Transcript module 2 network security unit 1x

Module 2: Network security
Network security is protection of the access to files
and directories in a computer network against
hacking, misuse and unauthorized changes to the
system. An example of network security is an anti
virus system.
• A specialized field in computer networking that involves
securing a computer network infrastructure.
•
Network security is typically handled by a network
administrator or system administrator who implements
the security policy, network software and hardware
needed to protect a network and the resources accessed
through the network from unauthorized access and also
ensure that employees have adequate access to the
network and resources to work.
• A network security system typically relies on layers of
protection and consists of multiple components including
networking monitoring and security software in addition
to hardware and appliances. All components work
together to increase the overall security of the computer
network.
Unit 1: Security fundamentals
The most common threats to your systems:
• Malicious programs like viruses, worms (is a self-replicating virus that
does not alter files but resides in active memory and duplicates itself. )
• Trojan horses (actually do damage once software installed or run on
your computer)
• spyware(spyware is programming that is put in someone's computer
to secretly gather information about the user and relay it to
advertisers or other interested parties.),
• malware(software which is specifically designed to disrupt or damage
a computer system)
• adware (software that automatically displays or downloads
advertising material such as banners or pop-ups when a user is online.)
and
• Botnets (a network of private computers infected with malicious
software and controlled as a group without the owners' knowledge,
e.g. to send spam.)
• Zero-day and zero-hour attacks
 A zero day attack, also known as a zero hour attack, takes
advantage of computer vulnerabilities that do not currently
have a solution.
 Typically, a software company will discover a bug or problem
with a piece of software after it has been released, and it will
offer a patch — another piece of software meant to fix the
original issue. A zero day attack will take advantage of that
problem before a patch has been created. It is named zero
day because it occurs before the first day the vulnerability is
known.
• Hacker attacks
• Denial of Service (DoS) and Distributed Denial of Service
Attacks (DDoS)
• In computing, a denial-of-service (DoS) attack is an attempt to
make a machine or network resource unavailable to its
intended users, such as to temporarily or indefinitely interrupt
or suspend services of a host connected to the Internet.
• A distributed denial-of-service (DDoS) attack occurs when
multiple systems flood the bandwidth or resources of a
targeted system, usually one or more web servers.
• Data theft.
These threats look to exploit:
• Unsecured wireless networks
• Unpatched software and hardware
• Unsecured websites
• Potentially unwanted applications (PUAs)
• Weak passwords
• Lost devices, and
• Unwitting users or users with malicious intent(Malicious
intent refers to the intent, without just cause or reason, to
commit a wrongful act that will result in harm to another.).
fundamentals of network security
1. Keep patches and updates current
Cyber criminals exploit vulnerabilities in operating systems, software
applications, web browsers and browser plug-ins when administrators are
lax(careful) about applying patches and updates.
In particular, verify that office computers are running current versions of these
much used programs:
• Adobe Acrobat and Reader
• Adobe Flash
• Oracle Java
• Microsoft Internet Explorer
• Microsoft Office Suite
Keep an inventory to make sure each device is updated regularly, including
mobile devices and network hardware. And make sure Windows and Apple
computers have automatic updating enabled.
2. Use strong passwords
By now, most users know not to write their passwords on Post-It Notes that are
plastered to their monitors. But there’s more to keeping passwords secure than
keeping them out of plain sight.
The definition of a strong password is one that’s difficult to detect by humans
and computers, is at least 6 characters, preferably more, and uses a
combination of upper- and lower-case letters, numbers and symbols.
Symantec gives additional suggestions:
• Don’t use any words from the dictionary. Also avoid proper nouns or foreign
words.
• Don’t use anything remotely related to your name, nickname, family
members or pets.
• Don’t use any numbers someone could guess by looking at your mail like
phone numbers and street numbers, and
• Choose a phrase that means something to you, take the first letters of each
word and convert some into characters.
3. Secure your VPN
Data encryption and identity authentication are especially important to
securing a VPN.
Any open network connection is a vulnerability hackers can exploit to
sneak onto your network. Moreover, data is particularly vulnerable while
it is traveling over the Internet. Review the documentation for your
server and VPN software to make sure that the strongest possible
protocols for encryption and authentication are in use.
Multi-factor authentication is the most secure identity authentication method.
The more steps your users must take to prove their identity, the better.
For example, in addition to a password, users could be required to enter a PIN.
Or, a random numerical code generated by a key-fob authenticator every 60
seconds could be used in conjunction with a PIN or password.
It is also a good idea to use a firewall to separate the VPN network from the
rest of the network.
Other tips include:
• Use cloud-based email and file sharing instead of a VPN.
• Create and enforce user-access policies. Be stingy when granting access to
employees, contractors and business partners.
• Make sure employees know how to secure their home wireless networks.
Malicious software that infects their devices at home can infect the
company network via an open VPN connection, and
• Before granting mobile devices full access to the network, check them for
up-to-date anti-virus software, firewalls and spam filters.
4. Actively manage user access privileges
• Inappropriate user-access privileges pose a significant security threat.
Managing employee access to critical data on an ongoing basis should not be
overlooked.
5. Clean up inactive accounts
Hackers use inactive accounts once assigned to contractors and former
employees to gain access and disguise their activity. The HP/Ponemon Institute
report did find that the companies in the survey were doing a good job deleting
accounts once an employee quit or was laid off. Software is available for
cleaning up inactive accounts on large networks with many users.
Understand social engineering-based attacks
• Social engineering is an attack vector that relies heavily on
human interaction and often involves tricking people into
breaking normal security procedures.
Popular types of social engineering
attacks include:
Baiting: Baiting is when an attacker leaves a malwareinfected physical device, such as a USB flash drive in a place it
is sure to be found. The finder then picks up the device and
loads it onto his or her computer, unintentionally installing
the malware.
Phishing: Phishing is when a malicious party sends a fraudulent
email disguised as a legitimate email, often purporting to be
from a trusted source. The message is meant to trick the
recipient into sharing personal or financial information or
clicking on a link that installs malware.
Spear phishing: Spear phishing is like phishing, but tailored
for a specific individual or organization.
Pretexting: Pretexting is when one party lies to another to gain
access to privileged data. For example, a pretexting scam could
involve an attacker who pretends to need personal or financial
data in order to confirm the identity of the recipient.
Scareware: Scareware involves tricking the victim into thinking
his computer is infected with malware or has inadvertently
downloaded illegal content. The attacker then offers the victim a
solution that will fix the bogus problem; in reality, the victim is
simply tricked into downloading and installing the attacker's
malware.
Identify different types of malware
Adware:. The least dangerous and most lucrative Malware. Adware displays
ads on your computer.
Spyware:. Spyware is software that spies on you, tracking your internet
activities in order to send advertising (Adware) back to your system.
Virus: A virus is a contagious program or code that attaches itself to another
piece of software, and then reproduces itself when that software is run.
Most often this is spread by sharing software or files between computers.
Worm: A program that replicates itself and destroys data and files on the
computer. Worms work to “eat” the system operating files and data files
until the drive is empty.
unavailable.
Trojan: The most dangerous Malware. Trojans are written with the
purpose of discovering your financial information, taking over your
computer’s system resources, and in larger systems creating a “denialof-service attack ” Denial-of-service attack: an attempt to make a
machine or network resource unavailable to those attempting to reach
it. Example: AOL, Yahoo or your business network becoming
unavailable
Backdoors: Backdoors are much the same as Trojans or worms, except
that they open a “backdoor” onto a computer, providing a network
connection for hackers or other Malware to enter or for viruses or SPAM
to be sent.
Keyloggers: Records everything you type on your PC in order to glean
your log-in names, passwords, and other sensitive information, and send
it on to the source of the keylogging program. Many times keyloggers
are used by corporations and parents to acquire computer usage
information.
Network attacks such as scanning, spoofing and denial-ofservice attacks
Network scanning is a procedure for identifying active hosts on a
network, either for the purpose of attacking them or for network
security assessment.
Scanning procedures, such as ping sweeps and port scans, return
information about which IP addresses map to live hosts that are active
on the Internet and what services they offer. Another scanning
method, inverse mapping, returns information about what IP addresses
do not map to live hosts; this enables an attacker to make assumptions
about viable addresses.
Spoofing :The hackers can use Network spoofing to enter into certain
secured networks for obtaining restricted files and information. In this
process, the hacker will assume a IP address of a trusted computer and
easily gains access to the restricted network. As the information comes
from a legitimate (conforming )source, the gateway of the network
allows the exchange of packets of information.
Types of Network spoofing:
• Protocol Spoofing
• DNS spoofing
• MAC spoofing
Implement secure management policies and procedures and
perform security training
http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=3
• A security policy comprises a set of objectives for the company,
rules of behavior for users and administrators, and requirements
for system and management that collectively ensure the security
of network and computer systems in an organization. A security
policy is a “living document,” meaning that the document is
never finished and is continuously updated as technology and
employee requirements change.
The security policy translates, clarifies, and communicates the
management position on security as defined in high-level security
principles.
The security policy acts as a bridge between these management
objectives and specific security requirements. It informs users,
staff, and managers of their obligatory requirements for protecting
technology and information assets.
The three reasons for having a security policy are as follows:
• To inform users, staff, and managers
• To specify mechanisms for security
• To provide a baseline
One of the most common security policy components is an
acceptable use policy (AUP).
This component defines what users are allowed and not allowed to
do on the various components of the system, including the type of
traffic that is allowed on the networks. The AUP should be as explicit
as possible to avoid ambiguity or misunderstanding. For example, an
AUP might list the prohibited website categories.
A properly defined security policy does the following:
•
•
•
•
Protects people and information
Sets the rules for expected behavior
Authorizes staff to monitor, probe, and investigate
Defines the consequences(effect) of violations
Ensure effective patch management policies.
Network and computer security is more crucial than ever, patching forms a
key part. An effective Patch Management System will not only fend off
malware and worms but also alleviate the frustration sometimes caused as
a consequence of patching. Patching may also be a requirement for
compliance(rule), many organisations are required to have a Patch
Management System in place to maintain compliance with certain
regulations and standards such as ISO 27001 and ISO 270012.
When undertaking patching correctly we expect patching to reduce
vulnerabilities, improve performance, improve usability and assist in
achieving compliance, however this is not always the only outcome and is
the cause of frustration for many of us, one vulnerability is ‘patched’ yet
we are left with other problems to rectify. The key to mitigating this
problem is patch testing before applying the patch to live systems, a
practice not often seen in the industry.
http://www.windowsecurity.com/articles-tutorials/Windows_Server_2012_Security/howachieve-effective-patch-management-system.html
• Patch management is necessary, and if applied correctly it is highly
beneficial however patches are also the cause of conflict with other
software and hardware within our system environment and are
responsible for creating new problems that were not present before the
patching.
Patches, additional code for replacing flaws in existing software, usually
fall within the following categories:
Binary Executable Patch - executable files that modify or replace files
when executed
Source Code Patch - source code modification
Service Pack - significantly change a program
Firmware Patch - update internal control of hardware devices
• Patch management should be a proactive strategic and planned process
to determine the application of patches needed to specified systems at
a specified time. Without an effective patch management system in
place, organisations are not effectively managing security quality and
risk.
Benefits of an effective patch management system:
Increased productivity - Reduced downtime from malware issues.
Increase in performance.
Security - Lower rates of virus infections, malicious attacks, and data
theft or loss and legal penalties.
Increased productivity within the IT department - manual patching
requires a lot of IT resources and time. Through automation IT resources
can be used elsewhere.
Cost savings.
Patches may extend software to supply new features and functionality or
additional support. This would be advantageous for organisations.