Rachit Priyadarshi

Sunday, April 13, 2014
zhayk_denki@yahoo.com
1. 2.
3.
4.
Why is Network Security Important? Common Security Threats Types of Network Attack General Mitigation Techniques
zhayk_denki@yahoo.com 2
Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving.
Sunday, April 13, 2014 zhayk_denki@yahoo.com 3
It refers to any activities designed to protect your network. Specifically, these activities protect the usability, reliability, integrity, and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network.
Over the years, network attack tools and methods have evolved. As shown in the figure, in 1985 an attacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks. As time went on, and attackers' methods and tools improved, attackers no longer required the same level of sophisticated knowledge. This has effectively lowered the entry-level requirements for attackers. People who previously would not have participated in computer crime are now able to do so.
Threat - an action or event that might compromise security. It represents a potential risk to a computer or system. Vulnerability - the existence of a weakness in a design or configuration that can lead to an exploitation or some other unwanted and unexpected event that can compromise the security of a system. Target of Evaluation - this is the system that needs to be tested, or evaluated to see if it has vulnerabilities. Attack - An actual assault on a system. Exploit - A way to compromise the security of a system, usually a proof of concept about a vulnerability.
Hacker A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Cracker A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent.
White hat an individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. Black hat Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. Gray hat individual who works both offensively and defensively at various time
Phreaker An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. Spammer An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. Phisher Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.
Integrity: guaranteeing that the data are those that they are believed to be. Confidentiality: ensuring that only authorised individuals have access to the resources being exchanged. Availability: guaranteeing the information system's proper operation. Authentication: ensuring that only authorized individuals have access to the resources.
11
Reconnaissance
Which can be Active or Passive in nature
Host or Target Scanning
Live system detection Port Scanning
Gaining access
Operating system level/ application level Network level Denial of service if otherwise unsuccessful
Then Maintaining access
By using backdoor or Trojan programs
Finally, covering their attacks

1. 2.
3.
4.
1. 2. 3. 4.
Vulnerabilities Treats to Physical Infrastructure Threats to Networks Social Engineering
14
Vulnerability is the degree of weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices.
There are three primary vulnerabilities or weaknesses:

Technological
weaknesses Configuration weaknesses Security policy weaknesses

15
Technology weakness Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol, operating system, and network equipment weaknesses. Configuration weakness Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate. Policy weakness Security risks to the network exist if users do not follow the security policy. Some common security policy weaknesses and how those weaknesses are exploited are listed in the figure.
When you think of network security, or even computer security, you may imagine attackers exploiting software vulnerabilities. A less glamorous, but no less important, class of threat is the physical security of devices. An attacker can deny the use of network resources if those resources can be physically compromised.
17
Unstructured Threats consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers. Structured Threats these people know system vulnerabilities and use sophisticated hacking techniques to penetrate unsuspecting businesses. External threats can arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers. Internal threats occur when someone has authorized access to the network with either an account or physical access.
18
The easiest hack involves no computer skill at all. If an intruder can trick a member of an organization into giving over valuable information, such as the location of files or passwords, the process of hacking is made much easier.
Kevin Mitnick
19
1. 2.
3.
4.
1. 2. 3. 4.
Reconnaissance Access Denial of Service Virus worms, trojan and other malicious software
21
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. Access - System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses.
Reconnaissance attacks can consist of the following:

Internet information queries Ping sweeps Port scans Packet sniffers
Network snooping and packet sniffing are common terms for eavesdropping. Two common uses of eavesdropping are as follows:
Information gathering Network intruders can identify usernames, passwords, or information carried in a packet. Information theft The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access. Examples include breaking into or eavesdropping on financial institutions and obtaining credit card numbers.
23
Using switched networks instead of hubs so that traffic is not forwarded to all endpoints or network hosts. Using encryption that meets the data security needs of the organization without imposing an excessive burden on system resources or users. Implementing and enforcing a policy directive that forbids the use of protocols with known susceptibilities to eavesdropping. For example, SNMP version 3 can encrypt community strings, so a company could forbid using SNMP version 1, but permit SNMP version 3.
Password attacks can be implemented using a packet sniffer to yield user accounts and passwords that are transmitted as clear text. Password attacks usually refer to repeated attempts to log in to a shared resource, such as a server or router, to identify a user account, password, or both. These repeated attempts are called dictionary attacks or brute-force attacks. Trust exploitation attack is to compromise a trusted host. If a host in a network of a company is protected by a firewall (inside host), but is accessible to a trusted host outside the firewall (outside host), the inside host can be attacked through the trusted outside host.
Password attacks
TRUST EXPLOITATION ATTACK
25
A man-in-the-middle (MITM) attack is carried out by attackers that manage to position themselves between two legitimate hosts. The attacker may allow the normal transactions between hosts to occur, and only periodically manipulate the conversation between the two.
26
Other sorts of MITM attacks are potentially even more harmful. If attackers manage to get into a strategic position, they can steal information, hijack an ongoing session to gain access to private network resources, conduct DoS attacks, corrupt transmitted data, or introduce new information into network sessions.
WAN MITM attack mitigation is achieved by using VPN tunnels, which allow the attacker to see only the encrypted, undecipherable text. LAN MITM attacks use such tools as ettercap and ARP poisoning. Most LAN MITM attack mitigation can usually be mitigated by configuring port security on LAN switches.
DoS attacks prevent authorized people from using a service by using up system resources. Such as : Ping of death - A ping is normally 64 or 84 bytes, while a ping of death could be up to 65,536 bytes. SYN Flood A SYN flood attack exploits the TCP three-way handshake. It involves sending multiple SYN requests (1,000+) to a targeted server. Distributed DoS (DDoS) attacks are designed to saturate network links with illegitimate data. This data can overwhelm an Internet link, causing legitimate traffic to be dropped. The Smurf attack uses spoofed broadcast ping messages to flood a target system. I
29
DoS and DDoS attacks can be mitigated by implementing special anti-spoof and anti-DoS access control lists. ISPs can also implement traffic rate, limiting the amount of nonessential traffic that crosses network segments. A common example is to limit the amount of ICMP traffic that is allowed into a network, because this traffic is used only for diagnostic purposes.
The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks.
A worm executes code and installs copies of itself in the
memory of the infected computer, which can, in turn, infect other hosts. A virus (Vital Information Resources Under-Siege) is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation. A Trojan horse is different from a worm or virus only in that the entire application was written to look like something else, when in fact it is an attack tool.
The following are the recommended steps for worm attack mitigation: Containment Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network. Inoculation Start patching all systems and, if possible, scanning for vulnerable systems. Quarantine Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network. Treatment Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
1. 2.
3.
4.
Host and Server Based Security Intrusion Detection and Prevention r Based Security Common Security 3. Appliances and Applications
1. 2.
34
There are some simple steps that should be taken that apply to most operating systems: Default usernames and passwords should be changed immediately. Access to system resources should be restricted to only the individuals that are authorized to use those resources. Any unnecessary services and applications should be turned off and uninstalled, when possible. Install host antivirus software to protect against known viruses. Install Personal Firewall to prevent attacks on PCs. Install Operating System Patches
Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console. Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following active defense mechanisms in addition to detection: Prevention Stops the detected attack from executing. Reaction Immunizes the system from future attacks from a malicious source. Host-based intrusion prevention system (HIPS), actually stops the attack, prevents damage, and blocks the propagation of worms and viruses. HIPS software must be installed on each host, either the server or desktop, to monitor activity performed on and against the host.
Threat control Regulates network access, isolates infected systems, prevents intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are:
Cisco ASA 5500 Series Adaptive Security Appliances Integrated Services Routers (ISR) Network Admission Control
Cisco Security Agent for Desktops

Cisco Intrusion Prevention Systems
The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Cisco Security Agent software provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. CSA defends these systems against targeted attacks, spyware, rootkits, and day-zero attacks.
38
39

Rachit Priyadarshi

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Rachit Priyadarshi

Uploaded by

Copyright:

Available Formats

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014 zhayk_denki@yahoo.com 5

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014

Which can be Active or Passive in nature

Host or Target Scanning

Live system detection Port Scanning

Then Maintaining access

By using backdoor or Trojan programs

Finally, covering their attacks

Sunday, April 13, 2014

Sunday, April 13, 2014

Vulnerabilities Treats to Physical Infrastructure Threats to Networks Social Engineering

Sunday, April 13, 2014

There are three primary vulnerabilities or weaknesses:

weaknesses Configuration weaknesses Security policy weaknesses

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014

Reconnaissance attacks can consist of the following:

Sunday, April 13, 2014

Sunday, April 13, 2014 zhayk_denki@yahoo.com 24

TRUST EXPLOITATION ATTACK

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014 zhayk_denki@yahoo.com 27

Sunday, April 13, 2014

Sunday, April 13, 2014

Sunday, April 13, 2014

Cisco Security Agent for Desktops

Sunday, April 13, 2014

Sunday, April 13, 2014

You might also like