* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download CHAPTER 3 Classes of Attack
Computer network wikipedia , lookup
Server Message Block wikipedia , lookup
Airborne Networking wikipedia , lookup
Network tap wikipedia , lookup
Computer security wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Wireless security wikipedia , lookup
Internet protocol suite wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
CHAPTER 3 CLASSES OF ATTACK 1 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Degrading processes, storage capability, destroying files or shutting down parts of the system or processes Degrading the processes by reduces the performance through overload the target system 2 Denial of Service (DoS) Degrading processes can also directed at a network application such as FTP, Simple Mail Transfer Protocol (SMTP) or network service IP (Internet Protocol) or Internet Control Message Protocol (ICMP) Example attacks that degrade processes are snork and chargen Both affect Windows NT except if have Service Pack 4 and higher 3 Denial of Service (DoS) Snork – send spoofed Remote Procedure Control (RPC) datagrams to the User Datagram Protocol (UDP) destination port 135 – Giving appearance as an attacked RPC server – RPC server sent bad data to another RPC server, then replies with reject packet – Creating a loop that is not broken until a packet is dropped – Waste processor resources and network bandwith 4 Denial of Service (DoS) Chargen – Functions against Windows NT systems that have the Simple TCP/IP Services – Flood of UDP datagrams is sent from a spoofed source IP address to port 19 (chargen port) to the subnet broadcast adress – Affected Windows NT systems respond to each broadcast – Creating a flood of UDP datagrams on the network 5 Denial of Service (DoS) Smurf – Performs a network level attack against the target host – Using a router (smurf amplifier) spoofing the source IP address, generates a large amount of ICMP echo traffic – Host that received respond back with an echo reply – Degraded network service availability 6 Denial of Service (DoS) SYN (synchronization) – Accomplished by sending Transmission Control Protocol (TCP) connection requests faster than a system can process them Storage Capability (Degrading) – – – – Use all storage resources Example The Love Letter Worm UNIX also not exempted Destroying Files » Bat, exe, com, dll and sys 7 Denial of Service (DoS) Storage Capability (Degrading) – Shutdown System » Ping of death sending ICMP echo packet of just over 65535 bytes » Default packet size 64 bytes – Latest Distributed Denial of Service (DDoS) 8 Information Leakage Gather info from target as much as possible Use finger or DNS to get info on layout of network DNS, determine system names and locations Advertising type of search engine or FTP server used, help determine the type of Web server being used Occur in SMTP through application banner, SNMP (Simple Network Management Protocol) 9 File Creation, Reading, Modification, Removal Capability exist in NFS ( Network File System) in statd Never validate info that received from the remote lockd Statd and lockd is used by NFS to maintain crash and recovery functions for file locking 10 Misinformation Log files cannot be trusted 11 Special File/ Database Access Access registry for NT can take over the system, can attack NT that used SP1 and SP 2 DB use standard security, need to put password for all users account 12 How To Secure Against These Classes of Attacks Using commercial scanning software such as Internet Security System, Internet Scanner, Nessus Security Scanner – Scan purpose only, you still need to fix the problem Intrusion Detection System (IDS) such as Network Flight Recorder (NFR) – Purpose to detect / alert of any attacks – Cannot prevent or patch it – Need to find the patches or report to organization that responsible to create patches 13 How To Secure Against These Classes of Attacks Denial of Service (DoS) – Windows NT close port 139 (NetBIOS Session Service) that vulnerable to Winnuke at router / firewall – Cisco Routers, to prevent SYN flood, can be prevent by utilizing features in Internetwork Operating System (IOS)11.3 and higher » Has feature TCP intercept 14 How To Secure Against These Classes of Attacks Denial of Service (DoS) – Smurf » Disable IP-directed broadcast at each routers » If possible, configure OS not to respond to ICMP packets sent to IP broadcast addresses – DDoS » Block default ports that used by DDoS tools – Traffic flood » Need to contact ISP to prevent it 15 How To Secure Against These Classes of Attacks Information Leakage – Hide banner, version number, OS etc, that could give attacker any info – Changing finger print of your OS File Creation, Reading, Modification, Removal – Apply all precautions available including patching known vulnerabilities 16 How To Secure Against These Classes of Attacks Misinformation – Use Tripwire and keep your system logs on a protected server to prevent them from being tampered with – Tripwire creates a database of all files in your systems and then compares the integrity of them the next time Tripwire is run – LogCheck is useful for verifying you immediately by e-mail of problems and security violations that appear in your log 17 How To Secure Against These Classes of Attacks Special File / Database Access – Protecting by blocking port 135 (Location Service), 137 (NetBIOS Name Service), 138 NetBIOS Datagram Service), 139 (NetBIOS Session Service) at boundary router so attacker cannot gain access from internet – To protect from inside ensure the winreg key is set in the proper location to limit who has access to the Registries remotely 18 End Of Chapter 3 19