Network Security

Transcript

1. Network Security Presented By UNT CyberSecurity Club

2. Content • Network Security Goals • Definitions to know •

   Popular Security Attacks • OSI Layer and attacks • Network Attacks • Attack Assessment • Assessment Tools

3. Security Goals CIA Triads Confidentiality Integrity Availability Additional Additional Non-repudiation

   Authentication

4. Vulnerability, Threat, Attack THREAT – A NEGATIVE EFFECT OR UNDESIRED

   EVENT. A POTENTIAL OCCURRENCE, OFTEN BEST DESCRIBED AS AN EFFECT THAT MIGHT DAMAGE OR COMPROMISE AN ASSET OR OBJECTIVE. IT MAY OR MAY NOT BE MALICIOUS IN NATURE. VULNERABILITY – A WEAKNESS IN SOME ASPECT OR FEATURE OF A SYSTEM THAT MAKES AN EXPLOIT POSSIBLE. VULNERABILITIES CAN EXIST AT THE NETWORK, HOST, OR APPLICATION LEVELS AND INCLUDE OPERATIONAL PRACTICES. ATTACK (OR EXPLOIT) – AN ACTION TAKEN THAT USES ONE OR MORE VULNERABILITIES TO REALIZE A THREAT. THIS COULD BE SOMEONE FOLLOWING THROUGH ON A THREAT OR EXPLOITING A VULNERABILITY.

5. Cyber X • Cyberattack is any type of offensive maneuver

   that targets computer information systems, infrastructures, computer networks, or personal computer devices. A • Cyberwarfare is the use of technology to attack a nation, causing comparable harm to actual warfare • Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.

6. Top Security Attacks of 2019 • Viruses and Worms •

   Drive-by Download Attacks • Botnets • Phishing Attacks • Exploit Kits • DDoS (Distributed Denial of Service) • Ransomware • Cryptojacking • APT Threats

7. BOTNETs

8. Exploit Kits

9. DDOS

10. Ransomware

11. Advanced Persistent Threat Trend Micro Ad

12. Brief on OSI Layer

13. Layers in Network security Physical Layer Vulnerabilities: • Loss of

    Power • Loss of Environmental Control • Physical Theft of Data and Hardware • Physical Damage or Destruction of Data And Hardware • Unauthorized changes to the functional environment (data connections, removable media, adding/removing resources) • Disconnection of Physical Data Links Undetectable Interception of Data • Keystroke & Other Input Logging Link Layer Vulnerabilities • MAC Address Spoofing (station claims the identity of another) • VLAN circumvention (station may force direct communication with other stations, bypassing logical controls such as subnets and firewalls.) • Spanning Tree errors may be accidentally or purposefully introduced, causing the layer two environment to transmit packets in infinite loops. • In wireless media situations, layer two protocols may allow free connection to the network by unauthorized entities, or weak authentication and encryption may allow a false sense of security. • Switches may be forced to flood traffic to all VLAN ports rather than selectively forwarding to the appropriate ports, allowing interception of data by any device connected to a VLAN. Network Layer Vulnerabilities • Route spoofing - propagation of false network topology • IP Address Spoofing- false source addressing on malicious packets • Identity & Resource ID Vulnerability - Reliance on addressing to identify resources and peers can be brittle and vulnerable. Transport Layer Vulnerabilities • Mishandling of undefined, poorly defined, or “illegal” conditions • Differences in transport protocol implementation allow “fingerprinting’ and other enumeration of host information • Overloading of transport-layer mechanisms such as port numbers limit the ability to effectively filter and qualify traffic. • Transmission mechanisms can be subject to spoofing and attack based on crafted packets and the educated guessing of flow and transmission values, allowing the disruption or seizure of control of communications.

14. OSI Layer Security

15. Types of Attacks Over the Network • Passive • Wiretapping

    • Port-Scanner • Idle Scan • Encryption • Traffic analysis • Active: • Virus • Eavesdropping • Data modification • Denial of service • DNS Spoofing • Man in the Middle • ARP Poisoning • VLAN Hopping • Smurf Attack • Buffer Overflow • Heap Overflow • Format String Attack • SQL Injection • Phishing • Cross-Site Scripting • CSRF

16. Network Security Assessment ASSESS THE VULNERABILITIES OF NETWORKS, APPLICATIONS, OTHER

    IT RESOURCES. CONDUCT COMPREHENSIVE SCANNING OF PORTS, VECTORS, PROTOCOLS. UNDERSTAND HOW YOUR NETWORK INTERACTS WITH OUTSIDE PARTIES. PROBE YOUR INTERNAL NETWORK WEAKNESSES. REVIEW WIRELESS NETS, INCLUDING WI-FI, BLUETOOTH, RFID, ROGUE DEVICES. ASSESS AND EDUCATE EMPLOYEES ABOUT SOCIAL ENGINEERING ATTACKS.

17. Cyber Security Assessment NETWORK INTRUSION & DETECTION PACKET SNIFFERS &

    PASSWORD AUDITING NETWORK DEFENSIVE WIRELESS PENETRATION TESTING ENCRYPTION TOOLS WEB VULNERABILITY SCANNING TOOLS NETWORK SECURITY MONITORING TOOLS

18. Network Assessment Tools • Network Security monitoring Tools • Argus

    • Nagios • SPLUNK • OSSEC • Network Intrusion Detection • GFI Languard • Forcepoint • Snort • Network Defense Wireless • Aircrack • NetStumbler • Kismac

19. Discussion

20. References • https://securityfirstcorp.com/the-top-9-network-security-threats-of-2019/ • https://en.wikipedia.org/wiki/Cyberattack • https://searchsecurity.techtarget.com/definition/botnet • https://www.cyber.nj.gov/threat-profiles/exploit-kits •

    https://www.securityskeptic.com/anatomy-of-dns-ddos-attack.html • https://artificialintelligence-news.com/?attachment_id=5924 • https://www.icann.org/news/blog/what-is-ransomware • https://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2015-0094.pdf • https://www.virtual.com/blog/a-six-step-network-security-assessment-for-a-secure-2018/ • https://phoenixnap.com/blog/best-network-security-tools • http://use-rules.blogspot.com/2006/12/stack-attack-8-osi-layer.html • https://www.quora.com/Vulnerabilities-are-related-to-which-of-the-OSI-layers • https://community.fs.com/blog/tcpip-vs-osi-whats-the-difference-between-the-two- models.html