Académique Documents
Professionnel Documents
Culture Documents
Learning Objectives
Litigation
HIPAA
CIPA
Security Attacks
Security Attacks
Interruption: This is an attack on availability
Interception: This is an attack on confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on authenticity
10
Security Goals
Confidentiality
Integrity
Avaliability
11
12
Security Services
Confidentiality (privacy)
Authentication (who created or sent the data)
Integrity (has not been altered)
Non-repudiation (the order is final)
Access control (prevent misuse of resources)
Availability (permanence, non-erasure)
Denial of Service Attacks
Virus that deletes files
2005 Cisco Systems, Inc. All rights reserved.
13
Henric Johnson
2005 Cisco Systems, Inc. All rights reserved.
14
14
15
Methods of Defense
Encryption
Software Controls (access limitations in a data
base, in operating system protect each user from
other users)
Hardware Controls (smartcard)
Policies (frequent changes of passwords)
Physical Controls
16
17
18
Network Vulnerabilities
Technology
Configuration
Policy
19
Threat CapabilitiesMore
Dangerous and Easier to Use
20
Network Threats
There are four general categories of security threats to the
network:
Unstructured threats
Structured threats
External threats
Internet
Dial-in
exploitation
Internal
exploitation
Internal threats
Compromised
host
21
Reconnaissance attacks
Access attacks
Denial of service attacks
Worms, viruses, and Trojan horses
22
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Trojan horse
Operator error
Worms
23
Reconnaissance Attacks
24
Sample
domain
name
query
2005 Cisco Systems, Inc. All rights reserved.
25
26
Packet Sniffers
Host A
Router A
Router B
Host B
SNMP
POP
Packet sniffers must be on the same collision domain.
27
Router A
Router B
Host B
28
IP Spoofing
IP spoofing occurs when a hacker inside or outside a network
impersonates the conversations of a trusted computer.
Two general techniques are used during IP spoofing:
A hacker uses an IP address that is within the range of trusted IP
addresses.
29
IP Spoofing Mitigation
The threat of IP spoofing can be reduced, but not eliminated, through
the following measures:
Access controlThe most common method for preventing IP spoofing
is to properly configure access control.
RFC 2827 filteringYou can prevent users of your network from
spoofing other networks (and be a good Internet citizen at the same
time) by preventing any outbound traffic on your network that does
not have a source address in your organization's own IP range.
Additional authentication that does not use IP-based authentication
Examples of this include the following:
Cryptographic (recommended)
Strong, two-factor, one-time passwords
30
DoS Attacks
31
32
33
Password Attacks
Hackers can implement
password attacks using
several different methods:
Brute-force attacks
Dictionary Attacks
Trojan horse programs
IP spoofing
Packet sniffers
34
Dictionary cracking
Brute force computation
35
36
Man-in-the-Middle Attacks
Host A
Host B
Data in clear text
Router A
Router B
37
Man-in-the-Middle Mitigation
A man-in-the-middle attack
can only see cipher text
IPSec tunnel
Host A
Host B
Router A
ISP
Router B
38
39
40
Trust Exploitation
41
SystemA
User = psmith; Pat Smith
Hacker
blocked
SystemB
compromised
by a hacker
User = psmith; Pat
Smith
Hacker
User = psmith; Pat Smithson
42
Port Redirection
43
Unauthorized Access
44
45