PACE-IT: Common Threats (part 1)

Common network threats I.

Page 2

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Page 3


– Inside jobs or threats.

– Outside threats.

PACE-IT.

Page 4

Inside jobs or threats.Common network threats I.

Page 5

Inside jobs or threats.

– Malicious employee.» This is difficult to defend against, as the threat is

already inside the network.• Resources must be granted in order for

employees to do their jobs. » One of the best defenses is using the principle of

least privilege.• Only granting the least amount of authorization

that is required for a person to get their work done.

– Compromised system.» Once a PC or network device has been

compromised, it is vitally important to isolate it from the system as a whole.

• A compromised PC or network device could lead to a completely compromised network, as malware may be able to spread across connections.

• Once malware gains access to network resources, it can be extremely difficult to root out and remove. Malware may also degrade the network’s performance.


Page 6


– Social engineering.» The process of using social pressure to cause

somebody to compromise a system from inside the defenses of the network.

• The pressure can be applied in multiple forms: by phone, in person, via email, through a rogue website, or by other methods.

– ARP (Address Resolution Protocol) cache poisoning.

» The ARP cache, which maps IP addresses to MAC addresses, is corrupted by an attacker with the end result being that the attacker has control of which IP addresses are associated with MAC addresses.

• Commonly used in man-in-the-middle attacks.

– Protocol or packet abuse.» The process of taking a specific protocol and

repurposing it to perform a different function.• Commonly used to bypass a router’s access control

list (ACL) from inside a network (e.g., encapsulating a not allowed protocol within a DNS (an allowed) protocol).


Page 7


– Man-in-the-middle attack.» The attacker is not necessarily inside the network per

se, but is in between two end points that are communicating on a network.

• In most cases, man-in-the-middle attacks involve disrupting the ARP process between the two end points.

» The attack allows a malicious user to be able to view all network packets that are flowing between the communicating hosts.

– VLAN hopping.» Circumventing the security that is inherent when

virtual local area networks (VLANs) are created. Normally, traffic that is tagged for one VLAN is not allowed onto another VLAN without the intervention of a router.

• VLAN hopping occurs when the attacker adds an additional fake VLAN tag to the network packets. Once the packet gets to the switch, the switch strips one of the VLAN tags off the packet and passes it through. Once through the switch, the packet is considered as belonging to the new VLAN.


Page 8

Outside threats.Common network threats I.

Page 9

Outside threats.

One of the largest threats that faces network security personnel is the unknown vulnerability.

Network and systems administrators expend a fair amount of effort protecting the assets under their control and they can do a good job of hardening their systems, but not a perfect job.The problem lies with zero day attacks. Zero day attacks take advantage of either new or very recently discovered vulnerabilities, which means that networks and systems probably haven’t yet been hardened against them.The unfortunate reality is that attacks keep changing and security experts must also be willing to adapt in order to keep pace.


Page 10

Outside threats.

– Brute force attacks.» Using computing power and time to compromise

passwords.• The attacker uses a program that continually tries

different password combinations (often in the form of a special dictionary application) in an effort to crack a password.

– Spoofing.» A category of threats where either the MAC address or

IP address of the attacker has been modified to look like a friendly address in order to bypass network security.

• A common use in the past was to spoof the IP address, so that an outside attacker was actually viewed as an inside host.

– Session hijacking.» An attacker attempts to take over a communication

session after a user has been authenticated. • The hijacking can occur through various methods

(e.g., using a packet sniffer to steal a session cookie or installing malware on a user’s computer that is activated after the user is authenticated).


Page 11

What was covered.Common network threats I.

Given the nature and purpose of networks, it can be difficult to make them secure. Common threats that come from within the network itself are: malicious employees, compromised systems, social engineering, ARP cache poisoning, protocol or packet abuse, man-in-the-middle attacks, and VLAN hopping.

Topic


Summary

Of major concern to network security personnel are zero day attacks (the exploitation of previously unknown vulnerabilities) and it is imperative that they keep current with what is being developed. Other outside threats include: brute force attacks, spoofing attacks, and session hijacking.

Outside threats.

Page 12

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.