Data Communication and Computer Network

Chapter 7
Network Security

BITS College

Presented to: Anteneh Kassaye @ 0911 242116

7/3/2024
Reference for this Chapter

 COMPTIA Network+ study book (Mike Harwood, Drew Bird. Chapter 8 and
9Page 215 to 270 )
 CompTIA Network+ Chapter 14 (by Tamara Dean , page 519… )
 Computer and Information Security Handbook (John R. Vacca)
Basic IT Security
 Information security deals with the matters of policy, strategy, and
processes that are necessary to establish the overall security posture of an
organization
 It is a measures and controls that ensure confidentiality, integrity, and
availability of information system assets or resources.
Basic IT Security

 Authenticity: The property of being genuine and being able to be verified

and trusted
 Accountability: The security goal that generates the requirement for
actions of an entity to be traced uniquely to that entity.
Network Security
 Networks have become more geographically distributed and heterogeneous,
and the risk of their misuse has also increased.
 Consider the largest, most heterogeneous network in existence, the
Internet, which contains millions of points of entry, it is vulnerable to
millions of break-ins.
 In this chapter, you will learn how to assess your network's risks, how to
manage those risks, and, perhaps most important, how to convey the
importance of network security to the rest of your organization through an
effective security policy.
Network Security Risks
To understand how to manage network security, you should first recognize the
types of threats that your network may suffer. Not all security breaches result
from a manipulation of network technology. Instead, some occur when staff
members purposely or inadvertently reveal their passwords; others result from
undeveloped security policies.
Here are some security risks categories and we see each below

 Risks Associated with People

 Risks Associated with Transmission and Hardware
 Risks Associated with Protocols and Software
 Risks Associated with Internet Access
Risks Associated with People
 By some estimates, human cause more than half of all security breaches .
 Consider the following list:
o social engineering or snooping to obtain user passwords
o Administrator Incorrectly creating or configuring user IDs, groups, and their associated
rights on a file server creating vulnerabilities
o Security flaws in topology or hardware configuration
o Security flaws in the operating system or application configuration
o Lack of proper documentation
o Dishonest or disgruntled employees abusing their file and access rights
o Users easy-to-guess passwords
o Leaving computer room doors open, allowing unauthorized individuals to enter
o Disks or backup tapes in public waste containers
o Users writing their passwords on paper, then placing the paper in an easily accessible
place.
Risks Associated with Transmission and Hardware
 This section describes security risks inherent in the Physical, Data Link,
and Network layers of the OSI Model.
o For instance, to eavesdrop on transmissions passing through a switch, an
intruder must use a device such as a sniffer, connected to one of the switch's
ports.
o In the middle layers of the OSI Model, it is somewhat difficult to distinguish
between hardware and software techniques. For example, because a router
acts to connect one type of network to another, an intruder might take
advantage of the router's security flaws by sending a flood of TCP/IP
transmissions to the router, thereby disabling it from carrying legitimate traffic.
Risks inherent in network hardware
 Transmissions can be intercepted .
 eavesdropping at a building's demarcation point, remote switching facility,
or in a central office.
 Network hubs broadcast traffic over the entire segment, thus making
transmissions more widely vulnerable to sniffing.
 Unused hub, router, or server ports can be exploited and accessed by
hackers if they are not disabled.
 Router's ports not properly configured, those ports accessible by Telnet
may not be adequately secured.
 Computers hosting very sensitive data may coexist on the same subnet
with computers open to the general public.
 Passwords for switches, routers, and other devices may not be kept
secured.
Risks Associated with Protocols and Software
 This section describes risks inherent in the higher layers of the OSI Model,
such as the Transport, Session, Presentation, and Application layers
 The following are some risks pertaining to networking protocols and
software:
o TCP/IP contains several security flaws. For example, IP addresses can be
falsified easily, checksums can be thwarted, UDP requires no authentication,
and TCP requires only weak authentication.
o Trust relationships between one server and another may allow a hacker to
access the entire network because of a single flaw.
o NOSs may contain "back doors" or security flaws
o Administrators might accept the default security options after installing
o Transactions that take place between applications, such as databases and Web-
based forms, may be open to interception.
Risks Associated with Internet Access
 Although the Internet has brought computer crime, such as hacking, to the
public's attention, network security is more often compromised "from the
inside" than from external sources. Nevertheless, the threat of outside
intruders is very real, and it will only grow as more people gain access to
the Internet.

A hacker, in the original sense of the word, is someone who masters the inner
workings of computer hardware and software in an effort to better understand
them. To be called a hacker used to be a compliment, reflecting extraordinary
computer skills. Those who use their computer skills to destroy data or
systems are technically considered crackers.
Risks Associated with Internet Access …
 Common Internet-related security issues include the following:
o A firewall may not be adequate protection, if it is configured improperly or
not be configured correctly to perform even its simplest function—preventing
unauthorized packets from entering the LAN from outside.
o When a user Telnets or FTPs to your site over the Internet, his user ID and
password are transmitted in plain text—that is, unencrypted. Anyone
monitoring the network.
o Hackers may obtain information about your user ID from newsgroups, mailing
lists, or forms you have filled out on the Web.
o While users remain logged on to Internet chat sessions, they may be vulnerable
to other Internet users who might send commands to their machines that cause
the screen to fill with garbage characters and require them to terminate their
chat sessions. This type of attack is called flashing.
o After gaining access to your system through the Internet, a hacker may launch
denialof-service attack
Security Policy
 Network security breaches can be initiated from within an organization,
and many take advantage of human errors.
 To minimize this risk, communicating with and managing the users in your
organization via a thoroughly planned security policy is important.
 A security policy identifies your security goals, risks, levels of authority,
designated security coordinator and team members, responsibilities for
each team member, and responsibilities for each employee.
Typical goals for security policies are as follows:
o Ensure that authorized users have appropriate access to the resources they
need.
o Prevent unauthorized users from gaining access to the network, systems,
programs, or data.
o Protect sensitive data from unauthorized access, both from within and from
outside the organization.
o Prevent accidental damage to hardware or software. Prevent intentional
damage to hardware or software.
o Create an environment in which the network and systems can withstand and, if
necessary, quickly respond to and recover from any type of threat.
o Communicate each employee's responsibilities with respect to maintaining data
integrity and system security.
Security in Network Design
 The two important Elements of Network security strategy are the
use of proxy and firewall system.
Firewall
 A firewall is a specialized device, or a computer installed with specialized
software, that selectively filters or blocks traffic between networks.
 A firewall typically involves a combination of hardware and software and
may reside between two interconnected private networks such as between
a private network and a public network.
 A firewall system acts as a protective layer to network access by
controlling the traffic that passes between the interfaces on the system.
Packet filtering firewalls
 The most common form of firewall is a packet-filtering firewall, which
examines the header of every packet of data that it receives to determine
whether that type of packet is authorized to continue to its destination. IT
deals with Packets at Datalink and Network layers of the OSI model.
 The following are some of the criteria by wich packet filtering can be
implemented:
o IP addressing: allow or deny IP addresses
o Port Number:
o Protocol ID:
o MAC address:
Circuit Level Firewall
 Circuit level firewalls are similar in operation to packet-filtering firewalls,
but they operate at the transport and session layer of the OSI model.
 The biggest difference is that at this level the firewall validates TCU and
UDP session before opening the connection, or the circuit ,through the
firewall.
Application Gateway Firewalls
 The application gateway firewall is the most functional of all the firewall
types. As its name suggests, the application gateway firewall functionality
is implemented through an application. It can implement sophisticated
rules and closely control traffic that passes through. Features of these
firewalls can include user authentication system and capability to control
which systems an outside user can access on the internal network.
Proxy Servers
 Proxy server allow you centralize access to the Internet and therefore provide a way to
control and monitor network access.
 One approach to enhancing the security of the Network and Transport layers provided by
firewalls is to combine a packet-filtering firewall with a proxy service.
 A proxy service is a software application on a network host that acts as an intermediary
between the external and internal networks, screening all incoming and outgoing traffic.
The network host that runs the proxy service is known as a proxy server.
 Proxy servers manage security at the Application layer of the OSI Model..
Proxy server.
 A proxy server is like a computer on the web that redirects your web
browsing activity. A proxy server acts as a gateway between you and the
internet. It’s like a middle agent server that sits between end users from
the websites they browse. A Proxy server provides security, functionality
and privacy depending on your needs and company policy.
o Squid Proxy : Server is a caching proxy that supports protocols like HTTP,
HTTPS and FTP.
o Priory: is a regular or non caching web proxy with advanced filtering
capabilities for ensuring privacy.
o SwiperProxy: a fast, open source web proxy that is easy to run, administer, and
customize. It is built on efficient Python code that helps it optimally run its
self contained minimalist webserver.
Firewall and Proxy servers
 Often, firewall and proxy server features are combined in one device. In
other words, you might purchase a firewall and be able to configure it not
only to block certain types of traffic from entering your network, but also
to modify the addresses in the packets leaving your network.
Threats and vulnerabilities
 Threat is any incident that negatively affect an asset, while attack is an
offensive maneuver.
 A vulnerability is a weakness in a system, week implementation that could
be exploited.
 Asset : any device or data that is valuable to organization (HW, SW,
information, infrastructure)
o Access to the data must be controlled (protection)
o access to the computer facility must be controlled ( authentication)
o Sensitive data must be secured ( file security)
o Data must be securely transmitted across network ( network security)
Threats and vulnerabilities
 Network attack can be classified as passive and active
o passive : eavesdropping
o active: modification of data or falsification: reply, masquerade, dos,
modification of message, man-in-the-midl
Common Threats - Virus
 malware (malicious software) designed to inflict damage,

Virus: propagate by inserting a copy of itself into another program; spread

from computer to computer, by usb, cd, network share, and email...; need
human action, can lay dormant, need a host program...; execute unwanted
harmful action
o Trojan Horse :- designed to look legitimate, non replication, provide
access to backdoor, could cause immediate damage, exploit user
privilege
o Remote access, DoS, AV disabling, FTP, Proxy, distructive, and data sending
Trojan horses.
Common Threats - Worms
 Worms: automatically replicate and transmit via network, excite arbitrary
code, exploit vulnerability, run by itself
 worm components: enable vulnerability (uses email attachment, Trojan
horse,..), propagate mechanism (replicate and locate new target), and
payload ( a code that result in some action)
 Ransomware: encrypted algorithm, demand money, social engineering,
Other malware: spyware, adware, scareware, phishing and rootkit (which
hide and provide access to attacker)