Chapter 4 - Network Vulnerabilities

7/25/2019 Chapter 4 - Network Vulnerabilities

1/24

Network Vulnerabilities

Niken D CahyaniGandeva Bayu Satrya

Telkom Institute of Technology


2/24

Learning Objectives

Explain the types of network vulnerabilities

List categories of network attacks Define different methods of network attacks


3/24

1. Network Vulnerabilities

What are the weaknesses that can be found in networks

that make them targets for attacks?

There are two broad categories of network

vulnerabilities: those based on the network transportmedia and those found in the network devices

themselves


4/24

1.1. Media-Based Vulnerabilities

!onitoring network traffic is an important task for a networkadministrator" #t helps to identify and troubleshoot network

problems such as a network interface card $%#&' adapter thatis defective and is sending out malformed packets" !onitoring

traffic can be done in two ways" (irst a managed switch on an Ethernet network that supports port

mirroring allows the administrator to configure the switch to redirecttraffic that occurs on some or all ports to a designated monitoring

port on the switch"

) second method for monitoring traffic is to install a network tap" )network tap $test access point' is a separate device that can beinstalled between two network devices such as a switch router orfirewall to monitor traffic"


5/24

Methods to view switch traffic


6/24

1.2. Network evice Vulnerabilities

Weaknesses in network devices themselves can also be

targets for attackers"

&ommon network device vulnerabilities include weak

passwords default accounts back doors and privilegeescalation"


7/24

a. !eak "asswords

) password is a secret combination of letters and numbers that serves

to authenticate $validate' a user by what he knows" %etwork devices

are commonly protected by passwords to prevent unauthori*ed users

from accessing the device and changing configuration settings"

)lthough passwords are often the only line of defense for a network

device passwords actually provide weak security" This is because of

what is known as the +password paradox",

(or a password to remain secure and prevent an attacker from

discovering it it should never be written downbut instead must be

committed to memory"


8/24

a. !eak "asswords #con$t%

&haracteristics of weak passwords include:

) common word used as a password $such as )pril'

%ot changing passwords unless forced to do so

-asswords that are short $such as ).&D'

-ersonal information in a password $such as the name of

a child or pet'

/sing the same password for all accounts Writing the password down


9/24

b. efault &ccounts

) default account is a user account on a device that is

created automatically by the device instead of by an

administrator"

Default accounts are used to make the initial setup andinstallation of the device $often by outside personnel'

easier without the need to create temporary individual

accounts"

Default accounts usually have full administrator privilegesin order to not inhibit the installation process" )lthough

default accounts are intended to be deleted after the

installation is completed often they are not"


10/24

c. Back oors

%ormally a network administrator would set up an

account for a user on a network device and assign

specific privileges to that account"

) back door is a method to circumvent the protectionintended by this process"

) back door is an account that is secretly set up without

the administrator0s knowledge or permission that cannot

be easily detected and that allows for remote access tothe device"


11/24

d. "rivilege 'scalation

1ust as operating systems and many applications can be

the victims of privilege escalation network devices are

also at risk" #t is possible to exploit a vulnerability in the

network device0s software to gain access to resources thatthe user would normally be restricted from obtaining"

(or example in one network device an administrative

user with read2only permission could create a specific

Web address or uniform resource locator $/3L' and enterit on an )dministration Web page to escalate privileges to

a full administrative level"


12/24

Objectives

Explain the types of network

vulnerabilities

List categories of network attacks Define different methods of network

attacks


13/24

2. (ategories of &ttacks

.ased on the previously mentioned vulnerabilities there

are a number of different categories of attacks that are

conducted against networks"

These categories include denial of service spoofing man2in2the2middle and replay attacks"

%. : These categories represent what the endresult of

the attack is intended to accomplish.


14/24

2.1. enial of )ervice *o)+

) denial of service $Do4' attack attempts to consume network

resources so that the network or its devices cannot respond to

legitimate re5uests"

#n one type of Do4 attack a device or computer submits numerous

initial re5uests to a server for a service but does not respond when

the server re5uests information thus making the server wait"

) variant of the Do4 is the distributed denial of service $DDo4'

attack" #nstead of using one computer a DDo4 may use hundreds or

thousands of *ombie computers in a botnet to flood a device with

re5uests"


15/24

o) &ttack


16/24

2.2. ),oofing

4poofing is impersonation6 that is it is pretending to be

someone or something else by presenting false

information" There are a variety of different attacks that

use spoofing" (or example: .ecause most network systems keep logs of user activity an

attacker may spoof her address so that her malicious actions

would be attributed to a valid user"

)n attacker may spoof his network address with an address of a

known and trusted host in order that the target computer wouldaccept the packet and act upon it"


17/24

2.. Man-in-the-Middle

!an2in2the2middle attacks are common on networks" This

type of attack makes it seem that two computers are

communicating with each other when actually they are

sending and receiving data with a computer betweenthem or the +man2in2the2middle",

!an2in2the2middle attacks can be active or passive"


18/24

2.. /e,la0

7nce that session has ended the man2in2the2middle

would attempt to login and replay the captured

credentials" ) more sophisticated attack takes advantage

of the communications between a network device and aserver"

)dministrative messages that contain specific network

re5uests are fre5uently sent between a network device

and a server" When the server receives the message itresponds with another administrative message back to the

sender


19/24

. Methods of Network &ttacks

1ust as there are different categories of attacks on

networks there are several different ways to perform

these attacks"

%etwork attack methods can be protocol2based orwireless as well as other methods"


20/24

.1. "rotocol-Based &ttacks

Targeting vulnerabilities in network protocols is one of the most

common methods of attack" This is because the weakness is inherent

within the protocol itself and can be harder to defend against since it

is built into the communication"

)ny network or system that uses this protocol is vulnerable to these

attacks significantly increasing the number of possible victims"

4ome of the most common protocol2based attacks are attacks on

anti5uated protocols D%4 attacks )3- poisoning and T&-8#-

hi9acking"


21/24

.1. "rotocol-Based &ttacks

)nti5uated protocols

.ecause of the security vulnerabilities of 4%!-v and 4%!-v; 4%!-v< was introduced in

==>" 4%!-v< uses usernames and passwords along with encryption to foil an attacker0s attempt

to view the contents"

D%4 attacks7ne type of D%4 attack is to substitute a fraudulent #- address so that when a user enters a

symbolic name she is directed to the fraudulent computer site"

)3- poisoning

#f the #- address for a device is known but the !)& address is not the sending computer sends

out an )3- packet to all computers on the network that says +If this is your IP address, send back

to me your MAC address",

T&-8#- hi9acking" #n a T&-8#- hi9acking attack the attacker creates fictitious $+spoofed,' T&- packets to take

advantage of the weaknesses


22/24

("3" 4ijacking


23/24

.2. !ireless &ttacks

)s wireless networks have become commonplace new

attacks have been created to target these networks"

These attacks include rogue access points war driving

bluesnarfing and blue 9acking"


24/24

.. Other &ttacks and 5rauds

7ther types of attacks and frauds that are sometimes

found today are null sessions and Domain %ame iting"

%ull sessions are unauthenticated connections to a !icrosoft Windows ;@@@ or

Windows %T computer that do not re5uire a username or a password" /sing acommand as simple as &:ABnet use AA=;"C>""A#-& FF 8u: could allow an

attacker to connect to open a channel over which he could gather information about the

device such as network information users and groups"

Domain %ame iting is a variation on the kiting concept of taking advantage of

additional time" 3egistrars are organi*ations that are approved by #&)%% $#nternet

&orporation for )ssigned %ames and %umbers' to sell and register #nternet domainnames $such as www"course"com'" #n order to provide a means for registrars to correct

mistakes a five2day )dd Grade -eriod $)G-' permits registrars to delete any newly

registered #nternet domain names and receive a full refund of the registration fee"

Chapter 4 - Network Vulnerabilities

Documents

Transcript of Chapter 4 - Network Vulnerabilities