Unit 1: Threats in Networks & Network

Security Controls
 Introduction to Network Threats
• Overview of Network Vulnerabilities: Every
network has potential weaknesses or
vulnerabilities that attackers can exploit.
• Common Threats:
• DDoS (Distributed Denial of Service)
• Phishing
• Malware
• Man-in-the-Middle (MitM) attacks
 DDoS Attacks
• Definition: A DDoS attack overwhelms a server
with traffic, making it unavailable.
• How It Works: Infected devices (botnets) send
massive traffic to a target.
• Types: Volumetric, Protocol, and Application
layer attacks.
• Example: GitHub's DDoS attack in 2018 (1.3
Tbps).
 Intruders and Insider Threats
• Intruders: Unauthorized individuals who try to
access the network.
• Types: External (hackers) and Internal
(employees).
• Insider Threats: Employees or contractors with
legitimate access who misuse their privileges.
 Intrusion Detection Systems (IDS)
• Role: Monitors network traffic for suspicious
activity.
• Types:
• Network-based (NIDS)
• Host-based (HIDS)
• Detection Methods: Signature-based and
anomaly-based.
Intrusion Prevention Systems (IPS)
• Difference from IDS: IPS can actively block or
prevent malicious traffic.
• Real-time Response: Immediately reacts to
detected threats.
• Combining IDS/IPS: Provides both detection
and prevention capabilities.
Password Management & Security
• Strong Passwords: 12+ characters, mix of
letters, numbers, and symbols.
• Password Best Practices:
• Use password managers.
• Implement multi-factor authentication (MFA).
 Malicious Software (Malware)
• Types of Malware:
• Viruses: Attach to files and spread.
• Worms: Self-replicate and spread across
networks.
• Trojans: Disguised as legitimate software but
execute malicious actions.
• Prevention: Antivirus software, firewalls, and
regular updates.
Firewalls: Characteristics and Types
• Purpose: Filter incoming and outgoing
network traffic.
• Types:
• Packet-filtering firewall
• Stateful firewall
• Proxy firewall.
 Firewall Basing and Placement
• Basing: Ensuring the firewall is configured
securely.
• Placement:
• Between the internal network and the
internet.
• Additional firewalls can segment sensitive
internal systems.
Unit 2: IP and Web Security
 Introduction to IP Security
• What is IPsec?: A suite of protocols that
secures IP communications by authenticating
and encrypting each IP packet.
• Benefits:
• Ensures confidentiality and data integrity.
• Commonly used in VPNs.
 IPsec Components
• Authentication Header (AH): Provides integrity
and authentication.
• Encapsulating Security Payload (ESP): Encrypts
the payload of IP packets.
• Security Associations (SAs): Defines
parameters for secure communication.
 IPsec Protocol Modes
• Transport Mode: Encrypts only the data
payload of the IP packet.
• Tunnel Mode: Encrypts the entire IP packet.
Used in VPNs.
• Use Cases: Transport for end-to-end security;
Tunnel for gateway-to-gateway security.
 Web Security: SSL and TLS
• SSL (Secure Socket Layer): Encrypts data
between a web server and a browser.
• TLS (Transport Layer Security): A more secure
and efficient version of SSL.
• How They Work: SSL/TLS encrypt data and
provide authentication via certificates.
 HTTPS – Securing Web Traffic
• HTTPS: HTTP over SSL/TLS ensures encrypted
web traffic.
• SSL Certificates: Digital certificates validate the
identity of a website.
• Importance: HTTPS is crucial for securing
sensitive online transactions.
 Secure Shell (SSH)
• Overview: SSH is a protocol used for secure
remote login and command execution.
• Common Uses: Remote administration of
servers, secure file transfers.
• Encryption: SSH encrypts traffic to prevent
interception or modification.
 Transport Layer Security (TLS)
• Purpose: TLS encrypts communications
between client and server, protecting the
integrity of data.
• TLS Handshake: The process where the client
and server establish a secure session.
• Use Cases: Securing web traffic (HTTPS),
email, and instant messaging.
 Implementing Web Security
• Best Practices:
• Use strong encryption (SSL/TLS) for web traffic.
• Keep software and applications up to date.
• Use security tools like Web Application
Firewalls (WAF).
• Common Web Security Threats:
• SQL Injection
• Cross-site Scripting (XSS).