You are on page 1of 20

Network Security

MITM 205 Advance Computer Networks

Ralph Vincent H. Badon


Network Security

consists of the provisions made in an

underlying computer network
infrastructure, policies adopted by the
network administrator to protect the
network and the network-accessible
resources from unauthorized access and
the effectiveness (or lack) of these
measures combined together.
has become a major concern to
companies throughout the world

Security Issues

How do you protect confidential

information from those who do not
explicitly need to access it?
How do you protect your network and its
resources from malicious users and
accidents that originate outside your

Protecting Confidential Information

Its concern is to prevent the theft,

destruction, corruption, and introduction
of information that can cause irreparable
damage to sensitive
and confidential

Protecting Confidential Information

Confidential information can reside in two

states on a network.
on physical storage media - a hard drive
or memory
in transit across the physical network
These two information states present
multiple opportunities for attacks from
users on your internal network, as well as
those users on the Internet (if network is
connected to the Internet)

Common Methods of Attack

Network packet sniffers

IP spoofing
Password attacks
Distribution of sensitive internal
information to external sources
Man-in-the-middle attacks

Network Packet Sniffers

Several network applications distribute

network packets in clear textthat is, the
information sent across the network is not
a packet sniffer can provide its user with
meaningful and often sensitive information,
such as user account names and passwords
a packet sniffer can provide an attacker
with information that is queried from the
database, as well as the user account
names and passwords used to access the

IP Spoofing

refers to the creation of IP packets with a

forged (spoofed) source IP address with
the purpose of concealing the identity of
the sender or impersonating another
computing system.
By forging the header so it contains a
different address, an attacker can make it
appear that the packet was sent by a
different machine.

Denial of Service Attack

goal is to flood the victim with overwhelming

amounts of traffic, and the attacker does not
care about receiving responses to his attack
o the targeted host receives a TCP SYN and
returns a SYN-ACK.
o It then remains in a wait state, anticipating the
completion of the TCP handshake that never
o Each wait state uses system resources until
eventually, the host cannot respond to other
legitimate requests.

Password Attack

usually refer to repeated attempts to

identify a user account and/or password brute-force attacks
a brute-force attack is performed using
a dictionary program that runs across
the network and attempts to log in to a
shared resource, such as a server
can be implemented using several
different methods
brute-force attacks, Trojan horse
programs, IP spoofing, and packet

Distribution of Sensitive Information

Controlling the distribution of sensitive

information is at the core of a network
security policy
majority of computer break-ins that
organizations suffer are at the hands of
disgruntled present or former employees
At the core of these security breaches is
the distribution of sensitive information to
competitors or others that will use it to
your disadvantage

Man-in-the-Middle Attacks

the attacker have access to network

packets that come across the networks
An example of such a configuration
could be someone who is working for
your Internet service provider (ISP)
often implemented using network packet
sniffers and routing and transport
possible uses of such attacks are theft of
information, denial of service, corruption
of transmitted data, etc.

Attributes of a Secure Network

User authentication username/password

firewall - enforcing access policies such
as what services are allowed to be
accessed by network users
Intrusion Prevention System (IPS)
helps detect and prevent such malware
monitors for suspicious network traffic
for contents, volume and anomalies to
protect the network from attacks such
as denial of service

Attributes of a Secure Network

Encryption Mechanism - Communication

between two hosts using the network
could be encrypted to maintain privacy
Audit Trail - Individual events occurring on
the network could be tracked for audit
Surveillance and early-warning tools
decoy network-accessible resources
could be used to further tighten security
of the actual network being protected


acts as a go-between for requests from

clients seeking resources from other servers
evaluates the request according to its
filtering rules
For example, it may filter traffic by IP
address or protocol
A proxy server has two purposes:
To keep machines behind it anonymous
(mainly for security).
To speed up access to a resource (via
caching). It is commonly used to cache
web pages from a web server.


a part of a computer system or network that

is designed to block unauthorized access
while permitting outward communication
a device or set of devices configured to
permit, deny, encrypt, decrypt, or proxy all
computer traffic between different security
domains based upon a set of rules and other
frequently used to prevent unauthorized
Internet users from accessing private
networks connected to the Internet,
especially intranets

Types of Firewalls

Packet filter
Looks at each packet entering or
leaving the network and accepts or
rejects it based on user-defined rules.
Application gateway
Applies security mechanisms to specific
applications, such as FTP and Telnet


Types of Firewall

Circuit-level gateway
Applies security mechanisms when a
TCP or UDP connection is established.
Once the connection has been made,
packets can flow between the hosts
without further checking.
Proxy server
Intercepts all messages entering and
leaving the network.


Virtual Private Network (VPN)

a computer network in which some of the

links between nodes are carried by open
connections or virtual circuits in some
larger networks, such as the Internet


Any questions?

End of Lecture.
MITM 205 Advance Computer Networks