Chapter 4

DEC30023
COMPUTER 4.3 Networking threats
NETWORKING
FUNDAMENTALS
LEARNING OUTCOMES

Upon completion of this topic students will be able to:

4.3 Understand networking threats
4.3 .1 Describe risks of network intrusion
4.3 .2 Identify types of security threat for a given scenario
4.3 .3 Determine sources of network intrusion
4.3 .4 Explain social engineering and phishing in networking
LEARNING OUTCOMES

4.5 Understand security policy

4.5 .1 Explain common security measures

4.5 .2 Identify importance of updated software and patches
4.5.3 Explain update software patches and antivirus latest
Patterns
RISKS OF NETWORK INTRUSION
 Once the hacker gains access to the network, four types of threat
may arise:
SOURCES OF NETWORK
INTRUSION
 Security threats from network intruders can come from both
internal and external sources.
SOCIAL ENGINEERING AND
PHISHING IN NETWORKING
 Social engineering is a term that refers to the ability of something
or someone to influence the behavior of a group of people.
PHISHING
• Phisher pretends to represent a legitimate outside
organization.
• Typically contact the target individual (the
phisher) via email.
• Ask for verification of information, such as
passwords or usernames in order prevent some
terrible consequence from occurring
PHISHING
PRETEXTING

• Pretexting is a form of social engineering where an

invented scenario (the pretext) is used on a victim in
order to get the victim to release information or
perform an action.
• The target is typically contacted over the telephone.
VISHING

• A new form of social engineering that uses Voice

over IP (VOIP)
• With vishing, an unsuspecting user is sent a voice
mail, instructing them to call a number which
appears to be a legitimate telephone-banking
service.
• The call is then intercepted by a thief.
• Bank account numbers or passwords entered over
the phone for verification is then stolen.
METHODS OF ATTACK
 Viruses, worms, and Trojan horses.
 VIRUSES

 Program that runs and spreads by modifying other programs or files

 Needs to be activated - replicate itself and spread
 Use all available memory and bring a system to a halt
 Delete or corrupt specific files before spreading
 Transmitted via email attachments, downloaded files, instant
messages or via diskette, CD or USB devices.
 WORMS

 Similar to a virus but does not need to attach itself to an

existing program.
 A worm uses the network to send copies of itself to any
connected hosts.
 Run independently and spread quickly.
 Do not require activation or human intervention.
 Self-spreading network worms - greater impact than a single
virus
 Can infect large parts of the Internet quickly.
TROJAN HORSES

 Non-self replicating program that is written to appear like

a legitimate program
 A Trojan horse relies upon its legitimate appearance to
deceive the victim into initiating the program.
 May be relatively harmless or can contain code that can
damage the contents of the computer's hard drive.
 Create a back door into a system allowing hackers to gain
access.
DENIAL OF SERVICE

 SYN (synchronous) Flooding:

 a flood of packets are sent to a server requesting a client
connection.
 contain invalid source IP addresses.
 The server becomes occupied trying to respond to these
fake requests
 Ping of death:
 Send packet greater size than the maximum allowed by IP
(65,535 bytes)
 cause the receiving system to crash.
DENIAL OF SERVICE (DOS)
DISTRIBUTED DENIAL OF
SERVICE (DDOS)
• Operates on a much larger scale than DoS attacks
BRUTE FORCE ATTACKS

 A fast computer is used to try to guess passwords or to

decipher an encryption code.
 The attacker tries a large number of possibilities in rapid
succession to gain access or crack the code.
 Can cause a denial of service due to excessive traffic to a
specific resource or by locking out user accounts.
SPYWARE, TRACKING COOKIES,
ADWARE AND POP-UPS
 ADWARE

 Used to collect information about a user based on websites

the user visits- for targeted advertising.
 Commonly installed by a user in exchange for a "free" product.
 When user opens browser window, Adware start new browser
instances attempt to advertise products/services
 Can open repeatedly - make surfing very difficult
 Difficult to uninstall.
POP-UPS

 Additional advertising windows that display when

visiting a web site.
 Not intended to collect information about the user
 Typically associated only with the web-site being
visited.
 Can be annoying and usually advertise products or
services that are undesirable.
SPAM

 Unwanted bulk email

 Can overload ISPs, email servers and individual end-user
systems.
 Can be sent via email or more recently via Instant
messaging software.
 Consumes large amounts of Internet bandwidth
SPAM
 SECURITY POLICY

 A formal statement of the rules that users must adhere to

when accessing technology and information assets
 Central point for how a network is secured, monitored, tested
and improved upon
SECURITY POLICY

i. Identification and authentication policies

ii. Password policies
iii. Acceptable use policies
iv. Remote access policies
v. Network maintenance procedures
vi. Incident handling procedures
SECURITY POLICY
 The security tools and applications used in securing A network
PATCHES AND UPDATES
 Patch - a small piece of code that fixes a specific problem.
 Update - include additional functionality to the software package
as well as patches for specific issues.
SOFTWARE PATCHES AND ANTI-
VIRUS LATEST PATTERNS
 Anti-virus software – detecting virus
 SIGNS THAT A VIRUS, WORM OR TROJAN
HORSE MAY BE PRESENT:

 Computer starts acting abnormally

 Program does not respond to mouse and keystrokes.
 Programs starting or shutting down on their own.
 Email program begins sending out large quantities of email
 CPU usage is very high
 There are unidentifiable, or a large number of, processes running.
 Computer slows down significantly or crashes
 SIGNS THAT A VIRUS, WORM OR TROJAN
HORSE MAY BE PRESENT

 Blue screen of death (BSOD) - is an error screen displayed on a Windows

computer system following a fatal system error. It indicates a system
crash, in which the operating system has reached a condition where it can
no longer operate safely.
SUMMARY

 Networks can be open to intrusion through

vulnerabilities in software, hardware attacks, or the
weaknesses of individuals.
 Effective network security is based on a variety of
products and services, combined with a thorough
security policy.