Time
31 hours 29 minutes
Difficulty
Beginner
CEU/CPE
30

Video Description

Non Wireless Attacks This lesson covers non wireless attacks. Non wireless attacks are actual attacks against a network. One such attack is a Denial of Service (DoS) which is an attack on services and resources and blocks host generating traffic. There is also a Distributed Denial of Service (DDoS). These are harder to fix as multiple hosts are performing DoS. Another type of attack is a Man in the Middle Attack. In this kind of attack, the attacker listens, captures and impersonates a user which allows them to pass on false certificates and capture data that is out on an HTTPS web page.

Video Transcription

00:04
our next type of attacks that we're gonna take a look at are going to be non wireless attacks. These are actual attacks against our network. Now. Our first type of attack is going to be a denial of service attack. Now, a denial of service attack is an intentional attack against the service's or the Net. Our network functionality,
00:23
intended to
00:24
shut down our network or shut down the service, is that we're providing to someone. For example, if we're hosting a Web server, a denial of service attack may be just an endless flood of data to that Web server in an endless request of responses and so many so many requests such that
00:43
our red server can't service anybody else.
00:45
So now our Web server isn't able to do its job. It's not ableto provide a service. Thus, a denial of service attack. This can be done against Web servers. It can be done against phone service providers, Internet service providers. A lot of different service is pretty much anything that is out there
01:03
on as a network device or as a network in general,
01:07
we can issue a denial of service attack against a denial of service attack could be something as simple as walking up to a building and cutting the Internet. The cable that comes into the building for the Internet service provider that's a denial of service were intentionally disrupting Internet service
01:23
to a building by just cutting the Internet cables. That's a denial of service attack.
01:29
Now,
01:30
when we're talking about denial of service attack traffic on our network, what we may want to do if it's just a singular denial of service attack is attempt to block the host, generating the traffic. If we're able to narrow down where the traffic is coming from, we may want to block that host. If there's a particular I P address that the traffic's coming from,
01:49
if there is a particular source or particular Mac address that the traffic is coming from,
01:53
maybe intentionally, maybe unintentionally we want to block that, take it off the network or prevent that device are filter that device from even sending traffic into our network. Maybe through the use of a firewall. If it's a public device that's trying to send that network data to our Web server, we may want to just set up a firewall rule
02:10
that just drops all traffic from that device.
02:14
So it's very important to be able to identify our network traffic and see where. What's generating that denial With service Network traffic
02:23
Now
02:23
our next step up from denial of service is are distributed denial of service and a distributed denial of service. Attack is much harder to you to deal with than just a standard denial of service attack. Because a distributed denial of service attack a d d o s a. D dos attack
02:39
is going to be multiple hosts attempting to perform denial of service attacks.
02:44
This could be anything from multiple hosts that are all intentionally provided a performing denial of service attacks on us. Or it could be hosts that were infected with malware. Aah! Lot of Mao authors were right. Malware that just goes out to different computers, infects them and then sits very quietly.
03:02
And there's nothing on those computers
03:05
until that that author decides they have what's called a botnet, and that author decides, okay, I want to perform a distributed denial of service attack against cyber ery or against this company. Please don't distribute denial of service, attack us.
03:21
They decide they want to perform a distributed denial of service attack against
03:24
ah particular company or a particular website. So
03:29
now they tell all of their butt bots to come alive. They issue commands all of their bots. And then these dozens, hundreds, thousands, even of devices around the world even begin sending traffic and begin trying to disrupt and nice service for a particular in point.
03:49
Now, this is a lot harder to deal with because our
03:52
blocking hosts strategy isn't gonna work. We can't just go out and we can't. We can't block this traffic for thousands and thousands of hosts
04:02
because that they meant those hosts may not even be intentionally doing this. They may be doing that because they are infected with malware
04:13
or they may be sending us traffic that looks completely legitimate. There may just be thousands of hosts now, just sending repeated requests, repeated get requests for Web page and all. We just can't handle all of these thousands of computers because they can send
04:28
thousands of requests each. So we have these millions and millions of requests that are coming in that we just can't handle
04:32
and we don't want to say block all of these I p addresses. They're sending us get requests because those there could be there could be legitimate traffic coming in. And now we're blocking legitimate customers that are trying to get to our Web page. Or so our best bet here for a distributed denial of service attack.
04:50
It's to do something, something like identifying the traffic traffic traffic signature.
04:56
We want to try to track down exactly what that traffic packet that is coming to us looks like. But again, if it's something legitimate, like a website, get request. We can't filter that out. We can't say, Oh, I'm not going to accept any traffic to my Web server.
05:12
Well, been now it's best you pretty much just denial of service yourself. You're just falling right into what the what? The author of the tack The attack wants to happen. They want to shut down your website. So if you stop offering Web service is then yes, you're not you're not having that attack being effective against you anymore because you've essentially just
05:31
you essentially called it quits. You've said we're just gonna shut down our web server now
05:34
because we can't service anybody so
05:38
distributed denial of service attacks are a lot harder to fill throughout, but you could. You can try to mitigate them with some devices. Some load balancers and some proxy servers may be able to help with filtering out some distributed denial of service attacks, so there may be additional devices that can help to identify
05:57
repeated traffic
05:58
may help to identify if they have the same same destination hosts over and over and over, requesting traffic after so many requests, they may say, OK, you are your traffic. This hosts Traffic is going to be blocked for the next three hours
06:15
because we're just experiencing an influx of this attack.
06:18
So, um, this host you've requested over the past hour you've requested 50 times to get this Web page on average over the past hour, an average host at the most. The top 90% of our users on Lee request only Do website Web page get requests
06:38
15 times in an hour. So you're almost doing that almost doing five times as many requests is them. So you're gonna be blocked for the next three hours because there's something fishy going on here, so it's rules like that. It's traffic signatures like that that we may need to implement, but again, if we don't have a dedicated team that is experienced with
06:58
stopping those distributed denial of service attacks. If we don't have a team that is used to writing rules to filter out and narrow down that traffic, these could be very heart attacks to mitigate and very heart attacks to handle.
07:11
Next. We have man in the middle attacks.
07:13
Main in the middle attacks are attacks where we essentially have someone who is we're trying to send were essentially trying to send data from Point A to point B.
07:25
But there's a point. See who's sitting in the middle
07:29
intercepting our data
07:30
and then passing along to point B. So it's point A to point C to Point B, and then when the traffic is sent back, it's going from point B to point C to point A rather than directly to us. Now. These are dangerous because it allows the attacker to listen to our traffic. It allows our allows the attacker to capture our traffic,
07:50
maybe even capture certain credentials that we're trying to pass,
07:54
because if we're passing information directly, what we think is directly to point B. This may be sensitive information this maybe credentials information. But if where it's going through point C first, then it may be compromised. So
08:09
that point c maybe doing things like passing false certificates. So even though we're running over https, they may actually be using a false certificate. They maybe falsifying a certificate and capturing our data that we're putting into an https Web page.
08:26
So we need to be careful who out there is on a network
08:28
man in the middle. Attacks can occur through things such as someone who goes out and they impersonate the router. They're performing an AARP attack where they're going out and our computers asking, Okay, I'm looking for the router. Who's the router? And then a computer on the network says, Oh, I am.
08:46
And when they're really they're not, they're performing a man in the middle attack,
08:50
and now our computer begins sending that computer traffic, and then that computer goes through all of our traffic looks at everything, captures it, and then Pat keeps a copy and then passes it along to the router. So it's sitting there, and it may be able to do it just as fast as if we were directly connecting to the router.
09:07
But now that that man in the middle computer is able to read this,
09:11
read that traffic is able to see our information and is able to look at all of the information and all the all of the credentials that we're passing
09:18
now, man in the middle attacks may not just be occurring on our network. They could be occurring on online as well. We haven't We may have malware that infects our computer and then changes our proxy settings so that we connect. Remember, a proxy server is the first connection that we connect to, and we send our data through that server to the Internet.
09:39
So malware that changes our proxy settings
09:41
is changing where we send our Internet connections to when we connect out to the Internet. We don't connect directly to facebook dot com. We don't cornett connect directly to cyber dot i t. We first connect to a proxy server in
09:54
lengthy Lithuania or organ or
09:58
Europe or whatever, or England or wherever, wherever this proxy server is. Wherever the malware author told us to send the data first, it connects to that proxy server and then connects to where we want to go. And so its able to see all of our traffic is able to read all of our data and see what we're doing. So we need to be very careful of man. The middle attacks
10:18
in ways that we can be careful of these
10:22
is we can implement devices on our network works. We can implement firewalls or routers that can do things such as checking for I p spoofing devices that can check for I p spoofing help mitigate man in the middle attacks by keeping a record of the known address of the known Mac addresses of devices
10:39
and then checking and listening for anybody
10:41
who is not that Mac address passing off information and pretending that they are a different i p address so we can help drop those packets. It can help take those packets that are trying to be passed around and caught and block them to prevent to prevent these men in the middle attacks from occurring on our network.
11:01
So that's these. This man in the middle attack prevention
11:03
can be done in the form of dropping I p spoofing packets because Essentially, this device is trying to spoof its I p address and pretend it's an I P address that it's not.
11:13
We also want to check to make sure that on our local computers that we don't have any odd proxy settings that are set in our in our Internet net options because those proxy settings, if we didn't set them and they aren't intention, intentional proxy settings, maybe connecting us to somewhere else. First,
11:31
we want to check and make sure that we aren't getting certificate warnings
11:33
when we're trying to connect two pages over https. The certificate warnings could be telling us that this is not a valid certificate for this Web page, so it could mean that someone is performing a man in the middle attack, and we also want to act. Even if the certificate warning does not pop up every once in a while, we may want to click and see
11:52
who is issuing the certificate for the Web site that we're on.
11:56
And if the certificate looks a little fishy, certificate doesn't look quite right or looked expired, then there may be an issue going on there, and it may be someone falsifying certificates and actually sitting in the middle and listening to our https traffic, listening to our secure traffic. So be careful of these and watch out for that. And
12:15
when Alison when Alice is talking to Bob, we always gotta watch out
12:18
for Charlie or Carol trying to listen in and see what's going on.

Up Next

CompTIA Network+

This CompTIA Network+ certification training provides you with the knowledge to begin a career in network administration. This online course teaches the skills needed to create, configure, manage, and troubleshoot wireless and wired networks.

Instructed By

Instructor Profile Image
Anthony Harris
Systems Analyst and Administrator at SAIC
Instructor