Chapter 4
Chapter 4
College of Computing
Department of computer Science
Network Security
Chapter 4
Computer Security
Binyam Tekalign
[email protected]
Outline
• Network security basics
• Threats on network
• Wireless security
Network security basics
Definition of Network Security
• Network security involves implementing measures and protocols to protect the
organizations.
• Common threats include malware, phishing, man-in-the-middle attacks, denial of service
• Administrative Controls:
• Involves security policies, user training, and incident response planning.
Threats on Network
Overview of Network Threats
• Network threats can compromise the security of organizations and
individuals.
• Legal consequences,
Threats on Network
Types of Threats
• Malware: Malicious software designed to harm, exploit, or unauthorized access to a
computer system.
• Types include viruses, worms, Trojan horses, and ransomware.
• DDoS attacks come from multiple compromised devices, often distributed globally.
Threats on Network
Types of Threats
• Man-in-the-Middle (MitM) Attacks: An attacker intercepts communications between
two parties to steal data or alter the communication.
• SQL Injection: An attack that involves inserting malicious SQL code into databases via
web page input to manipulate or steal data.
• Insider Threats: Threats from people within the organization who may have malicious
intentions or who inadvertently cause harm due to negligence.
Understanding Trust in Network Security
Understanding Trust in Network Security
• Trust is the expectation that a device or user operates as intended and does
not perform malicious actions
• Secure certificates
• Solutions:
• Regular updates and patch management.
• Intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor
and respond to suspicious activities.
TCP/IP Suite
• The TCP/IP suite, also known as the internet protocol suite,
• Used to trick the receiving system into thinking that the packet is coming
from a trusted source
• Session Hijacking,
Common Weaknesses in TCP/IP Suite
TCP Weaknesses
• Session hijacking:
• An attacker might predict the sequence numbers used during a TCP session
• The attacker send a forged packet with the correct sequence number to the server.
• The server then waits for a confirming ACK response, which never arrives
• The server’s resources are consumed as it waits for ACK responses to the half-open connections,
eventually leading it to become unresponsive to legitimate traffic.
Common Weaknesses in TCP/IP Suite
UDP Weaknesses
• Stateless because it does not establish a connection before sending data
• Does not require any acknowledgment that the data has been received.
• IP Spoofing: Since UDP does not validate the source IP address or establish a connection
that confirms the identity of the sender, attackers can easily forge the source IP address in
UDP packets.
• This allows to send UDP packets appearing to originate from a different IP address
• Reflection Attacks: An attacker sends a large number of UDP requests to a server(s) (the
reflectors) with the source IP address spoofed to the victim's IP address.
• These servers then respond to the victim's address.
Common Weaknesses in TCP/IP Suite
ICMP Weaknesses
• ICMP Flooding
• The attacker sends a large number of ICMP Echo (Ping) Request packets rapidly to
the target's IP address.
• The target, responding to each request with an Echo Reply, becomes overwhelmed,
leading to slowed or completely halted services.
• This type of attack can consume both incoming and outgoing channels, since both
request and reply packets are involved.
Common Weaknesses in TCP/IP Suite
ICMP Weaknesses
• ICMP Redirection Attacks
• Attacker sends an ICMP redirect message to a target host.
• The message suggests that there’s a more optimal routing path through a router
controlled by the attacker.
• If the host accepts this redirect, future traffic intended for a specific IP address will be
routed through the attacker’s machine.
• This allows the attacker to intercept, manipulate, or block the victim’s traffic.
Buffer Overflows in TCP/IP
• Occur when more data is put into a buffer or data holding area than it can
handle, leading to overflows that overwrite adjacent memory.
• Impact on TCP/IP:
• Buffer overflows can be exploited to execute arbitrary code, potentially allowing
attackers to gain control over a system.
• Examples:
• Historical vulnerabilities in TCP/IP stack implementations, such as in the handling of
large or malformed packets that lead to buffer overflows.
Prevention of Buffer Overflows
• Prevention Techniques:
• Implementing robust input validation to prevent buffer overflows.
• Using secure coding practices and tools that can detect potential buffer overflow
vulnerabilities during development.
• Mitigation Strategies:
• Regularly updating systems and applying patches to fix vulnerabilities in the TCP/IP
stack.
• Employing network intrusion detection systems (NIDS) to detect and respond to signs
of TCP/IP exploits.
Network Security Protocols
• Network security protocols are designed to protect data during transfer
across networks by ensuring confidentiality, integrity, and availability.
• Key Functions:
• Authentication,
• Encryption,
• are a specific type of application firewall that filters, monitors, and blocks HTTP traffic
to and from a web service.
• By inspecting the HTTP traffic, a WAF can prevent attacks stemming from web
application security flaws, such as
• SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
Network Security Protocols
Transport Layer Security
• Focuses on providing communication security over a computer network.
• Ensures that data transferred between users and applications remains private
and reliable.
• Key Protocols:
• TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer).
• They encrypt, authenticate, and check integrity and secure data as it travels
across the network.
Network Security Protocols
Network Layer Security
• Protects data flow between multiple networks and handles the routing of data packets.
• Virtual Private Networks (VPNs) that create secure connections over public networks.
• Forms a private network over the internet.
• Allows for secure communication between remote users and corporate networks.
• Firewall: Can filter traffic based on IP protocols, source and destination IP addresses,
and the ports used in the communication.
• They can deny or allow traffic based on established rules.
Network Security Protocols
Link Layer Security
• Secures data transmission over the physical and data link layer of the
network.
• Key Challenges:
• Address Resolution Protocol (ARP) spoofing and other link-layer vulnerabilities.
• Security Measures:
• MACsec (IEEE 802.1AE) for securing LAN traffic at link layer by using Encryption
and authentication.
• Use of secure switch configurations and port security features to prevent unauthorized
access.
Network Security Protocols
Physical Security
• Importance:
• Ensures the physical protection of network resources including hardware, software,
facilities, and personnel.
• Components:
• Physical access controls, surveillance, and environmental controls to prevent damage
from environmental hazards.
• Best Practices:
• Secure server rooms, restricted access to network components, and robust monitoring
and alarm systems.
Wireless Security
• Wireless security involves protecting wireless networks from unauthorized
access or damage.
• Challenges:
• Wireless networks are inherently more vulnerable due to their broadcast nature,
making signals accessible to anyone within the receiving range.
Wireless Security
Common Wireless Threats
• Eavesdropping:
• Unauthorized interception of private communication.
• Early encryption protocol known for weak security and has been largely deprecated.
• WPA2 introduced in 2004 provides stronger data protection and network access
control.
• WPA3, launched in 2018, offers even more robust security features, including
individualized data encryption.
Wireless Security
Best Practices for Securing Wireless Networks
• Use Strong Encryption (Preferably WPA3):
• Always use the strongest available encryption standard to protect wireless traffic.
• Change default usernames and passwords, disable WPS, and use firewalls and VPNs.
• Educate Users:
• Training on security risks and safe practices, like avoiding the use of public Wi-Fi for
sensitive transactions.
Network Monitoring Tools
• Network monitoring tools are essential for continuously observing a
computer network for slow or failing components,
• Examples
• Wireshark: A network protocol analyzer that lets you capture and interactively
browse the traffic running on a computer network.
• Nagios: Provides monitoring capabilities to identify and resolve IT infrastructure
problems before they affect critical business processes.
Emerging Technologies in Wireless Security
• IoT Security:
• Addressing the unique challenges posed by the Internet of Things and ensuring secure
connections among billions of devices.