Computer Networking Semester 2 Unit 9
Common Elements of Security Policies
-antivirus and other malware protection for servers and desktops -Backup procedures -physical security of servers and network devices
Open security policies
-these policies consist of simple or no passwords, unrestricted access to resources, and probably no monitoring and auditing -this type of policy might make sense for a small company with the main goal of making access to network resources easy -sensitive data might be kept on workstations that are backed up regularly and physically inaccessible to their employees
rogue DHCP server
A DHCP service running on a client device that could be used to implement a MitM attack by configuring the attacker's IP address as the victim computers' default gateway or DNS server.
DRDoS (distributed reflection DoS) attack
A DoS attack bounced off of uninfected computers, called reflectors, before being directed at the target.
Asset tracking tags
A barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.
asset tracking tag
A barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.
more likely to attract customers, partners, and investors
A company that can demonstrate its information systems are secure is...
honeypot
A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.
key fob
A device or app that provides remote control over locks and security systems.
security policy
A document or plan that identifies an organization's security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition, it specifies how to address security breaches.
PUA (privileged user agreement)
A document that addresses the specific concerns related to privileged access given to administrators and certain support staff.
badge
A form of identification that includes the person's name and perhaps a photo, title, or other information.
SHA (Secure Hash Algorithm)
A hash algorithm originally designed by the NSA to eliminate the inherent weaknesses of the older MD5 hash. The most recent iteration is SHA-3, developed by private designers for a public competition in 2012.
logic bomb
A malicious program designed to start when certain conditions are met.
logic bombs
A malicious program designed to start when certain conditions are met.
honeynet
A network of honeypots.
cipher lock
A physical or electronic lock requiring a code to open the door.
cipher locks
A physical or electronic lock requiring a code to open the door.
phishing
A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.
penetration testing
A process of scanning a network for vulnerabilities and investigating potential security flaws.
Malware
A program or piece of code designed to intrude upon or harm a system or its resources.
malware
A program or piece of code designed to intrude upon or harm a system or its resources.
ransomware
A program that locks a user's data or computer system until a ransom is paid.
virus
A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users. Viruses might damage files or systems or simply annoy users.
DHCP snooping
A security feature on switches whereby DHCP messages on the network are checked and filtered.
Principle of least privilege
A security measure that ensures employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.
principle of least privilege
A security measure that ensures employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.
-be easy for ordinary users to understand and reasonably comply with -Be enforceable -clearly state the objective of each. policy so that everyone understands its purpose
A security policy should be...
insider threat
A security risk associated with someone who is or was trusted by an organization, such as an employee, former employee, contractor, or other associate.
DLP (data loss prevention)
A security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied or transmitted off the network.
back door
A software security flaw that can allow unauthorized users to gain access to a system.
back doors
A software security flaw that can allow unauthorized users to gain access to a system.
dictionary attack
A technique in which attackers run a program that tries a combination of a known user ID and, for a password, every word in a dictionary to attempt to gain access to a network.
vulnerability scanning
A technique to identify vulnerabilities in a network, with or without malicious intent.
CCTV (closed-circuit TV)
A video surveillance system that monitors activity in secured areas.
vulnerability
A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access to a network.
privileged user account
An administrative account on a device or network that gives high-level permissions to change configurations or access data.
security audit
An assessment of an organization's security vulnerabilities performed by an accredited network security firm.
posture assessment
An assessment of an organization's security vulnerabilities.
DoS (denial-of-service) attack
An attack in which a legitimate user is unable to access normal network resources because of an attacker's intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can't respond to any of them.
FTP bounce
An attack in which an FTP client specifies a different host's IP address and port for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code.
ARP poisoning
An attack in which attackers use fake ARP replies to alter ARP tables in a network
DDoS (distributed DoS) attack
An attack in which multiple hosts simultaneously flood a target host with traffic, rendering the target unable to function.
amplified DRDoS attack
An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, LDAP, and SNMP lend themselves to being used in these kinds of attacks.
PDoS (permanent DoS) attack
An attack on a device that attempts to alter the device's management interface to the point where the device is irreparable.
deauth (deauthentication) attack
An attack on a wireless network in which the attacker sends faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network.
DNS poisoning
An attack that alters DNS records on a DNS server, thereby redirecting Internet traffic from a legitimate web server to a phishing website.
MitM (man-in-the-middle) attack
An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit.
zero-day exploit
An attack that takes advantage of a software vulnerability that hasn't yet or has only very recently become public.
smart cards
An electronic access badge.
-ensure that rooms are available to house servers and equipment-rooms should have locks, adequate power receptacles, adequate cooling measures, and an EMI free environment -If a suitable room is not available, locking cabinets can be purchased to house servers and equipment in public areas -wiring from workstations to wiring cabinets should be inaccessible to eavesdropping equipment -your physical security plan sshould include procedures for recovery from natural disasters such as fire or floods
Best practices to secure your network from physical assault
an organization to go about its business confidently and efficiently
Having a secure network enables...
exploit
In the context of network security, the act of taking advantage of a vulnerability.
If a person has physical access to a device, access to data isn't far behind
NO matter how strong our logon name and password schemes are...
as unobtrusive as possbile-it should allow network users to concentrate on the tasks they want to accomplish rather than how to get to the data they need to perform those tasks
Network Security should be...
-banks and investment firms -hospitals and schools -research and development companies -government entities -any organization that deals with large amounts of client personal data
Organizations that are likely to require highly restrictive security policies include what?
device hardening
Preventive measures that can be taken to secure a device from network- or software-supported attacks.
data encryption, complex password requirements, detailed auditing and monitoring of computer and network access, intricate authentication methods, and policies governing use of the internet and email
Restrictive security policies include what?
network-based anti-malware
Securing the network's gateways, where the Internet connects with the interior network, can provide a formidable layer of defense against the primary source of intrusion—the Internet. However, this does nothing to prevent users from putting the network at risk with infected files on flash drives, laptops, or smartphones.
-router and switches contain critical configuration information-a user with physical access to these devices needs only a laptop or handheld computer to get into the router or switch -configuration changes made to routers and switches can have disastrous results -a room with a lock is the best place for internetworking devices -a wall mounted enclosure with a lock is the next best thing
Security of Internetworking Devices
Tamper detection
Sensors that can detect physical penetration, temperature extremes, input voltage variations, input frequency variations, or certain kinds of radiation.
MDM (mobile device management)
Software that automatically handles the process of configuring wireless clients for network access.
port scanner
Software that searches a server, switch, router, or other device for open ports, which can be vulnerable to attack.
-Every computer in an organization should be equipped with malware detection and cleaning software that regularly scans for malware. This software should be centrally distributed and updated to stay current with newly released malware. -Users should not be allowed to alter or disable the anti-malware software. -Users should know what to do in case their anti-malware program detects malware. For example, you might recommend that the user stop working on his computer, and instead call the help desk to receive assistance in disinfecting the system. -An anti-malware team should be appointed to focus on maintaining the anti-malware measures. This team would be responsible for choosing anti-malware software, keeping the software updated, educating users, and responding in case of a significant malware outbreak. -Users should be prohibited from installing any unauthorized software on their systems. This edict might seem ext
Suggestions for anti-malware policy guidelines include the following:
Motion detection
Technology that triggers an alarm when it detects movement within its field of view.
motion detection
Technology that triggers an alarm when it detects movement within its field of view.
social engineering
The act of manipulating social relationships to circumvent network security measures and gain access to a system.
NDA (non-disclosure agreement)
The part of a security policy that defines what confidential and private means to the organization.
AUP (acceptable use policy)
The portion of a security policy that explains to users what they can and cannot do while accessing a network's resources, and penalties for violations. It might also describe how these measures protect the network's security.
BYOD (bring your own device)
The practice of allowing people to bring their smartphones, laptops, or other technology into a facility for the purpose of performing work or school responsibilities.
-discovery -standardization -layered security -vulnerability reporting -implementation -assessment -risk mitigation
The process of properly managing and applying security patches includes ...
Hashing
The transformation of data through an algorithm that generally reduces the amount of space needed for the data. Hashing is mostly used to ensure data integrity—that is, to verify the data has not been altered.
hashing
The transformation of data through an algorithm that generally reduces the amount of space needed for the data. Hashing is mostly used to ensure data integrity—that is, to verify the data has not been altered.
white hat hacker
These IT security experts are hired by organizations to assess their security and risks. They're sometimes called ethical hackers.
black hat hackers
These groups or individuals use their skills to bypass security systems to cause damage, steal data, or compromise privacy. They're not concerned with legal restrictions, and are intent on achieving personal gain or executing a personal agenda against an individual or an organization.
gray hat hackers
These hackers abide by a code of ethics all their own. Although they might engage in illegal activity, their intent is to educate and assist.
hacker
Traditionally, a person who masters the inner workings of computer hardware and software in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent.Traditionally, a person who masters the inner workings of computer hardware and software in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent.
data breach
Unauthorized access or use of sensitive data.
biometrics
Unique physical characteristics of an individual, such as the color patterns in his iris or the geometry of his hand.
BYOA (bring your own application)—Employees or students supply their choice of software on a computer or mobile device. BYOC (bring your own cloud)—Employees or students supply their choice of cloud application or storage. BYOT (bring your own technology)—A generic reference that includes the other BYO options. CYOD (choose your own device)—Employees or students are allowed to choose a device from a limited number of options, usually supplied by the company or school.
Variations on bring your own device include:
-privacy policy-describes what staff, customers, and business partners can expect for monitoring and reporting -acceptable use policy-explains for what purposes network resources can be used -Authentication policy-describes how usesrs identify themselves to gain access to network resources -Internet use policy-explains. what constitutes proper orr improper use of internet resources -auditing policy-explains the manner inn which security compliance or violations can be verified and the consequences for violations -Data protection-outlines the policies for backup procedures, virus protection, and disaster recovery
What are some basic items needed in order to start writing your security policy?
-white hat hacker -black hat hacker -gray hat hacker
What are the categories of hackers?
-encryption -stealth -polymorphism -time dependence
What are the characteristics that can make malware harder to detect and eliminate?
-Phishing -baiting -quid pro qou -tailgating
What are the common types of social engineering?-
-vulnerability scanning -authenticated -unauthenticated -penetrations testing -red team-blue team exercise
What are three types of attack simulations?
If there's physical access to the equipment, there's no security
What is a common guideline regarding network security?
-What must be protected? -From whom should data be protected? -What costs are associated with security being breached and data being lost or stolen? -How likely is it that a threat will actually occur? -What's the likely of a natural disaster? -Are the costs to implement security and train personnel to use a secure network outweighed by the need to create an efficient, user-friendly environment?
What questions should be answered before determining the level of security you network needs?
-spoofing attack -DoS (denial of service) attack -DDoS (distributed DoS) attack -DRDoS (distributed reflection DoS) attack -amplified DRDoS attack -PDoS (permanent DoS) attack -friendly DoS attack -DNS poisoning, or DNS sppofing -ARP poisoning -MitM (man in tthe mddle) attack -rouge DHCP server Deauth (deauthentication) attack -insecuree protocols and services -back doors
What risks are inherent in network hardware and design?
network security policy
a document that describes the rules governing access to a company's information resources, enforcement of these rules, and steps taken if rules are breached.
-virus -Trojan horse -worm -bot (short for robot) -ransomeware
different types of outbreaks of malware
-keypad or cipher lock -key fob -access badge -proximity card -biometrics -
door access controls are...
server-based anti-malware
if this resides on the server and checks every file and transaction, you will protect important files, but slow your network performance considerably.
-motion detection -video surveillance -tamper detection -asset tracking
methods of detecting physical intrusions and other kinds of events
-servers often require more tightly controlled environmental conditions than patch panels and switches do-servers can generate a substantial amount of heat and need adequate cooling-lack of cooling caan cause damage to hardware components -power to the server should be on a separate circuit from other electircal devices -verify power requirements for UPSs-some UPSs require special twist lock outlet plugs rated for high currents -If you're forced to place servers in a public access area, locking caabinets are a must
physical Security of servers
host based anti-malware
provides insufficient coverage when a significant portion of the network is virtualized.
cloud-based anti-malware
provides the same kinds of benefits as other cloud-based solutions, such as scalability, cost efficiency, and shared resources. These cloud vendors are still working out bugs, and it can be a challenge to ensure that coverage soaks the entire network with no blind spots. Cloud solutions also increase the amount of Internet traffic in order to perform their duties.
-limited use -limited location -limited duration -limited access -limited privacy
security precautions for privileged user accounts
-host-based -server based -network-based -cloud-based
some options for implementing anti-malware software
-Nmap -Nessus -Metasploit
three popular scanning tools
-Unexplained increases in file sizes -Significant, unexplained decline in system or network performance (for example, a program takes much longer than usual to start or to save a file) -Unusual error messages with no apparent cause -Significant, unexpected loss of system memory -Periodic, unexpected rebooting -Fluctuations in display quality
you might suspect a virus on your system if any of the following symptoms arise: