Network Security

Why is security important ?

If the security of the network is compromised there could be seroious consequences such as:

• loss of privacy
• theft of information
• legal liabity

As time went on, and attackers' methods and tools improved, attackers no longer required the same level of sophisticated knowledge.

Common terms for individuals involved:

White-hat

An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.

Hacker

A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.

Black Hat

Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat.

Cracker

A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent.

Phreaker

An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.

Spammer

An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.

Phisher

Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.

Steps of an atack

1. Perform footprint analysis (reconnaissance)
   1. IP address of servers to build a large picture of the targeted network
2. Enumerate information.
   1. FTP/MAIL server version, OS version, cross reference with vuln. db, packet sniffing, passive monitoring
3. Manipulate users to gain access.
   1. Social engieneering to gain password
   2. Other relevent information
4. Escalate privileges.
   1. From normal user to root
5. Gather additional passwords and secrets.
   1. Use other info to gain access to secret info
6. Install backdoors
   1. An atacker may install a backdoor so that he/she can have access to the system again.
7. Leverage the compromised system
   1. Use it to atack other system
   2. Blackmail
   3. Expose/sell data for personal/financial gain.

Types of computer crime (varies by country)

• Insider abuse of network access
• Virus
• Mobile device theft
• Phishing where an organization is fraudulently represented as the sender
• Instant messaging misuse
• Denial of service
• Unauthorized access to information
• Bots within the organization
• Theft of customer or employee data
• Abuse of wireless network
• System penetration
• Financial fraud
• Password sniffing
• Key logging
• Website defacement
• Misuse of a public web application
• Theft of proprietary information
• Exploiting the DNS server of an organization
• Telecom fraud
• Sabotage

Goal:

Balancing two important needs:

• keeping networks open to support evolving business requirements.
• protecting private, personal, and strategic business information.

Network Security models

From: open (any service is permitted unless it is expressly denied)

• Easy to configure and administer
• Easy for end users to access network resources
• Security cost: least expensive

To: restrictive (services are denied by default unless deemed necessary)

• More difficult to configure and administer
• More difficult for end users to access resources
• Security cost: more expensive

Extreme alternative: close a network from the outside world

• Most difficult to configure and administer
• Most difficult for end users to access resources
• Security cost: most expensive
• A closed network provides connectivity only to trusted known parties and sites.
• does not allow a connection to public networks
• networks designed in this way are considered safe from outside attacks
• internal threats still exist

Common security threats

vulnerability

Vulnerability is the degree of weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices.

threat

Threats are the people interested and qualified in taking advantage of each security weakness. Such individuals can be expected to continually search for new exploits and weaknesses.

and attack

Typically, the network devices under attack are the endpoints, such as servers and desktop computers.

There are three primary vulnerabilities or weaknesses:

• Technological weaknesses
• TCP/IP protocol weakness
• Hypertext Transfer Protocol (HTTP)
• File Transfer Protocol (FTP)
• Internet Control Message Protocol (ICMP) are inherently insecure.
• Simple Network Management Protocol (SNMP)
• Simple Mail Transfer Protocol (SMTP)
• Syn Floods are related to the inherently insecure structure upon which TCP was designed.
  
• Operating system weakness
• Each operating system has security problems that must be addressed.
• UNIX, Linux, Mac OS, Mac OS X, Windows NT, 9x, 2K, XP, and Vista.
• They are documented in the Computer Emergency Response Team (CERT) archives at  http://www.cert.org.
  
• Network equipment weakness
• Various types of network equipment, such as
• routers
• firewalls
• switches have security weaknesses that must be recognized and protected against.
• Their weaknesses include
• password protection
• lack of authentication
• routing protocols
• firewall holes.
• Configuration weaknesses
• Unsecured user accounts
• User account information may be transmitted insecurely across the network, exposing usernames and passwords to snoopers.
• System accounts with easily guessed passwords
• This common problem is the result poorly selected and easily guessed user passwords.
• Misconfigured Internet services
• A common problem is to turn on JavaScript in Web browsers, enabling attacks by way of hostile JavaScript when accessing untrusted sites. IIS, FTP, and Terminal Services also pose problems.
• Unsecured default settings within products
• Many products have default settings that enable security holes.
• Misconfigured network equipment
• Misconfigurations of the equipment itself can cause significant security problems. For example, misconfigured access lists, routing protocols, or SNMP community strings can open up large security holes.
• Security policy weaknesses
• Lack of written security policy
• An unwritten policy cannot be consistently applied or enforced.
• Politics
• Political battles and turf wars can make it difficult to implement a consistent security policy.
• Lack of authentication continuity
• Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the network.
• Logical access controls not applied
• Inadequate monitoring and auditing allow attacks and unauthorized use to continue, wasting company resources. This could result in legal action or termination against IT technicians, IT management or even company leadership that allows these unsafe conditions to persist.
• Software and hardware installation and changes do not follow policy
• Unauthorized changes to the network topology or installation of unapproved applications create security holes.
• Disaster recovery plan is nonexistent
• The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when someone attacks the enterprise.

---