THEREDUSER CYBER INTERN

Task 1: InTroducTIon To neTwork securITy BasIcs

NAME: MADHUMITHA.B

COMPANY NAME:THEREDUSER

COURSE: INTERN
 The Red Users: Internship Task 1
Different types of Network Threats

What are Network Threats?

Let us suppose that, a group of people are connected to a network, i.e. a public WIFI, everything is
fine un l there is a malicious threat actor entering into the network, If I am using the public WIFI
and sending some important files to an official and this threat actor may compromise the network
through different methods and will gain access to the file and may tamper the file and send the
malicious file to the des na on, this total process can be said as Network threat, more simply a
network which is under threat by an intelligent hacker.

PAGE 2
Types of Network Threats

A computer worm is a type of malicious software

COMPUTER WORM (malware) that self-replicates and spreads across
networks without the need for human intervention.
Unlike viruses, which require a host file or user
action to spread, worms are standalone programs
that actively seek out networked computers to
infect, spreading through vulnerabilities in systems
or through network connections.

Prevention

1. Keep Software Updated: Regular updates

and patches close vulnerabilities that worms
may exploit.
2. Use Strong Antivirus Software: Quality
antivirus software can detect and block worms
before they spread.
3. Firewalls: Configuring firewalls can prevent
unauthorized access and restrict worm
propagation.

PAGE 3
 PHISHING

Phishing is a form of cyberattack where attackers impersonate a trusted entity to deceive individuals into
revealing sensitive information, such as usernames, passwords, credit card details, or other personal data.
Phishing attacks typically occur via email, text messages, or malicious websites that look legitimate,
convincing users to click on malicious links, download malware, or provide sensitive information directly.

Common Types of Phishing

• Email Phishing: The most common type, where attackers send fraudulent emails with malicious
links or attachments.
• Spear Phishing: Targeted phishing attacks aimed at specific individuals or organizations using
personalized information to increase credibility.
• Smishing and Vishing: Smishing involves SMS messages, while vishing uses voice calls to trick
victims into sharing sensitive data.
•
How to Protect Against Phishing
1. Verify the Source: Always check the sender’s email address and hover over links to verify their
destination.
2. Be Cautious with Attachments and Links: Avoid clicking on links or downloading attachments
from unknown or unsolicited messages.
3. Enable Multi-Factor Authentication (MFA): MFA adds an additional layer of security, making
it harder for attackers to access accounts even with stolen credentials.
4. Keep Security Software Updated: Modern antivirus and anti-malware programs can detect
phishing attempts and block malicious websites.
5. Educate and Stay Informed: Regularly educate yourself and others about phishing techniques to
stay vigilant against new tactics.

PAGE 4
 TROJAN HORSE

A Trojan horse, often just called a "Trojan," is a type of malicious software (malware) that disguises itself
as legitimate software to trick users into installing it. Named after the ancient Greek story of the deceptive
wooden horse used to infiltrate Troy, a Trojan masquerades as a harmless or useful program but, once
installed, can give attackers unauthorized access to a system, enabling them to steal data, install additional
malware, or control the device remotely.

Common Types of Trojans

• Backdoor Trojans: Allow attackers to remotely control the system, often to steal data or install
other malicious software.

• Banking Trojans: Specifically target banking information by capturing sensitive data like login
credentials.

• Spyware Trojans: Monitor user activities, such as keystrokes, screenshots, and browsing history,
to gather sensitive information.

• Ransomware Trojans: Encrypt files on the system and demand payment (ransom) to decrypt them.

Preventing Trojan Horse Infections

• Download Software from Trusted Sources: Avoid downloading software from unverified or
third-party websites.

• Use Strong Security Software: Regular antivirus and anti-malware software can help detect and
block Trojans before they are installed.

• Stay Wary of Phishing Emails: Avoid opening attachments or links in emails from unknown
sources, as these may contain Trojans.

PAGE 5
 • Keep Software Updated: Regular updates ensure security patches are applied, reducing the
chances of Trojans exploiting vulnerabilities.

MITM a ack

A Man-in-the-Middle (MITM) attack is a cybersecurity threat where an attacker secretly intercepts and
potentially alters the communication between two parties who believe they are directly communicating with
each other. By positioning themselves in the middle of the interaction, the attacker can eavesdrop on
sensitive information, like login credentials, personal data, or financial information, or manipulate the data
being transmitted.

How MITM Attacks Work

In a typical MITM attack, the attacker intercepts the data exchange by impersonating each party to the other.
For instance, in a public Wi-Fi setting, an attacker could set up a fake network with a name similar to the
legitimate one. Once users connect to this fake network, the attacker gains access to the data flowing
between users and any sites or services they interact with.

Common Techniques for MITM Attacks

• Spoofing: An attacker pretends to be a trusted entity to intercept communications.

• Session Hijacking: An attacker steals session tokens to gain access to a user’s authenticated
session.

• Packet Injection: The attacker intercepts network packets and inserts malicious ones into the
communication.
PAGE 6
 • SSL Stripping: This technique downgrades a secure HTTPS connection to HTTP, making data
easier to intercept.

How to Prevent MITM Attacks

• Use Encryption: Strong encryption like HTTPS for websites and VPNs for secure network
connections helps prevent unauthorized interception.

• Authentication: Implementing multi-factor authentication (MFA) adds a layer of security, making

it harder for attackers to gain unauthorized access.

• Secure Wi-Fi Networks: Avoiding open or unsecured Wi-Fi networks can minimize the risk of
falling victim to MITM attacks.

• Certificate Pinning: This technique ensures that clients recognize and accept only a specific
certificate, preventing interception by an attacker with a fake certificate.

ROOTKIT

A rootkit is a type of malicious software designed

to gain unauthorized access to a computer system
while concealing its presence from the user and
security software.

Rootkits typically enable attackers to take control

of a system at the most privileged level, often
allowing them to manipulate or monitor the
system without detection.

They are often used to hide other types of

malware, like keyloggers or viruses, making it
difficult to detect and remove them.

Rootkits can be installed by exploiting system

vulnerabilities, or they may be unknowingly
installed by users when downloading infected
software.

Once installed, they modify core operating

system components, enabling attackers to
intercept and alter system operations and hide
files or processes from detection tools.

There are different types of rootkits, including

kernel-level rootkits (which target the operating
system’s core) and user-mode rootkits (which
work at the application level).

PAGE 7
SQL INJECTION

➢ SQL injection is a cybersecurity

vulnerability where attackers inject
malicious SQL code into a database query,
typically through user input fields that
aren't properly secured.
➢ By manipulating the query, attackers can
access or modify sensitive data, execute
unauthorized commands, and potentially
control the database.
➢ SQL injection occurs when an application
fails to sanitize user inputs, allowing
attackers to bypass security measures and
perform actions such as bypassing login
authentication, extracting sensitive data, or
even deleting records.
➢ Preventing SQL injection involves
practices like using parameterized queries,
input validation, stored procedures, and
implementing the principle of least
privilege.

ADWARE
Adware is a type of software designed to display unwanted
advertisements on a user's device, often in the form of pop-ups,
banners, or redirects. While some adware programs are
legitimate and provide free software in exchange for showing
ads, malicious adware is often installed without user consent
and can collect data, slow down devices, and cause significant
annoyance.

Preventing and Removing Adware

1. Download Software from Trusted Sources: Avoid

downloading software from untrusted websites, as
adware often hides in free or pirated downloads.

2. Read Installation Prompts Carefully: Many adware

programs are installed through "optional" add-ons;
choose custom installation to avoid extra unwanted
software.

PAGE 8
 undersTandIng fIrewalls, encrypTIon and secure
neTwork confIguraTIons

A firewall is a security device or software that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. It acts as a barrier between a trusted
internal network and untrusted external networks (such as the Internet).

Types of Firewalls:

• Packet-Filtering Firewalls: Examine packets and allow or block them based on source
and destination IP addresses, ports, and protocols.

• Stateful Inspection Firewalls: Track the state of active connections and make decisions
based on the context of traffic.

• Proxy Firewalls: Act as intermediaries for requests from clients seeking resources from
servers. They can filter traffic and provide additional security.

• Next-Generation Firewalls (NGFW): Include features such as deep packet inspection,

intrusion prevention systems (IPS), and application awareness.

Configuring Firewalls:

1. Define Security Policies: Create rules for allowed and denied traffic based on your
organization's needs.

2. Regular Updates: Keep the firewall firmware and software up to date to protect against
vulnerabilities.

3. Monitor Logs: Regularly review logs for unusual activity or potential security breaches.

2. Encryption

Encryption is the process of converting data into a coded format to prevent unauthorized
access. Only those with the correct decryption key can access the original data.

Types of Encryption:

• Symmetric Encryption: Uses the same key for both encryption and decryption (e.g., AES,
DES). It's fast but requires secure key management.

• Asymmetric Encryption: Uses a pair of keys (public and private). The public key encrypts
the data, and the private key decrypts it (e.g., RSA, ECC). It's slower but enhances security
for key exchange.

• Hashing: Converts data into a fixed-size string of characters, which is typically a digest
(e.g., SHA-256). It’s one-way and used for data integrity verification.

PAGE 9
Best Practices for Encryption:

1. Use Strong Algorithms: Choose robust encryption standards (e.g., AES-256) to ensure
data security.

2. Encrypt Data at Rest and in Transit: Protect sensitive data stored on devices and during
transmission over networks.

3. Secure Key Management: Store encryption keys securely and restrict access to authorized
users only.

3. Secure Network Configurations

Secure network configurations involve setting up and managing network devices to minimize
vulnerabilities and protect against attacks.

Key Elements of Secure Network Configurations:

• Change Default Settings: Modify default usernames, passwords, and settings on routers,
switches, and other devices.

• Network Segmentation: Divide a network into smaller segments to limit access and
contain potential breaches (e.g., using VLANs).

• Implement Access Control: Use tools like Role-Based Access Control (RBAC) to restrict
access to sensitive resources based on user roles.

• Regular Audits and Updates: Conduct periodic audits of network configurations and
ensure all devices are updated with the latest security patches.

• Use VPNs: Implement Virtual Private Networks to secure remote access and encrypt data
traveling over public networks.

• Disable Unused Services and Ports: Turn off unnecessary services and close unused ports
to reduce the attack surface.

Conclusion

Understanding and implementing firewalls, encryption, and secure network configurations are
critical components of network security. By employing these practices, organizations can
better protect their data and infrastructure from unauthorized access and cyber threats.

PAGE 10
We will see how to implement advanced security rules in
windows to be more secured.
➢ Click on control panel

➢ Click system and security

PAGE 11
 ➢ click on windows defender firewall

When you click on windows fire wall turn on and off option on you will see the above screen, the
firewall is on and it working perfectly.

Now this firewall run on some rules, we can edit and create rules of oncoming requests and also the
outgoing requests.

➢ For that go back and click on advanced settings

PAGE 12
➢ When you click on advanced settings, we will see the below page

➢ Now, as you can see on the left there are 2 options inbound rules and
outbound rules, also you can import policy and export policy in the
system as shown in the right.
➢ I will just show you how to create an outbound rule in this project and
you can try it for inbound rule.

PAGE 13
➢ Click on new rule, shown in the right side and you will see the
following

PAGE 14
When you click on "New Rule" in the Advanced Windows Firewall setings,
you're presented with a series of options to define the specific criteria for the rule.
The "Rule Type" option is the first step in this process.
➢ Inbound Rules
➢ Program: This option allows you to create a rule based on a specific
application or process. You can select a program from a list or browse for
it.
➢ Port: This option allows you to create a rule based on a specific port
number. You can enter a port number or select a predefined service.
➢ Custom: This option provides the most flexibility and allows you to define
multiple criteria, such as program, port, remote IP address, and protocol.
➢ Outbound Rules
• Program: Similar to inbound rules, this op on allows you to create
a rule based on a specific application or process.
• Port: Similar to inbound rules, this option allows you to create a
rule based on a specific port number.

• Custom: Similar to inbound rules, this option provides the most

flexibility and allows you to define multiple criteria.

Once you've selected a rule type, you'll be guided through a series of steps to
define the specific criteria for the rule.
These steps may vary depending on the rule type you've chosen. For example, if
you select the "Program" rule type, you'll be asked to:
1. This program: Choose the specific application or process that the rule
applies to.
2. Scope: Select the scope of the rule (e.g., domain, private, public).
3. Action: Choose whether to allow or block the traffic.
4. Name and description: Provide a name and description for the rule.

PAGE 15
Now lets go with a specific port and do the following steps.

PAGE 16
SO, now click on ports and selected the port as a tcp port and entered the port
number i.e.80 then click on next

You will see profiles dialogue box

What are profiles?
Profiles are a fundamental concept in many security se ngs, including advanced
firewall configura ons.
They allow you to create different sets of rules and se ngs that apply to specific
network environments or situa ons.
This helps you tailor your security measures to match the needs of different
contexts.
Common Profile Types:

PAGE 17
• Domain: This profile is typically used for network connec ons within your
corporate domain. It might have stricter rules and se ngs to protect sensi ve
corporate data.
• Private: This profile is used for network connec ons within your home or
private network. It might have more relaxed rules, allowing for greater flexibility
and convenience
• Public: This profile is used for network connec ons on public networks, such as
Wi-Fi hotspots. It o en has stricter rules to protect your computer from poten al
threats in untrusted environments.
How Profiles Work:
• Rule associa on: You can associate different rules with each profile, allowing
you to customize the security se ngs for different network environments.
• Automa c switching: Your firewall can automa cally switch between profiles
based on your network connec on. For example, it might switch to the "Public"
profile when you connect to a public Wi-Fi network.
Benefits of Using Profiles:
• Tailored security: Profiles allow you to create security se ngs that are
appropriate for different network environments.
• Simplified management: By organizing rules into profiles, you can manage
your security se ngs more efficiently.
• Increased flexibility: Profiles provide flexibility in adap ng your security
measures to changing circumstances.
Example Use Cases:
• Home network: You might create a "Private" profile with relaxed rules for your
home network, while using a "Public" profile with stricter rules when connec ng
to public Wi-Fi.
• Corporate network: Your company might have separate profiles for different
departments or roles, with varying levels of access and permissions. By
understanding and u lizing profiles effec vely, you can enhance the security of
your network and protect your sensi ve data.

PAGE 18
➢ Then click on next

➢ Give the name to the rule and description to it, so that you can search
the rule easily and click on finish.

PAGE 19
 ➢ As you can see the rules are created and you can even delete them by
clicking on the rule and click on delete op on shown on the right side.

When you click on deleted, they will be deleted.

This is how you create or add a new rule to the firewall

and remove a rule from the firewall.

We saw the ways to implement rules, now which ports and profiles should
be closed for better security?
While the default rules provided by Windows Firewall offer a basic level of
protection, creating custom rules can significantly enhance your network security
by allowing you to tailor the firewall's behaviour to your specific needs.

PAGE 20
Here are some examples of custom rules you can create, along with explanations
for their purpose:
Inbound Rules
• Block all incoming traffic on specific ports:
Ports: 139, 445 (SMB), 23 (Telnet), 20, 21 (FTP)
Purpose: These ports are commonly used for file sharing and remote
administration. Blocking them can help prevent unauthorized access to your
system.
• Allow only specific incoming connections:
Ports: 80 (HTTP), 443 (HTTPS), 22 (SSH), 3389 (RDP)
Purpose: These ports are typically used for legi mate web traffic, secure
connec ons, and remote administra on. Allow only connec ons from trusted
sources to prevent unauthorized access.

Remember to consider the following factors when creating custom rules:

• Impact on functionality: Ensure that the rules you create do not interfere with
legitimate network traffic or applications.
• Security risks: Evaluate the potential security risks associated with allowing
or blocking certain traffic.
• Testing: Test your custom rules to ensure they are working as intended and do
not cause any unexpected issues.

PAGE 21
USING WIRESHARK TO PING THE OTHER DEVICE
➢ Open CMD and type the following command Ping by keeping the other
device firewall on, you will see the connection request me out as it is
blocking the request.

Now switch off the fire wall of the other device and then type the same command
again, you will see the following.

PAGE 22
You can check the same using wire shark in the system that you are sending
the packets

All the purple line shows the echo ping from my system to the host system.
If you are using wifi, as you start sniffing packets using wire shark you will
see the handshake between your device and the wifi router you are using
something like this

PAGE 23
Three-way handshake
1. Request
2. Reply
3. ACK

If applications are exchanging data, then, there will be exchange of application

data in the packets, you can click on that particular packet and see the exchange
data request in the wire shark.

Here are some key points for educating others about the importance of network
security:
1. Data Protection: Network security protects personal and sensitive data from
theft or unauthorized access, safeguarding privacy.
2. Preventing Financial Loss: Cyber threats can lead to financial theft and
fraud; network security reduces these risks.
3. Securing Devices: Every device connected to the internet, including phones
and computers, can be a target for malware and hackers without security
measures.
4. Avoiding Service Disruptions: Attacks like DDoS can disrupt services
people rely on daily, from online banking to communication apps.
5. Maintaining Privacy: Strong security ensures that personal conversations,
files, and activities stay private and are not exposed to unauthorized users.
6. Raising Awareness: Simple practices like using strong passwords, avoiding
phishing scams, and updating software regularly can make a big difference.
7. Protecting Businesses and Networks: Even individual security habits
contribute to overall network safety, affecting not only personal devices but
workplaces and public networks.

PAGE 24