnerable computers and _______________________ to the operating systems

Later versions of Windows are not vulnerable to null session attacks



Other Attacks and Frauds (continued) Domain Name Kiting

A type of fraud that involves _______________ ______________ to do something unscrupulous __________________________

________________ are organizations that are ____________________________ ________________________________ A five-day Add Grade Period (AGP) permits

registrars to delete any newly registered Internet domain names and give a full refund of the registration fee

44


Other Attacks and Frauds (continued) Domain Name Kiting (continued)

Unscrupulous registrants attempt to _________ _______________________ by ____________ _____________________________________

Recently expired domain names are indexed by search engines

Visitors are _________________________________ Which is usually a single page Web with paid advertisement

links Visitors who click on these links _____________

___________________________________

45

Summary

Network vulnerabilities include media-based vulnerabilities and vulnerabilities in network devices

The same tools that network administrators use to monitor network traffic and troubleshoot network problems can also be used by attackers

Network devices often contain weak passwords, default accounts, back doors, and vulnerabilities that permit privilege escalation

Network attacks can be grouped into four categories


Summary (continued)

Protocol-based attacks take advantage of vulnerabilities in network protocols

Attacks on wireless systems have increased along with the popularity of wireless networks

Other network attacks include null sessions, which are unauthenticated connections to a system using a legacy version of Microsoft windows

Domain Name Kiting is fraud that involves the use of a grace period to delete newly registered domain names


security+ guide to network security fundamentals, third edition chapter 4 network vulnerabilities...

Documents

network security fundamentals

security guide

slide slide

wired network

network taps

network administrator

network transport

view network traffic