ICT 4010 Data and Communication Networks

Network
and
Cyber Security
Lecture 12

Phyela Mbewe
LIS Department
September 2023 University of Zambia
What is Security?
Security is the protection of assets.
Three main aspects of security:
– Prevention
– Detection
– Reaction

ICT 4010 - 2
Security Definitions
• Assets
– tangible & intangible

• Tangible assets
– physical ICT infrastructure (server rooms and all its elements)

• Intangible assets
– systems + data + communications

• Critical Cyber Assets

– Facilities, systems, and equipment which, if destroyed, degraded, or otherwise
rendered unavailable, would affect the EXISTENCE AND OPERATION OF THE
ORGANISATION.

ICT 4010 - 3
Cyberspace
• Virtual or physical area where communication occurs with the aid
of computers

• Need to define what you want to protect in your space

– Network, sub-network, segments, VLANs, systems, applications,
data at rest; data in transit; communications etc.)
– Protection of the hardware assets as well
• Define why you want to protect them
• And how do you want to protect them

ICT 4010 - 4
Why Network Security
• Network attacks are evolving in sophistication and ability to evade
detection
• Attacks becoming more targeted
– Greater financial consequences for victims
– Loss of vital information
– etc.

ICT 4010 - 5
Network Threats
• Connecting networks to the Internet introduces the possibility of
outside attackers
– Steal information
– Impact on performance
• Security threats exist even when a network is isolated from internet
– 60 to 80% of network misuse incidents originate from inside the
network
(Computer Security Institute (CSI) San Francisco, California)

• Consider both internal and external security

ICT 4010 - 6
Internal threats
• More serious than external threats
– Users already have knowledge of the network and its available
resources
– Typically have some level of access granted by nature of their
jobs
– Traditional security mechanisms like Intrusion Prevention
System (IPS) and firewalls are ineffective against internal
network misuse

ICT 4010 - 7
External Threats
• Attacks tend to be more technical in nature because they(attacker) don’t
have intimate knowledge of the network
– Attacker could perform a ping sweep to identify IP addresses that
respond
– Subject those IP addresses to port scan to discover open ports
– Exploit known vulnerabilities to compromise discovered service
– Attacker gains control of host and uses it as a jumping off point to
attack others systems

• Network administrators can mitigate these threats

ICT 4010 - 8
Network Vulnerabilities
• Vulnerability
– Weakness that an attacker might leverage to gain access
– Attackers write a program intended to take advantage of the
vulnerability
• This type of malicious program is called an exploit

ICT 4010 - 9
Non-secured Custom Applications
• Majority network attacks target specific applications
• Attackers have become more profit oriented rather than notoriety
generated by creating a virus for example
• Most organisations use custom applications with no much security
in mind which become prime attack targets
– Attacks on custom applications not as preventable as attacks on “well-
known” applications

ICT 4010 - 10
Three Goals of Network Security (CIA)
• Confidentiality – keeping data private
– Physically or logically restricting access to sensitive data
– Encrypting traffic through the network
– Examples of measures
• Use network security mechanisms e.g. firewalls, access
control lists (ACL)
• Require appropriate credentials
• Encrypt data

ICT 4010 - 11
Three Goals of Network Security (CIA)
• Integrity – ensure data has not been modified in transit
– (Integrity is the Process of Preventing unauthorised modification of
information)
– Authentication of origin

– Integrity violations examples include

• Modifying appearance of a corporate website
• Intercepting and altering an e-commerce transaction
• Modifying electronic financial records

ICT 4010 - 12
Three Goals of Network Security (CIA)
• Availability – measure of data’s accessibility by authorized users as
and when they demand

• Example of attack ways

– Send improperly formatted data to a networked device resulting
in an unhandled exception error
– DoS attack – flood network system with an excessive amount of
traffic requests
• Consume systems processing resources

ICT 4010 - 13
Access Controls
• The limitation and control of access through identification
and authentication.
• A system needs to be able to identify and authenticate
users for access to data, applications and hardware.
• In a large system there may be a complex structure
determining which users and applications have access to
which objects.

ICT 4010 - 14
Accountability
• The system managers are accountable to scrutiny from
outside.

• Audit Trails must be selectively kept and protected so that

actions affecting security can be traced back to the
responsible party

ICT 4010 - 15
Categorizing Data
• Different data require varying levels of security
• Organisations classify data in different categories with
specific levels of security

ICT 4010 - 16
Government and Military Data Classification Model
• Unclassified
– Data that has few or no privacy requirements

• Sensitive but unclassified (SBU)

– Data that could cause embarrassment but not constitute a security
threat if revealed

• Confidential
– Data that has a reasonable probability of causing damage if disclosed
to an unauthorized party

ICT 4010 - 17
Government and Military Data Classification Model
• Secret
– Data that has a reasonable probability of causing serious
damage if disclosed to an unauthorized party

• Top-secret
– Data that has a reasonable probability of causing exceptionally
grave damage if disclosed to an unauthorized party

ICT 4010 - 18
Organisational Classification Model
• Public
– Information made available to the public (for example, through marketing
materials)
• Sensitive
– Data that could cause embarrassment but not constitute a security threat if
revealed
• Private
– Organizational information that should be kept secret and whose accuracy
should be maintained
• Confidential
– Sensitive organizational information (for example, employee records) that
should be protected with great care

ICT 4010 - 19
Data Classification Characteristics
• Value
– How valuable the data is to the organization
• Age
– How old the data is
• Useful life
– How long the data will be considered relevant
• Personal association
– How personal the data is

ICT 4010 - 20
Types of Hackers
• White hat hacker
– has the skills to break into computer systems and do damage.
However, he uses his skills to help organizations. For example, a white
hat hacker might work for a company to test the security of its
network

• Black hat hacker

– also known as a “cracker,” uses his skills for unethical reasons (for
example, to steal funds).

ICT 4010 - 21
Types of Hackers
• Gray hat hacker
– can be thought of as a white hat hacker who occasionally strays and
acts unethically.
– For example, a gray hat hacker might be employed as a legitimate
network security tester. However, in the course of his ethical duties,
he finds an opportunity for personal gain and acts unethically to
obtain that personal gain.

ICT 4010 - 22
Types of Hackers
• Script kiddy
– a user who lacks the skills of a typical hacker. Rather, he downloads
hacking utilities and uses those utilities to launch attacks, rather than
writing his own programs

• Hacktivist
– a hacker with political motivations, such as someone who defaces the
website of a political candidate.

ICT 4010 - 23
Types of Hackers
• Computer security hacker
– knowledgeable about the technical aspects of computer and network
security systems. For example, this person might attempt to attack a
system protected by an IPS by fragmenting malicious traffic in a way
that would go undetected by the IPS.

ICT 4010 - 24
Common security attacks and their countermeasures
• Finding a way into the network
– Firewalls

• Exploiting software bugs, buffer overflows

– Intrusion Detection Systems

• Denial of Service
– Ingress filtering, IDS

ICT 4010 - 25
Common security attacks and their countermeasures
• TCP hijacking
– IPSec

• Packet sniffing
– Encryption (SSH, SSL, HTTPS)

• Social problems
– Education

ICT 4010 - 26
Firewalls
– A security device (the form of computer hardware or
software) that monitors and filters incoming and outgoing
network traffic
• This can include blocking packets from outside your network
– Firewall can be configured to disallow incoming traffic from
outside sources

ICT 4010 - 27
Firewalls

• Can be hardware or software: Some routers come with firewall

functionality, various OS have built-in firewall software

ICT 4010 - 28
Firewalls
• Basic problem – many network applications and protocols have
security problems that are fixed over time
– Difficult for users to keep up with changes and keep host secure
– Solution
• Administrators limit access to end hosts by using a firewall
• Firewall is kept up-to-date by administrators

ICT 4010 - 29
Intrusion Detection System
• Used to monitor for suspicious activity on a network
– Can protect against known software exploits, like buffer
overflow attacks

• Open Source IDS: Snort, www.snort.org

ICT 4010 - 30
Intrusion Detection Systems (IDS)
▪ Intrusion Detection Systems are Systems that look for
attack signatures, which are basically specific patterns or
Traffic Patterns that usually indicate malicious or
suspicious activities on your Network.
▪ When some suspicious activity is noticed, they
immediately send an ALERT Message to the Network
administrator. The IDS usually know the normal behavior
of a Network. E.G. Snort

ICT 4010 - 31
Types of Attacks - Dictionary Attack
• An attempt to gain unauthorized access to a computer
system by using a very large set of words to generate
potential passwords.

• This is why your passwords should be meaningless

random junk!

ICT 4010 - 32
Denial of Service Attack
• an attack meant to shut down a machine or network, making it
inaccessible to its intended users
• Purpose: Make a network service unusable, usually by
overloading the server or network

• Many different kinds of DoS attacks

– SYN Flood attack
– SMURF IP attack
– LAND attack

ICT 4010 - 33
TCP Attacks
• An attack whereby end hosts intentionally include wrong
information with data being transmitted, information which
does not affect delivery of the data
– Fake source address – host may trick destination into
believing that the packet is from a trusted source
• Especially applications which use IP addresses as a
simple authentication method
• Solution – use better authentication methods

ICT 4010 - 34
Packet Sniffing Attack
– Packet sniffing is a technique whereby packet data flowing
across the network is detected and observed.
• Network administrators use packet sniffing tools to monitor a network

– Packet Sniffing Attack is an unauthorized interception of data

• When a user wants to send a packet to someone else …
• They send bits over a physical medium(like a cable) with the destination
MAC address
• Other hosts are listening on the cable to detect for collisions
• This works for wireless too.

ICT 4010 - 35
Social Problems
• People can be just as dangerous as unprotected computer
systems
– People can be lied to, manipulated, bribed, threatened,
harmed, tortured, etc. to give up valuable information
– Most humans will breakdown once they are at the
“harmed” stage, unless they have been specially trained

ICT 4010 - 36
Social Problems
• There aren’t always solutions to all the kinds of social
problems
– Humans will continue to be tricked into giving out
information they shouldn’t
– Educating people (users) may help a little to mitigate social
engineering attacks
• social engineering attack: a range of malicious activities accomplished
through human interactions involving manipulating people so they give up
confidential information

ICT 4010 - 37
Malware
• A Malware is a set of instructions or Software Programs
that run on your computer and make your system do
something that an attacker wants it to do.

ICT 4010 - 38
Examples of Malware
• Malware is simply bad software. Malware is software
intentionally destructive to the computer
– Viruses
– Worms
– Trojan Horses
– RootKits
– Keyloggers
– Logic Bombs
– Spyware

ICT 4010 - 39
Solutions for Malware
• Using updated Antivirus software
• Install Anti-Malware System (in addition to an Antivirus)
• Avoid opening suspicious email attachments
• Constantly update your System

ICT 4010 - 40