Fundamental Principles of a
Secure network
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Evolution of Network Security
• In July 2001, the Code Red worm attacked web servers globally,
infecting over 350,000 hosts.
• The Code Red worm caused a Denial of Service (DoS) to millions
of users.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.co
75 trang |
Chia sẻ: phuongt97 | Lượt xem: 552 | Lượt tải: 1
Bạn đang xem trước 20 trang nội dung tài liệu Bài giảng CCNA Security - Chapter 1: Modern Network Security Threats, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
twork:
– Packet sniffers
– Ping sweeps
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
– Port scans
– Internet information queries
Refer: 1.3.1.2
Reconnaissance Attacks
• A packet sniffer is a software application that uses a network adapter card
in promiscuous mode to capture all network packets that are sent across a
LAN.
• Packet sniffers can only work in the same collision domain as the network
being attacked, unless the attacker has access to the intermediary
switches.
• Numerous freeware and shareware packet sniffers, such as Wireshark, are
available and do not require the user to understand anything about the
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
underlying protocols.
• Refer: 1.3.1.3
Reconnaissance Attacks
• Refer: 1.3.1.4
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Reconnaissance Attacks
• Keep in mind that reconnaissance attacks are typically the precursor to
further attacks with the intention of gaining unauthorized access to a
network or disrupting network functionality.
• A network security professional can detect when a reconnaissance attack
is underway by configured alarms that are triggered when certain
parameters are exceeded, such as ICMP requests per second.
• A Cisco ISR supports the security technologies that enable these types of
alarms to be triggered.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
• Host-based intrusion prevention systems and standalone network-based
intrusion detection systems can also be used to notify when a
reconnaissance attack is occurring.
Access Attacks
• Hackers use access attacks on networks or systems for three reasons:
retrieve data, gain access, and escalate access privileges.
• Access attacks often employ password attacks to guess system
passwords.
• Password attacks can be implemented using several methods, including
brute-force attacks, Trojan Horse programs, IP spoofing, and packet
sniffers
• A brute-force attack is often performed using a program that runs across
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
the network and attempts to log in to a shared resource, such as a server.
• Refer: 1.3.2.1
Access Attacks
• There are five types of access attacks:
• An attacker attempts to guess system passwords.
Password attack
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Access Attacks
• Refer: 1.3.2.2
• An attacker uses privileges granted to a system in an unauthorized way
Trust exploitation
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Access Attacks
• A compromised system is used as a jump-off point for attacks against
other targets
Port redirection
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Access Attacks
• An attacker is positioned in the middle of communications between two
legitimate entities in order to read or modify the data that passes between
the two parties.
Man-in-the-middle attack
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Access Attacks
• A program writes data beyond the allocated buffer memory.
• A result of the overflow is that valid data is overwritten or exploited to
enable the execution of malicious code.
Buffer overflow
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Access Attacks
• Access attacks in general can be detected by reviewing logs, bandwidth
utilization, and process loads.
• Example: ManageEngine EventLog Analyzer or Cisco Secure Access
Control Server (CSACS)
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Denial of Service Attacks
Refer: 1.3.3.1
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
• A DoS attack is a network attack that devices can not provide service for
user because of overflow buffer or CPU and so on.
• There are two major reasons a DoS attack occurs:
– A host or application fails to handle an unexpected condition, such as
maliciously formatted input data, an unexpected interaction of system
components, or simple resource exhaustion.
– A network, host, or application is unable to handle an enormous
quantity of data, causing the system to crash or become extremely
slow.
Denial of Service Attacks
• Refer: 1.3.3.2
DoS attack
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Denial of Service Attacks
• Refer: 1.3.3.2
A Distributed Denial of Service Attack (DDoS)
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Denial of Service Attacks
• Ping of Death
– In a ping of death attack, a hacker sends an echo request in an IP
packet larger than the maximum packet size of 65,535 bytes.
– Sending a ping of this size can crash the target computer.
– A variant of this attack is to crash a system by sending ICMP
fragments, which fill the reassembly buffers of the target.
• Refer: 1.3.3.3:
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Denial of Service Attacks
• Smurf Attack
– In a smurf attack, a perpetrator sends a large number of ICMP requests
to directed broadcast addresses, all with spoofed source addresses on
the same network as the respective directed broadcast.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Denial of Service Attacks
• TCP SYN Flood
– In a TCP SYN flood attack, a flood of TCP SYN packets is sent, often
with a forged sender address.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Denial of Service Attacks
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
There are five basic ways that DoS attacks can do harm:
1. Consumption of resources, such as bandwidth, disk space, or processor
time
2. Disruption of configuration information, such as routing information
3. Disruption of state information, such as unsolicited resetting of TCP
sessions
4. Disruption of physical network components
5. Obstruction of communication between the victim and others.
Mitigating Network Attacks
The important question is, 'How do I mitigate
these network attacks?'
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Mitigating Network Attacks
Mitigating Reconnaissance Attack
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Mitigating Network Attacks
Mitigating Access Attack
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Mitigating Network Attacks
Mitigating DoS Attack
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
10 best practices represent the best insurance for network:
1. Keep patches up to date by installing them weekly or daily, if possible,
to prevent buffer overflow and privilege escalation attacks.
2. Shut down unnecessary services and ports.
3. Use strong passwords and change them often
4. Control physical access to systems.
5.
Mitigating Network Attacks
Avoid unnecessary web page inputs.
6. Perform backups and test the backed up files on a regular basis.
7. Educate employees about the risks of social engineering, and develop
strategies to validate identities over the phone, via email, or in person.
8. Encrypt and password-protect sensitive data.
9. Implement security hardware and software such as firewalls, IPSs,
virtual private network (VPN) devices, anti-virus software, and content
filtering.
10. Develop a written security policy for the company.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Mitigating Network Attacks
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Summary
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Các file đính kèm theo tài liệu này:
- bai_giang_ccna_security_chapter_1_modern_network_security_th.pdf