Professional Documents
Culture Documents
Network Security
Intended Learning Outcomes
Generalize some of the factors driving the need for Post Exploitation
network security
Distinguish Network Attack Method
Classify particular examples of attacks
define the terms vulnerability, threat and attack
Assess physical points of vulnerability in simple networks
Compare and contrast symmetric and asymmetric encryption systems and
their vulnerability to attack, and explain the characteristics of hybrid
systems.
Network Security (Post Exploitation)
Written by “Hobbit”
Released in March 1996
Currently hosted at: http://netcat.sourceforge.net/
Blindly reads and writes data to and from network connections
Often called the “Swiss Army Knife” of network tools
Runs on almost all platforms
Linux, Windows, OS X, SunOS, Solaris, etc.
Working Mode
Client mode
Listen mode
Network Security (Post Exploitation)
Netcat Uses
Data Transfer
Backdoors
Replay Attacks
Vulnerability Scanning
Port Scanning
Relays
Network Security (Post Exploitation)
Wrappers
Steganography Concept
In Art and science
a secret message can be hidden
no one other than the sender and receiver is aware of the message
Physical steganography
Can be dated back to ancient Greece
Stories told of tattoos on the heads of slaves
Heads can then be shaved to reveal the message
Network Security (Post Exploitation)
Steganography Example
During WWII “microdots”
where used extensively to transmit messages.
Microdots are small dots
which covers a hidden message.
Network Security (Post Exploitation)
Steganography
Covert Channel
The “message” is hidden within the traffic of a legitimate communications
channel.
Network Security (Post Exploitation)
Network Steganography
The “message” is hidden within the traffic of a legitimate communications
channel
Network Security (Post Exploitation)
1. Technology vulnerabilities
Computer and network technologies have intrinsic(built-in) security weakness.
TCP/IP protocol vulnerabilities
(HTTP, FTP are inherently unsecure)
Operating system vulnerabilities
(Windows, Linux have security problems)
Network equipment vulnerabilities
(routers, switches have security weaknesses)
Network Security (Post Exploitation)
2. Configuration vulnerabilities
Network administrator need to correctly configure their computing and network
devices to compensate.
Unsecured user accounts
(information transmitted insecurely across network)
System account with easily guessed passwords
Unsecured default settings within products
Misconfigured internet services
(untrusted sites on dynamic webpages)
Misconfigured network equipment
(misconfiguration itself cause security problem)
Network Security (Post Exploitation)
3. Security policy vulnerabilities
The network can pose security risk if users do not follow the security policies.
Lack of written security policy
(policies in booklet)
Politics
(political battles makes it difficult to implement security policies)
Lack of continuity
(easily cracked or default password allows unauthorized access)
Logical access control. Not applied
(imperfect monitoring allows unauthorized access)
Disaster recovery plan non-existent
(lack of disaster recovery plan allows panic (a sudden fear) when someone
attacks the enterprise.)
Network Security (Post Exploitation)
Threats
The people eager, willing and qualified to
take advantage of each security vulnerability,
they continually search for new exploits and,
weaknesses.
Network Security (Post Exploitation)
Classes of Threats
There are four main classes of threats:
1. Structured threats
2. Unstructured threats
3. External threats
4. Internal threats
Network Security (Post Exploitation)
Classes of Threats
1. Structured threats
Implemented by a technically skilled person who is trying to gain access to
your network.
2. Unstructured threats
Created by an inexperienced / non-technical person who is trying to gain
access to your network.
Network Security (Post Exploitation)
Classes of Threats
3. Internal threats
Occurs when someone from inside your network creates a security threat to
your network.
4. External threats
Occurs when someone from outside your network creates a security threat
to your network.
Network Security (Post Exploitation)
Classes of attack
1. Reconnaissance
2. Access
3. Denial of service (DOS)
4. Worms, viruses and Trojan Horses
Network Security (Post Exploitation)
Classes of attack
1. Reconnaissance
It is a primary step of computer attack.
It involve unauthorized discovery of
targeted system to gather information
about vulnerabilities.
The hacker surveys a network and
collects data for a future attack.
Network Security (Post Exploitation)
Reconnaissance attacks can consist of the following:
1. Ping sweeps
(tells the attacker, Which IP addresses are alive?)
2. Port scans
(art of scanning to determine what network services or ports are active on
the live IP addresses)
Types of eavesdropping:
1.information gathering
Intruder identifies sensitive information i.e credit card number
2.Information theft
Intruder steals data through unauthorized access
Classes of attack
2. Access
An Access attack is just what it
sounds like: an attempt to access
another user account or network
device through improper means.
Network Security (Post Exploitation)
Password attacks
Password attacks can be
implemented using brute-force
attack (repeated attempts to
identify users password).
Trust exploitation
Trust exploitation refers to an attack
in which an individual take advantage of a trust
relationship within a network.
Network Security (Post Exploitation)
Port redirection
A type of trust exploitation attack that uses a compromised host to pass
traffic through a firewall that would otherwise be dropped.
Network Security (Post Exploitation)
Phishing
Phishing is a type of social engineering attack that involves using e-mail or
other types of messages in an attempt to trick others into providing sensitive
information.
Network Security (Post Exploitation)
Worms
It uses a malicious software to spread itself, relying
on security failures on the target computer to access it.
Worms cause harm to the network.
Viruses
Malicious software that is attached to another program to execute a
particular unwanted function on the user workstation.
Trojan Horses
An application written to look like something else that in fact is an attack
tool.
Network Security (Post Exploitation)
Summary
Vulnerabilities
Technology, Configuration, Security policy
Threats
Structured, Unstructured, Internal, External
Attacks
Reconnaissance, Access, DOS, Malicious code
4.0 Intended Learning Outcomes
(ILOs)
Post Exploitation
Trojans
• Non-self-replicating “back door” program which runs hidden on the infected
computer
• Can be installed using one of the following methods
• Non-trusted software download
• Attachments
• Application-level exploits
• Executable content on websites (Flash or ActiveX)
• Trojan can be used to maintain control of the system, access password, keylogger,
etc.
Netcat
• Written by “Hobbit”
• Released in March 1996
• Currently hosted at: http://netcat.sourceforge.net/
• Blindly reads and writes data to and from network connections
• Often called the “Swiss Army Knife” of network tools
• Runs on almost all platforms
o Linux, Windows, OS X, SunOS, Solaris, etc.
• Working Mode
o Client mode
o Listen mode
Netcat Uses
• Data Transfer
• Backdoors
• Replay Attacks
• Vulnerability Scanning
• Port Scanning
• Relays
Wrappers
• So how does one get a Trojan on a machine?
• Typical method
o “wrapping” the Trojan with another executable file which the user runs
o The two programs are wrapped together into a single file
o However, the user only sees the .exe which was used to wrap the Trojan
o The Trojan runs in the background
Wrappers - Examples
Network Steganography for Data Exfiltration
Steganography Concept
Steganography Example
• During WWII “microdots”
o where used extensively to transmit messages.
• Microdots are small dots
o which covers a hidden message.
Covert Channel
Vulnerability
• It is a weakness that allows an attacker to reduce a system's information assurance.
1. Technology vulnerabilities
2. Configuration vulnerabilities
3. Security policy vulnerabilities
1. Technology vulnerabilities
2. Configuration vulnerabilities
Network administrators need to correctly configure their computing and network devices
to compensate.
The network can pose a security risk if users do not follow the security policies.
Threats
• The people eager, willing and qualified to take advantage of each security
vulnerability, they continually search for new exploits and, weaknesses.
Classes of Threats
There are four main classes of threats:
1. Structured threats
2. Unstructured threats
3. External threats
4. Internal threats
Classes of Threats
1. Structured threats
2. Unstructured threats
3. Internal threats
• Occurs when someone from inside your network creates a security threat to your
network.
4. External threats
• Occurs when someone from outside your network creates a security threat to your
network.
Attacks
• The threats use a variety of tools, scripts, and programs to launch attacks against
networks and network devices.
Classes of attack
1. Reconnaissance
2. Access
3. Denial of service (DOS)
4. Worms, viruses, and Trojan Horses
Classes of attack
1. Reconnaissance
1. Ping sweeps
2. Port scans
• (the art of scanning to determine what network services or ports are active on the
live IP addresses)
• (queries the ports to determine the application and operating system of the targeted
host and determines the possible vulnerability exists that can be exploited?)
4. Packet sniffers
• Network snooping and packet sniffing are common terms for eavesdropping. A
common method for eavesdropping on communication is to capture protocol
packets.
Types of eavesdropping:
1.information gathering
2.Information theft
Classes of attack
2. Access Attack
• An Access attack is just what it sounds like: an attempt to access another user
account or network device through improper means.
1. Password attack
2. Trust exploitation
3. Port redirection
4. Man-in-the-Middle attack
5. Social engineering
6. Phishing
Password attacks
Trust exploitation
• Trust exploitation refers to an attack in which an individual takes advantage of a trust
relationship within a network.
Port redirection
• A type of trust exploitation attack that uses a compromised host to pass traffic
through a firewall that would otherwise be dropped.
Man-in-the-Middle attack
• It requires that the hacker have access to network packets that come across a
network.
Social engineering.
• The easiest hack (social engineering) involves no computer skill at all. Social
engineering is the art of manipulating people so they give up confidential information.
Phishing
• Phishing is a type of social engineering attack that involves using e-mail or other
types of messages in an attempt to trick others into providing sensitive information.
• DDoS uses attack methods similar to standard DoS attacks but operates on a much
large scale.
Malicious code - Worms, viruses, and Trojan Horses
• Malicious code is the kind of harmful computer code designed to create system
vulnerabilities leading to back doors and other potential damages to files and
computing systems. It's a type of threat that may not be blocked by antivirus
software on its own
Worms
• It uses malicious software to spread itself, relying on security failures on the target
computer to access it.
• Worms cause harm to the network.
Viruses
Trojan Horses
• An application is written to look like something else that in fact is an attack tool.
Summary
• Vulnerabilities
o Technology, Configuration, Security policy
• Threats
o Structured, Unstructured, Internal, External
• Attacks
o Reconnaissance, Access, DOS, Malicious code