Scribd
Upload
12 views

Chapter 01 Introduction To Network Security

The document discusses network security concepts including network structure, data packets, threats like intrusion and denial of service attacks, and security terminology related to hackers, devices, and policies.

Uploaded by

Muhammad Hazlami
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
12 views

Chapter 01 Introduction To Network Security

The document discusses network security concepts including network structure, data packets, threats like intrusion and denial of service attacks, and security terminology related to hackers, devices, and policies.

Uploaded by

Muhammad Hazlami
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 34

ITT320

Introduction to Computer Security

CHAPTER 1- INTRODUCTION TO NETWORK


SECURITY

Mazlan Osman
Contents

 Introduction
 The Basics of a Network
 Understanding Security Terminology
 Approaching Network Security

2
Introduction

 The growth of the Internet has brought many


ways in which networks can be compromised
and data stolen.
 Legislators are working to prevent identity
theft and ways to reduce the effects of
viruses and worms such as MyDoom,
MSBlaster, and others.

3
The Basics of a Network

 You need to understand the following:


 Basic network structure

 Data packets

 What does this mean for security?

4
Basic Network Structure

 The fundamental purpose of networks is for


communication
 Part of the network structure includes:
 NICs, hubs, switches, routers, and firewalls
 Network architecture comprises the format
in which these devices are connected

5
Data Packets

 This is the package that holds the data and


transmission information
 Ultimately formatted in binary
 Size ranges between 32 and 65,000 bytes
 Information included in packets:
 Source and destination (IP Address) information
 Packet size (in bytes) and type (e.g. Ethernet)
 Data and other header information

6
What Does This Mean for Security?

 There are two points of attack:


 The data packet itself

 The devices that connect the network

 These are also the points of security


 Protect the data (encryption)

 Secure the network devices

7
Assessing Likely Threats to the
Network
 There are two perspectives in relation to
security:
 First, there is no real threat
 Second, all hackers are experts and out to break
into my network

8
Assessing Likely Threats to the
Network cont.
 No real threat:
 Fosters a laissez-faire attitude toward security
 Promotes a reactive approach to security
 Security measures are not put in place until after a
breach has occurred
 This approach must be avoided at all costs

9
Assessing Likely Threats to the
Network cont.
 Expert hackers out to get me?
 Yes, they exist, but not to the extent publicized
 Lesser skilled hackers are more pervasive
 These target smaller companies
 Usually experts seek high profile networks
 Financial and ideological gain are the targets

10
Assessing Likely Threats to the
Network cont.
 The only practical approach is the realistic
one
 This approach is a moderate solution to the
two extremes
 Assessment is a complex task
 Many factors need to be addressed

11
Classifications of Threats

 Attacks can be classified by function:


 Intrusion
 Blocking
 Malware

12
Classifications of Threats cont.

13
Intrusion-type Attacks on Security
 Intrusion
 Gain unauthorized access to a system through a breach
in the security of that network or machine on the
network.
 Blocking
 Prohibit legitimate traffic or access to the network
resources. (e.g. DoS, DDoS)
 Malware
 Software with a malicious intent that is installed on a
machine includes all viruses, worms, trojan horses, etc.
This is the most common threat.

14
Intrusion-type Attacks on Security
 Social engineering
 A broad range of malicious activities accomplished
through human interactions such as phishing.
 War-dialing
 Occurs when an attacker systematically calls a
sequence of phone numbers in order to find an
inadequately protected system on a modem.
 War-driving
 Attackers who wander through areas searching for
wireless capabilities

15
Malware
 Additional discussion is needed:
 Viruses
 A program that can damage computer system and self-
replicated with human assistance
 Worms
 A type of virus that is a malicious, self-replicating
program that can spread throughout a network without
human assistance
 Trojan horses
 A program that looks benign but actually has a malicious
purpose.

16
Malware

 Additional discussion is needed:


 Adware
 Advertising-supported malware, is a term used to
describe unwanted software that displays
advertisements on your device
 Spyware
 Spyware can be as simple as a cookie used by a
website to record a few brief facts about your visit to that
website, e.g. Cookies, Key loggers

17
Blocking-type Attacks

 Denial-of-Service (DoS)
 An attack meant to shut down a machine or
network, making it inaccessible to its intended
users and it can be accomplished this by flooding
the target with traffic or sending it information that
triggers a crash.
 Dynamic Denial of Service
 Occurs when multiple systems attacked by DoS
and sometimes called Distributed DoS

18
Likely Attacks

 Administrators should ask:


 What are the realistic dangers?
 What are the most likely attacks for our network?
 What are some common vulnerabilities?
 What is the likelihood of an attack?

19
Threat Assessment

 Three factors to consider:


 Attractiveness of the system (discussed earlier)
 The nature of the information on the system
 Traffic to the system (security devices in place)

20
Threat Assessment cont.

 A numerical scale can be assigned to each


factor
 Attractiveness (A): 1 – 10
 Information content (I): 1 – 10
 Security devices (S): 1 – 10
 The equation is: (A + I) – S = V
 Where V equals Vulnerability score
 Lower score indicates lower risk

21
Understanding Security Terminology

 Hacking terminology
 Security terminology

22
Understanding Security Terminology
cont.
 Hacking terminology (people & activity)
 White hat hackers
 Often referred to as ethical hackers
 Specializes in ethical hacking tools, techniques, and
methodologies to secure an organization’s information
systems.
 Black hat hackers
 Individual who attempts to gain unauthorized entry into a
system or network to exploit them for malicious reasons
 Does not have any permission or authority to
compromise their targets

23
Understanding Security Terminology
cont.
 Hacking terminology (people & activity)
 Gray hat hackers
 Grey hats exploit networks and computer systems in the
way that black hats do but do so without any malicious
intent.
 Script kiddy
 A script kiddie (also known as a skid or skiddie) is an
unskilled hacker who breaks into computer systems by
using automated tools written by others (usually by other
black hat hackers).

24
Understanding Security Terminology
cont.
 Hacking terminology (people & activity)
 Cracker
 A hacker who intend to crack down the system usually
password.
 Phreaking
 An individual fascinated by the telephone system.
 Commonly, an individual who uses his knowledge of the
telephone system to make calls at the expense of
another.

25
Understanding Security Terminology
cont.
 Security terminology (devices & policies)
 Firewall
 A firewall is a barrier between a network and the outside
world. Sometimes a firewall takes the form of a
standalone server, sometimes a router, and sometimes
software running on a machine
 Proxy server
 Security device used with a firewall to hide the internal
network’s IP address and present a single IP address
(its own) to the outside world.

26
Understanding Security Terminology
cont.
 Security terminology (devices & policies)
 Intrusion-detection system
 IDS simply monitors traffic, looking for suspicious activity
that might indicate an attempted intrusion.
 Authentication
 The process of determining if the credentials given by a
user or another system (such as a username and
password) are authorized to access the network
resource

27
Understanding Security Terminology
cont.
 Security terminology (devices & policies)
 Auditing
 The process of reviewing logs, records, and procedures
to determine if these items meet standards.

28
Approaching Network Security

 Perimeter security approach


 Focus is on perimeter devices such as firewalls,
proxy servers, password policies, but network
may still be vulnerable while the border of the
network is secured.
 Layered security approach
 Perimeter is secured and selected systems within
the network are also secured.

29
Approaching Network Security
 Proactive (dynamic)
 A dynamic or proactive defence is one in which
steps are taken to prevent attacks before they
occur.
 Reactive (passive)
 A passive security approach takes few or no steps
to prevent an attack.
 Hybrid approach
 Encompasses multiple security paradigms that
overlap or are combined to tighten security.
30
Approaching Network Security cont.

31
Summary

 Most common dangers to networks:


 Viruses, worms, trojan horses
 Basic security terminology:
 Hacking terms: deal with people and activities
 Security terms: deal with devices and policies

32
Summary cont.

 Approaches to securing your network:


 Proactive vs. reactive
 Perimeter: focus is on perimeter devices, internal
devices are still vulnerable
 Layered: focus includes both perimeter and
individual computers within the network
 Hybrid: combination of multiple security
paradigms

© 2006 by Pearson Education, Inc. Chapter 1 Introduction to Network Security 33


Summary cont.

 Resources available for network security:


 CERT
 Microsoft Security Advisor
 F-Secure Corporation
 SANS institute

34

You might also like