1

EC301 : Computer Network Fundamental

Noted prepared by:Pn. Wan Fazlini Idayu binti Wan

Fakari

Chapter 6: Basic Security

2

CLO 4: you should be able to create a simple network connection using Wireless Local Area Network (WLAN) in accordance to IEEE 802.11 protocols. (P7)note: C4 =P7=origination

• Chapter 6 will appear in:-– Lab (5)– Quiz (5)

3

6.1 Network Threats

Risks of network intrusion Once the hacker gains access to the network, four types of threat may arise:

– Information theft Breaking into a computer to obtain confidential information. Information can be used or sold for various purposes.

– Identity theft A form of information theft where personal information is stolen for the purpose of taking over someone's identity.

Risks of network intrusion

– Data loss / manipulation Breaking into a computer to destroy or alter data records.

– Disruption of service Preventing legitimate users from accessing services.

Sources of network intrusion

External Threats

– External threats arise from individuals working outside of an organization

– They do not have authorized access to the computer systems or network.

Internal Threats

– occur when someone has authorized access to the network through a user account or have physical access to the network equipment.

Sources of network intrusion

Scenario

– There are three hosts connected via a switch. A hacker working from inside the building is attempting to access the network, via the switch.

– A hacker is working from his home. The hacker connects to the server via the Internet, and performs an attack on the server, causing it to stop working, or become unavailable.

Social engineering The ability of someone or something to influence behavior of a group of people. Used to deceive internal users to get confidential information. Hacker takes advantage of legitimate users

Forms of Social Engineering Pretexting– Typically accomplished over the phone – scenario used on the victim to get them to release confidential

information– gaining access to your social security number

Phishing– typically contacted via email– attacker pretends to represent legitimate organization

Vishing/Phone Phising– User sends a voice mail instructing them to call a number which

appears to be legitimate– Call intercepted by thief

10

6.2 Methods of attacks

Methods of Attack Virus– runs or spreads by modifying other programs or files– needs to be activitated– cannot start by itself

Worms– similar to virus– does not attach itself to an existing program– no human activation needed

Trojan Horse– appears harmless– deceives the victim into initiating the program

DoS (Denial of Service) Attacks Intended to deny services to users

– floods network with traffic– disrupts connections between client and server

Types of DoS Attacks

– SYN (synchronous) Floodingpackets sent with invalid IP addressesserver tries to respond

– Ping of Death larger packet size sent than allowed leads to system crashing

DoS (Denial of Service) Attacks

DDoS (Distributed Denial of Service) Attack more sophisticated than DoS overwhelms networks with useless data simultaneously

Brute Force Attack

Fast PC used to try and guess passwords or decipher data Attacker tries a large number of possibilities rapidly

Spyware Program that gathers personal information from your PC without permission Information sent to advertisers Usually installed unknowingly when downloading a file Can slow down performance of the PC

Spyware

cookies, adware, and Pop-up Cookies

– Not always bad . – Used to record information about the user when visiting

web sites. Adware

– collects information based on sites visited– useful for target advertising

Pop- Ups

– additional ads displayed when visiting a site– pop-ups – open in front of browser– pop-under – open behind browser

cookies, adware, and Pop-up

Spam Unwanted bulk e-mail Information sent to as many end users as possible Can overload servers, ISPs, etc. Estimated every Internet user receives over 3000 email

per year

21

6.3 Security Policy

Bersambung 20/9/2012…

Common security measures Identification and Authentication Policies

– only authorized persons should have access to network and its resources (including access to physical devices)

Password Policies

– Must meet minimum requirements– Change passwords regularly

Acceptable Use Policies

– Determine which applications are acceptable Remote Access Policies

– Explanation of how remote users can access the network

Common security measures Network Maintenance Procedures– Explanation of update procedures

Incident Handling Procedures– How incidents involving security will be handled

Update software patches

Use of updates and patches makes it harder for the hacker to gain access. Updates

– Includes additional functionality Patches

– Small piece of “code” used to fix the problem

Antivirus latest patterns

Any device connected to a network is susceptible to viruses

Warning signs of a virus:– computer acts abnormal– sends out large quantities of email– high CPU usage

Some Anti-virus programs– Email checking– Dynamic scanning

checks files when accessed– Scheduled scans– Automatic updates

Firewall

Used to control traffic between network Methods of a Firewall:

– Packet filteringbased on IP or MAC address

– Application/Web site filteringbased on the application or website being used

– SPIC (Stateful Packet Inspection)incoming packets must be legitimate responses to

requests from hosts

27

Homework

1. Describe risks of network intrusion.2. Describe Viruses, Worms and Trojan

Horses.3. Explain denial of service and brute

force attacks.4. Differentiate Spyware, Tracking,

Cookies, Adware and Pop-Up.

*Submit today before 3.30 p.m