Network security (vulnerabilities, threats, and attacks)
- 2. NETWORK SECURITY Network security is any activity designed to protect the usability and integrity(unity) of network and data. It includes both hardware and software technologies.
- 3. In network security, three common terms are used as: 1. Vulnerabilities 2. Threats 3. Attacks
- 4. VULNERABILITIES A vulnerability is a weakness that allows an attacker to reduce a system information assurance.
- 5. Primary vulnerabilities in network 1. Technology vulnerabilities 2. Configuration vulnerabilities 3. Security policy vulnerabilities
- 6. Technology vulnerabilities Computer and network technologies have intrinsic(built-in) security weakness. TCP/IP protocol vulnerabilities (HTTP, FTP are inherently unsecure) Operating system vulnerabilities (Windows, Linux have security problems) Network equipment vulnerabilities (routers, switches have security weaknesses)
- 7. Configuration vulnerabilities Network administrator need to correctly configure their computing and network devices to compensate. Unsecured user accounts (information transmitted insecurely across network) System account with easily guessed passwords Unsecured default settings within products Misconfigured internet services (untrusted sites on dynamic webpages) Misconfigured network equipment (misconfiguration itself cause security problem)
- 8. Security policy vulnerabilities The network can pose security risk if users do not follow the security policies. Lack of written security policy (policies in booklet) Politics (political battles makes it difficult to implement security policies) Lack of continuity (easily cracked or default password allows unauthorized access) Logical access control. Not applied (imperfect monitoring allows unauthorized access) Disaster recovery plan nonexistent (lack of disaster recovery plan allows panic (a sudden fear) when someone attacks the enterprise.)
- 9. THREATS The people eager, willing and qualified to take advantage of each security vulnerability, and they continually search for new exploits and weaknesses.
- 10. Classes of threats There are four main classes of threats: 1. Structured threats 2. Unstructured threats 3. External threats 4. Internal threats
- 11. 1. Structured threats Implemented by a technically skilled person who is trying to gain access to your network. 2. Unstructured threats Created by an inexperienced / non-technical person who is trying to gain access to your network. 3. Internal threats Occurs when someone from inside your network creates a security threat to your network. 4. External threats Occurs when someone from outside your network creates a security threat to your network.
- 12. Common terms Hacker A hacker is a person intensely interested in requiring secrets and recondite workings of any computer operating system. Hackers are most often programmers. Crackers Crackers can easily be identified because their actions are malicious.
- 13. Phreaker A phreaker is an individual who manipulates the phone network to cause it to perform a function that is normally not allowed. A common goal of phreaking is breaking into the phone network. Spammer An individual who sends large number of unsolicited e-mail messages. Spammers often use viruses to take control of home computers to use these computers to send out their bulk messages.
- 14. Phisher A phisher uses e-mail or other means in an attempt to trick others into providing sensitive information, such as credit card no or password etc. White hat Individuals who use their abilities to find vulnerabilities in systems or networks and then report these vulnerabilities to the owners of the system so that they can be fixed. Black hat Individuals who use their knowledge of computer to break into system that they are not authorized to use.
- 15. ATTACKS The threats use a variety of tools, scripts and programs to launch attacks against networks and network devices.
- 16. Classes of attack 1. Reconnaissance 2. Access 3. Denial of service (DOS) 4. Worms, viruses and Trojan Horses
- 17. Reconnaissance Reconnaissance is a primary step of computer attack. It involve unauthorized discovery of targeted system to gather information about vulnerabilities. The hacker surveys a network and collects data for a future attack.
- 18. Reconnaissance attacks can consist of the following: 1. Ping sweeps (tells the attacker, Which IP addresses are alive?) 2. Port scans (art of scanning to determine what network services or ports are active on the live IP addresses) 3. Internet information queries (queries the ports to determine the application and operating system of targeted host and determines the possible vulnerability exists that can be exploited?) 4. Packet sniffers (to capture data being transmitted on a network)
- 19. Eavesdropping Network snooping and packet sniffing are common terms for eavesdropping. A common method for eavesdropping on communication is to capture protocol packets. Eavesdropping is listening into a conversation. (spying, prying or snooping).
- 20. Types of eavesdropping: 1.information gathering Intruder identifies sensitive information i.e credit card number 2.Information theft Intruder steals data through unauthorized access Tools used to perform eavesdropping: 1. Network or protocol analyzers 2. Packet capturing utilities on networked computers
- 21. Access An access attack is just what it sounds like: an attempt to access another user account or network device through improper means.
- 22. Access attack can consist of the following: 1.Password attack 2.Trust exploitation 3.Port redirection 4.Man-in-the-Middle attack 5.Social engineering 6.Phishing
- 23. Password attacks can be implemented using brute-force attack (repeated attempts to identify users password). Methods for computing passwords: 1.Dictionary cracking 2.Brute-force computation Password attacks
- 24. Trust exploitation refers to an attack in which an individual take advantage of a trust relationship within a network. Trust exploitation
- 25. Port redirection A type of trust exploitation attack that uses a compromised host to pass traffic through a firewall that would otherwise be dropped.
- 26. Man-in-the-Middle attack A man-in-the-Middle attack requires that the hacker have access to network packets that come across a network.
- 27. Social engineering The easiest hack (social engineering) involves no computer skill at all. Social engineering is the art of manipulating people so they give up confidential information.
- 28. Phishing Phishing is a type of social engineering attack that involves using e-mail or other types of messages in an attempt to trick others into providing sensitive information.
- 29. Denial of service (DoS) DoS attacks are often implemented by a hacker as a means of denying a service that is normally available to a user or organization. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.
- 30. Distributed DoS attack DDoS uses attack methods similar to standard DoS attack but operates on a much large scale.
- 31. Malicious code Worms, viruses and Trojan Horses Malicious code is the kind of harmful computer code designed to create system vulnerabilities leading to back doors and other potential damages to files and computing systems. It's a type of threat that may not be blocked by antivirus software on its own
- 32. Worms It uses a malicious software to spread itself, relying on security failures on the target computer to access it. Worms cause harm to the network. Viruses Malicious software that is attached to another program to execute a particular unwanted function on the user workstation. Trojan Horses An application written to look like something else that in fact is an attack tool.
- 33. SUMMARY
- 34. Vulnerabiliti es Threats Attacks Technology vulnerability Configuration vulnerability Security policy vulnerability Structured threat Unstructure d threat Internal threat External threat Reconnaissance Access DoS Malicious code