PACE-IT: Common Threats (part 1)
Download as PPTX, PDF•1 like•306 views
The document discusses various common network threats, including insider threats like malicious employees and compromised systems, as well as external threats such as zero-day attacks, brute force attacks, and session hijacking. It emphasizes the need for strong security measures, like the principle of least privilege and awareness of evolving attack methods. The goal is for network security personnel to adapt to new threats while maintaining the integrity of their networks.
PACE-IT: Common Threats (part 1)
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 – Inside jobs or threats. – Outside threats. PACE-IT.
- 4. Page 4 Common network threats I.
- 5. Page 5 – Malicious employee. » This is difficult to defend against, as the threat is already inside the network. • Resources must be granted in order for employees to do their jobs. » One of the best defenses is using the principle of least privilege. • Only granting the least amount of authorization that is required for a person to get their work done. – Compromised system. » Once a PC or network device has been compromised, it is vitally important to isolate it from the system as a whole. • A compromised PC or network device could lead to a completely compromised network, as malware may be able to spread across connections. • Once malware gains access to network resources, it can be extremely difficult to root out and remove. Malware may also degrade the network’s performance. Common network threats I.
- 6. Page 6 – Social engineering. » The process of using social pressure to cause somebody to compromise a system from inside the defenses of the network. • The pressure can be applied in multiple forms: by phone, in person, via email, through a rogue website, or by other methods. – ARP (Address Resolution Protocol) cache poisoning. » The ARP cache, which maps IP addresses to MAC addresses, is corrupted by an attacker with the end result being that the attacker has control of which IP addresses are associated with MAC addresses. • Commonly used in man-in-the-middle attacks. – Protocol or packet abuse. » The process of taking a specific protocol and repurposing it to perform a different function. • Commonly used to bypass a router’s access control list (ACL) from inside a network (e.g., encapsulating a not allowed protocol within a DNS (an allowed) protocol). Common network threats I.
- 7. Page 7 – Man-in-the-middle attack. » The attacker is not necessarily inside the network per se, but is in between two end points that are communicating on a network. • In most cases, man-in-the-middle attacks involve disrupting the ARP process between the two end points. » The attack allows a malicious user to be able to view all network packets that are flowing between the communicating hosts. – VLAN hopping. » Circumventing the security that is inherent when virtual local area networks (VLANs) are created. Normally, traffic that is tagged for one VLAN is not allowed onto another VLAN without the intervention of a router. • VLAN hopping occurs when the attacker adds an additional fake VLAN tag to the network packets. Once the packet gets to the switch, the switch strips one of the VLAN tags off the packet and passes it through. Once through the switch, the packet is considered as belonging to the new VLAN. Common network threats I.
- 8. Page 8 Common network threats I.
- 9. Page 9 One of the largest threats that faces network security personnel is the unknown vulnerability. Network and systems administrators expend a fair amount of effort protecting the assets under their control and they can do a good job of hardening their systems, but not a perfect job. The problem lies with zero day attacks. Zero day attacks take advantage of either new or very recently discovered vulnerabilities, which means that networks and systems probably haven’t yet been hardened against them. The unfortunate reality is that attacks keep changing and security experts must also be willing to adapt in order to keep pace. Common network threats I.
- 10. Page 10 – Brute force attacks. » Using computing power and time to compromise passwords. • The attacker uses a program that continually tries different password combinations (often in the form of a special dictionary application) in an effort to crack a password. – Spoofing. » A category of threats where either the MAC address or IP address of the attacker has been modified to look like a friendly address in order to bypass network security. • A common use in the past was to spoof the IP address, so that an outside attacker was actually viewed as an inside host. – Session hijacking. » An attacker attempts to take over a communication session after a user has been authenticated. • The hijacking can occur through various methods (e.g., using a packet sniffer to steal a session cookie or installing malware on a user’s computer that is activated after the user is authenticated). Common network threats I.
- 11. Page 11 Common network threats I. Given the nature and purpose of networks, it can be difficult to make them secure. Common threats that come from within the network itself are: malicious employees, compromised systems, social engineering, ARP cache poisoning, protocol or packet abuse, man-in-the-middle attacks, and VLAN hopping. Topic Inside jobs or threats. Summary Of major concern to network security personnel are zero day attacks (the exploitation of previously unknown vulnerabilities) and it is imperative that they keep current with what is being developed. Other outside threats include: brute force attacks, spoofing attacks, and session hijacking. Outside threats.
- 13. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.