13/01/2016

UNIT 4
WIRELESS TECHNOLOGY

1
Prepared by : Zuraiti Bt Che Amat

OUTCOMES 1
At the end of this subtopic, student should be able to:
Define wireless technologies.

Describe the advantages and limitations of the

wireless technology.
Define types of wireless networks and their
boundary.

Prepared by : Zuraiti Bt Che Amat

1
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

5.1 Know wireless technology

Prepared by : Zuraiti Bt Che Amat

2
 13/01/2016

What is wireless?

1 Transmission of information between hosts with

less cables.

Use electromagnetic waves to carry

2 information between devices.

An electromagnetic wave is the same medium

3 that carries radio signals through the air.

Prepared by : Zuraiti Bt Che Amat

Wireless
Devices :

Infrared (IR)
Bluetooth
Radio Frequency
(RF) / Wi-fi

Prepared by : Zuraiti Bt Che Amat

3
 13/01/2016

Relatively low energy and cannot penetrate through

Infrared (IR) walls or other obstacles and generally used for
short-range, line-of-sight communications

IR only allows a one-to-one type of connection.

Commonly used to connect and move data between devices

such as PDAs and PCs, remote control devices, wireless mice
and wireless keyboards.

However, it is possible to reflect the IR signal off objects to

extend the range.

Prepared by : Zuraiti Bt Che Amat

It is limited to low-speed, short-range

communications, but has the advantage of
Bluetooth

communicating with many devices at the same time.

Is a technology that makes use of the 2.4 GHz band.

This one-to-many communications.

Bluetooth technology the preferred method over IR for

connecting computer peripherals such as mouse, keyboards and
printers.

Prepared by : Zuraiti Bt Che Amat

4
 13/01/2016

Radio Frequency (RF)

RF waves can penetrate through walls and other
obstacles, allowing a much greater range than IR.

Certain areas of the RF bands have been set aside for use by
unlicensed devices such as wireless LANs, cordless phones
and computer peripherals.

This includes the 900 MHz, 2.4 GHz, and the 5 GHz
frequency ranges.

These ranges are known as the Industrial Scientific and Medical

(ISM) bands and can be used with very few restrictions.

Prepared by : Zuraiti Bt Che Amat

Self Reflection Activity

Prepared by : Zuraiti Bt Che Amat

5
 13/01/2016

BENEFITS of Wireless Technology

1 Mobility – Allow for easy connection of both stationary and mobile clients.

2 Cost Saving - Equipment costs continue to fall as the technology matures.

Reduce installation time – installation of a single piece of equipment can

3 provide for the large number of people.

Scalability – can be easily expanded to allow more user to connect and to

4 increase the coverage area.

5 Flexibility – provide anytime, anywhere connectivity.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

6
 13/01/2016

LIMITATIONS of Wireless Technology

1 Interference – susceptible to interference from other devices that produce

electromagnetic energies.

Network and data security – it can provide an unprotected entrance

2 into the networks.

Speed – Does not currently provide the speed of reliability or wired

3 LAN.

Scalability – because it can be easily expanded to allow more user to

4 connect, it cause the overload and congestion in the network.

Prepared by : Zuraiti Bt Che Amat

5.1.3 Types of Wireless Networks and

Their Boundaries

 Wireless networks do not have precisely defined

boundaries. The range of wireless transmissions
can vary due to many factors.
 Fluctuations in temperature and humidity can
greatly alter the coverage of wireless networks.
 Obstacles within the wireless environment can
also affect the range.

Prepared by : Zuraiti Bt Che Amat

7
 13/01/2016

WPAN
(Wireless Personal Area Network)

WIRELESS
NETWORKS WLAN
(Wireless Local Area Network)

WWAN
(Wireless Wide Area Network)

Prepared by : Zuraiti Bt Che Amat

• WWAN networks provide

WWAN coverage over extremely large

areas.
• A good example of a WWAN is
the cell phone network.

• use RF technology and conform

WLAN to the IEEE 802.11 standards.

• allow many users to connect to a
wired network through a device
known as an Access Point (AP).

• smallest wireless network used

WPAN to connect various peripheral

devices.
• mouse, keyboards and PDAs to a
computer

Prepared by : Zuraiti Bt Che Amat

8
 13/01/2016

Summary

Prepared by : Zuraiti Bt Che Amat

Self Reflection Activity

Categorize each given scenario as a WPAN, WLAN
and WWAN.

Prepared by : Zuraiti Bt Che Amat

9
 13/01/2016

Self Reflection Outcomes 1 :

Could you please :
Define wireless technologies.

Describe the advantages and limitations of the

wireless technology.
Define types of wireless networks and their
boundary.

Prepared by : Zuraiti Bt Che Amat

OUTCOMES 2
At the end of this subtopic, student should be able to
define the characteristics of wireless transmission :
1) Signal Propagation (Penyebaran isyarat)
2) Signal Degradation (Penurunan isyarat)
3) Antenna
4) Narrowband, broadband and spread spectrum signals
5) Fixed and mobile wireless communication

Prepared by : Zuraiti Bt Che Amat

10
 13/01/2016

1. Signal propagation
 A wireless signal would travel directly in a straight line from
its transmitter to its intended receiver.
 This type of propagation, known as LOS (line-of-sight), uses
the least amount of energy and results in the reception of the
clearest possible signal.
 When an obstacle stands in a signal’s way, the signal may pass
through the object or be absorbed by the object, or it may be
subject to any of the following phenomena : reflection,
diffraction or scattering.

Prepared by : Zuraiti Bt Che Amat

Reflection

Signal
Diffraction
Propagation

Scattering
Prepared by : Zuraiti Bt Che Amat

11
 13/01/2016

Phenomena 1 : Reflection (Pantulan)

 The wave encounters an obstacle and reflects - or
bounces back - toward its source.
 A wireless signal will bounce off objects whose
dimensions are large compared to the signal’s average
wavelength.
 In the context of a wireless LAN, which may use
signals with wavelengths between one and 10
meters, such objects include walls, floors, ceilings,
and the Earth.
 In addition, signals reflect more readily off
conductive materials, like metal, than insulators, like
concrete. Prepared by : Zuraiti Bt Che Amat

Phenomena 2 : Diffraction (Pembelauan)

 In diffraction, a wireless signal splits into
secondary waves when it encounters an
obstruction.
 The secondary waves continue to propagate in
the direction in which they were split.
 If you could see wireless signals being diffracted,
they would appear to be bending around the
obstacle.
 Objects with sharp edges - including the corners
of walls and desks - cause diffraction.
Prepared by : Zuraiti Bt Che Amat

12
 13/01/2016

Phenomena 3 : Scattering (Berselerak)

 Scattering is the diffusion, or the reflection in
multiple different directions, of a signal.
 Scattering occurs when a wireless signal encounters
an object that has small dimensions compared to the
signal’s wavelength.
 Scattering is also related to the roughness of the
surface a wireless signal encounters. The rougher the
surface, the more likely a signal is to scatter when it
hits that surface.
 In an office building, objects such as chairs, books,
and computers cause scattering of wireless LAN
signals. For signals traveling outdoors, rain, mist,
hail, and snow may all cause scattering.
Prepared by : Zuraiti Bt Che Amat

 Because of reflection, diffraction, and scattering,

wireless signals follow a number of different
paths to their destination. Such signals are known
as multipath signals.
 Figure below illustrates multipath signals caused
by these three phenomena.

Prepared by : Zuraiti Bt Che Amat

13
 13/01/2016

Figure 3-39: Multipath signal propagation Network+ Guide to Networks, 4e

Prepared by : Zuraiti Bt Che Amat

Self Reflection Activity

Prepared by : Zuraiti Bt Che Amat

14
 13/01/2016

ii.

i.

iii.

Prepared by : Zuraiti Bt Che Amat

2. Signal degradation
 When they do, the original signal issued by the transmitter
will experience fading, or a change in signal strength as a
result of some of the electromagnetic energy being
scattered, reflected, or diffracted after being issued by the
transmitter.
 Because of fading, the strength of the signal that reaches the
receiver is lower than the transmitted signal’s strength.
 This makes sense because as more waves are reflected,
diffracted, or scattered by obstacles, fewer are likely to reach
their destination.

Prepared by : Zuraiti Bt Che Amat

15
 13/01/2016

 Attenuation is not the most severe flaw affecting

wireless signals.
 Wireless signals are also susceptible to noise
(more often called electromagnetic interference
or simply, interference, in the context of wireless
communications).
 Interference is a significant problem for wireless
communications because the atmosphere is
saturated with electromagnetic waves.

Prepared by : Zuraiti Bt Che Amat

 For example, wireless LANs may be affected by cellular

phones, mobile phones, or overhead lights.
 Interference can distort and weaken a wireless signal in the
same way that noise distorts and weakens a wired signal.
 However, because wireless signals cannot depend on a
conduit or shielding to protect them from extraneous EMI,
they are more vulnerable to noise.
 The extent of interference that a wireless signal
experiences depends partly on the density of signals within
a geographical area. Signals traveling through areas in
which many wireless communications systems are in use—
for example, the center of a metropolitan area—are the
most apt to suffer interference.
Prepared by : Zuraiti Bt Che Amat

16
 13/01/2016

4. Narrowband, broadband and spread

spectrum signals.
 Narrowband : A transmitter concentrates the signal energy at a
single frequency or in a very small range of frequencies.
 Broadband : Uses a relatively wide band of the wireless
spectrum. Broadband technologies, as a result of their wider
frequency bands, offer higher throughputs than narrowband
technologies.
 Spread-spectrum : The use of multiple frequencies to transmit
a signal is known as spread-spectrum technology (because the
signal is spread out over the Wireless spectrum).

Prepared by : Zuraiti Bt Che Amat

 In other words, a signal never stays continuously

within one frequency range during its transmission.
 One result of spreading a signal over a wide
frequency band is that it requires less power per
frequency than narrowband signaling.
 This distribution of signal strength makes spread-
spectrum signals less likely to interfere with
narrowband signals traveling in the same frequency
band.

Prepared by : Zuraiti Bt Che Amat

17
 13/01/2016

Fixed and mobile wireless communication

Wireless
Communication

Prepared by : Zuraiti Bt Che Amat

Fixed VS Mobile?
 In fixed wireless systems, the locations of the transmitter and
receiver do not move. The transmitting antenna focuses its
energy directly toward the receiving antenna. This results in a
point-to-point link.
 One advantage of fixed wireless is that because the receiver’s
location is predictable, energy need not be wasted issuing signals
across a large geographical area. Thus, more energy can be used
for the signal.
 Fixed wireless links are used in some data and voice applications.
For example, a service provider may obtain data services
through a fixed link with a satellite. In cases in which a long
distance or difficult terrain must be traversed, fixed wireless
links are more economical than cabling. Prepared by : Zuraiti Bt Che Amat

18
 13/01/2016

Fixed VS Mobile?
 However, many types of communications are unsuited to
fixed wireless. For example, a waiter who uses a wireless
handheld computer to transmit orders to the restaurant’s
kitchen could not use a service that requires him to remain
in one spot to send and receive signals. Instead, wireless
LANs, along with cellular telephone, paging, and many
other services use mobile wireless systems.
 In mobile wireless, the receiver can be located anywhere
within the transmitter’s range. This allows the receiver to
roam from one place to another while continuing to pick up
its signal.
Prepared by : Zuraiti Bt Che Amat

OUTCOMES 3
At the end of this subtopic, student should be able to:
 Describe how to avoid WLAN attack using :
a) Limited access to a WLAN
b) Authentication on a WLAN
c) Encryption on a WLAN
d) Traffic Filtering on a WLAN

Prepared by : Zuraiti Bt Che Amat

19
 13/01/2016

Why people attack WLAN?

 With wireless connectivity, the attacker does not
need a physical connection to your computer or any
of your devices to access your network. It is possible
for an attacker to tune into signals from your
wireless network, much like tuning into a radio
station.
 The attacker can access your network from any
location your wireless signal reaches. Once they have
access to your network, they can use your Internet
services for free, as well as access computers on the
network to damage files, or steal personal and
private information.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

20
 13/01/2016

How people attack LAN?

 One easy way to gain entry to a wireless network is
through the network name, or SSID.
 All computers connecting to the wireless network must
know the SSID.
 By default, wireless routers and access points broadcast
SSIDs to all computers within the wireless range. With
SSID broadcast activated, any wireless client can detect the
network and connect to it, if no other security features are
in place.
 The SSID broadcast feature can be turned off. When it is
turned off, the fact that the network is there is no longer
made public. Any computer trying to connect to the
network must already know the SSID.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

21
 13/01/2016

How people attack LAN? (cont.)

 It is important to change the default setting. Wireless devices are shipped
preconfigured with settings such as SSIDs, passwords, and IP addresses
in place. These defaults make it easy for an attacker to identify and
infiltrate a network.
 Even with SSID broadcasting disabled, it is possible for someone to get
into your network using the well-known default SSID. Additionally, if
other default settings, such as passwords and IP addresses are not
changed, attackers can access an AP and make changes themselves.
Default information should be changed to something more secure and
unique.
 These changes, by themselves, will not protect your network. For
example, SSIDs are transmitted in clear text. There are devices that will
intercept wireless signals and read clear text messages. Even with SSID
broadcast turned off and default values changed, attackers can learn the
name of a wireless network through the use of these devices that
intercept wireless signals. This information will be used to connect to
the network. It takes a combination of several methods to protect your
WLAN.
Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

22
 13/01/2016

4 Way to avoid WLAN attack

 using :
a) Limited access to a WLAN
b) Authentication on a WLAN
c) Encryption on a WLAN
d) Traffic Filtering on a WLAN

Prepared by : Zuraiti Bt Che Amat

a. Limited access to WLAN

MAC Address Filtering
 MAC address filtering uses the MAC address to identify which devices
are allowed to connect to the wireless network. When a wireless client
attempts to connect or associate with an AP, it will send MAC address
information.
 If MAC filtering is enabled, the wireless router or AP will look up its
MAC address a preconfigured list. Only devices whose MAC addresses
have been prerecorded in the router's database will be allowed to
connect.
 If the MAC address is not located in the database, the device will not be
allowed to connect to or communicate across the wireless network.
 There are some issues with this type of security.
 For example, it requires the MAC addresses of all devices that should have
access to the network be included in the database before connection
attempts occur. A device that is not identified in the database will not be able
to connect. Additionally, it is possible for an attacker's device to clone the
MAC address of another device that has access.
Prepared by : Zuraiti Bt Che Amat

23
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

24
 13/01/2016

b. Authentication on a WLAN
 Authentication is the process of permitting entry
to a network based on a set of credentials.
 It is used to verify that the device attempting to
connect to the network is trusted.
 The use of a username and password is a most
common form of authentication.
 Authentication, if enabled, must occur before the
client is allowed to connect to the WLAN.
 There are three types of wireless authentication
methods: Open, PSK and EAP.
Prepared by : Zuraiti Bt Che Amat

PSK
Open EAP

AUTHENTICATION
on a WLAN

Prepared by : Zuraiti Bt Che Amat

25
 13/01/2016

Open Authentication
 Open mode allows any device to connect to the wireless
network. By default, wireless devices do not require
authentication. Any and all clients are able to associate
regardless of who they are.
 Open authentication should only be used on public wireless
networks such as those found in many schools and restaurants.
It can also be used on networks where authentication will be
done by other means once connected to the network.
 The major advantage of open mode is its simplicity: Any client
can connect easily and without complex configuration. Open
mode is recommended when there are guests who need to get
onto the network, or more generally, when ease of connectivity
is paramount and access control is not required.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

26
 13/01/2016

Pre-shared keys (PSK)

 In cryptography, a pre-shared key (PSK) is a
shared secret which was previously shared between
the two parties using some secure channel before it
needs to be used.
 It allows anyone who has the key to use the wireless
network.
 PSK performs one-way authentication, that is, the
host authenticates to the AP. PSK does not
authenticate the AP to the host, nor does it
authenticate the actual user of the host.

Prepared by : Zuraiti Bt Che Amat

Cont.
 Though it requires some client-side configuration, a PSK is
relatively easy to configure.
 It can be a good choice when there is a small number of
users or when clients do not support more sophisticated
authentication mechanisms, such as WPA2-Enterprise.
 A deployment based on a PSK does not scale
well, however.
 With a large number of users, it becomes more difficult to
change the PSK, an operation that should be performed
periodically to ensure that the PSK has not been shared
with unwanted users.

Prepared by : Zuraiti Bt Che Amat

27
 13/01/2016

How PSK works ?

 With PSK both the AP and client must be configured
with the same key or secret word.
 The AP sends a random string of bytes to the client.
 The client accepts the string, encrypts it (or
scrambles it) based on the key, and sends it back to
the AP.
 The AP gets the encrypted string and uses its key to
decrypt (or unscramble) it.
 If the decrypted string received from the client
matches the original string sent to the client, the
client is allowed to connect.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

28
 13/01/2016

Extensible Authentication Protocol

(EAP)
 Extensible Authentication Protocol, or EAP, is an authentication
framework frequently used in wireless networks and point-to-
point connections. It is defined in RFC 3748, which made RFC
2284 obsolete, and was updated by RFC 5247.
 EAP provides mutual, or two-way, authentication as well as user
authentication.
 When EAP software is installed on the client, the client
communicates with a backend authentication server such as
Remote Authentication Dial-in User Service (RADIUS). This
backend server functions separately from the AP and maintains
a database of valid users that can access the network.
 When using EAP, the user, not just the host, must provide a
username and password which is checked against the RADIUS
database for validity. If valid, the user is authenticated.

Prepared by : Zuraiti Bt Che Amat

How EAP works:

 In communications using EAP, a user requests connection
to a wireless network through an access point (a station
that transmits and receives data, sometimes known as a
transceiver).
 The access point requests identification (ID) data from the
user and transmits that data to an authentication server.
 The authentication server asks the access point for proof of
the validity of the ID.
 After the access point obtains that verification from the
user and sends it back to the authentication server, the user
is connected to the network as requested.

Prepared by : Zuraiti Bt Che Amat

29
 13/01/2016

 Once authentication is enabled, regardless of the method

used, the client must successfully pass authentication
before it can associate with the AP.
 If both authentication and MAC address filtering are
enabled, authentication occurs first.
 Once authentication is successful, the AP will then check
the MAC address against the MAC address table.
 Once verified, the AP adds the host MAC address into its
host table. The client is then said to be associated with the
AP and can connect to the network.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

30
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

c. Encryption on WLAN
 Authentication and MAC filtering may stop an
attacker from connecting to a wireless network
but it will not prevent them from being able to
intercept transmitted data.
 Encryption is the process of transforming data so
that even if it is intercepted it is unusable.
 2 types of encryptions : WEP & WPA

Prepared by : Zuraiti Bt Che Amat

31
 13/01/2016

2 Types of Encryption

1 WEP

2 WPA

Prepared by : Zuraiti Bt Che Amat

Wired Equivalency Protocol (WEP)

 Wired Equivalency Protocol (WEP) is an advanced security
feature that encrypts network traffic as it travels through the air.
WEP uses pre-configured keys to encrypt and decrypt data.
 A WEP key is entered as a string of numbers and letters and is
generally 64 bits or 128 bits long.
 In some cases, WEP supports 256 bit keys as well. To simplify
creating and entering these keys, many devices include a
Passphrase option.
 The passphrase is an easy way to remember the word or phrase
used to automatically generate a key.
 In order for WEP to function, the AP, as well as every wireless
device allowed to access the network must have the same WEP
key entered. Without this key, devices will not be able to
understand the wireless transmissions.

Prepared by : Zuraiti Bt Che Amat

32
 13/01/2016

 WEP is a great way to prevent attackers from intercepting

data.
 However, there are weaknesses within WEP, including the
use of a static key on all WEP enabled devices.
 There are applications available to attackers that can be
used to discover the WEP key. These applications are
readily available on the Internet. Once the attacker has
extracted the key, they have complete access to all
transmitted information.
 One way to overcome this vulnerability is to change the
key frequently. Another way is to use a more advanced and
secure form of encryption known as Wi-Fi Protected
Access (WPA).

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

33
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Wi-Fi Protected Access (WPA)

 WPA also uses encryption keys from 64 bits up to
256 bits.
 However, WPA, unlike WEP, generates new,
dynamic keys each time a client establishes a
connection with the AP.
 For this reason, WPA is considered more secure
than WEP because it is significantly more difficult
to crack.

Prepared by : Zuraiti Bt Che Amat

34
 13/01/2016

Combination Of Authentication &

Encrytion
 To build a key from shared secret, the key derivation
function should be used. Such systems almost always
use symmetric key cryptographic algorithms.
 The term PSK is used in Wi-Fi encryption such as
Wired Equivalent Privacy (WEP), Wi-Fi Protected
Access (WPA), where the method is called WPA-
PSK or WPA2-PSK, and also in the Extensible
Authentication Protocol (EAP), where it is known as
EAP-PSK.
 In all these cases, both the wireless access points
(AP) and all clients share the same key.

Prepared by : Zuraiti Bt Che Amat

d. Traffic Filtering on a WLAN

 In addition to controlling who can gain access to the
WLAN and who can make use of transmitted data, it
is also worthwhile to control the types of traffic
transmitted across a WLAN. This is accomplished
using traffic filtering.
 Traffic filtering blocks undesirable traffic from
entering or leaving the wireless network.
 Filtering is done by the AP as traffic passes through
it. It can be used to remove traffic from, or destined
to, a specific MAC or IP address.
 It can also block certain applications by port
numbers. Prepared by : Zuraiti Bt Che Amat

35
 13/01/2016

(cont.)
 By removing unwanted, undesirable and suspicious
traffic from the network, more bandwidth is devoted
to the movement of important traffic and improves
the performance of the WLAN.
 For example, traffic filtering can be used to block all
telnet traffic destined for a specific machine, such as
an authentication server.
 Any attempts to telnet into the authentication server
would be considered suspicious and blocked.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

36
 13/01/2016

Summary for subtopic wireless

 What is wireless
 Advantages n limitation
 Types and boundary
 5 Characteristics of wireless transmission
 4 Security of wireless

Prepared by : Zuraiti Bt Che Amat

Understand networking threats

Prepared by : Zuraiti Bt Che Amat

37
 13/01/2016

OUTCOMES 4
At the end of this subtopic, student should be able to:

Describe risks of network intrusion.

Define sources of network intrusion.
Explain social engineering and phishing in
networking.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

38
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

6.1.1 Describe risks of network intrusion.

Intrusion by an unauthorized person can result in costly

network outages and loss of work. Attacks to a network can be
devastating and can result in a loss of time and money due to
damage or theft of important information or assets.

Intruders can gain access to a network through software

vulnerabilities, hardware attacks or even through less high-tech
methods, such as guessing someone's username and password.

Intruders who gain access by modifying software or exploiting

software vulnerabilities are often called hackers.
Prepared by : Zuraiti Bt Che Amat

39
 13/01/2016

Once the hacker gains access to the

network, four types of threat may arise:

1 Information theft

2 Identity theft

3 Data loss / manipulation

4 Disruption of service
Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

40
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

41
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Self Reflection Activity :

Detect types of security for a given scenario.

A B C D E
Identity Theft Disruption of Service Information Theft Data Manipulation Data Loss

Scenario Choice
Stealing an automotive engine design from a competitor.
Obtaining personal information to impersonate another and obtain credit.
Destroying database records on a computer hard drive.
Changing the grade received for a university course from a C to an A in the student
records database.
Overloading a web server to reduce its performance preventing legitimate users
from accessing it.

Prepared by : Zuraiti Bt Che Amat

42
 13/01/2016

6.1.3 Define sources of network intrusion.

 Security threats from network intruders can
come from both internal and external sources.

Internal Source
SOURCE

External Source

Prepared by : Zuraiti Bt Che Amat

Internal Threats VS External Threats

• Internal threats occur when someone has authorized access to the
network through a user account or have physical access to the network
1 equipment.

• The internal attacker knows the internal politics and people.

• They often know what information is both valuable and vulnerable and how
2 to get to it.

• In some cases, an internal threat can come from a trustworthy employee who
picks up a virus or security threat, while outside the company and
3 unknowingly brings it into the internal network.

• Most companies spend considerable resources defending against external

attacks however most threats are from internal sources.
4 • According to the FBI, internal access and misuse of computers systems
account for approximately 70% of reported incidents of security breaches.
Prepared by : Zuraiti Bt Che Amat

43
 13/01/2016

Internal Threats VS External Threats

• External threats arise from individuals
working outside of an organization. They do
not have authorized access to the computer
1 systems or network.

• External attackers work their way into a

network mainly from the Internet,
2 wireless links or dialup access servers.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

44
 13/01/2016

6.1.4 Explain social engineering and

phishing in networking.

One of the easiest ways for an intruder to gain access, whether

internal or external is by exploiting human behavior.

One of the more common methods of exploiting human

weaknesses is called Social Engineering.

Prepared by : Zuraiti Bt Che Amat

Social Engineering
• Social Engineering refers to a collection of techniques used to deceive
internal users into performing specific actions or revealing confidential
1 information.

• With these techniques, the attacker takes advantage of unsuspecting

legitimate users to gain access to internal resources and private
2 information, such as bank account numbers or passwords.

• Three of the most commonly used techniques in social engineering are:

pretexting, phishing, and vishing.
3

Prepared by : Zuraiti Bt Che Amat

45
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Pretexting
Pretexting is a form of social engineering where an invented
scenario (the pretext) is used on a victim in order to get the
victim to release information or perform an action.

The target is typically contacted over the telephone.

For pretexting to be effective, the attacker must be able to
establish legitimacy with the intended target, or victim. This
often requires some prior knowledge or research on the part
of the attacker.
For example, if an attacker knows the target's social security
number, they may use that information to gain the trust of
their target. The target is then more likely to release further
information.
Prepared by : Zuraiti Bt Che Amat

46
 13/01/2016

Phishing
Phishing is a form of social engineering where the phisher
pretends to represent a legitimate outside organization.

They typically contact the target individual (the phishee) via

email.

The phisher might ask for verification of information, such as

passwords or usernames in order prevent some terrible
consequence from occurring.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

47
 13/01/2016

Vishing / Phone Phishing

A new form of social engineering that uses Voice Over IP
(VoIP)

With vishing, an unsuspecting user is sent a voice mail

instructing them to call a number which appears to be a
legitimate telephone-banking service.

The call is then intercepted by a thief. Bank account numbers

or passwords entered over the phone for verification are then
stolen.

Prepared by : Zuraiti Bt Che Amat

6.2 Identify methods of attacks

Prepared by : Zuraiti Bt Che Amat

48
 13/01/2016

OUTCOMES 5
At the end of this subtopic, student should be able to:
Describe Viruses, Worms and Trojan Horses.
Explain denial of service and brute force attacks.
Differentiate Spyware, Tracking Cookies, Adware
and Pop-up.
Describe Spam.

Prepared by : Zuraiti Bt Che Amat

-Virus
Exploit the vulnerabilities -Worm
in computer software. - Trojan horse

Goal of an attacker is to shut

down the normal operations of
a network.
- Dos
This type of attack is usually
Method carried out with the intent to
- Brute Force Attack

of attacks disrupt the functions of an

organization

Collect information about - Spyware

- Adware
users which can be used for - Tracking Cookies
advertising, marketing and - Pop Up / Pop Under
research purposes. - Spam

Prepared by : Zuraiti Bt Che Amat

49
 13/01/2016

6.2.1 Describe Viruses, Worms &

Trojan Horses
 In addition to social engineering, there are other
types of attacks which exploit the vulnerabilities
in computer software.
 Examples of these attack techniques include:
viruses, worms and trojan horses. All of these are
types of malicious software introduced onto a
host.

Prepared by : Zuraiti Bt Che Amat

Viruses
1 A virus is a program that runs and spreads by modifying other programs or
files. A virus cannot start by itself; it needs to be activated.

Once activated, a virus may do nothing more than replicate

2 itself and spread.

Though simple, even this type of virus is dangerous as it can quickly

3 use all available memory and bring a system to a halt.

A more serious virus may be programmed to delete or corrupt

4 specific files before spreading.

Viruses can be transmitted via email attachments, downloaded files,

5 instant messages or via diskette, CD or USB devices.

Prepared by : Zuraiti Bt Che Amat

50
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Worms
A worm is similar to a virus, but unlike a virus does not need
1 to attach itself to an existing program.

A worm uses the network to send copies of itself

2 to any connected hosts.

Worms can run independently and spread quickly. They

3 do not necessarily require activation or human
intervention.
Self-spreading network worms can have a much greater
4 impact than a single virus and can infect large parts of the
Internet quickly.
Prepared by : Zuraiti Bt Che Amat

51
 13/01/2016

Trojan Horses
1 A Trojan horse is a non-self replicating program that is written to
appear like a legitimate program, when in fact it is an attack tool.

A Trojan horse relies upon its legitimate appearance to

2 deceive the victim into initiating the program.

3 It may be relatively harmless or can contain code that can damage the
contents of the computer's hard drive.

Trojans can also create a back door into a system allowing

4 hackers to gain access.

Prepared by : Zuraiti Bt Che Amat

6.2.1 Identify if the user has been

infected by a Virus, Worm or Trojan
Horses for a given scenario.

Prepared by : Zuraiti Bt Che Amat

52
 13/01/2016

6.2.3 Explain denial of service and

brute force attacks.

 Sometimes the goal of an attacker is to shut down

the normal operations of a network.
 This type of attack is usually carried out with the
intent to disrupt the functions of an organization.

Prepared by : Zuraiti Bt Che Amat

Denial of Service (DoS)

 DoS attacks are aggressive attacks on an
individual computer or groups of computers with
the intent to deny services to intended users.
 DoS attacks can target end user systems, servers,
routers, and network links.
 In general, DoS attacks seek to:
 Flood a system or network with traffic to prevent legitimate
network traffic from flowing
 Disrupt connections between a client and server to prevent
access to a service

Prepared by : Zuraiti Bt Che Amat

53
 13/01/2016

SYN (Synchronous)
Flooding

2 common
DoS attacks

Ping of death

Prepared by : Zuraiti Bt Che Amat

SYN (synchronous) Flooding

 A flood of packets are sent to a server requesting a client
connection. The packets contain invalid source IP
addresses.
 The server becomes occupied trying to respond to these
fake requests and therefore cannot respond to legitimate
ones.

Prepared by : Zuraiti Bt Che Amat

54
 13/01/2016

Ping of death
 A packet that is greater in size than the maximum
allowed by IP (65,535 bytes) is sent to a device.
 This can cause the receiving system to crash.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

55
 13/01/2016

Distributed Denial of Service (DDoS)

 DDoS is a more sophisticated and potentially
damaging form of the DoS attack. It is designed to
saturate and overwhelm network links with useless
data.
 DDoS operates on a much larger scale than DoS
attacks. Typically hundreds or thousands of attack
points attempt to overwhelm a target simultaneously.
 The attack points may be unsuspecting computers
that have been previously infected by the DDoS code.
The systems that are infected with the DDoS code
attack the target site when invoked.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

56
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

57
 13/01/2016

Brute Force
 A Brute force attack is another type of attack that
may result in denial of services.
 With brute force attacks, a fast computer is used
to try to guess passwords or to decipher an
encryption code.
 The attacker tries a large number of possibilities
in rapid succession to gain access or crack the
code.
 Brute force attacks can cause a denial of service
due to excessive traffic to a specific resource or
by locking out user accounts.
Prepared by : Zuraiti Bt Che Amat

6.2.5 Differentiate Spyware, Tracking

Cookies, Adware and Pop-up.
 Not all attacks do damage or prevent legitimate
users from having access to resources.
 Many threats are designed to collect information
about users which can be used for advertising,
marketing and research purposes.
 These include Spyware, Tracking Cookies,
Adware and Popups. While these may not damage
a computer, they invade privacy and can be
annoying.
Prepared by : Zuraiti Bt Che Amat

58
 13/01/2016

Spyware
 Spyware is any program that gathers personal information
from your computer without your permission or
knowledge.
 This information is sent to advertisers or others on the
Internet and can include passwords and account numbers.
 Spyware is usually installed unknowingly when
downloading a file, installing another program or clicking a
popup.
 It can slow down a computer and make changes to internal
settings creating more vulnerabilities for other threats. In
addition, spyware can be very difficult to remove.

Prepared by : Zuraiti Bt Che Amat

Tracking Cookies
 Cookies are a form of spyware but are not always
bad.
 They are used to record information about an
Internet user when they visit websites.
 Cookies may be useful or desirable by allowing
personalization and other time saving techniques.
 Many web sites require that cookies be enabled in
order to allow the user to connect.

Prepared by : Zuraiti Bt Che Amat

59
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Adware
 Adware is a form of spyware used to collect information
about a user based on websites the user visits.
 That information is then used for targeted advertising.
 Adware is commonly installed by a user in exchange for a
"free" product.
 When a user opens a browser window, Adware can start
new browser instances which attempt to advertize
products or services based on a user's surfing practices.
 The unwanted browser windows can open repeatedly, and
can make surfing the Internet very difficult, especially with
slow Internet connections.
 Adware can be very difficult to uninstall.
Prepared by : Zuraiti Bt Che Amat

60
 13/01/2016

Pop up and pop under

 Popups and pop-unders are additional advertising
windows that display when visiting a web site.
 Unlike adware, popups and pop-unders are not
intended to collect information about the user and
are typically associated only with the web-site being
visited.
 They can be annoying and usually advertise products
or services that are undesirable.

Pop ups: open in front of the current browser window.

Pop-unders: open behind the current browser window.
Prepared by : Zuraiti Bt Che Amat

POP UNDER POP UP

Prepared by : Zuraiti Bt Che Amat

61
 13/01/2016

6.2.6 Describe Spam

 Spam is a serious network threat that can
overload ISPs, email servers and individual end-
user systems. A person or organization
responsible for sending spam is called a spammer.
 Spammers often make use of unsecured email
servers to forward email.
 Spammers can use hacking techniques, such as
viruses, worms and Trojan horses to take control
of home computers.

Prepared by : Zuraiti Bt Che Amat

 These computers are then used to send spam without

the owner's knowledge.
 Spam can be sent via email or more recently via
Instant messaging software.
 It is estimated that every user on the Internet
receives over 3,000 spam emails in a year.
 Spam consumes large amounts of Internet bandwidth
and is a serious enough problem that many countries
now have laws governing spam use.

Prepared by : Zuraiti Bt Che Amat

62
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

63
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

6.3 Understand security policy

Prepared by : Zuraiti Bt Che Amat

64
 13/01/2016

OUTCOMES 6
At the end of this subtopic, student should be able to:
Define common security measures.
Identify the importance of updated software and
patches.
Complete update software patches and antivirus
latest patterns.

Prepared by : Zuraiti Bt Che Amat

6.3.1 Define common security

measures.
 A security policy is a formal statement of the
rules that users must adhere to when accessing
technology and information assets.
 Some things to include in a security policy are:
identification and authentication policies,
password policies, acceptable use policies, remote
access policies, and incident handling
procedures.

Prepared by : Zuraiti Bt Che Amat

65
 13/01/2016

 A security policy should be the central point for

how a network is secured, monitored, tested and
improved upon.
 Security procedures implement security policies.
 Procedures define configuration, login, audit, and
maintenance processes for hosts and network
devices.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

66
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

67
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

68
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Security Tools
 Some of the security tools and applications used
in securing a network include:
Software patches and updates
Virus protection
Spyware protection
Spam blockers
Popup blockers
Firewalls

Prepared by : Zuraiti Bt Che Amat

69
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

70
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

71
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

72
 13/01/2016

6.3.2 Identify the importance of

updated Software & Patches
 One of the most common methods that a hacker uses to gain
access to hosts and/or networks is through software
vulnerabilities.
 It is important to keep software applications up-to-date with
the latest security patches and updates to help deter threats. A
patch is a small piece of code that fixes a specific problem. An
update, on the other hand, may include additional functionality
to the software package as well as patches for specific issues.
 OS (operating system, such as Linux, Windows, etc.) and
application vendors continuously provide updates and security
patches that can correct known vulnerabilities in the software.
In addition, vendors often release collections of patches and
updates called service packs.
 Fortunately, many operating systems offer an automatic update
feature that allows OS and applications updates to be
automatically downloaded and installed on a host.
Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

73
 13/01/2016

Antivirus Software (Detecting a virus)

 Some of the signs that a virus, worm or Trojan horse may
be present include:
Computer starts acting abnormally
Program does not respond to mouse and keystrokes
Programs starting or shutting down on their own
Email program begins sending out large quantities of
email
CPU usage is very high
There are unidentifiable, or a large number of
processes running
Computer slows down significantly or crashes
Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

74
 13/01/2016

Anti-virus Software
 Anti-virus software can be used as both a preventative tool and
as a reactive tool. It prevents infection and detects, and
removes, viruses, worms and Trojan horses.
 Some of the features that can be included in Anti-virus
programs are:
 Email checking - Scans incoming and outgoing emails, and
identifies suspicious attachments.
 Resident dynamic scanning - Checks executable files and
documents when they are accessed.
 Scheduled scans -Virus scans can be scheduled to run at regular
intervals and check specific drives or the entire computer.
 Automatic Updates - Checks for, and downloads, known virus
characteristics and patterns. Can be scheduled to check for
updates on a regular basis.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

75
 13/01/2016

Anti Spam
 Spam is not only annoying; it can overload email servers and
potentially carry viruses and other security threats.
 Additionally, Spammers take control of a host by planting code
on it in the form of a virus or a Trojan horse. The host is then
used to send spam mail without the user's knowledge. A
computer infected this way is known as a Spam mill.
 Anti-spam software protects hosts by identifying spam and
performing an action, such as placing it into a junk folder or
deleting it. It can be loaded on a machine locally, but can also be
loaded on email servers.
 Many ISPs offer spam filters. Anti-spam software does not
recognize all spam, so it is important to open email carefully. It
may also accidentally identify wanted email as spam and treat it
as such.

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

76
 13/01/2016

 In addition to using spam blockers, other

preventative actions to prevent the spread of spam
include:
 Apply OS and application updates when available.
 Run an Antivirus program regularly and keep it up to date.
 Do not forward suspect emails.
 Do not open email attachments, especially from people you do not
know.
 Set up rules in your email to delete spam that by-pass the anti-spam
software.
 Identify sources of spam and report it to a network administrator so it
can be blocked.
 Report incidents to the governmental agency that deals with abuse by
spam.
Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

77
 13/01/2016

Anti-Spyware and Adware

 Spyware and adware can also cause virus-like
symptoms. In addition to collecting unauthorized
information, they can use important computer
resources and affect performance.
 Anti-spyware software detects and deletes spyware
applications, as well as prevents future installations
from occurring.
 Many Anti-Spyware applications also include
detection and deletion of cookies and adware. Some
Anti-virus packages include Anti-Spyware
functionality.
Prepared by : Zuraiti Bt Che Amat

Popup Blockers
 Popup stopper software can be installed to
prevent pop ups and pop-unders. Many web
browsers include a popup blocker feature by
default.
 Note that some programs and web pages create
necessary and desirable pop ups. Most popup
blockers offer an override feature for this
purpose.

Prepared by : Zuraiti Bt Che Amat

78
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

79
 13/01/2016

Summary for topic Security

 4 risks of network intrusion
 2 sources of network intrusion
 Social engineering : pretexting, phising, vishing
 3 types of attack method.
 6 security policy

Prepared by : Zuraiti Bt Che Amat

EXERCISES

Prepared by : Zuraiti Bt Che Amat

80
 13/01/2016

1.

Prepared by : Zuraiti Bt Che Amat

2.

Prepared by : Zuraiti Bt Che Amat

81
 13/01/2016

3.

Prepared by : Zuraiti Bt Che Amat

4.

Prepared by : Zuraiti Bt Che Amat

82
 13/01/2016

5.

Prepared by : Zuraiti Bt Che Amat

6.

Prepared by : Zuraiti Bt Che Amat

83
 13/01/2016

SUMMARY

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

84
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

85
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

86
 13/01/2016

EXERCISES

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

87
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

88
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

89
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

90
 13/01/2016

Prepared by : Zuraiti Bt Che Amat

Prepared by : Zuraiti Bt Che Amat

91
 13/01/2016

10

Prepared by : Zuraiti Bt Che Amat

11

Prepared by : Zuraiti Bt Che Amat

92
 13/01/2016

12

Prepared by : Zuraiti Bt Che Amat

93