Network Security Risk

Network Risks and VulnerabilitiesNetwork Security Workshop

Dedi Dwianto, C|EH, OSCPDaftar ISI

Network Risks and Vulnerabilities

2

Contents

Network Vulnerabilities

Network Risk Assesment

Network Risk Mitigation


3

Vulnerabilities

Vulnerabilities are software flaws or misconfigurations that cause a weakness in the security of a system.

Vulnerabilities can be exploited by a malicious entity to violate policies—for example, to gain greater access or permission than is authorized on a computer.


4

Security Vulnerability Problem

Design Flaws

poor security management,

incorrect implementation,

Internet technology vulnerability,

the nature of intruder activity,

the difficulty of fixing vulnerable systems,

the limits of effectiveness of reactive solutions,

social engineering


5

Design Flaws

The two major components of a computer system, hardware and software, quite often have design flaws

Hardware systems are less susceptible to design flaws than their software counterparts owing to less complexity and the long history of hardware engineering.

But even with all these factors backing up hardware engineering, design flaws are still common.

But the biggest problems in system security vulnerability are due to software design flaws


6

Design Flaws

three major factors contribute a great deal to software design flaws: human factors, software complexity, trustworthy software sources


7

Classification by Software Development LifeCycle (SDLC) Phase

Taxonomies of this kind attempt to categorize vulnerabilities according to when they were introduced in the software lifecycle.

Classically, 6 phases are recognized: feasibility study, requirements definition, design, implementation, integration and testing, and operations and maintenance.


8

Classification by Location in Object Models

These classifications attempt to categorize vulnerabilities according to which model object or “entity” they belong to. Examples are classifying vulnerabilities using the ISO Open Systems Interconnect (OSI) reference model for networking


9

Classification by Location in Object Models

These classifications attempt to categorize vulnerabilities according to which model object or “entity” they belong to. Examples are classifying vulnerabilities using the ISO Open Systems Interconnect (OSI) reference model for networking


10

Viruses

A virus, a parasitic program that cannot function independently, is a program or code fragment that is self-propagating. It is called a virus, because like its biological counterpart, it requires a "host" to function. In the case of a computer virus the host is some other program to which the virus attaches itself.

A virus is usually spread by executing an infected program or by sending an infected file to someone else, usually in the form of an e-mail attachment.


11

Impersonation/Masquerading

Impersonation or masquerading is the act of pretending to be someone or something you are not gain unauthhorized access to a system.

This usually implies that authentication credentials have been stolen.

Impersonation is often possible through the capture of usernames and passwords or of session setip procedures for network services.

Prevent using one-time pads, token and Kerberos


12

Worm

A worm is a self-contained and independent program that is usually designed to propagate or spawn itself on infected systems and to seek other systems via available networks.


13

Port Scanning

Like a burglar casing a target to plan a break-in, a hacker will often case a system to gather information that can later be used to attack the system. One of the tools that hackers often use for this type of reconnaissance is a port scanner.

A port scanner is a program that listens to well-known port numbers to detect services running on a system that can be exploited to break into the system.


14

Man in the Middle Attack (MITM)

In a MIM attack, a hacker inserts himself or herself between a client program and a server on a network. By doing so the hacker can intercept information entered by the client, such as credit card numbers, passwords, and account information.

Under one execution of this scheme, a hacker would place himself or herself between a browser and a Web server. The MIM attack, which is also sometimes called Web spoofing, is usually achieved by DNS or hyperlink spoofing.


15

Denial of Service

DoS is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary,

it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.


16

Network Risk Assesment

Risk assessment is the first process in the risk management methodology.

To determine the likelihood of a future adverse event, threats to an network system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the network system.


17

Network Risk Assesment Methodology

The risk assessment methodology encompasses nine primary steps : System Characterization Threat Identification Vulnerability Identification Control Analysis Likelihood Determination Impact Analysis Risk Determination Control Recommendations Results Documentation


18

Network Risk Assesment Methodology


19

Impact Analysis

The next major step in measuring level of risk is to determine the adverse impact resulting from a successful threat exercise of a vulnerability.

Common impact : Loss of Integrity Loss of Availability Loss of Confidentiality


20


Risk mitigation is a systematic methodology used by senior management to reduce mission risk.


21


Network Security Risk

Documents

networkingnetwork risks

kerberosnetwork risks

software flaws

network resourceunavailable

design flaws hardware

computer system

software complexity

software counterparts