PACE-IT: Common Threats (part 1)

Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

Inside jobs or threats.
– Outside threats.
PACE-IT.

Common network threats I.

Malicious employee.
» This is difficult to defend against, as the threat is already
inside the network.
• Resources must be granted in order for employees to
do their jobs.
» One of the best defenses is using the principle of least
privilege.
• Only granting the least amount of authorization that is
required for a person to get their work done.
– Compromised system.
» Once a PC or network device has been compromised, it
is vitally important to isolate it from the system as a
whole.
• A compromised PC or network device could lead to a
completely compromised network, as malware may be
able to spread across connections.
• Once malware gains access to network resources, it
can be extremely difficult to root out and remove.
Malware may also degrade the network’s performance.

Social engineering.
» The process of using social pressure to cause somebody to
compromise a system from inside the defenses of the network.
• The pressure can be applied in multiple forms: by phone, in
person, via email, through a rogue website, or by other
methods.
– ARP (Address Resolution Protocol) cache
poisoning.
» The ARP cache, which maps IP addresses to MAC addresses,
is corrupted by an attacker with the end result being that the
attacker has control of which IP addresses are associated with
MAC addresses.
• Commonly used in man-in-the-middle attacks.
– Protocol or packet abuse.
» The process of taking a specific protocol and repurposing it to
perform a different function.
• Commonly used to bypass a router’s access control list (ACL)
from inside a network (e.g., encapsulating a not allowed
protocol within a DNS (an allowed) protocol).

Man-in-the-middle attack.
» The attacker is not necessarily inside the network per se, but is
in between two end points that are communicating on a
network.
• In most cases, man-in-the-middle attacks involve disrupting
the ARP process between the two end points.
» The attack allows a malicious user to be able to view all
network packets that are flowing between the communicating
hosts.
– VLAN hopping.
» Circumventing the security that is inherent when virtual local
area networks (VLANs) are created. Normally, traffic that is
tagged for one VLAN is not allowed onto another VLAN without
the intervention of a router.
• VLAN hopping occurs when the attacker adds an additional
fake VLAN tag to the network packets. Once the packet gets
to the switch, the switch strips one of the VLAN tags off the
packet and passes it through. Once through the switch, the
packet is considered as belonging to the new VLAN.

One of the largest threats
that faces network security
personnel is the unknown
vulnerability.
Network and systems administrators expend a fair amount of
effort protecting the assets under their control and they can do a
good job of hardening their systems, but not a perfect job.
The problem lies with zero day attacks. Zero day attacks take
advantage of either new or very recently discovered
vulnerabilities, which means that networks and systems probably
haven’t yet been hardened against them.
The unfortunate reality is that attacks keep changing and security
experts must also be willing to adapt in order to keep pace.

Brute force attacks.
» Using computing power and time to compromise passwords.
• The attacker uses a program that continually tries different
password combinations (often in the form of a special
dictionary application) in an effort to crack a password.
– Spoofing.
» A category of threats where either the MAC address or IP
address of the attacker has been modified to look like a friendly
address in order to bypass network security.
• A common use in the past was to spoof the IP address, so
that an outside attacker was actually viewed as an inside
host.
– Session hijacking.
» An attacker attempts to take over a communication session
after a user has been authenticated.
• The hijacking can occur through various methods (e.g., using
a packet sniffer to steal a session cookie or installing malware
on a user’s computer that is activated after the user is
authenticated).

Given the nature and purpose of networks, it can be difficult to make them
secure. Common threats that come from within the network itself are:
malicious employees, compromised systems, social engineering, ARP
cache poisoning, protocol or packet abuse, man-in-the-middle attacks, and
VLAN hopping.
Topic
Inside jobs or threats.
Summary
Of major concern to network security personnel are zero day attacks (the
exploitation of previously unknown vulnerabilities) and it is imperative that
they keep current with what is being developed. Other outside threats
include: brute force attacks, spoofing attacks, and session hijacking.
Outside threats.

This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.

PACE-IT: Common Threats (part 1)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to PACE-IT: Common Threats (part 1)

Similar to PACE-IT: Common Threats (part 1) (20)

More from Pace IT at Edmonds Community College

More from Pace IT at Edmonds Community College (20)

Recently uploaded

Recently uploaded (20)

PACE-IT: Common Threats (part 1)