2. NETWORK SECURITY
Network security is any
activity designed to protect the
usability and integrity(unity)
of network and data.
It includes both hardware and
software technologies.
3. In network security, three common
terms are used as:
1. Vulnerabilities
2. Threats
3. Attacks
6. Technology vulnerabilities
Computer and network technologies have
intrinsic(built-in) security weakness.
TCP/IP protocol vulnerabilities
(HTTP, FTP are inherently unsecure)
Operating system vulnerabilities
(Windows, Linux have security problems)
Network equipment vulnerabilities
(routers, switches have security weaknesses)
7. Configuration vulnerabilities
Network administrator need to correctly configure their
computing and network devices to compensate.
Unsecured user accounts
(information transmitted insecurely across network)
System account with easily guessed passwords
Unsecured default settings within products
Misconfigured internet services
(untrusted sites on dynamic webpages)
Misconfigured network equipment
(misconfiguration itself cause security problem)
8. Security policy vulnerabilities
The network can pose security risk if users do not follow the
security policies.
Lack of written security policy
(policies in booklet)
Politics
(political battles makes it difficult to implement security policies)
Lack of continuity
(easily cracked or default password allows unauthorized access)
Logical access control. Not applied
(imperfect monitoring allows unauthorized access)
Disaster recovery plan nonexistent
(lack of disaster recovery plan allows panic (a sudden fear) when someone attacks the
enterprise.)
9. THREATS
The people eager, willing and
qualified to take advantage of
each security vulnerability, and
they continually search for
new exploits and weaknesses.
10. Classes of threats
There are four main classes of threats:
1. Structured threats
2. Unstructured threats
3. External threats
4. Internal threats
11. 1. Structured threats
Implemented by a technically skilled person who is trying to gain
access to your network.
2. Unstructured threats
Created by an inexperienced / non-technical person who is trying
to gain access to your network.
3. Internal threats
Occurs when someone from inside your network creates a security
threat to your network.
4. External threats
Occurs when someone from outside your network creates a
security threat to your network.
12. Common terms
Hacker
A hacker is a person intensely interested in requiring
secrets and recondite workings of any computer operating
system. Hackers are most often programmers.
Crackers
Crackers can easily be identified because their
actions are malicious.
13. Phreaker
A phreaker is an individual who manipulates the
phone network to cause it to perform a function that is
normally not allowed.
A common goal of phreaking is breaking into the
phone network.
Spammer
An individual who sends large number of
unsolicited e-mail messages. Spammers often use
viruses to take control of home computers to use these
computers to send out their bulk messages.
14. Phisher
A phisher uses e-mail or other means in an attempt to
trick others into providing sensitive information, such as
credit card no or password etc.
White hat
Individuals who use their abilities to find
vulnerabilities in systems or networks and then report these
vulnerabilities to the owners of the system so that they can
be fixed.
Black hat
Individuals who use their knowledge of computer to
break into system that they are not authorized to use.
15. ATTACKS
The threats use a variety of
tools, scripts and programs to
launch attacks against networks
and network devices.
16. Classes of attack
1. Reconnaissance
2. Access
3. Denial of service (DOS)
4. Worms, viruses and Trojan Horses
17. Reconnaissance
Reconnaissance is a primary
step of computer attack. It
involve unauthorized discovery of
targeted system to gather
information about vulnerabilities.
The hacker surveys a network
and collects data for a future
attack.
18. Reconnaissance attacks can consist of the
following:
1. Ping sweeps
(tells the attacker, Which IP addresses are alive?)
2. Port scans
(art of scanning to determine what network services or ports are active on
the live IP addresses)
3. Internet information queries
(queries the ports to determine the application and operating system of
targeted host and determines the possible vulnerability exists that can be
exploited?)
4. Packet sniffers
(to capture data being transmitted on a network)
19. Eavesdropping
Network snooping and
packet sniffing are common
terms for eavesdropping. A
common method for
eavesdropping on
communication is to capture
protocol packets.
Eavesdropping is listening into a conversation.
(spying, prying or snooping).
20. Types of eavesdropping:
1.information gathering
Intruder identifies sensitive information i.e credit card
number
2.Information theft
Intruder steals data through unauthorized access
Tools used to perform eavesdropping:
1. Network or protocol analyzers
2. Packet capturing utilities on networked computers
21. Access
An access attack is just what it
sounds like: an attempt to access
another user account or network
device through improper means.
22. Access attack can consist of the
following:
1.Password attack
2.Trust exploitation
3.Port redirection
4.Man-in-the-Middle attack
5.Social engineering
6.Phishing
23. Password attacks can be
implemented using brute-force
attack (repeated attempts to
identify users password).
Methods for computing
passwords:
1.Dictionary cracking
2.Brute-force computation
Password attacks
24. Trust exploitation refers
to an attack in which an
individual take
advantage of a trust
relationship within a
network.
Trust exploitation
25. Port redirection
A type of trust
exploitation attack that
uses a compromised
host to pass traffic
through a firewall that
would otherwise be
dropped.
27. Social engineering
The easiest hack (social
engineering) involves no
computer skill at all.
Social engineering is the art
of manipulating people so
they give up confidential
information.
28. Phishing
Phishing is a type of social engineering attack that
involves using e-mail or other types of messages
in an attempt to trick others into providing
sensitive information.
29. Denial of service (DoS)
DoS attacks are often implemented
by a hacker as a means of denying
a service that is normally available
to a user or organization.
DoS attacks involve either crashing the system or
slowing it down to the point that it is unusable.
30. Distributed DoS attack
DDoS uses attack
methods similar to
standard DoS attack but
operates on a much
large scale.
31. Malicious code
Worms, viruses and Trojan Horses
Malicious code is the kind of
harmful computer code designed to
create system vulnerabilities leading to
back doors and other potential
damages to files and computing
systems. It's a type of threat that may
not be blocked by antivirus software
on its own
32. Worms
It uses a malicious software to
spread itself, relying on security failures
on the target computer to access it.
Worms cause harm to the network.
Viruses
Malicious software that is attached to another program
to execute a particular unwanted function on the user
workstation.
Trojan Horses
An application written to look like something else that in
fact is an attack tool.