Security+ Guide to Network Security Fundamentals, Third Edition Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of network attacks Security+ Guide to Network Security Fundamentals, Third Edition 2 Network Vulnerabilities There are _________ broad categories of network vulnerabilities: Those based on the network transport ________ Those found in the network ________ themselves Let’s take a look at each… Security+ Guide to Network Security Fundamentals, Third Edition 3 Media-Based Vulnerabilities ______________ network traffic Helps network administrator to _______________________ ________________________________ Monitoring traffic can be done in _________ ways: 1. Use a __________________________________ Configure a switch to ____________________ that flows through some or all ports ___________________________ on the switch See graphic on next slide… 2. Install a __________________ (test access point) A _______________________ that can be installed _____________ ___________________, such as a switch, router, or firewall, to ______________________ See graphic two slides down… Security+ Guide to Network Security Fundamentals, Third Edition 4 Media-Based Vulnerabilities (continued) Security+ Guide to Network Security Fundamentals, Third Edition 5 Media-Based Vulnerabilities (continued) Security+ Guide to Network Security Fundamentals, Third Edition 6 Media-Based Vulnerabilities (continued) ________________ computer Can be a ______________________________ Can be a regular computer running _____________________________ software Also known as a ____________________ _____________________________________________ ____________________________- See example on next slide… Security+ Guide to Network Security Fundamentals, Third Edition 8 Media-Based Vulnerabilities (continued) Just as network taps and protocol analyzers can be used for legitimate purposes They also can be used by ______________ to intercept and view network traffic Attackers can access the wired network in the following ways: False ceilings Exposed wiring Unprotected RJ-45 jacks Security+ Guide to Network Security Fundamentals, Third Edition 9 Media-Based Vulnerabilities (continued) Security+ Guide to Network Security Fundamentals, Third Edition 10 Four common Network Device Vulnerabilities 1. ___________________________ A password is a secret combination of letters and numbers that serves to _____________ (validate) a user by what he knows Password paradox Lengthy and complex passwords should be used and __________________________ It is very difficult to memorize these types of passwords Passwords can be set to expire after a set period of time, and a new one must be created Therefore a password can provide ___________ Security+ Guide to Network Security Fundamentals, Third Edition 11 Network Device Vulnerabilities (continued) Characteristics of weak passwords: A _______________ used as a password ____________ passwords unless forced to do so Passwords that are _____________ __________________ in a password Using the __________________ for all accounts _____________ the password down Security+ Guide to Network Security Fundamentals, Third Edition 12 Four common Network Device Vulnerabilities (continued) 2. _______________________ A user account on a device that is ____________________ by the ______________ instead of by an administrator Used to make the _____________________ and installation of the device easier Intended to be __________________________ is completed, but often they are not Default accounts are often the first targets that attackers seek Why? Security+ Guide to Network Security Fundamentals, Third Edition 13 Four common Network Device Vulnerabilities (continued) 3. ________________________ An account that is ___________ without the administrator’s knowledge or permission, that _____________________, and that ____________________________________ Can by created by programmer of software to allow convenient access to device for troubleshooting Back doors can be created on a network device in two ways: The network device can be ____________________ using a virus, worm, or Trojan horse to insert the back door A ________________________________ creates a back door on the device Security+ Guide to Network Security Fundamentals, Third Edition 14 Four common Network Device Vulnerabilities (continued) 4. __________________ (talked about in Chapter 2) It is possible to _____________________ in the _______________________ to gain access to resources that the user would normally be restricted from obtaining Security+ Guide to Network Security Fundamentals, Third Edition 15 Categories of Attacks Conducted Against Networks.. Include Denial of service Spoofing Man-in-the-middle Replay attacks Security+ Guide to Network Security Fundamentals, Third Edition 16 Denial of Service (DoS) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Attempts to ___________________________________ _______________________________________________ ___________________________________________ A _____________ of the DoS May use hundreds or thousands of ________________ in a botnet to _________________________________ Impossible to identify and block the source of the attack Example: _________________ attack See Figure 4-4 Security+ Guide to Network Security Fundamentals, Third Edition 17 SYN SYN+ ACK SYN SYN+ ACK SYN SYN+ ACK SYN SYN+ ACK SYN SYN+ ACK Server waiting several minutes for ACK replies but not receiving it from any computer - Server runs out of resources and can no longer function Security+ Guide to Network Security Fundamentals, Third Edition 18 Example #1 of DoS attack - Attacker can flood the radio frequency spectrum with interference to prevent legitimate communication from getting through Security+ Guide to Network Security Fundamentals, Third Edition 19 Example #2 of DoS attack If the ACK is not returned, the packet is resent Security+ Guide to Network Security Fundamentals, Third Edition 20 Example #3 of DoS attack Forces device to temporarily disconnect from the wireless network Security+ Guide to Network Security Fundamentals, Third Edition 21 Spoofing AKA impersonation ________________________________________ by ________________________________ Variety of different attacks use spoofing Attacker may _______________________ so that her malicious actions would be attributed to a valid user Attacker may _____________________________ _____________________________________ Attacker can set up his AP device and trick all _______________________________________________ ____________________________- Security+ Guide to Network Security Fundamentals, Third Edition 22 Man-in-the-Middle attack Works by _________________ (attacker) _____________________________________ ___________________________________ Makes it seem that two computers are communicating with each other directly when actually there is a “middle man” seeing/modifying the traffic ________ attacks _______________________ before they are sent on to the recipient ________ attacks ________________________, _____________ and _______ to original recipient Security+ Guide to Network Security Fundamentals, Third Edition 23 Replay attack Similar to a passive man-in-the-middle attack Instead of sending traffic to the recipient immediately, the captured data is ________________________________________ A simple replay would involve the man-in-the-middle ____________________ between the computer and the server and attempting to login at a later time A more sophisticated attack takes advantage of the communications between a __________________ Administrative messages that contain specific network requests are frequently sent between a network device and a server A replay attack could _______________________________________ _____________________. The server might respond thinking the message came from a _______________________________________ Security+ Guide to Network Security Fundamentals 24 Methods of Network Attacks Protocol-based Targeting vulnerabilities in network protocols is a common method of attack since the ___________ is ____________________________ itself Any system that uses this protocol is vulnerable Wireless Attacks unique to wireless networks have been created More to come… Security+ Guide to Network Security Fundamentals, Third Edition 25 Protocol-Based Attacks Antiquated protocols _____________ protocols have been updated often to address __________________________ __________ is another updated protocol Used for __________________________ between networked devices The use of community strings in the first two versions of the protocol- SNMPv1 and SNMPv2- created several vulnerabilities Also information was not sent in encrypted fashion SNMPv3 is much more secure Uses ___________________________________ Security+ Guide to Network Security Fundamentals, Third Edition 26 Protocol-Based Attacks (continued) DNS attacks Domain Name System (_______________) is the basis for ____________________________ today DNS ____________________ ___________ a ________________________ so that when a user enters a symbolic name, she is ____________________________________ Security+ Guide to Network Security Fundamentals, Third Edition 27 Protocol-Based Attacks (continued) Fraudulent IP address How can this IP address substitution take place? Security+ Guide to Network Security Fundamentals, Third Edition 28 Protocol-Based Attacks (continued) Substituting a fraudulent IP address can be done in one of two different _____________: 1. TCP/IP ___________________ name system If no entry exists for the requested name entered, the external DNS system is referenced Attackers can target the __________________ Or – the second location.. Security+ Guide to Network Security Fundamentals, Third Edition 29 Protocol-Based Attacks (continued) 2. External _____________________ Attack is called ____________________ (also called _________________) DNS servers exchange information between themselves AKA ________________________ Attacker attempts to convince the authentic DNS server to ______________________________ sent from the _____________________________________ See Figure 4-11 on following slide Attacker sends a request to resolve a URL to IP address… Valid DNS server doesn’t know and asks DNS server controlled by attacker Request from any users will go to attacker’s IP address Name server sends IP addresses to the valid (victim) DNS serverwhich are actually IP addresses to the attacker’s addresses. -These IP addresses map to legit URL’s Security+ Guide to Network Security Fundamentals, Third Edition 31 Protocol-Based Attacks (continued) DNS poisoning can be ________________ ________________________ software, _______ (Berkeley Internet Name Domain) or __________ (DNS Security Extensions) ______________________ Almost the ___________________________ Attacker asks the _______________________ _______________, known as a DNS transfer Possible for the attacker to _____________________ ________ of the organization supporting the DNS server Security+ Guide to Network Security Fundamentals, Third Edition 32 Protocol-Based Attacks (continued) Address Resolution Protocol (_______) ________________________________________ _______________________________________ The IP address and the corresponding MAC address are stored in an ARP cache for future reference ARP ____________________ An attacker could ________________________ ________________ so that the corresponding IP address would ______________________ Security+ Guide to Network Security Fundamentals, Third Edition 33 Protocol-Based Attacks (continued) TCP/IP hijacking takes advantage of a weakness in the TCP/IP protocol The TCP header consists of _____________ that are used as _____________________________ Updated as packets are sent and received between devices Packets may arrive out of order ________________ any packets with ___________ sequence numbers than has been ____________________________ Receiving device will _______________ any packets with __________________________ numbers than has been received and acknowledged Security+ Guide to Network Security Fundamentals, Third Edition 34 Protocol-Based Attacks (continued) If both sender and receiver have incorrect sequence numbers, the connection will “hang” TCP/IP hijacking In a TCP/IP hijacking attack, the attacker creates fictitious (“spoofed”) TCP packets to take advantage of the weaknesses See handout for example of TCP/IP hijacking Security+ Guide to Network Security Fundamentals, Third Edition 35 Wireless Attacks In addition to TCP/IP attacks such as TCP/IP hijacking and ARP poisoning, attacks _____ __________________ have been created Rogue Access Points Access Point that is _________________ _________________ (in a vulnerable location) behind the firewall An attacker who can access the network through a rogue access point is _________ ________________________________ Can ________ attack all devices on the network Rogue APs ________________________ and opens the entire network and all users to direct attacks Security+ Guide to Network Security Fundamentals, Third Edition 37 Rogue Access Points (continued) Security+ Guide to Network Security Fundamentals, Third Edition 38 War Driving ____________________ Scanning At regular intervals, a wireless AP sends a beacon frame to _______________________________________________ _______________________ that want to join the network Used to establish and maintain communications Wireless devices which _______________________ Wireless location mapping AKA _____________ ______________________________________________ RF transmission Process of finding a WLAN signal and recording information about it Security+ Guide to Network Security Fundamentals, Third Edition 39 War Driving (continued) War driving can involve using an ________ to search for wireless signals over a large area but also _________ or a ____________ could be used Tools for conducting war driving: __________________ device _________________ adapters ________________ Global positioning system receiver To precisely locate the wireless network _______________ to connect to the wireless network Security+ Guide to Network Security Fundamentals, Third Edition 40 What is Bluetooth? A wireless technology that uses short-range RF transmissions and ________________________ _____________________ to a wide range of computing / telecommuncation _____________ Provides for ________________________ between devices The __________________ standard was adapted and expanded from the existing Bluetooth standard Two types of 802.15.1 network topologies ___________ – Same channel contains __________ and at _____________________ ______________ – Connection in which ____________ __________________________________________ Security+ Guide to Network Security Fundamentals, Third Edition 41 Bluesnarfing and Blue Jacking ____________________ The ___________________________ from a wireless device __________________________ Allows an attacker to _____________________, contact lists, etc By simply connecting to that Bluetooth device _________ the _____________________________ __________________ _______________________ from Bluetooth to Bluetooth-enabled devices No data is stolen Security+ Guide to Network Security Fundamentals, Third Edition 42 Other Attacks and Frauds Null sessions _______________________ to a Microsoft __________________________ computer that ________________________________ Could allow an attacker to connect to open a channel over which he could gather information about the device Pose a serious ________________ to vulnerable computers and _______________________ to the operating systems Later versions of Windows are not vulnerable to null session attacks Security+ Guide to Network Security Fundamentals, Third Edition 43 Other Attacks and Frauds (continued) Domain Name Kiting A type of fraud that involves _______________ ______________ to do something unscrupulous __________________________ ________________ are organizations that are ____________________________ ________________________________ A five-day Add Grade Period (AGP) permits registrars to delete any newly registered Internet domain names and give a full refund of the registration fee Security+ Guide to Network Security Fundamentals, Third Edition 44 Other Attacks and Frauds (continued) Domain Name Kiting (continued) Unscrupulous registrants attempt to _________ _______________________ by ____________ _____________________________________ Recently expired domain names are indexed by search engines Visitors are _________________________________ Which is usually a single page Web with paid advertisement links Visitors who click on these links _____________ ___________________________________ Security+ Guide to Network Security Fundamentals, Third Edition 45 Summary Network vulnerabilities include media-based vulnerabilities and vulnerabilities in network devices The same tools that network administrators use to monitor network traffic and troubleshoot network problems can also be used by attackers Network devices often contain weak passwords, default accounts, back doors, and vulnerabilities that permit privilege escalation Network attacks can be grouped into four categories Security+ Guide to Network Security Fundamentals, Third Edition 46 Summary (continued) Protocol-based attacks take advantage of vulnerabilities in network protocols Attacks on wireless systems have increased along with the popularity of wireless networks Other network attacks include null sessions, which are unauthenticated connections to a system using a legacy version of Microsoft windows Domain Name Kiting is fraud that involves the use of a grace period to delete newly registered domain names Security+ Guide to Network Security Fundamentals, Third Edition 47