Introduction to Network Security (INS)


INS:   SOLD       



When historians look back at the beginning of the 21st century, one of the things that will probably be prominent in their minds is the issue of "SECURITY". There was probably no idea at that time of a security system that could continuously protect us and our property from attacks by invisible enemies (not ghosts), but rather anonymous forms of attack.

Introduction to Network Security
Introduction to Network Security

Suicide bombings, subway massacres, plane hijackings, brutal shooters, and guerrilla commandos have occurred in nearly every corner of the world. In response, governments and organizations have implemented ever-changing forms of security defense. Commuters on public transportation are constantly monitored, fences are erected across borders, and even phone calls are monitored. The result is that these attacks and security defenses have impacted nearly every aspect of our daily lives and significantly affected how we all work, play, and live.

One of the areas that often becomes the main target of attacks is information technology (IT). It seems like an endless chain of attacks directed at companies, banks, schools, and individuals through computers, laptops, smartphones, pad computers, and other similar technological devices.

Internet Web servers must withstand thousands of attacks every day. Identity theft has skyrocketed. Unprotected computers connected to the Internet can be infected in less than a minute. One study found that more than 48 percent of the 22.7 million computers analyzed were infected with malware, phishing, rootkits, back doors, social engineering, zombies, and botnets—almost unheard of just a few years ago, but what’s happening now? Network and information security have become a part of our daily lives that we must always be aware of.

The need to defend against attacks from the technological (IT) devices we have created has now become the core of an entire industry. Known as information security, it focuses on protecting the electronic information of organizations and users.

The demand for IT professionals who know how to secure networks and computers is high, and many businesses and organizations require employees and job applicants to demonstrate familiarity with computer security practices. To verify security competency, most organizations use the CompTIA Security+ certification. As the most widely recognized vendor-neutral security certification, Security+ has become the security foundation for today’s IT professionals.

There are two broad categories of information security positions. Information security Managerial positions involve the administration and management of plans, policies, and people. Information security technical positions are concerned with the design, configuration, and

Spent fuel from the reactor could be reprocessed elsewhere in the country to produce weapons-grade plutonium for use in nuclear warheads. Some have even speculated that a government-sponsored team of programmers — or even an unnamed team of programmers from some opposition government — created Stuxnet to cripple the Bushehr facility. Based on the complexity of the software, it is estimated that Stuxnet could have cost more than $4 million to develop. As far as can be determined, Stuxnet was never able to take down any SCADA systems or cause damage to industrial sites. No person or organization has come forward as the author of Stuxnet, so it remains cloaked in secrecy. While we may not know who was behind it or why, Stuxnet is just one example of how powerful malware can be to security threats.

In this Introduction to Network Security 3rd Edition covers the installation, and maintenance of technical security equipment. Within these two broad categories, there are four generally recognized security positions:

  • Chief Information Security Officer (CISO). This person reports directly to the CIO (larger organizations may have more layers of management reporting to). Other titles used are Manager of Security and Security Administrator. They are responsible for the assessment, management, and implementation of security.
  • Security Manager. The security manager reports to the CISO and supervises security technicians, administrators, and staff. Typically, a security manager works on tasks identified by the CISO and resolves issues identified by technicians. This position requires an understanding of configuration and operations but not necessarily technical expertise.
  • Security administrator. Security administrators have technical knowledge and managerial skills. A security administrator manages the day-to-day security operations of technology, can analyze and design security solutions within a particular entity, and identify user needs.
  • Security technician. This is generally an entry-level position for someone who has the necessary technical skills. Technicians provide technical support to configure hardware security, deploy security software, and diagnose and troubleshoot problems.

Current employment trends show that employees with security certifications are in high demand. As the nature of attacks increases, so does the need for trained security personnel. Unlike some positions, security is never left to chance or out of control. Because security is such a critical element of an organization, security positions typically remain within the organization. Additionally, security positions do not involve “on-the-job training” where one can learn on the job; the risks are too great. IT employers want and pay a premium for security officer certification.

A study by Foote Partners shows that someone with a security certification will be paid 10 to 14 percent more than their non-certified employees.

The CompTIA Security+ Certification is a vendor-neutral credential that requires current delivery of the SY0-301 certification exam. This exam is internationally recognized as validation of a foundational level of security skills and knowledge. Successful candidates have the knowledge and skills needed to identify risks and participate in risk mitigation activities; provide infrastructure, application, operational and information security; implement security controls to maintain confidentiality, integrity and availability; identify appropriate technologies and products; and operate with awareness of applicable policies, laws and regulations.

CompTIA Security+ certification is intended for IT security professionals with a recommended background of at least two years of experience in IT administration with a focus on security. This ensures that a professional is involved with day-to-day technical information security, experience, and has extensive knowledge of security issues and implementation.

This chapter introduces the fundamentals of network security that form the basis of the Security+ Certification. It begins by examining the current challenges in computer security and why they are so difficult to achieve. It then explains information security in more detail and discusses why it is important. Finally, the chapter discusses who is responsible for these attacks and the basic defenses against attackers.

What is Stuxnet?

After completing this chapter, you will be able to master the following:

  • Explaining Information Security Challenges
  • Defining and Explaining Why Network Security is Important
  • Identifying Common Types of Attacks
  • Setting Up the Basic Steps of a Reading
  • Explaining the 5 Basic Principles of Defense

Introduction to Network Security
Introduction to Network Security

Attack and Defense

"Groundbreaking," "mind-blowing," "never-before-seen," "very impressive," "clever," "something out of a movie," "scary," "the most sophisticated malware ever," "compared to it, other attacks seem like child's play..." These are just a few of the phrases some security analysts have used to describe the Stuxnet malware.

The Stuxnet worm was first widely reported in mid-2010, though it is only now gaining attention. Microsoft confirmed that the worm actively targeted Windows computers managed by large-scale industrial-control systems, often referred to as SCADA (Supervisory Control and Data Acquisition). SCADAs can be found in military installations, petroleum pipeline control systems, manufacturing environments, and nuclear power plants.

Stuxnet was first discovered to exploit a single, previously unknown software vulnerability. Upon closer inspection, it was discovered that Stuxnet exploited four previously unknown vulnerabilities, something that had never been seen before. (One of these vulnerabilities was "patched" in 2008 by Microsoft, but the patch was flawed and could still be exploited).

Stuxnet, written in multiple languages, including C, C++, and other object-oriented languages, was introduced into industrial networks via infected Universal Serial Bus (USB) flash drives. It also used several tricks to avoid detection. Stuxnet had an internal counter that allowed it to spread to up to three computers. This design ensured that it remained within the industrial facility and did not attract outside attention. Also, because the SCADA systems had no logging capabilities to record events and were rarely patched, the worm was able to survive for a considerable period of time before being detected.

By exploiting Windows vulnerabilities, Stuxnet conducted a series of attacks to gain administrator access to computers on the local network of industrial plants, and then searched for computers running SCADA. Next, it infected these SCADA computers through two other vulnerabilities, and tried to enter the SCADA software using the default password. Stuxnet was designed to change the Programmable Logic Control (PLC) instructions of the SCADA system software, which would then give it power over the industrial machines attached to the SCADA computers. This would put the entire facility under the control of the Attacker, someone who could make the equipment operation unsafe, could also result in a major explosion or even worse, a nuclear disaster.

Stuxnet's main target is estimated to be the Bushehr Iran Power Plant, nearly 6 out of 10 computers have been infected with Stuxnet. This reactor, located in Western Iran near the Persian Gulf, has been a source of tension between Iran and the Western Bloc (including the United States) because of the fear that the spent reactor fuel could be reprocessed elsewhere in the same country to produce weapons-grade plutonium for use in nuclear warheads. Some even speculate that a government-sponsored team of programmers or even a team of anonymous opposition party programmers, created Stuxnet to cripple the Bushehr facility. Based on the complexity of the software, it is estimated that the development cost of Stuxnet could have exceeded $4 million, wow, that's quite a fantastic number!

So far, Stuxnet has not been able to control any SCADA systems causing damage to industrial sites. No person or organization has come forward as the author of Stuxnet, so it remains a secret, although we may know who is behind it and why. Stuxnet is just one example of how powerful malware can be and how it can become even more dangerous.

Conclusion

Insight into Stuxnet is expected to make us as young Indonesian intellectuals more aware of the security system, as a start there is no need to go far to improve it, just start from ourselves and our surroundings, yes of course related to the security system.

Understanding DHCP Starvation Attacks

Disclaimer : This content is only a simulation using a virtual machine, delivered only for educational and/or insight purposes, the aim is to increase awareness of young Indonesian scholars towards network/system security. We are not responsible for any form of misuse and/or action that is contrary to UUITE and the full responsibility lies with the perpetrator.

List of contents

FOREWORD 
1. INSTALL VirtualBox
2. INSTALL GNS3
3. GETTING TO KNOW HOW DHCP WORKS 
3.1 DHCP (Dynamic Host Configuration Protocol)
3.2 DHCP Starvation Attacks
4. ROUTER CONFIGURATION 
4.1 Check PC IP Configuration (Ubuntu)
4.2 Check PC IP Configuration (KaliLinux)
4.3 Check List of Used IPs on the Router
5. LAUNCHING AN ATTACK 
5.1 Check the Consequences That Occur on the Router
5.2 Check the Consequences That Occur on the PC (Ubuntu)
CLOSING 
REFERENCES

FOREWORD

In this discussion, I use several references that have been provided by our Supervisor, Mr. Eko Yunianto S.Kom on his website  https://belajar.penakuliah.com

Let me introduce myself, a student with NIM.12131294, who will summarize the results of the DHCP STARVATION ATTACKS simulation experiment, in which there are several tools that I use, including:

  1. VirtualBox for Hacker role and Victim role. Download at  https://gns3.com/software/download-vm
  2. Some OS Images *ISO (Windows or Mac or Linux), although I have all the masters, but I prefer to use Linux, because it has a Live Trial, without installation, so just boot and can be used immediately. Incidentally, the ones I use are Kali Linux (Attacker) and Ubuntu (Victim).
  3. GNS3 for router simulation. Download at  https://gns3.com/

1. INSTALL VirtualBox

After the installation process is complete, next install each OS into VirtualBox and make sure everything runs smoothly.

The settings for each network are adjusted to the adapter being used, coincidentally my laptop uses Intel PRO/1000MT, here are the details;

INSTALL VirtualBox
INSTALL VirtualBox

2. INSTALL GNS3

Install GNS3 and add VirtualMachine in VirtualBox. To do this, click Edit >> Preference, here are the details (click new if it doesn't exist):

After that, we can make a topology like the one below. A PC with a wave pulse screen indicates an active machine, not a fake machine.

Creating Topology in GNS3
Creating Topology in GNS3

However, I encountered an obstacle when creating the topology, where the version of GNS3 that I was using did not provide an object for the Router, so I added it myself by following this tutorial  https://protechgurus.com/download-gns3-ios-images/  and downloading the image here  https://mega.nz/#F!nJR3BTjJ!N5wZsncqDkdKyFQLELU1wQ

3. UNDERSTANDING HOW DHCP WORKS

Before we launch an attack, it would be good if we first know what DHCP is and how does it work?

3.1 DHCP (Dynamic Host Configuration Protocol)

It is a network protocol that allows a network device to share IP Address configurations with user computers that need them (Rendra Widjojo, 2013:83).

Automatically assigns IP addresses to client networks and is a cool feature for network administrators but still has some vulnerabilities.

3.2 DHCP Starvation Attacks

Often referred to as "a situation where the client runs out of IP / does not get an IP quota".

When a client cannot log on to the network without an IP address, it may contact a DHCP server to request an IP address, and if the network configuration supports DHCP, the server will respond by providing an available IP address within a certain time frame. This is when the layer two handshake (establishing an interconnection) occurs and is usually done unauthenticated or unencrypted (Paper from the SANS Institute Reading Room site, 2010:7).

I want to show you, so normally a handshake session is like this:

If the client sends dhcp discover package >> then the server sends over package >> then the client sends request dhcp package >> then the server sends dhcp acknowledgment.

Abnormal;

But when getting attacked, attacker send dhcp discover packet >> discover >> discover >> discover....again and again randomly to the client, so the client cannot access the network.

4. ROUTER CONFIGURATION

1. Running topology that has been created in GNS3

2. Configure the Router by right clicking >> open Console. Some instructions used:

| Instruksi                         | Keterangan                                                                                            |
|-----------------------------------|-------------------------------------------------------------------------------------------------------|
| conf t                            | melakukan konfigurasi mode terminal                                                                   |
| int fa0/0                         | menyeleksi interface fast ethernet 0/0                                                                |
| ip add 192.168.0.1 255.255.255.0  | subnetting / membagi jaringan ke class C                                                              |
| no shutdown                       | digunakan untuk membawa interface ke status UP dari sebelumnya yang secara default berstatus SHUTDOWN |
| exit                              | untuk kembali ke mode pengaturan sebelumnya atau ke mode pengaturan global                            |
| ip dhcp pool gatewan              | memberi nama “gatewan” untuk dhcp poolnya                                                             |
| network 192.168.0.0 255.255.255.0 | untuk menentukan network address yang digunakan dhcp pool beserta subnet masknya                      |
| default-router 192.168.0.1        | menetapkan alamat IP router                                                                           |
| lease infinite                    | membuat alamat IP yang disediakan oleh router tak terbatas (waktu sewanya) bagi client                |
| service dhcp                      | enable dhcp service                                                                                   |
| show ip dhcp binding              | untuk menampilkan daftar IP yang sudah digunakan/disewa                                               |

Results of the practicum;

Enable DHCP service on the router

4.1 Check PC IP Configuration (Ubuntu)

In the topology, right click PC(Ubuntu) >> start, then the Ubuntu window appears. Then open Terminal and type ifconfig, here are the results;

4.2 Check PC IP Configuration (KaliLinux)

In the topology, right click PC(KaliLinux) >> start, then the KaliLinux window appears. Then open Terminal and type ifconfig, here are the results;

4.3 Check the List of Used IPs on the Router

Display a list of IP pools that have been used by showing ip dhcp binding via the Router console, here are the results;

OK, according to the facts on the ground, 192.168.0.2 is used by Ubuntu, while 192.168.0.3 is used by KaliLinux.

5. LAUNCHING ATTACKS

I will use the yersinia tool that is available in KaliLinux. Click Application >> Kali Linux >> Exploitation Tools >> Cisco Attacks >> yersinia, then a new terminal will appear.

I want to use graphic mode, so type yersinia --G, here is the display;

Next, click the DHCP tab >> Launch attack >> Select Send DISCOVER Packet >> OK.

Here are the results;

5.1 Check the consequences that arise on the router

We use the show ip dhcp binding command again via the Router console, here are the results;

Wow, it seems like all the available IPs in the pool have been used/rented ---- #WTF😮

5.2 Check the consequences that arise on the PC (Ubuntu)

Now we will release the IP 192.168.0.2 used by Ubuntu by reconnecting (Disconnect>>Connect) Wired connection via the tray menu, and will the IP that has been released be consumed by the Attacker's game?

PC (Ubuntu) Doesn't Get IP (Keeps Reconnecting)
PC (Ubuntu) Doesn't Get IP (Keeps Reconnecting)

And true, when PC(Ubuntu) tries to do a handshake it always fails, always RTO (request time out).

CLOSING

Okay, I think that's it for now for the experiment on DHCP Starvation Attakcs, hopefully what I understand so far is in accordance with what is expected by the Pengapu lecturer. It seems that there are some forms of errors or inconsistencies, I ask you to kindly send the results of the correction via CONTACT US, thank you.

OPEN / DOWNLOAD REPORT

REFERENCE

References:


Post a Comment

Previous Next

نموذج الاتصال