Network Threats and Vulnerabilities. Ed Crowley

Transcription

1 Network Threats and Vulnerabilities Ed Crowley

2 Objectives At the end of this unit, you will be able to describe and explain: Network attack terms Major types of attacks including Denial of Service DoS and DDoS Attacks Buffer Overflows Ping of Death Session Highjacking SQL Injection and Cross Site Scripting Identify physical security attacks and vulnerabilities 2

3 Related Terms Attack Any attempt by an unauthorized person to access or use network resources or compromise availability Network security Concerned with security of network assets Computer security Concerned with the security of a computer not part of a network infrastructure Computer crime Worldwide fastest growing crime type 3

4 Denial-of-Service Attacks Denial-of-Service (DoS) attack Prevents legitimate users from accessing resources Some forms do not involve computers Do not attempt to access information Attacks network availability Performing a DoS attack as test is unwise Only need to prove potential attack Penetration testers need to make sure that they don t DoS by accident Certain web server tests can knock down server 4

5 Distributed Denial-of-Service Attacks DoS attack from multiple systems Network could be flooded with billions of requests Loss of bandwidth Speed degradation Often, participants (Zombies) not aware they are part of the attack Attacking computers could be controlled using Trojan programs with commands routed through IRC bots or other third parties 5

6 Buffer Overflow Attacks Code vulnerability Code fails to check for input data size Twofold Goal Fill overflow buffer with executable code at appropriate position OS executes this overflow code Code elevates attacker s permission Administrator Owner of running application If position not optimum, likely program crash (DoS) 6

7 Ping of Death DoS attack Older, GUI based, attack (late 1990s) Process Attacker creates large ICMP packet More than 65,535 bytes Large packet is fragmented at source network Destination network reassembles large packet Destination point cannot handle oversize packet and crashes Unpatched Win 95 bluescreens 7

8 Session Hijacking Enables attacker to join a TCP session Attacker makes both parties think he or she is the other party 8

9 SQL Injection A code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. 9

10 Cross Site Scripting XSS A type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls. In 2007, roughly 80% of all security vulnerabilities documented by Symantec were cross-site scripting. 10

11 Physical Security Protecting network requires physical security Inside attacks more likely than external attacks If you don t have physical security, you don t have cyber security. 11

12 Keyloggers Capture computer keystrokes. May be implemented in Hardware or Software Software Trojan like May send info out on net or may require physical pickup Hardware Easy to install Goes between the keyboard and the motherboard Examples include KeyKatcher and KeyGhost 12

13 Physical Security Physically restrict server access Locks don t stop attackers, locks slow down or deter attackers With a week or two of practice, average person can pick a deadbolt lock in less than five minutes. With experience, deadbolt locks can be picked in under 30 seconds. Rotary locks harder to pick In secure areas, important to log everyone entering and leaving room For better security, security cards can be used rather than keys 13

14 Questions? Originally based upon Chapter 3 Network and Computer Attacks 14