7.

2 Threats in Networks

Network Security / G. Steffen

In This Section
What makes a network Vulnerable Reasons for network attacks
Who Attacks Networks? Who are the attackers? Why people attack? Threats in Transit: Eavesdropping and Wiretapping Different ways attackers attack a victim

Network Security / G. Steffen

What Makes a Network Vulnerable 1

How network differ from a stand-alone environment: Anonymity

Attacker can mount an attack from thousands of miles away; passes through many hosts Both targets and origins An attack can come from any host to any host More users have the potential to access networked systems than on single computers

Many points of attack

Sharing

Network Security / G. Steffen

What Makes a Network Vulnerable 2

How network differ from a stand-alone environment: Complexity of System

Reliable security is difficult to obtain Complex as many users do not know what their computers are doing at any moment One host may be a node on two different networks Causing uncontrolled groups of possibly malicious users Can have multiple paths from one host to another.
Network Security / G. Steffen 4

Unknown Perimeter

Unknown Path

Who Attacks Networks

Challenge what would happen if I tried this approach or

technique? Can I defeat this network? Fame Money and Espionage Organized Crime Ideaology
Hacktivism breaking into a computer system with the

intent of disrupting normal operations but not causing serious damage Cyberterroism- more dangerous than hacktivism can cause grave harm such as loss of life or severe economic damage
Network Security / G. Steffen 5

Reconnaissance 1
How attackers perpetrate attacks? Port Scan

For a particular IP address, the program will gather network information. It tells an attacker which standard ports are being used, which OS is installed on the target system, & what applications and which versions are present.

Social Engineering

It gives an external picture of the network to the attacker.

Gathering all the information and making a plan.
Network Security / G. Steffen 6

Intelligence

Reconnaissance 2
How attackers perpetrate attacks? Operating System & Application Fingerprinting

Determining what commercial application server application is running, what version Exchanging information and techniques online Vendors provide information on website about their product in order to develop compatible, complementary applications. For instance Microsoft

Bulletin Boards & Charts

Availability of Documentation

Network Security / G. Steffen

Threats in Transit
Eavesdropping Overhearing without expending any extra effort Causing harm that can occur between a sender and a receiver Wiretapping Passive wiretapping

Similar to eavesdropping Injecting something into the communication

Active wiretapping

Network Security / G. Steffen

Wiretapping Communication Mediums 1

Cable Packet sniffer A device that can retrieve all packets of LAN Inductance a process where an intruder can tap a wire and read radiated signals without making physical contact with the cable Microwave Signals are broadcasted through air, making more accessible to hackers Signals are not usually shielded or isolated to prevent interception Satellite Communication Dispersed over a great area than the indented point of reception Communications are multiplexed, the risk is small that any one communication will be interrupted Greater potential than microwave signals
Network Security / G. Steffen 9

Wiretapping Communication Mediums 2

Optical Fiber Not possible to tap an optical signal without detection Inductive tap is not possible as optical fiber carries light energy Hackers can obtain data from repeaters, splices , and taps along a cable Wireless Major threat is interception

Network Security / G. Steffen

10

Wiretap Vulnerabilities

Network Security / G. Steffen

11

Other Threats
Protocol Flaws
Authentication Foiled by Guessing Authentication Thwarted by Eavesdropping or

Wiretapping Authentication Foiled by Avoidance Nonexistent Authentication Well-Known Authentication Trusted Authentication

Network Security / G. Steffen

12

Other Threats
Impersonation Easier than wiretapping for obtaining information on a network More significant threat in WAN than in LAN Spoofing An attacker obtains network credentials illegally and carries false conversations Masquerade One hosts pretends to be another Phishing is a variation of this kind of an attack. Session hijacking Intercepting & carrying a session begun by another entity Man-in-the-Middle Attack One entity intrudes between two others.
Network Security / G. Steffen 13

Key Interception by a Man-in-the Middle Attack

Network Security / G. Steffen

14

Message Confidentiality Threats

Misdelivery Message can be delivered to someone other than the intended recipient Exposure Passive wiretapping is a source of message exposure Traffic Flow Analysis Protecting both the content of the message & the header information that identifies the sender and receiver
Network Security / G. Steffen 15

Message Integrity Threats

Falsification of Messages An attacker may change content of the message on the way to the receiver An attacker may destroy or delete a message These attacks can be perpetrated by active wiretapping, Trojan horse, preempted hosts etc Noise These are unintentional interferences

Network Security / G. Steffen

16

Denial of Service (DOS)/ Availability Attacks

Transmission Failure Line cut Network noise making a packet unrecognizable or undeliverable Connection Flooding Sending too much data Protocol attacks: TCP, UDP, ICMP (Internet Control Message Protocol)

Network Security / G. Steffen

17

DOS Attacks 1
Echo-Chargen Attack works between two hosts Ping of Death Flood network with ping packets Attack limited by the smallest bandwidth to victim Smurf It is a variation of ping attack Syn Flood Attack uses the TCP protocol suite
Network Security / G. Steffen 18

Distributed Denial of Service (DDoS)

To perpetrate a DDoS attack, an attacker first plants a Trojan horse on a target machine. This process is repeated with many targets. Each of these targets systems then become what is known as zombie. Then the attacker chooses a victim and sends a signal to all the zombies to launch the attack. It means the victim counters n attacks from the n zombies all acting at once.

Network Security / G. Steffen

19

Summary
Threats are raised against the key aspects of security :

confidentiality, integrity, and availability.

Target Precursors to attack Vulnerability Port Scan Social Engineering Reconnaissance OS & Application Fingerprinting Impersonation Guessing Eavesdropping Spoofing Man-in-the Middle Attack
20

Authentication Failures

Network Security / G. Steffen

Summary
Target
Programming Flaws

Vulnerability
Buffer Overflow Addressing Errors Parameter Modifications Cookie Malicious Typed Code Protocol Flaw Eavesdropping Passive Wiretap Misdelivery Cookie

Confidentiality

Network Security / G. Steffen

21

Summary
Target
Integrity

Vulnerability
Protocol Flaw Active Wiretap Noise Impersonation Falsification of Message Protocol Flaw Connection flooding, e.g., smurf DNS Attack Traffic Redirection DDoS

Availability

Network Security / G. Steffen

22