Chapter 14: Network Threats and

Mitigation
• Click to edit Master subtitle
Instructor: style
 Chapter 14 Objectives
• The Following CompTIA Network+ Exam Objectives
Are Covered in This Chapter:
• 2.5 Given a scenario, install and apply patches and
updates
• • OS updates
• • Firmware updates
• • Driver updates
• • Feature changes/updates
• • Major vs minor updates
• • Vulnerability patches
• • Upgrading vs downgrading
• o Configuration backup

2
 Chapter 14 Objectives
(Cont)
• 3.2 Compare and contrast common network vulnerabilities and threats
• • Attacks/threats
• o Denial of service
• - Distributed DoS
• Botnet
• Traffic spike
• Coordinated attack
• - Reflective/amplified
• DNS
• NTP
• Smurfing
• - Friendly/unintentional DoS
• - Physical attack
• Permanent DoS
• o ARP cache poisoning
• o Packet/protocol abuse
• o Spoofing

3
 Chapter 14 Objectives
(Cont)
• o Wireless
• - Evil twin
• - Rogue AP
• - War driving
• - War chalking
• - Bluejackng
• - Bluesnarfing
• - WPA/WEP/WPS attacks
• o Brute force
• o Session hijacking
• o Social engineering
• o Man-in-the-middle
• o VLAN hopping
• o Compromised system
• o Effect of malware on the network
• o Insider threat/malicious employee
• o Zero day attacks

4
 Chapter 14 Objectives
(Cont)
• • Vulnerabilities
• o Unnecessary running services
• o Open ports
• o Unpatched/legacy systems
• o Unencrypted channels
• o Clear text credentials
• o TEMPEST/RF emanation
• 3.3 Given a scenario, implement network hardening techniques
• • Anti-malware software:
• o Host-based
• o Cloud/server-based
• o Security policies
• • Disable unneeded network services
• • Wireless security
• o WEP
• o WPA/WPA2

5
 Chapter 14 Objectives
(Cont)
• 4.7 Given a scenario, troubleshoot and resolve common security issues
• • Misconfigured firewall
• • Misconfigured ACLs/applications
• • Malware
• • Denial of service
• • Open/closed ports
• • ICMP related issues
• o Ping of death
• o Unreachable default gateway
• • Unpatched firmware/OSs
• • Malicious users
• o Trusted
• o Untrusted users
• o Packet sniffing
• • Authentication issues
• o TACACS/RADIUS misconfigurations
• o Default passwords/settings
• • Improper access/backdoor access
• • ARP issues
• • Banner grabbing/OUI
• • Domain/local group configurations
• • Jamming

6
 Chapter 14 Objectives
(Cont)
• 3.7 Summarize basic forensic concepts
• • First responder
• • Secure the area
• o Escalate when necessary
• • Document the scene
• • eDiscovery
• • Evidence/data collection
• • Chain of custody
• • Data transport
• • Forensics report
• • Legal hold

7
Recognizing Security Threats

• Viruses are common threats that we hear about all the

time, but, there are many other nasty things out there
as well.
• Bad guys who create threats to a network generally
have one of two purposes in mind:
– destruction
– reconnaissance

8
Figure 14.1
Figure 14.2
 Denial of Service (DoS)
A denial of service (DoS) attack prevents users
from accessing the network and/or its resources.

• DoS attacks come in a variety of flavors.

• The Ping of Death

– In a Ping of Death attack, a oversized ICMP packet is
sent to the remote victim flooding the victim’s buffer and
causing the system to reboot or hang helplessly.

11
Denial of Service (DoS)

Attacker
Attacker send ICMP broadcast
To network with false IP address.
Internet

Network overloads victim

with ICMP response.

Victim

12
 Denial of Service (DoS)
Attacker sends
multiple SYN
requests to a
Web server.
Web server sends
SYN-ACK replies.

Web Server

Valid user sends

? Web server waits
to complete three-
Web Server Way handshake.
SYN request.

Web server is
unavailable.
Web Server

SYN Flood

13
 Distributed Denial of Service
(DDoS)
• Tribe Flood Network (TFN)
Tribe Flood Network 2000 (TFN2K)
– More complex assaults which initiate synchronized
DoS attacks from multiple sources and can target
multiple devices.
– Uses Zombies to carry out the attack
– Called distributed denial of service (DDos) attacks.
– Make use of IP spoofing.

14
Figure 14.5
Figure 14.6
Figure 14.7
 Viruses
• Viruses typically have catchy names like Chernobyl,
Michelangelo, Melissa, I Love You, and Love Bug
• Receive a lot of media coverage as they proliferate and cause
damage to a large number of people.
• Viruses are little programs causing a variety of bad things to
happen on your computer ranging from merely annoying to
totally devastating.
• They can display a message, delete files, or even send out
huge amounts of meaningless data over a network to block
legitimate messages.

18
 Viruses
• A key trait of viruses is Virus
that they can’t
replicate themselves to
other computers or
systems without a user
doing something like
opening an executable Virus
attachment in an email Virus
to propagate them. Virus

Virus

• There are several different kinds of viruses, but the most popular
ones are file viruses, macro (data file) viruses, and boot-sector
19
viruses.
 Viruses
• Multipartite Viruses
– A multipartite virus is one that affects both the boot
sector and files on your computer, making such a
virus particularly dangerous and exasperatingly
difficult to remove.

Memory

Multipartite
Virus

Disk Files

Boot Sector
20
 Wireless Threats
• War Driving
• War Driving
• WEP Cracking
• WPA Cracking
• Rogue Access Points
• Evil Twin

21
Attackers and Their Tools
• IP Spoofing-
– process of sending packets with a fake source address
• Application-Layer Attacks
– Application-layer attacks focus on well-known holes in
software that’s running on our servers.
• Active-X Attacks
– Attacks your computer through ActiveX and Java programs
(applets).
• Autorooters
– Autorooters are a kind of hacker automaton. Hackers use
something called a rootkit to probe, scan, and then capture
data on a strategically positioned computer.
• Backdoors
– Backdoors are simply paths leading into a computer or
network.
• Network Reconnaissance
– Attackers gather all the information they can about it, because
the more they know about the network, the better they can
compromise it.
22
 Attackers and Their Tools
• Packet Sniffers
– A network adapter card is set to promiscuous mode so it will receive all
packets from the network’s Physical layer to gather highly valuable sensitive
data.
• Password Attacks
– Password attacks are used discover user passwords so the thief can pretend
they’re a valid user and then access that user’s privileges and resources.
• Brute-Force Attacks
– A brute-force attack is another software-oriented attack that employs a
program running on a targeted network trying to log in to some type of
shared network resource like a server.
• Port-Redirection Attacks
– A port-redirection attack requires a host machine the hacker has broken into
uses to get traffic into a network which wouldn’t be allowed passage through
a firewall.
• Trust-Exploitation Attacks
– Uses a trust relationship inside your network making the servers really
vulnerable because they’re all on the same segment.

23
 Attackers and Their Tools
• Man-in-the-Middle Attacks
– A man-in-the-middle attack happens when someone intercepts
packets intended for one computer and reads the data.
– A common guilty party could be someone working for your very
own ISP using a packet sniffer and augmenting it with routing
and transport protocols.
– Rogue ATM machines and even credit-card swipers are tools
also increasingly used for this type of attack.

Client Man in the Middle Server

24
 Attackers and Their Tools
• IP Spoofing Protection
A hacker attempting an IP spoof and the spoofed IP
address being denied access to the network by the
firewall

25
 Attackers and Their Tools
• Rogue Access Points
– Properly securing a wireless network has become a critical task for most
network administrators.
– With a wired network, you know where the cables start and stop; but with
a wireless network, you don’t.
– A rogue access point is one that’s been installed on a network without the
administrator’s knowledge.
– These can be unintentional—when a user innocently plugs a wireless
router or wireless access point in to the end of a network cable in your
building it is clearly unsecured.
– Rogue access points are very useful to someone who wants to set up a
man-in-the-middle attack.
• Social Engineering (Phishing)
– Hackers are more sophisticated today, they just asked the network’s
users for it.
– Social engineering, or phishing is the act of attempting to obtain sensitive
information by pretending to be a credible source.
– Common phishing tactics include emails, phone calls, or even starting up
a conversation in person.

26
 Understanding Mitigation
Techniques
• Active Detection
– Software that searches for hackers attempting known
attack methods and scans for the kind of suspicious
activity.
• Passive Detection
– Video cameras are a good example of passive intrusion-
detection systems.
• Proactive Defense
– A proactive defense is something you do or implement to
ensure that your network is impenetrable.

27
Policies and Procedures
• Security Policies
– Security Audit
– Clean-Desk Policy
– Recording Equipment
– DMZ DMZ

Web Servers

Internet

Firewall

28
Private
 Patches and Upgrades
• Automatic Updates through Windows Update
– It’s really easy to get updates for Windows-based operating
systems through Windows Update
– If you need to get more information: www.microsoft.com

29
 Antivirus Components

A typical antivirus program consists of

two components:

• The definition files

• The engine

30
 Antivirus Maintenance
•

• Upgrade (keep current) your Antivirus

Engine
• Updating the Antivirus Definition Files
• Scanning for Viruses Regularly
• Fix Infected Computers

31
 Summary

• Summary
• Exam Essentials Section
• Written Labs
• Review Questions

32