CHP 14.12 Network Security

S
AU
hy
ak
R
Rakhy Praveen
Learning Objectives
Obj: To know prevention of network security issues using physical and software methods.
Prior Learning: Students know about network, shared data, and network security issues.
S
Keywords: barriers, locks, surveillance, alarm systems, security, Guards, biometric methods,
anti-malware, anti-virus, anti-spyware, encryption, access rights/permissions
AU
hy
ak
R
Rakhy Praveen
Network Security- Security Issues
Unauthorised Access
S
Commonly known as hacking, it occurs when someone gains access
AU
to a network without permission. Hackers can bruteforce username
and password to gain access to networks. Once they have access,
hy
they can read and even change data on the system. Unauthorized
ak
access is when someone gains access to a website, program, server,
R
service, or other system using someone else's account or other
methods.
Rakhy Praveen
Unauthorised Access
How do you protect networks from unauthorized access?
S
AU
Use Strong Passwords
hy
1.Use antivirus software. “Do not avoid security patches”. ...
2.Keep the software up to date.
ak
3.Verify your software security. Do not allow any application to make
R
changes to your computer.
4.Back up early and often. Make use of websites that provide storage
and allow you to keep a copy of your information.
Rakhy Praveen
botnets that attack systems
An attack that comes from a single third party and computer, or it could be distributed across many computers.
Malware downloaded onto a computer will stay dormant until a third party wants to use the computer in an
S
attack. Each computer infected with this type of malware is called a bot. The third party will then ‘wake up’ the
malware infested bots and form a botnet. The botnet can be used to initiate a distributed denial of service (DDos)
AU
attack.
DDos - Bots used to send huge number of requests to a web server at once causing the web server to struggle to
hy
handle all the requests and eventually crash.
Ways in which third-parties damage or steal data:
ak
• Installing a backdoor, in software
• Brute force to get into a computer R
Installing a backdoor, in software – Allows a hacker to gain unauthorized access to a computer system, through
the backdoor (mainly present in non-legitimate software and is implemented using malware)
Brute force to get into a computer – Trying different combinations of a password or using software to try
different combinations for them. As a result, allowing them unauthorized access to a computer system using their
Rakhy Praveen
log-in details.
Malware
S
Malware is any software intentionally designed to cause damage to
AU
a computer, server, client, or computer network. Viruses, spyware
and malware can easily spread through networks.
hy
Malware, or malicious software, is any program or file that is
ak
harmful to a computer user. Types of malware can include computer
R
viruses, worms, Trojan horses and spyware.
Rakhy Praveen
Types of Malware
Worm
S
A worm is self-replicating and spreads without end-user action, causing real
AU
damage. Viruses need end users to kick them off so that they can go on and
infect other files and systems. On the other hand, worms don’t need any such
hy
end-user action. They’d simply spread by themselves, self-replicating in the
ak
process and destroying systems, devices, networks and connected infrastructure
R
as well. Worms spread by exploiting other files and programs to do the
spreading work. When one person in an organization opens an email that
contains a worm, the entire network in the organization could get infected in
just a few minutes
Rakhy Praveen
Types of Malware
Trojan
S
AU
Trojans contain malicious instructions. Trojans mostly arrive via email or spread
from infected websites that users visit. They only work when the victim executes
hy
it. A user may find a pop up that tells him his system was infected. The pop up
would instruct him to run a program to clean his system. He takes the bait,
ak
without knowing that it is a Trojan. Trojans are very common, especially because
R
it is easy to write Trojans. Additionally, they are easy because Trojans spread by
tricking end-users to execute them. This effectively renders security software
useless.
Rakhy Praveen
Types of Malware
Ransomware
S
It is a type of malware from crypto virology that locks the user out of their files
AU
or their device, then demands an anonymous online payment to restore access.
Ransom malware, or ransomware, is a type of malware that prevents users from
hy
accessing their system or personal files and demands ransom payment in order
ak
to regain access. ... Today, ransomware authors order that payment be sent via
cryptocurrency or credit card
R
Rakhy Praveen
Types of Malware
Adware
S
Adware is nothing but attempting to expose users to
AU
unwanted, potentially malicious advertising. These ads most
likely end up infecting a user’s device. There are adware
hy
programs that redirect a user, during browser searches, to
ak
look-alike web pages that have promotions of other products.
R
Removing adware is easier. You just need to find the malicious
executable and remove it.
Rakhy Praveen
Types of Malware
Spyware
S
Spyware is software that secretly collects information without the
AU
user being aware. Spyware can log user activity including identifying
credit card information. or usernames and passwords. Another
hy
problem for networked computers is that spyware can collect data
ak
and then transmit it to another server so that the perpetrator can
R
access that information. If a key logger is used, then every keystroke
made by a user is recorded and this could include confidential data.
Rakhy Praveen
Denial of Service (DoS)Attack
In computing, a denial-of-service attack is a cyber-attack in
S
which the culprit seeks to make a machine or network
AU
resource unavailable to its intended users by temporarily or
indefinitely disrupting services of a host connected to the
hy
Internet. A denial-of-service (DoS) is any type of attack where
ak
the attackers (hackers) attempt to prevent legitimate users
R
from accessing the service.
Rakhy Praveen
Denial of Service (DoS)Attack
Types
S
1. Browser redirection
AU
2. Closing Connections
hy
3. Destruction of data
ak
4. Resource Exhaustion
R
Rakhy Praveen
Denial of Service (DoS)Attack-Types
Browser redirection
S
A URL Redirection Attack is a kind of vulnerability that redirects you to another
AU
page freely out of the original website when accessed, usually integrated with a
phishing attack
hy
Destruction of data
ak
DoS attacks are not designed to gain access to data, but purely to
R
cause disruption. A DoS attack can last for hours, days or weeks.
Rakhy Praveen
Denial of Service (DoS)Attack-Types
Resource Exhaustion
S
DoS attacks involve the perpetrator using a single internet connection to overload the target,
AU
but distributed denial of service (DDoS) attacks use multiple connections distributed across
the internet. These are much more difficult to defend because they are coming from so many
hy
different locations.
Closing Connections
ak
R
It is also known as Service Attack. Closing connections between the user and the
server. Hackers can open and close connection port.
Rakhy Praveen
Security Methods
Access Rights
S
When a user logs onto a network, they are given rights to access different parts
AU
of that network. These access rights are usually related to data but can also be
related to services that are available, such as accessing the World Wide Web,
hy
accessing email accounts and running software.
The most common access rights that are given are:
ak
• create (C): users can create new items of data
CRUD
R
• read (R): users can read existing data
• update (U): users can make changes to data
• delete (D): users can delete data.
Rakhy Praveen
Security Methods
Access Rights
S
In order to gain these access rights it is necessary for a user to identify
AU
themselves. This is usually done by entering a user ID, but other methods can be
used such as an email address, swipe card, NFC using a phone or card or
hy
biometric methods.
ak
It’s also possible to disable accounts at certain times of day so that users who
R
work from 9 a.m. to 5 p.m. can only access their accounts during that time and
this prevents somebody from trying to use their account outside those hours.
Rakhy Praveen
Security Methods
Access Rights
S
• It is for this reason that a user is also expected to authenticate themselves
AU
using a password or personal identification number (PIN) to prove they are
who they claim to be.
hy
• It is essential that a user selects a password that is secure and is less likely to
be guessed.
ak
• One of the biggest problems with passwords is that a user must be able to
R
remember it. If the user writes the password down then it can easily be
stolen. If a user uses the same password for several accounts then, once it is
known for one account, it can be used by hackers for another account.
Rakhy Praveen
Security Methods
Access Rights
• Security measures can also be put into place to ensure that certain user accounts can only
S
be accessed from specific computers.
AU
• Where security is critical, two-factor authentication (2FA) can be used which requires two
hy
security components to gain access. This can be as simple as using a swipe card and a PIN
but it can also include more complex methods.
ak
• The user could also be issued with a token which could be a small device that generates
R
one-time passcodes or a USB key that includes a secret token stored on it. One of the
downsides of requiring a swipe card or token is that the user must always have it available,
which means carrying it around. It can also be lost or stolen.
Rakhy Praveen
Security Methods
Access Rights
S
Mobile phone 2FA involves the system sending a one-time passcode
AU
by text message to the user’s mobile phone, which the user has to
enter to confirm it is them trying to access the system. This is often
hy
used by banks to confirm the user’s identity before setting up a
ak
transfer of money to another account.
R
Rakhy Praveen
Security Methods
Biometric Methods
S
Biometrics are biological characteristics that can be measured. Biometric
AU
security uses these biological characteristics to authenticate a user’s identity.
The biological characteristic has to be unique to each user in order to be able to
hy
authenticate the user.
ak
R
Rakhy Praveen
Security Methods
Biometric Methods
S
Characteristics used for biometric security include retina recognition,
AU
facial recognition, fingerprints and voice recognition. Biometric
security uses these biological characteristics to authenticate a user’s
hy
identity. The biological characteristic has to be unique to each user in
ak
order to be able to authenticate the user. Fingerprints and retina
R
scans are tried and tested methods and are known to be very secure.
Facial recognition is a developing field of study and is being used
within some applications.
Rakhy Praveen
Security Methods
Biometric Methods
S
• Voice recognition has never been an ideal security method as there are so
AU
many parameters that can change, such as a person having a cold that affects
their speech, background noise or the potential fora voice to be recorded
hy
and played back.
• Biometric security can be used as a 2FA method by requiring both biometric
ak
security and a password.
R
• Users can both identify themselves and confirm their identity using biometric
security. This method is also user proof in that fingers or eyes can’t be
forgotten as an ID card or password can be
Rakhy Praveen
Security Methods
Firewalls
• Networks that have access to a WAN or the internet have two-way traffic into and
S
out of the network. A firewall controls what data can flow into and out of the
AU
network.
• A firewall may be part of a router or it may be software installed on a server that
hy
sits between the network and the gateway. It is effectively a barrier between the
ak
network and external data traffic.
• Firewalls include an access control list (ACL) that uses a technique called packet
R
filtering. An ACL controls which data packets are allowed through the firewall. The
ACL will include a set of rules that determine which protocols, port numbers, source
addresses and destination addresses are allowed or not allowed. If data packets are
not allowed, then they will be dropped. Rakhy Praveen
Security Methods
Firewalls
The ACL can also include rules that direct certain traffic to specific
S
destinations. Another rule in the ACL could be that requests for access
AU
on certain ports are only allowed from predefined IP addresses on the
hy
internet. This could be used to control devices that have virtual private
network (VPN) access or devices that could be used to initiate Telnet
ak
sessions to control the network.
R
A firewall often includes a proxy server. The proxy server makes
requests to the internet on behalf of client computers within the
network. Rakhy Praveen
Security Methods
Firewalls
S
• If a client wants to request a website, then the request will be sent
AU
to the proxy server and the proxy server will then fetch the website
and return it to the client. Any requests for data from the internet or
hy
from outside the network must be made through the proxy server.
ak
• On the other hand, if the ACL is configured to allow all data packets
R
except those which are deemed unsafe, then there are more
opportunities for hackers and malware to sneak into the network.
Rakhy Praveen
Security Methods
Backups
S
A backup is a copy of the original data. A backup is required if
AU
something goes wrong and the original data is either damaged or lost.
A backup does not stop a hacker from gaining access to data, nor does
hy
it stop viruses from causing damage to data, but it is essential when
ak
recovering from an attack.
R
A backup can also be used to restore data when non-malicious
destruction of data has occurred, such as a file becoming corrupt or
physical storage media being destroyed by fire or water.
Rakhy Praveen
Security Methods
Backups
S
• In a network, backup processes should be set to run automatically and
AU
regularly. The more regularly a backup process is run, the more storage that
will be required for the backup data.
hy
• However, if a backup process is run less regularly, then there will be more new
data that has not been secured in case of a problem.
ak
• In a network environment, backups are usually stored on tapes or remotely at
R
another location. That location might be a server at another organisation or it
might be servers in the 'cloud’, which are effectively internet-based storage.
Rakhy Praveen
Security Methods
Backups
S
Storing data remotely has advantages which include not having to change tapes
AU
each day and the data being away from the original in case of fire or flood.
However, it also means that the data is ‘connected’ and part of a network which
hy
could also suffer a security breach. Storing data on tapes means that the tapes
have to be changed each day and then relocated to
ak
a secure location away from the main servers.
R
Rakhy Praveen
Security Methods
Encryption
S
• Encryption is the process of changing the data so that if it is accessed without
AU
authorisation, then it will be unreadable.
• Although encryption can stop a hacker from reading data, it does not stop a
hy
hacker from destroying data and it does not stop malware.
• However, it is important when data is being transmitted, particularly if that
ak
data is sensitive and if the data is being passed through an open network such
R
as a Wi-Fi hotspot or the internet.
Rakhy Praveen
Security Methods
Encryption
S
• When data has been encrypted, only the intended recipients will be able to
AU
decipher (decrypt) it using a decipher algorithm. Random encryption keys are
used to encrypt the data so that the same algorithm is not used each time.
hy
Therefore, anybody trying to intercept the data not only needs to be able to
view the data, but must also have access to the decryption key.
ak
• Websites that use encryption for passing data will use the HTTPS protocol
R
rather than the HTTP protocol.
• Email protocols can also use encrypted protocols, as can many other
protocols.
Rakhy Praveen
Security Methods
Malware security (anti-virus and anti-spyware)
S
Anti-virus software now tends to be referred to as anti malware software as it
AU
deals with other threats, such as adware and spyware, as well as viruses. Anti-
malware software has two main functions.
hy
• The first is an anti-virus monitor that is continually monitoring the system for
malware. If the anti-virus monitor detects any unusual behaviour or tell-tale
ak
signs of malware, then it will prevent that malware from being executed so
R
that it cannot cause damage to files or programs.
• The second function is to check for malware that may already be on a system.
This is usually known as scanning the system.
Rakhy Praveen
Security Methods
Malware security (anti-virus and anti-spyware)
S
If any malware is found, then the user will usually be given the option to disinfect
AU
the malware, put it into quarantine or ignore it.
• Ignoring it is very dangerous because it means the malware will be executed
hy
and may have unexpected results.
• Disinfecting the malware is the safest option as it completely removes the
ak
malware from the system, but it does mean that any data or program that
R
included the malware will be deleted.
• The compromise is to put the malware into quarantine. This is a safe area
where the malware cannot be executed, but the data or program remains
isolated until it can be checked more thoroughly. Rakhy Praveen
Security Methods
Physical security methods
S
• Physical security methods are about protecting computer equipment. This can
AU
include standard methods that are used to secure other equipment and
buildings or specialist physical devices that are designed to protect computer
hy
equipment.
• Security guards can be used to verify every person who enters a building or
ak
specific rooms to ensure that they are authorised to gain entry.
R
• Physical lock scan be used on server room doors to prevent unauthorised
access to those rooms. These can be key locks, swipe card locks or numerical
code locks. This type of security should also be applied to backup tapes, which
should be stored in a safe that is kept offsite. Rakhy Praveen
Security Methods
Physical security methods
• Main servers should be protected against electrical surges. This can be done using
S
extension leads that offer surge protection, but most servers will be protected by
AU
uninterruptible power supply (UPS) units which are basically battery packs that will
provide power in the event of a power cut, but will also ensure that the power
hy
supply is uniform.
ak
• Server rooms should be located in areas that are protected from fires and floods.
This should include providing additional fire protection, such as a server room with
R
fireproof doors, carbon dioxide fire extinguishers and putting backup tapes in
fireproof safes. Server rooms should not be located on the ground floor, which can
be susceptible to floods, and they should be away from any water pipes that could
potentially burst. Rakhy Praveen
Impact of network security threats on
individuals and organisations
S
AU
hy
ak
R
Rakhy Praveen

CHP 14.12 Network Security

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CHP 14.12 Network Security

Uploaded by

Copyright:

Available Formats

S

Ways in which third-parties damage or steal data:

You might also like