Scribd
Upload
72 views24 pages

Basic Security: Networking For Home and Small Businesses - Chapter 6

Uploaded by

Mohammad Rafiq Izzat
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
72 views24 pages

Basic Security: Networking For Home and Small Businesses - Chapter 6

Uploaded by

Mohammad Rafiq Izzat
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 24

Basic Security

Networking for Home and Small Businesses – Chapter


6

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Networking Threats
 Information Theft
– Obtain confidential information
– Gather valuable research data

 Data Loss/Manipulation
– Destroying or altering data records

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Networking Threats
 Identity Theft
– Personal information stolen

 Disruption of Service
– prevents legitimate users from accessing services

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3
Networking Threats

 External Threats
– done by individuals outside of the organization
– do no have authorized access

 Internal Threats
– hacker may have access to equipment
– knows what information is valuable or vulnerable
– 70% of security breaches are internal

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4
Social Engineering
 The ability of someone or something to influence
behavior of a group of people
 Used to deceive internal users to get confidential
information
 Hacker takes advantage of legitimate users

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5
Forms of Social Engineering
 Pretexting
– typically accomplished over the phone
– scenario used on the victim to get them to release confidential
information
– gaining access to your social security number
 Phishing
– typically contacted via email
– attacker pretends to represent legitimate organization

 Vishing/Phone Phising
– user sends a voice mail instructing them to call a number which
appears to be legitimate
– call intercepted by thief

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6
Methods of Attack
 Virus
– runs or spreads by modifying other programs or files
– needs to be activitated
– cannot start by itself

 Worms
– similar to virus
– does not attach itself to an existing program
– no human activation needed

 Trojan Horse
– appears harmless
– deceives the victim into initiating the program
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7
DoS (Denial of Service) Attacks
 Intended to deny services to users
– floods network with traffic
– disrupts connections between client and server

 Types of DoS Attacks


– SYN (synchronous) Flooding
• packets sent with invalid IP addresses
• server tries to respond
– Ping of Death
• larger packet size sent than allowed
• leads to system crashing

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8
More Attacks
 DDoS (Distributed Denial of Service) Attack
– more sophisticated than DoS
– overwhelms networks with useless data simultaneously

 Brute Force
– fast PC used to try and guess passwords or decipher data
– attacker tries a large number of possibilities rapidly

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Spyware
 Program that gathers personal information from your
PC without permission
 Information sent to advertisers
 Usually installed unknowingly when downloading a file
 Can slow down performance of the PC

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Cookies, Etc.
 Not always bad . .
 Used to record information about the user when visiting
web sites.
 Adware
– collects information based on sites visited
– useful for target advertising

 Pop- Ups
– additional ads displayed when visiting a site
– pop-ups – open in front of browser
– pop-under – open behind browser

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Spam
 Unwanted bulk e-mail
 Information sent to as many end users as possible
 Can overload servers, ISPs, etc.
 Estimated every Internet user receives over 3000
email per year

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 12
Security Policy
 Statement of rules users must follow when using
technology
 Identification and Authentication Policies
– only authorized persons should have access to network and
its resources (including access to physical devices)

 Password Policies
– must meet minimum requirements
– change passwords regularly

 Acceptable Use Policies


– determine which applications are acceptable

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13
Security Policy

 Remote Access Policies


– explanation of how remote users can access the network

 Network Maintenance Procedures


– explanation of update procedures

 Incident Handling Procedures


– how incidents involving security will be handled

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14
Updates & Patches
 Use of updates and patches makes it harder for the
hacker to gain access.

 Updates
– includes additional functionality

 Patches
– small piece of “code” used to fix the problem

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Anti-Virus Software
 Any device connected to a network is susceptible to
viruses
 Warning signs of a virus:
– computer acts abnormal
– sends out large quantities of email
– high CPU usage

 Some Anti-virus programs


– Email checking
– Dynamic scanning
• checks files when accessed
– Scheduled scans
– Automatic updates
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16
SPAM Prevention
 Spam is an annoying problem, can . . .
– overload servers
– carry potential viruses

 Anti-spam software
– identifies the spam and performs an action
• deletes the file
• places it into the “junk mail” folder

 Common spam occurrence


– warning of virus from another user
– not always true

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Firewall

 Used to control traffic between networks


 Methods of a Firewall
– Packet filtering
• based on IP or MAC address
– Application/Web site filtering
• based on the application or website being used
– SPIC (Stateful Packet Inspection)
• incoming packets must be legitimate responses to requests
from hosts

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 18
Firewall Types
 Appliance-based firewall
– built into the hardware
– no peripherals needed

 Server-based firewall
– firewall run on a NOS (Network Operating System)

 Integrated firewall
– adds firewall functionality to an existing device

 Personal firewall
– resides on a host PC

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 19
Firewall Features and How to Use them to
Protect Against an Attack
 Use of a DMZ (Demilitarized Zone)
 Area of the network which is accessible to both internal
and external users
 Web servers for public access typically located here

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 20
Single or Dual Firewalls??
 Single Firewall
– appropriate for smaller networks
– all external traffic sent to firewall

 Dual Firewall
– appropriate for larger businesses
– internal and external firewall

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 21
Firewall Features and How to Use them to
Protect Against an Attack
 Vulnerability Analysis
– determine what part(s) of your network may be vulnerable to
attacks

 Security Scanners
– helps identify where attack can occur
– may help identify missing updates

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 22
Summary
 Networks can be open to intrusion through
vulnerabilities in software, hardware attacks, or the
weaknesses of individuals.
 Effective network security is based on a variety of
products and services, combined with a thorough
security policy.
 A firewall controls traffic between networks and helps
prevent unauthorized access.

ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 23
ITE PC v4.0
Chapter 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 24

You might also like