Network Attacks PDF
Document Details
Uploaded by ThinnerSalmon79
Sana'a University
Tags
Summary
This document details various network vulnerabilities and attacks, including denial-of-service (DoS) attacks, interception, and poisoning to breach security. It provides definitions and explanations with illustrative examples for students.
Full Transcript
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 3 Networking-Based Attacks Objectives Explain the types of network vulnerabilities (Third Edition, Chapter 4) List different types of networking-based attacks...
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 3 Networking-Based Attacks Objectives Explain the types of network vulnerabilities (Third Edition, Chapter 4) List different types of networking-based attacks (Fourth Edition, Chapter 3) Security+ Guide to Network Security Fundamentals 2 Network Vulnerabilities There are several vulnerabilities found in the network devices including: – Default accounts – Back doors – Privilege escalation Security+ Guide to Network Security Fundamentals, Third Edition 3 Network Device Vulnerabilities (continued) Default account – A user account on a device that is created automatically by the device instead of by an administrator – Used to make the initial setup and installation of the device (often by outside personnel) easier Although default accounts are intended to be deleted after the installation is completed, often they are not Default accounts are often the first targets that attackers seek Security+ Guide to Network Security Fundamentals, Third Edition 4 Network Device Vulnerabilities (continued) Security+ Guide to Network Security Fundamentals, Third Edition 5 Network Device Vulnerabilities (continued) Back door – An account that is secretly set up without the administrator’s knowledge or permission, that cannot be easily detected, and that allows for remote access to the device – Back doors can be created on a network device in two ways 1. The network device can be infected by an attacker using a virus, worm, or Trojan horse 2. A programmer of the software creates a back door on the device Security+ Guide to Network Security Fundamentals, Third Edition 6 Network Device Vulnerabilities (continued) Privilege escalation – It is possible to exploit a vulnerability in the network device’s software to gain access to resources that the user would normally be restricted from obtaining Security+ Guide to Network Security Fundamentals, Third Edition 7 Network Attacks Categories of Network Attacks – Denial of service (DoS) – Interception Man-in-the-middle Replay attacks – Poisoning ARP Poisoning DNS poisoning Security+ Guide to Network Security Fundamentals, Fourth Edition 8 Denial of Service (DoS) Denial of service (DoS) attack – Attempts to consume network resources so that the network or its devices cannot respond to legitimate requests and perform normal functions – DoS attack types: 1. Ping flood attack 2. Smurf attack 3. SYN flood 4. Distributed Denial of service (DDoS) Security+ Guide to Network Security Fundamentals, Fourth Edition 9 Denial of Service (DoS) – Ping flood attack Ping utility used to send large number of echo request messages (ICMP protocol) Overwhelms Web server – Smurf attack Ping request with originating address spoofed Appears as if target computer is asking for response from all computers on the network – SYN flood attack Takes advantage of TCP/IP 3-way handshake procedures for establishing a connection Security+ Guide to Network Security Fundamentals, Fourth Edition 10 Denial of Service (DoS) (continued) SYN flood attack Normal Operation Of three way handshake 11 Ref: http://en.wikipedia.org/wiki/SYN_flood http:// SYN Flood 11 Figure 3-9 SYN flood attack © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 12 Denial of Service (DoS) Distributed denial of service (DDoS) – Attacker uses many zombie computers in a botnet to flood a device with requests – Virtually impossible to identify and block source of attack – Most DoS are of this type Security+ Guide to Network Security Fundamentals, Fourth Edition 13 Interception Man-in-the-middle – Interception of legitimate communication and forging a fictitious response to the sender – Can be active or passive Passive attack records transmitted data Active attack alters contents of transmission before sending to recipient Security+ Guide to Network Security Fundamentals, Fourth Edition 14 Interception (cont’d.) Security+ Guide to Network Security Fundamentals, Fourth Edition 15 Interception (cont’d.) Replay attacks – Similar to passive man-in-the-middle attack – Attacker makes copy of transmission Uses copy at a later time – Example: capturing logon credentials More sophisticated replay attacks – Attacker captures network device’s message to server – Later sends original, valid message to server – Establishes trust relationship between attacker and server Security+ Guide to Network Security Fundamentals, Fourth Edition 16 Interception (cont’d.) Replay Attack example Sender Attacker File server 1. Sends message 2. Intercepts message 3. Sends message to create Creates link with link with the file server attacker 4. Alters message and sends Reject altered to the file server message 5. Alters message correctly Accepted correctly and send to file server altered message Security+ Guide to Network Security Fundamentals, Third Edition 17 Poisoning ARP poisoning – Address Resolution Protocol (ARP) Used by TCP/IP on an Ethernet network to find the MAC address of another device The IP address and the corresponding MAC address are stored in an ARP cache for future reference Security+ Guide to Network Security Fundamentals 18 Poisoning ARP poisoning (Cont’d) – An attacker could alter the MAC address in the ARP cache so that the corresponding IP address would point to a different computer Table 3-3 ARP poisoning attack Security+ Guide to Network Security Fundamentals, Fourth Edition 19 Poisoning (cont’d.) Table 3-4 Attacks from ARP poisoning Security+ Guide to Network Security Fundamentals, Fourth Edition 20 Poisoning (cont’d.) DNS poisoning – Domain Name System (DNS) is the current basis for name resolution to IP addresses – DNS poisoning substitutes DNS addresses to redirect computer to another device Two locations for DNS poisoning – Local host table – External DNS server DNS poisoning can be prevented by using the latest editions of the DNS software, BIND (Berkeley Internet Name Domain) Security+ Guide to Network Security Fundamentals, Fourth Edition 21 Poisoning (cont’d.) Security+ Guide to Network Security Fundamentals, Fourth Edition 22 Poisoning (cont’d.) Security+ Guide to Network Security Fundamentals, Fourth Edition 23 Poisoning (cont’d.) Figure 3-12 DNS poisoning © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 24 Summary Network devices often contain weak passwords, default accounts, back doors, and vulnerabilities that permit privilege escalation List of network attacks includes DoS, Interception and Poisoning Security+ Guide to Network Security Fundamentals, Fourth Edition 25