security system 1 - 05
TRANSCRIPT
![Page 1: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/1.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 1/36
SECURITY SYSTEMSECURITY SYSTEM11
#5. PHYSICAL SECURITY
![Page 2: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/2.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 2/36
AGENDA
Operational Security
Calculating Attact Strategies
Recognizing Common Attack
CompTIA Security+ Study Guide, Sybex
![Page 3: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/3.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 3/36
![Page 4: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/4.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 4/36
Operational Security
Operational security focuses on computers,networks, and communications systems aswell as the management of information.
Operational security encompasses a largearea, and as a security professional, you’llbe primarily involved here more than anyother area.
![Page 5: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/5.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 5/36
Operational Security
Operational security issues include networkaccess control (NAC), authentication, andsecurity topologies after the networkinstallation is complete. Issues include the
daily operations of the network, connections toother networks, backup plans, and recoveryplans.
In short, operational security encompasses
everything that isn’t related to design or physical security in your network. Instead of focusing on the physical components wherethe data is stored, such as the server, thefocus is now on the topology and connections.
![Page 6: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/6.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 6/36
Calculating AttackStrategies
One main reason for the differences in attacks isthat they occur in many ways and for differentreasons. Regardless of how they occur, theyare generally used to accomplish one or more
of these three goals:In an access attack , someone who should not be
able to wants to access your resources.
During a modification and repudiation attack ,someone wants to modify information in your systems.
A denial-of-service (DoS) attack is an attempt todisrupt your network and services. When your system becomes so busy responding toillegitimate requests, it can prevent authorizedusers from having access.
![Page 7: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/7.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 7/36
Calculating AttackStrategies
A. Understanding Access Attack Types The goal of an access attack is
straightforward. An access attack is an attempt togain access to information that the attacker isn’t
authorized to have. These types of attacks focuson breaching the confidentiality of information.They occur either internally or externally; theymight also occur when physical access to theinformation is possible.
Dumpster diving is a common physical accessmethod. Companies normally generate a hugeamount of paper, most of which eventuallywinds up in Dumpsters or recycle bins.
![Page 8: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/8.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 8/36
Calculating AttackStrategies
A second common method used in accessattacks is to capture information en routebetween two systems; rather than paper, datais found in such attacks. There are several
common types of access attacks:Eavesdropping Eavesdropping is the process of listening in on or overhearing parts of aconversation, including listening in on your network traffic. This type of attack is generallypassive. For example, a coworker might overhear
your dinner plans because your speakerphone isset too loud or you’re yelling into your cell phone.The opportunity to overhear a conversation iscoupled with the carelessness of the parties in theconversation.
![Page 9: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/9.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 9/36
Calculating AttackStrategies
Snooping Snooping occurs when someone looksthrough your files hoping to find somethinginteresting. The files may be either electronic or on paper. In the case of physical snooping, people
might inspect your Dumpster, recycling bins, or even your file cabinets; they can look under thekeyboard for Post-it notes or look for scraps of paper tacked to your bulletin board. Computer snooping, on the other hand, involves someone
searching through your electronic files trying tofind something interesting.
![Page 10: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/10.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 10/36
Calculating AttackStrategies
Interception Interception can be either an activeor a passive process. In a networked environment,a passive interception would involve someonewho routinely monitors network traffic. Active
interception might include putting a computer system between the sender and receiver tocapture information as it’s sent. The process isusually covert. The last thing a person on anintercept mission wants is to be discovered.
Intercept missions can occur for years without theknowledge of the parties being monitored.
![Page 11: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/11.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 11/36
Calculating AttackStrategies
B. Recognizing Modification and RepudiationAttacks
Modification attacks involve the deletion,insertion, or alteration of information in an
unauthorized manner that is intended to appear genuine to the user. These attacks can be hard todetect. They’re similar to access attacks in that theattacker must first get to the data on the servers, butthey differ from that point on. The motivation for thistype of attack may be to plant information, change
grades in a class, fraudulently alter credit cardrecords, or something similar. Website defacementsare a common form of modification attack; theyinvolve someone changing web pages in amalicious manner.
![Page 12: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/12.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 12/36
Calculating AttackStrategies
A variation of a modification attack is arepudiation attack.Repudiation attacks make data or information appear to be invalid or misleading(which can be even worse). For example, someonemight access your e-mail server and send
inflammatory information to others under the guiseof one of your top managers. This information mightprove embarrassing to your company and possiblydo irreparable harm. Repudiation attacks are fairlyeasy to accomplish because most e-mail systems
don’t check outbound mail for validity. Repudiationattacks, like modification attacks, usually begin asaccess attacks.
![Page 13: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/13.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 13/36
Calculating AttackStrategies
C.Identifying Denial-of-Service and DistributedDenial-of-Service Attacks
Denial-of-service (DoS) attacks preventaccess to resources by users authorized to use
those resources. An attacker may attempt tobring down an e-commerce website to preventor deny usage by legitimate customers. DoSattacks are common on the Internet, where theyhave hit large companies such as Amazon,
Microsoft, and AT&T. These attacks are oftenwidely publicized in the media. Most simple DoSattacks occur from a single system, and aspecific server or organization is the target.
![Page 14: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/14.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 14/36
Calculating AttackStrategies
There isn’t a single type of DoS attack, buta variety of similar methods that have thesame purpose. It’s easiest to think of a DoS
attack by imagining that your servers are sobusy responding to false requests that theydon’t have time to service legitimaterequests. Not only can the servers be
physically busy, but the same result canoccur if the attack consumes all the availablebandwidth.
![Page 15: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/15.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 15/36
Calculating AttackStrategies
Several types of attacks can occur in thiscategory. These attacks can deny access toinformation, applications, systems, or communications.
A DoS attack on an application may bring down awebsite while the communications and systemscontinue to operate.
A DoS attack on a system crashes the operatingsystem (a simple reboot may restore the server to normal operation).
A DoS attack against a network is designed to fillthe communications channel and preventaccess by authorized users.
![Page 16: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/16.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 16/36
Calculating AttackStrategies
A common DoS attack involves opening asmany TCP sessions as possible; this type of attack is called a TCP SYN flood DoS attack.Two of the most common types of DoS attacks
are the ping of death and the buffer overflow .The ping of death crashes a system by sendingInternet Control Message Protocol (ICMP)packets (think echoes) that are larger than the
system can handle. Buffer overflow attacks, asthe name implies, attempt to put more data(usually long input strings) into the buffer than itcan hold.
![Page 17: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/17.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 17/36
Calculating AttackStrategies
A distributed denial-of-service (DDoS) attack issimilar to a DoS attack. A DDoS attack amplifies theconcepts of a DoS by using multiple computer systems to conduct the attack against a singleorganization. These attacks exploit the inherent
weaknesses of dedicated networks such as DSLand cable. These permanently attached systemsusually have little, if any, protection. An attacker canload an attack program onto dozens or evenhundreds of computer systems that use DSL or
cable modems. The attack program lies dormant onthese computers until they get an attack signal froma master computer. The signal triggers the systems,which launch an attack simultaneously on the targetnetwork or system.
![Page 18: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/18.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 18/36
![Page 19: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/19.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 19/36
Calculating AttackStrategies
The nasty part of this type of attack is thatthe machines used to carry out the attackbelong to normal computer users. The attack
gives no special warning to those users.When the attack is complete, the attackprogram may remove itself from the systemor infect the unsuspecting user’s computer
with a virus that destroys the hard drive,thereby wiping out the evidence.
![Page 20: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/20.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 20/36
Recognizing CommonAttacks
Most attacks are designed to exploit potentialweaknesses, which can be in theimplementation of programs or in the
protocols used in networks. Many types of attacks require a high level of sophisticationand are rare, but you need to know aboutthem so that, should they occur, you can
identify what has happened in your network.
In the following sections, we’ll look at somecommon attacks more closely.
![Page 21: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/21.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 21/36
Recognizing CommonAttacks
Back Door Attacks The term back door attack refers to gainingaccess to a network and inserting aprogram or utility that creates an entrancefor an attacker. The program may allow acertain user ID to log on without a passwordor gain administrative privileges. The nextfigure shows how a back door attack can be
used to bypass the security of a network. Inthis example, the attacker is using a backdoor program to utilize resources or stealinformation.
![Page 22: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/22.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 22/36
![Page 23: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/23.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 23/36
Recognizing CommonAttacks
Spoofing Attacks A spoofing attack is an attempt by someone or
something to masquerade as someone else. This type of attack is usually considered an
access attack. A common spoofing attack that waspopular for many years on early Unix and other timesharing systems involved a programmer writing afake logon program. It would prompt the user for auser ID and password. No matter what the user typed, the program would indicate an invalid logonattempt and then transfer control to the real logonprogram. The spoofing program would write thelogon and password into a disk file, which was
retrieved later.
![Page 24: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/24.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 24/36
Recognizing CommonAttacks
The most popular spoofing attacks today areIP spoofing and DNS spoofing . With IP spoofing,the goal is to make the data look as if it camefrom a trusted host when it didn’t (thus spoofing
the IP address of the sending host). With DNSspoofing, the DNS server is given informationabout a name server that it thinks is legitimatewhen it isn’t. This can send users to a websiteother than the one they wanted to go to, reroutemail, or do any other type of redirection whereindata from a DNS server is used to determine adestination. Another name for this is DNS
poisoning .
![Page 25: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/25.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 25/36
![Page 26: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/26.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 26/36
Recognizing CommonAttacks
Another DNS weakness is Domain NameKiting . When a new domain name is issued,there is a five-day grace period before you
must technically pay for it. Those engaged inkiting can delete the account within the fivedays and re-register it again—allowing themto have accounts that they never have to pay
for.
![Page 27: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/27.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 27/36
Recognizing CommonAttacks
Man-in-the-Middle Attacks Man-in-the-middle attacks tend to be fairly
sophisticated. This type of attack is also an
access attack, but it can be used as the startingpoint for a modification attack. The method usedin these attacks clandestinely places a piece of software between a server and the user thatneither the server administrators nor the user isaware of.
![Page 28: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/28.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 28/36
Recognizing CommonAttacks
The software intercepts data and then sendsthe information to the server as if nothing iswrong. The server responds back to the software,thinking it’s communicating with the legitimate
client. The attacking software continues sendinginformation on to the server, and so forth. If communication between the server and user
continues, what’s the harm of the software? Theanswer lies in whatever else the software is
doing. The man-in-the-middle software may berecording information for someone to view later,altering it, or in some other way compromisingthe security of your system and session.
![Page 29: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/29.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 29/36
Recognizing CommonAttacks
Replay Attacks Replay attacksare becoming quite common.
They occur when information is captured over anetwork. A replay attack is a kind of access or
modification attack. In a distributed environment,logon and password information is sent betweenthe client and the authentication system. Theattacker can capture the information and replay itagain later. This can also occur with security
certificates from systems such as Kerberos: Theattacker resubmits the certificate, hoping to bevalidated by the authentication system andcircumvent any time sensitivity.
![Page 30: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/30.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 30/36
![Page 31: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/31.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 31/36
Recognizing CommonAttacks
If this attack is successful, the attacker willhave all the rights and privileges from theoriginal certificate. This is the primary reason
that most certificates contain a uniquesession identifier and a time stamp: If thecertificate has expired, it will be rejected andan entry should be made in a security log to
notify system administrators.
![Page 32: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/32.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 32/36
Recognizing CommonAttacks
Password-Guessing Attacks Password-guessing attacks occur when an
account is attacked repeatedly. This is
accomplished by utilizing applications knownas password crackers, which send possiblepasswords to the account in a systematicmanner. The attacks are initially carried out to
gain passwords for an access or modificationattack.
![Page 33: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/33.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 33/36
Recognizing CommonAttacks
There are two types of password-guessingattacks:
Brute-force attack
A brute-force attack is an attempt to guesspasswords until a successful guess occurs. Thistype of attack usually occurs over a long period.To make passwords more difficult to guess, theyshould be much longer than two or threecharacters (six should be the bare minimum), becomplex, and have password lockout policies.
i i
![Page 34: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/34.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 34/36
Recognizing CommonAttacks
Dictionary attack A dictionary attack uses a dictionary of
common words to attempt to find the user’spassword. Dictionary attacks can be automated,
and several tools exist in the public domain toexecute them.
Not all attacks are only brute-force or dictionary based. A number of hybrids alsoexist that will try combinations of these twomethods.
i i C
![Page 35: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/35.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 35/36
Recognizing CommonAttacks
Privilege Escalation Privilege escalation can be the result of an error on
an administrator’s part in assigning too high apermission set to a user, but it’s more often associatedwith bugs left in software.
When creating a software program, developers willoccasionally leave a back door in the program thatallows them to become a root user should they need tofix something during the debugging phase.
After debugging is done and before the softwaregoes live, these abilities are removed. If a developer forgets to remove the back door in the live version andthe method of accessing them gets out, it leaves theability for a miscreant to take advantage of the system.
R i i C
![Page 36: Security System 1 - 05](https://reader030.vdocument.in/reader030/viewer/2022021322/577d392c1a28ab3a6b99365d/html5/thumbnails/36.jpg)
8/14/2019 Security System 1 - 05
http://slidepdf.com/reader/full/security-system-1-05 36/36
Recognizing CommonAttacks
To understand privilege escalation, think of cheat codes in video games. Once you know thegame’s code, you can enter it and becomeinvincible. Similarly, someone might take
advantage of a hidden cheat in a softwareapplication you are using to become root.