1 / 32

Network Threats and Mitigation: Understanding Common Vulnerabilities and Implementing Hardening Techniques

This chapter covers various network threats, including Denial of Service (DoS) attacks, viruses, and other common vulnerabilities. It also discusses techniques for installing patches and updates, implementing network hardening, and troubleshooting security issues.

solomonc
Télécharger la présentation

Network Threats and Mitigation: Understanding Common Vulnerabilities and Implementing Hardening Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Click to edit Master subtitle style Chapter 14: Network Threats and Mitigation

  2. Chapter 14 Objectives • The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter: • 2.5 Given a scenario, install and apply patches and updates • • OS updates • • Firmware updates • • Driver updates • • Feature changes/updates • • Major vs minor updates • • Vulnerability patches • • Upgrading vs downgrading • o Configuration backup 2

  3. Chapter 14 Objectives(Cont) • 3.2 Compare and contrast common network vulnerabilities and threats • • Attacks/threats • o Denial of service • - Distributed DoS • Botnet • Traffic spike • Coordinated attack • - Reflective/amplified • DNS • NTP • Smurfing • - Friendly/unintentional DoS • - Physical attack • Permanent DoS • o ARP cache poisoning • o Packet/protocol abuse • o Spoofing 3

  4. Chapter 14 Objectives(Cont) • o Wireless • - Evil twin • - Rogue AP • - War driving • - War chalking • - Bluejackng • - Bluesnarfing • - WPA/WEP/WPS attacks • o Brute force • o Session hijacking • o Social engineering • o Man-in-the-middle • o VLAN hopping • o Compromised system • o Effect of malware on the network • o Insider threat/malicious employee • o Zero day attacks 4

  5. Chapter 14 Objectives(Cont) • • Vulnerabilities • o Unnecessary running services • o Open ports • o Unpatched/legacy systems • o Unencrypted channels • o Clear text credentials • o TEMPEST/RF emanation • 3.3 Given a scenario, implement network hardening techniques • • Anti-malware software: • o Host-based • o Cloud/server-based • o Security policies • • Disable unneeded network services • • Wireless security • o WEP • o WPA/WPA2 5

  6. Chapter 14 Objectives(Cont) • 4.7 Given a scenario, troubleshoot and resolve common security issues • • Misconfigured firewall • • Misconfigured ACLs/applications • • Malware • • Denial of service • • Open/closed ports • • ICMP related issues • o Ping of death • o Unreachable default gateway • • Unpatched firmware/OSs • • Malicious users • o Trusted • o Untrusted users • o Packet sniffing • • Authentication issues • o TACACS/RADIUS misconfigurations • o Default passwords/settings • • Improper access/backdoor access • • ARP issues • • Banner grabbing/OUI • • Domain/local group configurations • • Jamming 6

  7. Chapter 14 Objectives(Cont) • 3.7 Summarize basic forensic concepts • • First responder • • Secure the area • o Escalate when necessary • • Document the scene • • eDiscovery • • Evidence/data collection • • Chain of custody • • Data transport • • Forensics report • • Legal hold 7

  8. Recognizing Security Threats • Viruses are common threats that we hear about all the time, but, there are many other nasty things out there as well. • Bad guys who create threats to a network generally have one of two purposes in mind: • destruction • reconnaissance 8

  9. Denial of Service (DoS) A denial of service (DoS) attack prevents users from accessing the network and/or its resources. • DoS attacks come in a variety of flavors. • The Ping of Death • In a Ping of Death attack, a oversized ICMP packet is sent to the remote victim flooding the victim’s buffer and causing the system to reboot or hang helplessly. 9

  10. Figure 14.1

  11. Distributed Denial of Service (DDoS) • Tribe Flood Network (TFN) Tribe Flood Network 2000 (TFN2K) • More complex assaults which initiate synchronized DoS attacks from multiple sources and can target multiple devices. • Uses Zombies to carry out the attack • Called distributed denial of service (DDos) attacks. • Make use of IP spoofing. 11

  12. Figure 14.2

  13. Denial of Service (DoS) Attacker Attacker send ICMP broadcast To network with false IP address. Internet Network overloads victim with ICMP response. Victim 13

  14. Denial of Service (DoS) Attacker sends multiple SYN requests to a Web server. Web server sends SYN-ACK replies. Web Server ? Web server waits to complete three- Way handshake. Valid user sends SYN request. Web Server Web server is unavailable. Web Server SYN Flood 14

  15. Figure 14.5

  16. Figure 14.6

  17. Figure 14.7

  18. Viruses Viruses typically have catchy names like Chernobyl, Michelangelo, Melissa, I Love You, and Love Bug Receive a lot of media coverage as they proliferate and cause damage to a large number of people. Viruses are little programs causing a variety of bad things to happen on your computer ranging from merely annoying to totally devastating. They can display a message, delete files, or even send out huge amounts of meaningless data over a network to block legitimate messages. 18

  19. Viruses Virus Virus Virus Virus Virus • There are several different kinds of viruses, but the most popular ones are file viruses, macro (data file) viruses, and boot-sector viruses. A key trait of viruses is that they can’t replicate themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them. 19

  20. Viruses Memory Multipartite Virus Disk Files Boot Sector • Multipartite Viruses • A multipartite virus is one that affects both the boot sector and files on your computer, making such a virus particularly dangerous and exasperatingly difficult to remove. 20

  21. Wireless Threats War Driving War Driving WEP Cracking WPA Cracking Rogue Access Points Evil Twin 21

  22. Attackers and Their Tools • IP Spoofing- • process of sending packets with a fake source address • Application-Layer Attacks • Application-layer attacks focus on well-known holes in software that’s running on our servers. • Active-X Attacks • Attacks your computer through ActiveX and Java programs (applets). • Autorooters • Autorooters are a kind of hacker automaton. Hackers use something called a rootkit to probe, scan, and then capture data on a strategically positioned computer. • Backdoors • Backdoors are simply paths leading into a computer or network. • Network Reconnaissance • Attackers gather all the information they can about it, because the more they know about the network, the better they can compromise it. 22

  23. Attackers and Their Tools • Packet Sniffers • A network adapter card is set to promiscuous mode so it will receive all packets from the network’s Physical layer to gather highly valuable sensitive data. • Password Attacks • Password attacks are used discover user passwords so the thief can pretend they’re a valid user and then access that user’s privileges and resources. • Brute-Force Attacks • A brute-force attack is another software-oriented attack that employs a program running on a targeted network trying to log in to some type of shared network resource like a server. • Port-Redirection Attacks • A port-redirection attack requires a host machine the hacker has broken into uses to get traffic into a network which wouldn’t be allowed passage through a firewall. • Trust-Exploitation Attacks • Uses a trust relationship inside your network making the servers really vulnerable because they’re all on the same segment. 23

  24. Attackers and Their Tools Server Client Man in the Middle • Man-in-the-Middle Attacks • A man-in-the-middle attack happens when someone intercepts packets intended for one computer and reads the data. • A common guilty party could be someone working for your very own ISP using a packet sniffer and augmenting it with routing and transport protocols. • Rogue ATM machines and even credit-card swipers are tools also increasingly used for this type of attack. 24

  25. Attackers and Their Tools • IP Spoofing Protection A hacker attempting an IP spoof and the spoofed IP address being denied access to the network by the firewall 25

  26. Attackers and Their Tools • Social Engineering (Phishing) • Hackers are more sophisticated today, they just asked the network’s users for it. • Social engineering, or phishing is the act of attempting to obtain sensitive information by pretending to be a credible source. • Common phishing tactics include emails, phone calls, or even starting up a conversation in person. 26

  27. Understanding Mitigation Techniques • Active Detection • Software that searches for hackers attempting known attack methods and scans for the kind of suspicious activity. • Passive Detection • Video cameras are a good example of passive intrusion-detection systems. • Proactive Defense • A proactive defense is something you do or implement to ensure that your network is impenetrable. 27

  28. Policies and Procedures DMZ Internet Web Servers Firewall • Security Policies • Security Audit • Clean-Desk Policy • Recording Equipment • DMZ 28 Private Network

  29. Patches and Upgrades • Automatic Updates through Windows Update • It’s really easy to get updates for Windows-based operating systems through Windows Update • If you need to get more information: www.microsoft.com 29

  30. Antivirus Components A typical antivirus program consists of two components: • The definition files • The engine 30

  31. Antivirus Maintenance Upgrade (keep current) your Antivirus Engine Updating the Antivirus Definition Files Scanning for Viruses Regularly Fix Infected Computers 31

  32. Summary Summary Exam Essentials Section Written Labs Review Questions 32

More Related