CH 2

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 36

Modern Network

Security Threats
Chapter Outline

 Securing Networks
 Network Threats
 Mitigating Threats
1.Securing Networks
 Securing networks is an essential aspect of network security, as it involves implementing
measures to prevent unauthorized access, protect data, and ensure the continuity of operations.

 Securing networks is a multi-layered and ongoing process that requires a combination of


technical controls, policies and procedures, education and training, and ongoing monitoring and
assessment.

By following these best practices, organizations can improve their network security posture and
reduce the risk of cyber-attacks.
1.Securing Networks

key steps Establish a security policy: Develop a comprehensive security policy that
outlines the rules, procedures, and technologies required to secure the network.
to
consider Secure network infrastructure: Secure the network infrastructure by
when implementing firewalls, intrusion detection and prevention systems, and access
control mechanisms.
securing
networks: Implement strong authentication mechanisms: Implement strong authentication
mechanisms such as multi-factor authentication (MFA) and strong passwords to
ensure that only authorized users can access the network.
1.Securing Networks

Keep software up-to-date: Keep software and firmware up-to-date to ensure


that security vulnerabilities are patched as soon as they are discovered.

key steps
to Educate users
consider
when
securing Use data encryption: Use encryption to protect data as it is transmitted
across the network. Encryption can help to prevent eavesdropping and
networks: ensure that data remains confidential and secure.
1.Securing Networks

 As part of security assessment and monitoring, security teams must identify


ways in which their systems could be attacked.

These assessments involve vulnerabilities, threats, and risk.


1. Securing Networks

 Vectors of Network Attacks: There are


various vectors of network attacks that
cybercriminals can use to compromise
the security of a network. Here are some
of the most common network attack
vectors:

• Phishing attacks, Malware, DDoS attack,


Man-in-the-middle (MitM) attacks,
Password attacks, Social engineering
1. Securing Networks

 Vectors of data loss refers to the various ways in which data can be lost or become
inaccessible. These vectors can include:
 Email/Webmail

 Unencrypted Devices

 Cloud Storage Devices

 Removable Media

 Hard Copy

 Improper Access Control


1. Securing Networks

 Network Topology Overview

A network topology is the physical and logical arrangement of nodes and connections
in a network. Nodes usually include devices such as switches, routers and software
with switch and router features. Network topologies are often represented as a graph.

 Campus Area Networks (CAN)

 Small Office and Home Office Networks (SOHO )

 Wide Area Networks (WAN)


Campus Area
Networks

A campus network, campus area


network, or CAN is a computer
network made up of an
interconnection of local area
networks within a limited
geographical area.
Small Office and
Home Office
Networks
SOHO is a small network
connecting a user or small handful
of users to the internet and office
resources such as servers and
printers. Usually just one router
and a switch, or two, plus a
firewall.
Wide Area
Networks
A wide area network is a
telecommunications network that
extends over a large geographic
area.
Data Center Networks

Is the integration of a group of networking resources — switching, routing, load balancing,


analytics, etc. — to facilitate the storage and processing of applications and data.

Outside perimeter security Inside perimeter security

Security officers Electronic motion detectors

Gates Security traps

Continuous video monitoring Continuous video monitoring

Security breach alarms Biometric access and exit sensors


The Evolving Network Border

 Bring your Own Device (BYOD) is the set of policies in a business that allows
employees to use their own devices – phone, laptop, tablet or whatever – to
access business applications and data.

 Mobile device management (MDM) refers to a set of functions and features


that control the use of mobile devices in compliance with organizational policies.

 Critical MDM functions for BYOD network:

Data encryption, PIN enforcement, data wipe, data loss prevention and root detection
2. Network Threats
2.1 Who is Hacking Our Networks?

 A White Hat Hacker : A White Hat hacker is someone who deals with ethical hacking.

 A Black Hat hacker is someone unethical in nature and breaks into systems for personal gains.

 A Grey Hat hacker is something between a white and a black hat hacker.

◦ They generally do not have intentions to hurt anyone and do not exploit systems for any

personal benefits but may knowingly or unknowingly commit malicious acts during their
exploits.
Penetration testing tools

 A penetration test, or ethical hacking, is an authorized simulated cyberattack on a


computer system, performed to evaluate the security of the system.

 Penetration testing tools:

Password crackers, wireless hacking, network scanning and hacking, packet sniffers, rootkit
detectors, search vulnerabilities, Forensic, debuggers, hacking operating systems, encryption,
vulnerability exploitation and vulnerability Scanners
2.2 Hackers Tools
Exploitation Tools: These are tools used to find and exploit vulnerabilities
in computer systems, applications, and networks.

Categories of Password Cracking Tools: These tools are used to crack or guess
attack tools used passwords, which can be used to gain unauthorized access to systems or
in cybersecurity data.

Network Scanning Tools: These tools are used to scan networks for open
ports, operating systems, and other system information that can be used in
attack process.
2.2 Hackers Tools
Sniffing and Spoofing Tools: These tools are used to intercept and manipulate network traffic,
allowing attackers to steal data or launch further attacks.

Denial of Service (DoS) Tools: These tools are used to flood a target system or network with
Categories of traffic, making it unavailable to legitimate users.
attack tools used
in cybersecurity
Social Engineering Tools: These tools are used to trick people into revealing sensitive
information or performing actions that can be used to compromise a system or network

Remote Access Tools: These tools are used to gain remote access to a system or network, often
by exploiting vulnerabilities or using stolen credentials.
Various Types of Malware
Trojan Horse Classification
 Security software disabler
 Remote-access
 Data-sending
 Destructive
 Proxy
 FTP
 DoS
Worms

Initial Code Red Worm Infection

Code Red Worm Infection 19 Hours Later


Other
Malware
Ransomware
Spyware
Adware
Phishing
Rootkits
Types of Network Attacks

 Reconnaissance is the information-gathering stage of ethical hacking, where you


collect data about the target system. This data can include anything from network
infrastructure to employee contact details. The goal of reconnaissance is to identify as
many potential attack vectors as possible.
1. Initial query of a target
2. Ping sweep of the target network
3. Port scan of active IP addresses
4. Vulnerability scanners
5. Exploitation tools
Types of Network Attacks
 Access Attacks: an attack where a hacker is able to gain access to a computer and be able to
directly download data from it.

 A few reasons why hackers use access attacks:


To retrieve data, To gain access, To escalate access privileges.

 A few types of access attacks include:


Password ,Trust exploitation, Port redirection, Man-in-the-middle, Buffer overflow, IP spoofing,
MAC spoofing
Types of Network Attacks
 social engineering is the psychological manipulation of
people into performing actions or disclose confidential
information.
 Pretexting
Phishing
Spear phishing
Spam
Something for Something
Baiting
Types of Network
Attacks

Denial of Service Attacks


involves flooding a network or
website with traffic to overwhelm
it and cause it to crash.
Types of Network Attacks
DDoS Attacks
1. Hacker builds a network of infected machines
- A network of infected hosts is called a botnet.
- The compromised computers are called zombies.
- Zombies are controlled by handler systems.

2. Zombie computers continue to scan and infect more


targets
3. Hacker instructs handler system to make the botnet of
zombies carry out the DDoS attack
3. Mitigating Threats
 Mitigating threats involves taking steps to prevent, detect, and respond to potential security
incidents.
 some common measures to mitigate threats:

Use strong passwords


Regularly update Implement access Use antivirus and
and multi-factor
software and systems controls antimalware software
authentication

Implement firewalls
Provide cybersecurity Conduct regular Develop an incident
and intrusion detection
training for employees security assessments response plan
systems
2.3 Mitigating
Threats

Network Security Professionals.


Network Security Domains

Risk assessment
 Security policy
 Organization of information security
 Asset management
 Human resources security
 Physical and environmental security
 Communications and operations management
 Information systems acquisition, development, and maintenance
 Access control
 Information security incident management
Defending the Network

Best practices:
 Develop a written security policy.
 Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via
email, or in person.
 Control physical access to systems.
 Use strong passwords and change them often.
 Encrypt and password-protect sensitive data.
 Implement security hardware and software.
 Perform backups and test the backed-up files on a regular basis.
 Shut down unnecessary services and ports.
 Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow and privilege escalation attacks.
 Perform security audits to test the network.
Mitigat
ing
Malwar
e
Mitigating Worms

Containment

Inoculation Quarantine

Treatment
Mitigating
Reconnais
sance
Attacks
Mitigatin
g Access
Attacks
Mitigating
DoS
Attacks

You might also like