0% found this document useful (0 votes)
31 views

Chapter 4

Security review

Uploaded by

bekinathero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
31 views

Chapter 4

Security review

Uploaded by

bekinathero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 34

DEBRE BERHAN UNIVERSITY

College of Computing
Department of computer Science

Network Security
Chapter 4
Computer Security

Binyam Tekalign
[email protected]
Outline
• Network security basics

• Threats on network

• Trust, Weaknesses, Risk and Vulnerabilities

• TCP/IP Suit Weaknesses and Buffer Overflows

• Network security protocols

• Wireless security
Network security basics
Definition of Network Security
• Network security involves implementing measures and protocols to protect the

integrity, confidentiality, and availability of computer networks and data.


• It encompasses both hardware and software technologies

• Aimed at securing the network and data against


• Unauthorized access, cyber attacks, and data breaches.

• Threats can come from a variety of sources, including


• Corporate spies, hackers, terrorist groups, hostile government agencies, and criminal

organizations.
• Common threats include malware, phishing, man-in-the-middle attacks, denial of service

attacks, and data breaches.


Network security basics
Layers of Protection
• Physical Security:
• Protects the physical components of the network,

• Examples: Routers, Switches, servers, and network cables, etc.

• Technical Security Controls:


• Includes firewalls, antivirus software, intrusion detection systems (IDS), and encryption
protocols.

• Administrative Controls:
• Involves security policies, user training, and incident response planning.
Threats on Network
Overview of Network Threats
• Network threats can compromise the security of organizations and
individuals.

• These threats can


• Disrupt the operation of the network,

• Lead to the theft of sensitive data, or

• Even damage the physical infrastructure.

• Lead to financial losses,

• Loss of consumer trust, and

• Legal consequences,
Threats on Network
Types of Threats
• Malware: Malicious software designed to harm, exploit, or unauthorized access to a
computer system.
• Types include viruses, worms, Trojan horses, and ransomware.

• Phishing Attacks: Deceptive attempts to obtain sensitive information such as


• Usernames, passwords, and credit card details by masquerading as a trustworthy entity in electronic
communications.

• Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks:


• Overwhelm a system’s resources, making the system inaccessible to legitimate users.

• DDoS attacks come from multiple compromised devices, often distributed globally.
Threats on Network
Types of Threats
• Man-in-the-Middle (MitM) Attacks: An attacker intercepts communications between
two parties to steal data or alter the communication.

• SQL Injection: An attack that involves inserting malicious SQL code into databases via
web page input to manipulate or steal data.

• Insider Threats: Threats from people within the organization who may have malicious
intentions or who inadvertently cause harm due to negligence.
Understanding Trust in Network Security
Understanding Trust in Network Security
• Trust is the expectation that a device or user operates as intended and does
not perform malicious actions

• Methods for establishing trust include


• Authentication protocols,

• Secure certificates

• Importance of maintaining a chain of trust from the hardware level up


through software layers.
Identifying Weaknesses in Networks
• Poorly designed network architectures can create vulnerabilities such as
• Single points of failure and lack of data segmentation

• Vulnerabilities arising from incorrect implementation of protocols or security


measures

• Examples include inadequate encryption, weak passwords, and unpatched


software.
Risk Assessment in Network Security
• Risk Assessment Process:

• Identifying assets and their value.

• Determining vulnerabilities and the threats that exploit them.

• Calculating the likelihood and potential impact of threats.

• Tools for risk management:

• Nessus is one of the most complete vulnerability scanners on the market.


• It can scan for vulnerabilities, misconfigurations, and potential risks in your network, and it
provides detailed reports and recommendations for mitigation.

• Acunetix specializes in scanning web applications to detect vulnerabilities, such as:


• SQL injection flaws, and Cross-site scripting (XSS).
Network Vulnerabilities
• Common Vulnerabilities:
• Software bugs, configuration errors, and outdated systems.

• Specific vulnerabilities in network protocols and services, such as


• DNS spoofing and ARP poisoning.

• Solutions:
• Regular updates and patch management.

• Intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor
and respond to suspicious activities.
TCP/IP Suite
• The TCP/IP suite, also known as the internet protocol suite,

• Is the conceptual model and set of communications protocols used on the


Internet and similar computer networks.

• Comprises four abstraction layers:


• Link Layer, Internet Layer, Transport Layer, and Application Layer.

• Core protocols include


• IP (Internet Protocol), TCP (Transmission Control Protocol), UDP (User Datagram
Protocol), and ICMP (Internet Control Message Protocol).
Common Weaknesses in TCP/IP Suite
IP Weaknesses
• IP spoofing is a technique where an attacker falsifies the source IP address in
the IP packet header to impersonate as a trusted host.

• Used to trick the receiving system into thinking that the packet is coming
from a trusted source

• Can be used for


• DOS attack,

• Session Hijacking,
Common Weaknesses in TCP/IP Suite
TCP Weaknesses
• Session hijacking:
• An attacker might predict the sequence numbers used during a TCP session

• The attacker send a forged packet with the correct sequence number to the server.

• Control the session and commute authorized transaction.

• SYN Flood Attack: a type of DDOS attack


• The attacker sends a flood of TCP/SYN packets, with a spoofed source IP address, to the target
server on specific or random ports
• Each SYN packet received by the server is replied with a SYN-ACK packet from the server.

• The server then waits for a confirming ACK response, which never arrives

• The server’s resources are consumed as it waits for ACK responses to the half-open connections,
eventually leading it to become unresponsive to legitimate traffic.
Common Weaknesses in TCP/IP Suite
UDP Weaknesses
• Stateless because it does not establish a connection before sending data

• Does not require any acknowledgment that the data has been received.

• IP Spoofing: Since UDP does not validate the source IP address or establish a connection
that confirms the identity of the sender, attackers can easily forge the source IP address in
UDP packets.
• This allows to send UDP packets appearing to originate from a different IP address

• Reflection Attacks: An attacker sends a large number of UDP requests to a server(s) (the
reflectors) with the source IP address spoofed to the victim's IP address.
• These servers then respond to the victim's address.
Common Weaknesses in TCP/IP Suite
ICMP Weaknesses
• ICMP Flooding
• The attacker sends a large number of ICMP Echo (Ping) Request packets rapidly to
the target's IP address.
• The target, responding to each request with an Echo Reply, becomes overwhelmed,
leading to slowed or completely halted services.
• This type of attack can consume both incoming and outgoing channels, since both
request and reply packets are involved.
Common Weaknesses in TCP/IP Suite
ICMP Weaknesses
• ICMP Redirection Attacks
• Attacker sends an ICMP redirect message to a target host.

• The message suggests that there’s a more optimal routing path through a router
controlled by the attacker.
• If the host accepts this redirect, future traffic intended for a specific IP address will be
routed through the attacker’s machine.
• This allows the attacker to intercept, manipulate, or block the victim’s traffic.
Buffer Overflows in TCP/IP
• Occur when more data is put into a buffer or data holding area than it can
handle, leading to overflows that overwrite adjacent memory.

• Impact on TCP/IP:
• Buffer overflows can be exploited to execute arbitrary code, potentially allowing
attackers to gain control over a system.

• Examples:
• Historical vulnerabilities in TCP/IP stack implementations, such as in the handling of
large or malformed packets that lead to buffer overflows.
Prevention of Buffer Overflows
• Prevention Techniques:
• Implementing robust input validation to prevent buffer overflows.

• Using secure coding practices and tools that can detect potential buffer overflow
vulnerabilities during development.

• Mitigation Strategies:
• Regularly updating systems and applying patches to fix vulnerabilities in the TCP/IP
stack.
• Employing network intrusion detection systems (NIDS) to detect and respond to signs
of TCP/IP exploits.
Network Security Protocols
• Network security protocols are designed to protect data during transfer
across networks by ensuring confidentiality, integrity, and availability.

• Key Functions:
• Authentication,

• Encryption,

• Data integrity, and

• non-repudiation are fundamental to these protocols.


Network Security Protocols
Key Network Security Protocols
• SSL/TLS (Secure Sockets Layer/Transport Layer Security):

• Protocols for encrypting information between web servers and clients.

• TLS is the successor to SSL.

• IPsec (Internet Protocol Security):

• A group of protocols for securing Internet Protocol (IP) communications by


authenticating and encrypting each IP packet of a communication session.

• SSH (Secure Shell):

• A protocol for operating network services securely over an unsecured network.

• Commonly used for remote login sessions between machines.


Network Security Protocols
Application Layer Security
• The application layer is the closest layer to the end user, and thus it is crucial
in securing the data and services that interact directly with users.
• Common Threats:

• Cross-site scripting (XSS),

• SQL injection, and

• Cross-site request forgery (CSRF), among others.


Network Security Protocols
Application Layer Protocols
• HTTP Security (HTTPS):

• Uses SSL/TLS to encrypt web data.

• Secure Email Transfer (SMTPS, POPS, IMAPS):

• Secure way of transferring email.

• Web Application Firewalls (WAF):

• are a specific type of application firewall that filters, monitors, and blocks HTTP traffic
to and from a web service.
• By inspecting the HTTP traffic, a WAF can prevent attacks stemming from web
application security flaws, such as
• SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
Network Security Protocols
Transport Layer Security
• Focuses on providing communication security over a computer network.

• Ensures that data transferred between users and applications remains private
and reliable.

• Key Protocols:
• TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer).

• DTLS (Datagram Transport Layer Security) for datagram-based applications.

• They encrypt, authenticate, and check integrity and secure data as it travels
across the network.
Network Security Protocols
Network Layer Security
• Protects data flow between multiple networks and handles the routing of data packets.

• Uses IPsec for securing Internet Protocol communications by authenticating and


encrypting each IP packet.

• Virtual Private Networks (VPNs) that create secure connections over public networks.
• Forms a private network over the internet.

• Allows for secure communication between remote users and corporate networks.

• Firewall: Can filter traffic based on IP protocols, source and destination IP addresses,
and the ports used in the communication.
• They can deny or allow traffic based on established rules.
Network Security Protocols
Link Layer Security
• Secures data transmission over the physical and data link layer of the
network.

• Key Challenges:
• Address Resolution Protocol (ARP) spoofing and other link-layer vulnerabilities.

• Security Measures:
• MACsec (IEEE 802.1AE) for securing LAN traffic at link layer by using Encryption
and authentication.
• Use of secure switch configurations and port security features to prevent unauthorized
access.
Network Security Protocols
Physical Security
• Importance:
• Ensures the physical protection of network resources including hardware, software,
facilities, and personnel.

• Components:
• Physical access controls, surveillance, and environmental controls to prevent damage
from environmental hazards.

• Best Practices:
• Secure server rooms, restricted access to network components, and robust monitoring
and alarm systems.
Wireless Security
• Wireless security involves protecting wireless networks from unauthorized
access or damage.

• Challenges:
• Wireless networks are inherently more vulnerable due to their broadcast nature,
making signals accessible to anyone within the receiving range.
Wireless Security
Common Wireless Threats
• Eavesdropping:
• Unauthorized interception of private communication.

• Rogue Access Points:


• Unauthorized access points installed to mislead users or intercept data.

• Evil Twin Attacks:


• A rogue Wi-Fi access point that appears legitimate but is set up to eavesdrop on
wireless communications.
Wireless Security
Encryption Protocols in Wireless Security
• WEP (Wired Equivalent Privacy):

• Early encryption protocol known for weak security and has been largely deprecated.

• WPA (Wi-Fi Protected Access):

• Improved security over WEP but still vulnerable to some attacks.

• WPA2 and WPA3:

• WPA2 introduced in 2004 provides stronger data protection and network access
control.
• WPA3, launched in 2018, offers even more robust security features, including
individualized data encryption.
Wireless Security
Best Practices for Securing Wireless Networks
• Use Strong Encryption (Preferably WPA3):

• Always use the strongest available encryption standard to protect wireless traffic.

• Secure Wi-Fi Access Points:

• Change default usernames and passwords, disable WPS, and use firewalls and VPNs.

• Regular Network Monitoring:

• Implement tools to monitor for unauthorized devices or unusual traffic patterns.

• Educate Users:

• Training on security risks and safe practices, like avoiding the use of public Wi-Fi for
sensitive transactions.
Network Monitoring Tools
• Network monitoring tools are essential for continuously observing a
computer network for slow or failing components,

• Notify the network administrator in case of outages or other trouble.

• Examples
• Wireshark: A network protocol analyzer that lets you capture and interactively
browse the traffic running on a computer network.
• Nagios: Provides monitoring capabilities to identify and resolve IT infrastructure
problems before they affect critical business processes.
Emerging Technologies in Wireless Security
• IoT Security:
• Addressing the unique challenges posed by the Internet of Things and ensuring secure
connections among billions of devices.

• Advanced Authentication Methods:


• Using biometrics and multi-factor authentication to enhance security beyond
traditional passwords.
Chapter 5
Security Mechanisms

You might also like