Network Security Threats and Countermeasures-Network Level Attacks and Detection Techniques
In this session you will learn:
▪ Understanding NMAP
▪ OS Fingerprinting
▪ Non Electronic and MAC Attacks
▪ ARP Poisoning
▪ Brute Force Attack
What is Footprinting?
▪ Footprinting is the term used for collecting information about a target. This is the first step of fully identifying a target in order to begin planning an attack.
▪ Relevant target information includes: Domain Name
Network Scanning and its types
Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment.
Understanding Scanning Methodology
Checking Live Systems and Open ports
▪ ICMP Scanning
o During most ping scans using ICMP, an ICMP_ECHO datagram is sent to the remote computer to determine whether it has an active IP or not.
▪ Ping Sweeps
o These are used to determine live hosts from a range of IP addresses by sending ICMP ECHO
requests to multiple hosts, if they are alive they will respond with an ICMP ECHO reply.
The three-way handshake (TCP/IP)
To establish a connection, the three way (or 3-step) handshake occurs:
Types of Scans
Different Tools Present to Perform Scanning
Banner Grabbing
▪ Banner Grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports.
▪ Administrators can use this to take inventory of the systems and services on their network.
Understanding Nmap
Understanding Nmap
Nmap can be used to monitor single hosts as well as vast networks that encompass hundreds of thousands of devices and multitudes of subnets.
Scan using a specific NSE script
This command will search for a potential heartbleed attack. A heartbleed attack exploits a vulnerability that is found in older, unpathched versions of OpenSSL: nmap –sV –p443 –script=ssl-heartbleed.nse 192.168.1.1
Password Cracking
▪ Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system.
▪ Password complexity is crucial in the defense against password cracking
▪ Password Cracking Techniques
▪ A Dictionary Attacks uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values).
Brute Forcing Attacks or exhaustive key search
Brute Forcing Attacks or exhaustive key search is a strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his/her task easier.
It involves systematically checking all possible keys until the correct key is found.
Types of Password Attacks
Password Cracking Tools
Password Cracking Tools
▪ Hashcat
– One of the most popular and available on every OS
– Supports over 300 different types of hashes
▪ John the Ripper
– Open-source password cracking tool
– Offers password cracking for web apps, compressed archives, document files
▪ Brutus
– Supports a number of different authentication types
– its support for a wide variety of authentication protocols and ability to add custom modules
make it a popular tool for online password cracking attacks
▪ Wfuzz
– It tries to crack passwords via a brute-force guessing attack
– Can also identify injection vulnerabilities within an application such as SQL injection, XSS
injection and LDAP injection.
▪ THC Hydra
– It attempts to determine user credentials via brute-force password guessing attack
– It is extensible with the ability to easily install new modules and it also supports a number of
network protocols
▪ Medusa
– It is a command-line tool
– It also supports parallelized attacks
Types of Spyware/Malware
Hash Injection Attack
An attacker injects a compromised hash into a local session and uses the hash to validate and gain access to network resources.
Distributed Network Attack (DNA)
• Distributed Network Attack (DNA) is a technique used to recover password protected files.
• In the past, recoveries have been limited to the processing power of one machine.
• DNA uses the power of machines across the network or across the world to decrypt passwords
Non-Electronic Attacks
Automatic Password Cracking Algorithm
Lawful Intercept
• Lawful Intercept is the policy of allowing a Law Enforcement Agency (LEA) to obtain records of data transmissions across traditional communication lines through wiretaps, and also through internet services for voice and data with proper judicial order.
• This information is provided to an LEA after such an order has been received by the service provider.
Sniffing Threats and its Types
▪ Monitoring traffic in a network environment is called Sniffing.
▪ Using hardware or software to capture traffic a hacker can read any data found in plaintext.
MAC Attacks and MAC Spoofing Attacks
▪ MAC Flooding
This attack occurs when a switch is bombarded with requests with different source MAC addresses.
The Content Addressable Memory (CAM) table is usually of a small, fixed size; when it reaches its maximum the switch begins to broadcast traffic to all connections, like a hub.
▪ MAC Spoofing Attack
When an attacker can sniff out MAC addresses, they can use that information to spoof or duplicate the MAC in question and intercept or use a legitimate users MAC address to receive that users traffic.
Scanning Countermeasures
▪ Ethical hackers use their tool set to test the scanning countermeasures that have been implemented.
▪ Once a firewall is in place, a port-scanning tool should be run against hosts on the network to determine whether the firewall correctly detects and stops the port scanning activity.
▪ The firewall should be able to detect the probes sent by port-scanning tools.
No comments:
Post a Comment