NSEC-3100

welcome
• Self introductions and course Expectations
Aim of the course
To provide the student with theoretical and practical skills needed to
design, implement and manage network security.
Assessment weighting
• 50% course work
• 50% examinations
Why security?
• Internet was designed for connectivity
• A lot is being done on the internet
• Trust assumed
• Fundamental aspects of information must be protected
• Confidential Data
• Employee Information
• Financial Data
• Difficult to isolate from internet
• Most business are done online
• Customer care
• Third party services are provided online
Introduction to Network Security
• What is Network Security?
• Network security is the actual protection of the underlying
networking infrastructure from unauthorized access, misuse or
theft.
• This involves creating a secure infrastructure for devices,
applications and users to operate in a secure manner.
Who is vulnerable?
• Financial institutions and banks
• Internet service providers
• Pharmaceutical companies
• Government and defense agencies
• Contractors to various government agencies
• Multinational corporations
• ANYONE ON THE NETWORK
Key principle behind Security : CIA TRIAD
Key principle behind Security

• Confidentiality
• Preventing unauthorized use or disclosure of information
• Examples of controls that improve confidentiality include
• encryption, steganography, access control lists (ACLs), and
• data classifications
• Integrity
• Safeguarding accuracy and completeness of information
• An example is using a hash algorithm
• Availability
• Authorized users have reliable and timely access to information.
• Example is Load balancing
Access control
• This is the ability to permit or deny use of an object by a subject.
• This is achieved by
• Authentication( who can log in ) is the verification or proof of someone’s
or something’s identity. The most common form of authentication is the
use of a password
• Authorization( what authorized users can do)The process of authorization
ensures that the requested activity or access to an object is possible given
the rights and privileges assigned to the authenticated identity.
• Accountability (identifying what a user did)
Importance of Network Security

• Protecting Sensitive Data

• Preventing unauthorized access – leading to data breaches.
• Business continuity – ensures availability and continuity of critical
business network services.
Network Security Models
• Perimeter Based Security – securing the network perimeters such as
firewalls, IDS/IPS and use of VPN to control access from the external
network.
• Zero trust models- enforces strict access control, identity verification
and continuous monitoring. this assumes that threats can emerge
from either inside or outside the network perimeter.
• Defense in depth using multiple security controls like firewalls,
antivirus software and encryption to provide comprehensive
protection.
Security threats and vulnerabilities
• DOS attack – overwhelming the network with excessive traffic causing
services to become inaccessible
• Malware – can be virus infected on a computer network and causing
loss of data
• Phishing – using deceptive email to trick network or system user to
reveal sensitive information
• Brute force attack – attacker repeatedly uses a combination of
password and username to gain unauthorized access.
 Vulnerabilities
• USB Thumb Drive
• The process of authorization ensures that the requested
activity or access to an object is possible given the rights
and privileges assigned to the authenticated identity.
• Trojan human
• Like the Trojan horse, the Trojan human comes into a
business in some type of disguise. He could be in business
attire or dressed like legitimate repair man
Vulnerabilities
• Emails
• E-mail is frequently used within businesses to send and receive
data; however, it’s often misused. Messages with confidential
information can easily be forwarded to any external target. In
addition, the e-mails themselves can carry nasty viruses. One
targeted e-mail could phish for access credentials from an
employee. These stolen credentials would then be leveraged in a
second-stage attack.
Network Devices
• Switches- layer 2 on OSI model that connects devices within
Lan and facilitates communication between them
• Routers –Operating at layer 3 on OSI model. Its main
purpose is to connect multiple networks together and
facilitate traffic within them. Uses Ip addresses to determine
the best path for data packets to reach their destination.
Network Devices
• Firewall – Network device designed to protect the network
from malicious traffic, unauthorized access and other
security threats.
• Acts as a wall between the internal network(LAN)and the
external network (internet) and assists in filtering inbound
and outbound traffic based on rules configured.
Threat classification
• Interruption -This happens when an asset is destroyed or becomes
unavailable or cannot be used. This is an attack on the availability of
the system.
• An example is destruction of peace of hardware
• Interception – this happen when unauthorized unit gains access to
asset. This is an attack on confidentiality of the network or system
• An example is wire tapping to capture data in a network
Threat classification
Modification- this happens if an unauthorized party gains access to
data and makes any alterations to the system. This is an attack to the
integrity of the system. An example can be changing values of file
Fabrication – unauthorized entity gain access to system or network and
insert false object. This could be a hacker gaining access to system user
email and sending messages
What is an Attack
• Any attempt to destroy, expose, alter, disable, steal or gain
unauthorized access to or make unauthorized use of an asset (both
physical or logical resources
Attack models
• Determining likely attack vectors requires understanding the probable
threat models.

• Although attacks may come from anywhere, the environment dictates

likely directions that an attacker may explore.

• Attacks may be internal or external to a system, and intentional or

accidental. In addition, different attackers have different motivations.
Attack models
• Internal and external
• when people think of an attack, external attack is always a major attack model
(that is people and processes outside the system or network)
Internal Attack Motivation
• Personal issues: Personal problems may provide motivation. A
disagreement with a boss or coworker, or general frustration, may
trigger an attack.
• Unfair disadvantage: The employee may feel mistreated by the
company and view his insider access as a way to fight back.
• Greed: An employee may see value in selling insider access to an
interested external party.
• Curiosity: Although not necessarily malicious, the employee’s
curiosity and exploration of the company’s internals may create
problems.
• Ignorance: The employee may not be aware that specific information
External attack motivation
• Political: The attack may be used to make a statement.
• Status: An attacker may use the attack as bragging rights or to
demonstrate his skills.
• Power: An attacker may use the attack to his technical superiority.
Areas of Network Device Security
• Physical security – Secure infrastructure equipment in a locked room.
• Operating system
• Configure the router with the maximum amount of memory
possible.
• Helps protect it from some DoS attacks.
• Use the latest stable version of the operating system that meets
the feature requirements of the network.
• Keep a secure copy of the router operating system image and
router configuration file as a backup.
Areas of network Device Continued..
• Router hardening
• Secure administrative control to ensure that only
authorized personnel have access and that their level of
access is controlled.
• Disable unused ports and interfaces to reduce the
number of ways a device can be accessed.
• Disable unnecessary services that can be used by an
attacker to gather information or for exploitation.
Router
• Basic configuration
• A basic router configuration should contain the following:
• Router name - Host name should be unique
• Banner - At a minimum, banner should warn against unauthorized
use
• Passwords - Use strong passwords
• Interface configurations - Specify interface type, IP address and
subnet mask. Describe purpose of interface. Issue no shutdown
command.
Configuration
• Command Step 1
• configure terminal
• interface gigabit ethernet slot/port
• ip address ip-address mask
• no shutdown
• exit
Configurations
• Verify Basic Router/Switch Configuration- Issue the show running-config
command
• Save the basic router configuration by Issuing the copy running-config
startup-config command
• Additional commands that will enable you to further verify router
configuration are:
• Show running-config - Displays configuration currently in RAM
• Show startup-config - Displays configuration file NVRAM
• Show IP route - Displays routing table
• Show interfaces - Displays all interface configurations
• Show IP interface brief - Displays abbreviated interface configuration information
Cisco Router Passwords
• All routers need a locally configured password for privilege access
and other access
• Use the command #enable secret cisco you can now change to the desired
password
• To increase the security of passwords, the following Cisco IOS commands
should be utilized: –
• Enforce minimum password length: security passwords min-length.
• Disable unattended connections: exec-timeout.
• Encrypt config file passwords: service passwordencryption.
Cisco routers-Banners
• Banner messages should be used to warn would-be intruders that
they are not welcome on your network.
• Banners are important, especially from a legal perspective.
• Intruders have been known to win court cases because they did
not encounter appropriate warning messages.
• Choosing what to place in banner messages is extremely important
and should be reviewed by legal counsel before being
implemented.
• Never use the word “welcome” or any other familiar or similar
greeting that may be misconstrued as an invitation to use the
network
Example of banner
Assignment #1
1. List and explain in 5 examples of each of the following:
• known network security threats
• vulnerabilities common to TCP/IP networks
• attacks that have been perpetrated by exploiting hidden
vulnerabilities in network systems and equipment
2. List and explain 4 Router hardening techniques