IS 3423 – Secure Network Design

Document Sample
IS 3423 – Secure Network Design Powered By Docstoc
					IS 3423 – Secure Network Design

Chapter Five
Threats in an Enterprise

                       UTSA       1
• It is important to understand what types
  of attacks and vulnerabilities are
  common and what you can do at a
  policy level to provide safe networking

                    UTSA                     2
Types of Threats

• Unauthorized access
• Impersonation
• Denial of Service

                  UTSA   3
Unauthorized Access

• When an unauthorized entity gains access to
  an asset and could tamper with the asset
• Can be from:
  – intercepting information in transit over an
    insecure channel
  – exploiting a weakness is a technology or
  – Or social engineering

                         UTSA                     4
Methods of Identifying Potential
Targets Via Internet Access

• Reachability Checks
• Port Scanning

                        UTSA       5
Reachability Check:

• Uses tools that verify that a given network or
  device exists and is reachable
• Example: Some DNS queries can reveal who
  owns a particular domain and what addresses are
  assigned to it. Can follow with a ping to see if it is
• Other reachability checks:
   – Finger
   – Whois
                           UTSA                            6

• Can find out name of person, telephone numbers,
  address, and office location of who owns a
  particular email address
• Can also find out if they are currently logged on to
• Support for finger has virtually disappeared
  because of spammers

                          UTSA                           7

• whois [host-name or domain-name]
• Obtains info about who has registered a domain
  name. May include people’s names, company
  names, telephone numbers, email addresses.
• Available from command line of Unix systems

                        UTSA                       8

• nslookup [host-name or ip-address]
• Provides IP address of host name, or host
  name of given IP
• Available from Windows or Unix command line

                     UTSA                       9
Port Scanning

• Potential attacker sends a message to each
  port, on at a time, to see if it is in use, or can be
  further probed for potential misuse
• Can therefore find out which applications and
  network sources are available
• Procedure:
  – DNS query to determine what servers are available
  – Ping sweep to see which are alive and accessible
  – Port scan to see which services are available for

                          UTSA                        10
Physical Wire Tapping

• Packet Snooping – also known as
• Device is inserted between sending and
  receiving machines
  – Relatively easy with shared media, more difficult
    with point-to-point
• Can capture all data that goes across line

                          UTSA                          11
Remote Dial-In Access

• War dialing – exploiting a company’s phone,
  dial, and PBX systems
• Keep dialing numbers until you get the modem
• Some war-dialer programs freely available on
  the Internet (Modenscan, PhoneTag, ToneLoc,
• Use of unauthorized modems should be
  considered a severe security risk
• Refer to Fig. 5-4
                      UTSA                   12
Figure 5-4 War Dialing

                   UTSA   13
Wireless Access

• Especially susceptible to unauthorized access
• Some people drive around neighborhoods to
  access an SSID (fig. 5-5)

                       UTSA                       14
Figure 5-5 Gaining Unauthorized
Access to Wireless Network

                   UTSA           15
Common Unauthorized Access

• Refer to Table 5-1

                       UTSA   16

• Ability to present credentials as if you are something
  or someone you are not.
• May steal a private key or record an authorization
  sequence to replay at a later time
• Spoofing and replay attacks usually result from
• Man-in-the-middle – where an intruder is able to
  intercept traffic and hijack an existing session, alter
  the data, or inject bogus traffic into the network
• Digital signatures can thwart this

                           UTSA                             17
Denial of Service

• An interruption of service either because the
  system is destroyed or temporarily unavailable
• Examples
  – Destroying a hard disk
  – Severing the physical infrastructure
  – Using up all available memory on a resource
• Common attacks – Table 5-2
• APPLY SOFTWARE PATCHES – these fix most
  obvious DOS attack sites
                         UTSA                     18
DDOS – Distributed DOS

• Multiple machines are used to launch a DOS
  attack (Fig. 5.8)
• Are very hard to trace
• Can be very debilitating

                      UTSA                     19
Fig. 5-8 Basics of DDOS Attack

                  UTSA           20
Motivation of Threat

• Greed – intruder hired by someone to steal or
  alter information in exchange for money
• Prank – intruder is bored and computer savvy
• Notoriety – seeking to gain respect and
  acceptance of his peers
• Revenge – laid off, fired, or demoted
• Ignorance – stumbled upon the data

                       UTSA                       21
Common Network Scenario Threats
and Vulnerabilities

• Review pages 276 – 288 for your case

                      UTSA               22
Chapter 5 Review Questions

• Describe three basic categories of threats
• What technique is commonly used to gain
  unauthorized access to networks that use modems?
• What is a man-in-the-middle attack?
• Define the following – reachability attacks, port
  scanning, wire tapping, remote dial-in, and wireless
• Discuss three potential reachability attacks
• What is impersonation?
• What is DOS? How can one try to prevent a DOS?
                          UTSA                           23