lesson 1 - introduction to network security

8/8/2019 Lesson 1 - Introduction to Network Security

http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 1/57

Lesson 1:Lesson 1:

Introduction to Network SecurityIntroduction to Network Security



IntroductionIntroduction

Lesson 1Lesson 1 presents an overview of the security presents an overview of the security

policies and major laws that may affect how youpolicies and major laws that may affect how you

need to secure the data stored on organizationalneed to secure the data stored on organizationalservers. You will be introduced to many of theservers. You will be introduced to many of thebasic concepts behind a security strategy,basic concepts behind a security strategy,

including the sources of security threats and theincluding the sources of security threats and the

role of organizational security policies.role of organizational security policies.



Defining SecurityDefining Security

Network SecurityNetwork Security

In its fullest sense, it meansIn its fullest sense, it means protecting data or protecting data or

informationinformation that are stored on or travel over athat are stored on or travel over anetwork against both accidental and intentionalnetwork against both accidental and intentionalunauthorized disclosure or modification.unauthorized disclosure or modification.



Defining SecurityDefining Security

Note:Note:

The most often overlooked or ignored part of The most often overlooked or ignored part of

this definition is that it includes accidentalthis definition is that it includes accidentaloccurrences, such asoccurrences, such as inadequately debuggedinadequately debugged

a pplication programa pplication program that damages data.that damages data.



Security and PrivacySecurity and Privacy

Another way to look at security is to consider Another way to look at security is to consider

the difference between security and privacy.the difference between security and privacy.

PrivacyPrivacy

Is the need to restrict access to data.Is the need to restrict access to data.

SecuritySecurityIs what you do to ensure privacy.Is what you do to ensure privacy.



Three Goals of Network Security Three Goals of Network Security

ConfidentialityConfidentiality

Ensuring that data that must be kept private,Ensuring that data that must be kept private,

stay private (should be accessible only to thosestay private (should be accessible only to thoseauthorized to have access).authorized to have access).

IntegrityIntegrity

Ensuring that data are accurate, this means thatEnsuring that data are accurate, this means thatdata must be protected from unauthorizeddata must be protected from unauthorized

modification and/or destruction.modification and/or destruction.



Three Goals of Network Security Three Goals of Network Security

Availability Availability

Ensuring that data are accessible and availableEnsuring that data are accessible and available

whenever needed by the organization. This whenever needed by the organization. Thisimplies protecting the network from anything implies protecting the network from anything that would make it unavailable, including suchthat would make it unavailable, including such

events as power outages.events as power outages.



T wo Views of Network Security T wo Views of Network Security

External ThreatsExternal Threats

A threat originating outside a company, A threat originating outside a company,

government agency, or institution.Ex

ternalgovernment agency, or institution.Ex

ternalthreats are initiated by people known in thethreats are initiated by people known in thehacking community as crackers.hacking community as crackers.



T wo Views of Network Security T wo Views of Network Security

Internal ThreatsInternal Threats

Internal threat is one originating inside theInternal threat is one originating inside the

organization and typically an exploit by aorganization and typically an exploit by adisgruntled employee denied promotion ordisgruntled employee denied promotion or

informed of employment termination.informed of employment termination.



Sources of External ThreatsSources of External Threats

The global network has made it possible for The global network has made it possible forpotential customers, customers, and employeespotential customers, customers, and employeesto reach an organization through its Web site.to reach an organization through its Web site.

But with this new access have come enormousBut with this new access have come enormousproblems caused by individuals and groupsproblems caused by individuals and groupsattempting illegal entry into computer networksattempting illegal entry into computer networksand the computer systems they support.and the computer systems they support.




HackersHackers

Initially, the term hacker referred to someoneInitially, the term hacker referred to someone who could write an ingenious bit of software who could write an ingenious bit of software(one who is good at programming quickly).(one who is good at programming quickly).

CrackersCrackers

Anyone who perform illegal activities or Anyone who perform illegal activities orattempts illegal access to a computer network attempts illegal access to a computer network (one who breaks security on a system).(one who breaks security on a system).




White Hat Hackers White Hat Hackers

A white hat hacker breaks security for non A white hat hacker breaks security for non--malicious reasons, for instance testing theirmalicious reasons, for instance testing theirown security system. This type of hacker enjoysown security system. This type of hacker enjoyslearning and working with computer systems,learning and working with computer systems,and consequently gains a deeper understanding and consequently gains a deeper understanding

of the subject. Such people normally go on toof the subject. Such people normally go on touse their hacking skills in legitimate ways, suchuse their hacking skills in legitimate ways, suchas becoming security consultants.as becoming security consultants.




Scri pt KiddiesScri pt Kiddies

A script kiddy is a non A script kiddy is a non--expert (starting hacker)expert (starting hacker) who breaks into computer systems by using who breaks into computer systems by using prepre--packaged automated tools written by others,packaged automated tools written by others,usually with little understanding. These are theusually with little understanding. These are theoutcasts of the hacker community.outcasts of the hacker community.




CyberterroristsCyberterrorists

K nown terrorist organizations, of disruptionK nown terrorist organizations, of disruption

attacks against information systems for theattacks against information systems for theprimary purpose of creating alarm and panic.primary purpose of creating alarm and panic. These are persons who leverages on a target's These are persons who leverages on a target's

computers and information , particularly via thecomputers and information , particularly via the

Internet, to cause physical, realInternet, to cause physical, real--world harm or world harm orsevere disruption of infrastructure.severe disruption of infrastructure.




HacktivistsHacktivists

A hacktivist is a hacker who utilizes technology A hacktivist is a hacker who utilizes technology

to announce a social, ideological, religious, orto announce a social, ideological, religious, orpolitical message. In general, most hacktivismpolitical message. In general, most hacktivisminvolves website defacement or denialinvolves website defacement or denial--of of--serviceservice

attacks. In more extreme cases, hacktivism isattacks. In more extreme cases, hacktivism is

used as tool for Cyberterrorism. Hacktivists areused as tool for Cyberterrorism. Hacktivists arealso known as Neo Hackers.also known as Neo Hackers.



T y pes of Attacks T y pes of Attacks

Denial of Service (DoS)Denial of Service (DoS)

A denial of service attack (DoS) attempts to A denial of service attack (DoS) attempts to

prevent legitimate users from gaining access toprevent legitimate users from gaining access tonetwork resources. It can take the form of network resources. It can take the form of flooding a network or server with traffic so thatflooding a network or server with traffic so that

legitimate messages can·t get through or it canlegitimate messages can·t get through or it can

bring down a server.bring down a server.




Buffer Overflow Buffer Overflow

A buffer overflow attack takes advantage of a A buffer overflow attack takes advantage of a

programming error or bug in an application orprogramming error or bug in an application orsystem program. The hacker can insert his or hersystem program. The hacker can insert his or hercode into a program and, from there, takecode into a program and, from there, take

control of a target system.control of a target system.




MalwareMalware

The term malware includes all types of malicious The term malware includes all types of malicious

software, such as viruses, worms, and Trojansoftware, such as viruses, worms, and Trojanhorses. The goal of a hacker in placing suchhorses. The goal of a hacker in placing suchsoftware on a computer may be simplesoftware on a computer may be simple

maliciousness or to provide access to themaliciousness or to provide access to the

computer at a later date.computer at a later date.




Social EngineeringSocial Engineering

A social engineering attack is an attempt to get A social engineering attack is an attempt to get

system access information from employees using system access information from employees using rolerole--playing and misdirection. It is usually theplaying and misdirection. It is usually theprelude to an attempt to gain unauthorizedprelude to an attempt to gain unauthorized

access to the network.access to the network.




Brute ForceBrute Force

One way to gain access to a system is to runOne way to gain access to a system is to run

brute force login attempts. A

ssuming that abrute force login attempts. A

ssuming that ahacker knows one or more system login names,hacker knows one or more system login names,he can attempt to guess the passwords.he can attempt to guess the passwords.



Ste ps in Cracking a Network Ste ps in Cracking a Network

1.1. Information GatheringInformation Gathering

During the information gathering phase,During the information gathering phase,a hacker gets as much as he can from publica hacker gets as much as he can from public

sources. The result often forms the basis of asources. The result often forms the basis of asocial engineering attack.social engineering attack.

2.2. Port ScanningPort Scanning

An attempt to identify open TCP ports on a

An attempt to identify open TCP ports on atarget system. This can not only tell the hackertarget system. This can not only tell the hacker

where he can target an attack, but also can where he can target an attack, but also canindicate which applications are running.indicate which applications are running.




3.3. Network EnumerationNetwork Enumeration

Once a hacker gains access through an openOnce a hacker gains access through an openport, he will attempt to map the network, inport, he will attempt to map the network, in

particular looking to distinguish workstationsparticular looking to distinguish workstationsfrom servers and network layout itself.from servers and network layout itself.

4.4. Gaining root or administrator accessGaining root or administrator access

The hacker do whatever is necessary to gain The hacker do whatever is necessary to gainaccess to a user account. His ultimate goal is toaccess to a user account. His ultimate goal is toescalate whatever access he gains to root statusescalate whatever access he gains to root statusso that he has access to the entire system.so that he has access to the entire system.




5.5. Using access and/or information gainedUsing access and/or information gained

If he is looking for specific information to aIf he is looking for specific information to acompromised system, the hacker will eithercompromised system, the hacker will either

copy the desired information or make thecopy the desired information or make themodifications at this point.modifications at this point.

6.6. Leaving a BackdoorLeaving a Backdoor

A

hacker may not take advantage of a system A

hacker may not take advantage of a systemimmediately, or he may need to return at a laterimmediately, or he may need to return at a laterdate. He may therefore leave software behinddate. He may therefore leave software behindthat will give him access at will.that will give him access at will.




7.7. Covering his TracksCovering his Tracks

Finally, the knowledgeable hacker will eraseFinally, the knowledgeable hacker will erasetraces of his presence, including modifying traces of his presence, including modifying

system logs to remove records of whatever hesystem logs to remove records of whatever hehas done to the network system.has done to the network system.



Sources of Internal ThreatsSources of Internal Threats

Most internal threats come from two sources:Most internal threats come from two sources:

employees and accidents. Employee threats may employees and accidents. Employee threats may be intentional or accidental as well.be intentional or accidental as well.

Em ployee ThreatsEm ployee Threats

In most cases, employees know more about aIn most cases, employees know more about a

network and computers on it than any outsider.network and computers on it than any outsider. They have legitimate access to user accounts. They have legitimate access to user accounts.




Intentional em ployee security threatsIntentional em ployee security threats

include the following:include the following:

Personnel who employ hacking techniques toPersonnel who employ hacking techniques toupgrade their legitimate access to root orupgrade their legitimate access to root oradministrator access, allowing them to divulgeadministrator access, allowing them to divulge

trade secrets, steal money, and so on fortrade secrets, steal money, and so on forpersonal or political gain.personal or political gain.




Personnel who take advantage of legitimatePersonnel who take advantage of legitimate

access to divulge trade secrets, steal money, andaccess to divulge trade secrets, steal money, andso on for personal or political gain.so on for personal or political gain.

Family members of employees who are visiting Family members of employees who are visiting the office and have been given access tothe office and have been given access to

company computers to accommodate orcompany computers to accommodate oroccupy them while waiting.occupy them while waiting.




Personnel who break into secure machine roomsPersonnel who break into secure machine rooms

to gain physical access to mainframe and otherto gain physical access to mainframe and otherlarge systems consoles.large systems consoles.

Former employees, especially those who did notFormer employees, especially those who did notleave the organization willingly. Attacks may beleave the organization willingly. Attacks may be

physical, actually damaging equipment, orphysical, actually damaging equipment, ortraditional hacking attacks.traditional hacking attacks.




Unintentional em ployee security threatsUnintentional em ployee security threats

include the following:include the following:

Becoming the victim of a social engineering Becoming the victim of a social engineering attack, unknowingly helping a hacker gainattack, unknowingly helping a hacker gainunauthorized network access.unauthorized network access.

Unintentionally revealing or disclosing Unintentionally revealing or disclosing confidential information.confidential information.




Physically damaging equipment or network Physically damaging equipment or network

infrastructure, resulting in data loss.infrastructure, resulting in data loss.

Misusing a system or software, introducing Misusing a system or software, introducing inaccurate and/or damaged data, or accidentally inaccurate and/or damaged data, or accidentally deleting or modifying data.deleting or modifying data.




Accidents Accidents

Employees certainly can unintentionally damageEmployees certainly can unintentionally damage

a network. A

security plan will need to guarda network. A

security plan will need to guardagainst data damage and loss caused by against data damage and loss caused by

Electrical power fluctuationsElectrical power fluctuations

Hardware failuresHardware failuresNatural disasters such as fire and floodNatural disasters such as fire and flood




Note:Note:

Guarding against accidental network damageGuarding against accidental network damage

includes power protection (for ex

ample, surgeincludes power protection (for ex

ample, surgeprotectors and UPSs) and comprehensiveprotectors and UPSs) and comprehensivebackup schemes. When done well, backup takesbackup schemes. When done well, backup takes

significant planning and disaster recovery.significant planning and disaster recovery.



Organizational Security ProcessOrganizational Security Process




How are you going to respond to the continualHow are you going to respond to the continual

security threats aimed at your network? Wheresecurity threats aimed at your network? Wheredo you start? You must have top managementdo you start? You must have top management

supportsupport ² ² both inside and out of I Tboth inside and out of I T ² ² for thefor thesecurity effort. With management support insecurity effort. With management support in

place, you can be proactive, developing security place, you can be proactive, developing security

policies and procedures before they are needed.policies and procedures before they are needed.




To p Management Su pport To p Management Su pport

Implementing a security scheme for anImplementing a security scheme for an

organization costs money, whether it involvesorganization costs money, whether it involvespurchasing hardware and software, hiring purchasing hardware and software, hiring personnel, training users, retaining I T staff,personnel, training users, retaining I T staff,

realigning I T staff responsibilities, or any realigning I T staff responsibilities, or any

combination of the preceding.combination of the preceding.




Finally, having top management support ensuresFinally, having top management support ensures

that the corporate legal department is involvedthat the corporate legal department is involvedin security planning and implementation. Thisin security planning and implementation. This

will make it much more likely that the will make it much more likely that theorganization·s data security adheres to any organization·s data security adheres to any

relevant legal statues.relevant legal statues.




How secure can you be?How secure can you be?

Probably the most important thing to realizeProbably the most important thing to realize

before you start developing a security schemebefore you start developing a security schemefor an organization is that you can never be 100 for an organization is that you can never be 100 percent secure. There will always be someonepercent secure. There will always be someone

who can find a way into your system, either who can find a way into your system, either

form the inside or outside.form the inside or outside.




Therefore, instead of setting a goal of making Therefore, instead of setting a goal of making

the system totally uncrackable, you want tothe system totally uncrackable, you want toensure that you make it as secure as you can forensure that you make it as secure as you can for

a reasonable amount of money. The trick is toa reasonable amount of money. The trick is tobalance security risk with the amount of money balance security risk with the amount of money

you are going to spend.you are going to spend.



Im portance of a Security PolicyIm portance of a Security Policy

Security PolicySecurity Policy

A security policy is a document that lays out the A security policy is a document that lays out the

philosophy and structure of an organization·sphilosophy and structure of an organization·ssecurity efforts. It serves several purposes:security efforts. It serves several purposes:

A security policy is documentation of the A security policy is documentation of the

commitment top management has made tocommitment top management has made tosecurity. A written security policy makes it easiersecurity. A written security policy makes it easier

for I T staff to justify security expenditures.for I T staff to justify security expenditures.




A security policy provides a roadmap for I T A security policy provides a roadmap for I T

staff who are planning network security staff who are planning network security implementation. It indicates what is to beimplementation. It indicates what is to be

secured or protected and who is responsiblesecured or protected and who is responsiblefor providing the security.for providing the security.




A security policy identifies acceptable use of A security policy identifies acceptable use of

organizational computing resources. Fororganizational computing resources. Forexample, it might indicate whether employeesexample, it might indicate whether employees

can use a corporate ecan use a corporate e--mail system for privatemail system for privateee--mail and if so, to what extent.mail and if so, to what extent.




A security policy identifies who is to have access A security policy identifies who is to have access

to what. This can be one of the most difficultto what. This can be one of the most difficultparts of the policy to develop because access toparts of the policy to develop because access to

information often connotes privilege in ainformation often connotes privilege in acompany or organization.company or organization.




A security policy acts as a security contract with A security policy acts as a security contract with

employees. They must adhere to the philosophy employees. They must adhere to the philosophy and behaviors included in the policy forand behaviors included in the policy for

continued employment.continued employment.




A security policy can be given to new employees A security policy can be given to new employees

before they begin work. In fact, somebefore they begin work. In fact, someorganizations require that new employees readorganizations require that new employees read

the security policy and sign an affidavitthe security policy and sign an affidavitindicating that they understand it and agree toindicating that they understand it and agree to

abide by its provisions.abide by its provisions.



Security PersonnelSecurity Personnel

Head of the OrganizationHead of the Organization

In large organizations, the security function isIn large organizations, the security function is

headed by someone who might be called theheaded by someone who might be called theChief Security Officer, Chief InformationChief Security Officer, Chief InformationSecurity Officer, Vice President of InformationSecurity Officer, Vice President of Information

Security, or Director of Information Security.Security, or Director of Information Security.

Consider the job description found atConsider the job description found athttp://www.csoonline.comhttp://www.csoonline.com..




Middle ManagementMiddle Management

If your organization is too small for theIf your organization is too small for the

ex

ecutiveex

ecutive--level position, you may nonethelesslevel position, you may nonethelesshave a security administrator·s position.have a security administrator·s position.Consider the job description found atConsider the job description found at

http://www.monster.comhttp://www.monster.com..




The Peo ple in the Trenches The Peo ple in the Trenches

A quick check at A quick check at monster.commonster.com reveals a widereveals a wide

range of job description for people who will berange of job description for people who will beimplementing security plans. As examples,implementing security plans. As examples,consider the following:consider the following:

Network Security AnalystNetwork Security Analyst

Computer Security Systems SpecialistComputer Security Systems Specialist

Computer Systems Security SpecialistComputer Systems Security Specialist



Outsourcing SecurityOutsourcing Security


When you outsource, you hire on outside When you outsource, you hire on outside

organization to implement and monitor security organization to implement and monitor security for your network. If you are going to outsource,for your network. If you are going to outsource,then you may want to keep the management of then you may want to keep the management of

your security policy inyour security policy in--house; you can outsourcehouse; you can outsource

the implementation, such as security auditing orthe implementation, such as security auditing or vulnerability testing and ongoing monitoring. vulnerability testing and ongoing monitoring.




There are tangible benefits to outsourcing: you There are tangible benefits to outsourcing: you

don·t have to hire a security staff, and it oftendon·t have to hire a security staff, and it oftencan cost less than managing security incan cost less than managing security in--house.house.

However, there are also significant risks. TheHowever, there are also significant risks. Thesecurity company could go out of business,security company could go out of business,

leaving your organization extremely vulnerable.leaving your organization extremely vulnerable.



Pre paring a Security PolicyPre paring a Security Policy

A security policy needs to spell out guidelines A security policy needs to spell out guidelines

for security activities. It shouldfor security activities. It should

Justify both direct and indirect expenditures on Justify both direct and indirect expenditures onsecurity by stating the importance of network security by stating the importance of network security to the organization.security to the organization.

Indicate the scope of the security efforts, as wellIndicate the scope of the security efforts, as wellas any legal requirements.as any legal requirements.




Specify security personnel, their jobSpecify security personnel, their job

responsibilities, and organizational structure.responsibilities, and organizational structure.

Describe secure behaviors that all employeesDescribe secure behaviors that all employeesmust use and describe also the organization·smust use and describe also the organization·sdisaster recovery plan.disaster recovery plan.

Lay out policies and procedures for reporting Lay out policies and procedures for reporting and handling security violations.and handling security violations.




Note:Note:

Because developing a security policy is a difficultBecause developing a security policy is a difficultprocess, your organization may decide toprocess, your organization may decide to

purchase a set of templates (cost $600 ) or usepurchase a set of templates (cost $600 ) or usefree templates atfree templates at http://www.sans.org/http://www.sans.org/

resources/policies/#templatesresources/policies/#templates rather thanrather than

starting from scratch.starting from scratch.



Security Audits

Security AuditSecurity Audit

A security audit is a process that determines how A security audit is a process that determines how well your network is protected against a variety well your network is protected against a variety

of threats. Security audits usually includeof threats. Security audits usually include

Risk AssessmentRisk Assessment

A risk assessment is a high A risk assessment is a high-- level analysis of thelevel analysis of thesecurity risks faced by the organization.security risks faced by the organization.



Security Audits

Vulnerability Testing Vulnerability Testing

Vulnerability testing involves attempts to crack Vulnerability testing involves attempts to crack the network, looking for weak points in thethe network, looking for weak points in the

security implementation.security implementation.

Examination of K nown VulnerabilitiesExamination of K nown Vulnerabilities

It checks and examines the network for softwareIt checks and examines the network for softwareand hardware vulnerabilities that have beenand hardware vulnerabilities that have been

reported to vendors.reported to vendors.



Security Audits

Policy VerificationPolicy Verification

Policy verification involves the comparison of Policy verification involves the comparison of procedures with that is specified in anprocedures with that is specified in an

organization·s security policy.organization·s security policy.



Summary

Network security is the ongoing process of Network security is the ongoing process of

maintaining the privacy of data (or information)maintaining the privacy of data (or information)that should remain private. Security threats arethat should remain private. Security threats are

intentional and unintentional, and can comeintentional and unintentional, and can comefrom outside or inside an organization.from outside or inside an organization.

Employees, who typically have more knowledgeEmployees, who typically have more knowledge

of a network than external crackers, areof a network than external crackers, areresponsible for more than half the security responsible for more than half the security

violations that trouble networks. violations that trouble networks.

lesson 1 - introduction to network security

Documents