Howard Hudson - Week 11 - Awareness Helps Protect Against Attacks

Numerous threats will cause damage to a network. Devices, storage units, and the network itself are vulnerable to hackers. The initial attack can begin from any one of those three points. Dangers range from insider threats and poor access controls to unmanaged applications and viruses from outside the network.

One example of poor system security is “overlooked” system updates for software on your systems, which creates a weak point for hackers to access. It’s smarter to install patches on your systems than to risk leaving know (and unknown) vulnerabilities open for attack. Some of the specific threats include phishing, man in the middle, session hijacking, brute force, spoofing, de-authentication, and VLAN hopping

Phishing is just as it sounds. The perpetrator throws the bait (money) in the water (your email) and hopes you bite a bait (click the embedded link).


The man in the middle and session hijacking attacks are similar, but slightly different. The session hijacking scheme is where the perpetrator “listens” specifically for your authentication data and steals it to gain access to a device, database, or website. The man in the middle attack is where a perpetrator pretends to be the access point that you believe is legitimate. The perpetrator then receives all of your traffic and can steal any piece of information that is desirable.

A brute fore attack is exactly as it sounds. The attacker uses every known combination to guess the correct password or authentication in order to unlock and open a secured item such as an email account, database, or port on a network device.

A Spoofing attack is simulator to the man in the middle attack because they both revolve around pretending to be a legitimate entity, but spoofing isn’t focused on the “mediator”, but focused on the trick itself. An attacker can emulate an email account of a business or individual and send out emails (as the network manager, for example) telling everyone to authenticate their credentials.


The de-authentication attack is sneaky as well. Instead of being kicked off an access point because your lease expired, someone uses a legitimate de-authentication packet to maliciously kick you off in hopes that you will connect to the “next best thing”. Personally, I disable auto-connect on all of my devices if it is an option. I also don’t connect to public hotspots/Wi-Fi unless I talk to the person or company that manages it.

VLAN hopping is also a little scary. Essentially, the attacker tries to modify a VLAN by changing it to a trunk link. An article on TechTarget.com explains the VLAN hopping attack. One way an attacker can manipulate a switch is by using it's auto-trunking function, if its enabled, to gain access to other parts of the network. Another method is to send data through one switch to another switch by sending 802.1Q tags (IEEE VLAN standard). The victim switch that receives the malicious 802.1Q tag believes that the frame is intended for it, which is then sent to the victim port.

A good portion of these attacks can be mitigated by paying close attention to key details and ensuring your systems are correctly configured. Just take the extra time to do things right the first time.



Resources

Phifer, L. (2007, March). VLANs -- Controlling wired and wireless traffic. Retrieved February 23, 2019, from https://searchnetworking.techtarget.com/tip/VLANs-Controlling-wired-and-wireless-traffic

Rouse, M. (2005, November). VLAN hopping (virtual local area network hopping). Retrieved February 23, 2019, from https://searchsecurity.techtarget.com/definition/VLAN-hopping

Comments

Post a Comment

Popular posts from this blog

Howard Hudson - Week 3 - IEEE 802.3 Ethernet Frame Standard

Image
Similar to the Ethernet cable, the Ethernet frame has evolved thanks to a focused effort to develop the IEEE 802.3 standard. There were four frame types created (five if you count Ethernet version 1). The standards included Ethernet II (also known as Ethernet 2 and Ethernet DIX), IEEE 802.3, EEE 802.3 + IEEE 802.2 LLC, and IEEE 802 SNAP. However, at the end of the day Ethernet II prevailed. Unfortunately, there are a few points of confusion still floating around the internet regarding the IEEE 802.3 standard because it is not Ethernet per say...it is the IEEE standard.  The first is the structure of the “preamble” and “start of frame”. Second, whether “type”, “length”, or both are used. The third is the use of the “Pad” field. Then again, the Ethernet frame and IEEE 802.3 frame are relatively interchangeable at this point (at the casual conversation level). The Frame  table below is the result of weeding through numerous resources. Frame   7      +     1
Read more

Howard Hudson - Week 4 - IEEE 802.3 Ethernet Cable Standard

Image
In 1991, the original ANSI/EIA/TIA-568 was published. In 1995, ANSI/TIA/EIA-568-A defined the Category 5 cable followed by ANSI/TIA/EIA-568-B.2, which recognized and defined category 5e twisted-pair cable in May 2001.  In August 2009, TIA-568-C.2 identified the requirements for category 3, category 5e, category 6, and category 6A balanced twisted-pair cabling. In November 2017, ISO/IEC 11801 was released which details cabling that support 25GBASE-T applications. T568A and T568B are the two color codes used for wiring 8-position 8-contact/RJ45 modular plugs. Both wire configurations are allowed under the ANSI/TIA/EIA wiring standards.  Whichever one is used, ensure both ends are the same configuration. Category 5e cable is the only version of category 5 cable that is currently used. Category 5e cable and Category 6 cable are the standards for mainstay applications. Category 7 is the new kid on the block with Category 8 following close behind it. https://planetechusa.com/blog/e
Read more

Howard Hudson - Week 7 - TCP/IP Security

Secure communication is very important. I can send an email with “Privacy Act of 1974” in the subject line, but anyone who receives (or intercepts) the email can open it and read it. However, using encryption will protect the email from prying eyes by generating an output that is only legible with decryption. Using encryption does not mean that someone cannot steal your data, but it does mean that it is unreadable unless someone has the code (a key) to decipher the data. There are two encryption types: symmetric and asymmetric. Symmetric encryption uses a single key to encrypt and decrypt data. Asymmetric encryption uses two keys (one private key and one public key); one key is to encrypt and the other is to decrypt. Block cypher and stream cypher are subgroups of encryption. Generally speaking, a block cypher encrypts a block of data whereas a stream cypher encrypts individual bits of data. The table below identifies a few of the encryption types Encryption
Read more