INTRODUCTION TO NETWORK SECURITY

2 THREATS AND VULNURABILITIES

NETWORK SECURITY DEVICES AND TECHNOLOGIES

NETWORK TRAFFIC ANALYSIS

CRYPTOGRAPHY AND NETWORK SECURITY

NETWORK SECURITY ANALYSIS AND FORENSIC

SECURING WIRELESS NETWORKS

ADVANCED TOPICS IN NETWORK SECURITY

DoS/DDoS, IP spoofing

1. DoS/DDoS (Denial of Service / Distributed Denial of Service):

These attacks overwhelm a system, server, or network with excessive requests, making it unavailable for legitimate users.

  • DoS: In a Denial of Service attack, a single attacker uses one system to flood the target.
  • DDoS: In Distributed Denial of Service attacks, multiple compromised devices (a botnet) flood the target.
  • Techniques:
    • HTTP Flood: Sends massive amounts of HTTP requests.
  • Impact: Service downtime, resource exhaustion, financial loss.

  • Example:

  • Scenario: A popular e-commerce website experiences a DDoS attack during its Black Friday sale. A botnet sends millions of HTTP requests to the server, causing it to crash and preventing customers from making purchases.

  • Mitigation Strategies:

  • Traffic Filtering:
    • Use firewalls, Intrusion Prevention Systems (IPS), or Web Application Firewalls (WAF) to filter malicious requests.
  • Rate Limiting:
    • Limit the number of requests a client can send within a certain timeframe.
  • Blackhole Routing:
    • Temporarily redirect malicious traffic to a "null route" to protect the primary server.
  • Monitoring and Alerting:
    • Use tools like Cloudflare, AWS Shield, or Akamai to monitor and block suspicious activities.

2. IP Spoofing:

  • Definition: The attacker alters the source IP address in a packet to disguise their identity or impersonate another system.
  • Purpose:
    • Evade detection.
    • Bypass firewalls or IP-based access control.
    • Facilitate DDoS attacks (e.g., using fake IP addresses to flood a target).
  • How It Works:
    • Attacker crafts packets with a forged IP source address.
    • The victim responds to the spoofed IP instead of the attacker.
  • Common Uses:
    • Smurf Attack: Amplifies traffic to overwhelm a target.
    • Man-in-the-Middle Attacks: To intercept communication.

  • Example:

  • Scenario: An attacker performs a Smurf Attack by sending echo requests to a network broadcast address, with the source IP address spoofed as the victim's IP. The network devices reply to the victim, overwhelming their resources.

  • Mitigation Strategies:

  • Packet Filtering:
    • Implement ingress/egress filtering on routers to drop packets with invalid source addresses .
  • Authentication:
    • Use cryptographic techniques like TLS/SSL to verify the source of communication.
  • Network Access Control:
    • Restrict access to systems based on known, trusted IP addresses.
  • Deploy Anti-Spoofing Tools:
    • Tools like Snort (IDS) or Cisco’s IP Spoofing Detection.

 

Summary Table:

Attack Target Purpose Technique
DoS/DDoS Server/Network Make services unavailable Overload with traffic/requests
IP Spoofing Network Communication Disguise identity, bypass rules Forge source IP addresses