19-Introduction to Network Security

8/3/2019 19-Introduction to Network Security

http://slidepdf.com/reader/full/19-introduction-to-network-security 1/32



By.P. Victer Paul

Dear,We planned to share our eBooks and project/seminar contents

for free to all needed friends like u.. To get to know about morefree computerscience ebooks and technology advancements incomputer science. Please visit....

http://free-computerscience-ebooks.blogspot.com/

http://recent-computer-technology.blogspot.com/

http://computertechnologiesebooks.blogspot.com/

Please to keep provide many eBooks and technology news forFREE. Encourage us by Clicking on the advertisement in theseBlog.

















Intentional attacks on computing resources and networkspersist for a number of reasons

Complexity of computer software and newly emerginghardware and software combinations make computer and

the network susceptible to intrusion◦ It is difficult to thoroughly test an application for all

possible intrusions



1. Trojan horse programs2. Back door and remote administration programs3. Denial of service

4. Being an intermediary for another attack 5. Unprotected Windows shares6. Mobile code (Java, JavaScript, and ActiveX)7. Cross-site scripting8. Email spoofing9. Email-borne viruses10. Hidden file extensions11. Chat clients12. Packet sniffing

Source: CERT



Trojan horses are programs that are installed withoutthe knowledge of the user

Trojan horse programs can perform a wide variety of covert talks such as modifying and deleting files,

transmitting files to the intruder, installing programs,installing viruses and other Trojan horse programs etc.



Covert installation of remote administration programs

such as BackOrifice, Netbus and SubSeven

Such programs give remote access to the computer

from anywhere on the Internet



Client computer is used to launch mostly denial of

service attacks on other computers

An agent is usually installed using a Trojan horse

program to launch the denial of service attack on other

computers



Malicious code can be stored in protected Windows

share for propagation



Mobile codes in Java, JavaScript, and ActiveX canbe executed by a web browser is generally useful,but it can also be used to run malicious code on

the client computer. Disabling Java, JavaScript, and ActiveX fromrunning in the Web browser must be consideredwhen accessing websites that cannot be trusted

Email received in HTML format is also

susceptible to mobile code attack because it couldalso carry the mobile code



A malicious script can be sent and stored by a webdeveloper on a website to be downloaded by anunsuspecting surfer

When this website is accessed by a user, the script istransferred to the local web browser

Ways of acquiring malicious scripts include “followinglinks in web pages, email messages, or newsgroup, usinginteractive forms on an untrustworthy site, viewingonline discussion groups, forums, or other dynamicallygenerated pages where users can post text containingHTML tags” - CERT



Email “spoofing” tricks the user in believing that the

email originated from a certain user such as an

administrator although it actually originated from a

hacker

Such emails may solicit personal information such as

credit card details and passwords

Examining the email header may provide some

additional information about the origin of the email



Malicious code is often distributed through email as

attachments

Attachments must thus be opened with caution



An attachment may have a hidden file extension◦ Such files may execute the attachment

Examaple:◦ Downloader (MySis.avi.exe or

QuickFlick.mpg.exe)◦ VBS/Timofonica (TIMOFONICA.TXT.vbs)◦ VBS/CoolNote

(COOL_NOTEPAD_DEMO.TXT.vbs)◦ VBS/OnTheFly (AnnaKournikova.jpg.vbs)

In the above files, the hidden extension is .vbspertaining to an executable Visual Basic script



Internet chat applications such as instant messagingapplications and

Internet Relay Chat (IRC) involve the exchange of information including files that may contain malicious

executable codes The same caution that applies to email attachments

apply here as well



Packet sniffer programs capture the contents of packets that may include passwords and othersensitive information that could later be used forcompromising the client computer

For example, a sniffer installed on a cable modem inone cable trunk may be able to sniff the passwordfrom other users on the same trunk

Encryption of network traffic provides one of the

defenses against sniffing



Many businesses rely heavily on computers to

operate critical business processes

Individuals are using computers for tasks that

required confidentiality Advent of Internet has provided a physical path of

entry for every computer connected to the Internet

◦ An always connected broadband connection is

always vulnerable in this case



Providing security requires action on two fronts,namely the management and the technical frontsrespectively

The management aspect relates to organizational

policies and behavior that would address securitythreats and issues

The technical aspect relates to the implementation of hardware and software to secure access to computing

resources and the network



Best practice approach is to ensure secure behavior

The above can be done by established guidelines for

managing, addressing and rectifying security related

issues



Introduce security related hardware and software tosecure access to computers and computing resources



From an implementation point of view, the following aresome of the steps that could be taken to provide security

◦ Implement security patches and other updatespertaining to an operating system and other venerable

software such as the Internet Explorer◦ Install self-monitoring an anti-virus, anti-spam and anti-

hacker and pop-up blocker software

◦ Install a firewalls

◦

Use encryption wherever feasible All the approaches can be used to complement one

another



Security patches are issued by mainly the OS vendor

such as Microsoft to patch security holes as they arediscovered

Examples of self-monitoring software include anti-virus, spyware elimination, pop-up blocking, andanti-spam software

Both the security patches and the self-monitoringsoftware act at the local client level



Antivirus◦ Mcafee

Spyware elimination

Pop-up blocker

Anti-Spam



Firewalls are used for controlling access to thecomputing resources

In general, it acts at the network level controlling

network access to computing resources

Firewalls can be implemented in software as well as in

hardware



By encryption, the data can be made illegible to theintruder

It can be implemented at the network level as well as

the client level

For example, locally stored data can be encrypted and

the network traffic could equally well be encrypted



VPN

PKI

Digital Certificates



Firewalls and encryption will be discussed further inseparate modules under the section entitled “Network

Security”



firewall.com

firewall-net.com firewallguide.com

msdn.microsoft.com

winroute.com

tinysoftware.com sunsite.unc.edu



http:// www.howstuffworks.com http://www.microsoft.com

http://www.securityfocus.com

http://grace.com/us-firewalls.htm

http://www.kerio.com/us/supp_kpf_manual.html

http://www.broadbandreports.com/faq/security/2.5.1.

http://www.firewall-software.com

http://www.microsoft.com/

http://www.howstuffworks.com/


http://www.securityfocus.com/


http://www.broadbandreports.com/faq/security/2.5.1

http://www.firewall-software.com/




http://www.broadbandreports.com/faq/security/2.5.1


http://www.securityfocus.com/


http://www.howstuffworks.com/




http://www.tlc.discovery.com/convergence/hackers/hackers.html

http://www.tuxedo.org/~esr/faqs/hacker-howto.html

http://www.iss.net/security_center/advice/Underground/Hacki

ng/Methods/Technical/ http://www.infosecuritymag.com/articles/march01/features4_b

attle_plans.shtml

http://www.nmrc.org/faqs/www/wsec09.html

http://www.microsoft.com/ . Tim Rains • Technical Lead • Networking Team

Q310099, "Description of the Portqry.exe Command-LineUtility"




http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/


http://www.infosecuritymag.com/articles/march01/features4_battle_plans.shtml




http://support.microsoft.com/support/misc/kblookup.asp?id=Q310099

http://support.microsoft.com/support/misc/kblookup.asp?id=Q310099












19-Introduction to Network Security

Documents

Transcript of 19-Introduction to Network Security