Chapter 7.pdf
Document Details
Uploaded by RapidBarium
Universiti Malaya
Tags
Related
- Network Security Controls - Technical Controls PDF
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 12_ocred.pdf
- Chapter 7 - 09 - Discuss Importance of Load Balancing in Network Security - 02_ocred.pdf
- Chapter 3 - 02 - Discuss Network Security Fundamentals_fax_ocred.pdf
- Chapter 7 - 01 - Discuss Essential Network Security Protocols - 08_ocred_fax_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 03_ocred_fax_ocred.pdf
Full Transcript
BPE3723: INTRODUCTION TO COMPUTER NETWORK & SECURITY INTRODUCTION Chapter 7: Network Security Introduction There are many techniques used by a hacker to gain control of a network. The network administrator needs to be aware of the different ways an intrude...
BPE3723: INTRODUCTION TO COMPUTER NETWORK & SECURITY INTRODUCTION Chapter 7: Network Security Introduction There are many techniques used by a hacker to gain control of a network. The network administrator needs to be aware of the different ways an intruder can use to gain access or even control of a network. The information presented in this chapter is an example of what the hacker already knows and what the network administrator needs to know to protect the network. Social Engineering The first issue of intrusion is social engineering. This is a way of for an intruder to gain enough information that enables the unauthorized user to gain access to the network. Social Engineering n An attacker tells a user that they are having trouble with their account and then ask for the user’s name and password. n Often a user will blindly provide the information not realizing that the person calling is not associated with the network and is in fact an attacker Social Engineering n This gives the attacker an account (username and password) to attack the network. This is just one example of social engineering. n This problem is not completely solvable because as the number of users increases, so does the possible ways to attack the network. Social Engineering n The solution is educating the user to not share information about they access the network and to always require identification from support staff. Fundamentals of Network Security Confidentiality ○ Keeping information away from unauthorized users – sender encrypts and receiver decrypts Integrity ○ Ensuring information received is what was really sent Availability ○ Preventing systems and services from becoming unusable Authentication ○ Deals with determining whom you are talking to before revealing sensitive information or entering into a business deal Nonrepudiation deals with signatures Fundamental Security Principles Principle of economy of mechanism Principle of fail-safe defaults Principle of complete mediation Principle of least authority Principle of privilege separation Principle of least common mechanism Principle of open design Principle of psychological acceptability Fundamental Attack Principles Attacker perspective on system security ○ Set of challenges to solve in order to reach their objectives Multiple ways to violate confidentiality, integrity, availability Steps and approaches attackers may use ○ Reconnaissance ○ Sniffing and snooping ○ Spoofing ○ Disruption (DoS [Denial of Service] attacks) From Threats to Solutions Determining what to do about attackers’ moves ○ Monitor the network ○ Address the systems-related issues of data confidentiality ○ Consider symmetric and public key cryptography ○ Consider digital signatures and key management ○ Look at the fundamental problem of secure authentication ○ Review network technologies providing communication security ○ Understand the problem of email security ○ Review security in the wider Web domain ○ Understand social issues regarding security The Core Ingredients of an Attack Reconnaissance Sniffing and snooping Disruption Access attack Reconnaissance Gain information about an organization ○ Dumpster dive or shoulder surf if physically possible ○ Use social engineering ○ Use the Internet to explore servers using IP addresses Port scanning ○ Probe a machine for active port Traceroute ○ Program that finds the path toward original IP addresses Sniffing and Snooping Promiscuous mode accepts all packets on a channel ○ tcpdump or Wireshark captures the traffic Sniffing in switched networks ○ Problem: Self-learning Ethernet switches ○ Overcome switching problem by spoofing ○ Attackers use MAC cloning to duplicate the MAC address of the host whose traffic is being sniffed ○ Attackers use MAC flooding ○ Attackers target hosts directly using an ARP spoofing or ARP poisoning attack ○ Attackers use an MITM (Man-in-the-Middle) gateway Access Attack This is your last assessment. Briefly explain what Access Attack is. Disruption Denial-of-service attacks ○ Attacks on availability ○ Occur when a victim receives data it cannot handle Reasons why a machine may stop responding: ○ Crashes ○ Algorithmic complexity ○ Flooding/swamping SYN flooding Reflection and amplification in DDoS attacks Defending against DDoS attacks Firewalls A firewall protecting an internal network Intrusion Detection and Prevention IDS (Intrusion Detection System) ○ Detect attacks—ideally before they can do damage ○ HIDS (Host-based IDS) ○ NIDS (Network IDS) ○ Signature-based intrusion detection systems ○ Anomaly-based intrusion detection systems IPS (Intrusion Prevention System) ○ Should detect and stop an attack ○ Glorified firewall ○ Watch for false positives and false negatives Principle of defense in depth THANK YOU
