Network Security Threats

1
Chapter 6

• Network Security Threats

2
Objectives

• In this chapter, you will
• Learn how to defend against packet sniffers
• Understand the TCP, UDP, and IP protocols and
  their weaknesses
• Identify other protocols within the TCP/IP
  Protocol suite and their weaknesses
• Understand the threats to wireless networks

3
Packet Sniffers

• Capture network traffic
• Can view unencrypted traffic
• Can be installed on compromised systems as
  software utility
• Can only capture network traffic passed on the
  same network segment

4
Packet Sniffers

• Security solutions
• Restrict physical access to network inputs
• Protect systems to ensure sniffers cannot be
  installed
• Use switches instead of hubs
• Use encryption

5
TCP/IP Revisited TCP Communication Processes
6
TCP/IP Revisited TCP Communication Processes
7
TCP/IP Revisited TCP Communication Processes

• Immediate termination (without handshake)
• TCP reset
• RST message

8
Attacks on TCP, UDP, and IP Spoofing
9
Attacks on TCP, UDP, and IP Spoofing

• Security solutions
• Secure proxies
• Ingress filtering
• Apply latest patches to systems and network
  devices

10
Attacks on TCP, UDP, and IP Teardrop
11
Attacks on TCP, UDP, and IP Teardrop

• Security solutions
• Apply the latest patches to systems and network
  devices

12
Attacks on TCP, UDP, and IP DoS Attacks

• SYN flood
• Uses SYN packets to initiate connections
• Source addresses spoofed as another address
• Land
• Uses SYN packets to initiate connections
• Source addresses spoofed as specific target system

13
Attacks on TCP, UDP, and IP DoS Attacks

• Fraggle
• UDP echo requests
• Source addresses spoofed as specific target
  system
• FIN flood
• Uses SYN packets to initiate connections
• Source addresses spoofed as another address

14
Attacks on TCP, UDP, and IP DoS Attacks
15
Attacks on TCP, UDP, and IP DoS Attacks

• Security solution
• Configure network devices to drop SYN connections
  after a certain amount of time
• Configure network devices to drop FIN connections
  after a certain amount of time
• Disable UDP echo
• Disable unnecessary services

16
TCP/IP Protocol Suite
17
TCP/IP Protocol Suite
18
TCP/IP Protocol Suite
19
TCP/IP Protocol Suite
20
TCP/IP Protocol Suite Security Solutions

• HTTP
• Apply security patches
• Check scripts and other input on Web applications
• Use SSL encryption
• SMTP and POP3
• Apply security patches
• Disable open mail relays

21
TCP/IP Protocol Suite Security Solutions

• FTP communication processes

22
TCP/IP Protocol Suite Security Solutions

• FTP communication processes

23
TCP/IP Protocol Suite Security Solutions

• FTP and TFTP
• Apply security patches
• Use SCP instead
• Disallow anonymous FTP or heavily restrict access
  to anonymous users
• Disable TFTP on all systems

24
TCP/IP Protocol Suite Security Solutions

• Telnet
• Apply security patches
• Use SSH instead
• Restrict commands available to Telnet users
• Disable Telnet on critical systems

25
TCP/IP Protocol Suite Security Solutions

• DNS
• Apply security patches
• Block incoming DNS traffic
• NetBT
• Apply security patches
• Disable NetBT on any systems facing the Internet

26
TCP/IP Protocol Suite Security Solutions

• SNMP
• Apply security patches
• Upgrade to v3
• Change SNMP community strings
• LDAP
• Apply security patches
• Disable LDAP on Internet-facing systems

27
TCP/IP Protocol Suite Security Solutions

• Finger
• Disable
• NNTP
• Apply security patches
• ICMP
• Disable incoming ICMP
• Disable broadcasts

28
TCP/IP Protocol Suite Security Solutions

• ARP and RARP
• Use static ARP tables
• Encryption options
• IPSec
• Tunnel
• Transport
• PPTP is a modification of PPP (Point-to-Point
  Protocol)
• L2TP is a combination of PPTP and Cisco
  Systems Layer 2 Forwarding Protocol

29
Wireless Networks

• Wireless access point (WAP) provides both the
  transmitter and receiver for wireless network
  communications
• Wireless Encryption Protocol (WEP) is a Data
  Link layer protocol that was developed to add
  encryption to the 802.11b wireless network
  standard
• Security solutions
• VPN server
• MAC authentication

30
Summary

• Sniffers can listen to network traffic sent over
  a network. In the wrong hands, a sniffer can
  capture user IDs, passwords, or other sensitive
  information.
• TCP has several handshake processes that
  establish, reset, and close network
  communications.
• The TCP/IP protocol suite is the most popular set
  of network protocols in use today. The popularity
  of the suite is due, in large part, to its
  scalability, universality, and interoperability.

31
Summary

• The foundation of the TCP/IP protocol suite
  comprises the TCP, UDP, and IP protocols. Many
  other protocols are included HTTP, HTTPS, SMTP,
  POP3, FTP, TFTP, Telnet, DNS, NetBT, LDAP,
  Finger, NNTP, ICMP, ARP, and RARP.
• All protocols have a variety of weaknesses, so it
  is important to develop security solutions that
  protect data while in transit over networks.
• Wireless networks are becoming more popular in
  the IT environment but have some inherent
  vulnerabilities. These weaknesses should be
  addressed in order to securely transmit data and
  protect wired networks.