Network security

• Field of network security:

• how bad guys can attack computer networks
• how we can defend networks against attacks
• how to design architectures that are immune to attacks
• Internet not originally designed with (much)
security in mind
• original vision: “a group of mutually trusting users
attached to a transparent network” 
• security considerations in all layers!
Security Goals
• Information needs to be hidden from unauthorized access
(confidentiality)
• Protected from unauthorized change (integrity)
• Available to an authorized entity when it is needed (availability)
Snooping
• Unauthorized access to another person's or company's data
• keylogger
• man-in-the-middle
• packet capture or sniffer
• telephone wiretaps
• Snooping is a form of eavesdropping with the purpose of learning information
that is not intended to be visible or shared.
• Spoofing, on the other hand, is a method used to make an electronic device or
network look like it is a trusted source. A spoofed device is used to gain the trust
of a remote device, user or service so that it can freely share information.
• While the two terms are used to refer to activities to gain unauthorized access to
information, they use different tactics to accomplish that goal.
Snooping (Ways to prevent snooping attacks)
• Avoid using public Wi-Fi networks.
• Use secure Wi-Fi authentication techniques.
• Keep antivirus software updated.
• Use strong passwords, and change them frequently.
• Use encryption when transmitting and storing sensitive data.
• Know your surroundings, and turn computer screens away from surveillance
cameras.
• Deploy network monitoring and prevention tools, such as firewalls, virtual private
networks (VPNs).
• Segment networks so that secure communications flow through specific portions
of the network that can be better protected from spoofing attacks.
Traffic Analysis attack
• Attacker can find the source and destination address
• Can monitor the traffic pattern such as number of messages, time of
communication etc.
• Encrypt the traffic
• NAT
• Padding (insert fake packets)
• Traffic Queue (time set for traffic transfer)
Modification
• After intercepting or accessing information, the attacker modifies the
information to make it beneficial to herself.
• For example, a customer sends a message to a bank to initiate some
transaction. The attacker intercepts the message and changes the
type of transaction to benefit herself.
• Note that sometimes the attacker simply deletes or delays the message to
harm the system or to benefit from it.
Masquerading
• Masquerading, or spoofing, happens when the attacker impersonates
somebody else.
• For example, an attacker might steal the bank card and PIN of a bank
customer and pretend that she is that customer.
• Sometimes the attacker pretends to be the receiver entity.
• For example, a user tries to contact a bank, but another site pretends that it is
the bank and obtains some information from the user.
Replaying
• In replaying, the attacker obtains a copy of a message sent by a user
and later tries to replay it.
• For example, a person sends a request to her bank to ask for payment to the
attacker, who has done a job for her. The attacker intercepts the message and
sends it again to receive another payment from the bank.
Repudiation
• The sender of the message might later deny that she has sent the
message; the receiver of the message might later deny that he has
received the message.
• An example of denial by the sender would be a bank customer asking her
bank to send some money to a third party but later denying that she has
made such a request.

• An example of denial by the receiver could occur when a person buys a

product from a manufacturer and pays for it electronically, but the
manufacturer later denies having received the payment and asks to be paid.
Authentication
The process of identifying a user’s identity, making sure that they can have access to the system and/or files.
This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above.
Botnet
A combination of the words “robot” and “network”, a botnet is a network of computers that have been infected
with a virus, and now are working continuously in order to create security breaches.
These attacks come in the form of Bitcoin mining, sending spam e-mails, and DDoS attacks.

Malware
Malware is a general term for any type of intrusive computer software with malicious intent against the user.

DDoS
The acronym stands for Distributed Denial of Service and is a favorite Black Hat tool. Using multiple hosts and users,
hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to
temporarily shut down.
DDoS
A Denial of Service (DoS) or Distributed
Denial of Service (DDoS) attack is when
one or more compromised systems launch
a flooding attack on a remote target(s), in
an attempt to overload network resources
and disrupt service. Some DDoS attacks
have caused prolonged, complete service
shutdowns of major online operators.
 Encryption Coding used to protect your information from hackers

An attack on the “middleman”, in this case, defined as the Wi-Fi system that connects users to the Internet.
Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means
of stealing your personal data because they’re now in the system.

Ransomware (Cryptolocker)
A form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to
unlock everything. In other words, it kidnaps your computer and holds it for ransom, hence the clever name.

Spoofing
The ability to inject packets into the Internet with a false source address is known as IP spoofing, it is one of many
ways in which one user can masquerade as another user.

Spyware (Agent Tesla, TrickBot)

A form of malware used by hackers to spy on you and your computer activities.
If a mobile device such as a smartphone is infected with spyware, a hacker can read your text messages,
redirect your phone calls, and even track down where you are physically located!
Trojan Horse (Rakhni Trojan, TinyBanker)
Yet another form of malware, this one a misleading computer program that looks innocent,
but in fact allows the hacker into your system via a back door, allowing them to control your computer.

Virus
Malware which changes, corrupts, or destroys information, and is then passed on to other systems,
usually by otherwise benign means (e.g. sending an email). In some cases, a virus can actually cause physical damage.

VPN
An acronym standing for Virtual Private Network, a VPN is a method of connecting a series of computers and
devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address.
Users get Internet anonymity, making it difficult for hackers to attack.

Worm
Malware that can reproduce itself for the purposes of spreading itself to other computers in the network.
Particularly nasty, worms can either be simply a means of slowing down a system by eating up resources, or
by committing exploits such as installing back doors or stealing data.

Packet Sniffer A passive receiver that records a copy of every packet that flies by is called a packet
sniffer. Because packet sniffers are passive—that is, they do not inject packets into the channel—they are
difficult to detect. So, when we send packets into a wireless channel, we must accept the possibility that
some bad guy may be recording copies of our packets. As you may have guessed, some of the best
defenses against packet sniffing involve cryptography.
 Bad guys: attack server, network infrastructure
Denial of Service (DoS): attackers make resources (server,
bandwidth) unavailable to legitimate traffic by
overwhelming resource with bogus traffic

1. select target
2. break into hosts around the
network (see botnet)
3. send packets to target from
compromised hosts
target
Bad guys can sniff packets
packet “sniffing”:
• broadcast media (shared ethernet, wireless)
• promiscuous network interface reads/records all packets (e.g.,
including passwords!) passing by
A C
Packet Sniffer A passive receiver that
records a copy of every packet that flies
by is called a packet sniffer.
Because packet sniffers are passive—
that is, they do not inject packets into
the channel—they are difficult to detect.
So, when we send packets into a wireless
channel, we must accept the possibility tha
some bad guy may be recording copies of
our packets. As you may have guessed,
some of the best defenses against packet
sniffing involve cryptography.

src:B dest:A payload

B
 wireshark software used for end-of-chapter labs is a
(free) packet-sniffer
Bad guys can use fake addresses

IP spoofing: send packet with false source address

A C

src:B dest:A payload

… lots more on security (throughout, Chapter 8)

Introduction 1-17
BYOC/BYOD

• Bring Your Own Computer (BYOC) is a fairly recent enterprise

computing trend by which employees are encouraged or allowed to
bring and use their own personal computing devices to perform some
or part of their job roles, specifically personal laptop computers.