pace-it: common threats (part 2)

Common network threats II.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Common network threats II.PACE-IT.

– Outside threats.

– Wireless network threats.

Outside threats.Common network threats II.

Because of how they are implemented, it is often difficult to put network security threats into a single category.

Many attempts to breach a network combine different aspects of threats. For example, a man-in-the-middle attack is often combined with some type of spoofing that is used to help it succeed.This means that, in most cases, security requires more than just a single line of defense. Good administrators recognize this and implement multiple layers of security in order to protect their systems.



– DoS (Denial of Service) threats.» Covers a very broad category of threats to networks

and systems.• Any threat that can potentially keep users or

customers from using network resources as designed can be considered a type of DoS threat.

– Traditional DoS attacks.» An attempt to flood a network with enough traffic to

bring it down.• Commonly used with a flood of malformed ICMP

requests. The host receiving the flood is so busy dealing with it that it cannot respond to legitimate requests.

– Permanent DoS attacks.» An attempt to permanently deny a network resource

for others.• Can be achieved by physically destroying or removing

the resource.• Can be achieved through the use of malware that

corrupts or damages the underlying digital systems.


– Friendly or unintentional DoS attacks.

» An unintentional DoS attack can occur when a poorly written application consumes more network resources than are available.

» An unintentional DoS attack can also occur when a network interface controller (NIC) begins to fail.

• The process of the NIC going up and down consumes network resources, which can cause a DoS.

– Distributed DoS (DDoS) attacks.» A DoS attack in which more than a single system is

involved in sending the attack.» A DDoS attack has a higher chance of succeeding due

to the increased number of participants.• The machines used to send the DDoS may be

voluntary participants (a coordinated attack), or they may be part of a botnet (malware has been installed on the machines and they are no longer under the complete control of their owners).

» The goal of a DDoS is to create a large enough spike in traffic that the target become unreachable. In some cases, the target system may need to be rebooted in order to come back online.


– Reflective DoS (also known as amplified DoS) attacks.

» The attacker uses some method—usually some form of spoofing—to hide the source of the attack.

• In a reflective DNS (Domain Name System) attack, the attacker usually spoofs the intended target’s IP address and sends multiple requests to an open DNS server. The DNS server responds by sending traffic to the targeted system.

• A reflective NTP (Network Time Protocol) attack works in the same way; however, instead of using DNS, it relies upon open NTP servers.

– Smurf attacks or smurfing.» A type of reflective DoS that also involves spoofing the

intended target’s IP address.• A network is flooded with ICMP requests in which the

source address for the requests appears to be that of the intended target.

• As the replies return, the network becomes slowed by the traffic. The goal is to overwhelm the target system and bring it down.

Wireless network threats.Common network threats II.

A common feature on a modern wireless access point (WAP) is Wi-Fi Protected Setup (WPS).

The goal of WPS is to create an easy and secure method for consumers and small businesses to set up a secure wireless network.Unfortunately, the outcome has fallen short of the goal. While WPS does ease the setup burden, it is also easily exploited by an attacker and should actually be disabled on all equipment.



– War driving/war chalking.» The practice of attempting to sniff out unprotected or

minimally protected wireless networks.• Once found, marks are placed on buildings and streets

indicating what networks are available and vulnerable.

» Wireless networks are vulnerable merely due to the fact that they need to broadcast over the air.

– WEP cracking/WPA cracking.» The use of a packet sniffer to capture the password or

preshared key on a wireless network.• Wired Equivalent Privacy (WEP) can be cracked in

minutes; WiFi Protected Access (WPA) cracking will take hours, but it can still be cracked.

– Rogue access point attack.» An unauthorized wireless access point (WAP) that gets

installed on the network.» The biggest culprits are the end users; they install their

own WAP for convenience and don’t properly secure it, opening a vulnerability in your network.


– Evil twin attack.» A type of rogue access point attack.

• A WAP is installed and configured with a service set identifier (SSID) that is very similar to the authorized version.

• As users access the twin, their keystrokes are captured in the hopes of gaining sensitive information.

» Can also be considered a type of wireless phishing attack.

– Bluejacking.» Sending unsolicited messages over a Bluetooth

connection in an effort to keep the target from responding to valid requests.

– Bluesnarfing.» An attack in which the attacker creates a Bluetooth

connection with another device without that device’s permission.

• The goal is to retrieve information from the attacked device (e.g., contact information and stored emails).

» This vulnerability has been patched and may no longer be a concern.

What was covered.Common network threats II.

Many network security threats fall into more than one category. A very common and broad category of threats is DoS. There are many types of DoS threats, including traditional DoS, permanent DoS, friendly or unintentional DoS, DDoS, reflective DoS, and Smurf attacks.

Topic

Outside threats.

Summary

WPS creates an easy method of placing security on a wireless network, but it also creates a vulnerability in the network. Threats that face wireless networks include war driving or chalking, WEP or WPA cracking, rogue access points, and evil twin attacks. Bluetooth networks are also vulnerable to Bluejacking and, possibly, Bluesnarfing.

Wireless network threats.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.