Security in Networks1

8/13/2019 Security in Networks1

1/22

7.2 Threats in Networks

Network Security / G. Steffen 1


2/22

In This SectionWhat makes a network Vulnerable

Reasons for network attacks

Who Attacks Networks?

Who are the attackers? Why people attack?

Threats in Transit: Eavesdropping and Wiretapping

Different ways attackers attack a victim



3/22

What Makes a Network Vulnerable 1 How network differ from a stand-alone environment:

Anonymity

Attacker can mount an attack from thousands of miles away;passes through many hosts

Many points of attack

Both targets and origins

An attack can come from any host to any host

Sharing

More users have the potential to access networked systemsthan on single computers



4/22

How network differ from a stand-alone environment:

Complexity of System

Reliable security is difficult to obtain

Complex as many users do not know what their computers aredoing at any moment

Unknown Perimeter

One host may be a node on two different networks

Causing uncontrolled groups of possibly malicious users

Unknown Path

Can have multiple paths from one host to another.


What Makes a Network Vulnerable 2


5/22

Who Attacks Networks Challenge what would happen if I tried this approach or

technique? Can I defeat this network?

Fame

Money and Espionage

Organized Crime

Ideaology

Hacktivismbreaking into a computer system with theintent of disrupting normal operations but not causingserious damage

Cyberterroism- more dangerous than hacktivism can causegrave harm such as loss of life or severe economic damage



6/22

Reconnaissance 1 How attackers perpetrate attacks?

Port Scan

For a particular IP address, the program will gather networkinformation.

It tells an attacker which standard ports are being used, whichOS is installed on the target system, & what applications andwhich versions are present.

Social Engineering It gives an external picture of the network to the attacker.

Intelligence

Gathering all the information and making a plan.



7/22

How attackers perpetrate attacks?

Operating System & Application Fingerprinting

Determining what commercial application server applicationis running, what version

Bulletin Boards & Charts

Exchanging information and techniques online

Availability of Documentation

Vendors provide information on website about their productin order to develop compatible, complementary applications.For instance Microsoft


Reconnaissance 2


8/22

Threats in Transit Eavesdropping

Overhearing without expending any extra effort

Causing harm that can occur between a sender and areceiver

Wiretapping

Passive wiretapping

Similar to eavesdropping Active wiretapping

Injecting something into the communication



9/22

Wiretapping Communication Mediums 1 Cable

Packet sniffer A device that can retrieve all packets of LAN

Inductance a process where an intruder can tap a wire and readradiated signals without making physical contact with the cable

Microwave Signals are broadcasted through air, making more accessible to

hackers

Signals are not usually shielded or isolated to prevent interception

Satellite Communication Dispersed over a great area than the indented point of reception

Communications are multiplexed, the risk is small that any onecommunication will be interrupted

Greater potential than microwave signals



10/22

Wiretapping Communication Mediums 2 Optical Fiber

Not possible to tap an optical signal without detection

Inductive tap is not possible as optical fiber carries lightenergy

Hackers can obtain data from repeaters, splices , andtaps along a cable

Wireless Major threat is interception



11/22

Wiretap Vulnerabilities



12/22

Other Threats Protocol Flaws

Authentication Foiled by Guessing

Authentication Thwarted by Eavesdropping orWiretapping

Authentication Foiled by Avoidance

Nonexistent Authentication

Well-Known Authentication

Trusted Authentication



13/22

Other Threats Impersonation

Easier than wiretapping for obtaining information on a network More significant threat in WAN than in LAN

Spoofing An attacker obtains network credentials illegally and carries false

conversations

Masquerade One hosts pretends to be another Phishing is a variation of this kind of an attack.

Session hijacking Intercepting & carrying a session begun by another entity

Man-in-the-Middle Attack One entity intrudes between two others.



14/22

Key Interception by a Man-in-the

Middle Attack



15/22

Message Confidentiality Threats Misdelivery

Message can be delivered to someone other than theintended recipient

Exposure

Passive wiretapping is a source of message exposure

Traffic Flow Analysis

Protecting both the content of the message & the headerinformation that identifies the sender and receiver



16/22

Message Integrity Threats Falsification of Messages

An attacker may change content of the message on theway to the receiver

An attacker may destroy or delete a message

These attacks can be perpetrated by active wiretapping,Trojan horse, preempted hosts etc

Noise

These are unintentional interferences



17/22

Denial of Service (DOS)/ Availability Attacks Transmission Failure

Line cut

Network noise making a packet unrecognizable orundeliverable

Connection Flooding

Sending too much data

Protocol attacks: TCP, UDP, ICMP (Internet ControlMessage Protocol)



18/22

DOS Attacks 1 Echo-Chargen

Attack works between two hosts

Ping of Death Flood network with ping packets

Attack limited by the smallest bandwidth to victim

Smurf

It is a variation of ping attack

Syn Flood

Attack uses the TCP protocol suite



19/22

Distributed Denial of Service (DDoS)


To perpetrate a DDoS attack, an attackerfirst plants a Trojan horse on a targetmachine. This process is repeated with many

targets. Each of these targets systems thenbecome what is known as zombie. Then theattacker chooses a victim and sends a signalto all the zombies to launch the attack.

It means the victim counters nattacks fromthe nzombies all acting at once.


20/22

Summary Threats are raised against the key aspects of security :

confidentiality, integrity, and availability.


Target Vulnerability

Precursors to attack Port ScanSocial EngineeringReconnaissanceOS & Application Fingerprinting

Authentication Failures ImpersonationGuessingEavesdroppingSpoofingMan-in-the Middle Attack


21/22

Summary



Programming Flaws Buffer Overflow

Addressing ErrorsParameter ModificationsCookieMalicious Typed Code

Confidentiality Protocol FlawEavesdroppingPassive WiretapMisdeliveryCookie


22/22

Summary



Integrity Protocol Flaw

Active WiretapNoiseImpersonationFalsification of Message

Availability Protocol FlawConnection flooding, e.g., smurfDNS AttackTraffic RedirectionDDoS

Documents

Security in Networks1