Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modern Network Security Threats

Published byPatrick Phillips Modified over 9 years ago

Similar presentations

Presentation on theme: "Modern Network Security Threats"— Presentation transcript:

1 Modern Network Security Threats
Chapter One Modern Network Security Threats

2 Major Concepts • Rationale for network security
• Data confidentiality, integrity, availability • Risks, threats, vulnerabilities and countermeasures • Methodology of a structured attack • Security model (McCumber cube) • Security policies, standards and guidelines • Selecting and implementing countermeasures • Network security design

3 Lesson Objectives Upon completion of this lesson, the successful participant will be able to: 1. Describe the rationale for network security 2. Describe the three principles of network security 3. Identify risks, threats, vulnerabilities and countermeasures 4. Discuss the three states of information and identify threats and appropriate countermeasures for each state 5. Differentiate between security policies, standards and guidelines

4 6. Describe the difference between structured and unstructured network attacks 7. Describe the stages and tools used in a structured attack 8. Identify security organisations that influence and shape network security 9. Identify career specialisations in Network Security

5 What is Network Security?
National Security Telecommunications and Information Systems Security Committee (NSTISSC) Network security is the protection of information and systems and hardware that use, store, and transmit that information. Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources.

6 Rationale for Network Security
Network Security initiatives and Network Security specialists can be found in private and public, large and small companies and organisations. The need for network security and its growth are driven by many factors: 1. Internet connectivity is 24/7 and is worldwide 2. Increase in cyber crime 3. Impact on business and individuals 4. Legislation & liabilities 5. Proliferation of threats 6. Sophistication of threats

7 Cyber Crime • Fraud/Scams • Identity Theft • Child Pornography
• Theft of Telecommunications Services • Electronic Vandalism, Terrorism and Extortion WASHINGTON, D.C. –– An estimated 3.6 million households, or about 3 percent of all households in the nation, learned that they had been the victim of at least one type of identity theft during a six-month period , according to the Justice Department’s

8 Business Impact 1. Decrease in productivity 2. Loss of sales revenue
3. Release of unauthorized sensitive data 4. Threat of trade secrets or formulas 5. Compromise of reputation and trust 6. Loss of communications 7. Threat to environmental and safety systems 8. Loss of time Current Computer Crime Cases

9 Proliferation of Threats
In 2001, the National Infrastructure Protection Center at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Since that time, thousands of organizations rely on this list to prioritize their efforts so they can close the most dangerous holes first. The threat landscape is very dynamic, which in turn makes it necessary to adopt newer security measures. Just over the last few years, the kinds of vulnerabilities that are being exploited are very different from the ones being exploited in the past.

10 Network Security “Threat”
A potential danger to information or a system An example: the ability to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network There may be weaknesses that greatly increase the likelihood of a threat manifesting Threats may include equipment failure, structured attacks, natural disasters, physical attacks, theft, viruses and many other potential events causing danger or damage

11 Sophistication of Threats

12 Types of Network Threats
• Impersonation • Eavesdropping • Denial-of-service • Packet replay • Man-in-the-middle • Packet modification

13 Vulnerability • A network vulnerability is a weakness in a system, technology, product or policy • In today’s environment, several organisations track, organize and test these vulnerabilities • Each vulnerability is given an ID and can be reviewed by network security professionals over the Internet. • The Common Vulnerability Exposure (CVE) list also publishes ways to prevent the vulnerability from being attacked.

14 Risk Management Terms • Vulnerability – a system, network or device weakness • Threat – potential danger posed by a vulnerability • Threat agent – the entity that indentifies a vulnerability and uses it to attack the victim • Risk – likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact • Exposure – potential to experience losses from a threat agent. • Countermeasure – put into place to mitigate the potential risk

15 Understanding Risk

16 Legislation Some of the EU directives:
•Directive on the authorisation of electronic communications networks and services (the “Authorisation Directive”); •Directive on access to, and interconnection of, electronic communications networks and associated facilities (the “Access Directive”); •Directive on the universal service (the “Universal Service Directive”); •Directive on the processing of personal data (the “Privacy and Electronic Communications Directive”).

17 Network Security Organizations

18 Network Security Domains
There are 12 network security domains specified by the International Organisation for Standardization (ISO). Risk Assessment Security Policy Organizations f information security Asset Management Human Resources Security Physical and environmental security Communication and Operations management Access Control Information system acquisitions, development and maintenance. Info-sec incident management Business continuity management Compliance

19 Security Policy One of the most important domains is security policy. A security policy is a formal statement of the rules by which people must abide who are given access to the technology and information assets of an organisation.

20 What Is a Security Policy?
A document that states how an organisation plans to protect its tangible and intangible information assets - Management instructions indicating a course of action, a guiding principle, or appropriate procedure - High-level statements that provide guidance to workers who must make present and future decisions - Generalised requirements that must be written down and communicated to others

21 Documents Supporting Policies
Standards – dictate specific minimum requirements in our policies Guidelines – suggest the best way to accomplish certain tasks Procedures – provide a method by which a policy is accomplished (the instructions)

22 Example: The Policy All users must have a unique user ID and password that conforms to the company password standard. Users must not share their password with anyone regardless of title or position Passwords must not be stored in written or any readable form If a compromise is suspected, it must be reported to the help desk and a new password must be requested

23 Example: The Standards
Minimum of 8 upper- and lowercase alphanumeric characters Must include a special character Must be changed every 30 days Password history of 24 previous passwords will be used to ensure passwords aren’t reused

24 Example: The Guideline
Take a phrase Up and At ‘em at 7! Convert to a strong password To create other passwords from this phrase, change the number, move the symbol, or change the punctuation mark

25 Example: The Procedure
Procedure for changing a password 1. Press Control, Alt, Delete to bring up the log in dialog box 2. Click the “change password” button 3. Enter your current password in the top box 4. …

26 Policy Elements Statement of Authority – an introduction to the information security policies Policy Headings – logistical information (security domain, policy number, name of organization, effective date, author, change control documentation or number) Policy Objectives – states what we are trying to achieve by implementing the policy Policy Statement of Purpose – why the policy was adopted, and how it will be implemented

27 Policy Elements, 2 • Policy Audience – states who the policy is intended for • Policy Statement – how the policy will be implemented (the rules) • Policy Exceptions – special situations calling for exception to the normal, accepted rules • Policy Enforcement Clause – consequences for violation • Policy Definitions – a “glossary” to ensure that the target audience understands the policy

28 Policy Example

29 Modern Network Security Threats
• Viruses • Worms • Trojan Horses

30 Virus A virus is a malicious code that is attached to legitimate programs or executable files. Most viruses require end-user activation. Viruses can be harmless, such as those that display a picture on the screen, or they can be destructive, such as those that modify or delete files on the hard drive. Most viruses are spread by USB memory sticks, CDs, DVDs, network shares, or .

31 Worm Worms replicate themselves by independently exploiting vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms can run by themselves. They do not require user participation and can spread extremely fast over the network.

32 Worm Components Most worm attacks have three major components:
Enabling vulnerability - A worm installs itself using an exploit mechanism ( attachment, executable file, Trojan Horse) on a vulnerable system. Propagation mechanism - After gaining access to a device, the worm replicates itself and locates new targets. Payload - Any malicious code that results in some action. Most often this is used to create a backdoor to the infected host.

33 Trojan Horse • A Trojan Horse is a malware that carries out malicious operations under the guise of a desired function. • A virus or worm could carry a Trojan Horse. • Trojan Horse example: FTP Trojan Horse opens port 21

34 Mitigating Threats A majority of the software vulnerabilities that are discovered relate to buffer overflows. A buffer is an allocated area of memory used by processes to store data temporarily. Buffer overflows are usually the primary conduit through which viruses, worms, and Trojan Horses do their damage. “Canary words” are use to protect/inform systems against buffer overflow.

35 Worm Mitigation The response to a worm infection can be broken down into four phases: Containment Inoculation Quarantine Treatment

36 Worm Mitigation Containment - involves limiting the spread of a worm infection to areas of the network that are already affected. Inoculation - all uninfected systems are patched with the appropriate vendor patch for the vulnerability.

37 Worm Mitigation Quarantine - tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing them. Treatment - terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system.

38 Mitigating Threats (1) The primary means of mitigating virus and Trojan horse attacks is anti-virus software. Anti-virus products are host-based. They do not prevent viruses from entering the network. AV database must always be up to date. Can not prevent “Zero Day” attacks

39 Mitigating Threats (2) Apart from well known, ports should normally be blocked by a firewall on the perimeter. Most attacks use well known port or backdoors Block the port on all devices through which worm is spreading on the internal network. Selective access does not guarantee to solve the problem, but it lowers the probability of infection.

40 Mitigating Threats (2) Another option for mitigating the effects of viruses, worms, and Trojan Horses is a Host-Based Intrusion Prevention System (HIPS). Network IPS Cisco Network Admission Control (NAC) Cisco Security Monitoring, Analysis, and Response System (MARS) • Patching OS and S/ware

41 Network Threats There are four general categories of security threats to the network: Unstructured threats - Structured threats - External threats - Internal threats

42

43 Four Classes of Network Attacks
- Reconnaissance attacks - Access attacks - Denial of service attacks -Worms, viruses, and Trojan horses

44 Specific Attack Types Packet sniffers IP weaknesses Password attacks
All of the following can be used to compromise your system: Packet sniffers IP weaknesses Password attacks DoS or DDoS Man-in-the-middle attacks Application layer attacks Trust exploitation Port redirection Virus Trojan horse Operator error Worms

45 Reconnaissance Attacks
Network reconnaissance refers to the overall act of learning information about a target network by using publicly available information and applications. An inspection or exploration of an area, especially one made to gather military information

46 Reconnaissance Attack Example

47 Reconnaissance Attack Mitigation
Network reconnaissance cannot be prevented entirely. - IPSs at the network and host levels can usually notify an administrator when a reconnaissance gathering attack (for example, ping sweeps and port scans) is under way.

48 Packet Sniffers

49 Packet Sniffers A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets. The following are the packet sniffer features: Packet sniffers exploit information passed in clear text. Protocols that pass information in the clear include the following: Telnet FTP SNMP POP - Packet sniffers must be on the same collision domain.

50 Packet Sniffer Mitigation

51 Packet Sniffer Mitigation
The following techniques and tools can be used to mitigate sniffers: - Authentication - Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers. - Switched infrastructure - Deploy a switched infrastructure to counter the use of packet sniffers in your environment. - Antisniffer tools - Use these tools to employ software and hardware designed to detect the use of sniffers on a network. - Cryptography - The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant.

52 IP Spoofing IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. Two general techniques are used during IP spoofing: A hacker uses an IP address that is within the range of trusted IP addresses. A hacker uses an authorized external IP address that is trusted. Uses for IP spoofing include the following: IP spoofing is usually limited to the injection of malicious data or commands into an existing stream of data. A hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can.

53 IP Spoofing Mitigation
The threat of IP spoofing can be reduced, but not eliminated, through the following measures: - Access control—The most common method for preventing IP spoofing is to properly configure access control. - RFC 2827 filtering—You can prevent users of your network from spoofing other networks (and be a good Internet citizen at the same time) by preventing any outbound traffic on your network that does not have a source address in your organization's own IP range. - Additional authentication that does not use IP-based authentication Examples of this include the following: • Cryptographic (recommended) • Strong, two-factor, one-time passwords

54 DoS Attacks

55 DDoS Attack Example

56 DoS Attack Mitigation The threat of DoS attacks can be reduced through the following three methods: - Antispoof features - Proper configuration of antispoof features on your routers and firewalls - Anti-DoS features - Proper configuration of anti-DoS features on routers and firewalls - Traffic rate limiting - Implement traffic rate limiting with the networks ISP

57 Password Attacks

58 Password Attack Example

59 Password Attacks Mitigation
The following are mitigation techniques: - Do not allow users to use the same password on multiple systems. - Disable accounts after a certain number of unsuccessful login attempts. - Do not use plain text passwords. OTP or a cryptographic password is recommended. - Use “strong” passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters.

60 Man-in-the-Middle Attacks

61 Man-in-the-Middle Mitigation

62 Trust Exploitation

63 Trust Exploitation Mitigation

64 Port Redirection

65 Unauthorized Access

66 Social Engineering Attacks
Hacker-speak for tricking a person into revealing some confidential information Social Engineering is defined as an attack based on deceiving users or administrators at the target site Done to gain illicit access to systems or useful information The goals of social engineering are fraud, network intrusion, industrial espionage, identity theft, etc.

67 Types of Attacks Structured attack
Come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with themajor fraud and theft cases reported to law enforcement agencies. Unstructured attack Consists of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company.

68 Types of Attacks External attacks
Initiated by individuals or groups working outside of a company. They do not have authorized access to the computer systems or network. They gather information in order to work their way into a network mainly from the Internet or dialup access servers. Internal attacks More common and dangerous. Internal attacks are initiated by someone who has authorized access to the network. According to the FBI, internal access and misuse account for 60 to 80 percent of reported incidents. These attacks often are traced to disgruntled employees.

69 Types of Attacks • Passive Attack - Listen to system passwords - Release of message content - Traffic analysis - Data capturing • Active Attack - Attempt to log into someone else’s account - Wire taps - Denial of services - Masquerading - Message modifications

70 Stages of an Attack • Today’s attackers have a abundance of targets. In fact their greatest challenge is to select the most vulnerable victims. This has resulted in very well- planned and structured attacks. These attacks have common logistical and strategic stages. These stages include; - Reconnaissance - Scanning (addresses, ports, vulnerabilities) Gaining access Maintaining Access Covering Tracks

71 Goals of an Information Security Program
• Confidentiality - Prevent the disclosure of sensitive information from unauthorized people, resources, and processes • Integrity - The protection of system information or processes from intentional or accidental modification • Availability - The assurance that systems and data are accessible by authorized users when needed

72 Information Security Model

73 Information Security Properties

74 Information States

75 Security Measures

76 Information Security Model

77 Risk Management • Risk Analysis • Threats • Vulnerabilities • Countermeasures

78 Mitigating Network Attacks

79 Summary

80 Summary

81 Summary

82 Next Week • Securing Access to Network Devices.

83 Thank you

Download ppt "Modern Network Security Threats"

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Introducing Computer and Network Security

Introducing Computer and Network Security
1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.

1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition

Similar presentations

Ads by Google