Network Attacks Continued Part 2 and Wrap-Up
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> A few talks to talk about
00:00
before wrapping up this section.
00:00
The topic is spoofing,
00:00
and spoofing is all about impersonation.
00:00
Usually when we talk about
00:00
people impersonating each other,
00:00
we consider that social engineering.
00:00
But when it's a technical impersonation,
00:00
we call it spoofing.
00:00
Anything that requires a source address can be spoofed.
00:00
Often, we have IP addresses that are spoofed to
00:00
make it look as if traffic comes from a different host.
00:00
Many times on switches as a security measure,
00:00
we use MAC filtering and say
00:00
only these MAC addresses can connect.
00:00
But MAC spoofing is very easy.
00:00
Just a very basic software tool
00:00
allows you to modify the MAC address.
00:00
Caller ID, emails,
00:00
even locations can be spoofed.
00:00
This is why we never really rely on
00:00
a single factor of authentication.
00:00
We always want users to provide
00:00
IP address and a password.
00:00
IP addresses, MAC addresses,
00:00
and geolocation are often considered somewhere you
00:00
are because you're at a specific system or location.
00:00
Brute force attacks are extremely common,
00:00
and it refers to passwords.
00:00
I'm trying every set of characters in a file,
00:00
and I can also use dictionary attacks,
00:00
which try every character combination in a file.
00:00
Dictionary attacks used to be
00:00
trying all the words in the dictionary,
00:00
but they've extended beyond that.
00:00
We also have rainbow tables that are attempting to
00:00
find the hash that's generated by the password.
00:00
The hash is a virtual password,
00:00
and you type in your password to create the hash.
00:00
The theory is that your only password,
00:00
you would create the hash that would
00:00
gain access to the resources.
00:00
If I can find another character combination
00:00
that produces the same hash,
00:00
I get the same degree of access.
00:00
We talk about that much more in the Security Plus class.
00:00
That's a little bit of a teaser,
00:00
but those are valid attacks on passwords.
00:00
It's similar for keys.
00:00
These same ideas continue on with keys or with
00:00
passwords and the tools are getting faster and smarter.
00:00
The graphics processing units
00:00
that come on video cards today is
00:00
one of the biggest developments in
00:00
the realm of cracking passwords and keys.
00:00
The processing power that those devices
00:00
have is absolutely amazing.
00:00
I will confess, I'm somewhere near 50.
00:00
I'm not saying I'm 50, but I'm somewhere near.
00:00
The guys that grew up with like
00:00
Space Invaders, Asteroids,
00:00
Pitfall and the original Pitfall with
00:00
the stick figure guy was made up of
00:00
about 12 pixels all in all.
00:00
He swung on vines and jumped across alligators,
00:00
that's what we had on my time.
00:00
I was out and saw a TV
00:00
that looked like a football was going
00:00
on and I could tell it was
00:00
a Baltimore Ravens across the mall.
00:00
I was curious who they were losing to, so I walked over.
00:00
It wasn't the Ravens playing,
00:00
it was Mad in 2021,
00:00
but the graphics were so insane.
00:00
The power that's necessary to render
00:00
those graphics and harness
00:00
the power yields of capability
00:00
that is extraordinarily powerful.
00:00
Breaking passwords is much easier and quicker today.
00:00
Any eight character password can be
00:00
broken in just a matter of a couple of days.
00:00
We want to strengthen our passwords.
00:00
The way we do that is we lengthen them and
00:00
think about seeding or salting our passwords.
00:00
That's adding additional randomness.
00:00
That's also one of the things that we
00:00
talk about in Security Plus.
00:00
VLANs. We talked about
00:00
VLANs back in the Network Infrastructure chapter,
00:00
and how we can take these broadcast domains
00:00
and extend them across switches.
00:00
When we move from switch to switch,
00:00
we have what's called a trunk that connects
00:00
these devices and can connect them to routers.
00:00
At any rate, when it comes to VLAN hopping,
00:00
what happens is a host in one VLAN is
00:00
able to escape and access another VLAN.
00:00
The heart and soul of VLAN is isolation.
00:00
When that isolation can be compromised,
00:00
that's a security concern.
00:00
Sometimes that can happen by
00:00
having a rogue switch connecting
00:00
into a trunking port and impersonate legitimate switch.
00:00
Sometimes it can be done through
00:00
a process called tagging.
00:00
Tagging is necessary to help a switch
00:00
understand what traffic goes out which port.
00:00
This is actually a fairly sophisticated concept.
00:00
This is almost like a Cisco course
00:00
to really get into the heart and soul of this.
00:00
For us, we're going to think about VLAN hopping as being
00:00
able to escape one VLAN and access another.
00:00
That's spanning two domains of trusts which
00:00
should never be allowed without traffic inspection.
00:00
Then our Man-in-the-Middle attacks.
00:00
Man-in-the-Middle attacks can be active or passive.
00:00
If you think about sniffing the network,
00:00
I'm looking at traffic as it's going across the network.
00:00
That's still a Man-in-the-Middle attack.
00:00
But it's passive. I'm not doing anything, just observing.
00:00
Now, I can escalate that to a session hijack or
00:00
TCP hijack when I
00:00
take that information that I've learned,
00:00
like session information,
00:00
and I use that in order to resume
00:00
a session on other system's behalf.
00:00
Then usually I disconnect
00:00
the original system, the actual system.
00:00
What's happening is I'm stepping in place of
00:00
a legitimate communication and I'm resuming it
00:00
as if it was just someone that's already authenticated.
00:00
That happens a lot of different levels.
00:00
There are all sorts of ways.
00:00
With web traffic it,
00:00
usually happens when session information is passed across
00:00
the network in plain text
00:00
and the attacker gets on information,
00:00
modifies their data that contained
00:00
that session information.
00:00
Man-in-the-Middle attacks take advantage
00:00
of already established session and either
00:00
eavesdrop or inject traffic as it's
00:00
used as an extension of impersonation.
00:00
That wraps up our section on common attacks,
00:00
of which there are a lot.
00:00
This is really just the tip of the iceberg.
00:00
We looked at things like Denial of Service
00:00
and Distributed Denial of Service.
00:00
Again, the purpose is to knock the system either
00:00
offline or to render it
00:00
unable to process its normal requests.
00:00
Social engineering is about impersonation, trickery,
00:00
and it's about me convincing you that
00:00
I should have access to a system
00:00
or to a location or some access that I shouldn't have.
00:00
This is really prevalent.
00:00
Social engineers are incredibly sharp, successful,
00:00
and they play off a lot of characteristics
00:00
of people wanting to help.
00:00
Also things like being able to
00:00
be intimidated, relatively easy,
00:00
wanting to please, and
00:00
several other personality traits
00:00
social engineers exploit.
00:00
When we talk about poisoning,
00:00
poisoning is usually modifying cache.
00:00
We see that in DNS poisoning.
00:00
In ARP poisoning, it's all about redirection.
00:00
We also had farming as a DNS attack.
00:00
Rogue devices on the network,
00:00
back into wireless chapter,
00:00
we talked about the dangers of
00:00
rogue access points and evil twins.
00:00
Those can be used as Man-in-the-Middle attacks.
00:00
We also talked about VLAN hopping or VLAN escape,
00:00
which means that through some mechanism or vulnerability,
00:00
an attacker is able to move from one VLAN to the next,
00:00
gaining access to information that's part of
00:00
a separate domain and a separate security structure.
Up Next
Similar Content
