NETWORK

SECURITY
M.AYAN ASIM
INTRODUCTION
Network security is about keeping
networks, computers and the files, data
and programs stored on them safe from
attack, damage and unauthorised
access
 FORMS OF ATTACK ON
NETWORK
Computers face a variety of forms of attacks and they can
cause a large number of issues on the network
Main threats to know about are:
Malware
Social Engineering
Brute-Force attacks
Denial of service attacks
Data Interception and theft
Sql injection
 MALWARE
Fil

Malware is any kind of malicious program that is

installed on a computer system with the intention
to cause damage and disrupt its functionality or to
steal information.
It is usually installed without the user’s knowledge
Examples of issues being caused by malware
include:
Files being deleted , corrupted or ecnrypted.
Internet connection being slow or unusable.
Computer shutting down or crashing.
 MALWARE
There are various types of malwares and each of have slightly different
issues which they cause:
Viruses
Worms
Trojans
Ransomeware
Spyware
 VIRUSES
A virus is a computer program that is hidden within another program. The
virus code is only run when the host program is executed.

Viruses can delete data or change system files so that data becomes
corrupted.
Some viruses fill up the hard drive so that the computer runs very slowly or
even becomes unresponsive.

Viruses can insert themselves into other programs that can then be passed
on. They are often spread through attachments to emails, but may also be
spread through files, programs or games downloaded from a web page or
by loading an infected memory stick or CD/DVD.
VIRUSES
 WORMS
Worms are different to viruses as they do not need to be hosted(installed)
in another program.
They often create a ‘back door’ so that a hacker can take over an infected
computer.

Worms are self-replicating, which uses up the computer’s resources and

causes other programs to run slowly.

They usually spread by sending themselves in emails to everyone in a

user’s address book. They can also travel to other computers within a
network, which consumes network bandwidth and affects performance.
WORMS
 TROJANS

Trojans are programs that users are tricked into installing under the
pretence that they are legitimate and useful.

Some Trojans are just annoying, changing the desktop layout and
adding new icons, but they can also delete files and use back doors to
send screenshots and key presses to a hacker’s computer, allowing
them to access your personal information.
TROJANS
 RANSOMWARE
Ransomware is malware that interferes with a user’s operation of a
computer unless a sum of money (ransom) is paid.

It encrypts the files on an infected computer and only decrypts them

once payment has been made. Sometimes the malware doesn’t
actually encrypt anything but still scares users into thinking that it has
so that they hand over payment. Even when payment is made, there is
no guarantee that the files will be decrypted, and often they are not.
RANSOMWARE
 SPYWARE
Spyware is malware that comes packaged with other software such as
free software that a user downloads.

It gathers information about a user and sends it to the criminal. It

includes programs such as keyloggers that record all the user’s
keystrokes to obtain passwords and other login details.
SPYWARE
 PHARMING
Pharming is a form of attack where users are directed to a fake website.

There are two ways in which this might happen.

Malware installed on a computer can send lookup requests to a rogue DNS
server rather than their ISP’s genuine DNS server,
or malware can infect the DNS server itself (known as DNS spoofing) so that
everyone is directed to the bogus site.
 PHARMING
The rogue or ‘poisoned’ DNS server responds with the IP address for a server
hosting a fake copy of the website being visited.

When users then enter their login details at the fake site these are captured so
that they can be used by hackers.
Often, the fake website then redirects the user onto the real version of the
website and logs them in using the details they have just provided. This means
that they are unaware they have been attacked.
 SOCIAL ENGINEERING
The weakest point of any computer system is the people that use it.

Social engineering is a form of security attack that involves tricking or

manipulating people into giving away critical information or access
details. Fear is often used to put people off guard and make them more
likely to comply with instructions.
 PHISHING
Phishing uses fake emails and websites to trick people into giving away their
sensitive data and information.

Emails usually claim or appear to be from a bank or building society, an e-

commerce site or an email provider. They often ask the user to verify their
account by clicking on a link or taking some other similar action.
Links often then take the user to a fake version of the website where login
details, and possibly credit and debit card details, can be captured.
PHISHING
 PRETEXTING
Pretexting, also known as blagging, is often done by phone but can also be
carried out face to face.

Here, the criminal invents a scenario to persuade the victim to divulge

information that they might not do otherwise.
Often, they will pretend to be from an official organisation such as a bank,
insurance company or the police, or to be another employee of the company
or a network administrator.
PRETEXTING
PRETEXTING
 SHOULDERING

Shouldering, or shoulder surfing, involves finding out login details, passwords

and PINs by watching people enter them.

This could happen by looking over someone’s shoulder as they enter their PIN a
a cashpoint or checkout, or even by using recording equipment
 BRUTE FORCE ATTACKS
A brute force attack is where a hacker attempts to crack a password
by systematically trying different combinations of letters and numbers
until the correct one is found.

Automated software is generally used to try millions of different

passwords every second.
Often brute force attacks begin with a dictionary attack, where lists of
previously cracked passwords from other sites are tried before
attempting every possible combination of characters.
Success is based on the amount of computing power available rather
than any specialist techniques or algorithms.
BRUTE FORCE ATTACKS
 DENIAL OF SERVICE (DOS)
ATTACKS
Denial of service (DoS) attacks are designed to bring down
servers or websites by flooding them with superfluous
bogus requests such as repeated attempts to login.

This uses up internet bandwidth and prevents the servers

from responding to legitimate requests.
 DENIAL OF SERVICE (DOS)
ATTACKS
A distributed denial of service (DDoS) attack uses a large number
of compromised machines that have been infected with malware.

These ‘zombie’ computers can be used to form a botnet so that a

huge number of login requests can all be sent at the same time.

DoS or DDoS attacks may be used to extort money from a firm to

stop the attacks, or may be used by hacktivists to punish
organisations that they deem to be unethical.
DATA INTERCEPTION AND THEFT
Data is a very valuable commodity. Personal data can be
used to access bank accounts or in identity theft, while the
financial data or trade secrets of a company can be exploited
by others to gain a competitive advantage.
Data interception and theft can occur in several ways:
Packet Sniffing
Man-in-the-middle (MITM) Attacks
 PACKET SNIFFING
Packet sniffing involves intercepting data using
packet analysers as it is being transmitted
across a network.

These analysers read and display the contents

of each data packet, enabling sensitive data
such as login names, passwords and credit card
details to be stolen.
 PACKET SNIFFING
The software used can manipulate the network switch so that all packets are
sent to the sniffing device, which then sends them on to their intended
destination once they have been intercepted and read.

This means that no one is aware that any interception has taken place.

Packet sniffing can be carried out with relative ease on wireless networks as
the signals can be accessed from distances of up to 300 metres, making it
easy for the perpetrators to avoid detection.
PACKET SNIFFING
 (MITM) ATTACKS
A MITM attack involves intercepting a device’s connection to the
internet.
Often this is achieved by luring users into using a fake Wi-Fi hotspot.
The operator of the fake Wi-Fi network can then sniff all of the packets
to gain personal information and to see which websites are being
visited.
This method also allows phone numbers to be captured, which can
then be used in further attacks.
 THE CONCEPT OF SQL INJECTION
Many websites use databases to store the details of users.
Structured Query Language (SQL) is used to search these
databases, for example to check that a user’s login details
and password are correct.
THE CONCEPT OF SQL INJECTION
SQL injection can be used to bypass security and
circumvent the need to enter legitimate login credentials, thus
allowing hackers to gain access to the database.
From here they can steal valuable data such as names,
addresses and bank details.
SQL statements often operate on data input into fields on
online forms, and so inputting a syntactically valid SQL
expression instead of a username can cause the commands
to be executed.
THE CONCEPT OF SQL INJECTION
IDENTIFYING AND
PREVENTING
VULNERABILITES
INTRODUCTION
There are a number of different methods that can
be used to limit threats and protect networks
and computer systems from unauthorised access.
Penetration testing
Anti-malware software
Firewalls
User access levels
Passwords
Encryption
 PENETRATION
TESTING
Penetration testing is used to test a system or network in
order to identify vulnerabilities in its security that an attacker
could exploit.

Testers take on the role of hackers and try to gain

unauthorised access in a controlled attack.
 PENETRATION
TESTING
Good penetration testing also assesses the security
awareness of users to see how likely they are to fall for social
engineering ploys, and demonstrates the effectiveness of
network security policies.

It may also include checking the organisation’s ability to respond

to security incidents and to recover any data that has been lost
or compromised following an attack.
PENETRATION
TESTING
 ANTI-MALWARE
SOFTWARE
Anti-malware software is designed to detect and remove malware.
It protects systems in several ways:
It performs real-time scans of incoming network traffic to
detect whether they have been infected with a virus.
It performs periodic scans of the whole system looking for
malicious applications.
If a virus or other malware is detected or manages to install
itself it is quarantined. This prevents it from running and allows
users to attempt to clean or remove it
 ANTI-MALWARE
SOFTWARE
Anti-malware software needs to be able to get
regular updates.
from the internet as it relies on using up-to-date
definitions of the viruses and malware that are
known about and how to identify them by their
code.
 FIREWALL
A firewall is designed to prevent unauthorised access to a
network, and can be provided by either a hardware device or a
piece of software.

Firewalls protect a network or computer from attempts by hackers

to break in from the outside. However, they also protect against
attempts by malware to send data packets out of the network from
infected machines
 FIREWALL
Firewalls inspect and filter incoming and outgoing data packets to
ensure that they meet the security criteria that have been
configured.
If a packet does not meet the security criteria it is not allowed
through. Criteria may include:
the MAC address of the computer sending the data
the type of data been sent or received, for example .exe files
IP address filtering to prevent users and programs from
accessing specific internet sites.
 USER ACCESS
LEVELS
Users of a network are often arranged into user groups.
Each group has different user access rights that determine
what software, hardware and files they are permitted to
access.
For example, on a school network staff may be able to
access certain folders that pupils cannot.
USER ACCESS
LEVELS
 USER ACCESS
LEVELS
User access levels are an important way of avoiding attacks
caused by the careless actions of users.
Preventing normal users from installing new software means
that malware cannot be installed even if a user is lured into
clicking on a suspicious link.
In addition, access to confidential information can be limited
to only those who need it, which helps to protect against
insider attacks.
USER ACCESS
LEVELS
 PASSWORDS
Passwords help to prevent unauthorised access to a network or
computer.

However, they are only effective if they remain secret and are not
easy to crack by brute force attacks.
They should not be used for multiple accounts and should never be
written down.
 PASSWORDS
Long passwords that use a combination of letters, numbers and
symbols will take longer to guess in a brute force attack.

As hackers can potentially find out information about users,

such as their dates of birth and names of family members, these
should never be used in passwords.
 PASSWORDS
Two-factor authentication (2FA) can be used to add an extra layer of
security to the use of passwords.
In addition to providing a username and password, the user has to
enter a code that only they have access to.
Usually this is a code that has been sent to another device they
have possession of, such as a mobile phone.
Passwords are gradually being replaced by biometric authentication
methods such as fingerprint readers and facial recognition
. Biometric factors can also be used as the second step in two-
factor authentication.
PASSWORDS
PASSWORDS
 ENCRYPTION

Encrypting data means that it cannot

be read by unauthorised persons, even
if they manage to access the data.
Encrypted data requires the correct
key to be used in order to be
decrypted.
 ENCRYPTION

Wi-Fi networks should use secure encryption, such as

WPA2, to ensure that network packets cannot be
intercepted and read.
Files on a network or removable storage device can
also be encrypted so that they cannot be read if
someone manages to gain access to them.
 PHYSICAL
SECURITY
Physical security is about protecting hardware, software, networks
and data from physical actions that could cause harm.
These include:
burglary and theft
fire, flood and natural disasters.
Security measures might include keeping servers in a locked room
that can only be accessed by network managers, and ensuring that
backups are kept off-site in a different secure location.
PHYSICAL
SECURITY
QUESTION
TIME