pace-it, security+3.2: summary of types of attacks (part 1)

A summary of types of attacks I.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Inside threats and attacks.

– Outside threats and attacks.

PACE-IT.

Inside threats and attacks.A summary of types of attacks I.

Inside threats and attacks.

– Malicious employees.» Malicious employees are difficult to defend against, as

the threat is already inside the network.• Resources must be granted in order for employees to

do their jobs. » One of the best defenses is using the principle of least

privilege.• Only granting the least amount of authorization that is

required for people to get their work done.

– Privilege escalation.» Attempting to raise a user’s account privileges to an

administrative level—giving them access to almost everything.

• Usually occurs due to a vulnerability that may be present in the operating system itself; however, the vulnerability may also be present in another piece of software.

» The best defense is to remove all known vulnerabilities from operating systems and software.



– Social engineering.» The process of using social pressure to cause

somebody to compromise a system from inside the defenses of the network.

• The pressure can be applied in multiple forms: by phone, in person, via email, through a rogue website, or by other methods.

– ARP (Address Resolution Protocol) cache poisoning.

» The ARP cache, which maps IP addresses to MAC addresses, is corrupted by an attacker with the end result being that the attacker has control of which IP addresses are associated with MAC addresses.

• Commonly used in man-in-the-middle attacks.

– Client-side attack.» An attack on a system through vulnerabilities that may

be present within software on a client system.• Attacks often originate from Internet applications or

messaging applications.



– Replay attack.» An attack that uses a packet sniffer to capture network

session data.• The attacker then re-submits the captured packets in

an effort to gain access to the network.

– Transitive access attack.» The attacker attempts to get a user to click on a

hyperlink to an MS Windows shared folder.• If the user clicks on the hyperlink, the user’s system is

forced to send the user account credentials—allowing the attacker to attempt to get access to valid credentials.

– Man-in-the-middle (MitM) attack.» The attacker is not necessarily inside the network per

se, but is in between two end points that are communicating on a network.

» The attack allows a malicious user to be able to view all network packets that are flowing between the communicating hosts.


Outside threats and attacks.A summary of types of attacks I.

Outside threats and attacks.

– Spoofing.» An attacker attempts to gain access to network

resources by having his or her system masquerade as a trusted system.

• This is achieved by modifying either the IP address or the MAC address of the attacking system.

– Spam.» Unsolicited bulk email (UBE), junk email that attempts

to entice a person into buying a product or service.• While in most cases the receiving of spam isn’t a

security threat, it is a waste of resources—which is considered a security issue.

– Spim (spIM or spam with instant messaging).

» An attacker harvests instant message (IM) IDs and then attempts to entice the end user to click on a hyperlink that is included in an IM.

• Often used as the first step in another type of attack (e.g., a pharming attack).



– DNS poisoning.» The attacker changes the DNS records for a specific

website in order to redirect traffic to a malicious website.

• The change in record can either be on the local DNS apparatus, or it may occur at a higher level (e.g., at the Internet service provider level).

– Typosquatting (or URL hijacking).» The attacker sets up malicious websites using common

misspellings of legitimate URL (Uniform Resource Locator) names.

• The attacker assumes that a certain amount of traffic will reach the malicious website merely due to user error.

– Watering hole attack.» The attacker compromises (e.g., plants malicious code

on) a legitimate trusted website.• As users visit the trusted site, malicious code is

executed.



– DoS (Denial of Service) threats.» Covers a very broad category of threats to networks

and systems.• Any threat that can potentially keep users or

customers from using network resources as designed can be considered a type of DoS threat.

» Permanent DoS attack.• An attempt to permanently deny a network resource

for others; it can be done by physically destroying a resource or by damaging (or corrupting) the underlying operating system.

» Traditional DoS attack.• An attempt to flood a network with enough traffic to

bring it down—commonly used with malformed ICMP requests.

» Distributed DoS (DDoS) attack.• A DoS attack in which more than a single system is

involved in sending the attack; a botnet is often used to implement the attack.

» Smurf attack or smurfing.• A network is flooded with ICMP requests in which the

source address for the requests appears to be that of the intended target (it has been spoofed).


What was covered.A summary of types of attacks I.

Given the nature and purpose of networks, it can be difficult to make them secure. Common threats or attacks that come from inside the network include: malicious employees, privilege escalation, social engineering, ARP cache poisoning, client-side attacks, replay attacks, transitive access attacks, and MitM attacks.

Topic


Summary

Security threats may come from outside of the secured network. Common threats or attacks that come from outside of the network include: spoofing, spam, spim, DNS poisoning, typosquatting, watering hole attacks, and various types of DoS attacks.


THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.