PROTECTINGT

HE
NETWORK
PREPARED BY :VIJETHA V BHAT

1 VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

 2

 A flood attack on a network involves the broadcast of flood packets.

 An ideal flood attack would be the injection of a single packet which

exploits some known flaw in the network nodes, causing them to
retransmit the packet, or generate error packets, each of which is
picked up and repeated by another host.

VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

 How to Prevent Denial of Service?
3

– The solution to most of these problems is to protect the routing update packets sent by
the routing protocols in use.
– There are three levels of protection:
1. Clear-text password
2. Cryptographic checksum
3. Encryption
– Passwords only offer minimal protection against intruders who do not have direct
access to physical networks.
– Passwords also offer some
VIJETHA protection
V BHAT,CANARA against mis-configured routers .
COLLEGE,MANGALORE 3/10/2017
 4

1. The information will remain protected, provided the encryption mechanism deployed
is strong enough and cannot be easily broken.
2. Segmenting the local area network can mitigate the
sniffing accomplished through local network interface devices.
3. In an environment where all computers are connected on a single LAN segment, any
machine can be used for sniffing purposes.
4. In a segmented LAN, machines on one segment receive packets from
other machines on the same segment.
VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017
Sniffing: 5
– Sniffing uses network interface to receive data intended for other machines in the
network
– Ex. A bridge connects two network interfaces by retransmitting the data frames received
on one interface to the other.
– The retransmission of data-frames is governed by the filtering
rules of the bridge.
– Thus, in process of filtering, it examines all the frames.
– The "network analyzer” is a device that can receive all the traffic on the network for
diagnostic and analytical purposes.

VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

– The sniffer can gain knowledge of any of this information and misuse it for attacking the
security of computers on the network.

How to Prevent Sniffing?

– Sniffing can be prevented, or at least its effects can be mitigated, through the proper
understanding of these devices and deploying them in an appropriate configuration

– Encrypting all the message traffic on the network ensures that the sniffer will only be able
to get the encrypted text rather than the clear text information.

6 VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

How Sniffing Threatens Security?

– sniffing data from the network leads to leakage of several kinds of information, that should be

kept secret for a computer network to be secure.

– Through the use of sniffers the critical information such as passwords, financial account

numbers, confidential or sensitive data and low level protocol information can be tapped.
– The advantage of passwords is that they have very low overheads, in both bandwidth
and CPU consumption.

7 VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

Spoofing

1. Address Resolution Protocol (ARP) is used for determining the hardware

address of a machine whose IP address is known.
2. This situation typically occurs in broadcast networks, where the delivery
is made using the network interface/hardware address, but the
application layers operate using Internet Protocol (IP).
3. When a machine on a local network wants to send an IP packet to
another machine, it needs to find the hardware address of the machine
that owns the destination IP address.

8 VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

Preventing ARP Spoofing
1. In ARP spoof, most of the time, the attack is really directed at the machine being
deceived, not the machine whose IP address is being taken over Presumably, the
machine or machines being deceived contain data that the ARP spoofer wants to
get, or modify.
2. deception is useful to the ARP spoofer because the legitimate holder of the IP
address is trusted in some way by the machine being deceived.
3. In order to prevent unauthorized access to information, the machines that extend
trust to other machines on the local network, based on an IP address, should not
use ARP to obtain the hardware address of the trusted machines.

9
VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017
IP Spoofing Attacks

10
1. If an intruder, anywhere on the internet, can spoof IP packets, then they can effectively

impersonate a local system's IP address.

2. In many networked environments, local systems may perform session authentication

based on the IP address of a connection.

3. If the incoming connection requests originate from local, trusted hosts, the systems do not

require passwords for logging in .

VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017
 Preventing IP Spoofing:
11

1. The firewall and filtering routers of the system should be configured to monitor the

network traffic on the external interface of the internet router.

2. The filters should examine the incoming traffic packets, to ensure that no incoming packet

has a source and destination address in the local domain.

3. The very presence of such packets trying to enter the site from the internet is a strong

indicator thatVIJETHA
an IP Vspoofing attack
BHAT,CANARA is in progress.
COLLEGE,MANGALORE 3/10/2017
 12
1. An intruder capable of spoofing IP packets can make the system believe
that the incoming connections from the intruder are originating from a
local" trusted host".
2. In many a system configurations it is possible for these packets to pass
through firewalls.
3. Its efficiancy depends on the configuration of the filtering routers and
the firewall.
4. The attacker can hack the system even through no session packets can
be sent back to him.
VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017
 13
– IP spoofing attacks can be prevented by filtering the packets as they
enter the router from the internet.

– The filtering process blocks/drops any packet trying to enter the local
network from an external network, claiming to have originated inside
the local domain.

VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

 14 DNS Spoofing

1. DNS names are easier to remember and are most often used instead of IP
addresses.
2. Whenever a DNS name is used for accessing, the host computer resolves the name
by converting the name to an address.
3. In order to resolve the name, it sends an address lookup query to the specified
DNS name server.
4. Similarly, whenever a host computer needs a DNS name corresponding to a given
IP address it sends a reverse lookup query to a DNS name server.
VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017
 15
• The name server provides authoritative responses that all hosts on the internet
trust.

• However, if the name server on the internet is compromised by a security attack

controlled by an intruder, the intruder is in a position to offer wrong
translation,thus directing the traffic meant for a legitimate server site to the one
controlled and operated by him.

VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

• It trusts the translation, if the IP address on reverse lookup returns the original name. This
16
is helpful in situations where the attacker has modified only the forward translation, but

not the reverse lookup entries.

• Servers can carry out a similar double check for clients, by first doing the reverse lookup to

get the name of client requesting connection, followed by forward translation to get the IP

address

from the name, prior to trusting it with authorized access to information.

• This may help if the attacker has altered the name server files corresponding to reverse
VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017
lookups, but not corresponding to forward lookups.
Protecting the Services:
– The sites connected to the internet may have some services that are exclusively available
to internal users while others may be available universally.
– The site has to protect the various types of services that it offers, both to internal as well
as to external users, and each type has its own security requirements.
– It is therefore wise to isolate the internal services to one set of host computers and the
external services to another set of host computers. That is why, many sites connect to the
external world through firewalls.
– The firewalls keep a portion of sub network accessible from the outside and another set
which may be accessed only from within the site.

17 VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

– On many occasions, sites may provide anonymous or guest access to external users and
these services may be needed to support anonymous FTP downloads, or unauthenticated
guest login.

– It is extremely important to ensure that the anonymous FTP servers and guest login
services are carefully isolated from any other host and file systems.

18 VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017

19

END OF PRESENTATION

VIJETHA V BHAT,CANARA COLLEGE,MANGALORE 3/10/2017