SPR100 Week 7 Lecture - Network Security I PDF
Document Details
Tags
Summary
This document provides a lecture review of week 6 and week 7 topics in network security. The document covers numerous concepts, including the death of the perimeter, network threats, WiFi vulnerabilities, denial-of-service attacks, and botnets. The lecture format and its content, focused on network security, show a course structure oriented towards understanding cybersecurity and networking.
Full Transcript
SPR100: Week 7 Network Security I Lecture Review: Week 6 Introduction to Cryptography Cipher Methods: stream, block and hash Cryptographic Algorithms Cryptographic Tools This Week Death of the Perimeter Network Threats WiFi Network Vulnerabilities Denial of Ser...
SPR100: Week 7 Network Security I Lecture Review: Week 6 Introduction to Cryptography Cipher Methods: stream, block and hash Cryptographic Algorithms Cryptographic Tools This Week Death of the Perimeter Network Threats WiFi Network Vulnerabilities Denial of Service (DoS) Distributed DoS (DDoS) Botnets Death of the Perimeter “Castle” model is now dead Death of the Perimeter “Castle” model is now dead Impractical/Impossible It is impractical/impossible to force all information in an organization through a single point in the network New mechanisms for attacking networks are constantly emerging (e.g., smart phones, tablets, cars, IoT…) Line between “good guys” and “bad guys” has become blurred Death of the Perimeter “City” model Indistinct perimeter Multiple ways of entering the network Access control will be at an object level e.g. you will determine which buildings a person will be able to access You have to secure the internal network: Internal firewalls and internal intrusion detection systems (IDS) Virtual LANs Central authentication servers Encrypted internal traffic Introduction Cryptography provides message CIA Modern Networks have additional vulnerabilities Means of Delivery Route of Delivery Redirected Access Communication Media Vulnerability From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Network Security Attacks Threats Interception Modification Fabrication Interruption From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. What Makes a Network Vulnerable to Interception? Anonymity Many points of attack Sharing System complexity From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Unknown Perimeter From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Unknown Path From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Modification and Fabrication Sequencing Substitution Data Corruption Insertion From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Modification and Fabrication From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Interruption: Loss of Service Routing Excessive demand Component failure From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Port Scanning From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. WiFi Network Vulnerabilities Vulnerabilities in Wireless Networks Confidentiality Integrity Availability From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Wireless Security No control as to where: The wireless is being sent The access is being granted from Wireless Network Access Misconceptions 1. It’s difficult to listen to a wireless transmission 2. People do not walk around trying to find open/weak networks (e.g. war driving) 3. Wire products come with excellent encryption so must be secure Unauthorized Wireless Access Evil Twin Access Point Wireless DoS − Disassociation & Jamming Wireless DoS − Disassociation & Jamming There are WiFi monitoring systems that offer a disassociation and jamming feature Purpose is to only allow approved WiFi networks Many business use such tools A particularly interesting case: Marriott jams wifi hotspots Failed Countermeasure: WEP Wired equivalent privacy, or WEP, was designed at the same time as the original 802.11 WiFi standards as the mechanism for securing those communications Weaknesses in WEP were first identified in 2001, four years after release More weaknesses were discovered over the course of years, until any WEP-encrypted communication could be cracked in a matter of minutes From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. WEP Weaknesses Weak encryption key Static key – rarely changed Weak encryption process – could be brute-forced easily From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. WPA (WiFi Protected Access) WPA was designed in 2003 as a replacement for WEP and was quickly followed in 2004 by WPA2 Non-static encryption key Authentication From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. WPA2 The 802.11i wireless security standard based protocol was introduced in 2004. Improvement of WPA2 over WPA was the usage of the Advanced Encryption Standard (AES). AES is approved by the U.S. government for encrypting the information classified as top secret, so it must be good enough to protect home networks. WPA3 In January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2 March 11th, 2019: Serious flaws leave WPA3 vulnerable to hacks that st eal Wi-Fi passwords Since March 2019 updates have been released 802.11: False Security Turning Off Service set identifier (SSID) Broadcasting SSID is an identifier for an AP Users must know the SSID to use the AP Drive-by hacker needs to know the SSID to break in Aps frequently broadcast their SSIDs Some writers favour turning off of this broadcasting Turning off SSID broadcasting can make access more difficult for ordinary users Will not deter the attacker because he or she can read the SSID. Transmitted in the clear in each transmitted frame 802.11: False Security MAC Access Control Lists Access points can be configured with MAC access control lists Only permit access by stations with NICs having MAC addresses on the list However, MAC addresses are sent in the clear in frames, so attackers can learn them Attacker can then spoof one of these addresses Denial of Service (DoS) DoS Attacks What is a Denial of Service (DoS) attack? An attempt to make a server or network unavailable to legitimate users by flooding it with attack packets Malicious intent What is NOT a DoS attack? Faulty coding that causes a system to fail (human error) Referrals from large websites that overwhelm smaller websites DoS Attacks: Goals Ultimate goal is to cause harm, including: Sales Reputation Employee productivity Two main ways to causes harm: Slowly degrading services Stopping critical services DoS attacks can sometimes expose a vulnerability DoS Flooding – Malicious Code Smurf Echo-Chargen SYN flood Ping Flood From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Smurf Attack From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. SYN Flood Floods victim with SYN messages TCP Three-way Handshake TCP/IP Three-way Handshake Host sends a TCP SYNchronize packet to Server Server receives A's SYN Server sends a SYNchronize- ACKnowledgement Host receives Servers's SYN-ACK Host sends ACKnowledge Server receives ACK. TCP socket connection is ESTABLISHED DoS: Addressing Failures Prevents data from getting to victim Methods: DNS Spoofing Rerouting Routing Source Routing DNS Spoofing Standard Query and Response MitM Responds First From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. DoS: DNS Attacks A DNS translates an internet name to an address It uses a cache of recently used names to improve performance DDoS Attacks Distributed Denial of Service attacks DoS attacks from multiple sources at once Attacks usually from botnets Botnet: Krebs Attack and Mirai (2016) Krebs Attack and Meris (2021) Image Source: Wikipedia Bots Updatable attack programs – sometimes called Zombies Bot-master can update the software to change the type of attack the bot can perform May sell or lease the botnet to other criminals Bot-master can update the bot to fix bugs Bot-master can control bots via a handler Handlers are an additional layer of compromised hosts who are used to manage large groups of bots DDoS From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Fixing and Updating Bots DDoS Attack Botnets Layered networks of bots (zombies) Hierarchical in structure Command and Control centres instruct individual bots: Pushed: C&C sends instructions to bot Pulled: Bot calls C&C regularly to see if there is work Botnets From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Detour: Mirai Botnet Attack on Krebs www.krebsonsecuriy.com: Well-known and respected IT security website It is the website of Brian Krebs a well-known security blogger He does in-depth research and analysis of cybercrime throughout the world Pre-attack: Site hosted on Akamai – a large internet infrastructure company Hosting is free of charge Detour: Mirai Botnet Attack on Krebs DDoS attack – there had been multiple attacks prior Attacked started 20 September 2016 24,000 systems, mostly IoT (e.g. DVRs, security cameras etc) 600 gigabits per second of time-wasting network traffic. Note: 600 Gb/s is equivalent to about 60,000 fast home networks all turning their entire bandwidth onto Krebs at the same time, or a 600,000 regular ADSL connections at once (assuming a one megabit per second upload speed). Detour: Mirai Botnet Attack on Krebs Post Attack: Krebs asked to move his website Why the attack on Krebs? Not confirmed but…. The attack happened not long after Krebs outed a DDoS-for-hire service called vDOS, leading to the arrest of two young hackers in Israel. Mirai Botnet Malware Botnet malware Badly programmed Unfinished Mirai Malware Package The Mirai bot, called simply bot in the source code, is written in C, and has three main components: A call-home system A set of attack routines A network scanner Mirai Source Code Package Source code includes a command-and-control tool, called cnc, written in Go Go’s compiler directly supports 7 different computer architectures Has over 60 built-in usernames and passwords Summary & Review Death of the Perimeter Network Threats WiFi Network Vulnerabilities Denial of Service (DoS) Distributed DoS (DDoS) Botnets