IS 3423 – Secure Network Design

Document Sample
IS 3423 – Secure Network Design Powered By Docstoc
					IS 3423 – Secure Network Design


Chapter Five
Threats in an Enterprise
Network




                       UTSA       1
• It is important to understand what types
  of attacks and vulnerabilities are
  common and what you can do at a
  policy level to provide safe networking




                    UTSA                     2
Types of Threats

• Unauthorized access
• Impersonation
• Denial of Service




                  UTSA   3
Unauthorized Access

• When an unauthorized entity gains access to
  an asset and could tamper with the asset
• Can be from:
  – intercepting information in transit over an
    insecure channel
  – exploiting a weakness is a technology or
    product
  – Or social engineering

                         UTSA                     4
Methods of Identifying Potential
Targets Via Internet Access

• Reachability Checks
• Port Scanning




                        UTSA       5
Reachability Check:

• Uses tools that verify that a given network or
  device exists and is reachable
• Example: Some DNS queries can reveal who
  owns a particular domain and what addresses are
  assigned to it. Can follow with a ping to see if it is
  reachable
• Other reachability checks:
   – Finger
   – Whois
   – NSLOOKUP
                           UTSA                            6
Finger

• Can find out name of person, telephone numbers,
  address, and office location of who owns a
  particular email address
• Can also find out if they are currently logged on to
  telnet
• Support for finger has virtually disappeared
  because of spammers



                          UTSA                           7
WhoIS

• whois [host-name or domain-name]
• Obtains info about who has registered a domain
  name. May include people’s names, company
  names, telephone numbers, email addresses.
• Available from command line of Unix systems




                        UTSA                       8
NSLookup

• nslookup [host-name or ip-address]
• Provides IP address of host name, or host
  name of given IP
• Available from Windows or Unix command line




                     UTSA                       9
Port Scanning


• Potential attacker sends a message to each
  port, on at a time, to see if it is in use, or can be
  further probed for potential misuse
• Can therefore find out which applications and
  network sources are available
• Procedure:
  – DNS query to determine what servers are available
  – Ping sweep to see which are alive and accessible
  – Port scan to see which services are available for
    exploitation

                          UTSA                        10
Physical Wire Tapping

• Packet Snooping – also known as
  eavesdropping
• Device is inserted between sending and
  receiving machines
  – Relatively easy with shared media, more difficult
    with point-to-point
• Can capture all data that goes across line



                          UTSA                          11
Remote Dial-In Access

• War dialing – exploiting a company’s phone,
  dial, and PBX systems
• Keep dialing numbers until you get the modem
  connect
• Some war-dialer programs freely available on
  the Internet (Modenscan, PhoneTag, ToneLoc,
  etc
• Use of unauthorized modems should be
  considered a severe security risk
• Refer to Fig. 5-4
                      UTSA                   12
Figure 5-4 War Dialing




                   UTSA   13
Wireless Access

• Especially susceptible to unauthorized access
• Some people drive around neighborhoods to
  access an SSID (fig. 5-5)




                       UTSA                       14
Figure 5-5 Gaining Unauthorized
Access to Wireless Network




                   UTSA           15
Common Unauthorized Access
Scenarios

• Refer to Table 5-1




                       UTSA   16
Impersonation

• Ability to present credentials as if you are something
  or someone you are not.
• May steal a private key or record an authorization
  sequence to replay at a later time
• Spoofing and replay attacks usually result from
  eavesdropping
• Man-in-the-middle – where an intruder is able to
  intercept traffic and hijack an existing session, alter
  the data, or inject bogus traffic into the network
• Digital signatures can thwart this

                           UTSA                             17
Denial of Service

• An interruption of service either because the
  system is destroyed or temporarily unavailable
• Examples
  – Destroying a hard disk
  – Severing the physical infrastructure
  – Using up all available memory on a resource
• Common attacks – Table 5-2
• APPLY SOFTWARE PATCHES – these fix most
  obvious DOS attack sites
                         UTSA                     18
DDOS – Distributed DOS

• Multiple machines are used to launch a DOS
  attack (Fig. 5.8)
• Are very hard to trace
• Can be very debilitating




                      UTSA                     19
Fig. 5-8 Basics of DDOS Attack




                  UTSA           20
Motivation of Threat

• Greed – intruder hired by someone to steal or
  alter information in exchange for money
• Prank – intruder is bored and computer savvy
• Notoriety – seeking to gain respect and
  acceptance of his peers
• Revenge – laid off, fired, or demoted
• Ignorance – stumbled upon the data


                       UTSA                       21
Common Network Scenario Threats
and Vulnerabilities

• Review pages 276 – 288 for your case




                      UTSA               22
Chapter 5 Review Questions

• Describe three basic categories of threats
• What technique is commonly used to gain
  unauthorized access to networks that use modems?
  How?
• What is a man-in-the-middle attack?
• Define the following – reachability attacks, port
  scanning, wire tapping, remote dial-in, and wireless
  attacks
• Discuss three potential reachability attacks
• What is impersonation?
• What is DOS? How can one try to prevent a DOS?
                          UTSA                           23

				
DOCUMENT INFO