Network Security Group 1: Jake Desmond Kaidi Chen Andrew Grant ARP Poisoning What is ARP ? ARP( Address Resolution Protocol): is a protocol used by the Internet Protocol, to map IP network addresses to the hardware addresses used by a data link protocol.
How does ARP work? ARP Poisoning ARP Poisoning:. LAN specific cyber attack This attack is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines ARP Poisoning (Continued) Routers serve as borders for both collision and broadcast domains
Tips to prevent ARP poisoning : Use Static ARP Use ARP-Spoofing Proof Switches
Use Virtual Private Networks Also known as ARP Spoofing DSN Spoofing What is DNS? DNS (Domain Name Server):is a protocol within the set of standards for how computers exchange data on the Internet and on many private networks, known as the TCP/IP protocol suite. "www.kennesaw.edu" into
an Internet Protocol (IP) address like 184.108.40.206 DNS Spoofing DNS Spoofing A type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of
the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server Types of DNS Spoofing Spoofing the DNS responses : Every DNS request have an associated 16 bit query ID, if the attacker could guess the way DNS generate its query ID he (the attacker) can send fake responses with a lie about the ip address of the queried host. DNS cache poisoning : sending a dns server incorrect mapping information with high TTL value to save the
faulty record in the DNS cache for a longer period of time , so that next time the server is queried it will reply with the incorrect information. Breaking into the platform: the attacker could break into the platform running DNS using attacks like Buffer overflows or any other attacks to gain root access the attacker will have full control over the network. SQL Injection What is SQL Injection?
SQL injection is a code injection technique. It uses SQL statements instead of normal user inputs for some malicious executions on web application. The commonly approach is by Web request and forms submission. A simple example... ID
sql = SELECT * FROM Users WHERE User = + uName + AND Passwor = + uPass database.execute(sql) Def Ghi
SELECT * FROM Users WHERE User =Jake AND Password = 123 SELECT * FROM Users WHERE User =Kaidi AND Password = 123; DROP TABLE Users Types of SQL injection In-band SQL injection The most common and easy-to-exploit attacks. In this, an attacker is able to use the same communication channel to both launch the attack and gather results. 1. Error-based SQLi It relies on error messages thrown by the database server to obtain
information about the structure of the database. 2. Union-based SQLi It uses the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response. Types of SQL injection Inferential SQL injection (Blind SQL injection) No data will be transferred via the web application. An attacker needs to reconstruct the database structure by sending payloads, observing the response and the resulting behavior.
1. Boolean-based (content-based) Blind SQLi It relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE. 2. Time-based Blind SQLi It relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. Types of SQL injection Out-of-band SQLi
This is not very common, mostly because it depends on some abilities of the database server which are used for Web application. For example, Microsoft SQL Server xp_dirtree command, which can be used to make DNS requests to a server by an attacker. How to prevent SQL injection? Avoid from code Hide
Encode values in forms submission and web request. Validate Check the type and format of inputs on Server side. Filter special symbol. PreparedState ment
bind variables as parameters in functions instead of operating SQL strings. How to prevent SQL injection? Avoid from design privileges
Limit functions in user accessing. Encrypt Encrypt sensitive data Store Do not store sensitive data if dont need it
Cross-Site Request Forgery What I will cover about Cross-Site Request Forgery What is CSRF? Requirements for a successful CSRF Attack How to Program Your Own CSRF Attack Limitations of CSRF Attacks Security Protocols for Defence against CSRF What is Cross-Site Request Forgery?
A type of network attack that targets end user accounts of web applications Must be authenticated at some level Example: Online bank account Relies on a vulnerability in the targeted web application Attacker can perform security-sensitive actions as if they were the user Security-Sensitive Actions: Edit Document Logout
Requirements for a Successful CSRF Attack Part 1: Creation of malicious website Creation of malicious website Must be publicly accessible Code capable of submitting requests is added User of targeted web application visits malicious site User must be logged in to the web application The code contained on the malicious website will automatically
Requirements for a Successful CSRF Attack Part 2: Social Engineering In general, this refers to the use of psychological manipulation of a victim by an assailant. Good example is the bail money phone scam In the case of Cross-Site Request Forgery: Assailant must deceive a user who is logged in to the target website to access their malicious web application Done through hyperlinks shared in email or internet forums
Visual Representation of CSRF Programming Your Very Own CSRF Attack Code for a website that contains a link to a CSRF attack: *This is a fully functional CSRF attack *But there are a few problems with it: Not very deceitful Placement of the link
Obscure website Limitations of CSRF (Excluding Security Protocols) Incapable of data theft Can only carry out state-changing requests like transferring funds Cannot retrieve a users username and password Functionality of attack is limited by targeted users security clearance Cannot generate requests that the target websites security has not granted the target user Ramifications of attack can vary greatly depending on who the user is (Example of admin vs restricted bank users)
Security Protocols for Defence against CSRF CSRF attacks are easy to defend against if web designers are conscious of them Origin and Referer headers within the HTTP protocol packet can be used to neutralize CSRF attacks These two headers are Forbidden Headers Can compare dst of servers
message to origin If CSRV is so easy to defend against, why is it relevant? CSRV is one of the lesser-known internet attacks Many web programmers are not aware of them Even less end users are aware of them If web programmer is not aware, they will not defend Why is his face covered? References
Fleck, Bob, and Jordan Dimov. "Wireless access points and arp poisoning." Online document (2001). https://www.giac.org/paper/gcih/364/dns-spoofing-attack/103863 https://www.incapsula.com/images/illustrations/web-app-security-mini-site/csrf-cross-site-request-forgery.png http://scraping.pro/res/http/post_headers.jpg http://images.mid-day.com/2013/mar/2903comp.jpg https://www.slideshare.net/danielmiessler/understanding-csrf https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
The superiority of a reduction approach was observed. mainly reduction with local strategies (rdl) that converged at the lowest number of iterations. In complex cases (case 4 for example) reduction and subdivision methods with preconditioning (sbds, rdl, rds) have better...
PowerPoint ® Lecture Presentations prepared by ... Sine waves. S-shaped curves. Figure 17-29a The Nature of Sound. Wavelength. Tuning. fork. Air molecules. Tympanic. membrane. Sound waves (here, generated by a . tuning fork) travel through the air as. pressure waves.
Gonadotropin-Releasing Hormone. Something of a "master" hormone, according to the textbook "Human Physiology," Gonadotropin-Releasing Hormone (GnRH) is a tropic hormone produced by a part of the brain called the hypothalamus.
According to Chaos Report across all the project sizes agile approach resulted in more successful projects and less failures. All the sizes "Agile" projects success rate is 39% and all sized "waterfall" projects success rate is 11%.
**AKO and Enterprise will block the sight if you just click on it** ... To view your Solider profile click on the profile icon. Solider profile will appear . To view your Soldier logbook click on the logbook icon. View,...
Ready to download the document? Go ahead and hit continue!