7/31/2019 Threats in Networks- Mani

1/28

Click to edit Master subtitle style

7/12/12

THREATS IN NETWORKS

Presented by,Mani K. Mathew

7/31/2019 Threats in Networks- Mani

2/28

7/12/12

Introduction

Network

Client-Server Networks

7/31/2019 Threats in Networks- Mani

3/28

7/12/12

7/31/2019 Threats in Networks- Mani

4/28

7/12/12

Network Characteristics

1) SHAPE & SIZE

Topology

Boundary Ownership

Control

2) Mode of Communication Analog

Digital

7/31/2019 Threats in Networks- Mani

5/28

7/12/12

3) Media

Cable

UTP

Coaxial

Optical fiber

Wireless

Microwave Infrared

Satellite

7/31/2019 Threats in Networks- Mani

6/28

7/12/12

4)Protocols

ISO OSI reference model

TCP/IP

5)Type of Networks

LAN

WAN

Internet

7/31/2019 Threats in Networks- Mani

7/28

7/12/12

Threats in Networks

CAUSE:

Anonymity

Many points of attack-both targetsand origins

Sharing

Complexity

Unknown perimeter

Unknown path

7/31/2019 Threats in Networks- Mani

8/28

7/12/12

Categories of Attack

Active v/s Passive Active:- affects availability, integrity and

authenticity

Passive:- affects confidentiality

Insider attack v/s Outsider attack

Insider attack:-authorized user

Outsider attack:- Unauthorized or illegaluser

7/31/2019 Threats in Networks- Mani

9/28

7/12/12

Who??

Why??

How??

When??

7/31/2019 Threats in Networks- Mani

10/28

7/12/12

Who??

ANYONE

7/31/2019 Threats in Networks- Mani

11/28

7/12/12

Why??

Challenge

Fame

Money & Espionage Organized crime

Ideology

Hactivism

Cyber terrorism

7/31/2019 Threats in Networks- Mani

12/28

7/12/12

How??

Attack the vulnerabilities

Reconnaissance(1)Port scan

Which standard ports or services are running

on target system What OS is installed on target system

Versions of applications present

Gets an external picture of network portsopen/closed

7/31/2019 Threats in Networks- Mani

13/28

7/12/12

Pinging

Quickest way to determine whetherhost is alive or not

Use ICMP packets Port numbers are defined by 16bit

integers

Total 65536 ports Port scanning accomplished in

different ways

7/31/2019 Threats in Networks- Mani

14/28

7/12/12

1) TCP Connect (Not Stealth)

Used by the OS to initiate a TCPconnection to a remote device

Uses 3 way handshake

Hence log will be made

ClosedPort

OpenPort

7/31/2019 Threats in Networks- Mani

15/28

7/12/12

2) TCP SYN/Half-Open(Stealth)

SYN packet sentIf listening SYN+ACK comes back

Not listening RST packet received

Usually no logs made

7/31/2019 Threats in Networks- Mani

16/28

7/12/12

3) FIN

FIN packet sent

If host alive and not listening RSTpacket sent

If listening, it will not respond

Not applicable in windows machines asRST packet sent back always

7/31/2019 Threats in Networks- Mani

17/28

7/12/12

4) XMAS

TCP packet with FIN URG & PUSH flagset is sent

If host listening RST packet sent

If not listening, it will not respond

5) NULLTCP pkt with all flags off is sent

If port is listening, will not respond

Else RST kt sent back

7/31/2019 Threats in Networks- Mani

18/28

7/12/12

Countermeasures

Configure firewall to block ICMP

Drop all ACK packets that does notbelong to an established connection

Use stateful firewalls

7/31/2019 Threats in Networks- Mani

19/28

7/12/12

Reconnaissance

(2) Social Engineering

Uses social skills and personalinteraction to gain information

(3) Intelligence

Gathering discrete bits of informationand solving puzzle

Includes eavesdropping

7/31/2019 Threats in Networks- Mani

20/28

7/12/12

(4) OS and Application fingerprinting

Responses to commands differ withdifferent OS

New functionalities will be absent inolder versions

(5)Bulletin Boards and Chats

(6)Availability of documentation

7/31/2019 Threats in Networks- Mani

21/28

7/12/12

When??

Opportunity

7/31/2019 Threats in Networks- Mani

22/28

7/12/12

Threats in Transit

Harm that could occur to databetween a sender and a receiver

(1)Eavesdropping

(2)Wiretapping

Passive Wiretapping

Active wiretapping

7/31/2019 Threats in Networks- Mani

23/28

7/12/12

1) Wiretapping in Cables

Using packet sniffer- An interface isreprogrammed to have id of anotherhost and it fetches the required

packets Inductance method

7/31/2019 Threats in Networks- Mani

24/28

7/12/12

2) Software based packetsniffing Sniffer is a program that sets an NIC

into promiscuous mode

Passive and active attacks

Can be customized to capturespecific traffic

Countermeasure: Use switches insteadof hubs, Anti sniff, Network monitor

7/31/2019 Threats in Networks- Mani

25/28

7/12/12

3) Wiretapping in Microwave andSatellite communication

Both have the problem of signalbeing dispersed over an area greaterthan intended point of reception

4) Wiretapping in Optical fiber

Optical fiber uses light energy totransmit msgs

Advantage: Inductance and splicingcant be used

Disadvantage: Tapping can be done at

7/31/2019 Threats in Networks- Mani

26/28

7/12/12

5) Wireless media tapping

Major threat: Interception

Strong signals can be picked up byusing tuned antenna

Another Threat: Theft of Service

7/31/2019 Threats in Networks- Mani

27/28

7/12/12

Threats in transit contd..

(3) Protocol Flaws

Protocols are well documented andpublished

Flaws identified and utilized

(4) Impersonation

Guess identity & authenticationdetails

Use identity obtained by wiretapping

or other means

7/31/2019 Threats in Networks- Mani

28/28

7/12/12

THANKS