Network Security - Kennesaw State University

Network Security - Kennesaw State University

Network Security Group 1: Jake Desmond Kaidi Chen Andrew Grant ARP Poisoning What is ARP ? ARP( Address Resolution Protocol): is a protocol used by the Internet Protocol, to map IP network addresses to the hardware addresses used by a data link protocol.

How does ARP work? ARP Poisoning ARP Poisoning:. LAN specific cyber attack This attack is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines ARP Poisoning (Continued) Routers serve as borders for both collision and broadcast domains

Tips to prevent ARP poisoning : Use Static ARP Use ARP-Spoofing Proof Switches

Use Virtual Private Networks Also known as ARP Spoofing DSN Spoofing What is DNS? DNS (Domain Name Server):is a protocol within the set of standards for how computers exchange data on the Internet and on many private networks, known as the TCP/IP protocol suite. "" into

an Internet Protocol (IP) address like DNS Spoofing DNS Spoofing A type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of

the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server Types of DNS Spoofing Spoofing the DNS responses : Every DNS request have an associated 16 bit query ID, if the attacker could guess the way DNS generate its query ID he (the attacker) can send fake responses with a lie about the ip address of the queried host. DNS cache poisoning : sending a dns server incorrect mapping information with high TTL value to save the

faulty record in the DNS cache for a longer period of time , so that next time the server is queried it will reply with the incorrect information. Breaking into the platform: the attacker could break into the platform running DNS using attacks like Buffer overflows or any other attacks to gain root access the attacker will have full control over the network. SQL Injection What is SQL Injection?

SQL injection is a code injection technique. It uses SQL statements instead of normal user inputs for some malicious executions on web application. The commonly approach is by Web request and forms submission. A simple example... ID

User Passwor d Info. 1 Jake

123 Abc 2 Kaidi 123 uName = getRequestString(user"); 3 Andrew 123 uPass = getRequestString(pas");

sql = SELECT * FROM Users WHERE User = + uName + AND Passwor = + uPass database.execute(sql) Def Ghi

SELECT * FROM Users WHERE User =Jake AND Password = 123 SELECT * FROM Users WHERE User =Kaidi AND Password = 123; DROP TABLE Users Types of SQL injection In-band SQL injection The most common and easy-to-exploit attacks. In this, an attacker is able to use the same communication channel to both launch the attack and gather results. 1. Error-based SQLi It relies on error messages thrown by the database server to obtain

information about the structure of the database. 2. Union-based SQLi It uses the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response. Types of SQL injection Inferential SQL injection (Blind SQL injection) No data will be transferred via the web application. An attacker needs to reconstruct the database structure by sending payloads, observing the response and the resulting behavior.

1. Boolean-based (content-based) Blind SQLi It relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE. 2. Time-based Blind SQLi It relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. Types of SQL injection Out-of-band SQLi

This is not very common, mostly because it depends on some abilities of the database server which are used for Web application. For example, Microsoft SQL Server xp_dirtree command, which can be used to make DNS requests to a server by an attacker. How to prevent SQL injection? Avoid from code Hide

Encode values in forms submission and web request. Validate Check the type and format of inputs on Server side. Filter special symbol. PreparedState ment

bind variables as parameters in functions instead of operating SQL strings. How to prevent SQL injection? Avoid from design privileges

Limit functions in user accessing. Encrypt Encrypt sensitive data Store Do not store sensitive data if dont need it

Cross-Site Request Forgery What I will cover about Cross-Site Request Forgery What is CSRF? Requirements for a successful CSRF Attack How to Program Your Own CSRF Attack Limitations of CSRF Attacks Security Protocols for Defence against CSRF What is Cross-Site Request Forgery?

A type of network attack that targets end user accounts of web applications Must be authenticated at some level Example: Online bank account Relies on a vulnerability in the targeted web application Attacker can perform security-sensitive actions as if they were the user Security-Sensitive Actions: Edit Document Logout

Requirements for a Successful CSRF Attack Part 1: Creation of malicious website Creation of malicious website Must be publicly accessible Code capable of submitting requests is added User of targeted web application visits malicious site User must be logged in to the web application The code contained on the malicious website will automatically

Requirements for a Successful CSRF Attack Part 2: Social Engineering In general, this refers to the use of psychological manipulation of a victim by an assailant. Good example is the bail money phone scam In the case of Cross-Site Request Forgery: Assailant must deceive a user who is logged in to the target website to access their malicious web application Done through hyperlinks shared in email or internet forums

Visual Representation of CSRF Programming Your Very Own CSRF Attack Code for a website that contains a link to a CSRF attack: *This is a fully functional CSRF attack *But there are a few problems with it: Not very deceitful Placement of the link

Obscure website Limitations of CSRF (Excluding Security Protocols) Incapable of data theft Can only carry out state-changing requests like transferring funds Cannot retrieve a users username and password Functionality of attack is limited by targeted users security clearance Cannot generate requests that the target websites security has not granted the target user Ramifications of attack can vary greatly depending on who the user is (Example of admin vs restricted bank users)

Security Protocols for Defence against CSRF CSRF attacks are easy to defend against if web designers are conscious of them Origin and Referer headers within the HTTP protocol packet can be used to neutralize CSRF attacks These two headers are Forbidden Headers Can compare dst of servers

message to origin If CSRV is so easy to defend against, why is it relevant? CSRV is one of the lesser-known internet attacks Many web programmers are not aware of them Even less end users are aware of them If web programmer is not aware, they will not defend Why is his face covered? References

Fleck, Bob, and Jordan Dimov. "Wireless access points and arp poisoning." Online document (2001).

Recently Viewed Presentations

  • อาการภายหลังได้รับการสร้างเสริมภูมิคุ้มกันโรค


    การที่ร่างกาย (Memory cell) สามารถจดจำแอนติเจนที่ได้รับเข้าไปครั้งแรกได้ ดังนั้นถ้าผู้มารับบริการมารับวัคซีนล่าช้ากว่ากำหนด จึงไม่จำเป็นต้อง ...
  • Subdivision methods for solving polynomial equations

    Subdivision methods for solving polynomial equations

    The superiority of a reduction approach was observed. mainly reduction with local strategies (rdl) that converged at the lowest number of iterations. In complex cases (case 4 for example) reduction and subdivision methods with preconditioning (sbds, rdl, rds) have better...
  • 17 The Special Senses PowerPoint Lecture Presentations prepared

    17 The Special Senses PowerPoint Lecture Presentations prepared

    PowerPoint ® Lecture Presentations prepared by ... Sine waves. S-shaped curves. Figure 17-29a The Nature of Sound. Wavelength. Tuning. fork. Air molecules. Tympanic. membrane. Sound waves (here, generated by a . tuning fork) travel through the air as. pressure waves.
  • 4th Edition: Chapter 1

    4th Edition: Chapter 1

    CMPE 252A : Computer Networks Chen Qian Computer Science and Engineering UCSC Baskin Engineering * Jupiter Rising: A Decade of Clos Topologies and Centralized Control in Google's Datacenter Network Arjun Singh, Joon Ong, Amit Agarwal, Glen Anderson, Ashby Armistead, Roy...
  • Menstrual cycle lab and graphs - Seymour Middle School

    Menstrual cycle lab and graphs - Seymour Middle School

    Gonadotropin-Releasing Hormone. Something of a "master" hormone, according to the textbook "Human Physiology," Gonadotropin-Releasing Hormone (GnRH) is a tropic hormone produced by a part of the brain called the hypothalamus.
  • Solar Radiation

    Solar Radiation

    Chapter 24 B: DESIGN FOR ENERGY EFFICIENCY Agami Reddy (rev May 2017) 7. Energy use in U.S. and ongoing efforts by government 8. Energy benchmarking and rating
  • Title: A Case Study on PPL 's Journey to Agile Transition

    Title: A Case Study on PPL 's Journey to Agile Transition

    According to Chaos Report across all the project sizes agile approach resulted in more successful projects and less failures. All the sizes "Agile" projects success rate is 39% and all sized "waterfall" projects success rate is 11%.
  • 92G Credentialing Program & American Culinary Federation Apprenticeship

    92G Credentialing Program & American Culinary Federation Apprenticeship

    **AKO and Enterprise will block the sight if you just click on it** ... To view your Solider profile click on the profile icon. Solider profile will appear . To view your Soldier logbook click on the logbook icon. View,...