Session B- L1,L2 By: Ms. Ankita Nagmote Asst. Professor Dept of Computer Engineering MPSTME Contents
• Scanning and Countermeasures – (Revise)
• Sniffers and countermeasures • Password cracking • Spoofing and session hijacking
14-10-2023 Prof. Ankita Nagmote 2
Scanning and Countermeasures • Revise- • Scanning refers to exploring information using complex and aggressive reconnaissance techniques. • locate potential entry points on a system. • Procedures include: • ping sweeps and port scans • inverse mapping • Types of Scanning • Port Scanning • Network Scanning • Vulnerability Scanning
14-10-2023 Prof. Ankita Nagmote 3
Scanning Techniques
14-10-2023 Prof. Ankita Nagmote 4
Scanning : Countermeasures 1. A strong firewall: A firewall can prevent unauthorized access to a business’s private network. It controls ports and their visibility, as well as detects when a port scan is in progress before shutting it down. 2. TCP wrappers: These enable administrators to have the flexibility to permit or deny access to servers based on IP addresses and domain names. 3. Uncover network holes: Businesses can use a port checker or port scanner to determine whether more ports are open than required. They need to regularly check their systems to report potential weak points or vulnerabilities that could be exploited by an attacker. 14-10-2023 Prof. Ankita Nagmote 5 Scanning : Countermeasures
4. Use custom rules to lock down the network and block
unwanted ports. 5. Security Experts should ensure the proper configuration of anti-scanners and anti-spoofing rules. 6. Security experts of an organization must also ensure that the IDS, routers, and firewall firmware are updated to their latest releases.
14-10-2023 Prof. Ankita Nagmote 6
Sniffers
Sniffing is the act of intercepting
and monitoring traffic on a network. This can be done using software that captures all data packets passing through a given network interface or by using hardware devices explicitly designed for this purpose. Sniffers - Sniffers work by capturing internet traffic and analyzing the data streams Figure1: sniffers capture and analyze the data packets that flow through a network
14-10-2023 Prof. Ankita Nagmote 7
Robust antivirus
Avoid public Wi-Fi
Sniffer Use a VPN Countermeasures Avoid unsecured protocols
Watch out for social engineering
14-10-2023 Prof. Ankita Nagmote 8 Password cracking Password cracking is a way to recuperate passwords from the information stored or sent by a PC or mainframe. Some of the methods include: • Dictionary attack: Most of the users use common and weak passwords. A hacker can quickly learn about a lot of passwords if we add a few punctuations like substitute $ for S and take a list of words. • Brute-force guessing attack: A given length has so many potential passwords. If you use a brute-force attack, it will guarantee that a hacker will eventually crack the password. • Hybrid Attack: It is a combination of Dictionary attack and Brute force attack techniques. This attack firstly tries to crack the password using the dictionary attack. If it is unsuccessful in cracking the password, it will use the brute-force attack.
14-10-2023 Prof. Ankita Nagmote 9
Best practices protecting against password cracking • Perform data security reviews to screen and track password assaults. • Try not to utilize a similar password during the password change. • Try not to share passwords. • Do whatever it takes not to use passwords that can be found in a word reference. • Try not to use clear content shows and shows with weak encryption. • Set the password change technique to 30 days. • Try not to store passwords in an unstable area. • Try not to utilize any mainframes or PC’s default passwords. • Unpatched computers can reset passwords during Denial-of-Service assaults. Try to refresh the framework. • Empower account lockout with a specific number of endeavors, counter time, and lockout span. One of the best approaches to oversee passwords in associations is to set a computerized password reset. 14-10-2023 Prof. Ankita Nagmote 10 Spoofing and session hijacking
The main objective of hackers in
hijacking is to take control over The main objective of hacker in the target computer system or spoofing is to psychologically network connections to steal manipulate the target and win information without getting their trust by convincing him. known to the target that they are getting hacked or hijacked.
14-10-2023 Prof. Ankita Nagmote 11
Types of Spoofing
IP SPOOFING EMAIL URL SPOOFING DNS SPOOFING
SPOOFING
14-10-2023 Prof. Ankita Nagmote 12
Session Hijacking • Session hijacking is a technique used by hackers to gain access to a target’s computer or online accounts. In a session hijacking attack, a hacker takes control of a user’s browsing session to gain access to their personal information and passwords • Active session hijacking, the attacker takes control of the target’s session while it is still active. The attacker does this by sending a spoofed request to the server that includes the target’s session ID. • Passive session hijacking occurs when the attacker eavesdrops on network traffic to steal the target’s session ID. This type of attack is easier to execute because all an attacker needs is access to network traffic Prof. Ankita Nagmote 14-10-2023 13 Quiz • How can you mitigate Session Hijacking??
14-10-2023 Prof. Ankita Nagmote 14
Assignment Assignment (15 marks) a. CR/SR will form a group of 2-3 students. b. Each group will select one recent security hack. c. Students will research on the selected hack. d. Each group will create detailed report and presentation. e. Report and presentation submission deadline is October 3, 2023. f. Marks Distribution i. Detailed report – 8 marks ii. Presentation – 7 marks