Blog

Vulnerable Networks and Services – a Gateway for Intrusion

Communication and network protocols form a big part of the cyber-attack landscape. Therefore, many threats are directed toward the networks or communication channels used by people, systems, and devices. At a time when there are millions of IoT devices, employees bringing their personal devices to the workplace due to BYOD, the adoption of the cloud, and many organizations depending on web-based systems, this is obvious why cyber criminals consider networks and communication channels a sweet spot to carry out attacks. There are therefore many attack techniques and tools that have been developed purposefully to exploit common vulnerabilities in networks and communication channels.

Vulnerable network protocols and network intrusions

Networks, including the internet, were established at a time when there were hardly any cybersecurity threats aimed at them. Therefore, a lot of focus was given to aspects such as performance and speed. Since there was no security design during the establishment of early networks, several adoptions have had to be incorporated due to shifts such as increased cybersecurity threats. However, this is becoming a catch-up game and hackers are unfortunately growing more powerful. This has seen several vulnerabilities being discovered in network protocols. The following are some internet protocols that are increasingly becoming insecure

Simple Mail Transfer Protocol

Simple Mail Transfer Protocol (SMTP) is used for email purposes by many organizations. This protocol was added to the internet and it quickly became the simplest way for people and organizations to send and receive emails. However, there has been an explosion of threats targeting the SMTP protocol that many organizations use. Since SMTP wasn’t conceived with these security issues in mind, it has become the burden of network administrators to secure it. One of the ways that SMTP is attacked is account enumeration. This is normally done by spammers and phishers when harvesting emails. Account enumeration verifies whether an email account is registered on a certain server by running an SMTP command called VRFY on port 25. The response obtained shows whether or not the email is valid

Secure Sockets Layer

Secure Sockets Layer (SSL) has been understood by many people as the ultimate check of security. Users are being advised to check whether a website has SSL before they submit private data to it. SSL works by encrypting data exchanged between a host and server thus making it hardly possible for a hacker to intercept and read the contents of the traffic. However, there is a challenge with this approach toward cybersecurity as the ultimate check for security. SSL has been active since 1996 and has never received any update despite the increased sophistication of hacking techniques. There have been several attacks against SSL security that have made browsers such as Chrome and Firefox want to scrap SSL. The answer to SSL has been Transport Layer Security (TLS) but it isn’t without flaws. TLS came in 1999 as a successor of SSL version 3.0 but still SSL is more commonly used on the internet.

TLS is a crypto-protocol used in internet communications to provide end-to-end encryption for all data exchanged between a client and a server. It’s more secure than SSL but still faces its fair share of cyber attacks. One of the attacks against TLS is known as BEAST and is registered as CVE-2011-3389 by the CVE database. In this attack, the attacker injects their own packets into the stream of SSL traffic and this enables them to determine how the traffic is being decrypted and thus decrypt the traffic. Another attack against SSL is POODLE, which is registered as CVE-2014-3566 by the CVE database. POODLE is an ingenious way of attacking SSL used in man-in-the-middle attacks. When a client initiates the SSL handshake, the attacker intercepts the traffic and masquerades as the server and then requests the client to downgrade to SSL 3.0. The POODLE attack happens when the attacker replaces the padding bytes in packets and then forwards the packets to the real server. Servers don’t check for values in the padding, they’re only concerned with the message-authentication code of the plaintext and the padding length. The man in-the middle will then observe the response from the server to know what the plaintext message sent by the real client was.

Domain Name System

Domain Name System (DNS) is the protocol that ensures domain names are translated into IP addresses. However, this protocol is old, flawed, and open to attacks. A hacking group was once able to exploit the working of the protocol causing users that wanted to visit twitter.com to be redirected to a different domain. Therefore, should a significant number of threat actors decide to redirect visitors of some websites to different or malicious sites, they can do this through DNS attacks. This is where hackers swap the correct IP address of a website with a rogue IP address. There have been fixes being developed but they have had effects on performance and thus have not been implemented. More applicable fixes are still being developed. Apart from the internet, there are other attacks that are regularly directed at organizational networks. These are more successful due to the narrow scope within which attackers have to focus. The following are some of these attacks

Packet sniffing

This is where an attacker reads all data that’s being exchanged in a network, especially if it’s unencrypted. Surprisingly, there are many free and open source programs that can be used to do this, such as Wireshark. Public networks, such as cafe WiFi hotspots, are some of the areas where hackers regularly use these programs to record, read, and analyze the traffic flowing through the network.

Distributed denial of service

Distributed denial of service (DDoS) is an increasingly common attack that has been proven to be successful against big targets. Since the 2016 attack on Dyn, one of the largest domain-resolution companies, hackers have been motivated to use this attack on many organizations. There are ready vendors on the dark web that can rent out their botnets to be used for DDoS attacks for a given duration. One of the most feared botnets is Mirai, which is primarily composed of many IoT devices. DDoS attacks are aimed at directing a lot of illegitimate traffic to a network – more than can be handled – thus causing it to crash or be unable to handle legitimate requests. DDoS attacks are particularly of great concern to organizations that offer their products or services via websites as the attack makes it impossible for business processes to take place.

My next article will continue on Vulnerable Networks and Services – a Gateway for Intrusion topic. I will cover Attacking web servers and web based systems, techniques and tools used in those attacks … So please come back .

In the mean time you can check the below articles , if you have not done so yet.

Ozkaya

Dr. Erdal Ozkaya is a leading Cybersecurity Professional with business development, management, and Academic skills who focuses on securing the Cyber Space & sharing his real-life skills as a Security Adviser, Speaker, Lecturer, and Author. Erdal is known to be passionate about reaching communities, and creating cyber aware campaigns and leveraging new and innovative approaches and technologies to holistically address the information security and privacy needs for every person and organization in the world. He has authored many cybersecurity books as well as security certification courseware and exams for different vendors. Erdal has the following qualifications: Doctor of Philosophy in Cybersecurity. Master of Computing Research, Master of Information Systems Security, Bachelor of Information Technology, Microsoft Certified Trainer, Microsoft Certified Learning Consultant, ISO27001 Auditor & Implementer, Certified Ethical Hacker (CEH), Certified Ethical Instructor & Licensed Penetration Tester. He is an award-winning technical expert & speaker: His recent awards are: CISO Top 50 Award by Security ME Adviser Magazine & Tahawultech.com (2020) Legend Cybersecurity Pro by GEC Media (2019) Hall of Fame, CISO Magazine(2019) Cybersecurity Influencer of the year (2019) , CISO Magazine Cyber Security Professional of the year MEA (2019) Microsoft Circle of Excellence Platinum Club (2017), NATO Center of Excellence (2016) Security Professional of the year by MEA Channel Magazine (2015), Professional of the year Sydney (2014) and many speakers of the year awards at conferences. He also holds Global Instructor of the year awards from EC Council & Microsoft as well as Logical Operations. Erdal is also a part-time lecturer at Australian Charles Sturt University Erdal’s Social Media Accounts to follow: Twitter: https://twitter.com/Erdal_Ozkaya LinkedIn https://www.linkedin.com/in/erdalozkaya/ FaceBook https://www.facebook.com/CyberSec.Advisor/ Instagram https://www.instagram.com/drerdalozkaya/ Amazon https://www.amazon.com/-/e/B0796D9KQ4 He has built and managed CEO IT from scratch into a multi-million dollars National Training & IT Solutions center. With the skills, he has gained, he has introduced & repeated the success with KEMP Technologies, where he was tasked to single-handedly manage the ANZ region and then build the business in the Asia Pacific region. From there he joined Secunia as CISO in Dubai and extended his experience in Middle East & Africa. Beginning of 2016 he joined Microsoft as a Cybersecurity Architect / Trusted Security advisor where he is responsible in the EMEA region. Erdal currently works at Standard Chartered Bank as Head of Infomation and Cyber Security in a Managing Director status.

4 Yorum

  1. Merhabalar,
    Yazınızı büyük bir zevk ile okudum. Özellikle benim gibi sektörde kendini geliştirmek ve teorik bilgi toplamak isteyen kişiler için yararlı olacağı kanaatindeyim.
    Teşekkürlerimi iletiyorum.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu

Reklam Engelleyici Algılandı

ÇözümPark Bilişim Portalı gönüllü bir organizasyon olup tek gelir kaynağı reklamlardır. Bu nedenle siteyi gezerken lütfen reklam engelleme eklentinizi kapatın veya Çözümpark web sitesi için izin tanımı yapın. Anlayışınız için teşekkürler.