Network Security Group 1 Jake Desmond Kaidi Chen
- Slides: 29
Network Security Group 1: Jake Desmond Kaidi Chen Andrew Grant
ARP Poisoning
What is ARP ? ARP( Address Resolution Protocol): is a protocol used by the Internet Protocol, to map IP network addresses to the hardware addresses used by a data link protocol. How does ARP work?
ARP Poisoning: . LAN specific cyber attack This attack is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines
ARP Poisoning (Continued) ❖Routers serve as borders for both collision and broadcast domains ❖Tips to prevent ARP poisoning : ❖ Use Static ARP ❖ Use ARP-Spoofing Proof Switches ❖ Use Virtual Private Networks Also known as ARP Spoofing
DSN Spoofing
What is DNS? DNS (Domain Name Server): is a protocol within the set of standards for how computers exchange data on the Internet and on many private networks, known as the TCP/IP protocol suite. "www. kennesaw. edu" into an Internet Protocol (IP) address like 70. 42. 251. 42
DNS Spoofing A type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server
Types of DNS Spoofing the DNS responses : Every DNS request have an associated 16 bit query ID, if the attacker could guess the way DNS generate its query ID he (the attacker) can send fake responses with a lie about the ip address of the queried host. DNS cache poisoning : sending a dns server incorrect mapping information with high TTL value to save the faulty record in the DNS cache for a longer period of time , so that next time the server is queried it will reply with the incorrect information. Breaking into the platform: the attacker could break into the platform running DNS using attacks like Buffer overflows or any other attacks to gain root access the attacker will have full control over the network.
SQL Injection
What is SQL Injection? • SQL injection is a code injection technique. It uses SQL statements instead of normal user inputs for some malicious executions on web application. • The commonly approach is by Web request and forms submission.
A simple example. . . ID User Password Info. 1 Jake 123 Abc 2 Kaidi 123 Def u. Name = get. Request. String(“user"); 3 Andrew 123 u. Pass = get. Request. String(“pas"); … … … sql = “SELECT * FROM Users WHERE User =““ + u. Name + “” AND Passwor =“ + u. Pass database. execute(sql) Ghi … SELECT * FROM Users WHERE User =“Jake” AND Password = 123 SELECT * FROM Users WHERE User =“Kaidi” AND Password = 123; DROP TABLE Users
Types of SQL injection ● In-band SQL injection The most common and easy-to-exploit attacks. In this, an attacker is able to use the same communication channel to both launch the attack and gather results. 1. Error-based SQLi It relies on error messages thrown by the database server to obtain information about the structure of the database. 2. Union-based SQLi It uses the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response.
Types of SQL injection ● Inferential SQL injection (Blind SQL injection) No data will be transferred via the web application. An attacker needs to reconstruct the database structure by sending payloads, observing the response and the resulting behavior. 1. Boolean-based (content-based) Blind SQLi It relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE. 2. Time-based Blind SQLi It relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding.
Types of SQL injection ● Out-of-band SQLi This is not very common, mostly because it depends on some abilities of the database server which are used for Web application. For example, Microsoft SQL Server “xp_dirtree” command, which can be used to make DNS requests to a server by an attacker.
How to prevent SQL injection? Avoid from code Hide • Encode values in forms submission and web request. Validate • Check the type and format of inputs on Server side. • Filter special symbol. Prepared. State ment • bind variables as parameters in functions instead of operating SQL strings.
How to prevent SQL injection? Avoid from design privileges • Limit functions in user accessing. Encrypt • Encrypt sensitive data Store • Do not store sensitive data if don’t need it
Cross-Site Request Forgery
What I will cover about Cross-Site Request Forgery What is CSRF? Requirements for a successful CSRF Attack How to Program Your Own CSRF Attack Limitations of CSRF Attacks Security Protocols for Defence against CSRF
What is Cross-Site Request Forgery? A type of network attack that targets end user accounts of web applications Must be authenticated at some level Example: Online bank account Relies on a vulnerability in the targeted web application Attacker can perform security-sensitive actions as if they were the user Security-Sensitive Actions: Edit Document Logout
Requirements for a Successful CSRF Attack Part 1: Creation of malicious website Must be publicly accessible Code capable of submitting requests is added User of targeted web application visits malicious site User must be logged in to the web application The code contained on the malicious website will automatically
Requirements for a Successful CSRF Attack Part 2: Social Engineering In general, this refers to the use of psychological manipulation of a victim by an assailant. Good example is the bail money phone scam In the case of Cross-Site Request Forgery: Assailant must deceive a user who is logged in to the target website to access their malicious web application Done through hyperlinks shared in email or internet forums
Visual Representation of CSRF
Programming Your Very Own CSRF Attack Code for a website that contains a link to a CSRF attack:
*This is a fully functional CSRF attack *But there a few problems with it: ● Not very deceitful ● Placement of the link ○ Obscure website
Limitations of CSRF (Excluding Security Protocols) Incapable of data theft Can only carry out state-changing requests like transferring funds Cannot retrieve a user’s username and password Functionality of attack is limited by targeted user’s security clearance Cannot generate requests that the target website’s security has not granted the target user Ramifications of attack can vary greatly depending on who the user is (Example of admin vs restricted bank users)
Security Protocols for Defence against CSRF attacks are easy to defend against if web designer’s are conscious of them “Origin” and “Referer” headers within the HTTP protocol packet can be used to neutralize CSRF attacks These two headers are Forbidden Headers Can compare dst of server’s message to origin
If CSRV is so easy to defend against, why is it relevant? CSRV is one of the lesser-known internet attacks Many web programmers are not aware of them Even less end users are aware of them If web programmer is not aware, they will not defend Why is his face covered?
References Fleck, Bob, and Jordan Dimov. "Wireless access points and arp poisoning. " Online document (2001). https: //www. giac. org/paper/gcih/364/dns-spoofing-attack/103863 https: //www. incapsula. com/images/illustrations/web-app-security-mini-site/csrf-cross-site-request-forgery. png http: //scraping. pro/res/http/post_headers. jpg http: //images. mid-day. com/2013/mar/2903 comp. jpg https: //www. slideshare. net/danielmiessler/understanding-csrf https: //www. owasp. org/index. php/Cross-Site_Request_Forgery_(CSRF)
- Chen chen berlin
- Kaidi kaljula
- Kaidi kaljula
- Kaidi palmiste
- Soomuskate ehk
- Kaidi sarv
- Kaidi kaljula
- Kaidi viljak
- Aasia karpkala ehk
- Private secruity
- Hound of the baskervilles chapter 10 summary
- Desmond brown cfpb
- Dr desmond blackburn
- Paul desmond discography
- Desmond matete
- Drwv
- Aletta tutu
- Which statement best describes the election of 2008?
- What is the osi security architecture
- Security guide to network security fundamentals
- Wireless security in cryptography and network security
- Electronic mail security in network security
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- Jake recommended that susan
- Reading comprehension setting
- Jake reinvented quotes
- Jake cashion
- Hidroliza soli zadaci
- Jake leicht reviews