Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important



Similar documents
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

CS5008: Internet Computing

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Introduction of Intrusion Detection Systems

Chapter 8 Security Pt 2

CYBERTRON NETWORK SOLUTIONS

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Certified Ethical Hacker (CEH)

Network Security: Introduction

Security: Attack and Defense

Denial Of Service. Types of attacks

Description: Objective: Attending students will learn:

Directory and File Transfer Services. Chapter 7

Solution of Exercise Sheet 5

General Network Security

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Stop that Big Hack Attack Protecting Your Network from Hackers.

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Computer forensics

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Securing Cisco Network Devices (SND)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

CTS2134 Introduction to Networking. Module Network Security

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Security Technology White Paper

Attack and Defense Techniques

Firewalls, Tunnels, and Network Intrusion Detection

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)


20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Learn Ethical Hacking, Become a Pentester

A Decision Maker s Guide to Securing an IT Infrastructure

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

CMPT 471 Networking II

Topics in Network Security

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

CIT 380: Securing Computer Systems

Gaurav Gupta CMSC 681

How To Classify A Dnet Attack

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

1! Network forensics

Own your LAN with Arp Poison Routing

Cryptography and network security

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Ethical Hacking Course Layout

Footprinting and Reconnaissance Tools

Penetration Testing: Creating A Hacking Lab

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Denial of Service Attacks

Networks: IP and TCP. Internet Protocol

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Firewalls. Chapter 3

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Firewall Firewall August, 2003

CRYPTUS DIPLOMA IN IT SECURITY

Build Your Own Security Lab

Network Attacks and Defenses

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

1. Firewall Configuration

By David G. Holmberg, Ph.D., Member ASHRAE

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

SONDRA SCHNEIDER JOHN NUNES

Network Security: A Practical Approach. Jan L. Harrington

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Looking for Trouble: ICMP and IP Statistics to Watch

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

9 Simple steps to secure your Wi-Fi Network.

Network Traffic Analysis

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Packet Sniffer Detection with AntiSniff

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

NETWORK SECURITY WITH OPENSOURCE FIREWALL

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Assessing Network Security

Secure Software Programming and Vulnerability Analysis

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Transcription:

Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices Agenda Why Network Security is important Goals of Proper Network Security Types of Threats Types of Attackers Why are Vulnerable Attack Techniques Attack Tools & Methods Why Network Security is Important Putting Cameras, DVRs, Access and Alarm Transmitters onto networks creates opportunities for inside and outside hackers DDos Attack IPCCTV Attack Protected Premise Network DVR Network Switch Authorized Viewer IP Central Station A criminal hacker compromises a machine on the local network, and uses his access to hack the password of the authorized user, giving him viewing and access to the DVR. Compromised machine Criminal s computer 1

Goals of a Secured Network Physical Security Integrators need to understand the threats and how to protect against them Confidentiality Secrecy and Privacy of information transfers Integrity Information is correct and unaltered Availability Authorized users can access information and applications when needed Types of Threats Unauthorized access Stolen/damaged/modified data Disclosure of confidential information Hacker attacks Cyber Terrorism/Extortion Viruses and malware Denial of service Types of Attackers Script Kiddies Young hackers who download programs from the, hack into random targets Disgruntled (former) Employees Hacks specific target for revenge Cyber Criminals Hacks for payoff/extortion System Crackers Highly skilled, very knowledgeable about operating system vulnerabilities Why are Vulnerable Basic network technologies are open all machines talk to each other, protocols are common knowledge connections exposes 1000 s of networks on the grid Poor network management and planning Lack of firewalls, poor password management Why are Vulnerable Physical Security Issues Control of access to machines & network connections Volume of network traffic Any door will do If a hacker can get into a single machine on a network, they can use that machine to hack into another on that network 2

IP Packet Problems IP packet information can be manipulated Software programs readily available that can change any aspect of a packet Packets can be manipulated to probe networks or shut down servers or devices Operating System Fingerprints Network machines use an OS (operating system) program to perform underlying and basic functions Linux and Windows are the most common OS in use All OS have vulnerabilities that hackers can exploit Each OS handles specific packets and communications differently identifies the OS of a server when probed by a hacker IP Header Structure General Attack Methods Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Options Source Address Destination Address Padding Any aspect/setting of an IP packet can be manipulated. Modified packets are called raw. Reconnaissance Scanning Gaining Access Escalating Privileges Exploiting Access Covering Tracks & Maintaining Access Reconnaissance Passive Surveillance Web sites, company literature Sitting in parking lot Dumpster diving Reconnaissance Social Engineering Acting like you re someone else (on the phone, fax, email or in person) to gather information to help attack a network passwords, modem dial in numbers, server IP addresses, etc. Rogue Access Point Placing a Wi-Fi device in or near a building to fool wireless devices 3

Google Hacking Search: allinurl:tsweb/default.htm Reconnaissance Determining Network Range Dnsstuff.com demo Scanning Where and What Gathering the IP addresses of devices on the network, and what OS they re using Hackers scan networks with a variety of tools Ping Some networks turn off ping (ICMP) responses Scanning TCP 3 Way Handshake Hackers can send modified and/or out of sequence packets to gather responses from target machines TCP Three-Way Handshake Scanning Source #1 SYN (to port number) #2 SYN/ACK #3 ACK Destination TCP/IP Ports specific ports must be open to provide connections/communications 65,535 available ports Common Ports services like DNS, FTP, HTTP, often use specific port numbers Either side can send a RST flagged packet to end the communication. 4

Scanning Hackers scan for port status: Closed responds to scan, not available for communications Open services available, will communicate Stealth doesn t respond to scan, status unknown Filtered Behind firewall which restricts access Port Scan Options Scanning TCP Connect Scan TCP SYN Scan #1 SYN + port 110 SYN + Port 145 RST SYN/ACK Closed Port ACK Source RST Target #1 SYN + port 110 #2 SYN/ACK This scan attempts to establish full connections with each port on the target machine. Scanner RST Open Port TCP FIN Scan TCP XMAS Scan FIN + port 443 RST Closed Port FIN, URG, and PSH + port 443 RST Closed Port FIN + port 443 FIN, URG, and PSH + port 443 Scanner Scanner sends packet with FIN (shutdown) flag set. Open Port Scanner Scanner sends malformed packet with numerous flags set. Open Port 5

Scanning Why different port scans? Different scans for different OS Security settings/firewalls can make one scan work better than another Scanning OS Fingerprinting Different OS manipulate packets in distinct ways IP TTL TCP Window Size Fragmentation Handling IP type of Service Flag Scanning OS need security patching Version of OS will indicate level of security patching Known vulnerabilities can be exploited Buffer Overflow Password Cracking Gaining Access Social Engineering Hacker doesn t have to access primary attack get onto another machine, gain access, install sniffer, figure out how to gain access to main target Gaining Access Gaining Access Password Cracking/Theft 60% of unauthorized network usage comes from manipulation of passwords Brute force attack Buffer Overflow Entering illicit command data into an available input on a server 6

Escalation of Privileges Hacker wants administrator or root passwords allows complete control of network and/or devices Exploiting Access Install sniffers to gather packets email out or dump to internal file Steal other passwords Observe network activity Install rootkits software that attaches to OS, allows hacker access, hides hacker activities Erase/change log files Add users/passwords Covering Tracks & Maintaining Access Fix original vulnerability that let the hacker into the network Open TCP/IP ports Install Keystroke loggers Attack Tools & Methods Nmap multi-tool network scanner software DEMO Attack Tools & Methods Ethereal Packet sniffer and protocol analyzer DEMO Attack Tools & Methods Etherflood Floods switch with random MAC addresses can force switch to broadcast all packets DEMO 7

Attack Tools & Methods SMAC MAC address disguises DEMO Session Hi Jacking 1. Target Starts Session 2. Server ACK s Target Target Network Switch 3. Hacker RST s Target 4. Hacker takes over session I m the target Server Hacker Man in the Middle Attack Attack Tools & Methods Network Switch Denial of Service Attacks Stop a network or service from operating Target 1. Hacker sends poison ARP to target, says the hacker is the server Cut the phone lines, or attack over the network 2. Hacker sends poison ARP to server, says the hacker is the target Server 3. Target s session with server flows through hacker s PC Hacker Bandwidth Consumption DoS Attack SYN Flood DoS Attack Authorized User Hacker Authorized User SYN port 53 SYN port 80 SYN port 443 SYN port 110 Hacker sends millions of packets to server, filling ISP pipe, blocking authorized users Attacker establishes TCP/IP connections will multiple ports on server, locking out authorized users Hacker Target Server Target Server 8

Attack Tools & Methods Bad Fragmentation DoS Large files are transmitted as fragmented packets, with start and stop bit flags set Bad fragmentation can lock up some OS 0 1499 1500 Bad Fragmentation DoS Attack 2999 Normal Fragmentation 3000 4499 0 1699 2900 4499 1450 3300 Bad Fragmentation Attack Tools & Methods Distributed DoS Attack Ping of Death DoS Attacker sends huge Ping packets at target, larger than 65,536 bytes Receiving server locks up when attempting to reassemble the packets Authorized User Hacker Target Server Hackers control a few or hundreds of zombies, who use one of the DoS attack methods from many locations on the. Zombies Attack Tools & Methods Rogue/Evil Twin AP Wi-Fi Attacks WEP vulnerabilities Real AP Airsnort Demo Evil Twin AP attack Rogue/Twin AP Target The hacker programs another AP identically to the real AP. The target signs onto the rogue AP, and the hacker gathers passwords, usernames, account numbers, etc. Hacker 9

Strong Passwords Passwords need to be at least eight characters, letters, numbers, symbols, capitals and lower-case letters Passwords need to be changed regularly Data Encryption SSH Secure Shell SSL Secure Socket Layer SSH Negotiations Client Client requests SSH connection Handshake sets protocol version Key exchange/algorithm negotiation Secure session setup Remote application now available Server SSL Provides encrypted communications over the Uses port 443 as a default Passwords and data are encrypted DEMO- file LAN Virtual Private Network VPN Server Remote User w/vpn Client Software VPNs provide strong encryption of data (and passwords) traveling through the. Remote users can utilize VPN software for secure remote connections. Notice that while the VPN provides encryption, its likely that the data in the LAN is cleartext. Network Intrusion Detection systems Devices placed at ingress/egress points of network that detect unusual network traffic 10

Firewall types Packet Filtering each packet entering network is compared to an set of rules (access control list ACL). Options include: IP address to/from, source/destination port, TCP flags, protocols, direction in/out Firewall types Stateful Inspection maintains a state table and allows or denies packets based on the state of the connection keeps track of TCP three-way handshakes Deny All doctrine Close off all ports, protocols, IP addresses that are not needed for communications Egress Filtering What goes out of a network can be more important that packets coming in. Firewalls can be configured to watch for suspicious packets leaving the network. Patch Maintenance Security vulnerabilities will be found. Security contractors need to consider their devices and ask these questions: Can the device be patched? How will patches be installed? Who will do the patches at a remote location? Connection Security Turn off unused switch ports Physical security of telecom closets Periodically check for rogue access points Require regular password changes Increase employee awareness of social engineering schemes 11

Understand the threat Security Patch maintenance Scan networks for vulnerabilities and fix em Reference Sources Certified Ethical Hacker, Michael Gregg, Que Publishing Security+ ExamCram2, Kirk Hausman, Que Publishing Secrets and Lies, Bruce Schneier, Wiley Publishing 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information