chapter 14 network security - computer network
DESCRIPTION
Chapter 14 Network Security - Computer Network Presentation [DCSN] KPTMASTRANSCRIPT
TNW 2023COMPUTER NETWORK
CHAPTER 14NETWORK SECURITY
AididYa’kobSyahrizanSyakirNurul Huda
NETWORK SECURITY
Introduction Security Threats
Structured Threats Unstructured Threats Internal Threats External Threats
Example of Attacks Network Reconnaissance Packet Sniffing Man-in-the-Middle Attacks IP Spoofing DoS
Network Security Methodology
INTRODUCTION TO THREATS
“Possibility or potential to cause harm”
TECHNIQUES FOR DETECTING ATTACKS Device logs Intrusion Detection System - IDS Human diligence
This figure shows a log from a MikroTik Router via WinBox application.The router had experienced access attempts attacks.
Device logs
By analyzing device log we can learn the method of operation & also allowing us to identify the early sign of attack.
Device logs
These explain the type of attack is dictionary attack at ssh service
IDS
By using IDS, it will recognizes pattern of activity (signatures) that reflect known attacks.
Two type of IDS NIDS HIDS
NIDS
HIDS HOST BASED
INTRUSION DETECTION
SYSTEMUnlike NIDS, Host Based Intrusion System reside on the machine itself.
IDS
Reviewing Operating System logs is a scary thing to do. It may take youThe whole day to analyze it manually.
SYSTEM LOGS
Example of NIDS application ; viewing logs with summarize report is really easy.
NIDS
This is an example of subscription service with preprogrammed patterns To review logs with current pattern for HIDS by OSSEC.
HIDS
Log-based Intrusion Detection (LIDS), Host-based Intrusion Detection (HIDS), and Network-based Intrusion Detection (NIDS) combined with a Security Information Management (SIM) tool ; these combination of security information will really ease Security monitoring work.
COMBINATION OF IDS
EXAMPLE OF HIDS ALARM
HUMAN DILIGENCE
Human diligence also is necessary to thwart new attacks as well as technological efforts by IDSs. Subscribing to mailing lists and checking various security sites must be a daily routine. Common sources for security information are : Bugtraq http://www.securityfocus.com CERT http://www.cert.org SAN http://www.sans.org
SECURITY THREATS
Network are subjected to a wide variety of attacks. These attacks include privilege escalation, access attempts, and many others. All of these attacks are defined as network threats and can be categorized according to two classifications : Structured vs Unstructured Internal vs External
Using these classifications is helpful to better understand the threats themselves and how to deal with them.
STRUCTURED THREATS Hackers perform ST are highly motivated and technically
competent. Act alone or in small groups to understand, develop, and
use sophisticated hacking techniques to bypass all security measures to penetrate unsuspecting enterprises.
Involved with major fraud and theft cases reported to law enforcement agencies.
Hired by organized crime, industry competitors, or state-sponsored intelligence-collection organizations.
In IT world attackers who perform S.T. is also known as hacktivists; hackers who are motivated by seeking out a venue to express their political point of view.
Structured threats represent the greatest danger to an organization or enterprise.
UNSTRUCTURED THREATS
Unstructured threats consist primarily of random using various common tools such as malicious shell scripts , password crackers , credit number generators and dealer daemon
If the security of the network is too strong for them to gain access , they may fall back to using Dos as a last resort at saving face
Rarely are the individuals who fall into the category anything more than what is commonly termed a script kiddie
These types of attempts represent the bulk of internet-based attack
INTERNAL THREATS
Internal threats are typically from disgruntled former or current employees
Can be structured or unstructured Structured internal threats represent an
extreme danger to enterprise network because the attacker already has access to the network
Although internal threats may seem more ominous than threats from external source, security measures are available for mitigating the threats and responding when attack occur
EXTERNAL THREATS
Consists structured and unstructured threats originating from external source
Can have malicious and destructive intent such as denial of service(DoS) , data theft or distribute denial of service(DDoS)
Also can simply be errors that generate unexpected network behavior such as misconfiguration of the enterprise’s Domain Name System (DNS) which result of e-mail being delayed or returned to sender
EXAMPLE OF NETWORK ATTACK
Network Reconnaissance Packet Sniffing Man-In-The-Middle Attacks IP Spoofing DoS(Denial of Service)
NETWORK RECONNAISSANCE
Refers to learning information about a target network using publicly available information and application such Domain Name System(DNS) queries, ping sweeps and port scans.
IDSs at the network and host levels can usually notify an administrator when reconnaissance attack in underway
Allows the administrator to better prepare for coming attack or to notify the ISP that is hosting the system that is launching the reconnaissance attack
PACKET SNIFFING
Useful network tools can become threats in the hands of hacker
Provides an example of how someone can exploit a tool used to capture all packets on physical wire (promiscuous mode)
A packet sniffer application is common tool for traffic analysis and troubleshooting by capturing and decoding packets
You can use packet sniffers to capture and inspect all unencrypted data(clear text)
PACKET SNIFFING (CONTINUE…)
Some way to prevent packet sniffing attack :
Authentication – methods such as two factor authentication which is used in conjunction with a user which use one-time password
Cryptography – is the most common and effective method if securing data against sniffer because it scrambles the clear text
Segmenting – the network using switches can help to localize the sniffer activity
MAN-IN-THE-MIDDLE ATTACK
By using packet sniffers or type products , it is possible to captured information as it is transferred from one network to another network
Requires access to network media or devices between the source and destination
Wireless LAN are susceptible to this kind of attack
Attacker use the information captured to launch another attack, for example deny the service or corrupt data store
Use strong encryption so that if packets are sniffed , they are useless to attacker
IP SPOOFING
Technique in which the attacker sends packets with source IP address modified to match that of trusted host
Also disguise the source of packets launched as part of DoS attack
There are 2 way to prevent IP spoofing Authentication – Prevent access to systems based
solely on IP address Filtering – Preventing any outbound traffic on your
network that does not have a source address in your IP range
DOS (DENIAL OF SERVICE)
DoS attacks deny legitimate users access to services
DoS attacks can be characterized by• Disrupting connectivity between devices• Preventing access to specific services• Halting processes on devices by sending bad packets• Flooding networks
How to prevent DoS attack?• Configure firewall• Prevent spoofing• Prevent traffic rates from getting out of control
NETWORK SECURITY METHODOLOGY
SAFE BLUEPRINT OVERVIEW
Cisco developed a security methodology called SAFE SAFE use as guide to design and implement network
security Cisco describe SAFE as a defense-in-depth approach Defense-in-depth means that a system has multiple
security measures in place The SAFE blueprint discourage having only one
device performing a security function Security capabilities can be hosted on dedicated
appliances ,such as firewall The blueprint guidelines encourage you to make
security decisions based on the dangers to be avoided