Network Security Zones

Security zone is a portion of a network that has specific security requirements set. Security
zones are often separated by traffic control devices such as a firewall or a router. Examples of
security zones are intranets, extranets, demilitarized zones (DMZ), and virtual local area
networks (VLANs).

Intranet - is a private network that has implemented services for internal use only.

Extranet - is a privately controlled network located between the Internet and a private network. It is
often used to grant resource access to business partners, customers or similar users outside of our
organization.

DMZ - DMZ is a border network which is partially protected and accessible from the Internet as well as
from the private LAN. Access from the DMZ to the private network is prevented. DMZ provides
additional layer of protection between the Internet and the LAN. DMZ usually hosts resources such as
web, FTP or e-mail servers. DMZ is often bordered on both sides by a firewall. Access from the Internet
to the DMZ is protected by only some restrictions on the firewall, but access into the LAN is highly
restricted by the second firewall. Another way to deploy a DMZ is to have a firewall with a third
interface on it. The third interface serves the DMZ.

VLAN - Virtual LANs are created using switches. VLANs are used to split broadcast domains into multiple
sub-domains which decreases the broadcast traffic between network segments. Access between VLANs
is restricted using routers in the same way as between subnets or distinct networks. VLANs can be used
to create logical LANs regardless of the physical location of our computers. VLANs also reduces attack
surface for network sniffers inside the network.

NAT - NAT allows the design of the network in which we hide the internal network configuration from
the public. This allows large organizations and large networks to enable Internet access without using
large number of public IP addresses (public IP addresses have to be leased from Internet Service
Provider). NAT allows us to use private IP addresses on our private network and still grant that private
network access to the Internet by converting those addresses to public addresses when the
communication to the Internet is requested. A NAT router translates a public address into a private
address and port number and in that way allows private networks to share a single public IP address.

Proxy Server - Proxy server is a border device that serves several functions. It improves performance by
utilizing caching of content. It can also perform a level of access control for Internet services and
applications. It can also perform filtering of content based on access rules, keywords, protocols and even
domain names. In many cases, proxy server will also use NAT.

The most common network security threats

1. Computer virus

We’ve all heard about them, and we all have our fears. For everyday Internet users, computer
viruses are one of the most common threats to cybersecurity. Statistics show that approximately
33% of household computers are affected with some type of malware, more than half of which
are viruses.

Computer viruses are pieces of software that are designed to be spread from one computer to
another. They’re often sent as email attachments or downloaded from specific websites with the
intent to infect your computer — and other computers on your contact list — by using systems
on your network. Viruses are known to send spam, disable your security settings, corrupt and
steal data from your computer including personal information such as passwords, even going as
far as to delete everything on your hard drive.

2. Rogue security software

Leveraging the fear of computer viruses, scammers have a found a new way to commit Internet
fraud.

Rogue security software is malicious software that mislead users to believe there is a computer
virus installed on their computer or that their security measures are not up to date. Then they
offer to install or update users’ security settings. They’ll either ask you to download their
program to remove the alleged viruses, or to pay for a tool. Both cases lead to actual malware
being installed on your computer.

3. Trojan horse

Metaphorically, a “Trojan horse” refers to tricking someone into inviting an attacker into a
securely protected area. In computing, it holds a very similar meaning — a Trojan horse, or
“Trojan,” is a malicious bit of attacking code or software that tricks users into running it
willingly, by hiding behind a legitimate program.

They spread often by email; it may appear as an email from someone you know, and when you
click on the email and its included attachment, you’ve immediately downloaded malware to your
computer. Trojans also spread when you click on a false advertisement.

Once inside your computer, a Trojan horse can record your passwords by logging keystrokes,
hijacking your webcam, and stealing any sensitive data you may have on your computer.

4. Adware and spyware

By “adware” we consider any software that is designed to track data of your browsing habits
and, based on that, show you advertisements and pop-ups. Adware collects data with your
consent — and is even a legitimate source of income for companies that allow users to try their
software for free, but with advertisements showing while using the software. The adware clause
is often hidden in related User Agreement docs, but it can be checked by carefully reading
anything you accept while installing software. The presence of adware on your computer is
noticeable only in those pop-ups, and sometimes it can slow down your computer’s processor
and internet connection speed.

When adware is downloaded without consent, it is considered malicious.

Spyware works similarly to adware, but is installed on your computer without your knowledge. It
can contain keyloggers that record personal information including email addresses, passwords,
even credit card numbers, making it dangerous because of the high risk of identity theft.

5. Computer worm

Computer worms are pieces of malware programs that replicate quickly and spread from one
computer to another. A worm spreads from an infected computer by sending itself to all of the
computer’s contacts, then immediately to the contacts of the other computers.

A worm spreads from an infected computer by sending itself to all of the computer’s contacts,,
then immediately to the contacts of the other computers

Interestingly, they are not always designed to cause harm; there are worms that are made just to
spread. Transmission of worms is also often done by exploiting software vulnerabilities.

Follow us on Twitter to receive updates!

6. DOS and DDOS attack

Have you ever found yourself waiting impatiently for the online release of a product, one that
you’re eagerly waiting to purchase? You keep refreshing the page, waiting for that moment when
the product will go live. Then, as you press F5 for the last time, the page shows an error:
“Service Unavailable.” The server must be overloaded!

There are indeed cases like these where a website’s server gets overloaded with traffic and
simply crashes, sometimes when a news story breaks. But more commonly, this is what happens
to a website during a DoS attack, or denial-of-service, a malicious traffic overload that occurs
when attackers overflood a website with traffic. When a website has too much traffic, it’s unable
to serve its content to visitors.

A DoS attack is performed by one machine and its internet connection, by flooding a website
with packets and making it impossible for legitimate users to access the content of flooded
website. Fortunately, you can’t really overload a server with a single other server or a PC
anymore. In the past years it hasn’t been that common if anything, then by flaws in the protocol.

A DDoS attack, or distributed denial-of-service attack, is similar to DoS, but is more forceful.
It’s harder to overcome a DDoS attack. It’s launched from several computers, and the number of
computers involved can range from just a couple of them to thousands or even more.

Since it’s likely that not all of those machines belong to the attacker, they are compromised and
added to the attacker’s network by malware. These computers can be distributed around the
entire globe, and that network of compromised computers is called botnet.

Since the attack comes from so many different IP addresses simultaneously, a DDoS attack is
much more difficult for the victim to locate and defend against.

7. Phishing

Phishing is a method of a social engineering with the goal of obtaining sensitive data such as
passwords, usernames, credit card numbers.

The attacks often come in the form of instant messages or phishing emails designed to appear
legitimate. The recipient of the email is then tricked into opening a malicious link, which leads to
the installation of malware on the recipient’s computer. It can also obtain personal information
by sending an email that appears to be sent from a bank, asking to verify your identity by giving
away your private information.

Uncovering phishing domains can be done easily with SecurityTrails.

8. Rootkit

Rootkit is a collection of software tools that enables remote control and administration-level
access over a computer or computer networks. Once remote access is obtained, the rootkit can
perform a number of malicious actions; they come equipped with keyloggers, password stealers
and antivirus disablers.

Rootkits are installed by hiding in legitimate software: when you give permission to that
software to make changes to your OS, the rootkit installs itself in your computer and waits for
the hacker to activate it. Other ways of rootkit distribution include phishing emails, malicious
links, files, and downloading software from suspicious websites.

9. SQL Injection attack

We know today that many servers storing data for websites use SQL. As technology has
progressed, network security threats have advanced, leading us to the threat of SQL injection
attacks.

SQL injection attacks are designed to target data-driven applications by exploiting security
vulnerabilities in the application’s software. They use malicious code to obtain private data,
change and even destroy that data, and can go as far as to void transactions on websites. It has
quickly become one of the most dangerous privacy issues for data confidentiality. You can read
more on the history of SQL injection attacks to better understand the threat it poses to
cybersecurity.

10. Man-in-the-middle attacks

Man-in-the-middle attacks are cybersecurity attacks that allow the attacker to eavesdrop on
communication between two targets. It can listen to a communication which should, in normal
settings, be private.

As an example, a man-in-the-middle attack happens when the attacker wants to intercept a

communication between person A and person B. Person A sends their public key to person B,
but the attacker intercepts it and sends a forged message to person B, representing themselves as
A, but instead it has the attackers public key. B believes that the message comes from person A
and encrypts the message with the attackers public key, sends it back to A, but attacker again
intercepts this message, opens the message with private key, possibly alters it, and re-encrypts it
using the public key that was firstly provided by person A. Again, when the message is
transferred back to person A, they believe it comes from person B, and this way, we have an
attacker in the middle that eavesdrops the communication between two targets.

Here are just some of the types of MITM attacks:

 DNS spoofing
 HTTPS spoofing
 IP spoofing
 ARP spoofing
 SSL hijacking
  Wi-Fi hacking

Summary

It can seem a difficult task to keep track of all the network security threats that are out there, and
the new ones that just keep emerging. Whether the media is creating a culture of fear out of
being online and placing trust in leaving our information out for all to see, or whether the threats
that wait in the dark corners of the Internet are truly serious and can happen to anyone, the best
thing we can all do is to be prepared. There is no way to be completely sure that a system is
impenetrable by cybersecurity threat. We need to ensure that our systems are as secure as
possible.

Social engineering ??

Social engineering is the art of manipulating people so they give up confidential information.
The types of information these criminals are seeking can vary, but when individuals are targeted
the criminals are usually trying to trick you into giving them your passwords or bank
information, or access your computer to secretly install malicious software–that will give them
access to your passwords and bank information as well as giving them control over your
computer.

Criminals use social engineering tactics because it is usually easier to exploit your natural
inclination to trust than it is to discover ways to hack your software. For example, it is much
easier to fool someone into giving you their password than it is for you to try hacking their
password (unless the password is really weak).

Vectors of Data Loss and Exfiltration

The expression "vector of data loss and exfiltration" refers to the means by which data leaves the
organization without authorization. Common vectors of data loss and exfiltration include the following:

Email attachments: Email attachments often contain sensitive information like confidential corporate,
customer, and personal data. The attachments can leave the organization in various ways. For example,
the email with the attachment might be intercepted or a user might accidentally send the email to the
wrong person.
Unencrypted devices: Smartphones and other personal devices are often protected only with a
password. Employees sometimes send sensitive company information to these devices. While the data
may be encrypted while traversing the Internet to the device, it can be unencrypted when it lands on
the personal device. If the device password is compromised, an attacker can steal corporate data and
perhaps even gain unauthorized access to the company network.

Cloud storage services: Company employees are often tempted to transfer large files by using cloud
storage services of their own choosing without the approval of the company IT department. This can
result in theft of sensitive documents by someone like a social network “friend” with whom the
employee shares a directory on the cloud storage server.

Removable storage devices: Putting sensitive data on a removable storage device may pose more of a
threat than putting that data on a smartphone. Such devices are not only easily lost or stolen; they also
typically do not have passwords, encryption, or any other protection for the data they contain. While
such protection for removable storage devices is available, it is relatively expensive and infrequently
used as of this writing.

Improper access controls: Without proper access controls such as ACLs on firewalls, the risk of data loss
is high. Organizations can lower their risk of data loss by fine-tuning access controls and patching known
vulnerabilities.

Key exchange

Key exchange is any method in cryptography by which cryptographic keys are exchanged between two
parties, allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange
encrypted messages, each must be equipped to encrypt messages to be sent and decrypt messages
received.

Hash Algorithm

A hash algorithm is a function that converts a data string into a numeric string output of fixed length.
The output string is generally much smaller than the original data. Hash algorithms are designed to be
collision-resistant, meaning that there is a very low probability that the same string would be created for
different data. Two of the most common hash algorithms are the MD5 (Message-Digest algorithm 5) and
the SHA-1 (Secure Hash Algorithm). MD5 Message Digest checksums are commonly used to validate
data integrity when digital files are transferred or stored.