topic 4A : networks and security Flashcards
Reconnaissance attacks
- reconnaissance is also known as information gathering
- involve the unauthorized discovery and mapping of systems, services or vulnerabilities (like surveying for weak links in the system)
- usually comes before an access/DoS attack
Process of a reconnaissance attack
- intruder conducts a ping sweep of the target network to determine which IP addresses are active
- then determines which services or ports are available on the live IP addresses
- the intruder queries the ports to determine the type and version of the application and operating system that is running
- then they look for vulnerable services that can be exploited
Tools used during a RA
- packet sniffers
- ping sweeps
- port scans
- internet information queries
- other low-technology reconnaissance
Packet sniffer
- an application that uses a Network Interface Card (NIC) in promiscuous mode to capture all network packets that are sent across the LAN (Local Area Network)
(promiscuous mode : a network card configuration that passes all traffic received to the network adapter driver and protocol stack)
- if network packets are in unencrypted plaintext, it can be captured and understood by any application that can pick them off the network
Ping sweep
- a basic network scanning technique that scans a range of IP addresses (hosts) to determine if any hosts are alive
- consists of ICMP echo requests sent to multiple hosts, if a host address is alive, it will return an ICMP echo reply
ICMP : Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues. ICMP is mainly used to determine whether or not data is reaching its intended destination in a timely manner
Port scan
- each service on a host is associated with a well-known port number
- port scanning : a scan of a range of TCP or UDP port numbers on a host to detect listening services
consists of sending a message to each port on a host, the response that the sender receives indicates whether the port is being used
Internet information queries
1) can reveal information such as :
- who owns a particular domain
- what IP addresses have been assigned to that domain
2) whois database (a public database that houses the information collected when someone registers a domain name or updates their DNS settings, available to everyone using the internet), the ‘white pages’ of the internet, storing:
- technical, administrative and billing contact names
- phone numbers and email addresses
- domain name servers (DNS)
Low-technology reconnaissance
1) social engineering
- duping someone over the phone to reveal sensitive information (a form of manipulation)
- clever attacker can easily get passwords
- social networking websites
2) physical break-in
- simply walking through the front-door
- piggybacking : connecting to a wireless network/internet without the owner’s/subscriber’s permission or knowledge
- get network connectivity, diagrams etc
3) dumpster diving
- the act of extracting information from discarded physical or digital waste
- also known as “trashing”
- can be disgusting but rewarding
- network diagrams and system documentation
- post-it notes with passwords
Access attacks
aim :
- retrieve data
- gain access
- escalate access privileges
types of access attacks :
1) password attack : to exploit a vulnerability in user authorization within a digital system
2) trust exploitation : an attacker takes advantage of a relationship of trust between computer systems
3) man-in-the-middle attack : when the attacker positions himself in a conversation to eavesdrop or impersonate one of the parties involved)
Password attacks
implemented using
- brute-force attacks : repeated attempts to identify a user ID and password based on the built-in dictionary
- trojan horse programs : keyloggers (keeps track of and records your keystrokes as you type)
- packet sniffers : capture un-encrypted passwords
Trust exploitation
goal :
to compromise a trusted host, using it to stage attacks on other hosts in the network
how it works :
1. attacker wants to attack system A
- system A only trusts system B, while system B trusts everyone
2. attacker compromises system B first
3. attacker creates “system A user” in system B to deceive them
4. attacker can attack system A from system B now
Man-in-the-middle attack
- the attacker is positioned in the middle of communications/a conversation between 2 machines (eg like a user and an application) and eavesdrop/read or modify the data passed between the 2 hosts
- a popular attack involves a laptop acting as a rogue access point and often, the user in a public location on a wireless hotspot
- can be active or passive
active attacks : intercept and alter the contents before they are sent on to the recipient
passive attacks : capture and record the contents and pass it on
Denial of service (DoS) attacks
attack on availability :
- a DoS attack is a network attack that results in an interruption of service to users, devices or applications
- victim resources like websites become unavailable for legitimate public access
Why are they major risks?
- they can easily disrupt business processes and cause significant losses
- relatively simple to conduct, even by an unskilled attacker
Distributed DoS attack
- DDoS attacks originate from multiple coordinated sources
- presents a challenge to the victim to identify and stop each distributed attacker
symptoms of DoS attacks:
1) dramatic increase in request for a particular service
2) unusually slow network performance
3) unavailability of a particular website
How does a DDos attack work?
1) the hacker distributes zombie software to numerous machines via internet
2) attack is initiated by sending attack command with victim’s IP address with a remote-control attack software
3) upon receiving attack command, all the zombies flood the victim with attack packets
4) some machines act as handlers to forward attack commands to other zombies
