Professional Documents
Culture Documents
CompTIA Security+
Get Certified Get Ahead
By Darril Gibson
• Spoofing
– Impersonating or masquerading
as someone or something else
• MAC spoofing
• IP spoofing
• ARP poisoning
Switch Internet
Router
User
Switch
Router
192.168.1.1
01-23-45-01-01-01
Victim
192.168.1.5
01-23-45-55-55-55
Consider
VLAN
Man in the Middle Attacker segregation
192.168.1.66
01-23-45-66-66-66
• NTP
– Monlist command
• Dictionary
– Prevent with complex passwords
– http://www.md5online.org/ Demo
Password 12345
Hash 827ccb0eea8a706c4c34a16891f84e7b
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Password Attacks
• Pass the hash
– Attacker discovers the hash
– Attacker uses the hash to log on
– Can be
• An application/service attack
• A wireless attack
• A cryptographic attack
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Common Attacks
• Known plaintext
– Attacker has samples of both the plaintext and the ciphertext
The information contained in this email and any accompanying attachments may
contain proprietary information about the Pay & Park & Pay parking garage.
Nr55tySu3IFIf7f3Cjn540fSs0j0QbshCN0yOAvhN3UKr85uEkvawEPG3lhLIklwBz7h
BzhaRZ96KUYIT3wQbf2cSkWHtN8ZQrQ+ZGJHhe8HkL42CPjHIGc0HW4urJ+NNLn
NxqHyRo34azbnXsd3qd3Ce5GE7blWtY0duwNKy0xqhmDihUJs9nDhXBV4nBkZ6s
hcmKGEUSyvCr/hOEpAYw==
• Clickjacking
– Tricks users into clicking something different
– Typically uses frames
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Common Attacks
• Session hijacking
– Impersonate the user with the session ID
– Session IDs stored in cookies
• Domain hijacking
– Attacker changes the registration of the domain
name
– Typically done by using social engineering techniques
to guess owner’s password
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Common Attacks
• Man-in-the-browser attack
– Type of proxy Trojan horse
– Can capture browser session data
• Driver manipulation
– Shimming
– Refactoring
• Runtime code
– Code is evaluated, interpreted, and executed when the
code is run
– HTML is interpreted by web browsers and displayed as web
pages
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Input Validation
• Verifies validity of data before using it
– Verifies proper characters
– Uses boundary and/or range checking
– Blocks HTML code
– Prevents the use of certain characters
• Client-side vs server-side
– Server-side is more secure (many sites use both)
• Input validation prevents
– Buffer overflow, SQL injection, command injection, and
cross-site scripting attacks
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Secure Coding Concepts
• Avoid race conditions
– Occur when two modules attempt to access the
same resource
– First module to complete the process wins
– Database locks prevent race conditions
• Encryption
• Authentication
• Code signing
• Code obfuscation
– Camouflage code
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Code Quality and Testing
• Static code analyzers
• Dynamic analysis
• Stress testing
• Sandboxing
• Model verification
• Protected by
placing in DMZ
• Result
SELECT * FROM Customers WHERE name = ' '
SELECT * FROM Customers WHERE '1'='1'
– Input validation
– Stored procedures
• Labs http://gcgapremium.com/501labs/
GetCertifiedGetAhead.com © 2017 YCDA, LLC