8/9/2019 Group E Network Security
1/34
Network Security
Presenting : GROUP E
01 Manoj04 Sheetal06 Nitin15 James30 Pramod39 Yogesh
8/9/2019 Group E Network Security
2/34
Real Time Cases
Network Attacks through Facebook, Twitter Tripled in 2009
Sophos, An IT Security firm surveyed around 500 firms and investigations found that, as
more organizations allow employees to use social media like Facebook and Twitter at work,
cyber crime attacks on these networks have exploded. Reports of malware and spam rose
70 percent on social networks in the last 12 months, the security survey reveals
Sophos finds 57 percent of users report they have been spammed via social networking sites
and 36 percent reveal they have been sent malware via social networking sites.
8/9/2019 Group E Network Security
3/34
Virginia State Prescription Monitoring Program Records - Hackers stole 8.3 million
records, erased the originals and created an encrypted backup of VPMP's database. The
records were patient records and 35 million drug prescriptions for their patients. For a
twist, the hackers defaced the VPMP's website with a ransom note demanding $10million bucks which they never got it
Phishing attacks on banking sites - The report shows that only a very few bank
customers actually click on a phishing email, in fact it is only 0.000564%. Of these
people that do click though 45% of them provide their personal credentials to the fake
phishing site. Although the click rate is super low the scale of users involved makes this
a significant loss to banks. Bank looses between 2.4 and 9.4 million dollars (per million
online bank users) to phishing fraud annually!
Real Time Cases
8/9/2019 Group E Network Security
4/34
What is Security
Freedom from risk or danger; safety.
Freedom from doubt, anxiety, or fear; confidence.
Something that gives or assures safety
8/9/2019 Group E Network Security
5/34
Why do we need security?
Protect vital information while still allowing access to those who need it
Ex. Trade secrets, medical records, etc.
Provide authentication and access control for resources
Ex: AFS
Guarantee availability of resources
Ex: (99.999% reliability)
8/9/2019 Group E Network Security
6/34
Security Objectives
Identification
Authentication
Authorization
Access Control
Data Integrity
Availability
Confidentiality
Non-repudiation
8/9/2019 Group E Network Security
7/34
Security Objectives
Identification
Unique identification : UserID
UserID can be one or combination of UserName or SSN etc
Availability
Legal users should be able to access
To ensure maximum network uptime
Authentication
The process of verifying the identity of a user.
Linked with security question / information
Something which user knows or belongs to.
1. One Factor Authenticationpassword which is something you know
2. Two Factor Authentication
something you to use a security token or 'dongle', an ATM card, or your mobile phone
3. Three Factor Authentication
A fingerprint or retinal scan.
8/9/2019 Group E Network Security
8/34
Security Objectives
Client
UserID & Password
ServerID &
Password
Authenticated
Authenticated
Server
One-way Authentication
Two-way Authentication
Two-Party Authentications
8/9/2019 Group E Network Security
9/34
Security Objectives
Authe
ntic
ated
Clie
ntID,Pass
word Serv
erID,Passw
ord
Authenticated
Exchange Keys
Exchange DataClient Server
Security Server
Third-Party Authentications
8/9/2019 Group E Network Security
10/34
Security Objectives
Authorization
The process of assigning access right to user
Access Control - The process of enforcing access right and is based on following threeentities
Subject -is entity that can access an object
Object -is entity to which access can be controlled
Access Right -defines the ways in which a subject can access an object.
Data Integrity
Assurance that the data that arrives is the same as when it was sent.
SSL VPNs and IPSec VPNs have been popular technologies to provide secure access.
Confidentiality
Assurance that sensitive information is not visible to an eavesdropper. This is usually
achieved using encryption.
Non-repudiation
Assurance that any transaction that takes place can subsequently be proved to have takenplace. Both the sender and the receiver agree that the exchange took place.
8/9/2019 Group E Network Security
11/34
Network Security
Definition
It provides protection at the boundaries of an organization by keeping out
intruders or hackers. Information security, focuses on protecting data
resources from malware attack or simple mistakes by people within an
organization.
8/9/2019 Group E Network Security
12/34
Todays Network
8/9/2019 Group E Network Security
13/34
Network Security Model
8/9/2019 Group E Network Security
14/34
Reasons for Security Attacks
Competition
Thrill
Revenge (former employee)
Terrorism
Financial gain
Political
Religion
Reputation and ego of the hacker
Intellectual Property theft, Trade Secrets
Commercial or personal
Bored youth...(Time pass)
8/9/2019 Group E Network Security
15/34
Network Attacks
Occurs due to violation of IT security policy, acceptable use policy or of standard procedures.1. Malware attacks
virus
worms
Trojan horses
2. Denial of Service ( DOS )
as a side-effect of malware attack
as a deliberate, intelligent attack
3. Intruders, intelligent agent attacks
insiders
outsiders
ex-insiders
4. Email
advertising - SPAM
scams: phishing, stock market
malware-carrying: Trojans
5. Operational incidents
system failures: crashes, environmental failure
operator error
8/9/2019 Group E Network Security
16/34
Network Attacks
DOS (Denial-of-Service)
Attacks are most difficult to address. These are the nastiest, very easy to launch but difficultto track. Attacker's send more requests to the machine than it can't handle. The attacker'sprogram simply makes a connection on some service port. If the host is able to answer 20requests per second, and the attacker is sending 50 per second so that the host will beunable to service all of the attacker's requests.
Employee accessing files at strange times or unauthorized stuff.
Unauthorized Access
Unknown and untrusted person trying to access your network or system. Goal is to gainaccess to resource that your machine should not provide to the attacker. It is a very high-level attack. Through this intruders unethically gains administrator privileges and executscommands Illicitly and making configuration changes on a host.
Network intrusionThe attackers or hackers gain access to a network by probing and sniffing out weak spots inthe hardware and software configuration, or by cracking passwords using brute force.
Another method is IP spoofing where an intruder sends messages to the target computerusing the IP address of a trusted host computer, so that the data appears to be coming fromthat trusted host.
8/9/2019 Group E Network Security
17/34
Network Attacks
Viruses, Worms and Trojan HorsesViruses and worms are malicious programs or pieces of software code that are usuallydisseminated via e-mail or Internet packets.When a virus gets into an unsuspectingcomputer, it often replicates itself and uses the e-mail system to send out copies of the virusto other recipients in the e-mail address list.
Some viruses destroy data while worms simply replicate themselves over and over, thususing up system memory.
Trojan Horses is a common method of intrusion to send e-mail with seemingly harmless
applications as attachments. These applications or applets or software programs get into thenetwork server and hide there.
Social Engineering
It is a non-technical kind of intrusion relying heavily on human interaction which ofteninvolves tricking other people into breaking normal security procedures, the attacker usessocial skills and human interaction to obtain information about an organization or theircomputer systems. It occurs due to natural human tendency to trust. This is exactly whatmakes us vulnerable.
8/9/2019 Group E Network Security
18/34
Defense In Depth
Firewall
Chokepoint device
Barrier between two networks
Set Rule for traffic allow /deny
Decides what to allow and what not
It separates organization's intranet and the Internet.
Authentication
Involves username and a passwordRemote Authentication Dial-in User Service (RADIUS)
Strong passwords recommended
8/9/2019 Group E Network Security
19/34
Defense In Depth
Proxy ServerThis is the process of having one host act in behalfof another.
Fetches documents from the Internet.
No direct connection to internet
All hosts on the intranet can access internet viaproxy
Demilitarized Zone (DMZ).
DMZ is a critical part of a firewall.
It is a network between intranet and internet.
It connects the untrusted network to thetrusted.
Someone who breaks into your network fromthe Internet.
8/9/2019 Group E Network Security
20/34
Defense In Depth
Intrusion Detection System (IDS)
Burglar alarm system for network
Detect, alert malicious event
NIDS Monitor network traffic for suspicious activity
HIDS- Monitor individual host
Alerts in the form of email/ pager/ Reporting to centralized
database.Drawback Notify after occurrence.
8/9/2019 Group E Network Security
21/34
Defense In Depth
Intrusion prevention system (IPS)It helps to detect and prevent malwareattack.
Defend without Administrators directinvolvement
NIPS Device sit on network and preventintrusions.
HIPS- Software run on Host.
8/9/2019 Group E Network Security
22/34
Defense In Depth
Virtual Private Networks (VPN)
Private network uses a public network (Internet) to
connect remote sites or roaming users together
Replaces dedicated physical connection or lease
lines
Provides ability for two offices to communicate
To connect several offices together VPN is the bestway
All transmitted data is encrypted to prevent
malicious programs, and people, from accessing your
personal information, or communications.
Intended for business partners, outsourcing,
roaming users
8/9/2019 Group E Network Security
23/34
Defense In Depth
Router
Does packet filtering and manages network traffic.
Access Control List does selection about the packet that comes to it or go out. They
check origination address, destination address, destination service port, and so on
Crypto-Capable Routers are more secure and does session encryption between specified
routers.
8/9/2019 Group E Network Security
24/34
Defense In Depth
Host Hardening
Requirements evaluation to see what the server is for and to assess the risks involved
Balancing security between ultimate security and usability
Disabling unused services and user accounts
Public facing or Internet enabled servers such as e-mail, web or DNS servers
Security Patching
Most desktop or server security incidents are centered on flaws in OS.
Vendors release patches to cover these security holes
Up-to-date security-related patches can reduce risk
8/9/2019 Group E Network Security
25/34
Wireless Network Security
Common for organizations and individuals.
The ability to enter a network while mobile
has great benefits.
Wireless networking has many security issues
and relatively easy to break.
Enterprises define effective wireless security
policies that guard against unauthorized access
to important resources.
Wireless Intrusion Prevention Systems are
commonly used to enforce wireless security
policies.
8/9/2019 Group E Network Security
26/34
Wireless Network Security
MAC ID filtering
Most wireless access points contain some type of MAC ID filtering that allows the
administrator to only permit access to computers that have wireless functionalities that
contain certain MAC Ids. Cracking utilities such as SMAC are widely available, and some
computer hardware also gives the option in the BIOS to select any desired MAC ID for its
built in network capability.
Wired Equivalent Privacy
WEP stands forWired Equivalent Privacy. This encryption standard was the original
encryption standard for wireless. This standard was intended to make wireless networks as
secure as wired networks. Unfortunately, this never happened as flaws were quickly
discovered and exploited. There are several open source utilities like aircrack-ng, weplab,
WEPCrack, or airsnort that can be used by crackers to break in by examining packets and
looking for patterns in the encryption.WEP comes in different key sizes. The common key
lengths are currently 128- and 256-bit. The longer the better as it will increase the difficulty
for crackers.
However, this type of encryption is now being considered outdated and seriously flawed
8/9/2019 Group E Network Security
27/34
Wireless Network Security
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a software/firmware improvement overWEP. All regular
WLAN-equipment that worked withWEP are able to be simply upgraded and no new
equipment needs to be bought.WPA is a trimmed-down version of the 802.11i security
standard that was developed by theWi-Fi Alliance to replaceWEP.
WPA Enterprise provides RADIUS based authentication using 802.1x.
Static IP addressing
Disabling IP Address assignment function of the network's DHCP server, with the IP
addresses of the various network devices then set by hand, will also make it more difficult
for a casual or unsophisticated intruder to log onto the network.
Smart cards, USB tokens, and software tokensThis is a very strong form of security.When combined with some server software, the
hardware or software card or token will use its internal identity code combined with a user
entered PIN to create a powerful algorithm that will very frequently generate a new
encryption code. This is a very secure way to conduct wireless transmissions.
8/9/2019 Group E Network Security
28/34
Vulnerability Assessment
Port Scanning
Scanner analyzes the ports on a network and determines if they are:
Open: actively listening and accepting connections
Closed: port is not accepting connections
Filtered : no response from the scanned system.
Tool: nMap(Windows/Linux)
Protocol analyzer
Also known as Packet Sniffer
Logs network traffic
Analyzes packets
Attempts to decrypt packets
Tool:WireShark(Windows/Linux)
8/9/2019 Group E Network Security
29/34
Vulnerability Assessment
Vulnerability Scanner
Software designed to:
Map all network devices
Scan network/system
Find Vulnerabilities
Give suggestions on how to make secureDoubled Edge Sword
Tool:Nessus
Password Cracking
Software that employs various algorithms in an attempt to discover passwords.
Keyloggers, Cross-Scripting, Dictionary Tables, Rainbow tables.
Tool:Hydra (Online), Rainbow Crack (Offline)
8/9/2019 Group E Network Security
30/34
Vulnerability Assessment
Penetration Testing
Method of evaluating the security of a computer system or network by simulating an
attack from a malicious source.
Ethical Hacker is hired to perform
Security AuditExploit vulnerabilities
Help secure the week points.
Tool: Back Track 4
8/9/2019 Group E Network Security
31/34
ISO/IEC 27033
ISO/IEC 27033 - Network security StandardGoal : To provide an overview of network security and related definitions. It defines and
describes the concepts associated with, and provides management guidance on, network
security.
provides guidance on how to identify and analyse network security risks and the definitionof network security requirements based on that analysis,
provides an overview of the controls that support network technical security
architectures and related technical controls, as well as those non-technical controls and
technical controls that are applicable not just to networks,
introduces how to achieve good quality network technical security architectures, and the
risk, design and control aspects associated with typical network scenarios and networktechnology areas (which are dealt with in detail in subsequent parts of ISO/IEC 27033),
briefly addresses the issues associated with implementing and operating network security
controls, and the on-going monitoring and reviewing of their implementation.
8/9/2019 Group E Network Security
32/34
Avoid Threats
Ensure your company has a strong information security policy.Conduct in-depth information security training.
Be suspicious of unsolicited email messages phone calls, or visits from individuals askingabout employees or other internal information. If dealing with an unknown person claimingto be from a legitimate organization verify their identity directly with the company.
Install and maintain firewalls, anti-virus software, anti-spyware software, and email filters.
Pay attention to the URL of a web site. Malicious web sites generally look identical to alegitimate site, but the URL may use a variation in spelling or a different domain.
Have strong firewall and proxy to keep unwanted people out.
Antivirus software package and Internet Security Software package.
Strong passwords authentication
Exercise physical security precautions to employees.
Network analyzer or network monitor
Implement physical security managementRestricted zones.
Security fencing at company's perimeter.
The key is to prevent re-occurrence
8/9/2019 Group E Network Security
33/34
Conclusion
The only truly secure computer, is a dead
computer. Ransel Yoho III, Network Security
Architect
Education of users & administrators first line of defense
Use software to test network vulnerability regularly
Although new security methods will be developed, remember that nonetwork will ever be completely un-hackable.
8/9/2019 Group E Network Security
34/34
Thank You !