Post on 11-Apr-2017
A summary of types of attacks I.
Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications PC Hardware Network
Administration IT Project
Management
Network Design User Training IT Troubleshooting
Qualifications Summary
Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
Brian K. Ferrill, M.B.A.
Page 3
A summary of types of attacks I.
– Inside threats and attacks.
– Outside threats and attacks.
PACE-IT.
Page 4
Inside threats and attacks.A summary of types of attacks I.
Page 5
Inside threats and attacks.
– Malicious employees.» Malicious employees are difficult to defend against, as
the threat is already inside the network.• Resources must be granted in order for employees to
do their jobs. » One of the best defenses is using the principle of least
privilege.• Only granting the least amount of authorization that is
required for people to get their work done.
– Privilege escalation.» Attempting to raise a user’s account privileges to an
administrative level—giving them access to almost everything.
• Usually occurs due to a vulnerability that may be present in the operating system itself; however, the vulnerability may also be present in another piece of software.
» The best defense is to remove all known vulnerabilities from operating systems and software.
A summary of types of attacks I.
Page 6
Inside threats and attacks.
– Social engineering.» The process of using social pressure to cause
somebody to compromise a system from inside the defenses of the network.
• The pressure can be applied in multiple forms: by phone, in person, via email, through a rogue website, or by other methods.
– ARP (Address Resolution Protocol) cache poisoning.
» The ARP cache, which maps IP addresses to MAC addresses, is corrupted by an attacker with the end result being that the attacker has control of which IP addresses are associated with MAC addresses.
• Commonly used in man-in-the-middle attacks.
– Client-side attack.» An attack on a system through vulnerabilities that may
be present within software on a client system.• Attacks often originate from Internet applications or
messaging applications.
A summary of types of attacks I.
Page 7
Inside threats and attacks.
– Replay attack.» An attack that uses a packet sniffer to capture network
session data.• The attacker then re-submits the captured packets in
an effort to gain access to the network.
– Transitive access attack.» The attacker attempts to get a user to click on a
hyperlink to an MS Windows shared folder.• If the user clicks on the hyperlink, the user’s system is
forced to send the user account credentials—allowing the attacker to attempt to get access to valid credentials.
– Man-in-the-middle (MitM) attack.» The attacker is not necessarily inside the network per
se, but is in between two end points that are communicating on a network.
» The attack allows a malicious user to be able to view all network packets that are flowing between the communicating hosts.
A summary of types of attacks I.
Page 8
Outside threats and attacks.A summary of types of attacks I.
Page 9
Outside threats and attacks.
– Spoofing.» An attacker attempts to gain access to network
resources by having his or her system masquerade as a trusted system.
• This is achieved by modifying either the IP address or the MAC address of the attacking system.
– Spam.» Unsolicited bulk email (UBE), junk email that attempts
to entice a person into buying a product or service.• While in most cases the receiving of spam isn’t a
security threat, it is a waste of resources—which is considered a security issue.
– Spim (spIM or spam with instant messaging).
» An attacker harvests instant message (IM) IDs and then attempts to entice the end user to click on a hyperlink that is included in an IM.
• Often used as the first step in another type of attack (e.g., a pharming attack).
A summary of types of attacks I.
Page 10
Outside threats and attacks.
– DNS poisoning.» The attacker changes the DNS records for a specific
website in order to redirect traffic to a malicious website.
• The change in record can either be on the local DNS apparatus, or it may occur at a higher level (e.g., at the Internet service provider level).
– Typosquatting (or URL hijacking).» The attacker sets up malicious websites using common
misspellings of legitimate URL (Uniform Resource Locator) names.
• The attacker assumes that a certain amount of traffic will reach the malicious website merely due to user error.
– Watering hole attack.» The attacker compromises (e.g., plants malicious code
on) a legitimate trusted website.• As users visit the trusted site, malicious code is
executed.
A summary of types of attacks I.
Page 11
Outside threats and attacks.
– DoS (Denial of Service) threats.» Covers a very broad category of threats to networks
and systems.• Any threat that can potentially keep users or
customers from using network resources as designed can be considered a type of DoS threat.
» Permanent DoS attack.• An attempt to permanently deny a network resource
for others; it can be done by physically destroying a resource or by damaging (or corrupting) the underlying operating system.
» Traditional DoS attack.• An attempt to flood a network with enough traffic to
bring it down—commonly used with malformed ICMP requests.
» Distributed DoS (DDoS) attack.• A DoS attack in which more than a single system is
involved in sending the attack; a botnet is often used to implement the attack.
» Smurf attack or smurfing.• A network is flooded with ICMP requests in which the
source address for the requests appears to be that of the intended target (it has been spoofed).
A summary of types of attacks I.
Page 12
What was covered.A summary of types of attacks I.
Given the nature and purpose of networks, it can be difficult to make them secure. Common threats or attacks that come from inside the network include: malicious employees, privilege escalation, social engineering, ARP cache poisoning, client-side attacks, replay attacks, transitive access attacks, and MitM attacks.
Topic
Inside threats and attacks.
Summary
Security threats may come from outside of the secured network. Common threats or attacks that come from outside of the network include: spoofing, spam, spim, DNS poisoning, typosquatting, watering hole attacks, and various types of DoS attacks.
Outside threats and attacks.
Page 13
THANK YOU!
This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.