Transcript CHAPTER 12 SUMMARY

CHAPTER 12 SUMMARY
Network Security Basics: Malware and Attacks
Name: Mohammad Khalifa Aldossary
ID: 200800586
Major: Management Information Systems
Supervised by: Prof. Mohammad Rafiq
Objectives of the Chapter
You will learn how to:
– Work with connection control and
transmission control concepts
– Develop the planning and control
techniques associated with network
security
– Work with the various types of
threats to networks
Outline
1.
2.
Introduction
Engineering the Network: Ensuring a Proper Design
2.1. Connection Control
2.2. Enforcing Connection Control: The Firewall
2.3. Transmission Control
3.
Defending Networks from Attacks
3.1. Threats to Information: Malicious Code
3.2. Malicious Attacks
3.3. The Role and Use of Policy Managers
4.
5.
Cyber-Terrorism
Managing and Defending a Network
5.1. Network Security Management and Planning
5.2. Network Defense in Depth: Maintaining a Cable Architecture
1. Introduction
1. Introduction
• The global information grid offers enormous opportunities with
endless challenges
• In the information assurance process, the network security
function guards against threats to electronic communication
• Network security:
⪧ protects electronic communication from unauthorized:
o Modification
o Destruction
o Disclosure
⊳ Ensures that an increasing number of diverse attacks do not harm the
distributed critical information infrastructure
• Network security has a dual mission:
1. It must ensure the accuracy of the data transmitted
2. It must protect confidential information processed, stored on, and
accessible from networks
1. Introduction
• The role of network security function is to ensure the
components of the network:
–
–
–
•
Operate correctly
Satisfy design requirements
The information transmitted retains its fundamental integrity
We will not approach network security as a technical assurance function in
this chapter
–
Instead, we will present network security from the perspective of how it fits within the
information assurance process
2. Engineering the Network:
Ensuring a Proper Design
2. Engineering the Network: Ensuring a
Proper Design
Intranet
Network
Extranet
Internet
• To ensure security, security
architects implement
technological countermeasures
such as firewalls, IDSs, and
strong authentication
• Physical infrastructure of
networks is classified as:
Hardwarebased
Softwarebased
Switches
Connection
control
Hubs
Transmission
control
Cables
Routers
2. Engineering the Network: Ensuring a
Proper Design
2.1. Connection Control
2.2. Enforcing Connection
Control: The Firewall
•
•
•
It establishes and regulates the
relationship between a computer
and a network
It, also, ensures reliable transfer of
messages between a sender and a
receiver and performs some
transmission error connection
•
•
•
•
A firewall is essentially a filter
dedicated to securing network
connections
Firewalls enforce access rights and
protect the network from external
systems
Firewalls regulate access between
trusted networks and un-trusted ones
(Internet)
Firewalls are high-level software that
sit on the router end of the physical
network
Firewalls have to be able to
distinguish between unsolicited
traffic and inbound traffic requested
by an internal user
2. Engineering the Network: Ensuring a
Proper Design
2.3. Transmission Control
• It regulates the actual transmission process
• Transmission control ensures that the communication between two
devices is flowing properly
• Effective transmission control supports the integrity and availability of
network data
3. Defending Networks
From Attacks
3. Defending Networks from Attacks
• A unique security problem with networks is their level of
interconnectedness
• There are two broad categories of networks threats:
– Malicious code
– Malicious direct attack
3. Defending Networks from Attacks
3.1. Threats of Information: Malicious Code
• Malicious code is virulent
• Malicious code categories transmitted through network:
–
Viruses: pieces of code attached to a host program to propagate or replicate when the host is
executed
•
Worms: a self-contained program capable of spreading copies of itself or its segments to other computer
systems via network connections or e-mail attachments
– Denial of Service (DoS): prevent legitimate users from using their servers and networks because
of the actions of the worm
–
Logic bombs: destructive programs installed in a system by individuals and only activated by
specified parameters
–
Trojan horses: introduce harmful things under the guise of a useful program
•
•
Spyware: propagates from websites, installs itself in a PC, then monitors the user’s computing habits and
personal information, and it sends data to a third party
Adware: opens a computer to ads delivered from the internet
3. Defending Networks from Attacks
3.2. Malicious Attacks
• The best way to counteract a network attack is to anticipate it and have
the measures in place to either stop it or mitigate the harm
• Network attacks fall into seven general categories:
1.
2.
3.
4.
5.
6.
7.
Password attacks
Insider attacks
Sniffing
IP spoofing
Denial of service
Man-in-the-middle attacks
Application layer attacks
3. Defending Networks from Attacks
3.3. The Role and Use of Policy Managers
• Automated policy managers are
effective tools for defending
organizations from
unauthorized access
1.
2.
3.
4.
They provide the ability to filter
network transactions through custom
policies
They provide an effective way to
monitor a large number of online
transactions that cross a network
They control the distribution of
unsuitable or offensive content and
inappropriate activities
They enable central control and
efficient management of network access
and use
• The major advantage of a policy
manager is that it regulates the
enterprise’s e-mail traffic
4. Cyber-Terrorism
4. Cyber-Terrorism
• The goal of cyber-terrorism is
to harm or control key
computer systems or computer
controls to achieve some
indirect aim, such as:
– To destroy a power grid
– To take over a critical process
• Cyber-terrorist potential
targets are:
1.
2.
3.
4.
Power plants
Nuclear facilities
Water treatment plants
Government agencies
2. Detect
and
respond
1. Prepare
and prevent
3. Build
strong
foundations
Security System
Against cyber-terrorists
5. Managing and
Defending a Network
5. Managing and Defending a Network
• Just like any other processes, good management is an essential factor
in defending a network
5.1. Network Security Management and Planning
• Effective network management processes are:
1. Creating Usage Policy Statements
In three steps:
o Specifies the proper use of each
network component
o Tailors the rules for each
component
o Defines the acceptable use
policies (AUP)
•
2. Conduct Risk Analysis
•
•
•
It is executed to identify the risks to a
particular network, its equipment,
resources, and data
There are three levels of threats:
o Low-risk
o Medium-risk
o High-risk
Also, it identifies the types of users
and their privileges
3. Establish a security team
•
Once the network security requirements are fully understood, the organization assembles and
trains people reasonable for the actual implementation. They are NETSEC management team
5. Managing and Defending a Network
5.2. Network Defense in Depth: Maintaining a Cable Architecture
•
Illustrated in figure 15 – 4 below:
Thanks for Listening
Q’s & A’s
Read more about
it from >>>