* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download module 2 network security unit 1
Survey
Document related concepts
Information security wikipedia , lookup
Cyberwarfare wikipedia , lookup
Trusted Computing wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Network tap wikipedia , lookup
Security-focused operating system wikipedia , lookup
Wireless security wikipedia , lookup
Unix security wikipedia , lookup
Distributed firewall wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Cyberattack wikipedia , lookup
Social engineering (security) wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Computer security wikipedia , lookup
Transcript
Module 2: Network security Network security is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system. An example of network security is an anti virus system. • A specialized field in computer networking that involves securing a computer network infrastructure. • Network security is typically handled by a network administrator or system administrator who implements the security policy, network software and hardware needed to protect a network and the resources accessed through the network from unauthorized access and also ensure that employees have adequate access to the network and resources to work. • A network security system typically relies on layers of protection and consists of multiple components including networking monitoring and security software in addition to hardware and appliances. All components work together to increase the overall security of the computer network. Unit 1: Security fundamentals The most common threats to your systems: • Malicious programs like viruses, worms (is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. ) • Trojan horses (actually do damage once software installed or run on your computer) • spyware(spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.), • malware(software which is specifically designed to disrupt or damage a computer system) • adware (software that automatically displays or downloads advertising material such as banners or pop-ups when a user is online.) and • Botnets (a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g. to send spam.) • Zero-day and zero-hour attacks A zero day attack, also known as a zero hour attack, takes advantage of computer vulnerabilities that do not currently have a solution. Typically, a software company will discover a bug or problem with a piece of software after it has been released, and it will offer a patch — another piece of software meant to fix the original issue. A zero day attack will take advantage of that problem before a patch has been created. It is named zero day because it occurs before the first day the vulnerability is known. • Hacker attacks • Denial of Service (DoS) and Distributed Denial of Service Attacks (DDoS) • In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. • A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. • Data theft. These threats look to exploit: • Unsecured wireless networks • Unpatched software and hardware • Unsecured websites • Potentially unwanted applications (PUAs) • Weak passwords • Lost devices, and • Unwitting users or users with malicious intent(Malicious intent refers to the intent, without just cause or reason, to commit a wrongful act that will result in harm to another.). fundamentals of network security 1. Keep patches and updates current Cyber criminals exploit vulnerabilities in operating systems, software applications, web browsers and browser plug-ins when administrators are lax(careful) about applying patches and updates. In particular, verify that office computers are running current versions of these much used programs: • Adobe Acrobat and Reader • Adobe Flash • Oracle Java • Microsoft Internet Explorer • Microsoft Office Suite Keep an inventory to make sure each device is updated regularly, including mobile devices and network hardware. And make sure Windows and Apple computers have automatic updating enabled. 2. Use strong passwords By now, most users know not to write their passwords on Post-It Notes that are plastered to their monitors. But there’s more to keeping passwords secure than keeping them out of plain sight. The definition of a strong password is one that’s difficult to detect by humans and computers, is at least 6 characters, preferably more, and uses a combination of upper- and lower-case letters, numbers and symbols. Symantec gives additional suggestions: • Don’t use any words from the dictionary. Also avoid proper nouns or foreign words. • Don’t use anything remotely related to your name, nickname, family members or pets. • Don’t use any numbers someone could guess by looking at your mail like phone numbers and street numbers, and • Choose a phrase that means something to you, take the first letters of each word and convert some into characters. 3. Secure your VPN Data encryption and identity authentication are especially important to securing a VPN. Any open network connection is a vulnerability hackers can exploit to sneak onto your network. Moreover, data is particularly vulnerable while it is traveling over the Internet. Review the documentation for your server and VPN software to make sure that the strongest possible protocols for encryption and authentication are in use. Multi-factor authentication is the most secure identity authentication method. The more steps your users must take to prove their identity, the better. For example, in addition to a password, users could be required to enter a PIN. Or, a random numerical code generated by a key-fob authenticator every 60 seconds could be used in conjunction with a PIN or password. It is also a good idea to use a firewall to separate the VPN network from the rest of the network. Other tips include: • Use cloud-based email and file sharing instead of a VPN. • Create and enforce user-access policies. Be stingy when granting access to employees, contractors and business partners. • Make sure employees know how to secure their home wireless networks. Malicious software that infects their devices at home can infect the company network via an open VPN connection, and • Before granting mobile devices full access to the network, check them for up-to-date anti-virus software, firewalls and spam filters. 4. Actively manage user access privileges • Inappropriate user-access privileges pose a significant security threat. Managing employee access to critical data on an ongoing basis should not be overlooked. 5. Clean up inactive accounts Hackers use inactive accounts once assigned to contractors and former employees to gain access and disguise their activity. The HP/Ponemon Institute report did find that the companies in the survey were doing a good job deleting accounts once an employee quit or was laid off. Software is available for cleaning up inactive accounts on large networks with many users. Understand social engineering-based attacks • Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Popular types of social engineering attacks include: Baiting: Baiting is when an attacker leaves a malwareinfected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware. Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware. Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization. Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient. Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware. Identify different types of malware Adware:. The least dangerous and most lucrative Malware. Adware displays ads on your computer. Spyware:. Spyware is software that spies on you, tracking your internet activities in order to send advertising (Adware) back to your system. Virus: A virus is a contagious program or code that attaches itself to another piece of software, and then reproduces itself when that software is run. Most often this is spread by sharing software or files between computers. Worm: A program that replicates itself and destroys data and files on the computer. Worms work to “eat” the system operating files and data files until the drive is empty. unavailable. Trojan: The most dangerous Malware. Trojans are written with the purpose of discovering your financial information, taking over your computer’s system resources, and in larger systems creating a “denialof-service attack ” Denial-of-service attack: an attempt to make a machine or network resource unavailable to those attempting to reach it. Example: AOL, Yahoo or your business network becoming unavailable Backdoors: Backdoors are much the same as Trojans or worms, except that they open a “backdoor” onto a computer, providing a network connection for hackers or other Malware to enter or for viruses or SPAM to be sent. Keyloggers: Records everything you type on your PC in order to glean your log-in names, passwords, and other sensitive information, and send it on to the source of the keylogging program. Many times keyloggers are used by corporations and parents to acquire computer usage information. Network attacks such as scanning, spoofing and denial-ofservice attacks Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. Scanning procedures, such as ping sweeps and port scans, return information about which IP addresses map to live hosts that are active on the Internet and what services they offer. Another scanning method, inverse mapping, returns information about what IP addresses do not map to live hosts; this enables an attacker to make assumptions about viable addresses. Spoofing :The hackers can use Network spoofing to enter into certain secured networks for obtaining restricted files and information. In this process, the hacker will assume a IP address of a trusted computer and easily gains access to the restricted network. As the information comes from a legitimate (conforming )source, the gateway of the network allows the exchange of packets of information. Types of Network spoofing: • Protocol Spoofing • DNS spoofing • MAC spoofing Implement secure management policies and procedures and perform security training http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=3 • A security policy comprises a set of objectives for the company, rules of behavior for users and administrators, and requirements for system and management that collectively ensure the security of network and computer systems in an organization. A security policy is a “living document,” meaning that the document is never finished and is continuously updated as technology and employee requirements change. The security policy translates, clarifies, and communicates the management position on security as defined in high-level security principles. The security policy acts as a bridge between these management objectives and specific security requirements. It informs users, staff, and managers of their obligatory requirements for protecting technology and information assets. The three reasons for having a security policy are as follows: • To inform users, staff, and managers • To specify mechanisms for security • To provide a baseline One of the most common security policy components is an acceptable use policy (AUP). This component defines what users are allowed and not allowed to do on the various components of the system, including the type of traffic that is allowed on the networks. The AUP should be as explicit as possible to avoid ambiguity or misunderstanding. For example, an AUP might list the prohibited website categories. A properly defined security policy does the following: • • • • Protects people and information Sets the rules for expected behavior Authorizes staff to monitor, probe, and investigate Defines the consequences(effect) of violations Ensure effective patch management policies. Network and computer security is more crucial than ever, patching forms a key part. An effective Patch Management System will not only fend off malware and worms but also alleviate the frustration sometimes caused as a consequence of patching. Patching may also be a requirement for compliance(rule), many organisations are required to have a Patch Management System in place to maintain compliance with certain regulations and standards such as ISO 27001 and ISO 270012. When undertaking patching correctly we expect patching to reduce vulnerabilities, improve performance, improve usability and assist in achieving compliance, however this is not always the only outcome and is the cause of frustration for many of us, one vulnerability is ‘patched’ yet we are left with other problems to rectify. The key to mitigating this problem is patch testing before applying the patch to live systems, a practice not often seen in the industry. http://www.windowsecurity.com/articles-tutorials/Windows_Server_2012_Security/howachieve-effective-patch-management-system.html • Patch management is necessary, and if applied correctly it is highly beneficial however patches are also the cause of conflict with other software and hardware within our system environment and are responsible for creating new problems that were not present before the patching. Patches, additional code for replacing flaws in existing software, usually fall within the following categories: Binary Executable Patch - executable files that modify or replace files when executed Source Code Patch - source code modification Service Pack - significantly change a program Firmware Patch - update internal control of hardware devices • Patch management should be a proactive strategic and planned process to determine the application of patches needed to specified systems at a specified time. Without an effective patch management system in place, organisations are not effectively managing security quality and risk. Benefits of an effective patch management system: Increased productivity - Reduced downtime from malware issues. Increase in performance. Security - Lower rates of virus infections, malicious attacks, and data theft or loss and legal penalties. Increased productivity within the IT department - manual patching requires a lot of IT resources and time. Through automation IT resources can be used elsewhere. Cost savings. Patches may extend software to supply new features and functionality or additional support. This would be advantageous for organisations.