Intruders in Network Security

Download as pdf or txt
Download as pdf or txt
You are on page 1of 9

Intruders in Network Security

In network security, “intruders” are unauthorized individuals or entities who want to obtain access
to a network or system to breach its security. Intruders can range from inexperienced hackers to
professional and organized cyber criminals. In this article, we will discuss everything about
intruders.

What are Intruders in Network Security?

Intruders are often referred to as hackers and are the most harmful factors contributing to security
vulnerability. They have immense knowledge and an in-depth understanding of technology and
security. Intruders breach the privacy of users and aim to steal the confidential information of the
users. The stolen information is then sold to third parties, aiming to misuse it for personal or
professional gains.

Types of Intruders

• Masquerader: The category of individuals that are not authorized to use the system but still
exploit users’ privacy and confidential information by possessing techniques that give them
control over the system, such category of intruders is referred to as Masquerader.
Masqueraders are outsiders and hence they don’t have direct access to the system, they
aim to attack unethically to steal data.

• Misfeasor: The category of individuals that are authorized to use the system, but misuse
the granted access and privilege. These are individuals that take undue advantage of the
permissions and access given to them, such category of intruders is referred to as
Misfeasor. Misfeasors are insiders and they have direct access to the system, which they
aim to attack unethically for stealing data/ information.

• Clandestine User: The category of individuals who have supervision/administrative control


over the system and misuse the authoritative power given to them. The misconduct of
power is often done by superlative authorities for financial gains, such a category of
intruders is referred to as Clandestine Users. A Clandestine User can be any of the two,
insiders or outsiders, and accordingly, they can have direct/ indirect access to the system,
which they aim to attack unethically by stealing data/ information.

Keeping Intruders Away

• Access Control: Implement strong authentication mechanisms, such as two-factor


authentication (2FA) or multi-factor authentication (MFA). Regularly review and update user
access permissions to ensure they align with job roles and responsibilities.

• Network Segmentation: Divide your network into segments to limit lateral movement for
intruders. For example, separate guest Wi-Fi from internal networks.
Use firewalls and access control lists (ACLs) to restrict communication between segments.

• Regular Patching: Keep software, operating systems, and applications up to date. Patch
known vulnerabilities promptly. Monitor security advisories and apply patches as soon as
they are released.
• Intrusion Detection and Prevention Systems (IDPS): Deploy Intrusion
Detection and Prevention Systems (IDPS) solutions to detect and prevent suspicious
activities. Set up alerts for any unauthorized access attempts.

• Security Awareness Training: Educate employees about phishing, social engineering, and
safe online practices. Regularly conduct security awareness sessions.

• Encryption: Encrypt sensitive data in transit (using protocols like HTTPS) and at rest (using
encryption algorithms). Use strong encryption keys and rotate them periodically.

Different Ways Adopted by Intruders

• Regressively try all short passwords that may open the system for them.

• Try unlocking the system with default passwords, which will open the system if the user has
not made any change to the default password.

• Try unlocking the system by personal information of the user such as their name, family
member names, address, and phone number in different combinations.

• Making use of a Trojan horse for getting access to the system of the user.

• Attacking the connection of the host and remote user and getting entry through their
connection gateway.

• Trying all the applicable information, relevant to the user such as plate numbers, room
numbers, and locality info.

How to Protect from Intruders?

• By being aware of all the security measures that help us to protect ourselves from Intruders.

• By increasing the security and strengthening the security of the system.

• In case of any attack, first, reach out to cyber security experts for a solution to this type of
attack.

• Try to avoid becoming a survivor of cybercrime.

Conclusion

In Conclusion Intruder is a unauthorized person or entity that tries to access the system without the
permission. Understanding the different types of invaders and applying strong security measures
like access controls, network segmentation, frequent patching, IDPS, security awareness training,
and encryption may successfully protect systems and data from unauthorized access and cyber
threats.
Methods to Manage Password
There are a lot of good practices that we can follow to generate a strong password and also the
ways to manage them.

• Strong and long passwords: A minimum length of 8 to 12 characters long, also it should
contain at least three different character sets (e.g., uppercase characters, lowercase
characters, numbers, or symbols).

• Password Encryption: Using irreversible end-to-end encryption is recommended. In this


way, the password remains safe even if it ends up in the hands of cybercriminals.

• Multi-factor Authentication (MFA): Adding MFA layer as some security questions and a
phone number that would be used to confirm that it is indeed you who is trying to log in will
enhance the security of your password.

• Make the password pass the test: Yes, put your password through some testing tools that
you might find online in order to ensure that it falls under the strong and safe password
category.

• Avoid updating passwords frequently: Though it is advised or even made mandatory to


update or change your password. as frequently as in 60 or 90 days.

Introduction of Firewall in Computer Network


In the world of computer networks, a firewall acts like a security guard. Its job is to watch over the
flow of information between your computer or network and the internet. It’s designed to block
unauthorized access while allowing safe data to pass through.

Essentially, a firewall helps keep your digital world safe from unwanted visitors and potential
threats, making it an essential part of today’s connected environment. It monitors both incoming
and outgoing traffic using a predefined set of security to detect and prevent threats.

What is Firewall?

A firewall is a network security device, either hardware or software-based, which monitors all
incoming and outgoing traffic and based on a defined set of security rules accepts, rejects, or drops
that specific traffic.

• Accept: allow the traffic

• Reject: block the traffic but reply with an “unreachable error”

• Drop: block the traffic with no reply


A firewall is a type of network security device that filters incoming and outgoing network traffic with
security policies that have previously been set up inside an organization. A firewall is essentially the
wall that separates a private internal network from the open Internet at its very basic level.

History and Need For Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on
routers. ACLs are rules that determine whether network access should be granted or denied to
specific IP address. But ACLs cannot determine the nature of the packet it is blocking. Also, ACL
alone does not have the capacity to keep threats out of the network. Hence, the Firewall was
introduced. Connectivity to the Internet is no longer optional for organizations. However, accessing
the Internet provides benefits to the organization; it also enables the outside world to interact with
the internal network of the organization. This creates a threat to the organization. In order to secure
the internal network from unauthorized traffic, we need a Firewall.

Working of Firewall

Firewall match the network traffic against the rule set defined in its table. Once the rule is matched,
associate action is applied to the network traffic. For example, Rules are defined as any employee
from Human Resources department cannot access the data from code server and at the same time
another rule is defined like system administrator can access the data from both Human Resource
and technical department. Rules can be defined on the firewall based on the necessity and security
policies of the organization. From the perspective of a server, network traffic can be either outgoing
or incoming.

Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated
from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is always better in order
to achieve more security and prevent unwanted communication. Incoming traffic is treated
differently. Most traffic which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and destination address. Also,
TCP and UDP have port numbers. ICMP uses type code instead of port number which identifies
purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For this
reason, the firewall must always have a default policy. Default policy only consists of action
(accept, reject or drop). Suppose no rule is defined about SSH connection to the server on the
firewall. So, it will follow the default policy. If default policy on the firewall is set to accept, then any
computer outside of your office can establish an SSH connection to the server. Therefore, setting
default policy as drop (or reject) is always a good practice.

Functions of Firewall

• Every piece of data that enters or leaves a computer network must go via the firewall.

• If the data packets are safely routed via the firewall, all of the important data remains intact.

• A firewall logs each data packet that passes through it, enabling the user to keep track of all
network activities.

• Since the data is stored safely inside the data packets, it cannot be altered.

• Every attempt for access to our operating system is examined by our firewall, which also
blocks traffic from unidentified or undesired sources.

Importance of Firewalls

So, what does a firewall do and why is it important? Without protection, networks are vulnerable to
any traffic trying to access your systems, whether it’s harmful or not. That’s why it’s crucial to check
all network traffic.

When you connect personal computers to other IT systems or the internet, it opens up many
benefits like collaboration, resource sharing, and creativity. But it also exposes your network and
devices to risks like hacking, identity theft, malware, and online fraud.

Once a malicious person finds your network, they can easily access and threaten it, especially with
constant internet connections.

Using a firewall is essential for proactive protection against these risks. It helps users shield their
networks from the worst dangers.

What Does Firewall Security Do?

A firewall serves as a security barrier for a network, narrowing the attack surface to a single point of
contact. Instead of every device on a network being exposed to the internet, all traffic must first go
through the firewall. This way, the firewall can filter and block non-permitted traffic, whether it’s
coming in or going out. Additionally, firewalls help create a record of attempted connections,
improving security awareness.

What Can Firewalls Protect Against?

• Infiltration by Malicious Actors: Firewalls can block suspicious connections, preventing


eavesdropping and advanced persistent threats (APTs).

• Parental Controls: Parents can use firewalls to block their children from accessing explicit
web content.

• Workplace Web Browsing Restrictions: Employers can restrict employees from using the
company network to access certain services and websites, like social media.
• Nationally Controlled Intranet: Governments can block access to certain web content and
services that conflict with national policies or values.

By allowing network owners to set specific rules, firewalls offer customizable protection for various
scenarios, enhancing overall network security.

Advantages of Using Firewall

• Protection From Unauthorized Access: Firewalls can be set up to restrict incoming traffic
from particular IP addresses or networks, preventing hackers or other malicious actors from
easily accessing a network or system. Protection from unwanted access.

• Prevention of Malware and Other Threats: Malware and other threat prevention: Firewalls
can be set up to block traffic linked to known malware or other security concerns, assisting
in the defense against these kinds of attacks.

• Control of Network Access: By limiting access to specified individuals or groups for


particular servers or applications, firewalls can be used to restrict access to particular
network resources or services.

• Monitoring of Network Activity: Firewalls can be set up to record and keep track of all
network activity.

• Regulation Compliance: Many industries are bound by rules that demand the usage of
firewalls or other security measures.

• Network Segmentation: By using firewalls to split up a bigger network into smaller


subnets, the attack surface is reduced and the security level is raised.

Disadvantages of Using Firewall

• Complexity: Setting up and keeping up a firewall can be time-consuming and difficult,


especially for bigger networks or companies with a wide variety of users and devices.

• Limited Visibility: Firewalls may not be able to identify or stop security risks that operate at
other levels, such as the application or endpoint level, because they can only observe and
manage traffic at the network level.

• False Sense of Security: Some businesses may place an excessive amount of reliance on
their firewall and disregard other crucial security measures like endpoint security or
intrusion detection systems.

• Limited adaptability: Because firewalls are frequently rule-based, they might not be able
to respond to fresh security threats.

• Performance Impact: Network performance can be significantly impacted by firewalls,


particularly if they are set up to analyze or manage a lot of traffic.

• Limited Scalability: Because firewalls are only able to secure one network, businesses that
have several networks must deploy many firewalls, which can be expensive.
• Limited VPN support: Some firewalls might not allow complex VPN features like split
tunneling, which could restrict the experience of a remote worker.

• Cost: Purchasing many devices or add-on features for a firewall system can be expensive,
especially for businesses.

Conclusion

In conclusion, firewalls play a crucial role in safeguarding computers and networks. By monitoring
and controlling incoming and outgoing data, they help prevent unauthorized access and protect
against cyber threats. Using a firewall is a smart way to enhance security and ensure a safer online
experience for users and organizations alike.

VIRUSES AND RELATED THREATS


Perhaps the most sophisticated types of threats to computer systems are presented by programs
that exploit vulnerabilities in computing systems.

1. Malicious Programs

Malicious software can be divided into two categories: those that need a host program, and those
that are independent.

The former are essentially fragments of programs that cannot exist independently of some actual
application program, utility, or system program. Viruses, logic bombs, and backdoors are examples.
The latter are self-contained programs that can be scheduled and run by the operating system.
Worms and zombie programs are examples.

2. The Nature of Viruses

A virus is a piece of software that can "infect" other programs by modifying them; the modification
includes a copy of the virus program, which can then go on to infect other programs.

A virus can do anything that other programs do. The only difference is that it attaches itself to
another program and executes secretly when the host program is run. Once a virus is executing, it
can perform any function, such as erasing files and programs.

During its lifetime, a typical virus goes through the following four phases:

· Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as
a date, the presence of another program or file, or the capacity of the disk exceeding some limit.
Not all viruses have this stage.
· Propagation phase: The virus places an identical copy of itself into other programs or into
certain system areas on the disk. Each infected program will now contain a clone of the virus, which
will itself enter a propagation phase.

· Triggering phase: The virus is activated to perform the function for which it was intended. As
with the dormant phase, the triggering phase can be caused by a variety of system events, including
a count of the number of times that this copy of the virus has made copies of itself.

· Execution phase: The function is performed. The function may be harmless, such as
a message on the screen, or damaging, such as the destruction of programs and data files.

3. Virus Structure

A virus can be prepended or postpended to an executable program, or it can be embedded in some


other fashion. The key to its operation is that the infected program, when invoked, will first execute
the virus code and then execute the original code of the program.

An infected program begins with the virus code and works as follows:

The first line of code is a jump to the main virus program. The second line is a special marker that is
used by the virus to determine whether or not a potential victim program has already been infected
with this virus.

When the program is invoked, control is immediately transferred to the main virus program. The
virus program first seeks out uninfected executable files and infects them. Next, the virus may
perform some action, usually detrimental to the system.

This action could be performed every time the program is invoked, or it could be a logic bomb that
triggers only under certain conditions.

Finally, the virus transfers control to the original program. If the infection phase of the program is
reasonably rapid, a user is unlikely to notice any difference between the execution of an infected
and uninfected program.

A virus such as the one just described is easily detected because an infected version of a program
is longer than the corresponding uninfected one. A way to thwart such a simple means of detecting
a virus is to compress the executable file so that both the infected and uninfected versions are of
identical length. The key lines in this virus are numbered. We assume that program P 1 is infected
with the virus CV. When this program is invoked, control passes to its virus, which performs the
following steps:

1. For each uninfected file P2 that is found, the virus first compresses that file to produce P'2,
which is shorter than the original program by the size of the virus.

2. A copy of the virus is prepended to the compressed program.

3. The compressed version of the original infected program, P'1, is uncompressed.

4. The uncompressed original program is executed.


In this example, the virus does nothing other than propagate. As in the previous example, the virus
may include a logic bomb.

4. Initial Infection

Once a virus has gained entry to a system by infecting a single program, it is in a position to infect
some or all other executable files on that system when the infected program executes. Thus, viral
infection can be completely prevented by preventing the virus from gaining entry in the first place.
Unfortunately, prevention is extraordinarily difficult because a virus can be part of any program
outside a system. Thus, unless one is content to take an absolutely bare piece of iron and write all
one's own system and application programs, one is vulnerable.

You might also like