Network security

Network Security

2

Table of Content

Page no

1. Introduction 1.1 What is Network Security?---------------------------------------------- 3

1.2 How does it protect you?------------------------------------------------ 3

2. Types of Network Threats

2.1 Denial of services---------------------------------------------------------- 4

2.2 Data Interception and theft--------------------------------------------- 5

2.3 Identity Theft--------------------------------------------------------------- 7

2.4 VIRUSES, WORMS, AND TROJAN HORSES--------------------------- 8

2.5 Spyware and Adware----------------------------------------------------- 9

2.6 Zero day Attacks----------------------------------------------------------- 10

2.7 Hacker Attacks------------------------------------------------------------- 10

3. How to avoid Network Threats--------------------------------------------- 12

4. References----------------------------------------------------------------------- 14

3

Introduction

What is Network Security?

Network Security is specialized field in computer networking that involves securing a computer network infrastructure. Network security is typically handled by a network administrator or system administrator who implements the security policy, network software and hardware needed to protect a network and the resources accessed through the network from unauthorized access and also ensure that employees have adequate access to the network and resources to work.

A network security system typically relies on layers of protection and consists of multiple components including networking monitoring and security software in addition to hardware and appliances. All components work together to increase the overall security of the computer network.

Security is a fundamental component of every network design. When planning, building, and operating a network, you should understand the importance of a strong security policy.

How Does It Protect You? Network Security System should be able protect our network from many security threats today are spread over the Internet. The most common include:

Viruses, worms, and Trojan horses Spyware and adware Zero-day attacks, also called zero-hour attacks Hacker attacks Denial of service attacks Data interception and theft Identity theft

How Does Network Security Work?

Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.

A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components often include:

Anti-virus and anti-spyware Firewall, to block unauthorized access to your network Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day

or zero-hour attacks Virtual Private Networks (VPNs), to provide secure remote access

4

Types Of Network Security Threats

DENIAL-OF-SERVICE (DOS)

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.

A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, distributed denial-of-service attacks are sent by two or more people, or bots, and denial-of-service attacks are sent by one person or system.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. Denial-of-service threats are also common in business, and are sometimes responsible for website attacks.

This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games, such as popular Minecraft multiplayer worlds, known as servers. Increasingly, DoS attacks have also been used as a form of resistance.

One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Symptoms of denial-of-service attacks to include:

Unusually slow network performance (opening files or accessing web sites)

Unavailability of a particular web site

Inability to access any web site

Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)

Disconnection of a wireless or wired internet connection

Long term denial of access to the web or any internet services

5

DATA INTERCEPTION AND THEFT

When packets travel across a network, they are susceptible to being read, altered, or “hijacked.” Hijacking occurs when a hostile party intercepts a network traffic session and poses as one of the session endpoints.

An attacker monitors data streams to or from a target, in order to gather sensitive information. This attack usually involves sniffing network traffic, but may include observing other types of data streams. Sniffing or eavesdropping is the act of monitoring traffic on the network for data such as plaintext passwords or configuration information. With a simple packet sniffer, an attacker can easily read all plaintext traffic.

The tool that is used for data interception is called packet analyzer or packet sniffer. This is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.

This is the way how data packets flow in a network.

After data packets are leaving your PC they are passed to the ISP gateway. ISP gateway, which has multiple connections to the bigger ISP networks, will examine destination IP address, choose proper “next hop” gateway and then forward packet to this gateway. New gateway will perform the same procedure, and so on.

So where is a weak point in this chain? There is a single point where all your data is passed: your ISP gateway. After the packet leaves your ISP network it is almost impossible to predict its route, since it will depend on the destination. Even if the destination is same, the routes change, today it is one route, and tomorrow it will be some other. To monitor somebody’s Internet activities the interested party should monitor the ISP traffic, the single point where all this traffic is passed through. Some smaller countries and Arabic countries have a few or even one external Internet connection, which makes it technically possible to block sites or perform monitoring on nationwide ISP level.

6

To protect your data from the interception you should use traffic encryption. The main idea is that the data should be passed through the ISP network and further - outside of your home country, encrypted. This will guarantee that neither ISP staff nor government authorities can intercept your data.

Here is the simplified picture of how such services works.

All the traffic will be encrypted on the way from your computer to the special tunneling server, then - unencrypted, and passed to the destination server (mail server, web server, IRC) in unencrypted form. Please note, if the destination server supports encryption itself, https secure web sites for example, traffic will be encrypted twice, e.g. passed through the tunneling server in encrypted form and unencrypted only by destination server. In other words, you may safely send PGP encrypted emails or visit secure sites through such tunneling servers. Main advantage of these kinds of services is that they provide not only data protection, but IP address anonymity as well. All the remote servers you are communicating through the encrypted tunnel, will see only tunneling server IP address, not yours.

7

IDENTITY THEFT

Identity theft is any kind of fraud that results in the loss of personal data, such as passwords, user names, banking information, or credit card numbers.

Online identity theft is sometimes also known as phishing. Identity theft isn't new. Thieves have always found ways to illegally acquire people's personal information through confidence scams (also known as social engineering), stealing mail from mailboxes, or even looking through trash cans or dumpsters. Now that identity theft has moved online criminals can scam greater numbers of people, which makes it much more profitable.

When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as "phishing scams" because they "fish" for your information

How to recognize scams

Scams can contain the following:

Alarmist messages and threats of account closures. Promises of money for little or no effort. Deals that sound too good to be true. Requests to donate to a charitable organization after a disaster that has been in the

news. Bad grammar and misspellings.

How to Protect Yourself from Online Fraud and Identity Theft

1. Beware Suspicious Emails and Attachments

2. Keep Your Anti-Malware Software Up-To-Date

3. Use HTTPS Everywhere (Or At Least Everywhere You Can)

4. Use Strong, Secure Passwords, and Different Ones On Different Sites

8

VIRUSES, WORMS, AND TROJAN HORSES

COMPUTER VIRUS

Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A computer virus is a

malicious software program that can self-replicate on computers or via computer networks –

without you being aware that your machine has become infected. Because each subsequent

copy of the virus can self-replicate, infections can spread very rapidly. There are very many

different types of computer viruses and computer worms – and many can cause high levels of

destruction.

Viruses can be divided according to the method that they use to infect a computer:

File viruses

Boot sector viruses

Macro viruses

Script viruses

Through the course of using the Internet and our computer, you may have come in to contact with computer viruses. Many computer viruses are stopped before they can start, but there is still an ever growing concern as to what do computer viruses do and the list of common computer virus symptoms. A computer virus might corrupt or delete data on our computer, use email program to spread itself to other computers, or even erase everything on hard disk.

Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that never open email attachments unless know who it's from .Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs we might download.

WORMS

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Many worms that have been created are designed only to spread, and do not attempt to change the systems they pass through

The Viruses and Worms subclass of malicious software programs includes the following:

Email-Worm

IM-Worm

IRC-Worm

Net-Worm

P2P-Worm

Virus

9

TROJANS

A Trojan horse, or Trojan, in computing is a generally a non-self-replicating type of malware

program containing malicious code that, when executed, carries out actions determined by the

nature of the Trojan, typically causing loss or theft of data, and possible system harm. computer

Trojans often employ a form of social engineering, presenting themselves as routine, useful, or

interesting in order to persuade victims to install them on their computers.

Trojans are malicious programs that perform actions that have not been authorized by the user.

These actions can include:

Deleting data Blocking data Modifying data Copying data Disrupting the performance of computers or computer networks

Unlike computer viruses and worms, Trojans are not able to self-replicate. A Trojan often acts

as a backdoor, contacting a controller which can then have unauthorized access to the affected

computer. While Trojans and backdoors are not easily detectable by themselves, computers

may appear to run slower due to heavy processor or network usage. Malicious programs are

classified as Trojans if they do not attempt to inject themselves into other files (computer virus)

or otherwise propagate themselves (worm).A computer may host a Trojan via a malicious

program that a user is duped into executing (often an e-mail attachment disguised to be

unsuspicious, e.g., a routine form to be filled in), or by drive-by download.

SPYWARE

Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge

In general term used to performs certain behaviors, generally without appropriately obtaining

consent first, such as:

Advertising

Collecting personal information

Changing the configuration of your computer

Spyware is often associated with software that displays advertisements (called adware) or

software that tracks personal or sensitive information.

Knowing what spyware does can be a very difficult process because most spyware is designed

to be difficult to remove. Other kinds of spyware make changes to your computer that can be

annoying and can cause your computer slow down or crash.

These programs can change your web browser's home page or search page, or add additional

components to your browser you don't need or want. They also make it very difficult for you

to change your settings back to the way you had them.

10

ADWARE

Adware is the name given to programs that are designed to display advertisements on your

computer, redirect your search requests to advertising websites, and collect marketing-type data

about you – for example, the types of websites that you visit. So that customized adverts can

be displayed.

Adware that collects data with your consent should not be confused with Trojan spyware

programs that collect information, without your permission. If Adware does not notify you that

it is gathering information, it is regarded as malicious for example, malware that uses Trojan-

Spy behavior.

Other than displaying advertisements and collecting data, Adware doesn’t generally make its

presence known. Usually, there will be no signs of the program in your computer’s system tray

– and no indication in your program menu that files have been installed on your machine.

ZERO-DAY ATTACKS

A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch.it is called a "zero-day" because the programmer has had zero days to fix the flaw (in other words, a patch is not available). Once a patch is available, it is no longer a "zero-day exploit”. It is common for individuals or companies who discover zero-day attacks to sell them to government agencies for use in cyber warfare.

Zero-day exploits are usually posted by well-known hacker groups. Software companies may issue a security bulletin or advisory when the exploit becomes known, but companies may not be able to offer a patch to fix the vulnerability for some time after.

HACKER ATTACKS

Hacker attacks are not automated by programs such as viruses, worms, or Trojan horse programs. Hacker attacks are done by well expertise computer professionals also known as hackers.

A hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge or enjoyment. Hacker attacks can be as simple as figuring out somebody else's password or as complex as writing a custom program to break another computer's security software.

Hacking attacks can have detrimental effects on the victim. These effects vary according to the type of attack the hacker launched and what the target of their attack is.

11

Types of hacking attacks

1. Phishing Attack

In phishing attack the hacker creates a fake web site that looks exactly like a popular site such

as the SBI bank or PayPal. The phishing part of the attack is that the hacker then sends an e-

mail message trying to trick the user into clicking a link that leads to the fake site. When the

user attempts to log on with their account information, the hacker records the username and

password and then tries that information on the real site.

2. Hijack attack

Hijack attack in a hijack attack, a hacker takes over a session between you and another

individual and disconnects the other individual from the communication. You still believe that

you are talking to the original party and may send private information to the hacker by accident.

3. Spoof attack

Spoof attack In a spoof attack, the hacker modifies the source address of the packets he or she

is sending so that they appear to be coming from someone else. This may be an attempt to

bypass your firewall rules.

4. Buffer overflow

Buffer overflow a buffer overflow attack is when the attacker sends more data to an application

than is expected. A buffer overflow attack usually results in the attacker gaining administrative

access to the system in a command prompt or shell.

5. Exploit attack

Exploit attack in this type of attack, the attacker knows of a security problem within an

operating system or a piece of software and leverages that knowledge by exploiting the

vulnerability.

6. Password attack

Password attack an attacker tries to crack the passwords stored in a network account database

or a password-protected file. There are three major types of password attacks: a dictionary

attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which

is a list of potential passwords. A brute-force attack is when the attacker tries every possible

combination of characters.

12

LEARN HOW TO AVOID NETWORK THREATS

Nothing can guarantee the security of a computer, but there's a lot we can do to help lower the chances that computer will become infected.

1. Use a firewall

Using a firewall is like locking the front door to your house—it helps keep intruders (in this case, hackers and malicious software) from getting in. Windows Firewall is included in Windows and is turned on by default.

2. Download and install antivirus software

Anti-Virus Software’s helps protects our computer from viruses, spyware, and other unwanted software.

Anti-Virus Software’s runs in the background and notifies you when you need to take specific action. You can use it anytime to scan for malware if your computer isn’t working properly or if you clicked a suspicious link online or in an email message.

Reliable antivirus protection is a must-have for every PC

2. Update your software

Microsoft releases security updates on the second Tuesday of every month. Open Windows Update to confirm that we have automatic updating turned on and that you've downloaded and installed all the latest critical and security updates.

3. Backup your important data.

Identify the vital data you need to protect - accounting information, business plans, customer

databases, vendor information, marketing documents, etc. Then, choose from offline and online

data backup solutions to ensure the security and availability of your critical business

information. Set a backup schedule and test your solutions regularly.

4. Encrypt your files, hard drives and backup disks. By encrypting your hardware and data,

only people with a valid password will have access. It’s a necessary step.

5. Set up a virtual private network (VPN). By creating a VPN, team members working from

home or on the road using Wi-Fi in public won’t be exposing your business to security threats.

6. Restrict total access. Don’t give all team members universal access to every part of your

network. Protect sensitive files and databases with passwords that only your key people know.

7. Monitor network traffic. Install software or hardware that keeps an eye on whose visiting

which sites and which of your computers they’re using.

13

8. Review your security periodically. Stay aware of new security threats and improved

solutions by visiting your security software/service vendor websites. As your business grows,

you may need to take new security measures.

9. Adjust Internet Explorer security settings

You can adjust the security settings in your Internet Explorer web browser to specify how much—or how little—information you want to accept from a website. Internet Explorer also includes a number of features, such as Smart Screen Filter, to help protect against viruses, spyware, and many other kinds of malicious, deceptive, or unwanted software.

10. Surf and download more safely

The best defense against unwanted software is not to download it in the first place. Here are a few tips that can help you avoid downloading software that you don't want:

Download programs only from websites you trust. If you're not sure whether to trust a program you are considering downloading, enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware. Files that end in the extensions .exe or .scr commonly hide malware. However, even files with familiar extensions such as .docx, .xlsx, and .pdf can be dangerous.

Read all security warnings, license agreements, and privacy statements associated with any software you download. Before you install something, consider the risks and benefits of installing it, and be aware of the fine print. For example, make sure that the license agreement does not conceal a warning that you are about to install software with unwanted behavior.

Be wary of popular "free" music and movie file-sharing programs, and be sure you understand all of the software that is packaged with those programs.

Use a standard user account instead of an administrator account. Don't click links on suspicious websites or in email messages. Instead, type the website

address directly into your browser, or use bookmarks. Don't automatically trust that instant messages, email messages, or messages on

social networking websites are from the person they appear to be from. Even if they are from someone you know, contact the person before you click the link to ensure that they intended to send it.

14

1.7 References

usa.kaspersky.com › ... › Internet Security Threatshttp://www.avira.com

http://www.microsoft.com

www.dell.com/learn/us/en/555/security

www.cisco.com/.../secure...network_security/www.cisco.com/.../secure...network_security/

www.comptechdoc.org/independent/security/

https://cyber-defense.sans.org/

computernetworkingnotes.com/network-security.../

antivirus.about.com ›

2014 CYBERTHREAT DEFENSE REPORT

Network security ISOC NTW 2000