CompTech 213 Topic No. 7 Fundamentals of Network Security
CompTech 213 Topic No. 7 Fundamentals of Network Security
Network Technician
Technicians need to understand computer and network security. Failure to implement proper security procedures can have an impact on
users, computers, and the general public. Private information, company secrets, financial data, computer equipment, and items of national
security are placed at risk if proper security procedures are not followed.
Theft, loss, network intrusion, and physical damage are some of the ways a network or computer
can be harmed. Damage or loss of equipment can mean a loss of productivity. Repairing and replacing
equipment can cost the company time and money. Unauthorized use of a network can expose confidential
information and reduce network resources. An attack that intentionally degrades the performance of a
computer or network can also harm the production of an organization.
Security Threats
To successfully protect computers and the network, a technician must understand both types of threats to computer security:
• Physical – Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring
• Data – Events or attacks that remove, corrupt, deny access, allow access, or steal information
Threats to security can come from the inside or outside of an organization, and the level of potential damage can vary greatly:
Physical loss or damage to equipment can be expensive, and data loss can be detrimental to
your business and reputation. Threats against data are constantly changing as attackers find new
ways to gain entry and commit their crimes.
Virus, Worms, and Trojans.
Computer viruses are deliberately created and sent out by attackers. A virus is attached to small
pieces of computer code, software, or documents. The virus executes when the software is run on
a computer. If the virus is spread to other computers, those computers could continue to spread
the virus.
Virus
A virus is a program written with malicious intent and sent out by attackers. The virus is transferred
to another computer through e-mail, file transfers, and instant messaging. The virus hides by
attaching itself to a file on the computer. When the file is accessed, the virus executes and infects
the computer. A virus has the potential to corrupt or even delete files on your computer, use your
e-mail to spread itself to other computers, or even erase your entire hard drive.
Worms
A worm is a self-replicating program that is harmful to networks. A worm uses the network to duplicate
its code to the hosts on a network, often without any user intervention. It is different from a virus
because a worm does not need to attach to a program to infect a host. Even if the worm does not
damage data or applications on the hosts it infects, it is harmful to networks because it consumes
bandwidth.
Trojans
A Trojan is technically a worm. The Trojan does not need to be attached to other software. Instead,
a Trojan threat is hidden in software that appears to do one thing, and yet behind the scenes it does
another. Trojans are often disguised as useful software. The Trojan program can reproduce like a
virus and spread to other computers. Computer data damage and production loss could be significant.
An infected computer could be sending critical data to competitors, while at the same time infecting
other computers on the network.
• ActiveX
• Java
• JavaScript
Attackers may use any of these tools to install a program on a computer. To prevent against these attacks, most browsers have settings
that force the computer user to authorize the downloading or use of ActiveX, Java, or JavaScript.
Adware
Adware is a software program that displays advertising on your computer. Adware is usually
distributed with downloaded software. Most often, adware is displayed in a popup window. Adware
popup windows are sometimes difficult to control and will open new windows faster than users can
close them.
Grayware
Grayware or malware is a file or program other then a virus that is potentially harmful. Many grayware
attacks are phishing attacks that try to persuade the reader to unknowingly provide attackers with
access to personal information. As you fill out an online form, the data is sent to the attacker. Grayware
can be removed using spyware and adware removal tools.
Spyware
Spyware, a type of grayware, is similar to adware. It is distributed without any user intervention or knowledge. Once installed, the
spyware monitors activity on the computer. The spyware then sends this information to the organization responsible for launching the
spyware.
Phishing
Phishing is a form of social engineering where the attacker pretends to represent a legitimate outside organization, such as a bank. A
potential victim is contacted via e-mail. The attacker might ask for verification of information, such as a password or username, to
supposedly prevent some terrible consequence from occurring.
Denial of Service
Denial of service (DoS) is a form of attack that prevents users from accessing normal services, such as e-mail and a web server, because
the system is busy responding to abnormally large amounts of requests. DoS works by sending enough requests for a system resource
that the requested service is overloaded and ceases to operate.
✓ Ping of death – A series of repeated, larger than normal pings that crash the receiving computer.
✓ E-mail bomb – A large quantity of bulk e-mail that overwhelms the e-mail server preventing
users from
accessing it.
✓ Distributed DoS (DDoS) is another form of attack that uses many infected computers, called
zombies, to launch an attack. With DDoS, the intent is to obstruct or overwhelm access to the
targeted server. Zombie computers located at different geographical locations make it difficult to
trace the origin of the attack.
When used as an attack method, spam may include links to an infected website or an attachment that could infect a computer. These
links or attachments may result in lots of windows designed to capture your attention and lead you to advertising sites. These windows
are called popups. Many anti-virus and e-mail software programs automatically detect and remove spam from an e-mail inbox. Some
spam still may get through, so look for some of the more common indications:
• No subject line
• Incomplete return addresses
• Computer generated e-mails
• Return e-mails not sent by the user
Social Engineering
A social engineer is a person who is able to gain access to equipment or a network by tricking people
into providing the necessary access information. Often, the social engineer gains the confidence of an
employee and convinces the employee to divulge username and password information.
2
A social engineer may pose as a technician to try to gain entry into a facility. Once inside, the social
engineer may look over shoulders to gather information, seek out papers on desks with passwords
and phone extensions, or obtain a company directory with e-mail addresses.
Here are some basic precautions to help protect against social engineering:
• Never give out your password
• Always ask for the ID of unknown persons
• Restrict access of unexpected visitors
• Escort all visitors
• Never post your password in your work area
• Lock your computer when you leave your desk
• Do not let anyone follow you through a door that requires an access card
TCI/IP Attacks
TCP/IP is the protocol suite that is used to control all of the communications on the Internet. Unfortunately, TCP/IP can also make a
network vulnerable to attackers.
The value of physical equipment is often far less than the value of the data it contains. The loss of sensitive data to a company's
competitors or to criminals may be costly. Such losses may result in a lack of confidence in the company and the dismissal of computer
technicians in charge of computer security. To protect data, there are several methods of security protection that can be implemented.
Password Protection
Password protection can prevent unauthorized access to content. Attackers are able to gain access to unprotected computer data. All
computers should be password protected. Two levels of password protection are recommended:
• BIOS – Prevents BIOS settings from being changed without the appropriate password
• Login – Prevents unauthorized access to the network
3
Network Logins
Network logins provide a means of logging activity on the network and either preventing or allowing access to resources. This makes it
possible to determine what resources are being accessed. Usually, the system administrator defines a naming convention for the
usernames when creating network logins. A common example of a username is the first initial of the person's first name and then the
entire last name. You should keep the username naming convention simple so that people do not have a hard time remembering it.
When assigning passwords, the level of password control should match the level of protection required. A good security policy should be
strictly enforced and include, but not be limited to, the following rules:
Password standards should prevent users from writing down passwords and leaving them unprotected from public view. Rules about
password expiration and lockout should be defined. Lockout rules apply when an unsuccessful attempt has been made to access the
system or when a specific change has been detected in the system configuration.
Data Encryption
Encrypting data uses codes and ciphers. Traffic between resources and computers
on the network can be protected from attackers monitoring or recording transactions
by implementing encryption. It may not be possible to decipher captured data in time
to make any use of it. Virtual Private Network (VPN) uses encryption to protect data.
A VPN connection allows a remote user to safely access resources as if their computer
is physically attached to the local network.
Data Backups
Data backup procedures should be included in a security plan. Data can be lost or
damaged in circumstances such as theft, equipment failure, or a disaster such as a
fire or flood. Backing up data is one of the most effective ways of protecting against
data loss. Here are some considerations for data backups:
• Frequency of backups – Backups can take a long time. Sometimes it is easier to make
a full backup monthly or weekly, and then do frequent partial backups of any data that
has changed since the last full backup.
• Storage of backups – Backups should be transported to an approved offsite storage
location for extra security.
• Security of backups – Backups can be protected with passwords. These passwords
would have to be entered before the data on the backup media could be restored.
Regardless of type and usage, a disk contains a file system and information about where disk data is stored and how it may be accessed
by a user or application. A file system typically manages operations, such as storage management, file naming, directories/folders,
metadata, access rules and privileges. Commonly used file systems include:
When installing wireless services, you should apply wireless security techniques immediately to prevent unwanted access to the network.
Wireless access points should be configured with basic security settings that are compatible with the existing network security.
An attacker can access data as it travels over the radio signal. A wireless encryption system can be used to prevent unwanted capture
and use of data by encoding the information that is sent. Both ends of every link must use the same
encryption standard.
Levels of wireless security described here: