Best practices to learn is to read about attacks made on other organizations

at
Categories
Tags

 

 

One of the best practices to learn is to read about attacks made on other organizations. In an earlier discussion, we reviewed the MITRE ATT&CK matrix for retrieving tactics, techniques, and procedures of bad actors and how to mitigate those attacks. This module will allow us to look at the basics of network architectures, network devices, and access methods to networks. The assigned reading for this discussion gives insight into a classic cyber attack by Kevin Mitnick who:

Accessed a diskless workstation being used as an x-terminal that was granted through:
IP Source Address Spoofing attack
TCP sequence number prediction
An existing connection to another machine was then hijacked.
Discussion Questions

After reading the SANS Institute (2022) titled Kevin Mitnik, Hacking and Krishna, Kollou, and Raju (2014)’s work.
Briefly summarize the attributes of Kevin Mitnik’s attack.
What security measures could have stopped this attack if they were put into place at the time? Would a firewall or intrusion prevention system have stopped the attack?
Make certain to address the external devices/monitors as well as the changes to computer and network protocols that could have stopped or prevented this attack.

Sample Solution

Summary of Kevin Mitnick’s Attack Attributes

Mitnick’s attack involved a multi-step process to gain unauthorized access:

  1. IP Spoofing:He disguised his IP address to appear as a legitimate source on the network.
  2. TCP Sequence Number Prediction:He predicted the sequence number used by a legitimate connection, allowing him to insert himself into the established session.
  3. Session Hijacking:By exploiting the predicted sequence number, he hijacked an existing connection to a different machine on the network.

Security Measures to Prevent the Attack

While a single security measure might not have entirely stopped the attack, a combination of approaches could have significantly hindered it:

  • Firewalls:A properly configured firewall could limit unauthorized traffic entering the network, potentially blocking Mitnick’s initial connection attempt.
  • Intrusion Prevention Systems (IPS):An IPS can analyze network traffic for suspicious patterns and potentially detect and block Mitnick’s attempt to spoof IP addresses or predict sequence numbers.
  • Strong Network Segmentation:Dividing the network into smaller segments with limited access between them could restrict Mitnick’s ability to move laterally after gaining initial access.
  • Two-Factor Authentication (2FA):Implementing 2FA on the target machine would require an additional verification step beyond just hijacking the session, making unauthorized access more difficult.
  • Encrypted Communication:Encrypting communication between devices would prevent Mitnick from easily capturing and manipulating data packets used for sequence number prediction.
  • Regular Security Patches:Keeping software updated with the latest security patches would address known vulnerabilities that Mitnick might exploit.

External Monitoring and Protocol Changes

  • External Network Monitoring:Implementing external network monitoring tools could potentially detect suspicious activity like IP spoofing attempts.
  • Strong Password Policies:Enforcing strong and unique passwords for all accounts would make it harder for Mitnick to guess or crack credentials.
  • Improved TCP Sequence Number Generation:Changes to how TCP sequence numbers are generated could make them more unpredictable, hindering Mitnick’s ability to exploit this vulnerability.

It’s important to note that security is an ongoing process. While these measures could have prevented this specific attack, new vulnerabilities are constantly discovered. Maintaining a layered defense with a combination of these approaches is crucial for robust network security.

 

This question has been answered.

Get Answer
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, Welcome to Compliant Papers.
Hi, how can I help?