1
00:00:09,530 --> 00:00:15,830
In this section we're going to cover different methods that can be used by attackers to compromise networks

2
00:00:15,890 --> 00:00:17,560
and points.

3
00:00:17,570 --> 00:00:25,760
Let's get started with network attacks air reconnaissance attack would be the first move that attackers

4
00:00:25,760 --> 00:00:29,020
would make to gather information about the network.

5
00:00:29,630 --> 00:00:34,960
And that is probably the most popular network scanning tool out there to demonstrate and map.

6
00:00:34,970 --> 00:00:42,980
I'm actually going to use Sparta in our Kelly Linux lab which basically takes and map discovery information

7
00:00:43,190 --> 00:00:46,060
and displays it in a nice gooey application.

8
00:00:49,270 --> 00:00:55,780
And Kelly if you go to applications and then information gathering you can see some of the different

9
00:00:55,780 --> 00:01:02,030
reconnaissance tools that you can use including and map and Sparta.

10
00:01:02,080 --> 00:01:08,640
I'm going to go ahead and click on Sparta and then I run a scan on some devices in the lab.

11
00:01:11,310 --> 00:01:18,200
Now that Sparta has launched I'm going to click here to add a host range.

12
00:01:18,570 --> 00:01:23,100
I'm actually just going to scan a subset of my devices

13
00:01:26,880 --> 00:01:34,990
but in my range and add to scope and as you can see down below it's starting to run and map on that

14
00:01:34,990 --> 00:01:38,030
network range.

15
00:01:38,700 --> 00:01:43,840
This scan will take a while to finish so I'm going to pause recording and we'll pick back up once we

16
00:01:43,840 --> 00:01:46,530
have the scan results.

17
00:01:46,710 --> 00:01:50,670
OK so the map scans are complete.

18
00:01:51,470 --> 00:01:55,970
There are some other tools that Sparta runs on the define host range.

19
00:01:56,030 --> 00:02:02,510
Nicko was a vulnerability assessment tool and then a run screen shot which will take a screenshot of

20
00:02:03,690 --> 00:02:07,880
pages that are open as well as some and checks.

21
00:02:08,130 --> 00:02:15,480
But I mainly wanted to just show you the map results so as you can see in my post column it did discover

22
00:02:15,630 --> 00:02:22,620
some hosts shows their hostname as well as the operating system on some of the hosts.

23
00:02:22,650 --> 00:02:29,670
So this host is a Microsoft Windows Server that I have running in the lab so and map was able to discover

24
00:02:29,790 --> 00:02:33,240
ports and services that are running on that server.

25
00:02:33,420 --> 00:02:41,160
So if I was targeting this network based on running this and map scan I know what type of operating

26
00:02:41,160 --> 00:02:45,770
system this host has as well as services that I could try to exploit

27
00:02:49,050 --> 00:02:56,100
denial of service or distributed denial of service attacks are both ways to overload a network or server.

28
00:02:57,530 --> 00:03:03,650
These network attacks can be launched with the sole purpose of bringing down a network but can also

29
00:03:03,650 --> 00:03:10,070
be used as a method to overwhelm a system to make it vulnerable to other attacks.

30
00:03:10,070 --> 00:03:16,250
The main difference between standard denial of service attacks and distributed denial of service attacks

31
00:03:16,700 --> 00:03:21,900
is with the number of attackers that are participating in the D.O.A. attack.

32
00:03:23,440 --> 00:03:30,790
Well it's taking a look at some of the types of denial of service attacks ICMP floods can be used by

33
00:03:30,790 --> 00:03:37,270
simply sending a large number of ping requests to the target where they spoofed source address.

34
00:03:37,810 --> 00:03:46,780
These can be prevented by blocking unnecessary ICMP traffic on firewalls Syn floods take advantage of

35
00:03:46,780 --> 00:03:55,030
the TCAP three way handshake by sending a flood of TZP send requests without replying to the snack responses

36
00:03:55,510 --> 00:04:02,460
forcing the victim to generate a large amount of unneeded traffic most firewalls can protect against

37
00:04:02,660 --> 00:04:11,120
floods by simply setting limits force an activity DNS amplification attacks are the most common.

38
00:04:11,180 --> 00:04:19,190
DiDio US attack it takes advantage of recursive DNS servers by sending a large amount of DNS requests

39
00:04:19,430 --> 00:04:27,250
for the victim's IP this type of attack can be prevented by making sure that DNS servers are hardened

40
00:04:27,490 --> 00:04:29,800
and do not have recursive lookups enabled.

41
00:04:29,800 --> 00:04:38,040
If they are needed men in the middle attacks are when an attacker finds a way to place themselves in

42
00:04:38,040 --> 00:04:41,220
between a client and their gateway.

43
00:04:41,790 --> 00:04:47,790
When this occurs client data is sent through the attackers device before it is forwarded to the actual

44
00:04:47,790 --> 00:04:49,560
destination.

45
00:04:49,560 --> 00:04:58,350
This can lead to data exfiltration denial of service and password that let's take a look at some common

46
00:04:58,560 --> 00:05:06,660
man in the middle attacks are poisoning can be used by attackers by responding to ARP requests to gateways

47
00:05:06,930 --> 00:05:10,330
causing the victim to send all of their data to the attacker.

48
00:05:11,730 --> 00:05:18,470
Arp poisoning can be prevented with Cisco switches by enabling the dynamic ARP inspection feature.

49
00:05:18,480 --> 00:05:26,290
This feature ensures that malicious our responses are not forwarded across the switch.

50
00:05:26,290 --> 00:05:34,530
Another common man in the middle attack is DHP spoofing with DHP spoofing an attacker would respond

51
00:05:34,530 --> 00:05:42,480
to DGP requests to trick clients into receiving IP addresses from their scope which could then cause

52
00:05:42,480 --> 00:05:47,870
the client to sign gateway traffic to the attacker.

53
00:05:47,880 --> 00:05:49,660
This attack can be prevented.

54
00:05:49,770 --> 00:05:59,610
Well they Cisco switch feature called DHP snooping DHP snooping ensures that only valid DHP server responses

55
00:06:00,150 --> 00:06:04,160
are forwarded across the switch.

56
00:06:04,190 --> 00:06:09,320
The last man in the middle attack that I want to cover is SS ID injection.

57
00:06:09,320 --> 00:06:17,330
This attack can be accomplished by simply deploying a rogue AP with the same access Id ask company broadcasted

58
00:06:17,560 --> 00:06:22,360
SS IDs to avoid SS ID injection.

59
00:06:22,360 --> 00:06:27,320
Make sure to have proper wireless alerts set up so that you're notified if there is rogue AP in the

60
00:06:27,320 --> 00:06:32,830
environment and make sure to have strong authentication policies that would make it difficult for an

61
00:06:32,830 --> 00:06:34,300
attacker to replicate.