Network Security: Designing a Secure Network

Questions and Answers

What is the main focus of network security?

Protecting data integrity, confidentiality, and availability

The Access Control measure aims to restrict access to network resources.

True

What does GDPR stand for?

General Data Protection Regulation

HIPAA stands for Health Insurance Portability and Accountability Act, which aims to protect ______ information.

protected health information

Match the following phases of network security design with their descriptions:

Planning Phase = Identifying security requirements and assessing risks Building Phase = Implementing security plan and deploying technologies Managing Phase = Ongoing maintenance, monitoring, and improvement of security measures

What is the definition of malware?

Malicious software designed to harm or exploit systems.

Denial-of-Service (DoS) attacks aim to provide more service availability to users.

False

What is the impact of SQL Injection attacks?

Unauthorized access to databases and data manipulation

Lack of encryption can expose sensitive data to _______ access.

unauthorized

Study Notes

Define a Process for Designing Network Security

• A network is a collection of interconnected devices and systems that communicate to share resources and information.
• Network design involves planning and structuring a network's layout and components to ensure efficient and secure communication.

Network Security

• Network security involves protecting the integrity, confidentiality, and availability of data and resources as they are transferred across or stored within a network.
• Key components of network security:
  • Access Control
  • Encryption
  • Firewalls
  • Intrusion Detection and Prevention Systems (IDS/IPS)
  • Security Policies
  • Incident Response

Network Management

• Network management involves monitoring, maintaining, and optimizing a network to ensure efficient and reliable operation.
• Key components of network management:
  • Monitoring
  • Configuration Management
  • Performance Management
  • Fault Management
  • Security Management
  • Reporting and Documentation

Designing Network Security

• Designing network security involves a structured process to ensure comprehensive protection against threats and vulnerabilities.
• The process can be broken down into three main phases: Planning, Building, and Managing.

Planning Phase

• Identify business needs and regulatory requirements.
• Conduct risk assessment, including asset identification, threat analysis, vulnerability assessment, and risk evaluation.
• Develop security policies, including access control and incident response plans.
• Design security architecture, including network segmentation, firewalls, IDS/IPS, and encryption.

Building Phase

• Implement infrastructure, including network segmentation, firewalls, and Virtual Private Networks (VPNs).
• Deploy security tools, including IDS/IPS, anti-malware, and encryption.
• Implement access control mechanisms, including authentication, authorization, and audit logs.
• Harden systems through patch management and configuration management.
• Conduct testing and validation, including penetration testing, security audits, and user training.

Managing Phase

• Monitor and surveil the network for suspicious activities.
• Implement continuous monitoring, Security Information and Event Management (SIEM) systems, and alerts and notifications.
• Manage incidents, including detection, response, and recovery.
• Maintain and update security measures, including regular updates, configuration reviews, and compliance audits.
• Continuously improve security through policy review, feedback loops, training, and security metrics.

Network Security Threats

• Malware: malicious software designed to harm or exploit systems; types: viruses, worms, trojan horses, ransomware, spyware; impact: unauthorized access, data theft, system disruption
• Phishing: social engineering attack where attackers impersonate trustworthy entities to trick individuals into revealing sensitive information; forms: email phishing, spear phishing, vishing (voice phishing), smishing (SMS phishing); impact: unauthorized access, identity theft, financial loss
• Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: overloading a system, network, or service with excessive traffic to disrupt normal functioning; impact: service outage, network slowdown, loss of availability
• Man-in-the-Middle (MitM) Attacks: intercepting and potentially altering communication between two parties without their knowledge; forms: eavesdropping, session hijacking, SSL stripping; impact: data interception, unauthorized access
• SQL Injection: exploiting vulnerabilities in web applications by injecting malicious SQL code into input fields; impact: unauthorized access to databases, data manipulation
• Cross-Site Scripting (XSS): injecting malicious scripts into webpages viewed by other users; forms: stored XSS, reflected XSS, DOM-based XSS; impact: cookie theft, session hijacking, defacement
• Zero-Day Exploits: targeting undiscovered vulnerabilities (zero-day vulnerabilities) before a patch or fix is available; impact: unauthorized access, data breaches, system compromise
• Brute Force Attacks: repeatedly attempting various combinations of usernames and passwords until the correct credentials are found; impact: unauthorized access, account compromise
• Eavesdropping (Packet Sniffing): unauthorized interception and monitoring of network traffic; impact: unauthorized access to sensitive information
• DNS Spoofing: redirecting DNS queries to malicious sites; impact: man-in-the-middle attacks, phishing, data theft
• Social Engineering: manipulating individuals into divulging confidential information or performing actions against their interests; forms: impersonation, pretexting, baiting; impact: unauthorized access, data breaches, compromised security
• Insider Threats: malicious actions or negligence by individuals within an organization; forms: intentional data theft, accidental data exposure; impact: data breaches, compromised security

Network Vulnerabilities

• Weak Passwords: passwords that are easy to guess or are not strong enough can be exploited by attackers; mitigation: enforcing strong password policies and using multi-factor authentication (MFA) where possible
• Outdated Software and Patching: failure to update and patch operating systems, applications, and network devices leaves vulnerabilities open for exploitation; mitigation: regularly applying security patches
• Unsecured Network Protocols: insecure or outdated network protocols expose sensitive information to eavesdropping; mitigation: using secure protocols (e.g., HTTPS instead of HTTP) and disabling deprecated protocols
• Lack of Encryption: failure to encrypt sensitive data during transmission or storage exposes it to unauthorized access; mitigation: implementing encryption protocols, such as SSL/TLS for data in transit and encryption for stored data
• Unsecured Wireless Networks: open or poorly configured Wi-Fi networks can be exploited by unauthorized users; mitigation: using strong encryption (WPA3), complex passwords, and regularly updating Wi-Fi passwords
• Insufficient Access Controls: inadequate access controls lead to unauthorized access or privilege escalation; mitigation: implementing the principle of least privilege, regularly reviewing user access levels, and ensuring proper user authentication
• Misconfigured Firewalls and Routers: improperly configured firewalls and routers allow unauthorized access to the network; mitigation: regularly reviewing and updating firewall rules to ensure alignment with security policies
• Phishing Attacks: social engineering attacks exploit human vulnerabilities to gain unauthorized access; mitigation: employee training and awareness programs
• Malware and Viruses: malicious software can exploit vulnerabilities to infiltrate a network; mitigation: employing anti-malware tools, keeping them updated, and regularly scanning for malware
• Unrestricted Physical Access: physical access to network infrastructure can lead to unauthorized manipulation; mitigation: restricting physical access to network devices and securing server rooms

Threat Model

• Asset Identification: identifying and enumerating all assets within the network, including hardware, software, data, and human resources
• Threat Enumeration: enumerating potential threats and vulnerabilities that could impact the network, including external and internal threats, such as malicious actors, malware, insider threats, and natural disasters
• Vulnerability Assessment: conducting a thorough vulnerability assessment to identify weaknesses in the network
• Risk Assessment: evaluating the likelihood and potential impact of identified threats and assigning risk levels based on the combination of threat likelihood and impact
• Attack Surface Analysis: analyzing the network's attack surface, including all points where an attacker could potentially gain unauthorized access
• Security Controls Evaluation: evaluating the effectiveness of existing security controls, such as firewalls, intrusion detection systems, access controls, and encryption mechanisms
• Incident Response Planning: developing an incident response plan outlining the steps to be taken in the event of a security incident