class it - enemy inside the wire
DESCRIPTION
TRANSCRIPT
![Page 1: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/1.jpg)
Enemy inside the wire
![Page 2: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/2.jpg)
- “Head in the sand”
- Atitudine proactiva
Securitate inside,
este nevoie?
![Page 3: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/3.jpg)
Outside
Inside
![Page 4: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/4.jpg)
Rogue DHCP Server
• Denial of service
• Man-in-the-middle (MIM)
![Page 5: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/5.jpg)
Tehnica de mitigare - DHCP Snooping
Se mentioneaza portul “trusted” catre serverul de DHCP. Toate celelalte porturi sunt untrusted
Se mentine o tabela dinamica a entry-urilor din DHCP.
Baza de date poate fi exportata si vizualizata fara a fi nevoie sa fii logat pe switch
![Page 6: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/6.jpg)
IP Spoofing
Cateodata, pe Internet, o fata pe nume Alice, este de fapt un barbat pe nume Steve!
![Page 7: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/7.jpg)
ARP Spoofing
![Page 8: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/8.jpg)
ARP Spoofing
Atacatorul pacaleste victima prin schimbarea mac-ului Gateway-ului
![Page 9: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/9.jpg)
Man In the Middle
Apare astfel atacul de tip MIM, traficul victimei fiind interceptat de catre atacator
![Page 10: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/10.jpg)
Man In the Middle
Example
Man In the Middle
![Page 11: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/11.jpg)
Tehnici de Mitigare
IP Source guard:Se foloseste tabela de DHCP snooping si se inspecteaza pachetele de catre switch. Daca IP-ul sursa este diferit fata de inregistrarea din DHCP snooping database, traficul este considerat nelegitim si se da drop la pachetul atacatorului
Dynamic ARP inspection:Se foloseste tabela de DHCP snooping si se inspecteaza pachetele de catre switch. Daca MAC-ul sursa din pachet este diferit fata de inregistrarea din DHCP snooping database, traficul este considerat nelegitim si se da drop la pachetul atacatorului
![Page 12: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/12.jpg)
Userul care se conecteaza la retea este legitim?
![Page 13: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/13.jpg)
802.1x Autentificare pe portul de
retea
Accesul la reteaua interna se poate face pe baza unei baze de date(RADIUS, LDAP) care poate folosi utilizatorii din Active DirectoryPortul de retea este pus initial intr-o stare “Unauthorized ”. Dupa autentificarea utilizatorului portul de retea este trecut in starea Autorizata, si doar atunci traficul este allowed.
![Page 14: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/14.jpg)
Concluzii
Reteaua interna este mult mai vulnerabila la atacuri
Pagubele pot fi foarte mari
Un atac intern poate fi oprit mult mai greu odata ce a fost inceput
Se pot fura date fara ca userul/administratorul sa stie
“Head in the sand” este doar temporar
![Page 15: Class IT - Enemy inside the wire](https://reader034.vdocuments.us/reader034/viewer/2022051818/54ba89624a795961088b45fa/html5/thumbnails/15.jpg)
Georgian Dumitrache
Class IT Outsourcing
Senior Network Administrator
+40 723 363 760