8/13/2019 Security in Networks1
1/22
7.2 Threats in Networks
Network Security / G. Steffen 1
8/13/2019 Security in Networks1
2/22
In This SectionWhat makes a network Vulnerable
Reasons for network attacks
Who Attacks Networks?
Who are the attackers? Why people attack?
Threats in Transit: Eavesdropping and Wiretapping
Different ways attackers attack a victim
Network Security / G. Steffen 2
8/13/2019 Security in Networks1
3/22
What Makes a Network Vulnerable 1 How network differ from a stand-alone environment:
Anonymity
Attacker can mount an attack from thousands of miles away;passes through many hosts
Many points of attack
Both targets and origins
An attack can come from any host to any host
Sharing
More users have the potential to access networked systemsthan on single computers
Network Security / G. Steffen 3
8/13/2019 Security in Networks1
4/22
How network differ from a stand-alone environment:
Complexity of System
Reliable security is difficult to obtain
Complex as many users do not know what their computers aredoing at any moment
Unknown Perimeter
One host may be a node on two different networks
Causing uncontrolled groups of possibly malicious users
Unknown Path
Can have multiple paths from one host to another.
Network Security / G. Steffen 4
What Makes a Network Vulnerable 2
8/13/2019 Security in Networks1
5/22
Who Attacks Networks Challenge what would happen if I tried this approach or
technique? Can I defeat this network?
Fame
Money and Espionage
Organized Crime
Ideaology
Hacktivismbreaking into a computer system with theintent of disrupting normal operations but not causingserious damage
Cyberterroism- more dangerous than hacktivism can causegrave harm such as loss of life or severe economic damage
Network Security / G. Steffen 5
8/13/2019 Security in Networks1
6/22
Reconnaissance 1 How attackers perpetrate attacks?
Port Scan
For a particular IP address, the program will gather networkinformation.
It tells an attacker which standard ports are being used, whichOS is installed on the target system, & what applications andwhich versions are present.
Social Engineering It gives an external picture of the network to the attacker.
Intelligence
Gathering all the information and making a plan.
Network Security / G. Steffen 6
8/13/2019 Security in Networks1
7/22
How attackers perpetrate attacks?
Operating System & Application Fingerprinting
Determining what commercial application server applicationis running, what version
Bulletin Boards & Charts
Exchanging information and techniques online
Availability of Documentation
Vendors provide information on website about their productin order to develop compatible, complementary applications.For instance Microsoft
Network Security / G. Steffen 7
Reconnaissance 2
8/13/2019 Security in Networks1
8/22
Threats in Transit Eavesdropping
Overhearing without expending any extra effort
Causing harm that can occur between a sender and areceiver
Wiretapping
Passive wiretapping
Similar to eavesdropping Active wiretapping
Injecting something into the communication
Network Security / G. Steffen 8
8/13/2019 Security in Networks1
9/22
Wiretapping Communication Mediums 1 Cable
Packet sniffer A device that can retrieve all packets of LAN
Inductance a process where an intruder can tap a wire and readradiated signals without making physical contact with the cable
Microwave Signals are broadcasted through air, making more accessible to
hackers
Signals are not usually shielded or isolated to prevent interception
Satellite Communication Dispersed over a great area than the indented point of reception
Communications are multiplexed, the risk is small that any onecommunication will be interrupted
Greater potential than microwave signals
Network Security / G. Steffen 9
8/13/2019 Security in Networks1
10/22
Wiretapping Communication Mediums 2 Optical Fiber
Not possible to tap an optical signal without detection
Inductive tap is not possible as optical fiber carries lightenergy
Hackers can obtain data from repeaters, splices , andtaps along a cable
Wireless Major threat is interception
Network Security / G. Steffen 10
8/13/2019 Security in Networks1
11/22
Wiretap Vulnerabilities
Network Security / G. Steffen 11
8/13/2019 Security in Networks1
12/22
Other Threats Protocol Flaws
Authentication Foiled by Guessing
Authentication Thwarted by Eavesdropping orWiretapping
Authentication Foiled by Avoidance
Nonexistent Authentication
Well-Known Authentication
Trusted Authentication
Network Security / G. Steffen 12
8/13/2019 Security in Networks1
13/22
Other Threats Impersonation
Easier than wiretapping for obtaining information on a network More significant threat in WAN than in LAN
Spoofing An attacker obtains network credentials illegally and carries false
conversations
Masquerade One hosts pretends to be another Phishing is a variation of this kind of an attack.
Session hijacking Intercepting & carrying a session begun by another entity
Man-in-the-Middle Attack One entity intrudes between two others.
Network Security / G. Steffen 13
8/13/2019 Security in Networks1
14/22
Key Interception by a Man-in-the
Middle Attack
Network Security / G. Steffen 14
8/13/2019 Security in Networks1
15/22
Message Confidentiality Threats Misdelivery
Message can be delivered to someone other than theintended recipient
Exposure
Passive wiretapping is a source of message exposure
Traffic Flow Analysis
Protecting both the content of the message & the headerinformation that identifies the sender and receiver
Network Security / G. Steffen 15
8/13/2019 Security in Networks1
16/22
Message Integrity Threats Falsification of Messages
An attacker may change content of the message on theway to the receiver
An attacker may destroy or delete a message
These attacks can be perpetrated by active wiretapping,Trojan horse, preempted hosts etc
Noise
These are unintentional interferences
Network Security / G. Steffen 16
8/13/2019 Security in Networks1
17/22
Denial of Service (DOS)/ Availability Attacks Transmission Failure
Line cut
Network noise making a packet unrecognizable orundeliverable
Connection Flooding
Sending too much data
Protocol attacks: TCP, UDP, ICMP (Internet ControlMessage Protocol)
Network Security / G. Steffen 17
8/13/2019 Security in Networks1
18/22
DOS Attacks 1 Echo-Chargen
Attack works between two hosts
Ping of Death Flood network with ping packets
Attack limited by the smallest bandwidth to victim
Smurf
It is a variation of ping attack
Syn Flood
Attack uses the TCP protocol suite
Network Security / G. Steffen 18
8/13/2019 Security in Networks1
19/22
Distributed Denial of Service (DDoS)
Network Security / G. Steffen 19
To perpetrate a DDoS attack, an attackerfirst plants a Trojan horse on a targetmachine. This process is repeated with many
targets. Each of these targets systems thenbecome what is known as zombie. Then theattacker chooses a victim and sends a signalto all the zombies to launch the attack.
It means the victim counters nattacks fromthe nzombies all acting at once.
8/13/2019 Security in Networks1
20/22
Summary Threats are raised against the key aspects of security :
confidentiality, integrity, and availability.
Network Security / G. Steffen 20
Target Vulnerability
Precursors to attack Port ScanSocial EngineeringReconnaissanceOS & Application Fingerprinting
Authentication Failures ImpersonationGuessingEavesdroppingSpoofingMan-in-the Middle Attack
8/13/2019 Security in Networks1
21/22
Summary
Network Security / G. Steffen 21
Target Vulnerability
Programming Flaws Buffer Overflow
Addressing ErrorsParameter ModificationsCookieMalicious Typed Code
Confidentiality Protocol FlawEavesdroppingPassive WiretapMisdeliveryCookie
8/13/2019 Security in Networks1
22/22
Summary
Network Security / G. Steffen 22
Target Vulnerability
Integrity Protocol Flaw
Active WiretapNoiseImpersonationFalsification of Message
Availability Protocol FlawConnection flooding, e.g., smurfDNS AttackTraffic RedirectionDDoS