Post on 22-Dec-2015
Identifying Threats to the Network Security
Internal threats.
External threats.
Viruses, worms, and other malicious code.
Internal Threats
The primary components of any security strategy designed
to combat internal threats are:
Account security.
File and directory permissions.
Practices and user education.
Internal Threats
Account security:
Identification and authentication (I&A) is a security mechanism
that allows a computer to uniquely identify the user attempting
to log on or perform an action in the system.
I&A is done by assigning user IDs and names to each user on
the system.
Each user is assigned a password or a personal identification
number (PIN) to prove their identities.
Internal Threats
Account security (continued):
A credit card or a driver's license can be used to identify a user
in the system.
Smart cards are used as an identification medium for sensitive
computer systems and networks.
Biometrics uses unique human characteristics such as
fingerprints, hand geometry, retina scans, facial geometry, and
voiceprints for authentication.
Internal Threats
Account security (continued):
Passwords are the most common type of authentication
mechanism used.
Passwords should be at least eight characters in length and
contain a mixture of uppercase and lowercase letters,
numbers, and special characters.
Internal Threats
Account security (continued):
Passwords should not be written down or shared with
coworkers.
They should be hard to guess but easy to remember.
Setting the password lockouts on Windows 2000 is a good
practice to prevent password-guessing attacks.
Internal Threats
Account security (continued):
Passwords are stored in an encrypted format on computer
systems.
Hackers can discover passwords through possible
combinations of letters, numbers, and special characters,
known as brute force attack.
Account security (continued):
Hackers can also obtain the encrypted password from the
network as they are communicated between systems.
Obtaining encrypted passwords from a network is called
sniffing the wire.
Internal Threats
Internal Threats
File and directory permissions:
File and directory permissions allow the computer to identify
users who have access to a particular file or directory in the
system.
Access control is a mechanism that is used to restrict what
authorized users can do on a computer system.
File and directory permissions (continued):
In a Windows system, an individual user or a group in a domain
can be assigned multiple permissions on each directory or
folder.
On Linux systems, read, write, and execute permissions can be
set for the owner, group, or other users of a file.
Internal Threats
Internal Threats
Practices and user education:
Technical security controls help an organization manage the
security of its networks.
An organization’s security policies define the expected level of
security that is to be configured.
Practices and user education (continued):
It is a good practice to maintain an audit log that records
certain security-related events for each server on a computer
system.
The audit log can be very useful in reconstructing events after
a problem or concern has been identified.
Internal Threats
External Threats
A front door attack is the most common type of external
attack.
It allows a hacker to identify vulnerabilities on any of an
organization’s systems that are on the Internet.
A port is a query used to identify systems that are running
services vulnerable to attacks.
A rootkit is a set of programs that helps a hacker in
returning to the system and hide its presence.
External Threats
External Threats
Network protection:
The router and firewall both help protect the Web server and
the internal network.
A router is a network device that blocks unwanted traffic by
configuring access control lists.
Network protection (continued):
A firewall drops all traffic by default and is configured to pass
traffic that is necessary.
Updating vulnerable software to eliminate programming errors
helps restrict hackers.
External Threats
External Threats
Back door hacking involves physically breaking into a
facility, using a remote access connection, using a wireless
network access point, or tricking an employee into giving
out information.
Remote Access Security allows a remote employee to
access internal resources.
External Threats
Wireless technology allows a user to access an
organization’s network from outside the building.
Wireless networks should be segregated from the main
internal network by a firewall and require a strong
authentication.
Social engineering can be used to gain unauthorized access
to computer systems through non-technical means.
External Threats
A denial of service attack (DOS attack) is a type of data
flood that uses up all the available bandwidth on a network
and prevents legitimate traffic from reaching the
computers.
A distributed DOS (DDOS) attack increases the amount of
traffic in the network and crashes larger connections or
multiple systems.
Viruses, Worms, and Other Malicious Code
A virus is a program that attaches itself to another program
and executes itself when the infected file is run.
Worms are programs that execute their own code to
propagate.
A Trojan horse is a program, which is accompanied by some
type of social engineering that attempts to make the
recipient execute the program.
Viruses, Worms, and Other Malicious Code
Preventing infections:
Antivirus software should be configured to examine the entire
file system for malicious code on a daily basis.
Antivirus software should be installed on desktop computers,
servers, and e-mail systems to identify malicious code.
Planning a Secure Network
System requirements must be identified in the areas of
confidentiality, integrity, availability, and accountability.
Disasters are events that cause massive damage to an
organization’s infrastructure.
A complete disaster recovery plan (DRP) should take into
account the computer equipment and communication
needs of the organization.
Planning a Secure Network
DRP helps identify and correct a problem before a real
disaster occurs.
File backups are an important part of managing the security
of a network.
Each server should be configured with backup drives in a
redundant array of independent disks (RAID) configuration.
Tapes and disks can also be used for creating backups.
Summary
A combination of uppercase and lowercase characters,
numbers, and special characters are used to create strong
passwords.
Access control mechanisms can be used to limit access to
sensitive files.
Patching vulnerabilities is an important part of overall
security.