Lecture 2: Computer and Network Security PDF
Document Details
Uploaded by RespectableSanDiego
Egyptian Chinese University
2024
Dr. Allam Ameen
Tags
Related
Summary
This lecture covers various aspects of computer and network security, including different types of attacks like Trojan horses, malware behaviors, reconnaissance attacks, and denial of service attacks. It also delves into concepts such as social engineering and network security policies.
Full Transcript
Computer and Network Security (SET-413) Dr. Allam Ameen Assistant Professor Egyptian Chinese University, Faculty of Engineering and Technology Electronics Research Institute, Microstrip Department Lecture 2...
Computer and Network Security (SET-413) Dr. Allam Ameen Assistant Professor Egyptian Chinese University, Faculty of Engineering and Technology Electronics Research Institute, Microstrip Department Lecture 2 Fall 2024 Trojan horse This is a program characterized by two features: behavior that is apparently useful to the user. hidden malicious behavior, which usually leads to access to the machine on which this software is executed. 2 Dr. Allam Ameen Computer and Network Security Trojan horse Classification Trojan horses are usually classified according to the damage that they cause, or the manner in which they breach a system, as shown in the table. 3 Dr. Allam Ameen Computer and Network Security Common Malware Behaviors Computers infected with malware often exhibit one or more of the following symptoms: Appearance of strange files, programs, or desktop icons. Antivirus and firewall programs are turning off or reconfiguring settings. Computer screen is freezing or system is crashing. Emails are spontaneously being sent to your contact list without your knowledge. Files have been modified or deleted. Increased CPU and/or memory usage. 4 Dr. Allam Ameen Computer and Network Security Common Malware Behaviors Problems connecting to networks. Slow computer or web browser speeds. Unknown processes or services running. Unknown TCP or UDP ports open. Connections are made to hosts on the internet without user action. Other strange computer behavior. 5 Dr. Allam Ameen Computer and Network Security Types of Network Attacks Although there is no standardized way of categorizing network attacks, the method used in this course classifies attacks in three major categories. Network Attacks Reconnaissance Access Attacks DoS Attacks Attacks 6 Dr. Allam Ameen Computer and Network Security Reconnaissance Attacks Reconnaissance is information gathering. Threat actors use reconnaissance (or recon) attacks to do unauthorized discovery and mapping of systems, services, or vulnerabilities. Recon attacks precede access attacks or DoS attacks. 7 Dr. Allam Ameen Computer and Network Security Reconnaissance Attacks Some of the techniques used by malicious threat actors to conduct reconnaissance attacks are described in the table. 8 Dr. Allam Ameen Computer and Network Security Access Attacks Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services. The purpose of this type of attack is to gain entry to web accounts, confidential databases, and other sensitive information. 9 Dr. Allam Ameen Computer and Network Security Social Engineering Attacks Definition Social Engineering is the art of manipulating people into doing what you want them to do. It’s a very powerful tool that anyone can use, from an individual trying to get money out of someone or steal their identity to a hacker looking for information about your network and systems. Social engineering is also known as human error hacking because it involves using human psychology to trick people into giving up information they shouldn’t have. 10 Dr. Allam Ameen Computer and Network Security Social Engineering Attacks How Does Social Engineering Work? A technique, say phishing or tailgating, is used by the hacker to push the target into the trap. Once that’s done, information is stolen and used for personal benefits. Its stages are: The preparation of the event involves searching for target information The Infiltration comes next wherein the attack tries to connect with the target. The Exploitation happens after the success of the above two steps and involves leveraging from the target’s trust. The Disengagement happens on the attack’s success. The Trace removal and disappearing is the final step of the process, where the attacker focuses on removing everything that might help the victim or authorities catch him. 11 Dr. Allam Ameen Computer and Network Security Social Engineering Attacks 12 Dr. Allam Ameen Computer and Network Security Social Engineering Attacks 13 Dr. Allam Ameen Computer and Network Security Social Engineering Attacks Information about social engineering techniques is shown in the table. 14 Dr. Allam Ameen Computer and Network Security Denial of Service (DoS) Attacks A Denial of Service (DoS) attack creates some sort of interruption of network services to users, devices, or applications. There are two major types of DoS attacks: Overwhelming Quantity of Traffic. Maliciously Formatted Packets. A Distributed DoS Attack (DDoS) is like a DoS attack, but it originates from multiple, coordinated sources. If threat actors can compromise many hosts, they can perform a Distributed DoS Attack (DDoS). 15 Dr. Allam Ameen Computer and Network Security Denial of Service (DoS) Attacks Components of DDoS Attacks DDoS attacks are similar in intent to DoS attacks, except that a DDoS attack increases in magnitude because it originates from multiple, coordinated sources. 16 Dr. Allam Ameen Computer and Network Security Denial of Service (DoS) Attacks Buffer Overflow Attack The goal of a threat actor when using a buffer overflow DoS attack is to find a system memory related flaw on a server and exploit it. Exploiting the buffer memory by overwhelming it with unexpected values usually renders the system inoperable, creating a DoS attack. It is estimated that one third of malicious attacks are the result of buffer overflows. 17 Dr. Allam Ameen Computer and Network Security Denial of Service (DoS) Attacks 18 Dr. Allam Ameen Computer and Network Security Denial of Service (DoS) Attacks Evasion Methods Some of the evasion methods used by threat actors include: 19 Dr. Allam Ameen Computer and Network Security Denial of Service (DoS) Attacks Evasion Methods Some of the evasion methods used by threat actors include: 20 Dr. Allam Ameen Computer and Network Security Types of network security We identify three categories of network security. Physical security Logical security Administrative security 21 Dr. Allam Ameen Computer and Network Security Types of network security Physical security Physical security involves all aspects of the environment in which the resources are installed. This may include: the physical security of server rooms, network devices etc. the prevention of accidents and fires. uninterrupted power supply. video surveillance etc. 22 Dr. Allam Ameen Computer and Network Security Types of network security Logical security Logical security refers to the implementation of an access control system (using a software) in order to secure resources. This may include: applying a reliable security strategy for passwords. setting up an access model that is based on authentication, authorization and traceability. ensuring the correct configuration of network firewalls. putting in place IPS (intrusion prevention systems). using VPNs (Virtual Private Network) etc. 23 Dr. Allam Ameen Computer and Network Security Types of network security Administrative security Administrative security allows the internal monitoring of an organization using a manual of procedures. This may include: preventing errors and frauds. defining the responsibilities of different actors or operators. protecting the integrity of the company’s property and resources. ensuring that all operations concerning handling of material are recorded. rationally managing the company’s property. ensuring effective and efficient management of activities. 24 Dr. Allam Ameen Computer and Network Security Network Security Policies There are 14 network security domains specified by the International Organization for Standardization (ISO)/International Electro-technical Commission (IEC). 25 Dr. Allam Ameen Computer and Network Security Network Security Policies 26 Dr. Allam Ameen Computer and Network Security Network Security Policies 27 Dr. Allam Ameen Computer and Network Security Network Security Policies Security Policy Security policies are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A security policy also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance. 28 Dr. Allam Ameen Computer and Network Security Network Security Policies Policies that may be included in a security policy are: 29 Dr. Allam Ameen Computer and Network Security Network Security Policies BYOD Policies: Many organizations must now also support Bring Your Own Device (BYOD). This enables employees to use their own mobile devices to access company systems, software, networks, or information.. BYOD security best practices to help mitigate BYOD vulnerabilities are: 30 Dr. Allam Ameen Computer and Network Security 31 Dr. Allam Ameen Computer and Network Security
