Sri Lanka Institute of Information
Technology
BSc Honors in Information Technology Specializing in Cyber
Security
IE3032- Network Security
April 2024
Group Assignment
Vulnerability Analysis Report
1|Page
� Table of Contents
1. Introduction
2. Vulnerability Identification and Analysis
i. Insecure Remote Access Protocol (RDP) Vulnerability
ii. DNS Spoofing Vulnerability
iii. SNMPv1/v2c Vulnerabilities
iv. SSL/TLS Vulnerabilities
v. IoT Device Vulnerabilities
3. Analysis of Attacks, Their Impact and Mitigation Strategies
4. Conclusion
5. References
Team Details
Name Student ID
2|Page
�1. Introduction
Cybersecurity is critical in today's networked world, especially in networking settings
where devices and protocols enable mass data interchange. This assignment explores
cybersecurity in networking environments with the goal of locating, evaluating, and
resolving five serious flaws that endanger networking protocols and devices. We can
understand the constantly changing threat landscape by examining historical
cyberattacks and the weaknesses they take advantage of. Our initial goal is to identify
five vulnerabilities that have been used in recent cyberattacks against networking
devices and protocols through thorough investigation and analysis. Every vulnerability
that is found will be carefully examined, considering factors like the impact on network
security and operations, potential exploits, root causes, affected devices or protocols,
and severity.
We will provide mitigation methods and actions, such as best practices, technology
improvements, and proactive efforts to strengthen network security and reduce the risk
of future intrusions, for enterprises to implement based on our vulnerability research.
3|Page
�2. Vulnerability Identification and Analysis
Vulnerability 01: Insecure Remote Access Protocol (RDP)
The Remote Desktop Protocol (RDP), a widely used protocol for remote access to
Windows-based systems, is vulnerable.
Nature and Severity
The vulnerability enables attackers to use RDP to access systems without authorization
by taking advantage of holes in RDP implementations or insufficient authentication
procedures. Network security is seriously jeopardized because of the possibility of
sensitive data being compromised or malicious activity being carried out on the network
by attackers.
Exact Components Affected
This vulnerability primarily affects the authentication component of RDP, including the
negotiation and validation of user credentials during the remote login process.
Reason for the Vulnerability to Exist
weak default settings
insufficient encryption specifications
historical design
Type of ways in which it can be exploited.
Attackers have two options for taking advantage of this vulnerability: they can use
known exploits that target weaknesses in RDP implementations, or they can use brute-
force assaults, in which they try to guess weak passwords. Attackers may also use
misconfigurations to completely avoid authentication or intercept RDP communication to
obtain authentication credentials.
4|Page
� Example attacks
BlueKeep Exploit (CVE-2019-0708)
Without requiring user input, attackers might leverage this vulnerability to run arbitrary
code on susceptible devices. The BlueKeep exploit may lead to a massive compromise
of Windows versions that are vulnerable on computers. Hackers may be able to obtain
sensitive data without authorization, jeopardize the integrity of the system, and maybe
spread malware throughout networks. The effects include reputational harm, company
interruption, and monetary losses because of data breaches.
Vulnerability 02: DNS Spoofing
The important protocol in charge of converting domain names into IP addresses, the
Domain Name System (DNS), is vulnerable.
Nature and Severity
DNS spoofing is the practice of tricking DNS servers into rerouting users to malicious
websites or servers under the control of attackers. Due to its propensity to support
phishing, malware distribution, and information theft, this vulnerability poses a serious
risk to user privacy and network security.
Exact Components Affected:
The vulnerability mainly affects the DNS resolution process, where attackers can spoof
packets, leverage insecure communication channels, or cache DNS responses to
counterfeit DNS responses and reroute users to malicious websites.
Reason for the Vulnerability to Exist
weaknesses in DNS protocol implementations
misconfigured DNS servers
insufficient measures to authenticate DNS responses.
5|Page
� Type of ways in which it can be exploited.
Man-in-the-middle attacks, cache poisoning, DNS hijacking, and other techniques can
all be used by attackers to take advantage of DNS spoofing. Attackers can divert users
to malicious websites or servers under their control for additional exploitation or data
exfiltration by intercepting DNS queries and faking answers.
Example attacks
Kaminsky Exploit (CVE- 2008-1447)
By contaminating the DNS cache of susceptible servers, attackers were able to snoop
on private conversations or reroute users to malicious websites. Sensitive data,
including financial information, login passwords, and personal information, may be
stolen because of this. Affected firms' reputations would suffer, fraud will cause financial
losses, and user privacy will be jeopardized.
Vulnerability 03: SNMPv1/v2c Vulnerabilities
Versions 1 and 2c of the Simple Network Management Protocol (SNMP), which is
extensively used for network administration and monitoring, are vulnerable.
Nature and Severity
Attackers can intercept and alter network traffic exchanged between SNMP agents and
management systems thanks to SNMPv1/v2c vulnerabilities. Because attackers can
monitor network traffic, take advantage of denial-of-service assaults, or obtain
unauthorized access to device configurations, these vulnerabilities represent a serious
threat to network security.
Exact Components Affected
The SNMP protocol stack, which includes the SNMP message format, community
strings, and authentication procedures used for SNMP agent-to-management system
communication is the main target of the vulnerability.
6|Page
� Reason for the Vulnerability to Exist
weaknesses in the SNMP protocol's design
lack of robust authentication and encryption mechanisms
Type of ways in which it can be exploited.
SNMPv1/v2c vulnerabilities can be taken advantage of by attackers using a variety of
techniques, including SNMP amplification attacks, SNMP message manipulation, and
brute-force attacks against community strings. An attacker can change device
configurations, spy on network traffic, or interfere with network operations by breaking
into SNMP-enabled devices or management systems.
Example attacks
SNMP Reflection Attack
when fraudulent traffic is amplified and reflected towards servers or networks that are
the target of the attack, causing network congestion or service interruption. This is done
by using devices that are SNMP-enabled. SNMP reflection attacks have the potential to
overload network capacity and interfere with essential services, causing servers or
networks to go down. Financial losses could arise from this because of lost production,
unavailable services, and possible harm to the company's brand. To make matters
worse, compromised SNMP-capable devices might be used as launching pads for
additional assaults.
Vulnerability 04: SSL/TLS Vulnerabilities
The technologies used to secure communications over the internet, Transport Layer
Security (TLS) and Secure Sockets Layer (SSL), are impacted by the flaw.
Nature and Severity
7|Page
�A variety of flaws in protocol implementations, cryptographic methods, and certificate
management procedures are included in SSL/TLS vulnerabilities. Because attackers
can intercept encrypted communications, evade certificate validation, or take advantage
of cryptographic flaws, these vulnerabilities represent a danger to the confidentiality,
integrity, and authenticity of data.
Exact Components Affected
The SSL/TLS protocol stack's handshake procedure, cipher suites, certificate validation,
and session management techniques are among the elements that are impacted by the
issue.
Reason for the Vulnerability to Exist
outdated cryptographic algorithms.
insufficient entropy in random number generation
insecure certificate authorities
inadequate implementation of security features
Type of ways in which it can be exploited.
Attackers can use techniques like protocol downgrade attacks, cipher suite negotiation
exploits, or man-in-the-middle attacks to take advantage of SSL/TLS weaknesses.
Attackers can decode sensitive data, insert malicious information, or assume the
identity of trustworthy organizations by intercepting SSL/TLS-protected conversations or
breaching certificate authorities.
Example attacks
HeartBleed Vulnerability (CVE-2014-0160)
The TLS Heartbeat Extension's OpenSSL implementation was impacted by the
HeartBleed vulnerability. The integrity and confidentiality of communications secured by
SSL/TLS may be jeopardized by the Heartbleed vulnerability. Attackers may obtain
unauthorized access to systems or data by stealing private keys, session tokens, and
user credentials, among other sensitive information. Data breaches, monetary losses,
8|Page
�fines from the authorities, and harm to the faith and trust of customers are some of the
effects.
Vulnerability 05: IoT Device Vulnerabilities
The vulnerability impacts Internet of Things (IoT) devices, which include a broad
spectrum of networked devices with sensors, actuators, and network connectivity
incorporated in them.
Nature and Severity
IoT device vulnerabilities are caused by insufficient security measures, a proliferation of
unsecured communication protocols, and flaws in device firmware. These vulnerabilities
are extremely dangerous for network security and personal privacy since they allow
hacked IoT devices to be used for a variety of nefarious actions, such as the creation of
botnets, data exfiltration, and physical harm.
Exact Components Affected
The flaw affects firmware, communication interfaces, authentication systems, and
remote administration functionalities, among other IoT device components.
Reason for the Vulnerability to Exist
Rushed development cycles.
lack of security-by-design principles
prioritization of functionality over security
Type of ways in which it can be exploited.
Attackers can use techniques like command injection assaults, firmware manipulation,
and device hijacking to take advantage of vulnerabilities in IoT devices. Attackers can
obtain unauthorized access to confidential information, alter the operation of the device,
or initiate coordinated attacks against network infrastructure by breaching susceptible
Internet of Things (IoT) devices.
9|Page
� Example attacks
Mirai Botnet
The Mirai Botnet assault leveraged weak IoT devices to execute massive DDoS attacks,
which significantly disrupted internet services. Popular websites and online services had
outages as a result, impacted businesses suffered financial losses, and internet
infrastructure was harmed. IoT devices that have been compromised may also be
exploited for other attacks, which would provide continuous threats to network stability
and security.
3. Analysis of Attacks, Their Impact and
Mitigation Strategies
1. Insecure Remote Access Protocol (RDP) Vulnerability
Attackers obtain unauthorized access to systems by taking advantage of weak RDP
credentials or flaws in RDP implementations. They might install malware, carry out
remote code execution attacks, or steal confidential information. Sensitive data
compromise, illegal access to networks, company interruption, and financial losses are
all possible outcomes of these attacks.
Real-World Example: The BlueKeep exploit was designed to target Windows systems'
vulnerable RDP services. It gave attackers the ability to run arbitrary code without the
need for user input, which might have resulted in broad compromise and data breaches.
Mitigation Strategies
For RDP access, enact strong password restrictions and multi-factor authentication
(MFA). To reduce the possibility of brute-force attacks, mandate that users generate
complicated passwords and change them on a frequent basis.
Regularly update RDP software and apply security patches.
10 | P a g e
� Implement network segmentation to restrict RDP access to authorized users and
devices.
Conduct regular security audits and penetration testing to identify and remediate
RDP vulnerabilities.
To keep track of RDP login attempts, session activity, and authentication failures,
provide thorough logging and monitoring systems. Keep an eye out for any unusual
activities that might point to suspicious or unauthorized access.
2. DNS Spoofing Vulnerability
Attackers that engage in DNS spoofing attempt to reroute visitors to malicious websites
or servers by manipulating DNS answers. Phishing attempts, the spread of malware, or
information theft may result from this.
Attacks using DNS spoofing damage users' confidence in online communications,
jeopardize private information, and make it easier to take advantage of compromised
systems. For businesses, they may lead to monetary losses, harm to their reputation,
and legal ramifications.
Real-World Example: To illustrate the possible effects of DNS spoofing attacks on
internet security and privacy, consider the Kaminsky Attack, which used a DNS
implementation flaw to contaminate DNS caches and reroute users to malicious
websites.
Mitigation Strategies
To ensure data integrity and authenticity of DNS answers, implement DNSSEC to
append digital signatures to DNS records.
Use DNS filtering tools to stop DNS spoofing attempts and prohibit access to known
malicious domains. Real-time DNS-based threat detection and mitigation are
possible with DNS-based security services.
11 | P a g e
� To counteract DNS spoofing efforts and stop DNS amplification attacks, configure
DNS servers to limit the rate of responses.
Employ comprehensive tools for monitoring and analyzing DNS traffic in order to
identify any unusual activity that might point to malicious DNS manipulation or
spoofing attempts.
3. SNMPv1/v2c Vulnerabilities
Attackers can access network devices without authorization, obtain private data, and
change device configurations by taking advantage of SNMPv1/v2c vulnerabilities. They
might use brute-force tactics against community strings, SNMP amplification attacks, or
denial-of-service assaults by taking advantage of SNMP vulnerabilities.
Impact of this is unauthorized access to network infrastructure, the revealing of private
information (such as device configurations or network topology), and the interruption of
network services are all possible outcomes of SNMPv1/v2c vulnerabilities. Furthermore,
compromised SNMP-capable devices may be used as launchpads for additional
assaults, worsening the effects on network availability and security.
Real-World Example: By submitting a specifically crafted SNMP request to susceptible
devices in 2002, attackers were able to induce a denial-of-service condition that
resulted in network outages and service interruptions due to the SNMPv1 "GetBulk"
vulnerability (CVE-2002-0012).
Mitigation Strategies
Switch to SNMPv3, which provides more robust security features including access
control, authentication, and encryption, instead of SNMPv1/v2c.
Instead of employing strings that are simple to figure out, make the default
community strings complicated and randomly generated. Limit SNMP read and write
access to only those devices that are allowed.
12 | P a g e
� To lessen the attack surface for SNMP-based attacks, limit SNMP communication to
reliable IP addresses or networks by using access control lists (ACLs).
To lessen vulnerability to possible attacks, think about turning off SNMP services on
devices that are not in use or limiting SNMP access to management interfaces.
Use network monitoring tools to look for indications of unusual activity or illegal
access attempts in SNMP traffic by detecting and analyzing it.
4. SSL/TLS Vulnerability
Attackers can intercept encrypted conversations, decipher sensitive data, or pretend to
be reputable servers by taking advantage of SSL/TLS weaknesses. They could
compromise certificate authorities, use man-in-the-middle attacks, or take advantage of
cryptographic flaws to jeopardize the integrity and confidentiality of communications
secured by SSL/TLS.
Vulnerabilities in SSL/TLS can lead to data leaks, illegal access to private data, and a
decline in confidence in secure connections. Financial losses, legal penalties, and
reputational harm can result from attackers intercepting login passwords, bank
transactions, or private data sent over unsecured SSL/TLS connections.
Real-World Example: With a flaw in SSLv3 (CVE-2014-3566), the POODLE (Padding
Oracle on Downgraded Legacy Encryption) attack was able to decrypt SSL/TLS-
encrypted traffic and extract private data like session tokens or authentication cookies.
Mitigation Strategies
Update SSL/TLS software and libraries frequently to minimize known vulnerabilities
and guarantee compliance with the most recent security guidelines.
In the event of a private key compromise, configure servers to implement Perfect
Forward Secrecy (PFS) to guard against the compromise of previous
communications.
13 | P a g e
� Make use of robust certificate management procedures, such as appropriate
procedures for issuing, renewing, and revoking certificates. Make sure that
certificates are current and genuine by using reliable Certificate Authorities (CAs).
Use WAFs to scan and filter SSL/TLS traffic for harmful material, including cross-site
scripting (XSS) vulnerabilities and SQL injection attacks.
To find SSL/TLS vulnerabilities, misconfigurations, and flaws in cryptographic
implementations, do routine vulnerability scans and penetration tests.
5. IoT Device Vulnerabilities
Cybercriminals take use of weaknesses in Internet of Things (IoT) devices to obtain
unapproved entry, undermine the device's operation, or initiate coordinated assaults on
network infrastructure. They could get access to IoT devices and use them maliciously
by taking advantage of unpatched vulnerabilities, shoddy authentication procedures, or
unsecure communication protocols. Vulnerabilities in IoT devices can lead to data
breaches, illegal access to private data, and the interruption of vital services. IoT
devices that have been compromised may be used for botnet construction, distributed
denial-of-service (DDoS) assaults, or surveillance operations, which could result in
monetary losses, harm to one's reputation, and invasions of privacy.
Real-World Example: Targeting susceptible Internet of Things (IoT) devices (such as
routers and IP cameras), the Mirai Botnet attack built a sizable botnet that was used to
perform DDoS attacks against certain websites and services, resulting in extensive
disruption and internet outages.
Mitigation Strategies
Disable the default credentials on IoT devices and enforce strong, one-of-a-kind
passwords. To improve authentication security, think about putting multi-factor
authentication (MFA) into place.
14 | P a g e
� Update IoT device firmware frequently to fix security issues and patch known
vulnerabilities. Create a procedure for promptly monitoring and implementing
firmware upgrades.
IoT devices should be divided into distinct network zones to keep them isolated from
important systems and to reduce the possible impact of hacked devices on the
network as a whole.
Use anomaly detection and network monitoring tools to keep an eye out for any
suspicious activity or odd network traffic patterns that could indicate a breach of an
IoT device.
Control access to IoT devices and limit communication to authorized users and
applications exclusively by implementing device authentication and authorization
mechanisms.
15 | P a g e
�4. Conclusion
Our analysis of networking vulnerabilities concludes by highlighting the vital significance
of preventative cybersecurity measures. Through vulnerability identification, impact
analysis, and mitigation strategy recommendations, we enable enterprises to fortify their
defenses against dynamic threats.
Let this assignment as a reminder that you must always be on the lookout for potential
cyberattacks and be flexible. By working together, we can strengthen our networks and
reduce the likelihood of cyberattacks, making the internet a safer place for everyone.
16 | P a g e
�5. References
[1] “Smart Yet Flawed: IoT Device Vulnerabilities Explained - Security News - Trend
Micro USA,” [Link], May 28, 2020.
[Link]
flawed-iot-device-vulnerabilities-explained
[2] S. MKTG1, “The OWASP IoT top 10 vulnerabilities and how to mitigate them |
SISA Blog,” SISA, May 17, 2023. [Link]
top-10-vulnerabilities-and-how-to-mitigate-them/
[3] “How to secure IoT vulnerabilities? | Encryption Consulting,” Aug. 24, 2022.
[Link]
vulnerabilities/
[4] “IoT Security Challenges,” Sectigo® Official. [Link]
library/iot-security-challenges (accessed Apr. 17, 2024).
[5] J. MacPherson, “SNMPv1 vs. V2c vs. V3 – SNMP Versions Comparison,” Park
Place Technologies, Oct. 10, 2022.
[Link]
comparison/#:~:text=the%20initial%20version.- (accessed Apr. 17, 2024).
[6] “NVD - CVE-2014-3566,” [Link], 2014. [Link]
2014-3566
[7] “NVD - CVE-2002-0012,” [Link]. [Link]
0012
17 | P a g e
�
18 | P a g e
