CHAPTER FOUR

NETWORK SECURITY

BY: SHEWANGIZAW LIULSEGED

Network Security: is the process of taking physical and
software preventative measures to protect the
underlying networking infrastructure from unauthorized
access, misuse, malfunction, modification, destruction, or
improper disclosure, thereby creating a secure platform for
computers, users and programs to perform.
 THREATS IN NETWORKS
What makes a network vulnerable?
Cause Explanation
Anonymity An attacker can mount an attack from thousand of miles away and safe
behind electronic shield.
Many point of attack – both File stored in a network host can be access remotely by any user.
targets and origins Administrator can enforce many policies but one file being transferred
through network, the policies means nothing.

Sharing Because networks enable resource and workload sharing, more user
have the potential to access networked systems.

Complexity of system Operating System is a complicated piece of software but it is not

designed specifically for security.
Unknown perimeter Network have no boundary. Resources on one network are accessible
to the other network as well.
Unknown path Many paths can be used to accessed another host / computer.
 THREATS IN NETWORKS (CONT)
We cannot list who attacks networks but we do know what the
motives of attacking.
Motives Explanation
Challenge Someone skilled in writing or using programs – the single most
significant motivation for a network attacker is the intellectual
challenge. “Can I defeat the network?”
Fame Other attackers seek recognition for their activities. Enjoy the personal
thrill of seeing their attacks written up in the news media.

Money and Espionage Seeking information on company’s product, clients etc. for financial
reward
Ideology Hactivism : operations that use hacking techniques against a target’s
(network) with the intent of disrupting normal operations but not causing
serious damage.
Cyberterrorism : politically motivated hacking operation intended to
cause grave harm such as loss of life or severe economic damage.
 THREATS IN NETWORKS (CONT)
Eavesdrop – implies overhearing without expending any extra effort.
Attacker monitoring all traffic passing through a node.
Wiretap – intercepting communications through some effort.
Passive wiretapping is just "listening," much like
eavesdropping
Active wiretapping means injecting something into the
communication
Someone could replace your communications with his own or
create communications purported to be you.
Works differently depending on communication medium used.
 THREATS IN NETWORKS (CONT)
Impersonation:
Impersonate another person or process
In an impersonation, an attacker has several choices
1. Guess the identity and authentication details of the target.
2. Pick up the identity and authentication details through
eavesdropping or wiretapping.
3. Use the target that will not be authenticated.
4. Use a target whose authentication data are known.
 THREATS IN NETWORKS (CONT)
Spoofing: Guessing or otherwise obtaining the network authentication
credentials of an entity
Examples of spoofing are:
1. masquerading, one host pretends to be another. This variation of this
attack is called phishing
2. session hijacking: intercepting and carrying on a session begun by
another entity. The attacker steals a valid session ID which is used to get
into the system and snoop the data
3. man-in-the-middle attacks: one entity intrudes between two others
Difference between man-in-the-middle and hijacking is that a man-in-
the-middle usually participates from the start of the session, whereas a
session hijacking occurs after a session has been established.
 THREATS IN NETWORKS (CONT)
Denial of Service: Denial-of-Service Attack Unlike a password-based attack, the
denial-of-service attack prevents normal use of your computer or network by valid
users.
After gaining access to your network, the attacker can do any of the following:
Randomize the attention of your internal Information Systems staff so that they do not
see the intrusion immediately, which allows the attacker to make more attacks during
the diversion.
Send invalid data to applications or network services, which causes abnormal
termination or behavior of the applications or services. Flood a computer or the entire
network with traffic until a shutdown occurs because of the overload.
Block traffic, which results in a loss of access to network resources by authorized
 THREATS IN NETWORKS (CONT)
Sniffer Attack: A sniffer is an application or device that can read, monitor,
and capture network data exchanges and read network packets.
If the packets are not encrypted, a sniffer provides a full view of the data
inside the packet. Even encapsulated (tunneled) packets can be broken open
and read unless they are encrypted and the attacker does not have access to
the key.
Using a sniffer, an attacker can do any of the following: Analyze your
network and gain information to eventually cause your network to crash or to
become corrupted. Read your communications.
 THREATS IN NETWORKS (CONT)
Identity Spoofing (IP Address Spoofing): Most networks and
operating systems use the IP address of a computer to identify a
valid entity.
In certain cases, it is possible for an IP address to be falsely
assumed— identity spoofing.
An attacker might also use special programs to construct IP packets
that appear to originate from valid addresses inside the corporate
intranet.
After gaining access to the network with a valid IP address, the
attacker can modify, reroute, or delete your data.
The attacker can also conduct other types of attacks, as described
 CONTROL MECHANISMS
Firewall: is a device or software that filters all traffic between a protected
or “inside” network and a less trustworthy or “outside” network.
The purpose of a firewall is to keep “bad” things outside a protected
environment.
To accomplish that, firewalls implement a security policy.
The design of firewall should maintain below qualities:
Always invoked.
Tamperproof.
Small and simple enough for rigorous analysis.
 Control mechanisms
Type of firewalls are depends on their capabilities. The type are:
1. Packet filtering gateways or screening routers.
Most effective. Control packet from source to destination.
2. Stateful inspection firewalls.
Maintains state infomation from one packet to another in the input
stream.
Application proxies.
• Simulate the (proper) effects of an application so that the
application will receive only requests to act properly.
 Control mechanisms
• SSH (secure shell) is a pair of protocols (versions 1 and 2), originally
defined for Unix but also available under Windows 2000, that
provides an authenticated and encrypted path to the shell or operating
system command interpreter
The SSH protocol involves negotiation between local and remote
sites for encryption algorithm (for example, DES, IDEA, AES) and
authentication (including public key and Kerberos ).
 Control mechanisms
The SSL (Secure Sockets Layer ) protocol was originally designed by
Netscape to protect communication between a web browser and server
SSL interfaces between applications (such as browsers) and the TCP/IP
protocols to provide server authentication, optional client authentication,
and an encrypted communications channel between client and server.
To use SSL, the client requests an SSL session. The server responds
with its public key certificate so that the client can determine the
authenticity of the server
 Control mechanisms

IPSec: is implemented at the IP layer

IPSec is somewhat similar to SSL, in that it supports authentication
and confidentiality (in applications) or below it (in the TCP protocols).
it was designed to be independent of specific cryptographic protocols
and to allow the two communicating parties to agree on a mutually
supported set of protocols.
 Control mechanisms

Strong Authentication: One-Time Password

Challenge Response Systems
Digital Distributed Authentication
Kerberos
Authentication deals with the who of security policy enforcement;
access controls enforce the what and how
ACLs on Routers
Firewalls
Honeypots
 Control mechanisms
An intrusion detection system (IDS ) is a device, typically another separate
computer, that monitors activity to identify malicious or suspicious events
IDSs perform a variety of functions:
1. monitoring users and system activity
2. auditing system configuration for vulnerabilities and misconfigurations
3. assessing the integrity of critical system and data files
4. recognizing known attack patterns in system activity
5. identifying abnormal activity through statistical analysis etc.
6. managing audit trails and highlighting user violation of policy or normal activity
7. correcting system configuration errors
8. installing and operating traps to record information about intruders
 Control mechanisms
Goals for Intrusion Detection Systems
An IDS could use some or all of the following design approaches:
1. Filter on packet headers
2. Filter on packet content
3. Maintain connection state
4. Use complex, multi-packet signatures
5. Use minimal number of signatures with maximum effect
6. Filter in real time, online
7. Hide its presence
8. Use optimal sliding time window size to match signatures
Any questions?