0% found this document useful (0 votes)

84 views

Network Security: MSC Course by

Network threats and attacks were discussed including: 1. Four classes of threats - unstructured, structured, external, and internal threats. Internal threats account for 60-80% of incidents. 2. Four classes of attacks - reconnaissance, access, denial of service (DoS), and worms/viruses/Trojan horses. Reconnaissance includes ping sweeps and port scans to determine live IP addresses and open ports. Access attacks exploit vulnerabilities like password attacks. DoS attacks prevent authorized access by consuming resources. 3. Specific attack examples covered reconnaissance, access, DoS, IP spoofing, and password cracking methods. Internal threats pose the greatest risk according to statistics.

Uploaded by

mheba11

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

84 views

Network Security: MSC Course by

Uploaded by

mheba11

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 9

Network Security

MSC Course
By:
Dr. Qutaiba Ibrahem Ali
Computer Eng. Dept. / Mosul University

:LECTURE 1
Network Threats & Attacks
Threats
There are four primary classes of threats to network security

1.Unstructured threats
Unstructured threats consist of mostly inexperienced individuals using easily available
hacking tools such as shell scripts and password crackers . Even unstructured threats that are
only executed with the intent of testing and challenging a hacker’s skills can still do serious
damage to a company. For example, if an external company Web site is hacked, the integrity
of the company is damaged. Even if the external Web site is separate from the internal
information that sits behind a protective firewall, the public does not know that. All the
public knows is that the site is not a safe environment to conduct business.
2.Structured threats
Structured threats come from hackers that are more highly motivated and technically
competent. These people know system vulnerabilities, and can understand and develop
exploit-code and scripts. They understand, develop, and use sophisticated hacking
techniques to penetrate unsuspecting businesses. These groups are often involved with the
major fraud and theft cases reported to law enforcement agencies.
3.External threats
External threats can arise from individuals or organizations working outside of a company.
They do not have authorized access to the computer systems or network. They work their
way into a network mainly from the Internet or dialup access servers.
4.Internal threats
Internal threats occur when someone has authorized access to the network with either an
account on a server or physical access to the network. According to the FBI, internal access
and misuse account for 60 to 80 percent of reported incidents.
Attacks
There are 4 primary classes of attacks

• Reconnaissance
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities.
It is also known as information gathering and, in most cases, it precedes an actual access or Denial
of Service (DoS) attack. Reconnaissance is somewhat analogous to a thief casing a neighborhood
for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open
windows.
• Access
System access is the ability for an unauthorized intruder to gain access to a device for which the
intruder does not have an account or a password. Entering or accessing systems to which one does
not have access usually involves running a hack, script, or tool that exploits a known vulnerability
of the system or application being attacked.
• Denial of Service (DoS) :Denial of service (DoS) implies that an attacker disables or corrupts
networks, systems, or services with the intent to deny services to intended users. DoS attacks
involve either crashing the system or slowing it down to the point that it is unusable. But DoS can
also be as simple as deleting or corrupting information. In most cases, performing the attack simply
involves running a hack or script. The attacker does not need prior access to the target because a
way to access it is all that is usually required. For these reasons, DoS attacks are the most feared.
• Worms, Viruses, and Trojan Horses
Malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate
itself, or deny services or access to networks, systems, or services.
Reconnaissance attacks : Reconnaissance attacks can consist of the following
•Packet sniffers
•Port scans
•Ping sweeps
•Internet information queries

A malicious intruder typically ping sweeps the target network to determine which IP
addresses are alive . After this, the intruder uses a port scanner to determine what network
services or ports are active on the live IP addresses

The ping command tells the attacker what IP addresses are alive.
Network snooping and packet sniffing are common terms for eavesdropping. Eavesdropping
is listening in to a conversation, spying, prying, or snooping. The information gathered by
eavesdropping can be used to pose other attacks to the network.
An example of data susceptible to eavesdropping is SNMP version 1 community strings,
which are sent in clear text. An intruder could eavesdrop on SNMP queries and gather
valuable data on network equipment configuration. Another example is the capture of
usernames and passwords as they cross a network.

Tools Used to Perform Eavesdropping

The following tools are used for eavesdropping:
•Network or protocol analyzers
•Packet capturing utilities on networked computers
Access attacks
Access attacks exploit known vulnerabilities in authentication services, FTP services, and Web
services to gain entry to Web accounts, confidential databases, and other sensitive information

Password Attacks
Password attacks can be implemented using several methods, including brute-force attacks, Trojan
horse programs, IP spoofing, and packet sniffers
Although packet sniffers and IP spoofing can yield user accounts and passwords, password attacks
usually refer to repeated attempts to identify a user account, password, or both. These repeated
attempts are called brute force attacks.
Often a brute-force attack is performed using a program that runs across the network and attempts to
log in to a shared resource, such as a server. When an attacker gains access to a resource, he or she
has the same access rights as the user whose account has been compromised. If this account has
sufficient privileges, the attacker can create a back door for future access, without concern for any
status and password changes to the compromised user account

The following are the two methods for computing passwords:

•Dictionary cracking – The password hashes for all of the words in a dictionary file are computed
and compared against all of the password hashes for the users. This method is extremely fast and
finds very simple passwords.
•Brute-force computation – This method uses a particular character set, such as A to Z, or A to Z
plus 0 to 9, and computes the hash for every possible password made up of those characters. It will
always compute the password if that password is made up of the character set you have selected to
test. The downside is that time is required for completion of this type of attack.
•Trust Exploitation
Although it is more of a technique than a hack itself, trust exploitation refers to an attack in which an
individual takes advantage of a trust relationship within a network
Denial of service attacks
Certainly the most publicized form of attack, DoS attacks are also among the most difficult
to completely eliminate. attention from security administrators. If you are interested in
learning more about DoS attacks, researching the methods employed by some of the better-
known attacks can be useful. DoS attacks take many forms. Ultimately, they prevent
authorized people from using a service by using up system resources

The following are some examples of common DoS threats:

•Ping of death – This attack modifies the IP portion of the header, indicating that there is
more data in the packet than there actually is, causing the receiving system to crash .
•SYN flood attack – This attack randomly opens up many TCP ports, tying up the network
equipment or computer with so many bogus requests that sessions are thereby denied to
others. This attack is accomplished with protocol analyzers or other programs.
•Packet fragmentation and reassembly – This attack exploits a buffer–overrun bug in
hosts or internetworking equipment.
•E-mail bombs – Programs can send bulk e-mails to individuals, lists, or domains,
monopolizing e-mail services.
•CPU hogging – These attacks constitute programs such as Trojan horses or viruses that tie
up CPU cycles, memory, or other resources.
•Malicious applets – These attacks are Java, JavaScript, or ActiveX programs that act as
Trojan horses or viruses to cause destruction or tie up computer resources.
•Misconfiguring routers – Misconfiguring routers to reroute traffic disables web traffic.
•The chargen attack – This attack establishes a connection between UDP services,
producing a high character output. The host chargen service is connected to the echo service
on the same or different systems, causing congestion on the network with echoed chargen
traffic.
•Out-of-band attacks such as WinNuke – These attacks send out-of-band data to port 139 on Windows
95 or Windows NT machines. The attacker needs the victim’s IP address to launch this attack .
•Land.c – This program sends a TCP SYN packet that specifies the target host address as both source
and destination. The program also uses the same port (such as 113 or 139) on the target host as both
source and destination, causing the target system to stop functioning.
•Targa.c – This attack is a multi-platform DoS attack that integrates bonk, jolt, land, nestea, netear,
syndrop, teardrop, and winnuke all into one exploit.

Masquerade/IP Spoofing
With a masquerade attack, the network intruder can manipulate TCP/IP packets by IP spoofing, falsifying
the source IP address, thereby appearing to be another user. The intruder assumes the identity of a valid
user and gains that user’s access privileges by IP spoofing. IP spoofing occurs when intruders create IP
data packets with falsified source addresses.

Normally, an IP spoofing attack is limited to the injection of data or commands into an existing stream of
data passed between a client and server application or a peer-to-peer network connection. The attacker
simply does not worry about receiving any response from the applications.

If an attacker manages to change the routing tables they can receive all of the network packets that are
addressed to the spoofed address, and reply just as any trusted user can. Like packet sniffers, IP spoofing
is not restricted to people who are external to the network.

Some tools used to perform IP spoofing attacks are as follows:

•Protocol analyzers, also called password sniffers
•Sequence number modification
•Scanning tools that probe TCP ports for specific services, network or system architecture, and the OS

After obtaining information through scanning tools, the intruder looks for vulnerabilities associated with
those entities.
Course Projects (2007-2008)

• Analysis & applications of Quantum Cryptography

• Implementation of Data Encryption Standard (DES) using FPGA ( Tx
Side)
• Implementation of Data Encryption Standard (DES) using FPGA ( Rx
Side)
• Securing Network Data Using Steganography
• Hash Function, Message Digest and Message Authentication Code
• Architecture of Intrusion Detection & Prevention System (IDPS).
• Wireless LAN (WLAN) Security Methods
Course Projects (2008-2009)