CYBER SECURITY

WHAT IS CYBER SECURITY?

             Cyber security also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

WHY IS CYBER SECURITY IMPORTANT?

            Governments military corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security. 

During a Senate hearing in March 2013, the nation's top intelligence officials warned that cyber attacks and digital spying are the top threat to national security, eclipsing terrorism.

CYBER-SAFETY ACTION-

1. INSTALL OS/SOFTWARE UPDATES.

2. RUN ANTIVIRUS SOFTWARE.

3.PREVENT IDENTITY THEFT.

4.TURN ON PERSONAL FIREWALL.

5.AVOID SPYWARE/ADWARE.

6.PROTECT PASSWORD.

ATTACK SOURCES?

ACTIVE V.S PASSIVE

                  Active involves writing data to the network. It is common to disguise

  one’s address and conceal the identity of the traffic sender. 

                 Passive involves only reading data on the network. Its purpose is breach

of confidentiality. This is possible if: 

•  Attacker has gained control of a host in the communication path between two victim

machines. 

•  Attacker has compromised the routing infrastructure to arrange the traffic pass through

   a compromised machine.  

SESSION HIJACKING-

•     Exploitation of a valid computer session, to gain
   unauthorized access to information or services in a 
   computer system. 
•    Theft of a “magic cookie” used to authenticate a user to a 
   remote server (for web developers)
•  Four methods: 
–  Session fixation – attacker sets a user’s session id to one known to
him, for example by sending the user an email with a link that
contains a particular session id. 
–  Session sidejacking – attacker uses packet sniffing to read network
traffic between two parties to steal the session cookie. 

DENIAL OF SERVICE(DoS) ATTACKS-

•  Attempt to make a machine or network resource unavailable to
its intended users. 
•  Purpose is to temporarily or indefinitely interrupt or suspend
services of a host connected to the Internet. 
•  Methods to carry out this attack may vary. 
–  Saturating the target with external communications requests (such that it
can’t respond to legitimate traffic) – SERVER OVERLOAD. 
–  May include malware to max out target resources (such as CPU), trigger
errors, or crash the operating system. 
•  DDoS attacks are more dynamic and comes from a broader
range of attackers. 
•  Examples: SYN flooding, Smurf attacks, Starvation.
•  Can be used as a redirection and reconnaissance technique.

OVERVIEW OF ATTACKS?

•  Attacks in Different Layers
•  Security Technologies
•  Link-Layer Security
•  Network Layer Security
•  Transport Layer Security
•  Application Layer Security

LAYER 2 ATTACKS-

      •  ARP Spoofing

      •  MAC attacks 

      •  DHCP attacks

      •  VLAN hopping 

MAC FLOODING-

•  Exploits the limitation of all switches – fixed CAM table size
•  CAM = Content Addressable memory = stores info on the
mapping of individual MAC addresses to physical ports on
the switch.

DHCP ATTACKS-

•  DHCP Starvation Attack
–  Broadcasting vast number of DHCP requests with spoofed MAC
address simultaneously.
–  DoS attack using DHCP leases
•  Rogue DHCP Server Attacks

DHCP ATTACK TYPE-

         •  Solution: enable DHCP snooping

ip dhcp snooping (enable dhcp snooping globally)
ip dhcp snooping vlan <vlan-id> (for specific vlans)
ip dhcp snooping trust 
ip dhcp snooping limit rate <rate>

LAYER 3 ATTACKS-

•  ICMP Ping Flood.
•  ICMP Smurf.
•  Ping of death.

ROUTING ATTACKS-

•  Attempt to poison the routing information
•  Distance Vector Routing
–  Announce 0 distance to all other nodes
•  Blackhole traffic
•  Eavesdrop
•  Link State Routing
–  Can drop links randomly
–  Can claim direct link to any other routers
–  A bit harder to attack than DV
•  BGP attacks
–  ASes can announce arbitrary prefix
–  ASes can alter path

TCP ATTACKS-

•  SYN Flood – occurs when an attacker sends SYN requests
in succession to a target.
•  Causes a host to retain enough state for bogus halfconnections
such

that 

there 

are 

no 

resources 

left 

to 

establish 

new 

legitimate

connections.

APPLICATION LAYER ATTACKS- 

•  Scripting vulnerabilities

•  Cookie poisoning 

•  Buffer overflow

•  Hidden field manipulation

•  Parameter tampering

•  Cross-site scripting

•  SQL injection 

WIRELESS ATTACKERS-

•  WEP – first security mechanism for 802.11 wireless

   networks 

•  Weaknesses in this protocol were discovered by Fluhrer,

   Mantin and Shamir, whose attacks became known as “FMS

   attacks” 

•  Tools were developed to automate WEP cracking

•  Chopping attack were released to crack WEP more 

   effectively and faster

PASSWORD CRACKING- 

•  Dictionary attacks 

–  Guessing passwords using a file of 1 M possible password values 

•  Ordinary words and people’s names 

–  Offline dictionary attack when the entire password file has been attacked 

–  Use random characters as password with varying upper and lower

case, numbers, and symbols 

•  Brute-force attacks 

–  Checking all possible values until it has been found

–  The resource needed to perform this attack grows exponentially while 

    increasing the key size 

•  Social engineering