Network Threats

Bilal Ahmed
1
 Opportunity

The Intrusion Triangle

Motive Means

2
 Network Threats
• Social Engineering

• Password Guessing

• Malware threats

• Network Sniffing

• DOS & DDOS

• ARP Poisoning

• Advanced Persistent Threats (APT)

Social Engineering
 Social Engineering
• Social engineering is essentially the art of gaining access to
buildings, systems or data by exploiting human psychology,
rather than by breaking in or using technical hacking
techniques
• Social engineers depend on the fact that people are unaware
of their valuable information and are careless about
protecting it
• Common targets are help desk personnel, technical support
executives and system administrators
 Social Engineering
• Impact of attack on organization
o Economic losses
o Loss of privacy
o Lawsuits and arbitrations
o Damage to reputation
o Temporary or permanent closure
Human Error
 Types of Social Engineering

• Human-Based Social Engineering

• Computer-Based Social Engineering

• Mobile-Based Social Engineering

 Human-Based Social Engineering
• Impersonation: pretending to be a legitimate or
authorized person (end user, VIP, help desk officer,
technical support person, repairman) either
personally or using a communication media
phone, email
• Eavesdropping – unauthorized listening of
conversations or reading of messages – can be
done using communication channels
 Human-Based Social Engineering
• Shoulder Surfing – Obtain sensitive information by
looking over someone’s shoulder or via vision
enhancing devices such as binoculars

• Dumpster Diving: Looking for treasure in someone

else’s trash bins or storage media
 Human-Based Social Engineering
• Tailgating: when a person, whether an employee
or not, passes through a secure door without the
knowledge of the person who has gained
legitimate access through it
• Piggy Backing: Allowing unauthorized person
intentionally through a secure door
 Human-Based Social Engineering
• Reverse Social Engineering: A situation in which
an attacker presents himself as an authority and
the target seeks his advice offering the
information that he needs
 Computer-based Social Engineering
• Pop-up windows : Asking for user’s information

to login or sign-up

• Chain Letters: emails that offer free gifts such as

money and software on the condition that the

user has to forward the mail to the said number

of persons
 Computer-based Social Engineering
• Instant Chat Messenger: Gathering personal
information by chatting with a selected online
user to get personal information

• Spam emails: Irrelevant and unwanted emails -

flooding the Internet with the same message
sent to millions

• Example
 Computer-based Social Engineering
• Phishing

• Illegitimate email falsely claiming to be from

a legitimate site - attempts to acquire the
user’s personal or account information
 Computer-based Social Engineering
• Spear Phishing

• Targeted phishing attack aimed at specific

individuals within an organization

• Whaling

• Extension of Spear phishing that targets upper

level corporate management in an attempt to
obtain restricted internal information
 Computer-based Social Engineering
• Vishing

• Electronic fraud tactic in which individuals are

tricked into revealing critical financial or
personal information

• Vishing works like phishing but does not always

occur over the Internet and is carried out using
voice technology
 Computer-based Social Engineering
• Pharming

• Hijacking the intended site’s DNS (domain

name system) server in order to redirect the
victim to fake website that looks like the
intended site
Computer-based Social Engineering
 Mobile-based Social Engineering

• Publishing malicious apps with attractive

features and similar names to that of popular
apps
• Repackaging legitimate apps
 Mobile-based Social Engineering
• SMiShing
– Sending a SMS text message that urges the
recipient to call a phone number to solve a fraud
problem with their bank account or debit card

– The pre-recorded message asks him to provide

critical information that is unsurprisingly revealed
to the attacker
Social Engineering Counter Measures
 Social Engineering Counter Measures
• Password Policies
– Periodic password change
– Avoiding guessable passwords
– Account blocking after failed attempts
– Length and complexity of passwords
– Secrecy of passwords
• Physical Security Policies
– Identification of employees by issuing ID cards
– Accessing area restrictions
– Proper shredding of useless documents
– Security check before employment
 Social Engineering Counter Measures
• Effective Training program consisting of all security policies and
methods to increase awareness on social engineering
• Operational Guidelines to ensure security of the sensitive
information and authorized use of resources
• Classification of Information as top secret, proprietary, for internal
use only, for public use etc
• Access Privileges - administrator, user and guest accounts with
proper authorization
• Two factor Authentication
Password Guessing
 Guessing Passwords
• Attackers’ strategies

• Non-electronic attacks: Attacks that don't

require technical knowledge to crack
passwords

• shoulder surfing, dumpster diving

 Guessing Passwords
• Attackers’ strategies

• Active online attacks: Involves direct

communication with victim’s machine

• Brute forcing, Dictionary attacks

 Guessing Passwords
• Attackers’ strategies

• Passive online attacks: Eavesdropping on

network password exchanges - Password
cracking without communicating with the
victim

• Sniffing
 Guessing Passwords
• Attackers’ strategies

• Offline attack: Attacker copies target’s

password file and then tries to crack passwords
in his own system at different location

• Ophcrack, John the Ripper

 Guidelines
• Use strong passwords

• Change default passwords

• Set password length

• Password format

• Mix upper/ lower case alphabets, numerals

and symbols

• Avoid obvious passwords

 Guidelines
• Password checkers

• Check password against dictionary of weak

passwords
 Guidelines
• Password checkers

• Check password against dictionary of weak

passwords
pakistan
 Guidelines
• Password checkers

• Check password against dictionary of weak

passwords
1qaz2wsx3edc
 Guidelines
• Password checkers

• Check password against dictionary of weak

passwords
5N%5#B{Vg$9s(.av
 Guidelines
• Password generation

• Produces random passwords

• Users – not allowed to pick passwords

 Guidelines
• Password generation

• Produces random passwords

• Users – not allowed to pick passwords

 Guidelines
• Password Aging

• Expiry date of password is set

• Forces user to change passwords

• Additional mechanisms must be enforced to

prevent from reverting to previous passwords
 Countering password guessing
Anderson’s formula:

• 'P' probability of guessing a password in

specified period of time

• 'G' number of guesses tested in 1 time unit

• 'T' number of time units in which guessing occurs

• 'N' number of possible passwords

• Then P ≥ TG/N
 Example-1
• Choose a password which is 6 chars long and the

password can contain only a-z, A-Z, 0-9. If the attacker

could guess 10,000 pwd /sec and the probability that

an attacker could guess is 0.5 then what is the time

frame in which the password would be compromised ?

 Example
• P = 0.5
• G = 10,000
• N = A^S where A is the no of allowed chars in the
password and S is the length of the password
• Here A (26 + 26 + 10) = 62 and S=6, so N = 62 ^ 6
Now we want to find T and from Anderson's formula
• T <= NP/G
T <= 62 ^ 6 * 0.5 / 10,000
<= 2,840,012 sec
<= 33 days
Malware Threats
 Malware Threats
• Virus
• A program that attaches itself to other programs or
documents, and alters or damages the computer files and
applications
• Worm
• A malicious program that replicates itself and spreads to
other computers
• Backdoor
• An unauthorized mean of accessing the system and bypassing
the security mechanisms
 Malware Threats
• Trojan

• Program with an overt purpose (known to user) and a covert

purpose (unknown to user)

• Seems to be legitimate but acts maliciously, when executed

• Example

• Netbus
 Example: NetBus
• Designed for Windows NT system
• Mode of operation
• Client – server
• Victim installs this
– Usually disguised as a game program
• Acts as a server, accepting and executing
commands for remote administrator (client)
– This includes intercepting keystrokes and mouse
motions and sending them to attacker
– Also allows attacker to upload, download files
Example: NetBus
 Malware Threats
• Rootkit
– A set of programs or utilities that allows someone to
maintain root‐level access to the system

• Ransomware

• A form of malware that essentially holds a computer system

captive while demanding a ransom

• Blocks access to the data of a victim, threating to either

publish it or delete it until a ransom is paid

• Problem - ?
 Malware Threats
• Adware
– Short form of advertising-supported software
– Automatically delivers advertisements
– Majority aims at solely being the advertisers
– Some are capable of tracking user activity and stealing
information
• Spyware
– Functions by spying on user activity without their knowledge
– Can include activity monitoring, collecting keystrokes, data
harvesting (account information, logins, financial data)
 Malware Threats
• Logic Bomb
• A program that performs an action that violates the security
policy when some external event occurs

• Example: program that deletes company’s payroll records

when one particular record is deleted

– The “particular record” is usually that of the person writing the

logic bomb

– Idea is if (when) he or she is fired, and the payroll record

deleted, the company loses all those records
 Malware Symptoms
• Increased CPU usage
• Slow computer or web browser speeds
• Problems connecting to networks
• Freezing or crashing
• Modified or deleted files
• Appearance of strange files, programs, or desktop icons
• Programs running, turning off, or reconfiguring themselves
• Strange computer behavior
• Emails/messages being sent automatically and without user’s
knowledge
 Malware Countermeasures
• Install quality anti-malware software

• Make sure malware definitions of the scanner are regularly

updated

• Never open an attachment from an untrusted source

• Taking caution when surfing the internet and downloading files

• Backup data

• Sandboxing
 Sandboxing
• Security technique that isolates programs, preventing
malicious programs from damaging the rest of your
computer
• Isolates applications from critical system resources and
other programs
• Provides an extra layer of security that prevents malware
or harmful applications from negatively affecting your
system
• Without sandboxing, an application may have unrestricted
access to all system resources and user data on a
computer
• A sandboxed app on the other hand, can only access
resources in its own "sandbox
Sandboxing
Network Sniffing
 Network Sniffing
• Sniffing is a process of monitoring and capturing all data packets
passing through a given network using sniffing tools
• Generally, sniffers do not intercept or alter captured data
• Easy in hub based network
 How a Sniffer works
• Shared Ethernet
– An attacker gets connected to the target network in order to sniff
the packets

– In this environment, all the other machines receive packets meant

for one machine

– Sniffer turns the NIC of a system to the promiscuous mode so that

it listens to all the data transmitted on its segment
How a Sniffer works