Network Security: Fundamentals, Threats, and Attacks, Lecture notes of Computer Security

Brief resume and Explanation contain most if the classic explanations

Typology: Lecture notes

2018/2019

Uploaded on 05/20/2019

neba
neba 🇨🇲

5

(1)

1 document

1 / 17

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
COMPUTER SECURITY
Course Outline
Chapter 1: Basic Security Concepts.
Chapter 2: Network Security Models.
Chapter 3: Vulnerabilities Treats And Attacks.
Chapter 4: Basic Types Of Attacks.
Chapter 5: Security Policies and Procedures.
Chapter 6: Crises Management.
Chapter 7: Some Operating System Security.
Project
Group Members:
-Nchotu Harry
-Vicky Joel
-Arthur Florent
-Njoya Charles
-Abdoul Salam
-Sandra pagna
-Nka David
-Nkenfa Brandon
Theme: Access Control List
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Network Security: Fundamentals, Threats, and Attacks and more Lecture notes Computer Security in PDF only on Docsity!

COMPUTER SECURITY

Course Outline Chapter 1: Basic Security Concepts. Chapter 2: Network Security Models. Chapter 3: Vulnerabilities Treats And Attacks. Chapter 4: Basic Types Of Attacks. Chapter 5: Security Policies and Procedures. Chapter 6: Crises Management. Chapter 7: Some Operating System Security. Project Group Members:

  • Nchotu Harry -Vicky Joel -Arthur Florent -Njoya Charles -Abdoul Salam -Sandra pagna -Nka David
  • Nkenfa Brandon Theme: Access Control List

Chapter One: BASIC SECURITY CONCEPTS Introduction The internet continues to grow exponentially. Personal, governmental and business application continue to multiply with imidiate benefit to end users. However these network base application and services can hold security risk to individual to the information resources of companies and government.Information is an Asset(belongings or properties) That must be protected.Without adequate network securities many individuals businesses and government risk losing that asset. 1.1 - WHY IS COMPUTER AND NETWORK SECURITY IMPORTANT A.) Protection Of Confidentiality: This ensures that the secrecy is enforced and information is not read by an unauthorized users. Cryptography and encryption may ensure a confidentiality of the transferred data. B.) The Maintaining The Integrity: Modification of data is permitted to an unauthorized users. It provides assurance of the accuracy of information and systems. C.) Ensuring Availability: Prevention Of lost of access to resources and information. Information requested have to be available to the authorized users at all time when needed. D.) The Authentication: Authentication server as proves that you are who you say you are or what you claim to be. Authentication is critical if the is to be any trust between parties. It is required when communicating over a network. During communication, you should ask yourself two questions:

  • With whom am I communicating
  • How do I believe this person or entity is he/she who claims to be. 1.2 The Security Trinity The three legs of the security trinity prevention, detection and response are the basics for network security. It should be the foundation for all security policies and measures that an organization develops. Prevention Detection Response A. PREVENTION Security

To perform a risk analysis, organizations needs to understand possible threats and vulnerabilities. A risk can be describe as the probability that a vulnerability can be exploited. The basics steps for risk assessment are as follows: a. Identifying and prioritizing assets. c. Identifying vulnerabilities. c. Identifying threats and their probabilities d. Identifying counter measures. e. Developing a cost benefit analysis. f. Developing security policies and procedures. Chapter Two: NETWORK SECURITY MODELS There are three basic approaches used to develop a network security model. Usually, organization employs some combinations of the three approaches to archive security. The three approaches are ;

  • Open Access Network Model.
  • Restrictive Access Network Model.
  • Closed Access Network Model. 2.1 : Open Access Security Mode An open access security model is the easiest to implement. Few security measured are required in this design. Network administrator configure existing hardware and software basic securities capabilities. Firewall, VPNs, Intrusion detection System, IDS and other measures that incurs additional cost are typically not implemented. Simple passwords and servers security become the foundation of these models. If encryption is used, it is implemented by individual users. This models assumes that the protected assets are minimal, users are trusted and threats are minimal. However, these does not exclude the need for data backup systems in most open security policies scenarios. Local Area Networks (LAN) that are not connected to the internet or public WANs are more likely to implement this type of model. This type of network design give user free access to all areas. When security breaches occur, they are likely to result in great damage and lost. In this case, the network administrators are usually not held responsible for network breaches or abuse. 2.2 : Restrictive Access Network Security A restrictive security model is difficult to implement. Many security measure are put in place in this design. Administrator configure existing hardware and software for security capabilities in addition to deploying more costly hardware and software solutions such as Firewall, VPN, IDS and Identity servers. Firewalls and identity servers becomes the foundation of these models. This models assume that the protected assets are substantial, some user are not trust worthy and that threats are likely to occur. LANs that are connected to the internet or public WANs are more likely to implement this type of models. Ease of use for users diminishes as security tightens.

2.3 : Closed Access Network Security Model A closed access security model is very difficult to implement. All available security measure are implemented in these design. Administrators configure existing hardware and software for maximum security capabilities, in addition to deploying more costly hardware and software solutions, such as Firewalls, VPNs, IDS and Identity servers. The closed security model assumes that the protected assets are premium, all users are not trust worthy and that treats are frequent. User Access are difficult and cumbersome. Network Administrators require greater skills and more time to administer the network. Furthermore companies require a higher number of and better trained administrators to maintain these tight security. In many organizations, these Administrators are likely not to be popular while implementing and maintaining these security. Network security department must clarify that they only implement the policy which is designed written and approved by the organizations. Politics behind the closed access security model can be monumental. In the event of a security breach or network outage, The Administrators might be held more accountable for problems. Chapter Three: VULNERABILITIES TREATS AND ATTACKS 3.1 : VUNERABILITIES It is an inherent weakness in the design configuration or implementation of a network or system that renders it liable to a treat. Most vulnerability can usually be trace back to on of the three sources: a) Poor Design : Hardware and Software that contains design flaws that can be exploited in effects, almost all systems are created with security holes. b) Poor Implementation : A system that is incorrectly configured is vulnerable to attack. This type of vulnerability usually result from inexperienced, insufficient training or sloppy work. An example of this type of vulnerability would be a system that does not have a restricted access privileges on critical executable files, there by allowing these files to be ultered by unauthorized users. c) Poor Management : Inadequate procedures and insufficient checks and balancing. Security measures can not operate in a vacuum. They need to be documented and monitored. Even something as simple as the daily backup of the system needs to be verified. There is need for the definitions of responsibility for some functions and dual custody for other. In these manner an organization can ensure that procedures are being followed and that no one has total control of the system. While there are only 3 sources of vulnerabilities they can manifest themself in many ways.  Physical Vulnerabilities : The first rule of security is to physically save-guard systems and networks. Are your systems communications equipment and media located in a secure locality, central hosts and servers should be kept in secure rooms that can only be access by authorized personnelle, Routers and communications equipments should also be kept in secure locations with restricted access. In-addition critical removable medias such as backups should

network. They work their way into a network mainly from the internet or dial up access servers. d) Internal Threats : It Occur When someone has authorized access to the network, with either an account on the server or physical access to the network room. According to FBI, internal threats and misuse of networks account for 60 - 80% of reported incidents. 3.3 : Attacks An attack is specific technique used to exploit a vulnerability. The Vulnerability can be in the design of the operating system And an attack could be a ping of death. There are two general categories of attack: 1- Passive Attacks : They are very difficult to detect because there is no clear activity that can be monitored or detected. Example of passive attacks would be packets sniffing or traffic analysis. These types of attack are design to monitored and record traffic on the network. They are usually employed for gathering information that can be used later in active attacks. 2- Active Attacks : As the name implies, it uses more clear or open action on the network system. As a result they can be easier to detect but at the same time they can be much more devastating to a network. Example of this type of attack is a denial-of-service attack(DOS Attack). Chapter Four: BASIC TYPES OF ATTACKS There exist four primary classes of attacks 4.1 : Recognized Attack : It is the unauthorized discovery and mapping of systems or services. It is also known as information gathering, and in most cases it precedes an actual access to the systems. A recognisanced attack is some what analogous to a thief casing a neighborhood for vulnerable homes to break into such as easy to open doors or windows. The consist of:  Packet Sniffing  Port Scans  Ping Sweeps  Internet Information Queries. A malicious intruder typically ping sweeps the target network to determine which ip addresses are alive. After this the intruder uses a port scan to determine what port services are active on the live ip addresses. From these information, the intruder queries the ports to determine the applications types and versions and also the type and version of operating system running on the target host. Based on this information, The intruder can determine whether a possible vulnerability exist that can be exploited. Using for example the NS-LOOK UP & WHOIS software utilities, an attacker can easily determine the ip address space assign to a given company or organization. Network snooping and packet sniffing are common terms for eavesdropping. It is listening into a conversation or spying. The information gather by eavesdroooing can

be used to pose other attacks to the network. A common method for eavesdropping on communications is to capture TCP-IP or other protocol packets and decode the content using a protocol analyser or similar utilities 4.2 : Access Attacks The access to a system is the ability for an unauthorized intruder to gain entry into a system for which he/she does not have an account or password. Entering or accessing systems to which one does not have authority usually involve running a hack script or tool, that exploit a known vulnerability of a system or application. Access attacks exploit non-vulnerabilities in authentication services, FTP services and Web services to gain entry to web accounts confidential databases and other sensitive information. Access attacks csn consist of the following:  Password attacks.  Trust exploitation.  Port redirection.  Man in the middle attack (MIM Attack).  Social engineering attack.  Phishing etc. a) Password Attack : It can be carried out using several methods including brute force attacks, Trojan horse program, IPs spoofing and packet sniffing. Although packet sniffing and IP spoofing can heal user attacks and passwords, passwords attacks refers to repeated attempts to identify a user account passwords or both. It is this repeated attempt that is called Brute Force Attacks b) Trust Exploitation : It refers to an attack in which an individual takes advantage of the trust relationship within the network. The classic example is a perimeter network connection from a company. These network segments often house Domain Name Systems(DNS). SMPT services and HTTP servers, because all theses servers resides on the same network, the compromise of one system can lead to the compromise of the other because these systems are usually dependent. c) Port Redirection : Port redirection attacks, are types of trust exploitation attacks that use a compromise host to pass traffic through a firewall. Consider a firewall with three interfaces and a host on each interface. The host from the outside can reach the host on the public services segment but not the host on the inside. This publicly accessible segment is commonly referred to as A DEMILITARISED ZONE (DMZ). The host on the public services segment can reach the host on both the inside and the outside. If hackers were able to compromise the public services segment host, they can install a software to redirect traffic from the outside host directly to the inside host. Although neither communications violates the rules implemented in the firewall, the outside host has now achieved connectivity to the inside host through the port redirection process on the public services host. An example of an application that can provide this type of access is Netcat. d) Man In The Middle Attack : It requires that the hackers have access to network packets that come across a network. An example could be someone who is working for an internet service provider(ISP) and has access to all network packets transferred between the ISP network and any other network.

tools are powerful and wide spread with the new danger of self spreading blended worms such as SLAMMERS and BLASTER WORMS Also the old days of attacks that takes days or week are over. Threats now spreads world wide in a matter of minutes. E.g The Slammer worm of January 2003 spread around the world in less than 10 minutes. The Next generation of attacks are expected to spread in just seconds. These worms and viruses could do more than just inflict havoc by overloading network resources with the amount of traffic they generate. a. Worm : A self contained and independent program that is usually design to propagate and generate it self on infected systems and to seek other systems via available networks. The main difference between a virus and a worm is that a virus is not an independent program. One of the first and perharps the most famous worm was the internet worm created and release by robert Morris in 1986. Morris wrote this worm program and release it into the internet. The worms functioning was relatively benign and the spreading was very rapidin such a way that it didn’t take a long time for the process to consume all the cup and memory resources until the system crash. The cost to clean up this internet worm was estimimated to be in the terms of millions of dollars. Morris was arrested, prosecuted and convicted for his vandalism. b. Viruses : A virus is a parasitic program that cannot function independently. It is called a virus because like its biological counter path, requires a host to function. In the case of a computer virus, the host is some other program in which it attaches itself. A virus usually spread by executing an infected program or by sending an infected file to someone else. Usually in the form of email attachment. There are several virus scanning programs available on the markets. Most are effective against known viruses. Unfortunately however, they are incapable of recognizing and adapting to knew viruses. In general, virus scanning programs rely on recognizing the signature of known viruses turning to a database of known virus signatures that they use to compare against scanning results. c. d. Trojan Horses : It si a program or code fragment that hides inside a program and performs a disguised functons. A trojan horse program hides within another program as a legitimate program. This can be accomplished by modifying the existing program or by simply replacing the existing program with a new one. An example would be a password grabber program. Chapter Five: SECURITY POLICIES AND PROCEDURES.

Introduction

For most organisations, network and system security policies and procedures serves the purpose of ensuring information security. The archieve this by definig what constitute information security. Why is it important and how to maintain it. In addition, the policies and procedures defines the acceptable level of security. Before

doing so, one must first put in place a process that determines what is an adequate level of security for any given organisation. We should recall from the discussion in chapter one that the elements of information security includes; CONFIDENTIALITY, INTERGRITY, AVAILABLITY, AUTHENTIFICATION and ACCESS CONTROL. All These five elements need to be address by whatever policies and procedures are implemented. In general terms, security policies are the set of rules and regulations put in place in other to manage an organisation on how to use, protect and distribute all information that directly or indirectly partains or belongs to the organization. 5.1 : Policies vs Procedures Policies should always be developed before procedures. The development of procedures should flow from the policies. Policies should be concern with what assets to protect and why they need to be protected. They are generally broad in their scope and are design to set the tone and direction. In general. They can be though of as the document that spare out what and why information security for an organization. Procedures on the other hand must be much more precised than detailed. They should be concern with the specific measures neccesary to protect the organizations assets. They can be though of as the document that spare out who, when and how information security within an organization. 5.2 : Information Security Policy Objectives. There are various reasons for an organization to develop network and system security policies. Some reasons concerns the direct benefits that an organization gains from having policies and procedures such as preventing or detecting fraud or preventing hackers. Other benefits are indirect in that the policies protects the organizations from potential liability, or save it from possible embarrassment. Below is the lists of some objectives generally associated with network securities.  Managing Risk : The Primary goal of any policy concerinig network and system security is to manage risk. It is almost impossible to completely secure an organization information assets. AS a result, an organization needs to identify the risk that its faces and develop measures to minimze the impact of those risk.  Ensuring Business Continuity : Organizational policies and procedures should ensure business resumption, by outlining the appropriate actions necessary in rsponse to an incidence or disaster.  Defining Responsibilities, Expectations and Acceptable Behaviors : For any policy or objective to be effective, the individual subject to the policy or procedure must understand what is required of them to comply. In addition, employees needs to understand their responsibilities and how it may vary depending on the circumstances.  Protecting The Organization from liability : The policies and procedures develop by an organization are often required to protect it from liability. In some cases,the existence of the policy and procedures are essential to demonstrate that an organization did not approve of an end users actions or that an employees was not acting with the authorization of the organization.  Ensuring Information Security and Confidentiality : A key component of information security is ensuring and organizations assets. Ensuring the integrity

Remember that the major emphasis of all policy and procedure is to prevent bad things from happening. It doesn’t matter whether the bad thing is a mistake, a disaster or a misdeed. Well design policies and procedures should be flexible enough to address most probable threats. That is why risk analysis is such an important part of the process.

The use of Company own electronic media and services.

With the advent of new technologies, organization are finding themself relying increasingly on electronic mods of communication and information storage. Most employees in an organization have access to one or more forms of electronic media or services. This includes:  Computers  Emails  Telephones  Fax Machines  LANSs services  Intranet  Websites Every organization that uses electronic media and services should have a policy that clearly defines a acceptable use of these media and services as company property. The policy should not only exist to protect the organization but also to protect the employees of the organization.

Physical Security.

Physical access to I.T facilities should be restricted to only those authorized personnelles who needs access to perform their job functions. A policy should define who are the appropriate individuals and what processes and save-guard should be enacted. The types of issues address should include computer rooms or network centers, fire suppression systems and environmental controls. For example if the computer room is not monitored constantly, the should be an automated system in order to give an alert or to trigger during a fire breakout. Chapter Six: CRISES MANAGEMENT.

Introduction

This chapter describe the planning process that every organization should go through to prepare for an even that threatens the operation or viability of the organization. Disaster recovery and computer security incidence reponse planning, can be thought of as a two sides of a coin. The two topics are closely related and shares some common methodologies and goals. Boths are concern with ensuring the availability and integrity of an organization network and systems. 6.1 : Disaster Recovery Planning From time to time, many businesses face a catastrophic event that can threaten the viability of the organization. The organizations should formulate a set of procedures that detailed actions to be taken in anticipation for a catastrophic event. The procedures should be design as if the catastrophic event is inevitable and is going to takes place tomorrow. This type of plan is referred to

as disaster recovery plan. In some organizations disaster recovery planning is called Contingency planning or business resumption planning. Some organizations believed that having hot sites recovery services, is the the same as having a disaster recovery plan, A hot site is a facility that is design to be activated in the event that an organization computer or computer facilities are rendered inoperable. A hot site is pre-configured with the power, environmental controls, telecommunications and computers necessary for an organization to resume operation, with a minimal disruption in service. The requirement for a disaster recovery plan vary from one organization to another. Howerver for most organizations the minimum objectives of a diasater recovery plan are to provide the information and procedured necessary to do the following:  Response to the occurence of the disaster.  Notify the necessary personnel.  Assemble disaster recovery teams.  Recover data that may have been lost as a result of the occurence.  Resume processing as quickly as possible to ensue minimal disruptions of an organization operations.  Comply with any regulatory requirements that dictates the existence of the diasater reovery plan for the organization. One of the key factors in the success of a business resumption plan is the proper management for the I.T groups. Most organizations today rely heavily on computers, networks, telecommunications or I.T in general. AS a result, it place a key roles in most organizations disaster recovery planning.

What Level of Preparations?

The extent to which an organization is willing to invest resources into I.T disaster recovery planning, should be directly related to the business of the organization. Different organization have different recovery needs with regards to I.T. AS a result the plans developed by different organization should reflect their need. For example A non-profit organization that relys on fund raising for income, could probably survive several days or weeks of black out. On a bank on the other hand, could find itself out of business if it system were down for that period of time. Most banks could accept a few hours to a day as a result of a catastrophic occurrence, while big firms like the stock exchange( NYSE,NASDAG )could find themself in financial ruin if their systems were down for a few hours.

What To Restore First?

Just as different organization have different recovery needs, different functions within an organization have varying level of priorities for recovery. Any I.T disaster recovery plan, should assign the levels of importance to each systems to ascertain which of them would be giving priorities when restoring services. One approach is to gather this information through an assessment team headed by it group but with the participation of management and staff, knowledgeable in the functioning of the organizations and familiar with the various systems and applications

Review And Test

From a cost analysis perspective, successful disaster recovery preparation is proportionate to the potential lost. From a general management perspective, a disater recovery plan must be kept current and updated with any necessary changes.

 Technology is not a panacea.

Creating A Strong Password

The first and most important step set to secure windows is to create a strong password. In other to creat a strong password use the following criteria.  The length of the password should be 8 - 16 characters.  Use Atleast 3 of the four following character sets

  1. Uppercase alphabetic characters.
  2. Lowercase Alphabetic characters.
  3. Numeric Characters.
  4. Special Characters. Local security policy in Microsoft windows allows enforcing many systems. User and security related settings such as: password policy, audit policy and user permissions. By default most policy setting in windows are fine but a few most importance one still needs adjusting for enhanced security. Sadly Microsoft decide not to add the local security policy console in home versions of windows, so this article can be skipped by users of windows starters such as, Home, Home premium editions. Note better, change only the settings listed in this article, messing up other important settings could make your computer inaccessible by other computers in your home network, in case you did not know what you are doing. If you do decide to dig a little deeper, read settings description, before carrying out any modification.

Opening Local security policy console in windows

In all Non-Home versions of windows, open run dialogs using keyboard short cut, windows key plus R( win + R). Type secpol.msc and click ok. Expand Account policies and click password policy on the left side of local security settings window. Double enforce password history on the right side of the window. This settings defines how many previously used password windows remembers for each users to prevent frequent reuse of passwords. Usually the 3 or 5 value is enough. Click ok to close the dialog. Change other settings of password policy by double clicking on them.  Maximum password each (By default it os 42): This specifies how long a user can use the same password for gis or her local windows account. You can set the number higher if you want to, but keep in mind that you should change your passwords atleast once a year, so do not enter more than 365 in that box.  Minimum Password each( By default it if 0): It means that local users can change their password whenever they like. If you set this value to one, it means that the password must be in effect for atleast one day (24 hours) before a user can change it again.  Minimum Pasword length: Set to atleast 8 but 12 to 16 is recomended  Password must meet complexity requirement, set to enable: This means that a password must include atleast 2 opposite case letters. A number and a special character. This is a very important step in keeping user accounts secure in windows.  Store password using reversible encryption, always leave to disabled. If you enable this policy, all user passwords are easy to crack. The next time the user changes his/her password, it must be in accordance with password policy. If not, error message “ The password you typed does not meet the

password policy requirement ” would be displayed. The user must then enter a password that satisfies the password policy requirements. Current passwords are not affected by the policy. Requirements are checked only when changing a password.