1 of 28

NETWORK SECURITY

CH 9 InfoSec Handbook

2 of 28

Re: Networking Fundamentals

  • Networking is extremely essential
    • Directly & indirectly connects with more than several courses + capstones
    • In industry, it’s everywhere
    • Target-rich environment for interview questions!

    • So let’s get started …

3 of 28

Possible example of your network

4 of 28

Networking: Level 1

  • Before we get into another chapter of new terms & technology, keep it mind …�
    • Networking is just 1’s + 0’s (via electricity) between 2+ devices … going to someplace, from someplace�
    • Data without networking, is data that is not moving
      • Modern buzz phrase: Data in transit

    • Essence of client-server architecture

5 of 28

Networking: Level 1

Common Networking Components:

  • Data (or message)
  • Host (or sender/client)
  • Receiver (or sever)
  • Medium
    • How is the data transmitted: wired, wireless?
    • What kind of wired? What kind of wireless?
  • Protocol
    • Set of rules which determine how devices communicate

6 of 28

Common Network Topologies

What are Pro’s & Con’s of each?

7 of 28

Networks Types

These should be rather familiar from the pre-req?

  • LAN
  • WAN
  • MAN

8 of 28

Network Protocols

  • OSI model

9 of 28

How do I Level Up in Protocols?

RFC’s 🡪 Requests for Comments

  • Put together by Internet Engineering Task Force (IETF)
  • Essentially “technical specification documentation” for protocols

  • Yes, it can get deep … but this is the path to master tech
    • Plus, you can wow your friends with your new found knowledge! :)

10 of 28

EX: RFC

11 of 28

FYI: Start Mastering Protocols!

Flash cards, build your own Kahoot, whiteboard, etc.

  • Name
  • RFC #
  • Default Port Number
  • TCP/UDP
  • Synthesize what it does, using its keywords, in 5 sentences.
  • Target 2 protocols every week, and you’ll have ~30 by end of a semester

12 of 28

Why we can’t have nice things

  • Of course, the more devices connected, the more issues we get

13 of 28

Network Security

Common Terms -�

  • Vulnerability: An inherent weakness in the network, and network device.
    • Switches, routers, servers, security devices, protocols themselves

  • Threat: What can go wrong because of the exploit of vulnerabilities, or attack on assets
    • Data theft, unauthorized access/modification

  • Attack: Unauthorized action with intent to cause damage, or hinder, or breach security of a network

14 of 28

Network Vulnerabilities

Weak Policies

15 of 28

Network Vulnerabilities (cont.)

Weak Tech

16 of 28

Network Vulnerabilities (cont.)

Weak Configurations

17 of 28

Network Threats

  • Internal
    • Access to data, & perhaps network devices
    • Could be a mishap/mistake/oversight
  • External
    • Structured
      • Cybercrime, Nation State, all around bad cyber folk�
    • Unstructured
      • “Hey, I found this tool online … I wonder what it does?”

18 of 28

So How are Networks Attacked?

Reconnaissance (RECON):

  • To effectively launch attack, attacker needs knowledge of targets: network topology, hardware, software, configs, etc.

  • “Scan + Sniff” ™
    • Scan for open ports + services, holes, vulnerabilities
    • Sniff traffic (packet capture) to inspect target communications
      • Could be accounts/passwords, DNS, DHCP, MAC addresses, emails, web, you name it

19 of 28

So How are Networks Attacked? (cont.)

Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS):

  • Make network/system resources inaccessible and bring down network by generating huge amount of network traffic

It is still crazy effective!

20 of 28

Some Network DDoS’s

Ping of Death:

  • As per RFC specification, the maximum size of an IP packet is 65536�
  • Attacker uses Ping to make up an IP packet whose size exceeds the maximum size specified�
  • Remote system may crash or reboot, if it does not know how to handle the oversized packets

21 of 28

Remember that TCP 3-way Handshake?

Syn 🡪 Syn/Ack 🡪 Ack

  • Establishes connection-based communications between devices

22 of 28

Some Network DDoS’s (cont.)

SYN Flood:

  • Attacker sends tons of ‘junk’ SYN’s (not intending on real commutations), but does consume network/system resources & blocks others from legit communications

23 of 28

Applying Some Network Knowledge

  • Your IP address is 192.168.1.34/24�
  • What would happen if you could craft a ping request that had a spoofed source IP address of 140.211.115.30/24?

  • What would happen if you sent that request, using the network broadcast address as the destination?

  • SRC IP = 140.211.115.30, DST = 192.168.1.255

24 of 28

Some Network DDoS’s (cont.)

25 of 28

Other Attacks on Networks

  • Spoofing
    • IP, ARP, MAC, DNS 🡪 Spoofs a different SRC and/or DST address �
  • Tunneling 🡪 Re-packaging traffic into different form
    • HTTP: Overcomes firewall controls
    • SSH: Sneaky, because it’s encrypted

  • Session Hijacking
    • Attacker takes over a valid session between the user and server

26 of 28

Attacks on Network Equipment

  • Equipment itself are valuable targets !

27 of 28

So What can We do to Prevent?

  • Harden all network equipment with appropriate configurations /patching including firmware updates
  • Change default passwords to be substituted with strong passwords
  • Implement Defense in Depth tactics to avoid attacks like session hijacking
    • Firewalls … lots of them
    • Network Segmentation
    • Subnets
    • PKI + Digital Certs
    • VLANs
    • VPNs
    • Session Management & Time outs
    • Admin account for admin work only

28 of 28

So What can We do to Prevent?

  • Create + enforce easy-to-understand and clear security policies
  • Create awareness among the employees
  • Do not have the same user name and passwords for all the systems – use different ones
  • Ensure cookies, history, and offline content are removed after sensitive transaction sessions
  • Do not click on suspect links in suspect email
    • Admins make great targets!