Introduction To Network Security

Introduction to Network Security

Definition I
It is a set of rules and configurations designed to protect the

integrity, confidentiality and accessibility of computer net-
works and data using both software and hardware technolo-
gies.
Network security is a broad term that covers a multitude of
technologies, devices and processes.
Network security consists of the policies, processes and
practices adopted to prevent, detect and monitor unautho-
rized access, misuse, modification, or denial of a computer
network and network-accessible resources.
Network Properties I
A network must abode by these rules to ensure security while

transmission of data in between the designed network.
Confidentiality: This property covers the protection of trans-
mitted data against its release to non-authorized parties.
Integrity: This property assures that a single message reaches
the receiver as it has left the sender, but integrity also ex-
tends to a stream of messages.
Availability: Whenever information needs to be transmit-
ted, the communication channel is available and the re-
ceiver can cope with the incoming data.
Network Properties II
Authentication: A system implementing the authentication

property assures the recipient that the data are from the
source that it claims to be.
Non-repudiation: This property describes the feature that
prevents either the sender or receiver from denying a trans-
mitted message.
Types of security attacks I
Passive attacks: Passive attacks are in the nature of eaves-

dropping on, or monitoring of, transmissions. The goal of
the opponent is to obtain information that is being transmit-
ted. Passive attacks are very difficult to detect, because
they do not involve any alteration of the data. Typically, the
message traffic is sent and received in an apparently nor-
mal fashion, and neither the sender nor receiver is aware
that a third party has read the messages or observed the
traffic pattern.
Types of security attacks II
Figure: Passive Attacks

Types of security attacks III
Active attacks: Active attacks involve some modification of

the data stream or the creation of a false stream. Active
attacks present the opposite characteristics of passive at-
tacks. Whereas passive attacks are difficult to detect, mea-
sures are available to prevent their success. On the other
hand, it is quite difficult to prevent active attacks absolutely
because of the wide variety of potential physical, software,
and network vulnerabilities. Instead, the goal is to detect
active attacks and to recover from any disruption or delays
caused by them. If the detection has a deterrent effect, it
may also contribute to prevention.
Types of security attacks IV
Figure: Active Attacks

Common Attacks I
Eavesdropping: Interception of communications by an unau-

thorized party is called eavesdropping. Passive eavesdrop-
ping is when the person only secretly listens to the net-
worked messages. On the other hand, active eavesdrop-
ping is when the intruder listens and inserts something into
the communication stream.
Viruses: Viruses are self-replication programs that use files
to infect and propagate. Once a file is opened, the virus will
activate within the system.
Common Attacks II
Worms: A worm is similar to a virus because they both are

self-replicating, but the worm does not require a file to allow
it to propagate. There are two main types of worms, mass
mailing worms and network-aware worms. Mass mailing
worms use email as a means to infect other computers.
Network aware worms are a major problem for the Inter-
net. A network aware worm selects a target and once the
worm accesses the target host, it can infect it by means of
a Trojan or otherwise.
Trojans: Trojans appear to be benign programs to the user,
but will actually have some malicious purpose. Trojans usu-
ally carry some payload such as a virus.
Common Attacks III
Phishing: Phishing is an attempt to obtain confidential in-

formation from an individual, group, or organization. Phish-
ers trick users into disclosing personal data, such as credit
card numbers, online banking credentials, and other sensi-
tive information.
IP Spoofing Attacks: Spoofing means to have the address
of the computer mirror the address of a trusted computer in
order to gain access to other computers. The identity of the
intruder is hidden by different means making detection and
prevention difficult. With the current IP protocol technology,
IP spoofed packets cannot be eliminated.
Common Attacks IV
Denial of Service: Denial of Service is an attack when the

system receiving too many requests cannot return commu-
nication with the requestors. The system then consumes re-
sources waiting for the handshake to complete. Eventually,
the system cannot respond to any more requests rendering
it without service.
Defense and detection mechanisms I
Cryptographic systems: Cryptography is a useful and widely

used tool in security engineering today. It involved the use
of codes and ciphers to transform information into unintelli-
gible data.
Firewall: A firewall is a typical border control mechanism or
perimeter defense. The purpose of a firewall is to block traf-
fic from the outside, but it could also be used to block traffic
from the inside. A firewall is the front line defense mecha-
nism against intruders. It is a system designed to prevent
unauthorized access to or from a private network. Firewalls
can be implemented in both hardware and software, or a
combination of both.
Defense and detection mechanisms II
Intrusion Detection Systems: An Intrusion Detection Sys-

tem (IDS) is an additional protection measure that helps
ward off computer intrusions. IDS systems can be software
and hardware devices used to detect an attack. IDS prod-
ucts are used to monitor connection in determining whether
attacks are been launched. Some IDS systems just mon-
itor and alert of an attack, whereas others try to block the
attack.
Anti Malware Software and scanners: Viruses, worms
and Trojan horses are all examples of malicious software,
or Malware for short. Special so called anti-Malware tools
are used to detect them and cure an infected system.
Defense and detection mechanisms III
Secure Socket Layer (SSL): The Secure Socket Layer (SSL)

is a suite of protocols that is a standard way to achieve a
good level of security between a web browser and a web-
site. SSL is designed to create a secure channel, or tunnel,
between a web browser and the web server, so that any in-
formation exchanged is protected within the secured tunnel.
SSL provides authentication of clients to server through the
use of certificates. Clients present a certificate to the server
to prove their identity.
Application layer attacks I
The application layer is used by most programs for network com-

munication. Data is passed from the program in an application-
specific format, then encapsulated into a transport layer protocol
[1].
SQL injection: SQL injection is a technique that exploits a
security vulnerability occurring in the database layer of an
application. The vulnerability is present when user input is
either incorrectly filtered for string literal escape characters
embedded in SQL statements or user input is not strongly
typed and thereby unexpectedly executed. It is in fact an
instance of a more general class of vulnerabilities that can
occur whenever one programming or scripting language is
embedded inside another.
Application layer attacks II
Defense: A network-based intrusion detection (IDS) tool such

as Snort can be set up to detect certain types of SQL injection
and XSS attacks as they occur. Snort actually has a default
rule set that contains signatures for detecting these intrusions.
However, they can be easily bypassed by an attacker, mainly by
converting the malicious input string into its hex-encoded value.
Transport Layer attacks I
The transport layer’s responsibilities include end-to-end mes-

sage transfer capabilities independent of the underlying network,
along with error control, fragmentation and flow control. End
to end message transmission or connecting applications at the
transport layer can be categorized as either:
Connection-oriented, e.g., TCP
connectionless, e.g., UDP
The transport layer can be thought of literally as a transport
mechanism e.g. a vehicle whose responsibility is to make sure
that its contents (passengers/goods) reach its destination safely
and soundly, unless a higher or lower layer is responsible for safe
delivery.The transport layer provides this service of connecting
applications together through the use of ports. Since IP provides
Transport Layer attacks II

only a best effort delivery, the transport layer is the first layer of
the TCP/IP stack to offer reliability. Note that IP can run over a
reliable data link protocol such as the High-Level Data Link Con-
trol (HDLC). Protocols above transport, such as RPC, also can
provide reliability.
Port Scan Attack: A Port Scan is one of the most popular
reconnaissance techniques attackers use to discover ser-
vices they can break into. All machines connected to a net-
work run many services that use TCP or UDP ports. A port
scan helps the attacker find which ports are available. Es-
sentially, a port scan consists of sending a message to each
port, one at a time. The kind of response received indicates
whether the port is used and can therefore be probed fur-
ther for weakness.
Transport Layer attacks III

Defense: Placing a NIDS(Network Intrusion Detection System)
on the outside of the external firewall will give an early warn-
ing advantage, as it should enable the administrator to detect
the port scans that typically indicate the start of hacker activity.
However, not all scans will be followed by an actual attack, as the
hacker may determine that the network currently has no weak-
nesses that they can exploit. This could lead to large number of
alerts that do not require attention. One common yet dangerous
effect of this is that the staff may lose faith in the IDS and start
ignoring alerts. External firewall can be used to provide alerts
for the traffic that it has denied. By placing NIDS inside the DMZ
(De-Militarized Zone, a part of the network that is neither "inside"
nor "outside" the corporate entity) the advantage that could be
taken is that the tailoring of NIDS attack signature database can
Transport Layer attacks IV
be done to consider only those attacks that are applicable to

the systems in the DMZ; at the same time the firewall will have
blocked all other traffic.
Network layer I
Network layer solves the problem of getting packets across a

single network. Examples of such protocols are X.25, and the
ARPANET’s Host/IMP Protocol.
Denial of Service attack - SYN Flooding: The basis of the
SYN flooding attack lies in the design of the 3-way hand-
shake that begins a TCP connection. In this handshake,
the third packet verifies the initiator’s ability to receive pack-
ets at the IP address it used as the source in its initial re-
quest, or its return reachability. Figure shows the sequence
of packets exchanged at the beginning of a normal TCP
connection.
Network layer II
Defense: Both end-host and network-based solutions to the
SYN flooding attack have merits. Both types of defense are
frequently employed, and they generally do not interfere when
used in combination. Because SYN flooding targets end hosts
rather than attempting to exhaust the network capacity, it seems
logical that all end hosts should implement defenses, and that
network-based techniques are an optional second line of de-
fense that a site can employ.End-host mechanisms are present
in current versions of most common operating systems. Some
implement SYN caches, others use SYN cookies after a thresh-
old of backlog usage is crossed, and still others adapt the SYN-
RECEIVED timer and number of retransmission attempts for
SYN-ACKs.Because some techniques are known to be ineffec-
tive (increasing backlogs and reducing the SYN-RECEIVED timer),
Network layer III
these techniques should definitely not be relied upon. SYN

caches seem like the best end-host mechanism available.
Data Link Layer Attacks I
The link layer, which is the method used to move packets from
the network layer on two different hosts, is not really part of the
Internet protocol suite, because IP can run over a variety of dif-
ferent link layers. The processes of transmitting packets on a
given link layer and receiving packets from a given link layer can
be controlled both in the software device driver for the network
card, as well as on firmware or specialist chipsets. These will
perform data link functions such as adding a packet header to
prepare it for transmission, then actually transmit the frame over
a physical medium.
Data Link Layer Attacks II
Media Access Control (MAC) Address spoofing: MAC

spoofing attacks involve the use of a known MAC address
of another host to attempt to make the target switch forward
frames destined for the remote host to the network attacker.
By sending a single frame with the other host’s source Eth-
ernet address, the network attacker overwrites the CAM ta-
ble entry so that the switch forwards packets destined for
the host to the network attacker. Until the host sends traffic
it will not receive any traffic. When the host sends out traffic,
the CAM table entry is rewritten once more so that it moves
back to the original port.
Data Link Layer Attacks III
Defense: The best way to protect against MAC spoofing is for

an intelligent WLAN system to automatically detect MAC spoof-
ing attacks and exclude offending machines from attaching to
the WLAN. This is done in several ways: Detection and Contain-
ment - One way to prevent MAC spoofing attacks is to flag any
occurrence in which the manufacturer name of a detected WLAN
adapter differs from the known OUI(Organizationally Unique Iden-
tifier) for that equipment. Once detected, an intelligent WLAN
system can prevent the known attacker from connecting to any
nearby APs or any APs located throughout the entire WLAN.
Physical Layer Attacks I
The Physical layer is responsible for encoding and transmission

of data over network communications media. It operates with
data in the form of bits that are sent from the Physical layer of the
sending (source) device and received at the Physical layer of the
destination device.Ethernet, Token Ring, SCSI, hubs, repeaters,
cables and connectors are standard network devices that func-
tion at the Physical layer. The Physical layer is also considered
the domain of many hardware-related network design issues,
such as LAN and WAN topology and wireless technology.
There is not much to be said about the attack on this layer.
Some one can physically take away your network card or
unplug your internet cable.
Defence: Do not let people touch your computer
Wired vs Wireless attacks

Wireless Physical Layer Attacks

Wireless MAC Layer Attacks

Wireless Network Layer Attacks

Wireless Transport Layer Attacks

Wireless Application Layer Attacks

Security Mechanisms I
Symmetric Key Cryptography: It is an encryption system

where the sender and receiver of message use a single
common key to encrypt and decrypt messages. Symmet-
ric Key Systems are faster and simpler but the problem is
that sender and receiver have to somehow exchange key
in a secure manner. Some common symmetric key cryp-
tography examples include the Advanced Encryption Stan-
dard (AES), the Data Encryption Standard (DES), along
with IDEA, Blowfish, RC4 (Rivest Cipher 4), RC5 (Rivest
Cipher 5), and RC6 (Rivest Cipher 6).
Security Mechanisms II
Hash Functions: There is no usage of any key in this al-
gorithm. A hash value with fixed length is calculated as
per the plain text which makes it impossible for contents of
plain text to be recovered. Many operating systems use
hash functions to encrypt passwords. Examples of such
functions are SHA-256 and SHA3-256,
Asymmetric Key Cryptography: Under this system a pair
of keys is used to encrypt and decrypt information. A pub-
lic key is used for encryption and a private key is used for
decryption. Public key and Private Key are different. Even
if the public key is known by everyone the intended receiver
can only decode it because he alone knows the private
key. Examples of asymmetric key cryptography are Diffie-
Hellman, ECC, El Gamal, DSA and RSA
Security Mechanisms III
Message Authentication Code (MAC): MAC algorithm is a

symmetric key cryptographic technique to provide message
authentication. For establishing MAC process, the sender
and receiver share a symmetric key K. Essentially, a MAC is
an encrypted checksum generated on the underlying mes-
sage that is sent along with a message to ensure message
authentication.
Security Mechanisms IV
Security Mechanisms V
Digital Signature: A digital signature is a mathematical

scheme for verifying the authenticity of digital messages or
documents. A valid digital signature, where the prerequi-
sites are satisfied, gives a recipient very high confidence
that the message was created by a known sender (authen-
ticity), and that the message was not altered in transit (in-
tegrity).
Security Mechanisms VI

Introduction To Network Security

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction To Network Security

Uploaded by

Copyright:

Available Formats

Introduction to Network Security

Introduction to Network Security

It is a set of rules and configurations designed to protect the

A network must abode by these rules to ensure security while

Authentication: A system implementing the authentication

Types of security attacks I

Passive attacks: Passive attacks are in the nature of eaves-

Types of security attacks II

Figure: Passive Attacks

Types of security attacks III

Active attacks: Active attacks involve some modification of

Types of security attacks IV

Figure: Active Attacks

Eavesdropping: Interception of communications by an unau-

Worms: A worm is similar to a virus because they both are

Common Attacks III

Phishing: Phishing is an attempt to obtain confidential in-

Denial of Service: Denial of Service is an attack when the

Defense and detection mechanisms I

Cryptographic systems: Cryptography is a useful and widely

Defense and detection mechanisms II

Intrusion Detection Systems: An Intrusion Detection Sys-

Defense and detection mechanisms III

Secure Socket Layer (SSL): The Secure Socket Layer (SSL)

Application layer attacks I

The application layer is used by most programs for network com-

Application layer attacks II

Defense: A network-based intrusion detection (IDS) tool such

Transport Layer attacks I

The transport layer’s responsibilities include end-to-end mes-

Transport Layer attacks II

Transport Layer attacks III

Transport Layer attacks IV

be done to consider only those attacks that are applicable to

Network layer solves the problem of getting packets across a

Network layer III

these techniques should definitely not be relied upon. SYN

Data Link Layer Attacks I

Data Link Layer Attacks II

Media Access Control (MAC) Address spoofing: MAC

Data Link Layer Attacks III

Defense: The best way to protect against MAC spoofing is for

Physical Layer Attacks I

The Physical layer is responsible for encoding and transmission

Wired vs Wireless attacks

Wireless Physical Layer Attacks

Wireless MAC Layer Attacks

Wireless Network Layer Attacks

Wireless Transport Layer Attacks

Wireless Application Layer Attacks

Symmetric Key Cryptography: It is an encryption system

Security Mechanisms III

Message Authentication Code (MAC): MAC algorithm is a

Digital Signature: A digital signature is a mathematical

You might also like