Академический Документы
Профессиональный Документы
Культура Документы
Introduction
Computer systems and computer networks are complex entities. They combine
hardware and software components to create a system that can perform operations and
calculations beyond the capabilities of humans. From the integration of communication
devices, storage devices, processing devices, security devices, input devices, output
devices, operating systems, software, services, data, and people, emerge computers and
networks.
The first networks allowed communication between a central computer and
remote terminals. Telephone lines were used, (they allowed a fast and economic transfer
of the data). Existing procedures and protocols were used to establish communication
and modulators and demodulators were incorporated.
There is a difference between a computer network and a communications
network.
A computer network is a set of equipment connected through cables, signals,
waves or any other method of data transport, which share information (files), resources
(CD-ROM, printers, etc.), services (access to the internet, mail, chat, games).
A communications network is a set of technical means that allow remote
communication between autonomous teams (non-hierarchical -master / slave-),
normally it is about transmitting data, audio and video by electromagnetic waves through
various means (air, vacuum, copper cable, fiber optic cable, etc.).
To simplify the communication between applications of different equipment, ISO
was the one that defined the OSI model, which was specified 7 different layers. Each layer
develops a specific function with a defined scope. The TCP / IP model is a protocol model
because it describes the functions that occur in each layer of protocols within the TCP /
IP set.
Less than 10 years ago, most people didn’t even know what the Internet or email
was. To take a further step back, most of the people did not even have computers at work
or home, and some even questioned their usefulness. Things have changed.
Network Security
Cole, E., Krutz, R. and Conley, J. (2009 p 21) Define that Network security spans a
large number of disciplines, ranging from management andpolicy topics to operating
system kernel fundamentals. Historically, the coverage of these and the other network
security areas was presented in multiple, specialized publications or given a high-level
treatment that was not suited to the practitioner. Network Security Bible, 2nd Edition
approaches network security from the view of the individual who wants to learn and
apply the associated network security best practices without having to sort through a
myriad of extraneous material from multiple sources. The information provided in this
text includes ‘‘secrets’’ learned by practicing professionals in the field of network security
through many years of real-world experience.
Having a clear vision of what network security is, we must begin to define what
are the IDS-IPS
Intrusion Detection and Prevention Systems
Chapple, M., Stewart, J. and Gibson, D. (2018 p. 1213), state detection and
prevention methods change to adapt to new attacks. Intrusion detection systems (IDSs)
and intrusion prevention systems (IPSs) are two methods organizations typically
implement to detect and prevent attacks.
An intrusion occurs when an attacker can bypass or thwart security mechanisms
and gain access to an organization’s resources. Intrusion detection is a specific form of
monitoring that monitors recorded information and real-time events to detect abnormal
activity indicating a potential incident or intrusion. An intrusion detection system (IDS)
automates the inspection of logs and real-time system events to detect intrusion
attempts and system failures. Because an IPS includes detection capabilities, you’ll often
see them referred to as intrusion detection and prevention systems (IDPSs).
Firewall
(Maymi, 2018 p. 646) explains that Firewalls are used to restrict access to one
network from another network. Most companies use firewalls to restrict access to their
networks from the Internet. They may also use firewalls to restrict one internal network
segment from accessing another internal segment. For example, if the security
administrator wants to make sure employees cannot access the research and
development network, he would place a firewall between this network and all other
networks and configure the firewall to allow only the type of traffic he deems acceptable.
A firewall may be a server running a firewall software product or a specialized
hardware appliance. It monitors packets coming into and out of the network it is
protecting. It can discard packets, repackage them, or redirect them, depending upon the
firewall configuration
Methods of Attacks
There are many different kinds of attacks, they can be generally grouped into a
handful of classifications or categories.
These are the common or well-known classes of attacks or attack methodologies:
Brute force and dictionary, Denial of service, Spoofing, Man-in-the-middle attacks,
Spamming, Sniffers, and Crackers.
Denial of Service (DOS)
Cole, E. (2002 p. 204) states that A Denial of Service attack (DOS) is an attack
through which a person canrender a system unusable or significantly slow down the
system for legitimate users by overloading the resources so no one else can access it.
(Chapple, Stewart and Gibson, 2018 p. 927) explains that there are two basic
forms of denial of service:
Attacks exploiting a vulnerability in hardware or software. This exploitation of a
weakness, error, or standard feature of software intends to cause a system to hang,
freeze, consume all system resources, and so on. The end result is that the victimized
computer is unable to process any legitimate tasks.
In either case, the victim has been denied the ability to perform normal
operations (services).
Types of Denial of Service Attacks
Cole, E. (2002 p. 210-233) mention that types of DOS attacks:
• Ping of Death
• SSPing
• Land
• Smurf
• SYN Flood
• CPU Hog
• Win Nuke
• RPC Locator
• Jolt2
• Bubonic
• Microsoft Incomplete TCP/IP Packet Vulnerability
• HP Openview Node Manager SNMP DOS Vulnerability
• Netscreen Firewall DOS Vulnerability
• Checkpoint Firewall DOS Vulnerability.
Some of these attacks have been around for a while, however, they are included
because they cover very important concepts of how DOS attacks work, and they give us
an idea of the range of services or protocols that can be attacked, to cause a Denial of
Service attack. We will explain one of these attacks.
Ping of Death
A Denial of Service attack that involves sending a very large ping packet to a host
machine.
Exploit Details
Name: Ping of Death
Operating System: Most Operating Systems
Protocols/Services: ICMP Ping
The ping of death attack is a category of network-level attacks against hosts with
the goal of denying service to that host. A perpetrator sends a large ping packet to the
victim’s machine. Because most operating systems do not know what to do with a packet
that is larger than the maximum size, it causes most operating systems to either hang or
crash. For example, this causes the blue screen of death in Microsoft Windows.
Protocol Description
Cole, E. (2002 p. 210) suggests that Ping of death uses large Internet Control
Message Protocol (ICMP) or ping packets to cause a Denial of Service attack against a
given system
Detailed Description
The TCP/IP specification (the basis for many protocols used on the Internet) allows
for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a
minimum of 20 octets of IP header information and 0 or more octets of optional
information, with the remainder of the packet consisting of data. It is known that some
systems will react in an unpredictable fashion when receiving oversized IP packets.
Reports indicate a range of reactions including crashing, freezing, and rebooting.
Source Code/Pseudo Code
Most operating systems come with a version of ping as part of the standard
operating system. Based on this fact, it is very easy to perform an attack using this
program because all the tools needed are already installed by default. For example, from
a Windows machine, an attacker would open up a DOS window and issue this command:
Ping -l 65527 [followed by the IP address of the victims machine]
Flow Chart of DOS attack prevention
Suraparaju V (2019) Flow chart for proposed DDoS attack mitigation algorithm.
How to Protect Against DOS attacks
DOS attacks are difficult to protect against because we can never totally eliminate
the threat. If we are connected to the Internet, there is always a chance that an attacker
may send too much data than we are not able to process. (Chapple, Stewart and Gibson,
2018 p 928-929) explain that they exist Countermeasures and safeguards against these
attacks:
Add firewalls, routers, and intrusion detection systems (IDSs) that detect DoS
traffic and automatically block the port or filter out packets based on the source
or destination address.
Maintain good contact with your service provider in order to request filtering
services when a DoS occurs.
Disable echo replies on external systems.
Disable broadcast features on border systems.
Block spoofed packets from entering or leaving your network.
Keep all systems patched with the most current security updates from vendors.
Consider commercial DoS protection/response services like CloudFlare’s DDoS
mitigation or Prolexic. These can be expensive, but they are often effective.
Brute Force and Dictionary
Brute force
Cole, E., Krutz, R. and Conley, J. (2009 p. 134) Explain that Brute-force password
guessing means using a random approach by trying different passwords and hoping at
one works. Some logic can be applied by trying passwords related to the person’s name,
job title, hobbies, or similar items.
Dictionary attack
Cole, E., Krutz, R. and Conley, J. (2009 p 134) Describe that A dictionary attack is
one in which a dictionary of common passwords is used in an attempt to gain access to a
user’s computer and network. One approach is to copy an encrypted file that contains
the passwords and, applying the same encryption to a dictionary of commonly used
passwords, compare the results. This type of attack can be automated.
Brute force attacks occur in the early stages of the cyber kill chain, typically during
the reconnaissance and infiltration stages. Attackers need access or points of entry into
their targets, and brute force techniques are a “set it and forget it” method of gaining
that access. Once they have entry into the network, attackers can use brute force
techniques to escalate their privileges or to run encryption downgrade attacks.
Ip Spoofing
Email Spoofing
Web Spoofing
Non-technical Spoofing
ARP Spoofing
DNS Spoofing
Man in the middle
There are various types of spoofing, each with various levels of difficulty. In its
most basic form, an attacker alters his identity so that someone thinks he is someone
else. We will explain one of these attacks.
Man in the midle attack
Cole, Krutz and Conley, (2009 p 130) state that A man-in-the-middle attack
involves attackers injecting themselves in the middle of communications — for example,
attacker A, substituting his or her public key for that of another person, P. Then, anyone
wanting to send an encrypted message to P using P’s public key is unknowingly using A’s
public key. Therefore, A can read the message intended for P. A can then send the
message on to P, encrypted in P’s real public key, and P will never be the wiser
Security Awareness
Cole, E., Krutz, R. and Conley, J. (2009 p. 77) remarks that In terms of validating
and making people aware of the policy, three core pieces go together:
Cole, E., Krutz, R. and Conley, . Network security bible. 2nd ed. Indianapolis, Ind.: Wiley
Pub.
Cole, E. (2002). Hackers beware. 1st ed. Indianapolis, Ind.: New Riders
Chapple, M., Stewart, J. and Gibson, D. (2018). (ISC)2 CISSP Certified Information
Systems Security Professional Official Study Guide. 8th ed. Hoboken: John Wiley &
Sons, p.927.
Maymi, F. (2018). CISSP All-In-One Exam Guide, Eighth Edition. 8th ed. New York:
McGraw-Hill Education
PETTERS, J. (2018). What is a Brute Force Attack? Definition | Varonis. [online] Inside
Out Security. Available at: https://www.varonis.com/blog/brute-force-attack/
[Accessed 29 Sep. 2019].