Data Communication Chapter # 5: By: Networking Threats William Stalling
Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals and organizations alike depend on their computers and networks for functions such as email, accounting, organization and file management. Intrusion by an unauthorized person can result in costly network outages and loss of work. Attacks to a network can be devastating and can result in a loss of time and money due to damage or theft of important information or assets.
Networking Threats Information Theft Obtain confidential information Gather valuable research data Data Loss/Manipulation Destroying or altering data records
Networking Threats Identity Theft Personal information stolen Disruption of Service prevents legitimate users from accessing services
Networking Threats External Threats done by individuals outside of the organization do no have authorized access External attackers work their way into a network mainly from the Internet, wireless links or dialup access servers.
Networking Threats Internal Threats hacker may have access to equipment knows what information is valuable or vulnerable 70% of security breaches are internal Internal threats occur when someone has authorized access to the network through a user account or have physical access to the network equipment
Social Engineering The ability of someone or something to influence behavior of a group of people Used to deceive internal users to get confidential information Hacker takes advantage of legitimate users Social engineering attacks exploit the fact that users are generally considered one of the weakest links in security. Social engineers can be internal or external to the organization, but most often do not come face-to-face with their victims.
Forms of Social Engineering Pretexting typically accomplished over the phone scenario used on the victim to get them to release confidential information gaining access to your social security number Phishing typically contacted via email attacker pretends to represent legitimate organization Vishing/Phone Phising user sends a voice mail instructing them to call a number which appears to be legitimate call intercepted by thief
Methods of Attack Virus runs or spreads by modifying other programs or files needs to be activated cannot start by itself A more serious virus may be programmed to delete or corrupt specific files before spreading. Viruses can be transmitted via email attachments, downloaded files, instant messages or via diskette, CD or USB devices.
Methods of Attack Worms similar to virus does not attach itself to an existing program no human activation needed A worm uses the network to send copies of itself to any connected hosts. Worms can run independently and spread quickly. Trojan Horse appears harmless deceives the victim into initiating the program A Trojan horse relies upon its legitimate appearance to deceive the victim into initiating the program. It may be relatively harmless or can contain code that can damage the contents of the computer's hard drive.
DoS (Denial of Service) Attacks DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended users. DoS attacks can target end user systems, servers, routers, and network links. Intended to deny services to users Flood a system or network with traffic to prevent legitimate network traffic from flowing Disrupt connections between a client and server to prevent access to a service
DoS (Denial of Service) Attacks Types of DoS Attacks SYN (synchronous) Flooding: a flood of packets are sent to a server requesting a client connection. The packets contain invalid source IP addresses. The server becomes occupied trying to respond to these fake requests and therefore cannot respond to legitimate ones. Ping of death: a packet that is greater in size than the maximum allowed by IP (65,535 bytes) is sent to a device. This can cause the receiving system to crash.
More Attacks DDoS (Distributed Denial of Service) Attack DDoS is a more sophisticated and potentially damaging form of the DoS attack. It is designed to saturate and overwhelm network links with useless data. DDoS operates on a much larger scale than DoS attacks. Typically hundreds or thousands of attack points attempt to overwhelm a target simultaneously Brute Force With brute force attacks, a fast computer is used to try to guess passwords or to decipher an encryption code. The attacker tries a large number of possibilities in rapid succession to gain access or crack the code.
Spyware Program that gathers personal information from your PC without permission Information sent to advertisers Usually installed unknowingly when downloading a file Can slow down performance of the PC
Cookies, Etc. Not always bad.. Used to record information about the user when visiting web sites. Adware collects information based on sites visited useful for target advertising Pop- Ups additional ads displayed when visiting a site pop-ups open in front of browser pop-under open behind browser
Spam Unwanted bulk e-mail Information sent to as many end users as possible Can overload servers, ISPs, etc. Estimated every Internet user receives over 3000 email per year
Security Policy Statement of rules users must follow when using technology Identification and Authentication Policies only authorized persons should have access to network and its resources (including access to physical devices) Password Policies must meet minimum requirements change passwords regularly Acceptable Use Policies determine which applications are acceptable
Security Policy Remote Access Policies explanation of how remote users can access the network Network Maintenance Procedures explanation of update procedures Incident Handling Procedures how incidents involving security will be handled
Updates & Patches Use of updates and patches makes it harder for the hacker to gain access. Updates includes additional functionality Patches small piece of code used to fix the problem
Anti-Virus Software Any device connected to a network is susceptible to viruses Warning signs of a virus: computer acts abnormal sends out large quantities of email high CPU usage Some Anti-virus programs Email checking Dynamic scanning checks files when accessed Scheduled scans Automatic updates
SPAM Prevention Spam is an annoying problem, can... overload servers carry potential viruses Anti-spam software identifies the spam and performs an action deletes the file places it into the junk mail folder Common spam occurrence warning of virus from another user not always true
Firewall Used to control traffic between networks Methods of a Firewall Packet filtering based on IP or MAC address Application/Web site filtering based on the application or website being used SPIC (Stateful Packet Inspection) incoming packets must be legitimate responses to requests from hosts
Firewall Types Appliance-based firewall built into the hardware no peripherals needed Server-based firewall firewall run on a NOS (Network Operating System) Integrated firewall adds firewall functionality to an existing device Personal firewall resides on a host PC
Firewall Features and How to Use them to Protect Against an Attack Use of a DMZ (Demilitarized Zone) Area of the network which is accessible to both internal and external users Web servers for public access typically located here
Single or Dual Firewalls?? Single Firewall appropriate for smaller networks all external traffic sent to firewall Dual Firewall appropriate for larger businesses internal and external firewall
Firewall Features and How to Use them to Protect Against an Attack Vulnerability Analysis determine what part(s) of your network may be vulnerable to attacks Security Scanners helps identify where attack can occur may help identify missing updates