Chapter 04

Network Security Wenura Mendis

2022/09 2022/10
Vibernets Streaming
 Chapter 04

1. Cyber Threats and Attacks

2. Network Security Infrastructure

10/12/2022 VIBERNETS STREAMING 2

4.1 Cyber Threats and Attacks

Types of Threats
1. Spoofing

Spoofing is a cybercrime that happens when someone impersonates a trusted contact or brand, pretending to be
someone you trust in order to access sensitive personal information. Spoofing attacks copy and exploit the identity of
your contacts, the look of well-known brands, or the addresses of trusted website.

10/12/2022 VIBERNETS STREAMING 3

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Types of Threats
2. DOS/DDOS

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server,
service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Some of the main reasons for DDoS attacks are:

• Ransom
• Hacktivism
• Competition

10/12/2022 VIBERNETS STREAMING 4

VIBERNETS STREAMING
 4.1 Cyber Threats and Attacks

2.1 DDoS - Application layer attacks

The application layer is where the server generates the response to an incoming client request. For example, if a user
enters http://www.abc.com/share/ on their browser, an HTTP request is sent to the server, requesting the share page.
The server will fetch all the information related to the page, package it in response, and send it back to the browser.

This information fetching and packaging happens on the application layer. An application layer attack occurs when a
hacker uses different bots/machines to repeatedly request the same resource from the server, eventually overwhelming
it.

The most common type of application layer attacks are the HTTP flood attacks in which malicious actors just keep
sending various HTTP requests to a server using different IP addresses.

10/12/2022 VIBERNETS STREAMING 5

VIBERNETS STREAMING
 4.1 Cyber Threats and Attacks

2.2 DDoS – Protocol attacks

Protocol attacks look to exhaust resources of a server or those of its networking systems like firewalls, routing engines,
or load-balancers. An example of a protocol attack is the SYN flood attack.

Before two computers can initiate a secure communication channel – they must perform a TCP handshake. A TCP
handshake is a means for two parties to exchange preliminary information. A SYN packet is typically the first step of the
TCP handshake, indicating to the server that the client wants to start a new channel.

In a SYN flood attack, the attacker floods the server with numerous SYN packets, each containing spoofed IP addresses.
The server responds to each packet (via SYN-ACKs), requesting the client to complete the handshake. However, the
client(s) never respond, and the server keeps waiting. Eventually, it crashes after waiting too long for too many
responses.

10/12/2022 VIBERNETS STREAMING 6

VIBERNETS STREAMING
 4.1 Cyber Threats and Attacks

2.3 DDoS – Volumetric attacks

Volumetric attacks are conducted by bombarding a server with so much traffic that its bandwidth gets completely
exhausted. The most common example of a volumetric attack is the DNS amplification attack.

In such an attack, a malicious actor sends requests to a DNS server, using the spoofed IP address of the target. The
DNS server then sends its response to the target server. When done at scale, the delugeof DNS responses can wreak
havoc on the target server.

10/12/2022 VIBERNETS STREAMING 7

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Types of Threats
3. Virus, Warms & Trojans

A computer virus is a type of malicious software, or malware, that spreads between computers and causes damage to
data and software.

Types of Viruses:

1. Macro - a virus written in macro language (e.g., Microsoft Office or Microsoft Excel macros)
2. Boot sector - a virus that infects the boot sector of a PC, which ensures that the virus loads upon system startup
3. Stealth - a virus that hides itself from the OS and other protective software, such as antivirus software
4. Polymorphic - a virus that changes its signature upon infection of a new system, attempting to evade signature-
based antivirus software.

Warms - An independent program that can reproduce by copying itself from one system to another. It may damage data
directly or degrade system performance by tying up resources.

Trojan - A computer program that has an apparently or actually useful function, but that also contains
hidden malicious capabilities to exploit a vulnerability and/or provide unauthorized access into a system.

10/12/2022 VIBERNETS STREAMING 8

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Types of Threats
4. On-Path Attacks

An on-path attack is an attacker that sits in the middle between two stations and is able to intercept, and in some
cases, change that information that’s being sent interactively across the network. This is a type of attack that can occur
without anyone knowing that anyone is sitting in the middle of the conversation. In fact, you might hear this referred to
often as a man-in-the-middle attack.

10/12/2022 VIBERNETS STREAMING 9

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Types of Threats
5. Side-channel Attack

A side-channel attack does not target a program or its code directly. Rather, a side-channel attack attempts to gather
information or influence the program execution of a system by measuring or exploiting the indirect effects of the
system or its hardware.

Eg: By monitoring CPU cycles or power consumption used while encrypting or decrypting

10/12/2022 VIBERNETS STREAMING 10

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Types of Threats
6. Insider Threats

Internal actors are people within the organization, such as employees, former employees, contractors, or business
associates, who have inside information concerning the organization’s security practices, data, and computer systems.

10/12/2022 VIBERNETS STREAMING 11

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Types of Threats
7. Malware/ Ransomware

Internal actors are people within the organization, such as employees, former employees, contractors, or business
associates, who have inside information concerning the organization’s security practices, data, and computer systems.

Malicious code, or Malware, is the generic term for any type of software that attacks an application or system. There
are many types of malicious code that can cause damage to targeted systems, among them viruses, worms, trojans, and
logic bombs.

Ransomware is a type of malware that typically encrypts victims’ files and holds them ransom until a payment is made
to an account controlled by the attacker. When the victim pays, the attacker usually (but not always) provides the secret
key needed to decrypt the files.

History:
• Jigsaw
• Locky
• Petya

10/12/2022 VIBERNETS STREAMING 12

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Preventing Threats
1. Train your staff.

One of the most common ways cybercriminals get access to your data is through your employees. They’ll send
fraudulent emails impersonating someone in your organization and will either ask for personal details or for access to
certain files. Links often seem legitimate to an untrained eye and it’s easy to fall into the trap. This is why employee
awareness is vital.

2. Keep your software and systems fully up to date.

Often cyber-attacks happen because your systems or software aren’t fully up to date, leaving weaknesses. So
cybercriminals exploit these weaknesses to gain access to your network. Once they are in – it’s often too late to take
preventative action. To counteract this, it’s smart to invest in a patch management system that will manage all software
and system updates, keeping your system resilient and up to date.

3. Ensure Endpoint Protection.

Endpoint protection protects networks that are remotely bridged to devices. Mobile devices, tablets and laptops that are
connected to corporate networks give access paths to security threats. These paths need protected with specific
endpoint protection software.

10/12/2022 VIBERNETS STREAMING 13

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Preventing Threats
4. Install a Firewall

Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber attack. A
firewall system will block any brute force attacks made on your network and/or systems before it can do any damage,
something we can help you with.

5. Backup your data

In the event of a disaster (often a cyber attack) you must have your data backed up to avoid serious downtime, loss of
data and serious financial loss.

6. Control access to your systems

Somebody can simply walk into your office or enterprise and plug in a USB key containing infected files into one of your
computers allowing them access to your entire network or infect it. It’s essential to control who has access to your
computers. Having a perimeter security system installed is a very good way to stop cybercrime as much as break-ins!

10/12/2022 VIBERNETS STREAMING 14

VIBERNETS STREAMING
4.1 Cyber Threats and Attacks

Preventing Threats
7. Wi-Fi Security

Securing your Wi-Fi networks and hiding them is one of the safest things you can do for your systems. With wireless
technology developing more and more every day there are thousands of devices that can connect to your network and
compromise you.

8. Employee personal accounts

Every employee needs their own login for every application and program. Several users connecting under the same
credentials can put your business at risk.

9. Access Management

Having managed admin rights and blocking your staff from installing or even accessing certain data on your network is
beneficial to your security. It’s your business, protect it!

10. Passwords

Having different passwords set up for every application you use is a real benefit to your security, and changing them
often will maintain a high level of protection against external and internal threats.

10/12/2022 VIBERNETS STREAMING 15

VIBERNETS STREAMING
 4.2 Network Security Infrastructure

On-Premises Data Centers

A company can either hire a third party to manage its data center or buy its own facility. The data center will likely be
constructed on the property if it is owned. Data centers require a dedicated facility with adequate power, cooling,
security, and redundancy systems.

Heating, Ventilation and Air Conditioning (HVAC)

• Equipment with a high density and equipment in enclosed locations need sufficient cooling and airflow.
• Data center HVAC units are designed to maintain optimum heat and humidity levels for computers. Humidity levels
of 40 to 55% are recommended. A commonly recommended “set point” temperature range for a data center is 68 to
77°F (20–25°C).

Electricity
Reliable electricity is important for any data center, and finding, building, and designing a site with that in mind is one of
the most important things to do. Electrical problems can cause short-term and long-term power outages, as well as low
and high voltage.

UPS
Uninterruptible Power Supplies (UPSs) provide temporary backup power in the event of a power outage. They may also
“clean” the power, protecting against surges, spikes, and other forms of electrical faults.

10/12/2022 VIBERNETS STREAMING 16

VIBERNETS STREAMING
 4.2 Network Security Infrastructure

On-Premises Data Centers

Generators
Generators are made to provide power for longer periods of time than UPSs, and they will run as long as fuel is
available. On-site fuel storage should be enough to last as long as the generator is expected to work. Refueling plans
need to think about how a disaster will affect the supply and delivery of fuel.

Surge protectors
Surge protectors stop electrical surges from damaging equipment. They have a circuit or fuse that is tripped when there
is a power surge or spike. This cuts off the power or adjusts it to safe levels.

Heat, flame, and smoke detectors

• Heat detectors alert when the temperature exceeds an established safe baseline
• Smoke detectors alert when smoke interrupts the radioactivity or light, lowering or blocking the electric charge
• Flame detectors detect infrared or ultraviolet light emitted in fire.

10/12/2022 VIBERNETS STREAMING 17

VIBERNETS STREAMING
4.2 Network Security Infrastructure

Classes of fire and suppression agents

Class Material Suppression Agent

A wood and paper Water or soda acid

B Liquid (Alcohol, Oil) Halon/halon substitute, CO2,

Flammable gases or soda acid
C Electrical equipment Halon/halon substitute, CO2

D Burning metals Dry powder (e.g. sodium chloride)

K Kitchen fires (oil, grease) Wet chemicals

10/12/2022 VIBERNETS STREAMING 18

VIBERNETS STREAMING
 4.2 Network Security Infrastructure

Cloud
What is Cloud Computing?
Cloud computing is the on-demand delivery of computer power, database storage, applications, and other IT resources.
• Pay-as-you-go Pricing

Traditional Data Center Cloud Data Center

10/12/2022 VIBERNETS STREAMING 19

VIBERNETS STREAMING
4.2 Network Security Infrastructure

Deployment Models of the Cloud

1. Private Cloud
• Used by a single organization, not exposed to the public
• Complete control
• Security for sensitive applications

2. Public Cloud
• Owned and operated by a third-party cloud service provider delivered over the internet.

3. Hybrid Cloud
• Keep some servers on premises and extend some capabilities to the cloud.
• Control over sensitive assets in your private infrastructure

10/12/2022 VIBERNETS STREAMING 20

VIBERNETS STREAMING
4.2 Network Security Infrastructure

Types of Cloud Computing

1. Infrastructure as a Service (IaaS)
• Resources are available as a service
• Services are highly scalable
• Dynamic and flexible
• GUI and API-based access
• Automated administrative tasks Eg: Amazon EC2, Rackspace, Digital Ocean

2. Platform as a Service (PaaS)

• Accessible to various users via the same development application.
• Integrates with web services and databases.
• Builds on virtualization technology, so resources can easily be scaled up or down as per the organization's need.
• Support multiple languages and frameworks.
• Provides an ability to "Auto-scale". Eg: AWS Elastic Beanstalk

3. Software as a Service (SaaS)

• Managed from a central location
• Hosted on a remote server
• Accessible over the internet
• Users are not responsible for hardware and software updates. Updates are applied automatically.
• The services are purchased on the pay-as-per-use basis Eg: Many AWS services
10/12/2022 VIBERNETS STREAMING 21
VIBERNETS STREAMING
1.1 Security Concepts

Defense in Depth
When developing an organization's security posture, defense in depth uses a layered approach.

Eg:
•Data: Encryption, data leak prevention, identity and access management and data controls.

•Application: Data leak prevention, Application firewalls and Database monitors.

•Host: Antivirus, Endpoint Firewall, Configuration and patch management.

•Internal network: IDS/IPS, Internal firewalls and network access controls.

•Perimeter: Gateway firewalls, honeypots, malware analysis and secure demilitarized zones (DMZs).

•Physical: Controls that provide a physical barrier, such as locks, walls or access control.

•Policies, procedures and awareness: Administrative controls that reduce insider threats (intentional and
unintentional) and identify risks as soon as they appear.

10/12/2022 VIBERNETS STREAMING 22

VIBERNETS STREAMING
Chapter 04 - Summary

1. What is a type of malware that encrypts files and demands payment for the decryption code?
A. APT
B. Ransomware
C. Phishing
D. Denial of Service

2. What is the recommended agent for extinguishing a kitchen grease fire?

A. Dry powder
B. Soda acid
C. Wet powder
D. Wet chemical

3. What class of fire suppression should be used against oil or gas fires?
A. Class A
B. Class B
C. Class C
D. Class D
10/12/2022 VIBERNETS STREAMING 23
VIBERNETS STREAMING
Chapter 04 - Summary

4. What is a critical part of physical security?

A. Guard dogs
B. Layered access control
C. Fences
D. CCTV

5. Which cloud deployment methodology only serves one organization?

A. Public
B. Private
C. Hybrid

6. Microsoft Office365 is an example of which type of cloud service model?

A. Clouds as a Service
B. Infrastructure as a Service
C. Software as a Service
D. Platform as a Service

10/12/2022 VIBERNETS STREAMING 24

VIBERNETS STREAMING
 Thank you

Wenura Mendis @Vibernets Streaming

1. Study CCNA,CCNP & Linux with Vibernets:

https://www.facebook.com/vibernets/

2. Join Our Study Group:

https://www.facebook.com/groups/ccnastudygroup/

3. Vibernets Streaming Page:

https://www.facebook.com/vibernetsstreaming/

4. Telegram - Meet Wenura - https://t.me/meetwenura

5. Linkedin - https://www.linkedin.com/in/wenuragayan/

8/05/20XX VIBERNETS STREAMING 25