Bài giảng CCNA Security - Chapter 1: Modern Network Security Threats

twork: – Packet sniffers – Ping sweeps Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com – Port scans – Internet information queries Refer: 1.3.1.2 Reconnaissance Attacks • A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. • Packet sniffers can only work in the same collision domain as the network being attacked, unless the attacker has access to the intermediary switches. • Numerous freeware and shareware packet sniffers, such as Wireshark, are available and do not require the user to understand anything about the Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com underlying protocols. • Refer: 1.3.1.3 Reconnaissance Attacks • Refer: 1.3.1.4 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Reconnaissance Attacks • Keep in mind that reconnaissance attacks are typically the precursor to further attacks with the intention of gaining unauthorized access to a network or disrupting network functionality. • A network security professional can detect when a reconnaissance attack is underway by configured alarms that are triggered when certain parameters are exceeded, such as ICMP requests per second. • A Cisco ISR supports the security technologies that enable these types of alarms to be triggered. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com • Host-based intrusion prevention systems and standalone network-based intrusion detection systems can also be used to notify when a reconnaissance attack is occurring. Access Attacks • Hackers use access attacks on networks or systems for three reasons: retrieve data, gain access, and escalate access privileges. • Access attacks often employ password attacks to guess system passwords. • Password attacks can be implemented using several methods, including brute-force attacks, Trojan Horse programs, IP spoofing, and packet sniffers • A brute-force attack is often performed using a program that runs across Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com the network and attempts to log in to a shared resource, such as a server. • Refer: 1.3.2.1 Access Attacks • There are five types of access attacks: • An attacker attempts to guess system passwords. Password attack Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Access Attacks • Refer: 1.3.2.2 • An attacker uses privileges granted to a system in an unauthorized way Trust exploitation Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Access Attacks • A compromised system is used as a jump-off point for attacks against other targets Port redirection Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Access Attacks • An attacker is positioned in the middle of communications between two legitimate entities in order to read or modify the data that passes between the two parties. Man-in-the-middle attack Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Access Attacks • A program writes data beyond the allocated buffer memory. • A result of the overflow is that valid data is overwritten or exploited to enable the execution of malicious code. Buffer overflow Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Access Attacks • Access attacks in general can be detected by reviewing logs, bandwidth utilization, and process loads. • Example: ManageEngine EventLog Analyzer or Cisco Secure Access Control Server (CSACS) Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Denial of Service Attacks Refer: 1.3.3.1 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com • A DoS attack is a network attack that devices can not provide service for user because of overflow buffer or CPU and so on. • There are two major reasons a DoS attack occurs: – A host or application fails to handle an unexpected condition, such as maliciously formatted input data, an unexpected interaction of system components, or simple resource exhaustion. – A network, host, or application is unable to handle an enormous quantity of data, causing the system to crash or become extremely slow. Denial of Service Attacks • Refer: 1.3.3.2 DoS attack Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Denial of Service Attacks • Refer: 1.3.3.2 A Distributed Denial of Service Attack (DDoS) Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Denial of Service Attacks • Ping of Death – In a ping of death attack, a hacker sends an echo request in an IP packet larger than the maximum packet size of 65,535 bytes. – Sending a ping of this size can crash the target computer. – A variant of this attack is to crash a system by sending ICMP fragments, which fill the reassembly buffers of the target. • Refer: 1.3.3.3: Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Denial of Service Attacks • Smurf Attack – In a smurf attack, a perpetrator sends a large number of ICMP requests to directed broadcast addresses, all with spoofed source addresses on the same network as the respective directed broadcast. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Denial of Service Attacks • TCP SYN Flood – In a TCP SYN flood attack, a flood of TCP SYN packets is sent, often with a forged sender address. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Denial of Service Attacks Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com There are five basic ways that DoS attacks can do harm: 1. Consumption of resources, such as bandwidth, disk space, or processor time 2. Disruption of configuration information, such as routing information 3. Disruption of state information, such as unsolicited resetting of TCP sessions 4. Disruption of physical network components 5. Obstruction of communication between the victim and others. Mitigating Network Attacks The important question is, 'How do I mitigate these network attacks?' Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Mitigating Network Attacks Mitigating Reconnaissance Attack Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Mitigating Network Attacks Mitigating Access Attack Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Mitigating Network Attacks Mitigating DoS Attack Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com 10 best practices represent the best insurance for network: 1. Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks. 2. Shut down unnecessary services and ports. 3. Use strong passwords and change them often 4. Control physical access to systems. 5. Mitigating Network Attacks Avoid unnecessary web page inputs. 6. Perform backups and test the backed up files on a regular basis. 7. Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person. 8. Encrypt and password-protect sensitive data. 9. Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, anti-virus software, and content filtering. 10. Develop a written security policy for the company. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Mitigating Network Attacks Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Summary Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com