Hands-On Ethical Hacking and Network Defense Second Edition - Chapter 3 Network and Computer Attacks Objectives • After reading this chapter and completing the exercises , you will be able to: – Describe the different types of malicious software and what damage they can do – Describe methods of protecting against malware attacks – Describ e the types of network attacks – Identify physical security attacks and vulnerabilities Malicious Software (Malware) • Network attacks prevent a business from operating – Malicious software (malware) • Virus • Worm • Trojan program – Goals • Destroy data • Corrupt data • Shutdown a network or system • Make money Viruses • Virus attaches itself to a file or program – Needs host to replicate – Does not stand on its own – No foolproof prevention method • Antivirus programs – Detection based on virus signatures • Signatures are kept in virus signature file • Must update periodically • Some offer automatic update feature Intelligent Scareware • Encoding base 64 – Used to reduce size of e-mail attachments – Represents zero to 63 using six bits – A is 000000 … Z is 011001 • Converting base-64 strings to decimal equivalent – Create groups of four characters – Convert decimal value of each letter to binary – Rewrite as three groups of eight bits – Convert binary into decimal – Can also be used to hide information • Base-64 decoders
Hands-On Ethical Hacking and Network Defense Second Edition - Chapter 3 Network and Computer Attacks – Available for purchase • Shell – Executable piece of programming code – Creates interface to OS for issuing commands – Should not appear in an e-mail attachment Macro Viruses • Virus encoded as a macro – Programs that support a macro programming language (e.g., Visual Basic for Applications) • Lists of commands • Can be used in destructive ways – Example: Melissa • Appeared in 1999 • Even nonprogrammers can create macro viruses – Instructions posted on Web sites • Security professionals learn from thinking like attackers Worms • Replicates and propagates without a host – Infamous examples: • Code Red • Nimda • Theoretically can infect every computer in the world over a short period – Examples: • Slammer and Nachi ATM worm attacks Trojan Programs • A destructive program that masquerades as an application. – The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system. – Trojan horses do not replicate themselves – Typically install Rootkits, Backdoors, and provide Remote Access to systems for further exploitation • Defensive Measure: – Good security software (e.g. AV, anti-malware) or hardware firewalls
Hands-On Ethical Hacking and Network Defense Second Edition - Chapter 3 Network and Computer Attacks – Question prompts from security software to allow traffic on unfamiliar ports – Trojan programs can use well-known ports to mask their activity • Well-known Trojan Programs & Ports Spyware • Sends information from infected computer to attacker – Confidential financial data – Passwords – PINs – Any other stored data • Can register each keystroke entered – Prevalent technology • Educate users about spyware Adware • Definition: Any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up or banners. • Similar to spyware – Installed without users being aware • Main purposes: – Determine user’s purchasing habits • Tailors advertisement – Generate revenue for the author through display of 3 rd party ad impressions to significant numbers of systems • Main problem – Slows down computers Protecting Against Malware Attacks • Difficult task – New viruses, worms, and Trojan programs appear daily • Antivirus programs – Detected many malware programs • Boundary Initiatives: – Install proxies with anti-malware detection • Prevents malicious code from arriving at client system – Prevent unusual in/outbound port access through firewalls • Layer 8 Defenses: – Educate users no less than annually – Eliminate users ability to install software where possible
Hands-On Ethical Hacking and Network Defense Second Edition - Chapter 3 Network and Computer Attacks – Eliminate users ability to modify software firewall rules where possible • Avoiding Fear Tactics • Avoid scaring users into complying with security measures – Sometimes used by unethical security testers • Against the OSSTMM’s Rules of Engagement • Promote awareness rather than instilling fear – Users should be aware of potential threats – Build on users’ knowledge • Makes training easier • Role play and examples help make strong points users can embrace Educating Your Users • Structural training – Includes all employees and management • Should be mandated no less than annually • Document to require people sign-in to ensure complete attendance • Consider social engineering staff randomly to gage awareness / response – Whenever possible use managed vs. unmanaged compliance solutions: • Anti-virus • Patch management • Firewall rule and HIPS signatures • As a last resort enforce the use of unmanaged anti-malware and anti-virus solutions. Perform random checks for compliance. Intruder Attacks on Networks and Computers • Attack: Any attempt by an unauthorized person to access, damage, or use network resources • Network security: Concern with security of network infrastructure • Computer security – Concerned with security of a stand alone computers or systems • Not part of a network infrastructure • Computer crime: Fastest growing type of crime worldwide Denial-of-Service Attacks • Denial-of-service (DoS) attack – Prevents legitimate users from accessing network resources – Some forms do not involve computers • Do not attempt to access information – Cripples the network – Makes it vulnerable to other attacks • Installing an attack yourself is not wise
Hands-On Ethical Hacking and Network Defense Second Edition - Chapter 3 Network and Computer Attacks – Only explain how the attack could happen – Could render systems and networks unusable • Distributed Denial-of-Service Attacks • Distributed denial-of-service (DDoS) attack – Attack on host from multiple servers or workstations – Network could be flooded with billions of packets • Loss of bandwidth • Degradation or loss of speed • Difficult to defend against (sourced from many networks) – Often participants are not aware they are part of the attack • They, too, have been attacked • Botnets and Zombies used by bot-herder Buffer Overflow Attacks • Vulnerability in poorly written code – Doesn’t check for amount of memory space use • Attacker writes code that overflows buffer – OS runs this code – Code elevates attacker’s permission • Administrator, owner, or creator • Train programmers in developing applications with security in mind Ping of Death Attacks • Type of DoS attack – Not as common as during the late 1990s • How it works – Attacker creates a large ICMP packet • More than allowed 65,535 bytes – Large packet is fragmented into small packets • Reassembled at destination – Destination point cannot handle reassembled oversize packet • Causes it to crash or freeze Session Hijacking • Enables attacker to join a TCP session – Attacker makes both parties think he or she is the other party • Complex attack – Beyond the scope of this book
Hands-On Ethical Hacking and Network Defense Second Edition - Chapter 3 Network and Computer Attacks Vulnerability Scanning • Determines current attack surface – All devices have potential vulnerabilities • Workstations • Servers • Printers • Routers • Switches • Vender supplied patches resolve most issues • Security professionals must determine and manage the current patch state of their networks to be able to determine the current risks Addressing Physical Security • Protecting a network – As important as logical security measures – Layered approach using different tactics at each layer • Inside attacks – More likely than outside attacks – May have insider knowledge of protective measures – Requires layered monitoring and logging to identify anomalies Keyloggers • Used to capture keystrokes on a computer – Software • Loaded on to computer • Behaves like Trojan programs – Hardware • Small and easy to install device • Goes between keyboard and computer • Examples: KeyKatcher and KeyGhost • Available as software (spyware) – Transfers information\ • Used by Cyberthieves, Law Enforcement, and Corporate investigators. – Maybe illegal is some states Behind Locked Doors • Lock up servers
Hands-On Ethical Hacking and Network Defense Second Edition - Chapter 3 Network and Computer Attacks – Average person • Can pick deadbolt lock in less than five minutes • After only a week or two of practice – Experienced hackers • Can pick deadbolt lock in under 30 seconds • Rotary locks are harder to pick – Require pushing in a sequence of numbered bars • Keep a record of who enters and leaves the room – Security cards can be used for better security
Recommend
More recommend
