Date post: | 14-Apr-2018 |
Category: |
Documents |
Upload: | faizul-ghazi |
View: | 221 times |
Download: | 0 times |
of 30
7/30/2019 Module 05 -Network Attacks
1/30
Network SecurityAdministrator
Module V:
Network Attacks
7/30/2019 Module 05 -Network Attacks
2/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objectives
~ Current Statistics
~ Classification of Hackers
~ Types of Attacks
~ Spoofing Attacks
~
Spamming Attacks~ Introduction to:
Eavesdropping
Phishing War Dialing
~ Introduction to:
Social Engineering
Password Cracking Sniffing& Scanning
Wire Tapping
War Driving War Chalking
DoS/ DDoS Attacks
Buffer Over Flow Attacks
7/30/2019 Module 05 -Network Attacks
3/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Flow
Hackers Classification Attacks Classification
DoS/ DDoS attack
Malicious elements
Current statistics
War DialingPhishing
Spoofing, SpammingEavesdropping
Sniffing, Scanning
Social Engineering
Password CrackingWire Tapping
Buffer Over FlowWar DrivingWar Chalking
7/30/2019 Module 05 -Network Attacks
4/30EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Current Statistics
Source: Survey conducted by CSI/FBI on Types of Attacks or Misuse Detected inthe last 12 months
7/30/2019 Module 05 -Network Attacks
5/30EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Defining Terms: Threats, Attack and Exploit
~ Threat:
A circumstance, event, or person with
the potential to cause harm to asystem in the form of destruction,disclosure, data modification, and/orDenial of Service (DoS)
~ Attack: An assault on system security that
derives from an intelligent threat
~
Exploit: A way to breach the security of an IT
system through a vulnerability
7/30/2019 Module 05 -Network Attacks
6/30EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Classification of Hackers
~ Black Hat:
Also called as cracker or dark side hacker
Negotiates the security of the system
without authorized access
~ White Hat:
Focuses on securing IT systems
Alerts owners of the systems against security
flaws and break-in attempts
~ Grey Hat:
Combination of black hat and white hat hackers
Intrudes into a system and does no damage~ Ethical Hackers:
Holds extensive knowledge and skills concerning theweb
Evaluates sensitive information gathered andapplies robust measures to ensure security
7/30/2019 Module 05 -Network Attacks
7/30EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Classification of Attacks
~ Internal Attack:
Attack initiated by an authorizedentity for misusing the resourcesinside the security perimeter
~ External Attack:
Attack initiated by an unauthorized orillegitimate user of the system outsidethe security perimeter
7/30/2019 Module 05 -Network Attacks
8/30EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Trojan
~ Malicious program that is masqueraded as legitimate software
~ Has spying capabilities that facilitate computers to be controlled
remotely~ Dropper
Trojan spreading other malware
~
Configures the network of zombie computers for launching DDosattacks
~ Two parts:
Server
Present on the server system
Client
Present on the attackers system
7/30/2019 Module 05 -Network Attacks
9/30EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Virus
~ Malicious program that replicates itself with humanintervention
~
Major virus types: Boot Sector Infectors
Attacks the susceptible boot program on thebootable floppy disk
File Infectors
Attack and modify .EXE and .COM programfiles
Macro Viruses Use built-in programming languages of
popular applications for creating maliciousmacros
7/30/2019 Module 05 -Network Attacks
10/30EC-Council
Copyright byEC-CouncilAll Rights reserved. Reproduction is strictly prohibited
Worm
~ Malicious program that replicates itself withouthuman intervention
~ Categories:
E-mail Worms
Spread through infected e-mails
Instant messaging Worms
Spread through instant messagingapplications
Internet Worms
Scan the internet for vulnerablemachines and try gaining access
File- sharing Network Worms
Copy themselves to a shared folder with
a harmless name
7/30/2019 Module 05 -Network Attacks
11/30EC-Council
Copyright byEC-CouncilAll Rights reserved. Reproduction is strictly prohibited
Rootkit
~ Set of tools to control a compromisedcomputer in a network
~ Hides running processes, files or system dataenabling attacker to access a system withoutuser knowledge
~ Types:
Kernel level rootkit: Appends additional code and/or
replaces a portion of kernel codewith modified code for hiding a
backdoor on a computer Application level rootkit:
Modifies the behavior of existingapplications using hooks, patches,
injected code
7/30/2019 Module 05 -Network Attacks
12/30EC-Council
Copyright byEC-CouncilAll Rights reserved. Reproduction is strictly prohibited
Spoofing Attacks
~ Through a spoofing attack,the attacker aims to create a
contextthat misleads thevictim to make impropersecurity-related decisions
~ Attacker can impersonatelocal system IP addressesthrough spoofing techniques
~ Countermeasures:
Filtering packets passingthrough Internet via the router
Blocking unauthorized packets
7/30/2019 Module 05 -Network Attacks
13/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Spamming Attacks
~ Method of sending unsolicited e-mails in bulk
~ Drawback:
Decrease in system performance
Slow e-mail transfers
~ Countermeasures:
Review e-mail headers to identify the ownerof the e-mail
Configure the router to block incomingpackets from the specified address
Augment the logging capabilities to detect oralert of such activity
7/30/2019 Module 05 -Network Attacks
14/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Eavesdropping
~ Intercepting and viewing the contents andcommunications in an unauthorized way
~
Electronic eavesdropping: Use of electronic transmitting or
recording device to monitorconversations in a covert manner
~ Eavesdrop Techniques via
Phone lines
instant messaging
7/30/2019 Module 05 -Network Attacks
15/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Phishing
~ Form of social engineering wheremasquerading is used for stealing fiscal
information~ Stands for password harvesting fishing
~ Term originated from the use ofsophisticated methods to fish users foracquiring sensitive information
~ Phishing Techniques:
Phishing through negotiated web servers
Phishing through port redirection
Phishing exploiting botnets, which arecomputers that are remotely controlled byattacker
7/30/2019 Module 05 -Network Attacks
16/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
War Dialing
~ Process of dialing large number oftelephone numbers to locate:
Insecure modems and dial-inaccounts
Inventory and lock down devices andband devices
Break-in attempts
~War Dialing Tools:
Toneloc
SecureLogix Telesweep Secure
Sandstorm PhoneSweep
7/30/2019 Module 05 -Network Attacks
17/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Social Engineering
~ Tricking a person into disclosinginformation
~ Obtains confidential information fromlegitimate users
~ Technical flaws in computer systemsthat intruders exploit
~ Lack of security awareness or gullibilityof computer users
~ Attacks at two levels:
Physical
Psychological
7/30/2019 Module 05 -Network Attacks
18/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Password Cracking
~ Process of recovering the originalform of passwords stored inencrypted form in a computer
~ Weak passwords make themvulnerable
~ Attacker accesses a hashed password
either by: Reading a password verification table
Intercepting a hashed passwordtransferred over the network
Password guessing
~ Countermeasure:
Shadowing password files in UNIXenhances password security
7/30/2019 Module 05 -Network Attacks
19/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Sniffing
~ Sniffer program monitors network traffic
~ Carried out for legitimate purposes such as
network data administration and illegitimateworks such as stealing of network information
~ Objectives of Sniffing are:
Stealing of:
Passwords
Email text
Files in transfer
~ Sniffing Countermeasures: Encrypting traffic containing confidential
information
Using instrument software to locate snifferposition in the network
7/30/2019 Module 05 -Network Attacks
20/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Types of Sniffing
~ Passive Sniffing:
Sniffing through a hub
Termed as passive as it is difficult to detect
Trojans are used for installing sniffers in the network
~Active Sniffing:
Sniffing through a switch
Difficult to sniff
Can be easily detected
Common techniques:
ARP Spoofing
MAC Flooding
7/30/2019 Module 05 -Network Attacks
21/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Scanning
~ Network scanning is a procedure foridentifying active hosts on a network,
either for the purpose of attacking themor for network security assessment
~ Objectives:
Detects systems running on the network
Discovers active/running ports
Performs fingerprinting I.e discovering
operating systems running on the targetsystem
Identifies the services running/listening on
the target system
f i
7/30/2019 Module 05 -Network Attacks
22/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Types of Scanning
~ Port Scanning:
Connecting to TCP/UDP ports on the
target system to trace the servicesrunning in a listening state
~ Network Scanning:
Identifying active hosts on a networkfor the purpose of attack or as a networksecurity assessment
~ Vulnerability Scanning:
Identifying the vulnerabilities ofcomputing systems in a network
Consists of a scanning engine and acatalog(list of files)
W b P D f
7/30/2019 Module 05 -Network Attacks
23/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Web Page Defacement
~ Unlawful modification of websites
~ Also called as web-jacking,site vandalism, cyber-graffiti
~ Expensive and critical to victims
~ Types:
Visible defacements
Make hackers popular in their community
Invisible defacements
Hamper the website's effectiveness by modifying the visibility of site to searchengines
~ Countermeasure
SigNet web defacement protection method Based on detached digital signatures
SQL I j i
7/30/2019 Module 05 -Network Attacks
24/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
SQL Injection
~ Technique of injecting SQL (Standard QueryLanguage) commands to exploit non-validated input
susceptibilities in a web application database back end~ Programmers employ sequential commands with user
input, which facilitates attackers to inject commands
Attackers can execute random SQL commands
through the web application
Wi t i
7/30/2019 Module 05 -Network Attacks
25/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Wiretapping
~ Screening of telephone conversations by athird party secretly
~
Two types: Passive wiretapping:
Similar to eavesdropping process
Active wiretapping:
Altering the contents of thecommunication
7/30/2019 Module 05 -Network Attacks
26/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
War Driving, War Chalking, War Flying
~ War driving:
Using a laptop's wireless NIC set in
licentious mode for detecting unsecuredwireless LAN signals
~ War flying:
Activity of using an aero plane and a Wi-Fi-
equipped computer, (laptop,PDA etc) fordetecting Wi-Fi wireless networks
~ War chalking:
Marking series of distinct symbols onedifices for indicating access points in thevicinity
Symbols describe the settings to connect to
wireless networks through the Internet
7/30/2019 Module 05 -Network Attacks
27/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Denial of Service Attacks (D0S)
~ Disables the network by flooding uselessnetwork traffic
~ Ping of death and teardrop attacks exploitsthe limitations in the TCP/IP protocols
~ Basic Types of Attack:
Resources Consumption:
Bandwidth
Resources Starvation:
CPU time or disk space
Disruption of Physical NetworkComponents:
Failures of applications or operating systemscomponents
7/30/2019 Module 05 -Network Attacks
28/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Distributed Denial of Service Attacks (DDos)
~ Involves compromising computers andinstalling an application that initiatespacket flooding to a target system
~ DDoS tools use Client/Serverarchitecture to direct attacks
~ DDoS attacks tools:
Trinoo
Tribe Flood Net
TFN2K
~ Countermeasure: Filtering incoming and outgoing packets
B ff O fl Att k
7/30/2019 Module 05 -Network Attacks
29/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Buffer Overflow Attacks
~ A type of DoS attack
~ Occurs when applications writes content that exceeds buffer size
~
Buffer: Area of computer memory for temporary data storage
Restricted in size
~ E-mails with attachments consisting of over 256-character can result in buffer
overflow
Summary
7/30/2019 Module 05 -Network Attacks
30/30
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Summary
~ Threat is an event that harms the system, Attack is the damage to the securityof the system; Exploit is to break the security of the system through a weakpoint
~ Trojan is a malicious program that impersonates as a genuine software~ Virus is a malicious program that replicates itself by creating copies
~ Worm is a malicious program that replicates itself without the help of otherprograms
~ Spamming attack is sending unwanted e-mails in bulk
~ Password cracking is the technique of recovering the original form ofpasswords present in the decrypted forms in the system
~ Sniffing is employing a sniffer program to examine the network traffic
~ Denial of Service Attacks (DoS) is the unavailability of services to authenticusers
~ Buffer overflow occurs when the systems applications write content that isbeyond the buffer size