Post on 08-Jun-2015
description
Network Risks and VulnerabilitiesNetwork Security Workshop
Dedi Dwianto, C|EH, OSCPDaftar ISI
Network Risks and Vulnerabilities
2
Contents
Network Vulnerabilities
Network Risk Assesment
Network Risk Mitigation
Network Risks and Vulnerabilities
3
Vulnerabilities
Vulnerabilities are software flaws or misconfigurations that cause a weakness in the security of a system.
Vulnerabilities can be exploited by a malicious entity to violate policies—for example, to gain greater access or permission than is authorized on a computer.
Network Risks and Vulnerabilities
4
Security Vulnerability Problem
Design Flaws
poor security management,
incorrect implementation,
Internet technology vulnerability,
the nature of intruder activity,
the difficulty of fixing vulnerable systems,
the limits of effectiveness of reactive solutions,
social engineering
Network Risks and Vulnerabilities
5
Design Flaws
The two major components of a computer system, hardware and software, quite often have design flaws
Hardware systems are less susceptible to design flaws than their software counterparts owing to less complexity and the long history of hardware engineering.
But even with all these factors backing up hardware engineering, design flaws are still common.
But the biggest problems in system security vulnerability are due to software design flaws
Network Risks and Vulnerabilities
6
Design Flaws
three major factors contribute a great deal to software design flaws: human factors, software complexity, trustworthy software sources
Network Risks and Vulnerabilities
7
Classification by Software Development LifeCycle (SDLC) Phase
Taxonomies of this kind attempt to categorize vulnerabilities according to when they were introduced in the software lifecycle.
Classically, 6 phases are recognized: feasibility study, requirements definition, design, implementation, integration and testing, and operations and maintenance.
Network Risks and Vulnerabilities
8
Classification by Location in Object Models
These classifications attempt to categorize vulnerabilities according to which model object or “entity” they belong to. Examples are classifying vulnerabilities using the ISO Open Systems Interconnect (OSI) reference model for networking
Network Risks and Vulnerabilities
9
Classification by Location in Object Models
These classifications attempt to categorize vulnerabilities according to which model object or “entity” they belong to. Examples are classifying vulnerabilities using the ISO Open Systems Interconnect (OSI) reference model for networking
Network Risks and Vulnerabilities
10
Viruses
A virus, a parasitic program that cannot function independently, is a program or code fragment that is self-propagating. It is called a virus, because like its biological counterpart, it requires a "host" to function. In the case of a computer virus the host is some other program to which the virus attaches itself.
A virus is usually spread by executing an infected program or by sending an infected file to someone else, usually in the form of an e-mail attachment.
Network Risks and Vulnerabilities
11
Impersonation/Masquerading
Impersonation or masquerading is the act of pretending to be someone or something you are not gain unauthhorized access to a system.
This usually implies that authentication credentials have been stolen.
Impersonation is often possible through the capture of usernames and passwords or of session setip procedures for network services.
Prevent using one-time pads, token and Kerberos
Network Risks and Vulnerabilities
12
Worm
A worm is a self-contained and independent program that is usually designed to propagate or spawn itself on infected systems and to seek other systems via available networks.
Network Risks and Vulnerabilities
13
Port Scanning
Like a burglar casing a target to plan a break-in, a hacker will often case a system to gather information that can later be used to attack the system. One of the tools that hackers often use for this type of reconnaissance is a port scanner.
A port scanner is a program that listens to well-known port numbers to detect services running on a system that can be exploited to break into the system.
Network Risks and Vulnerabilities
14
Man in the Middle Attack (MITM)
In a MIM attack, a hacker inserts himself or herself between a client program and a server on a network. By doing so the hacker can intercept information entered by the client, such as credit card numbers, passwords, and account information.
Under one execution of this scheme, a hacker would place himself or herself between a browser and a Web server. The MIM attack, which is also sometimes called Web spoofing, is usually achieved by DNS or hyperlink spoofing.
Network Risks and Vulnerabilities
15
Denial of Service
DoS is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary,
it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Network Risks and Vulnerabilities
16
Network Risk Assesment
Risk assessment is the first process in the risk management methodology.
To determine the likelihood of a future adverse event, threats to an network system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the network system.
Network Risks and Vulnerabilities
17
Network Risk Assesment Methodology
The risk assessment methodology encompasses nine primary steps : System Characterization Threat Identification Vulnerability Identification Control Analysis Likelihood Determination Impact Analysis Risk Determination Control Recommendations Results Documentation
Network Risks and Vulnerabilities
18
Network Risk Assesment Methodology
Network Risks and Vulnerabilities
19
Impact Analysis
The next major step in measuring level of risk is to determine the adverse impact resulting from a successful threat exercise of a vulnerability.
Common impact : Loss of Integrity Loss of Availability Loss of Confidentiality
Network Risks and Vulnerabilities
20
Network Risk Mitigation
Risk mitigation is a systematic methodology used by senior management to reduce mission risk.
Network Risks and Vulnerabilities
21
Network Risk Mitigation