this courseware is copyrighted © 2015 gtslearning. no part of this courseware or any training...
TRANSCRIPT
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning
International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks of their respective holders and are acknowledged by the publisher.
All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director
of gtslearning. These resources may not be used in conjunction with content from any other supplier. If you suspect that this course has been copied or distributed illegally, please telephone or email gtslearning.
1.3 Network Attacks
CompTIA Security+ Certification Support Skills
Objectives
1.3 Network Attacks
• Understand the relevance of the OSI model to network technologies and protocols
• Describe the function of network sniffers and protocol analyzers
• Describe procedures and products used to survey and test security systems
• Describe network attacks, such as scanning, spoofing, Man-in-the-Middle, replay, and Denial of Service
41
1.3 Network Attacks
Sniffers and Protocol Analyzers• Sniffer
o Captures frames from network
o Hardware or software
• Hubs, switches, and promiscuous mode
• Protocol Analyzero Decodes and presents frames
for analysis
o Network monitoring
• Packet injection
• Preventing eavesdropping 45
1.3 Network Attacks
ARP Attacks• Address Resolution
Protocol (ARP)
• Maps IPv4 addresses to hardware (MAC) interfaces
• ARP poisoningo Dsniff
o Ettercap
o Cain and Abel
• MAC flooding
47
1.3 Network Attacks
• Spoofing / masquerade as a general attack (can take place at many levels)
o Identity theft / social engineering
• Network spoofing attackso Replay
− Obtain some authentication data and use it to regain accesso Man-in-the-Middle
− Intercept packets (without sender or receiver knowing)− Can monitor contents of packets (unless encrypted)− Could modify packets and send on
Replay and Man-in-the-Middle Attacks
49
1.3 Network Attacks
IP Spoofing and TCP/IP Hijacking• Spoofing IP addresses
• TCP hijackingo 3-way handshake
o Non-blind spoofing
o Blind spoofing
• ICMP redirect
50
1.3 Network Attacks
• Discover network / host configuration
• Footprinting (network mapping)o Protocols, services, and applications running on the network
o Host workstation and server OS types and patch status
o Network addresses and host names
o Network interconnect device types and status
o Network security appliances and software
o User accounts and groups (especially administrative / root accounts) and passwords
Footprinting
53
1.3 Network Attacks
Fingerprinting# TCP / UDP Process Description
20 TCP ftp-data File Transfer Protocol - Data
21 TCP ftp File Transfer Protocol - Control
22 TCP / UDP ssh Secure Shell (including Secure Copy [scp] and Secure FTP [sftp])
23 TCP / UDP telnet Telnet
25 TCP / UDP smtp Simple Mail Transfer Protocol
42 TCP / UDP nameserver Windows Internet Name Service
53 TCP / UDP domain Domain Name System
67 UDP bootps BOOTP / DHCP Server
68 UDP bootpc BOOTP / DHCP Client
69 UDP tftp Trivial FTP
80 TCP http HTTP
88 TCP kerberos Kerberos authentication protocol
110 TCP pop3 Post Office Protocol version 3
115 TCP sftp Simple File Transfer Protocol
119 TCP nntp Network News Transfer Protocol
123 UDP ntp Network Time Protocol
135 TCP / UDP epmap Microsoft Remote Procedure Call (RPC)
137 UDP netbios-ns NetBIOS Name Service
138 UDP netbios-dgm
NetBIOS Datagram Service
139 TCP netbios-ssn NetBIOS Session Service
143 TCP / UDP imap4 Internet Mail Access Protocol
161 TCP / UDP snmp Simple Network Management Protocol
162 TCP / UDP snmptrap SNMP trap
179 TCP bgp Border Gateway Protocol
389 TCP / UDP ldap Lightweight Directory Access Protocol
443 TCP https HTTP Secure
445 TCP / UDP smb Microsoft File and Printer Sharing
515 TCP printer Line Printer Daemon
631 TCP / UDP ipp Internet Printing Protocol
989 TCP ftps-data FTP over SSL - Data
990 TCP ftps FTP over SSL - Control
• Identify host configuration
• Scan TCP and UDP ports
• Internet Assigned Numbers Authority (IANA) numbering
o Well-known (0-1024)
o Registered (to 49,151)
o Ephemeral (to 65,535)
• Configure a non-default port
• Source versus destination port
53
1.3 Network Attacks
Port Scanners / Xmas Attack• Port scanners
o netstat
o Nmap, Nessus, SuperScan, and Atelier Web Security Port Scanner
• Scanning techniqueso Probe ports
o Xmas attack
o Open connections
• Block scans at firewall or with Intrusion Detection System (IDS)
55
1.3 Network Attacks
Banner Grabbing• Probe server to
analyze responses
• Identify application / version / possible configuration
• Configure servers and applications not to leak information
56
1.3 Network Attacks
• Cause a service to fail or become unavailable
• Distributed (DDoS) attacks leverage bandwidth from compromised hosts / networks (botnet)
• TCP / ICMP / UDP / Application exploits
• Easy to use DoS tools
• Smurf
Denial of Service (DoS)
57
1.3 Network Attacks
Review• Understand the relevance of
the OSI model to network technologies and protocols
• Describe the function of network sniffers and protocol analyzers
• Describe procedures and products used to survey and test security systems
• Describe network attacks, such as scanning, spoofing, Man-in-the-Middle, replay, and Denial of Service
59