click to edit master subtitle style chapter 14: network threats and mitigation instructor:
TRANSCRIPT
• Click to edit Master subtitle style
Chapter 14: Network Threats and MitigationInstructor:
Chapter 14 Objectives
• The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter:
5.4 Explain common threats, vulnerabilities, and mitigation techniques.
• Wireless:– War driving– War chalking– WEP cracking– WPA cracking– Evil twin– Rogue access point
2
Chapter 14 Objectives(Cont)
• Attacks:– DoS– DDoS– Man in the middle– Social engineering– Virus– Worms– Buffer overflow– Packet sniffing– FTP bounce– Smurf
• Mitigation techniques:– Training and awareness– Patch management– Policies and procedures– Incident response
3
Recognizing Security Threats
4
• Viruses are common threats that we hear about all the time, but, there are many other nasty things out there as well.
• Bad guys who create threats to a network generally have one of two purposes in mind:
– destruction – reconnaissance
Denial of Service (DoS)
5
• DoS attacks come in a variety of flavors.
• The Ping of Death
– In a Ping of Death attack, a oversized ICMP packet is sent to the remote victim flooding the victim’s buffer and causing the system to reboot or hang helplessly.
A denial of service (DoS) attack prevents users from accessing the network and/or its resources.
Denial of Service (DoS)
6
• Smurf
– The attacker spoofs the intended victim’s IP address and then sends a large number of pings to IP broadcasts.
– The receiving router responds by delivering the broadcast to all hosts on the network, and all the hosts on the network respond to the victim with an IP echo reply all of them at the same time.
Denial of Service (DoS)
7
• SYN Flood– In the SYN flood, the attacker send a SYN, the victim sends back
a SYN/ACK, and the attacker leaves the victim waiting for the final ACK. While the server is waiting for the response, a small part of memory is reserved for it. As the SYNs continue to arrive, memory is gradually consumed. Any further incoming connections to the victimized device will be rejected.
Distributed Denial of Service (DDoS)
8
• Tribe Flood Network (TFN) Tribe Flood Network 2000 (TFN2K)
– More complex assaults which initiate synchronized DoS attacks from multiple sources and can target multiple devices.
– Uses Zombies to carry out the attack
– Called distributed denial of service (DDos) attacks.
– Make use of IP spoofing.
Viruses
9
• Viruses typically have catchy names like Chernobyl, Michelangelo, Melissa, I Love You, and Love Bug
• Receive a lot of media coverage as they proliferate and cause damage to a large number of people.
• Viruses are little programs causing a variety of bad things to happen on your computer ranging from merely annoying to totally devastating.
• They can display a message, delete files, or even send out huge amounts of meaningless data over a network to block legitimate messages.
Viruses
10
• A key trait of viruses is that they can’t replicate themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them.
• There are several different kinds of viruses, but the most popular ones are file viruses, macro (data file) viruses, and boot-sector viruses.
Viruses
11
• Multipartite Viruses
– A multipartite virus is one that affects both the boot sector and files on your computer, making such a virus particularly dangerous and exasperatingly difficult to remove.
Wireless Threats
12
• War Driving• War Driving• WEP Cracking• WPA Cracking• Rogue Access Points• Evil Twin
Attackers and Their Tools
13
• IP Spoofing- – process of sending packets with a fake source address
• Application-Layer Attacks– Application-layer attacks focus on well-known holes in
software that’s running on our servers.
• Active-X Attacks– Attacks your computer through ActiveX and Java programs
(applets).
• Autorooters– Autorooters are a kind of hacker automaton. Hackers use
something called a rootkit to probe, scan, and then capture data on a strategically positioned computer.
• Backdoors– Backdoors are simply paths leading into a computer or
network.
• Network Reconnaissance– Attackers gather all the information they can about it, because
the more they know about the network, the better they can compromise it.
Attackers and Their Tools
14
• Packet Sniffers– A network adapter card is set to promiscuous mode so it will receive all
packets from the network’s Physical layer to gather highly valuable sensitive data.
• Password Attacks– Password attacks are used discover user passwords so the thief can pretend
they’re a valid user and then access that user’s privileges and resources.
• Brute-Force Attacks– A brute-force attack is another software-oriented attack that employs a
program running on a targeted network trying to log in to some type of shared network resource like a server.
• Port-Redirection Attacks– A port-redirection attack requires a host machine the hacker has broken into
uses to get traffic into a network which wouldn’t be allowed passage through a firewall.
• Trust-Exploitation Attacks– Uses a trust relationship inside your network making the servers really
vulnerable because they’re all on the same segment.
Attackers and Their Tools
15
• Man-in-the-Middle Attacks– A man-in-the-middle attack happens when someone intercepts
packets intended for one computer and reads the data. – A common guilty party could be someone working for your very
own ISP using a packet sniffer and augmenting it with routing and transport protocols.
– Rogue ATM machines and even credit-card swipers are tools also increasingly used for this type of attack.
Attackers and Their Tools
16
• IP Spoofing Protection
A hacker attempting an IP spoof and the spoofed IP address being denied access to the network by the firewall
Attackers and Their Tools
17
• Rogue Access Points– Properly securing a wireless network has become a critical task for most
network administrators. – With a wired network, you know where the cables start and stop; but with
a wireless network, you don’t.– A rogue access point is one that’s been installed on a network without the
administrator’s knowledge. – These can be unintentional—when a user innocently plugs a wireless
router or wireless access point in to the end of a network cable in your building it is clearly unsecured.
– Rogue access points are very useful to someone who wants to set up a man-in-the-middle attack.
• Social Engineering (Phishing)– Hackers are more sophisticated today, they just asked the network’s
users for it.– Social engineering, or phishing is the act of attempting to obtain sensitive
information by pretending to be a credible source. – Common phishing tactics include emails, phone calls, or even starting up
a conversation in person.
Understanding Mitigation Techniques
18
• Active Detection
– Software that searches for hackers attempting known attack methods and scans for the kind of suspicious activity.
• Passive Detection
– Video cameras are a good example of passive intrusion-detection systems.
• Proactive Defense
– A proactive defense is something you do or implement to ensure that your network is impenetrable.
Policies and Procedures
19
• Security Policies
– Security Audit
– Clean-Desk Policy
– Recording Equipment
– DMZ
Patches and Upgrades
20
• Automatic Updates through Windows Update
– It’s really easy to get updates for Windows-based operating systems from Windows 2000 on, through Windows Update
– If you need to get more information: www.microsoft.com
Antivirus Components
21
A typical antivirus program consists of two components:
• The definition files
• The engine
Antivirus Maintenance
22
•
• Upgrade (keep current) your Antivirus Engine
• Updating the Antivirus Definition Files• Scanning for Viruses Regularly• Fix Infected Computers
Summary
23
• Summary
• Exam Essentials Section
• Written Labs
• Review Questions