Pace IT - Threats & Vulnerabilities Mitigation

Threats, vulnerabilities, and mitigation.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.

Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Threats, vulnerabilities, and mitigation.PACE-IT.

– Threats and vulnerabilities.

– Mitigation techniques.

Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.


– War driving/war chalking.» The practice of attempting to sniff out unprotected or

minimally protected wireless networks.» Wireless networks are vulnerable just due to the fact

that they need to broadcast over the air.

– WEP cracking/WPA cracking.» The use of a packet sniffer to capture the password or

preshared key on a wireless network.» Wired Equivalent Privacy (WEP) can be cracked in

minutes; WiFi Protected Access (WPA) cracking will take hours, but it can still be cracked.

– Rogue access point attack.» An unauthorized wireless access point (WAP) that gets

installed on the network.» The biggest culprits are the end users; they install their

own WAP for convenience and don’t properly secure it.» This opens a vulnerability in your network.


– Evil twin attack.» A type of rogue access point attack.» A WAP is installed and configured with a service set

identifier (SSID) that is very similar to the authorized version.

» As users access the twin, their key strokes are captured in the hopes of gaining sensitive information.

» Can also be considered a type of wireless phishing attack.

– Denial-of-service/distributed denial-of-service (DoS/DDoS) attack.

» The attacker is only concerned with bringing the network down.

» The attacker attempts to flood the network with requests that need to be dealt with.

» The hope is that the network will be so busy with bogus requests that legitimate traffic is halted.

» DDoS is when multiple attacking hosts are used; often these attacking hosts (zombies) are part of a botnet. Often, these zombies don’t even know they are taking part in the attack.


– Smurf attack.» A type of DoS/DDoS attack.» A repeating Internet Control Message Protocol (ICMP)

echo request is sent to the network. » The requesting IP address has been spoofed to be that

of the intended victim.» As host machines on the network respond, traffic is

slowed down and maybe even halted.

– Man-in-the-middle attack.» Occurs when an attacker inserts himself/herself into a

“conversation” between two others.» All of the traffic flows past this “man in the middle.”» The attacker is seeking to gain sensitive information.» Roque access points and switches can be used for

man-in-the-middle attacks.» A NIC set to promiscuous mode can be used for a

man-in-the-middle attack.


– Buffer overflow.» Occurs when a program or application writing to

memory overflows or overruns the buffer and starts writing to the adjacent memory space.

» May be the result of a malicious attack or poorly written code.

» When it occurs, a system crash may happen or a breech may occur.

– Packet sniffing.» Examining network traffic at a very basic and

fundamental level.» The packets flowing across a network are

captured and examined and may reveal sensitive information.

» While packet sniffers may be used as a tool to improve network performance, they may also be used to reveal network vulnerabilities to an attacker.


– FTP bounce.» An attacker runs the “port” command on an FTP

server to find any open ports.» Modern FTP servers now block this attack.

– Virus.» A program that has two jobs—to replicate and to

activate.» Requires a host program, a host machine, and

user action to spread.» Viruses only affect drives (e.g., hard drives, USB

drives).» Often contains a destructive payload.

– Worm.» Similar to a virus, but it replicates itself across a

network without user action.» It doesn’t need a host file in order to operate.» Worms will replicate themselves across networks,

creating havoc.

Social engineering is probably the largest threat facing the network administrator.

Social engineering is the process of manipulating users into revealing information or into doing things that should not be done. It can be done in multiple ways—in person or over the phone. Phishing, where an attacker poses as a trusted site, is an example of social engineering.


Mitigation techniques.Threats, vulnerabilities, and mitigation.


– Training and awareness.» Security training is not a “one and done” process,

it needs to be continuous in nature. » Training may be formal and documented, but

informal training is also very effective.» Help the users gain the knowledge needed to

assist you in protecting the network.

– Policies and procedures.» Implementing strong security policies and

procedures goes a long way toward protecting your network.

– Patch management.» Effective patch management will help to ensure

that your systems remain up to date.» This reduces the vulnerability of a network by

decreasing the attack surfaces that are available.

Your incident response can also help to protect against future attacks.

When responding to a network attack, be sure to document everything. This will give you a record of events that you can review and look at for patterns. If a pattern emerges, you will have found a vulnerability in your system that you can plug to mitigate future attacks.


What was covered.Threats, vulnerabilities, and mitigation.

Systems by their very complexity make them vulnerable to exploitation. Every system can be exploited through a variety of methods. Because it involves communication over the air, a wireless network is inherently less secure than a wired network.

Topic

Threats and vulnerabilities.

Summary

Training and awareness are your primary tools in mitigating threats and vulnerabilities. Other key mitigation techniques include: patch management, policies and procedures, and finally your incident response.

Mitigation techniques.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

Pace IT - Threats & Vulnerabilities Mitigation

Education

Transcript of Pace IT - Threats & Vulnerabilities Mitigation