1 / 53

Network Security

Network Security. Kevin Diep. Outline. The five phrases of network penetration How to prevent exploitations and network vulnerability Ethical issues behind such attacks. Phase 1: Reconnaissance. To collect and gain information Low-Technology Reconnaissance: Social Engineering

dezso
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Kevin Diep

  2. Outline • The five phrases of network penetration • How to prevent exploitations and network vulnerability • Ethical issues behind such attacks

  3. Phase 1: Reconnaissance • To collect and gain information • Low-Technology Reconnaissance: • Social Engineering • Physical Break-In • Dumpster Diving

  4. Social Engineering • Social engineering involves an attacker calling employees at the target organization on the phone and duping them into revealing sensitive information • Finding pretext to obtain privileged information or services • Social engineering is deception, pure and simple.

  5. Social Engineering • Several of social engineering's "greatest hits" are • A new employee calls the help desk trying to figure out how to perform a particular task on the computer. • An angry manager calls a lower level employee because a password has suddenly stopped working.

  6. Social Engineering • A system administrator calls an employee to fix an account on the system, which requires using a password. • An employee in the field has lost some important information and calls another employee to get the remote access phone number

  7. Physical Break-In • An external attacker might try to walk through a building entrance, sneaking in with a group of employees on their way into work • An attacker might simply try grabbing a USB Thumb drive, CD, DVD, backup tape, hard drive, or even a whole computer containing sensitive data and walking out with it tucked under a coat.

  8. Dumpster Diving • Retrieving sensitive information from trash such ask discarded paper, CDs, DVDs, floppy disks, tapes, and hard drives containing sensitive data. • Dumpster diving is especially effective when used for corporate espionage

  9. Phase 1: Reconnaissance • Higher-Technology Reconnaissance: • Searching the Web • Using the Whois Database

  10. Reconnaissance via Searching the Web • Searching an organization’s own web site • Employees’ contact information and phone numbers • Clues about the corporate culture and language • Business partners • Recent mergers and acquisitions • Server and application platforms in use

  11. Reconnaissance via Whois Database • These databases contain a variety of data elements regarding the assignment of domain names, individual contacts, and even Internet Protocol (IP) addresses

  12. Phase 2: Scanning • After the reconnaissance phase, the attacker is armed with some vital information about the target infrastructure • a handful of telephone numbers, domain names, IP addresses, and technical contact information • Most attackers then use this knowledge to scan target systems looking for openings

  13. Phase 2: Scanning • War Dialing • Network Mapping • Port Scanning

  14. War-dialing attack • Searching for a modem in a target's telephone exchange to get access to a computer on their network • You can manually do it yourself or use tools that automates the task for you, dialing large pools of telephone numbers in an effort to find unprotected modems. • These tools can scan in excess of 1,000 telephone numbers in a single night using a single computer with a single phone line

  15. Phase 2: Network Mapping • Finding live hosts • ICMP pings • Traceroute • We can use this feature to determine the paths that packets take across a network

  16. Phase 2: Port Scanning • Used software to find open ports • Nmap, Strobe, Ultrascan

  17. Phase 2: Scanning

  18. Phase 3: Gaining Access • Gaining access to retrieve sensitive information from the victim • Use the victim as a launching platform to attack other victim • Destroy the victim file • Two methods of gaining access • Gaining Access using Application and OS attacks • Gaining Access using Network attacks

  19. Phase 3: Gaining Access Using Application and OS Attacks • Password attacks • Web application attacks

  20. Password Attacks • Password Guessing Attacks • Users often choose passwords that are easy to remember, but are also easily guessed • default passwords used by vendors left unchanged • Password Guessing Through Login Attacks • run a tool that repeatedly tries to log in to the target system across the network, guessing password after password

  21. Phase 3: Password Cracking • More sophisticated and faster than password guessing through login script • Requires access to a file containing user names and encrypted passwords

  22. Phase 3: Password Cracking • A password-cracking tool can form its password guesses in a variety of ways. • Words in the dictionary • Many password-cracking tools also support brute-force cracking • guesses every possible combination of characters to determine the password (a–z and 0–9) and special characters (!@#$, and so on). • this brute-force guessing process can take an enormous amount of time, ranging from hours to centuries

  23. Phase 3: Gaining Access • Web Application Attacks • Account Harvesting • SQL Piggy

  24. Account Harvesting User ID is incorrect Password is incorrect

  25. Account Harvesting • Attackers can write a script to brute-force guessing all possible user IDs using a false password. • If an error message is returned indicating that the user ID is valid, they will store that to a file, and reverse the process and guessing the password for the successful ID they just obtained.

  26. SQL Piggybacking • Attacker may can extend an application’s SQL statement to extract or update information that the attacker is not authorized to access • Attacker will explore how the Web application interacts with the back-end database by finding a user-supplied input string that will be part of a database query

  27. Phase 3: Gaining Access Using Network Attacks • Sniffing • IP Spoofing

  28. Phase 3: Sniffing • Sniffer • Allows attacker to see everything sent across the network, including userIDs and passwords • Island Hopping Attack • Attacker initially takes over a machine via some exploit • Attacker installs a sniffer to capture userIDs and passwords to take over other machines

  29. Phase 3: IP Spoofing • Just change your IP address to the other system's address • If the attacker just wants to send packets that look like they come from somewhere else

  30. Phase 4: Maintaining Access • Trojan Horses • Software program containing a concealed malicious capability but appears to be benign, useful, or attractive to users • Backdoor • Software that allows an attacker to access a machine using an alternative entry method • Installed by attackers after a machine has been compromised • May Permit attacker to access a computer without needing to provide account names and passwords

  31. Phase 4: Maintaining Access • Trojan Horse Backdoors • Programs that combine features of backdoors and Trojan horses • Not all backdoors are Trojan horses • Not all Trojan horses are backdoors • Programs that seem useful but allows an attacker to access a system and bypass security controls

  32. Phase 4: Maintaining Access • Categories of Trojan Horse Backdoors • Application-level Trojan Horse Backdoor • A separate application runs on the system that provides backdoor access to attacker • Traditional RootKits • Critical operating system executables are replaced by attacker to create backdoors and facilitate hiding • Kernel-level RootKits • Operating system kernel itself is modified to allow backdoor access and to help attacker to hide

  33. Application-level Trojan Horse Backdoor • User must be tricked into installing this application which gives attacker backdoor access and complete control over victim’s machine • Back Orifice 2000 • Tricking Users to install Trojan Backdoors • embed backdoor application in another innocent looking program via “wrappers” • Wrapper creates one Trojan EXE application from two separate EXE programs

  34. Traditional RootKits • A suite of tools that allow an attacker to maintain root-level access via a backdoor and hiding evidence of a system compromise • More powerful than application-level Trojan horse backdoors(eg. BO2K, Netcat) since the latter run as separate programs which are easily detectable • a more insidious form of Trojan horse backdoor than application-level counterparts since existing critical system components are replaced to let attacker have backdoor access and hide

  35. A RootKit replaces /bin/login with a modified version that includes a backdoor password for root access

  36. Kernel-Level RootKits • More sinister, devious, and nasty than traditional RootKits • Operating system kernel replaced by a Trojan horse kernel that appears to be well-behaved but in actuality is rotten to the core • Trojanized kernel can intercept system calls and run another application chosen by atttacker

  37. File Hiding • Attacker can hide specific subdirectories and files • Process Hiding • Attacker can be running Netcat listener but the kernel will not report its existence to ps • Network Hiding • Attacker can tell kernel to lie to netstat about network port being used by a backdoor program

  38. Phase 5: Covering Tracks and Hiding • Hiding Evidence by Altering Event Logs • Attackers like to remove evidence from logs associated with attacker’s gaining access, elevating privileges,and installing RootKits and backdoors • Create hidden file from the user • Covert Channels • Communication channels that disguises data while it moves across the network to avoid detection • Can be used to remotely control a machine and to secretly transfer files or applications

  39. Preventing Exploitations • Rule of thumb • Don’t give out sensitive information to anyone • Don’t let attacker get root or administrator access on hosts • Harden OS • Install latest security patches • Install network IDS • Use antivirus tools • Know your software • Disable all unneeded services and ports

More Related