to CHAPTER 4 notes

advertisement
Security+ Guide to Network
Security Fundamentals,
Third Edition
Chapter 4
Network Vulnerabilities and Attacks
Objectives



Explain the types of network vulnerabilities
List categories of network attacks
Define different methods of network attacks
Security+ Guide to Network Security Fundamentals, Third Edition
2
Network Vulnerabilities

There are _________ broad categories of
network vulnerabilities:


Those based on the network transport ________
Those found in the network ________ themselves
Let’s take a look at each…
Security+ Guide to Network Security Fundamentals, Third Edition
3
Media-Based Vulnerabilities

______________ network traffic


Helps network administrator to _______________________
________________________________
Monitoring traffic can be done in _________ ways:
1. Use a __________________________________


Configure a switch to ____________________ that flows through
some or all ports ___________________________ on the switch
See graphic on next slide…
2. Install a __________________ (test access point)


A _______________________ that can be installed _____________
___________________, such as a switch, router, or firewall, to
______________________
See graphic two slides down…
Security+ Guide to Network Security Fundamentals, Third Edition
4
Media-Based Vulnerabilities (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
5
Media-Based Vulnerabilities (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
6
Media-Based Vulnerabilities (continued)

________________ computer


Can be a ______________________________
Can be a regular computer running
_____________________________ software


Also known as a ____________________
_____________________________________________
____________________________-
See example on next slide…
Security+ Guide to Network Security Fundamentals, Third Edition
8
Media-Based Vulnerabilities (continued)

Just as network taps and protocol analyzers
can be used for legitimate purposes


They also can be used by ______________ to
intercept and view network traffic
Attackers can access the wired network in the
following ways:



False ceilings
Exposed wiring
Unprotected RJ-45 jacks
Security+ Guide to Network Security Fundamentals, Third Edition
9
Media-Based Vulnerabilities (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
10
Four common Network Device
Vulnerabilities
1. ___________________________


A password is a secret combination of letters and
numbers that serves to _____________ (validate)
a user by what he knows
Password paradox




Lengthy and complex passwords should be used and
__________________________
It is very difficult to memorize these types of passwords
Passwords can be set to expire after a set period of time,
and a new one must be created
Therefore a password can provide ___________
Security+ Guide to Network Security Fundamentals, Third Edition
11
Network Device Vulnerabilities
(continued)

Characteristics of weak passwords:






A _______________ used as a password
____________ passwords unless forced to do so
Passwords that are _____________
__________________ in a password
Using the __________________ for all accounts
_____________ the password down
Security+ Guide to Network Security Fundamentals, Third Edition
12
Four common Network Device
Vulnerabilities (continued)
2. _______________________




A user account on a device that is ____________________
by the ______________ instead of by an administrator
Used to make the _____________________ and
installation of the device easier
Intended to be __________________________ is
completed, but often they are not
Default accounts are often the first targets that
attackers seek

Why?
Security+ Guide to Network Security Fundamentals, Third Edition
13
Four common Network Device
Vulnerabilities (continued)
3. ________________________


An account that is ___________ without the administrator’s
knowledge or permission, that _____________________,
and that ____________________________________
 Can by created by programmer of software to allow
convenient access to device for troubleshooting
Back doors can be created on a network device in
two ways:


The network device can be ____________________ using
a virus, worm, or Trojan horse to insert the back door
A ________________________________ creates a back
door on the device
Security+ Guide to Network Security Fundamentals, Third Edition
14
Four common Network Device
Vulnerabilities (continued)
4. __________________ (talked about in Chapter 2)

It is possible to _____________________ in the
_______________________ to gain access to
resources that the user would normally be
restricted from obtaining
Security+ Guide to Network Security Fundamentals, Third Edition
15
Categories of Attacks Conducted
Against Networks..

Include




Denial of service
Spoofing
Man-in-the-middle
Replay attacks
Security+ Guide to Network Security Fundamentals, Third Edition
16
Denial of Service (DoS)

Denial of service (DoS) attack


Distributed denial of service (DDoS) attack



Attempts to ___________________________________
_______________________________________________
___________________________________________
A _____________ of the DoS
May use hundreds or thousands of ________________ in
a botnet to _________________________________ Impossible to identify and block the source of the attack
Example: _________________ attack

See Figure 4-4
Security+ Guide to Network Security Fundamentals, Third Edition
17
SYN
SYN+ ACK
SYN
SYN+ ACK
SYN
SYN+ ACK
SYN
SYN+ ACK
SYN
SYN+ ACK
Server waiting several minutes for
ACK replies but not receiving it
from any computer
- Server runs out of resources and
can no longer function
Security+ Guide to Network Security Fundamentals, Third Edition
18
Example #1 of DoS attack
- Attacker can flood the radio frequency
spectrum with interference to prevent
legitimate communication from getting
through
Security+ Guide to Network Security Fundamentals, Third Edition
19
Example #2 of DoS attack
If the ACK is
not returned,
the packet is
resent
Security+ Guide to Network Security Fundamentals, Third Edition
20
Example #3 of DoS attack
Forces device to temporarily disconnect
from the wireless network
Security+ Guide to Network Security Fundamentals, Third Edition
21
Spoofing

AKA impersonation


________________________________________ by
________________________________
Variety of different attacks use spoofing



Attacker may _______________________ so that her
malicious actions would be attributed to a valid user
Attacker may _____________________________
_____________________________________
Attacker can set up his AP device and trick all
_______________________________________________
____________________________-
Security+ Guide to Network Security Fundamentals, Third Edition
22
Man-in-the-Middle attack

Works by _________________ (attacker)
_____________________________________
___________________________________



Makes it seem that two computers are
communicating with each other directly when
actually there is a “middle man” seeing/modifying
the traffic
________ attacks _______________________
before they are sent on to the recipient
________ attacks ________________________,
_____________ and _______ to original recipient
Security+ Guide to Network Security Fundamentals, Third Edition
23
Replay attack

Similar to a passive man-in-the-middle attack



Instead of sending traffic to the recipient immediately, the captured
data is ________________________________________
A simple replay would involve the man-in-the-middle
____________________ between the computer and
the server and attempting to login at a later time
A more sophisticated attack takes advantage of the
communications between a __________________

Administrative messages that contain specific network requests are
frequently sent between a network device and a server

A replay attack could _______________________________________
_____________________. The server might respond thinking the message
came from a _______________________________________
Security+ Guide to Network Security Fundamentals
24
Methods of Network Attacks

Protocol-based

Targeting vulnerabilities in network protocols is a
common method of attack since the ___________
is ____________________________ itself


Any system that uses this protocol is vulnerable
Wireless

Attacks unique to wireless networks have been
created
More to come…
Security+ Guide to Network Security Fundamentals, Third Edition
25
Protocol-Based Attacks

Antiquated protocols


_____________ protocols have been updated
often to address __________________________
__________ is another updated protocol


Used for __________________________ between
networked devices
The use of community strings in the first two versions of
the protocol- SNMPv1 and SNMPv2- created several
vulnerabilities


Also information was not sent in encrypted fashion
SNMPv3 is much more secure

Uses ___________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
26
Protocol-Based Attacks (continued)

DNS attacks


Domain Name System (_______________) is
the basis for ____________________________
today
DNS ____________________

___________ a ________________________ so
that when a user enters a symbolic name, she is
____________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
27
Protocol-Based Attacks (continued)
Fraudulent IP address
How can this IP address substitution take place?
Security+ Guide to Network Security Fundamentals, Third Edition
28
Protocol-Based Attacks (continued)

Substituting a fraudulent IP address can be
done in one of two different _____________:
1. TCP/IP ___________________ name system


If no entry exists for the requested name entered, the
external DNS system is referenced
Attackers can target the __________________
Or – the second location..
Security+ Guide to Network Security Fundamentals, Third Edition
29
Protocol-Based Attacks (continued)
2. External _____________________


Attack is called ____________________ (also
called _________________)
DNS servers exchange information between
themselves



AKA ________________________
Attacker attempts to convince the authentic DNS server
to ______________________________ sent from the
_____________________________________
See Figure 4-11 on following slide
Attacker sends a request to resolve a URL to IP address…
Valid DNS server doesn’t know and asks DNS server
controlled by attacker
Request from any
users will go to
attacker’s IP
address
Name server sends IP addresses
to the valid (victim) DNS serverwhich are actually IP addresses to
the attacker’s addresses.
-These IP addresses map to legit
URL’s
Security+ Guide to Network Security Fundamentals, Third Edition
31
Protocol-Based Attacks (continued)


DNS poisoning can be ________________
________________________ software,
_______ (Berkeley Internet Name Domain) or
__________ (DNS Security Extensions)
______________________


Almost the ___________________________
Attacker asks the _______________________
_______________, known as a DNS transfer

Possible for the attacker to _____________________
________ of the organization supporting the DNS server
Security+ Guide to Network Security Fundamentals, Third Edition
32
Protocol-Based Attacks (continued)

Address Resolution Protocol (_______)



________________________________________
_______________________________________
The IP address and the corresponding MAC
address are stored in an ARP cache for future
reference
ARP ____________________

An attacker could ________________________
________________ so that the corresponding IP
address would ______________________
Security+ Guide to Network Security Fundamentals, Third Edition
33
Protocol-Based Attacks (continued)


TCP/IP hijacking takes advantage of a weakness in
the TCP/IP protocol
The TCP header consists of _____________ that
are used as _____________________________


Updated as packets are sent and received between
devices
Packets may arrive out of order
 ________________ any packets with ___________
sequence numbers than has been
____________________________
 Receiving device will _______________ any packets
with __________________________ numbers than has
been received and acknowledged
Security+ Guide to Network Security Fundamentals, Third Edition
34
Protocol-Based Attacks (continued)


If both sender and receiver have incorrect
sequence numbers, the connection will “hang”
TCP/IP hijacking


In a TCP/IP hijacking attack, the attacker creates
fictitious (“spoofed”) TCP packets to take
advantage of the weaknesses
See handout for example of TCP/IP hijacking
Security+ Guide to Network Security Fundamentals, Third Edition
35
Wireless Attacks





In addition to TCP/IP attacks such as TCP/IP
hijacking and ARP poisoning, attacks _____
__________________ have been created
Rogue Access Points


Access Point that is _________________
_________________ (in a vulnerable
location) behind the firewall
An attacker who can access the network
through a rogue access point is _________
________________________________


Can ________ attack all devices on the network
Rogue APs ________________________
and opens the entire network and all users to
direct attacks
Security+ Guide to Network Security Fundamentals, Third Edition
37
Rogue Access Points (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
38
War Driving

____________________


Scanning


At regular intervals, a wireless AP sends a beacon frame to
_______________________________________________
_______________________ that want to join the network
 Used to establish and maintain communications
Wireless devices which _______________________
Wireless location mapping AKA _____________


______________________________________________
RF transmission
Process of finding a WLAN signal and recording
information about it
Security+ Guide to Network Security Fundamentals, Third Edition
39
War Driving (continued)


War driving can involve using an ________ to
search for wireless signals over a large area but
also _________ or a ____________ could be used
Tools for conducting war driving:




__________________ device
_________________ adapters
________________
Global positioning system receiver


To precisely locate the wireless network
_______________ to connect to the wireless network
Security+ Guide to Network Security Fundamentals, Third Edition
40
What is Bluetooth?




A wireless technology that uses short-range RF
transmissions and ________________________
_____________________ to a wide range of
computing / telecommuncation _____________
Provides for ________________________ between
devices
The __________________ standard was adapted
and expanded from the existing Bluetooth standard
Two types of 802.15.1 network topologies


___________ – Same channel contains __________ and
at _____________________
______________ – Connection in which ____________
__________________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
41
Bluesnarfing and Blue Jacking

____________________


The ___________________________ from a
wireless device __________________________
Allows an attacker to _____________________,
contact lists, etc


By simply connecting to that Bluetooth device
_________ the _____________________________
__________________

_______________________ from Bluetooth to
Bluetooth-enabled devices

No data is stolen
Security+ Guide to Network Security Fundamentals, Third Edition
42
Other Attacks and Frauds

Null sessions




_______________________ to a Microsoft
__________________________ computer that
________________________________
Could allow an attacker to connect to open a
channel over which he could gather information
about the device
Pose a serious ________________ to vulnerable
computers and _______________________ to
the operating systems
Later versions of Windows are not vulnerable
to null session attacks
Security+ Guide to Network Security Fundamentals, Third Edition
43
Other Attacks and Frauds (continued)

Domain Name Kiting


A type of fraud that involves _______________
______________ to do something unscrupulous
__________________________
________________ are organizations that
are ____________________________
________________________________

A five-day Add Grade Period (AGP) permits
registrars to delete any newly registered Internet
domain names and give a full refund of the
registration fee
Security+ Guide to Network Security Fundamentals, Third Edition
44
Other Attacks and Frauds (continued)

Domain Name Kiting (continued)



Unscrupulous registrants attempt to _________
_______________________ by ____________
_____________________________________
Recently expired domain names are indexed by search
engines
Visitors are _________________________________


Which is usually a single page Web with paid advertisement
links
Visitors who click on these links _____________
___________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
45
Summary




Network vulnerabilities include media-based
vulnerabilities and vulnerabilities in network devices
The same tools that network administrators use to
monitor network traffic and troubleshoot network
problems can also be used by attackers
Network devices often contain weak passwords,
default accounts, back doors, and vulnerabilities that
permit privilege escalation
Network attacks can be grouped into four categories
Security+ Guide to Network Security Fundamentals, Third Edition
46
Summary (continued)




Protocol-based attacks take advantage of
vulnerabilities in network protocols
Attacks on wireless systems have increased along
with the popularity of wireless networks
Other network attacks include null sessions, which
are unauthenticated connections to a system using
a legacy version of Microsoft windows
Domain Name Kiting is fraud that involves the use of
a grace period to delete newly registered domain
names
Security+ Guide to Network Security Fundamentals, Third Edition
47
Download