Scribd
Upload
1 views

managing network security unit 2

The document provides an overview of various network security threats, including malware, phishing, DoS attacks, and insider threats, along with their impacts. It emphasizes the importance of identifying network vulnerabilities such as weak passwords and outdated software, and outlines a systematic approach to creating a network security threat model. Key components of the threat model include asset identification, risk assessment, and continuous improvement to enhance network security.

Uploaded by

Teddy Meta
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
1 views

managing network security unit 2

The document provides an overview of various network security threats, including malware, phishing, DoS attacks, and insider threats, along with their impacts. It emphasizes the importance of identifying network vulnerabilities such as weak passwords and outdated software, and outlines a systematic approach to creating a network security threat model. Key components of the threat model include asset identification, risk assessment, and continuous improvement to enhance network security.

Uploaded by

Teddy Meta
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Hardware and Network Servicing

Level-IV

Manage Network Security

Unit Two: Threats to network security


Attacks of network security
Overview of Network security Attack

Network security attacks come in various forms, each aiming to


weaknesses in a system or network to compromise its integrity,
privacy, or availability. Here's an overview of some common
network security attacks:
Malware:
• Definition: Malicious software designed to harm or exploit systems.
• Types: Viruses, worms, trojan horses, ransomware, spyware.
• Impact: Unauthorized access, data theft, system disruption.
Phishing:
• Definition: Social engineering attack where attackers copy trustworthy entities to
trick individuals into sensitive information.
• Forms: Email phishing, spear phishing, vishing (voice phishing), smishing (SMS
phishing).
• Impact: Unauthorized access, identity theft, financial loss.
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks:
• Definition: Overloading a system, network, or service with excessive traffic to
disrupt normal functioning.
• Impact: Service outage, network slowdown, loss of availability.
Man-in-the-Middle (MitM) Attacks:
• Definition: Intercepting and potentially changing communication between two
parties without their knowledge.
• Forms: session hijacking, SSL stripping(Secure Sockets Layer).
• Impact: Data interception, unauthorized access.
SQL Injection:
• Definition: Manipulating defenselessness in web applications by injecting malicious
SQL code into input fields.
• Impact: Unauthorized access to databases, data manipulation.
Cross-Site Scripting (XSS):
• Definition: Injecting malicious scripts into webpages viewed by other users.
• Forms: Stored XSS, reflected XSS, DOM-based XSS.
• Impact: Cookie theft, session hijacking, defacement.
Brute Force Attacks:
• Definition: Repeatedly attempting various combinations of usernames and
passwords until the correct credentials are found.
• Impact: Unauthorized access, account compromise.
Eavesdropping (Packet Sniffing):
• Definition: Unauthorized interception and monitoring of network traffic.
• Impact: Unauthorized access to sensitive information.
DNS Spoofing:
• Definition: Redirecting DNS queries to malicious sites.
• Impact: Man-in-the-middle attacks, phishing, data theft.
Insider Threats:
• Definition: Malicious actions by individuals within an organization.
• Forms: Intentional data theft, accidental data exposure.
• Impact: Data breaches, compromised security.
To mitigate the risk of these network security attacks,
organizations implement a combination of technical controls
(firewalls, interruption detection/prevention systems,
encryption), security policies, user education, and regular
security audits. Staying informed about emerging threats and
continuously updating and patching systems are crucial
components of a healthy network security strategy.
Network vulnerabilities

Network vulnerabilities refer to weaknesses or errors in a computer


network's security that can be exploited by attackers to compromise the
confidentiality, integrity, or availability of the network and its data.
Identifying and addressing these vulnerabilities is crucial for
maintaining a secure and strong network. Here are some common
network vulnerabilities:
Weak Passwords:
• Passwords that are easy to guess or are not strong enough can be exploited by
attackers. It's essential to enforce strong password policies and use multi-factor
authentication (MFA) where possible.

Outdated Software and Patching:


• Failure to update and patch operating systems, applications, and network
devices can leave vulnerabilities open for exploitation. Regularly applying
security patches helps address known vulnerabilities.
Unsecured Network Protocols:
• Insecure or outdated network protocols may expose sensitive
information to eavesdropping. It's important to use secure protocols
(e.g., HTTPS instead of HTTP) and disable protocols.

Lack of Encryption:
• Failure to encrypt sensitive data during transmission or storage can
expose it to unauthorized access. Implementing encryption protocols,
such as SSL (Secure Sockets Layer) for data in transit and encryption
for stored data, is crucial.
Unsecured Wireless Networks:
• Open or poorly configured Wi-Fi networks can be exploited by unauthorized users.
Employ strong encryption (WPA3), use complex passwords, and regularly update
Wi-Fi passwords.

Misconfigured Firewalls and Routers:


• Improperly configured firewalls and routers may allow unauthorized access to the
network. Regularly review and update firewall rules to ensure they align with
security policies.

Unrestricted Physical Access:


• Physical access to network infrastructure can lead to unauthorized manipulation.
Restrict physical access to network devices and secure server rooms.
Threat model

A network security threat model is a systematic approach to


identifying and understanding potential security threats to a network.
Developing a threat model helps organizations do in advance,
prioritize, and moderate potential risks to their network
infrastructure. Here are key components and steps involved in
creating a network security threat model:
Asset Identification:
• Identify and enumerate all assets within the network. This includes hardware
(servers, routers, switches), software (applications, operating systems), data
(sensitive information), and human resources.

Threat Listing:
• Enumerate potential threats and vulnerabilities that could impact the network.
Consider external and internal threats, including malicious actors, malware,
insider threats, and natural disasters.
Vulnerability Assessment:
• Conduct vulnerability assessment to identify weaknesses in the network. This
involves scanning systems and applications for known vulnerabilities and
weaknesses in configurations.

Risk Assessment:
• Evaluate the probability and potential impact of identified threats. Assign risk
levels based on the combination of the threat's probability and impact. This helps
prioritize the justification efforts.
Attack Surface Analysis:
• Analyze the network's attack surface, which includes all points where an attacker
could potentially gain unauthorized access. This involves understanding entry
points, interfaces, and potential weak links in the network.

Security Controls Evaluation:


• Evaluate the effectiveness of existing security controls, such as firewalls, intrusion
detection systems, access controls, and encryption mechanisms. Identify any gaps
or areas where controls can be supported.
User and Access Controls:
• Assess user authentication and access controls. Ensure that the principle of least
privilege is implemented, and regularly review and update user access levels.

Data Protection:
• Implement measures to protect sensitive data, both in transit and at rest. This
includes encryption, data classification, and access controls.

Network Monitoring:
• Implement comprehensive network monitoring to detect unusual or suspicious
activities. Use intrusion detection and prevention systems to identify and respond to
potential security incidents.
Physical Security:
• Consider physical security aspects, such as access to server rooms, data
centers, and networking equipment. Restrict physical access to prevent
unauthorized tampering.

Security Awareness Training:


• Conduct regular security awareness training for employees to educate
them about security best practices, social engineering threats, and the
importance of reporting suspicious activities.
Continuous Improvement:
• Regularly revisit and update the threat model to account for changes in
technology, business processes, and emerging threats. Network security
is an evolving field, and continuous improvement is essential.

By systematically addressing these components, organizations can create


a comprehensive network security threat model that helps them
proactively manage and mitigate potential risks to their network
infrastructure

You might also like