Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

Published byGwen Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware."— Presentation transcript:

1 CIS 450 – Network Security Chapter 4 - Spoofing

2 Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware and software can be fooled. Types IP Spoofing – An attacker uses an IP address of another computer to acquire information or gain access Email Spoofing – Involves spoofing from the address of an email Web Spoofing Non-technical Spoofing – Concentrate on compromising the human element of a company (social engineering)

3 IP Spoofing Flying blind or a one-way attack – Packets are sent to a victim but the attacker does not receive any packets back Basic address change Most basic form is to into network configuration and change the IP address All packets going out have the IP address the attacker wants to spoof Low tech since all replies go back to the address attacker is spoofing Is effective for DOS attacks

4 IP Spoofing Basic address change – Protection Against Can protect your machines from being used to launch a spoofing attack, but there is little you can do to prevent an attacker from spoofing your address Limit who has access & can make changes to configuration information on a machine Ingress Filtering: Apply built-in spoofing filters on routers – do not allow any packets to enter your network from the outside to have a source address from your internal network Egress Filtering: Prevents someone from using a company’s computers to launch an attack. Router examines any packet leaving network to make sure that the source address is an address from your local network. Software packages: arpwatch (http://www.securityfocus.com/tools/142 )http://www.securityfocus.com/tools/142

5 Source Routing Lets you specify the path a packet will take through the Internet Loose source routing (LSR) – Sender specifies a list of IP addresses the traffic or packet must go through (can go through other addresses as well). Not interested in exact path as long as it goes through the addresses. Strict source routing (SSR) – Sender specifies the exact path that the packet must take. If exact path can not be taken packet is dropped & an ICMP message is returned to the sender.

6 Source Routing Protection Against Best way is to disable source routing at your routers

7 Exploitation of a Trust Relationship on UNIX Machines Trust relationship is set up so user does not have to log on to all systems they have access to User only has to authenticate on initial log on Attacker spoofs the address of machine that has the trust. Attacker is flying blind. Protection against Don’t use trust relationships If used, limit who has them If used, limit to internal use not via the Internet

8 Email Spoofing Done for: Hide their identity (can use an anonymous remailer) Wants to impersonate someone or get someone else in trouble As a form of social engineering

9 Email Spoofing Similar email addresses Attacker registers an email address with a user name that looks similar to the person that they want to spoof In the Alias Field the attacker puts the name of the impersonated person Sends an email message from the spoofed address Protection against Similar email addresses Users have to be educated Configure mail clients so that they always show the full email address and not the alias Set up email so that it can be accessed remotely and via the Internet Make policy of no external email addresses for work-related activities Public key encryption

10 Email Spoofing Modifying a mail client In some mail clients attacker can specify what he wants to appear in the from line Protection against Modifying a mail client Have policy against and enforce it Logging is performed on all systems Look at the full email header

11 Email Spoofing Telnet to Port 25 Port 25 is used for Simple Mail Transfer Protocol (SMTP) Attacker finds out the IP address of a mail server or runs a port scan against several systems to see which ones have port 25 open Opens a telnet session to port 25 on that machine Message is sent with a spoofed From address

12 Email Spoofing Protection Against Telneting to Port 25 If not being used shut it down Have all the latest patches installed on mail server and make sure all spoofing and relay filters are properly configured Mail relaying Attacker tries to use a mail server to send mail to someone else on a different domain or relay his mail off another server Protection against Mail relaying Validate that the recipient’s domain is the same domain as the mail server Validate that the sender’s domain is valid Validate that for any remote connection to the mail server that the To and From addresses are from the same domain as the mail server

13 Web Spoofing Web spoofing allows an attacker to create a "shadow copy" of the entire World Wide Web. Accesses to the shadow Web are funneled through the attacker's machine, allowing the attacker to monitor all of the victim's activities including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to Web servers in the victim's name, or to the victim in the name of any Web server. In short, the attacker observes and controls everything the victim does on the Web. (Web Spoofing: An Internet Con Game” Felten, Balfanz, Dean, and Wallach, Technical Report 540-96, Department of Computer Science, Princeton University, revised February 1997 http://www.cs.princeton.edu/sip/pub/spoofing.html)

14 Web Spoofing Basic Web Spoofing Domain is set up with a similar name After collecting information sends a cookie to user that will forward the user to real site the next time the user comes back Protection against Basic Web Spoofing Sites should use server-side certificate Configuring web browsers to always display the URL

15 Web Spoofing Man-in-the-Middle Attacks Attacker has to position himself so that all traffic coming and going to the victim goes through him Requires that all information coming in and out of your organization pass through a single router Attack can be passive or active Protection against Man-in-the-Middle Attacks Encryption Strong perimeter security

16 Web Spoofing URL Rewriting An attacker is redirecting web traffic to another site that is controlled by the attacker The attacker has to rewrite all of the links on a web page Protection against URL Rewriting Browsers should always be configured to display the destination URL and users should be trained to look at it Examine HTML source code

17 Web Spoofing Tracking State – the ability of a site to track the state of the connection and what a user does over time Cookies Pieces of information that the server passes to the browser and the browser stores for the server Passed back to the server by the browser when the user reconnects Persistent cookie – stored on the hard drive in a text file format. An attacker that has local access can easily access the cooker Non-persistent cookie – stored in memory and goes away when machine is turned off or rebooted Protection against Cookies Client side -Good physical security (log off when not in use, password screen savers) Server side – Make your session ID as long and random as possible

18 Web Spoofing URL session tracking If attacker can guess the session ID he can take over user’s identity and take over their active session Protection against URL session tracking Make your session ID as long and random as possible Defensive measures have to be done on Web server side

19 Web Spoofing Hidden form elements – information on form that the browser keeps but is not displayed to the user Protection against hidden form elements Have hard-to-guess session IDs that are as random as possible Recommendations At least a 15-character session ID that is composed of uppercase, lowercase, numbers, and special characters that are randomized Times should be set depending on type of application Set expiration time as soon as user logs off

20 Web Spoofing General Web Spoofing Protection Disable JavaScript, ActiveX, or any other scripting languages that execute locally or in your browser Make sure you validate your application and that you are properly tracking users Make sure users cannot customize their browser to display important information Education is important Session IDs should be long and random

21 Non-Technical Spoofing Social Engineering – Tries to convince someone that they are someone else Reverse Social Engineering – The attacker gets the user to call him for help Non-Technical Spoofing Protection Educate your users Post messages on computers Training Proper policies Have authentication when calling help desk Limit public information Run periodic checks against help desk and users

Download ppt "CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Internet Basics.

Internet Basics.

Similar presentations

Ads by Google