Network Security Basics: Malware and Attacks CHAPTER 12 SUMMARY Network Security Basics: Malware and Attacks Name: Mohammad Khalifa Aldossary ID: 200800586 Major: Management Information Systems Supervised by: Prof. Mohammad Rafiq

Objectives of the Chapter You will learn how to: Work with connection control and transmission control concepts Develop the planning and control techniques associated with network security Work with the various types of threats to networks

Outline Introduction Engineering the Network: Ensuring a Proper Design 2.1. Connection Control 2.2. Enforcing Connection Control: The Firewall 2.3. Transmission Control Defending Networks from Attacks 3.1. Threats to Information: Malicious Code 3.2. Malicious Attacks 3.3. The Role and Use of Policy Managers Cyber-Terrorism Managing and Defending a Network 5.1. Network Security Management and Planning 5.2. Network Defense in Depth: Maintaining a Cable Architecture

1. Introduction

1. Introduction The global information grid offers enormous opportunities with endless challenges In the information assurance process, the network security function guards against threats to electronic communication Network security: protects electronic communication from unauthorized: Modification Destruction Disclosure Ensures that an increasing number of diverse attacks do not harm the distributed critical information infrastructure Network security has a dual mission: It must ensure the accuracy of the data transmitted It must protect confidential information processed, stored on, and accessible from networks

1. Introduction The role of network security function is to ensure the components of the network: Operate correctly Satisfy design requirements The information transmitted retains its fundamental integrity We will not approach network security as a technical assurance function in this chapter Instead, we will present network security from the perspective of how it fits within the information assurance process

2. Engineering the Network: Ensuring a Proper Design

2. Engineering the Network: Ensuring a Proper Design Physical infrastructure of networks is classified as: Network Intranet Extranet Internet Hardware-based Switches Hubs Cables Routers Software-based Connection control Transmission control To ensure security, security architects implement technological countermeasures such as firewalls, IDSs, and strong authentication

2. Engineering the Network: Ensuring a Proper Design 2.1. Connection Control 2.2. Enforcing Connection Control: The Firewall It establishes and regulates the relationship between a computer and a network It, also, ensures reliable transfer of messages between a sender and a receiver and performs some transmission error connection A firewall is essentially a filter dedicated to securing network connections Firewalls enforce access rights and protect the network from external systems Firewalls regulate access between trusted networks and un-trusted ones (Internet) Firewalls are high-level software that sit on the router end of the physical network Firewalls have to be able to distinguish between unsolicited traffic and inbound traffic requested by an internal user

2. Engineering the Network: Ensuring a Proper Design 2.3. Transmission Control It regulates the actual transmission process Transmission control ensures that the communication between two devices is flowing properly Effective transmission control supports the integrity and availability of network data

3. Defending Networks From Attacks

3. Defending Networks from Attacks A unique security problem with networks is their level of interconnectedness There are two broad categories of networks threats: Malicious code Malicious direct attack

3. Defending Networks from Attacks 3.1. Threats of Information: Malicious Code Malicious code is virulent Malicious code categories transmitted through network: Viruses: pieces of code attached to a host program to propagate or replicate when the host is executed Worms: a self-contained program capable of spreading copies of itself or its segments to other computer systems via network connections or e-mail attachments Denial of Service (DoS): prevent legitimate users from using their servers and networks because of the actions of the worm Logic bombs: destructive programs installed in a system by individuals and only activated by specified parameters Trojan horses: introduce harmful things under the guise of a useful program Spyware: propagates from websites, installs itself in a PC, then monitors the user’s computing habits and personal information, and it sends data to a third party Adware: opens a computer to ads delivered from the internet

3. Defending Networks from Attacks 3.2. Malicious Attacks The best way to counteract a network attack is to anticipate it and have the measures in place to either stop it or mitigate the harm Network attacks fall into seven general categories: Password attacks Insider attacks Sniffing IP spoofing Denial of service Man-in-the-middle attacks Application layer attacks

3. Defending Networks from Attacks Automated policy managers are effective tools for defending organizations from unauthorized access They provide the ability to filter network transactions through custom policies They provide an effective way to monitor a large number of online transactions that cross a network They control the distribution of unsuitable or offensive content and inappropriate activities They enable central control and efficient management of network access and use 3.3. The Role and Use of Policy Managers The major advantage of a policy manager is that it regulates the enterprise’s e-mail traffic

4. Cyber-Terrorism

1. Prepare and prevent 2. Detect and respond 3. Build strong foundations Security System Against cyber-terrorists 4. Cyber-Terrorism The goal of cyber-terrorism is to harm or control key computer systems or computer controls to achieve some indirect aim, such as: To destroy a power grid To take over a critical process Cyber-terrorist potential targets are: Power plants Nuclear facilities Water treatment plants Government agencies

5. Managing and Defending a Network

5. Managing and Defending a Network Just like any other processes, good management is an essential factor in defending a network 5.1. Network Security Management and Planning Effective network management processes are: Creating Usage Policy Statements In three steps: Specifies the proper use of each network component Tailors the rules for each component Defines the acceptable use policies (AUP) 2. Conduct Risk Analysis It is executed to identify the risks to a particular network, its equipment, resources, and data There are three levels of threats: Low-risk Medium-risk High-risk Also, it identifies the types of users and their privileges 3. Establish a security team Once the network security requirements are fully understood, the organization assembles and trains people reasonable for the actual implementation. They are NETSEC management team

5. Managing and Defending a Network 5.2. Network Defense in Depth: Maintaining a Cable Architecture Illustrated in figure 15 – 4 below:

Thanks for Listening Q’s & A’s Read more about it from >>>