Part I: Network security overview

- The need for network security

- Characteristics for ensuring information security
- Threats
- Vulnerabilities
- Risks (rủi ro, nguy cơ)
- Evaluation of Risks (đánh giá mức độ rủi ro)
Network security
NS: includes all activities designed to protect the network system. Specifically, those
actions ensure system availability, confidentiality, integrity, data safety.
Common cybersecurity risks:
- Viruses, worms and Trojan horses
- Spyware and adware
- Attacks based on Zero day faults or Zero hour Attack
- Attacks based of some different vulnerable such as SQL injection, XSS, faults in
webserver allowing to file remote control,…
- Denial of service attacks – DoS, DdoS
- Sniffing and spoofing attacks
- Unauthorized access and privilege escalation
There is no single security solution that can protect the system from potential threats, it
is necessary for the system to deploy multiple layers of protection, if any threats can
overcome the barrier. Initially there are still layers of security behind
NS must be deployed by both hardware and software
If it is software, we must update it regularly
A security system usually consists of many internal components working together and
coordinating with each other, centrally managed
For example, a solution of network security includes:
- Anti virus Solutions with anti spyware and anti malware
- Firewall Solutions to prevent the illegal access to the network system via setting
some Polices
- IDS/IPS – Intrusion prevention systems, Intrusion detection Systems to recognize
patterns of attack which is stored in database or design news patterns such as
zero day attack, zero hour attack, …
- Virtual Private Network – VPNs to provide encrypted remote access which ensure
the network secure
The need of security network
- The subject which need to be protected
 Data
 Resource: Humans, systems, …
 Reputation
- Bad effects to organizations, communities and societies
 Lost of money
 Lost of time
 Bad effects to the system resources
 Bad effects to organizations reputation
 Lost of development chances
- Consideration
 The secure level of system is better but the user access becomes more
difficult and contrasts
- Confidentiality: Information must be kept confidential and used by the right
audience
- Integrity: Information must be complete, structurally intact, and free from
contradictions
- Availability: Information must always be readily accessible, to serve the right
purpose and in the right way
- Accuracy: Information must be accurate and reliable
- Non-repudiation: Information that can be verified by the source or the informant
- Threats of Information Security is activities and events which causes damage to
the security of an Information System
 Targets of attacks
 Agents of attacks (hackers, attackers, …)
 Activities of attacks
- Targets of attacks: Almost targets are security services (wwwservice, dns service,
…)
 Confidentiality: Will be threatened if the information is not secure
 Integrity: Threat to change the structure of information
 Accuracy of information: threats to change information content
 Availability: makes the system unserviceable
 Ability to statistics system resources
- Agents of attack is subjects which cause damage to the information system
  Ability of threats from agents: accessibility to exploit system vulnerabilities
creates a direct threat
 The agent knowledge about the target: user ID, password file, file location,
network address, etc.
 Motivates of agents: conquest, personal gain, deliberate
- Activities of threats
 Taking advantage of the right to access system information
 Intentionally or unintentionally changing system information
 Illegal access to information
 Deliberately or unintentionally destroying information or systems
 Eavesdropping on information
 Dominates software or hardware
 …..
- Classification of threats
 Have purpose
 No purpose
- System vulnerabilities
 Vulnerabilities: A characteristic which the attacker can exploit to perform
system attacks. System vulnerabilities may exist in the network system or in
the network administration procedure.
 Back door vulnerabilities
 Operating system vulnerabilities
 Application vulnerabilities
 Physical vulnerabilities
 Management polices vulnerabilities (weak password, wrong authorized, …)
- Risks: the combination between threats and vulnerabilities
 Risks = threat + vulnerabilities
 Level: High – Average – Low
- Evaluation of system risks:
Hình ảnh
- Find the vulnerabilities: the identification of system vulnerabilities is initiated
from the point of access to the system such as
 Internet connection
 Remote connection point
  Connections to other organizations
 Environments that physically access the system
 User access points
 Wireless access points
- At each access point, we must determine the information that can be accessed
and the level of access to the system.
- Define threats of information system
 This is a difficult job because threats often don’t appear obvious (hidden)
 Many forms and techniques of attack:
 DoS/DDoS, BackDoor, Buffer Flooding, …
 Virus, Trojan Horse, Worm
 Social Engineering
 The timing of the attack is unknown
 The scale of the attack is unknown
- Evaluate the network security solutions
The network security solutions include:
 Firewall
 Anti virus software
 Access Control: Authentication system (password, biomentrisc,
identification card, …)
Data encryption
Instrument detection system
Other techniques: AD, VPN, NAT
 Users awareness about network security
 System security
- Define the level of risks:
 After identifying the system vulnerabilities, threats and existing security
measures, the level of system risk can be determined as follows
 At a given access point with existing security measures, determine the
impact of threats on the system: security, data integrity, service
responsiveness, capacity data recovery through
 Based on 5 criterions (Costs, Time, Reputation, System resources,
Development opportunities),
 If physical connection is not safe, the risks of system is high
- From the above
 - It is noted tha
- Evaluate risk assessment at the enterprise?
 Evaluate system vul
III. Security vulnerabilities and classification
- Security vulnerabilities
 In the past, many people viewed a security vulnerability as a bug in a piece
of software and hardware that was infected with malicious code.
 However, over the years, the above concept of a security vulnerability has
remained unchanged, but it has added a concept of misconfiguration.
- Classification of security vulnerabilities
 There are many organizations that have different classifications of
vulnerabilities. According to the US Department of Defense, vulnerabilities
are classified into three categories as follows:
 Vulnerabilities class C
o Allows the implementation of attacks according to DoS Low threat
level only affects the quality of service, disrupts the system, does not
damage data or gain access illegal.
o DoS is a form of attack that uses Internet – layer protocols in the
TCP/IP protocol suite to disrupt the system, resulting in the denial of
legitimate users to access or use the system.
o Vulnerable services that allow DoS attacks can be upgrades or fixed
with newer versions of the service provides. Currently, there is no
effective measure to overcome this type of attack because the design
at the Internet layer (IP) in particular and the TCP/IP protocol suite in
general has hidden potential risks of this class of vulnerabilities.
 Vulnerabilities class B
o Allows the user to have more rights on the system without checking
the validity, leading to the loss of information required to be kept
confidential. This vulnerability is often present in applications on
the system. Has a moderate level of danger.
o This vulnerability class B is more dangerous than the vulnerability
class C. It allows internal users to gain higher permissions or gain
unauthorized access. Vulnerabilities of this type often appear in the
above services system. Local user is understood as someone who
has access to the system with certain permission.
o Another form of Vulnerabilities class B appears with programs
written in C code. Programs written in C code often use a buffer
pool, an area of memory used to store data before physical
processing.
 o Programmer usually use an in memory buffer before assigning a
memory space to each block of data.
o For example, when writing a program to enter the username field,
specify that this field is 20 characters long by declaring:
char first_name[20];
o This declaration allows the user to enter up to 20 characters. When
initial data is entered the data is stored in the buffer.
o When the user enter more than 20 characters, the buffer will
overflow. The extra characters will be out the buffer, making it
impossible to control. But for attackers, they can take advantage of
these vulnerabilities to enter special characters to execute some
special commands on the system.
o Usually these vulnerabilities are exploited by the users on the
system to gain invalid root privileges.
o In order to limit type vulnerabilities class B, it is necessary to strictly
control system configuration and programs.
 Vulnerabilities class A
o Allow outsiders to gain illegal access to the system. Can destroy the
entire system. This type of vulnerability has a very dangerous level
that threatens the integrity and security of the system. These
vulnerabilities often appear in systems that are weak or have no
control over the network configuration.
o For example, with web server running on Novell operating systems,
these servers have a script called convert.bas running this script
that allows reading the entire content of files on the system.
o Vulnerabilities of this class are very dangerous because they already
exist on the software used, and administrators who do not
understand deeply about the service and the software used can
ignore this weakness.
o Therefore, it is necessary to regularly check the announcements of
security newsgroups on the network to detect these types of
vulnerabilities. A variety of commonly used old version programs
have class A vulnerabilities such as: FTP, Gopher, Telnet, Sendmail,
ARP, finger,…