Network Security Presented By UNT CyberSecurity Club 

Content • Network Security Goals • Definitions to know • Popular Security Attacks • OSI Layer and attacks • Network Attacks • Attack Assessment • Assessment Tools 

Security Goals CIA Triads Confidentiality Integrity Availability Additional Additional Non-repudiation Authentication 

Vulnerability, Threat, Attack THREAT – A NEGATIVE EFFECT OR UNDESIRED EVENT. A POTENTIAL OCCURRENCE, OFTEN BEST DESCRIBED AS AN EFFECT THAT MIGHT DAMAGE OR COMPROMISE AN ASSET OR OBJECTIVE. IT MAY OR MAY NOT BE MALICIOUS IN NATURE. VULNERABILITY – A WEAKNESS IN SOME ASPECT OR FEATURE OF A SYSTEM THAT MAKES AN EXPLOIT POSSIBLE. VULNERABILITIES CAN EXIST AT THE NETWORK, HOST, OR APPLICATION LEVELS AND INCLUDE OPERATIONAL PRACTICES. ATTACK (OR EXPLOIT) – AN ACTION TAKEN THAT USES ONE OR MORE VULNERABILITIES TO REALIZE A THREAT. THIS COULD BE SOMEONE FOLLOWING THROUGH ON A THREAT OR EXPLOITING A VULNERABILITY. 

Cyber X • Cyberattack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. A • Cyberwarfare is the use of technology to attack a nation, causing comparable harm to actual warfare • Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. 

Top Security Attacks of 2019 • Viruses and Worms • Drive-by Download Attacks • Botnets • Phishing Attacks • Exploit Kits • DDoS (Distributed Denial of Service) • Ransomware • Cryptojacking • APT Threats 

BOTNETs 

Exploit Kits 

DDOS 

Ransomware 

Advanced Persistent Threat Trend Micro Ad 

Brief on OSI Layer 

Layers in Network security Physical Layer Vulnerabilities: • Loss of Power • Loss of Environmental Control • Physical Theft of Data and Hardware • Physical Damage or Destruction of Data And Hardware • Unauthorized changes to the functional environment (data connections, removable media, adding/removing resources) • Disconnection of Physical Data Links Undetectable Interception of Data • Keystroke & Other Input Logging Link Layer Vulnerabilities • MAC Address Spoofing (station claims the identity of another) • VLAN circumvention (station may force direct communication with other stations, bypassing logical controls such as subnets and firewalls.) • Spanning Tree errors may be accidentally or purposefully introduced, causing the layer two environment to transmit packets in infinite loops. • In wireless media situations, layer two protocols may allow free connection to the network by unauthorized entities, or weak authentication and encryption may allow a false sense of security. • Switches may be forced to flood traffic to all VLAN ports rather than selectively forwarding to the appropriate ports, allowing interception of data by any device connected to a VLAN. Network Layer Vulnerabilities • Route spoofing - propagation of false network topology • IP Address Spoofing- false source addressing on malicious packets • Identity & Resource ID Vulnerability - Reliance on addressing to identify resources and peers can be brittle and vulnerable. Transport Layer Vulnerabilities • Mishandling of undefined, poorly defined, or “illegal” conditions • Differences in transport protocol implementation allow “fingerprinting’ and other enumeration of host information • Overloading of transport-layer mechanisms such as port numbers limit the ability to effectively filter and qualify traffic. • Transmission mechanisms can be subject to spoofing and attack based on crafted packets and the educated guessing of flow and transmission values, allowing the disruption or seizure of control of communications. 

OSI Layer Security 

Types of Attacks Over the Network • Passive • Wiretapping • Port-Scanner • Idle Scan • Encryption • Traffic analysis • Active: • Virus • Eavesdropping • Data modification • Denial of service • DNS Spoofing • Man in the Middle • ARP Poisoning • VLAN Hopping • Smurf Attack • Buffer Overflow • Heap Overflow • Format String Attack • SQL Injection • Phishing • Cross-Site Scripting • CSRF 

Network Security Assessment ASSESS THE VULNERABILITIES OF NETWORKS, APPLICATIONS, OTHER IT RESOURCES. CONDUCT COMPREHENSIVE SCANNING OF PORTS, VECTORS, PROTOCOLS. UNDERSTAND HOW YOUR NETWORK INTERACTS WITH OUTSIDE PARTIES. PROBE YOUR INTERNAL NETWORK WEAKNESSES. REVIEW WIRELESS NETS, INCLUDING WI-FI, BLUETOOTH, RFID, ROGUE DEVICES. ASSESS AND EDUCATE EMPLOYEES ABOUT SOCIAL ENGINEERING ATTACKS. 

Cyber Security Assessment NETWORK INTRUSION & DETECTION PACKET SNIFFERS & PASSWORD AUDITING NETWORK DEFENSIVE WIRELESS PENETRATION TESTING ENCRYPTION TOOLS WEB VULNERABILITY SCANNING TOOLS NETWORK SECURITY MONITORING TOOLS 

Network Assessment Tools • Network Security monitoring Tools • Argus • Nagios • SPLUNK • OSSEC • Network Intrusion Detection • GFI Languard • Forcepoint • Snort • Network Defense Wireless • Aircrack • NetStumbler • Kismac 

Discussion 

References • https://securityfirstcorp.com/the-top-9-network-security-threats-of-2019/ • https://en.wikipedia.org/wiki/Cyberattack • https://searchsecurity.techtarget.com/definition/botnet • https://www.cyber.nj.gov/threat-profiles/exploit-kits • https://www.securityskeptic.com/anatomy-of-dns-ddos-attack.html • https://artificialintelligence-news.com/?attachment_id=5924 • https://www.icann.org/news/blog/what-is-ransomware • https://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2015-0094.pdf • https://www.virtual.com/blog/a-six-step-network-security-assessment-for-a-secure-2018/ • https://phoenixnap.com/blog/best-network-security-tools • http://use-rules.blogspot.com/2006/12/stack-attack-8-osi-layer.html • https://www.quora.com/Vulnerabilities-are-related-to-which-of-the-OSI-layers • https://community.fs.com/blog/tcpip-vs-osi-whats-the-difference-between-the-two- models.html