pace it - threats & vulnerabilities mitigation
TRANSCRIPT
Threats, vulnerabilities, and mitigation.
Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.
Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
Brian K. Ferrill, M.B.A.
Page 3
Threats, vulnerabilities, and mitigation.PACE-IT.
– Threats and vulnerabilities.
– Mitigation techniques.
Page 4
Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.
Page 5
Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.
– War driving/war chalking.» The practice of attempting to sniff out unprotected or
minimally protected wireless networks.» Wireless networks are vulnerable just due to the fact
that they need to broadcast over the air.
– WEP cracking/WPA cracking.» The use of a packet sniffer to capture the password or
preshared key on a wireless network.» Wired Equivalent Privacy (WEP) can be cracked in
minutes; WiFi Protected Access (WPA) cracking will take hours, but it can still be cracked.
– Rogue access point attack.» An unauthorized wireless access point (WAP) that gets
installed on the network.» The biggest culprits are the end users; they install their
own WAP for convenience and don’t properly secure it.» This opens a vulnerability in your network.
Page 6
Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.
– Evil twin attack.» A type of rogue access point attack.» A WAP is installed and configured with a service set
identifier (SSID) that is very similar to the authorized version.
» As users access the twin, their key strokes are captured in the hopes of gaining sensitive information.
» Can also be considered a type of wireless phishing attack.
– Denial-of-service/distributed denial-of-service (DoS/DDoS) attack.
» The attacker is only concerned with bringing the network down.
» The attacker attempts to flood the network with requests that need to be dealt with.
» The hope is that the network will be so busy with bogus requests that legitimate traffic is halted.
» DDoS is when multiple attacking hosts are used; often these attacking hosts (zombies) are part of a botnet. Often, these zombies don’t even know they are taking part in the attack.
Page 7
Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.
– Smurf attack.» A type of DoS/DDoS attack.» A repeating Internet Control Message Protocol (ICMP)
echo request is sent to the network. » The requesting IP address has been spoofed to be that
of the intended victim.» As host machines on the network respond, traffic is
slowed down and maybe even halted.
– Man-in-the-middle attack.» Occurs when an attacker inserts himself/herself into a
“conversation” between two others.» All of the traffic flows past this “man in the middle.”» The attacker is seeking to gain sensitive information.» Roque access points and switches can be used for
man-in-the-middle attacks.» A NIC set to promiscuous mode can be used for a
man-in-the-middle attack.
Page 8
Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.
– Buffer overflow.» Occurs when a program or application writing to
memory overflows or overruns the buffer and starts writing to the adjacent memory space.
» May be the result of a malicious attack or poorly written code.
» When it occurs, a system crash may happen or a breech may occur.
– Packet sniffing.» Examining network traffic at a very basic and
fundamental level.» The packets flowing across a network are
captured and examined and may reveal sensitive information.
» While packet sniffers may be used as a tool to improve network performance, they may also be used to reveal network vulnerabilities to an attacker.
Page 9
Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.
– FTP bounce.» An attacker runs the “port” command on an FTP
server to find any open ports.» Modern FTP servers now block this attack.
– Virus.» A program that has two jobs—to replicate and to
activate.» Requires a host program, a host machine, and
user action to spread.» Viruses only affect drives (e.g., hard drives, USB
drives).» Often contains a destructive payload.
– Worm.» Similar to a virus, but it replicates itself across a
network without user action.» It doesn’t need a host file in order to operate.» Worms will replicate themselves across networks,
creating havoc.
Page 10
Social engineering is probably the largest threat facing the network administrator.
Social engineering is the process of manipulating users into revealing information or into doing things that should not be done. It can be done in multiple ways—in person or over the phone. Phishing, where an attacker poses as a trusted site, is an example of social engineering.
Threats and vulnerabilities.Threats, vulnerabilities, and mitigation.
Page 11
Mitigation techniques.Threats, vulnerabilities, and mitigation.
Page 12
Mitigation techniques.Threats, vulnerabilities, and mitigation.
– Training and awareness.» Security training is not a “one and done” process,
it needs to be continuous in nature. » Training may be formal and documented, but
informal training is also very effective.» Help the users gain the knowledge needed to
assist you in protecting the network.
– Policies and procedures.» Implementing strong security policies and
procedures goes a long way toward protecting your network.
– Patch management.» Effective patch management will help to ensure
that your systems remain up to date.» This reduces the vulnerability of a network by
decreasing the attack surfaces that are available.
Page 13
Your incident response can also help to protect against future attacks.
When responding to a network attack, be sure to document everything. This will give you a record of events that you can review and look at for patterns. If a pattern emerges, you will have found a vulnerability in your system that you can plug to mitigate future attacks.
Mitigation techniques.Threats, vulnerabilities, and mitigation.
Page 14
What was covered.Threats, vulnerabilities, and mitigation.
Systems by their very complexity make them vulnerable to exploitation. Every system can be exploited through a variety of methods. Because it involves communication over the air, a wireless network is inherently less secure than a wired network.
Topic
Threats and vulnerabilities.
Summary
Training and awareness are your primary tools in mitigating threats and vulnerabilities. Other key mitigation techniques include: patch management, policies and procedures, and finally your incident response.
Mitigation techniques.
Page 15
THANK YOU!
This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.