Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

network security lecture

advertisement 
Network Security
Concern regarding the security of computer networks comprises three
aspects:
a. Secrecy: Connection between sender and destination should not be
understandable by any unwanted third-party.
b. Authentication: Indemnity of the communicating users must be approved
or granted by the each other.
c. Integrity: Data transmitted after connection must be received as it
is. No unwanted alteration is desirable.
Types of Attacks
Networks are subject to attacks from malicious sources. Attacks can be
from two categories: "Passive" when a network intruder intercepts data
traveling through the network, and "Active" in which an intruder
initiates commands to disrupt the network's normal operation.
Types of attacks include:
1. Passive
a. wiretapping
b. Port scanner
c. Idle scan
2. Active
Denial-of-service attack
Spoofing
Man in the middle
ARP poisoning
Smurf attack
Buffer overflow
Heap overflow
Format string attack
SQL injection
cyber attack
Wiretapping:
Telephone tapping (also wire tapping or wiretapping in American English)
is the monitoring of telephone and Internet conversations by a third
party, often by covert means. The wire tap received its name because,
historically, the monitoring connection was an actual electrical tap on
the telephone line. Legal wiretapping by a government agency is also
called lawful interception. Passive wiretapping monitors or records the
traffic, while active wiretapping alters or otherwise affects it.
Port Scanner
A port scanner is a software application designed to probe a server or
host for open ports. This is often used by administrators to verify
security policies of their networks and by attackers to identify running
services on a host with the view to compromise it.
A port scan or portscan can be defined as an attack that sends client
requests to a range of server port addresses on a host, with the goal of
finding an active port and exploiting a known vulnerability of that
service, although the majority of uses of a port scan are not attacks and
are simple probes to determine services available on a remote machine.
To portsweep is to scan multiple hosts for a specific listening port. The
latter is typically used in searching for a specific service, for
example, an SQL-based computer worm may portsweep looking for hosts
listening on TCP port 1433.
Idle Scan
The attack involves sending forged packets to a specific machine target
in an effort to find distinct characteristics of another zombie machine.
The attack is sophisticated because there is no interaction between the
attacker computer and the target: the attacker interacts only with the
"zombie" computer.
Denial of Service
A denial-of-service attack (DoS attack) or distributed denial-of-service
attack (DDoS attack) is an attempt to make a machine or network resource
unavailable to its intended users. Although the means to carry out,
motives for, and targets of a DoS attack may vary, it generally consists
of efforts to temporarily or indefinitely interrupt or suspend services
of a host connected to the Internet.
One common method of attack involves saturating the target machine with
external communications requests, so much so that it cannot respond to
legitimate traffic, or responds so slowly as to be rendered essentially
unavailable. Such attacks usually lead to a server overload. In general
terms, DoS attacks are implemented by either forcing the targeted
computer(s) to reset, or consuming its resources so that it can no longer
provide its intended service or obstructing the communication media
between the intended users and the victim so that they can no longer
communicate adequately.
Spoofing
A spoofing attack is a situation in which one person or program
successfully masquerades as another by falsifying data and thereby
gaining an illegitimate advantage.
IP Spoofing is one of the most common types of attacks. This is where one
host claims to have the IP address of another. Since many systems (such
as router access control lists) define which packets may and which
packets may not pass based on the sender's IP address, this is a useful
technique to an attacker: he can send packets to a host, perhaps causing
it to take some sort of action.
Additionally, some applications allow login based on the IP address of
the person making the request.
Man in the Middle
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM,
MITMA) in cryptography and computer security is a form of active
eavesdropping in which the attacker makes independent connections with
the victims and relays messages between them, making them believe that
they are talking directly to each other over a private connection, when
in fact the entire conversation is controlled by the attacker. The
attacker must be able to intercept all messages going between the two
victims and inject new ones, which is straightforward in many
circumstances (for example, an attacker within reception range of an
unencrypted Wi-Fi wireless access point, can insert himself as a man-inthe-middle).
A man-in-the-middle attack can succeed only when the attacker can
impersonate each endpoint to the satisfaction of the other — it is an
attack on mutual authentication (or lack thereof). Most cryptographic
protocols include some form of endpoint authentication specifically to
prevent MITM attacks. For example, SSL can authenticate one or both
parties using a mutually trusted certification authority.
ARP Poisoning
ARP poisoning is a technique whereby an attacker sends fake ("spoofed")
Address Resolution Protocol (ARP) messages onto a Local Area Network.
Generally, the aim is to associate the attacker's MAC address with the IP
address of another host (such as the default gateway), causing any
traffic meant for that IP address to be sent to the attacker instead.
ARP spoofing may allow
modify the traffic, or
used as an opening for
the middle, or session
an attacker to intercept data frames on a LAN,
stop the traffic altogether. Often the attack is
other attacks, such as denial of service, man in
hijacking attacks.
The attack can only be used on networks that make use of the Address
Resolution Protocol (ARP), and is limited to local network segments.
IP Session Hijacking.
This is a relatively sophisticated attack, first described by Steve
Bellovin [3]. This is very dangerous, however, because there are now
toolkits available in the underground community that allow otherwise
unskilled bad-guy-wannabes to perpetrate this attack. IP Session
Hijacking is an attack whereby a user's session is taken over, being in
the control of the attacker. If the user was in the middle of email, the
attacker is looking at the email, and then can execute any commands he
wishes as the attacked user. The attacked user simply sees his session
dropped, and may simply login again, perhaps not even noticing that the
attacker is still logged in and doing things.
This can be solved by replacing standard telnet-type applications with
encrypted versions of the same thing. In this case, the attacker can
still take over the session, but he'll see only ``gibberish'' because the
session is encrypted. The attacker will not have the needed cryptographic
key(s) to decrypt the data stream from G, and will, therefore, be unable
to do anything with the session.
Related documents
Finding_26
Finding_26
Concerns for College Students - Sexual Assault Response Services
Concerns for College Students - Sexual Assault Response Services
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
Abstract
Abstract
Hands on Demonstration for Testing Security in Web Applications
Hands on Demonstration for Testing Security in Web Applications
rsync program contain a exploitable vulnerability
rsync program contain a exploitable vulnerability
Sample final 1
Sample final 1
Security Lab 2 MAN IN THE MIDDLE ATTACK
Security Lab 2 MAN IN THE MIDDLE ATTACK
Download
advertisement