2. NETWORK SECURITY
Network security is any
activity designed to protect the
usability and integrity(unity)
of network and data.
It includes both hardware and
software technologies.
3. In network security, three common
terms are used as:
1. Vulnerabilities
2. Threats
3. Attacks
6. Technology vulnerabilities
Computer and network technologies have
intrinsic(built-in) security weakness.
TCP/IP protocol vulnerabilities
(HTTP, FTP are inherently unsecure)
Operating system vulnerabilities
(Windows, Linux have security problems)
Network equipment vulnerabilities
(routers, switches have security weaknesses)
7. Configuration vulnerabilities
Network administrator need to correctly configure their
computing and network devices to compensate.
Unsecured user accounts
(information transmitted insecurely across network)
System account with easily guessed passwords
Unsecured default settings within products
Misconfigured internet services
(untrusted sites on dynamic webpages)
Misconfigured network equipment
(misconfiguration itself cause security problem)
8. Security policyvulnerabilities
The network can pose security risk if users do not follow the
security policies.
Lack of written security policy
(policies in booklet)
Politics
(political battles makes it difficult to implement security policies)
Lack of continuity
(easily cracked or default password allows unauthorized access)
Logical access control. Not applied
(imperfect monitoring allows unauthorized access)
Disaster recovery plan nonexistent
(lack of disaster recovery plan allows panic (a sudden fear) when someone attacks the
enterprise.)
9. THREATS
The people eager, willing and
qualified to take advantage of
each security vulnerability, and
they continually search for
new exploits and weaknesses.
10. Classes of threats
There are four main classes of threats:
1. Structured threats
2. Unstructured threats
3. External threats
4. Internal threats
11. 1. Structured threats
Implemented by a technically skilled person who is trying to gain
access to your network.
2. Unstructured threats
Created by an inexperienced / non-technical person who is trying
to gain access to your network.
3. Internal threats
Occurs when someone from inside your network creates a security
threat to your network.
4. External threats
Occurs when someone from outside your network creates a
security threat to your network.
12. Common terms
Hacker
A hacker is a person intensely interested in requiring
secrets and recondite workings of any computer operating
system. Hackers are most often programmers.
Crackers
Crackers can easily be identified because their
actions are malicious.
13. Phreaker
A phreaker is an individual who manipulates the
phone network to cause it to perform a function that is
normally not allowed.
A common goal of phreaking is breaking into the
phone network.
Spammer
An individual who sends large number of
unsolicited e-mail messages. Spammers often use
viruses to take control of home computers to use these
computers to send out their bulk messages.
14. Phisher
A phisher uses e-mail or other means in an attempt to
trick others into providing sensitive information, such as
credit card no or password etc.
White hat
Individuals who use their abilities to find
vulnerabilities in systems or networks and then report these
vulnerabilities to the owners of the system so that they can
be fixed.
Black hat
Individuals who use their knowledge of computer to
break into system that they are not authorized to use.
15. ATTACKS
The threats use a variety of
tools, scripts and programs to
launch attacks against networks
and network devices.
16. Classes of attack
1. Reconnaissance
2. Access
3. Denial of service (DOS)
4. Worms, viruses and Trojan Horses
17. Reconnaissance
Reconnaissance is a primary
step of computer attack. It
involve unauthorized discovery of
targeted system to gather
information about vulnerabilities.
The hacker surveys a network
and collects data for a future
attack.
18. Reconnaissance attacks can consist of the
following:
1. Ping sweeps
(tells the attacker, Which IP addresses are alive?)
2. Port scans
(art of scanning to determine what network services or ports are activeon
the live IP addresses)
3. Internet information queries
(queries the ports to determine the application and operating system of
targeted host and determines the possible vulnerability exists that can be
exploited?)
4. Packet sniffers
(to capture data being transmitted on a network)
19. Eavesdropping
Eavesdropping is listening into a conversation.
(spying, prying or snooping).
Network snooping and
packet sniffing are common
terms for eavesdropping. A
common method for
eavesdropping on
communication is to capture
protocol packets.
20. Types of eavesdropping:
1.information gathering
Intruder identifies sensitive information i.e credit card
number
2.Information theft
Intruder steals data through unauthorized access
Tools used to perform eavesdropping:
1. Network or protocol analyzers
2. Packet capturing utilities on networked computers
21. Access
An access attack is just what it
sounds like: an attempt to access
another user account or network
device through improper means.
22. The attack surface of a software environment is the sum of the different
points (for "attack vectors") where an unauthorized user (the "attacker")
can try to enter data to or extract data from an environment. Keeping the
attack surface as small as possible is a basic security measure.
There are over 100 attack vectors and breach methods that hackers can use. However,
some are more common than others. Here are some of the most common attack vectors:
Attack Surface:
Compromised credentials Phishing
Weak and stolen passwords Trust relationships
Malicious insiders Zero-day vulnerabilities
Misconfiguration Brute force attack
Missing or poor encryption Distributed Denial of Service (DDoS)
Ransomware
23. Understanding an attack surface
Due to the increase in the countless potential vulnerable points each enterprise has,
there has been increasing advantage for hackers and attackers as they only need to
find one vulnerable point to succeed in their attack.
There are three steps towards understanding and visualizing an attack surface:
Step 1: Visualize. Visualizing the system of an enterprise is the first step, by mapping
out all the devices, paths and networks.
Step 2: Find indicators of exposures. The second step is to correspond each
indicator of a vulnerability being potentially exposed to the visualized map in the last
step. IOEs include "missing security controls in systems and software".
Step 3: Find indicators of compromise. This is an indicator that an attack has
already succeeded.
24. Surface reduction
• One approach to improving information security is to reduce the attack surface of a
system or software.
• The basic strategies of attack surface reduction include the following: reduce the
amount of code running, reduce entry points available to untrusted users, and
eliminate services requested by relatively few users.
• By having less code available to unauthorized actors, there will tend to be fewer
failures. By turning off unnecessary functionality, there are fewer security risks.
• Although attack surface reduction helps prevent security failures, it does not
mitigate the amount of damage an attacker could inflict once a vulnerability is found.
26. Access attack can consist of the
following:
1.Password attack
2.Trust exploitation
3.Port redirection
4.Man-in-the-Middle attack
5.Social engineering
6.Phishing
27. Password attacks can be
implemented using brute-force
attack (repeated attempts to
identify users password).
Methods for computing
passwords:
1.Dictionary cracking
2.Brute-force computation
Password attacks
28. Trust exploitation refers
to an attack in which an
individual take
advantage of a trust
relationship within a
network.
Trust exploitation
29. Port redirection
A type of trust
exploitation attack that
uses a compromised
host to pass traffic
through a firewall that
would otherwise be
dropped.
31. Social engineering
The easiest hack (social
engineering) involves no
computer skill at all.
Social engineering is the art
of manipulating people so
they give up confidential
information.
32. Phishing
Phishing is a type of social engineering attack that
involves using e-mail or other types of messages
in an attempt to trick others into providing
sensitive information.
33. Denial of service (DoS)
DoS attacks are often implemented
by a hacker as a means of denying
a service that is normally available
to a user or organization.
DoS attacks involve either crashing the system or
slowing it down to the point that it is unusable.
34. Distributed DoS attack
DDoS uses attack
methods similar to
standard DoS attack but
operates on a much
large scale.
35.
36. Malicious code
Worms, viruses and Trojan Horses
Malicious code is the kind of
harmful computer code designed to
create system vulnerabilities leading to
back doors and other potential
damages to files and computing
systems. It's a type of threat that may
not be blocked by antivirus software
on its own
37. The amount and variety of malicious programs out there is enough to make your head spin. This blog
post will break down the common types of malicious programs and provide a brief description of
each.
What is Malware?
Malware is short for malicious software, meaning software that
can be used to compromise computer functions, steal data,
bypass access controls, or otherwise cause harm to the host
computer.
Malware is a broad term that refers to a variety of malicious
programs.
38. Adware
Adware (short for advertising-supported software) is a type of malware that
automatically delivers advertisements.
Common examples of adware include pop-up ads on websites and advertisements
that are displayed by software.
Often times software and applications offer “free” versions that come bundled with
adware.
Most adware is sponsored or authored by advertisers and serves as a revenue
generating tool.
While some adware is solely designed to deliver advertisements, it is not
uncommon for adware to come bundled with spyware (see below) that is capable of
tracking user activity and stealing information.
Due to the added capabilities of spyware, adware/spyware bundles are significantly
more dangerous than adware on its own.
39. Bots are software programs created to automatically perform specific operations.
While some bots are created for relatively harmless purposes (video gaming, internet
auctions, online contests, etc), it is becoming increasingly common to see bots being
used maliciously.
Bots can be used in botnets (collections of computers to be controlled by third parties)
for DDoS attacks, as spambots that render advertisements on websites, as web spiders
that scrape server data, and for distributing malware disguised as popular search
items on download sites.
Websites can guard against bots with CAPTCHA tests that verify users as human.
Bot
40. Bug
In the context of software, a bug is a flaw produces an undesired outcome.
These flaws are usually the result of human error and typically exist in the source code or
compilers of a program.
Minor bugs only slightly affect a program’s behavior and as a result can go for long
periods of time before being discovered.
More significant bugs can cause crashing or freezing. Security bugs are the most severe
type of bugs and can allow attackers to bypass user authentication, override access
privileges, or steal data.
Bugs can be prevented with developer education, quality control, and code analysis tools.
41. Ransomware is a form of malware that essentially holds a computer system
captive while demanding a ransom. The malware restricts user access to the
computer either by encrypting files on the hard drive or locking down the
system and displaying messages that are intended to force the user to pay the
malware creator to remove the restrictions and regain access to their computer.
Ransomware typically spreads like a normal computer worm (see below) ending
up on a computer via a downloaded file or through some other vulnerability in a
network service.
Ransomware
42. A rootkit is a type of malicious software designed to remotely access or control a
computer without being detected by users or security programs.
Once a rootkit has been installed it is possible for the malicious party behind the rootkit to
remotely execute iles, access/steal information, modify system configurations, alter
software (especially any security software that could detect the rootkit), install concealed
malware, or control the computer as part of a botnet.
Rootkit prevention, detection, and removal can be difficult due to their stealthy operation.
Because a rootkit continually hides its presence, typical security products are not effective
in detecting and removing rootkits.
As a result, rootkit detection relies on manual methods such as monitoring computer
behavior for irregular activity, signature scanning, and storage dump analysis.
Organizations and users can protect themselves from rootkits by regularly patching
vulnerabilities in software, applications, and operating systems, updating virus definitions,
avoiding suspicious downloads, and performing static analysis scans.
rootkit
43. Spyware is a type of malware that functions by spying on user activity without their knowledge.
These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting
(account information, logins, financial data), and more.
Spyware often has additional capabilities as well, ranging from modifying security settings of
software or browsers to interfering with network connections.
Spyware spreads by exploiting software vulnerabilities, bundling itself with legitimate software, or in
Trojans.
Spyware
44. A Trojan horse, commonly known as a “Trojan,” is a type of malware that
disguises itself as a normal file or program to trick users into downloading and
installing malware.
A Trojan can give a malicious party remote access to an infected computer. Once
an attacker has access to an infected computer, it is possible for the attacker to
steal data (logins, financial data, even electronic money), install more malware,
modify files, monitor user activity (screen watching, keylogging, etc), use the
computer in botnets, and anonymize internet activity by the attacker.
Trojan horse
45. A virus is a form of malware that is capable of copying itself and spreading to
other computers.
Viruses often spread to other computers by attaching themselves to various
programs and executing code when a user launches one of those infected
programs.
Viruses can also spread through script files, documents, and cross-site scripting
vulnerabilities in web apps.
Viruses can be used to steal information, harm host computers and networks,
create botnets, steal money, render advertisements, and more.
virus
46. Computer worms are among the most common types of malware. They spread
over computer networks by exploiting operating system vulnerabilities.
Worms typically cause harm to their host networks by consuming bandwidth
and overloading web servers.
Computer worms can also contain “payloads” that damage host computers.
Payloads are pieces of code written to perform actions on affected computers
beyond simply spreading the worm.
Payloads are commonly designed to steal data, delete files, or create botnets.
Computer worms can be classified as a type of computer virus, but there are
several characteristics that distinguish computer worms from regular viruses. A
major difference is that computer worms have the ability to self-replicate and
spread independently while viruses rely on human activity to spread (running a
program, opening a file, etc).
Worms often spread by sending mass emails with infected attachments to
users’ contacts.
worms
47. Malware Symptoms
While these types of malware differ greatly in how they spread and infect
computers, they all can produce similar symptoms. Computers that are infected with
malware can exhibit any of the following symptoms:
• Increased CPU usage
• Slow computer or web browser speeds
• Problems connecting to networks
• Freezing or crashing
• Modified or deleted files
• Appearance of strange files, programs, or desktop icons
• Programs running, turning off, or reconfiguring themselves (malware will often
reconfigure or turn off antivirus and firewall programs)
• Strange computer behavior
• Emails/messages being sent automatically and without user’s knowledge (a
friend receives a strange email from you that you did not send)
48. Malware Prevention and Removal
There are several general best practices that organizations and individual users should follow to
prevent malware infections. Some malware cases require special prevention and treatment methods,
but following these recommendations will greatly increase a user’s protection from a wide range of
malware:
Install and run anti-malware and firewall software. When selecting software, choose a program that
offers tools for detecting, quarantining, and removing multiple types of malware. At the minimum,
anti-malware software should protect against viruses, spyware, adware, Trojans, and worms. The
combination of anti-malware software and a firewall will ensure that all incoming and existing data
gets scanned for malware and that malware can be safely removed once detected.
Keep software and operating systems up to date with current vulnerability patches. These patches
are often released to patch bugs or other security flaws that could be exploited by attackers.
Be vigilant when downloading files, programs, attachments, etc. Downloads that seem strange or
are from an unfamiliar source often contain malware.
49.
50. Security Vulnerability Types
Computer security vulnerabilities can be divided into numerous types based on different criteria—
such as where the vulnerability exists, what caused it, or how it could be used. Some broad
categories of these vulnerability types include:
1. Network Vulnerabilities. These are issues with a network’s hardware or software that expose it
to possible intrusion by an outside party. Examples include insecure Wi-Fi access points and
poorly-configured firewalls.
2. Operating System Vulnerabilities. These are vulnerabilities within a particular operating system
that hackers may exploit to gain access to an asset the OS is installed on—or to cause damage.
Examples include default superuser accounts that may exist in some OS installs and hidden
backdoor programs.
3.
Human Vulnerabilities. The weakest link in many cybersecurity architectures is the human
element. User errors can easily expose sensitive data, create exploitable access points for
attackers, or disrupt systems.
4. Process Vulnerabilities. Some vulnerabilities can be created by specific process controls (or a
lack thereof). One example would be the use of weak passwords (which may also fall under
human vulnerabilities).