The document discusses network security and common cybersecurity risks. It covers the need for network security, threats, vulnerabilities, and risks. It also describes common approaches to network security, including firewalls, antivirus software, intrusion detection/prevention systems, and VPNs. Security vulnerabilities are classified into three categories (C, B, A) based on the level of threat and system impact they pose. Class C allows denial of service attacks, class B allows unauthorized access and data loss, and class A allows full system compromise. A layered approach using multiple security measures is recommended to protect against threats.
The document discusses network security and common cybersecurity risks. It covers the need for network security, threats, vulnerabilities, and risks. It also describes common approaches to network security, including firewalls, antivirus software, intrusion detection/prevention systems, and VPNs. Security vulnerabilities are classified into three categories (C, B, A) based on the level of threat and system impact they pose. Class C allows denial of service attacks, class B allows unauthorized access and data loss, and class A allows full system compromise. A layered approach using multiple security measures is recommended to protect against threats.
The document discusses network security and common cybersecurity risks. It covers the need for network security, threats, vulnerabilities, and risks. It also describes common approaches to network security, including firewalls, antivirus software, intrusion detection/prevention systems, and VPNs. Security vulnerabilities are classified into three categories (C, B, A) based on the level of threat and system impact they pose. Class C allows denial of service attacks, class B allows unauthorized access and data loss, and class A allows full system compromise. A layered approach using multiple security measures is recommended to protect against threats.
- Characteristics for ensuring information security - Threats - Vulnerabilities - Risks (rủi ro, nguy cơ) - Evaluation of Risks (đánh giá mức độ rủi ro) Network security NS: includes all activities designed to protect the network system. Specifically, those actions ensure system availability, confidentiality, integrity, data safety. Common cybersecurity risks: - Viruses, worms and Trojan horses - Spyware and adware - Attacks based on Zero day faults or Zero hour Attack - Attacks based of some different vulnerable such as SQL injection, XSS, faults in webserver allowing to file remote control,… - Denial of service attacks – DoS, DdoS - Sniffing and spoofing attacks - Unauthorized access and privilege escalation There is no single security solution that can protect the system from potential threats, it is necessary for the system to deploy multiple layers of protection, if any threats can overcome the barrier. Initially there are still layers of security behind NS must be deployed by both hardware and software If it is software, we must update it regularly A security system usually consists of many internal components working together and coordinating with each other, centrally managed For example, a solution of network security includes: - Anti virus Solutions with anti spyware and anti malware - Firewall Solutions to prevent the illegal access to the network system via setting some Polices - IDS/IPS – Intrusion prevention systems, Intrusion detection Systems to recognize patterns of attack which is stored in database or design news patterns such as zero day attack, zero hour attack, … - Virtual Private Network – VPNs to provide encrypted remote access which ensure the network secure The need of security network - The subject which need to be protected Data Resource: Humans, systems, … Reputation - Bad effects to organizations, communities and societies Lost of money Lost of time Bad effects to the system resources Bad effects to organizations reputation Lost of development chances - Consideration The secure level of system is better but the user access becomes more difficult and contrasts - Confidentiality: Information must be kept confidential and used by the right audience - Integrity: Information must be complete, structurally intact, and free from contradictions - Availability: Information must always be readily accessible, to serve the right purpose and in the right way - Accuracy: Information must be accurate and reliable - Non-repudiation: Information that can be verified by the source or the informant - Threats of Information Security is activities and events which causes damage to the security of an Information System Targets of attacks Agents of attacks (hackers, attackers, …) Activities of attacks - Targets of attacks: Almost targets are security services (wwwservice, dns service, …) Confidentiality: Will be threatened if the information is not secure Integrity: Threat to change the structure of information Accuracy of information: threats to change information content Availability: makes the system unserviceable Ability to statistics system resources - Agents of attack is subjects which cause damage to the information system Ability of threats from agents: accessibility to exploit system vulnerabilities creates a direct threat The agent knowledge about the target: user ID, password file, file location, network address, etc. Motivates of agents: conquest, personal gain, deliberate - Activities of threats Taking advantage of the right to access system information Intentionally or unintentionally changing system information Illegal access to information Deliberately or unintentionally destroying information or systems Eavesdropping on information Dominates software or hardware ….. - Classification of threats Have purpose No purpose - System vulnerabilities Vulnerabilities: A characteristic which the attacker can exploit to perform system attacks. System vulnerabilities may exist in the network system or in the network administration procedure. Back door vulnerabilities Operating system vulnerabilities Application vulnerabilities Physical vulnerabilities Management polices vulnerabilities (weak password, wrong authorized, …) - Risks: the combination between threats and vulnerabilities Risks = threat + vulnerabilities Level: High – Average – Low - Evaluation of system risks: Hình ảnh - Find the vulnerabilities: the identification of system vulnerabilities is initiated from the point of access to the system such as Internet connection Remote connection point Connections to other organizations Environments that physically access the system User access points Wireless access points - At each access point, we must determine the information that can be accessed and the level of access to the system. - Define threats of information system This is a difficult job because threats often don’t appear obvious (hidden) Many forms and techniques of attack: DoS/DDoS, BackDoor, Buffer Flooding, … Virus, Trojan Horse, Worm Social Engineering The timing of the attack is unknown The scale of the attack is unknown - Evaluate the network security solutions The network security solutions include: Firewall Anti virus software Access Control: Authentication system (password, biomentrisc, identification card, …) Data encryption Instrument detection system Other techniques: AD, VPN, NAT Users awareness about network security System security - Define the level of risks: After identifying the system vulnerabilities, threats and existing security measures, the level of system risk can be determined as follows At a given access point with existing security measures, determine the impact of threats on the system: security, data integrity, service responsiveness, capacity data recovery through Based on 5 criterions (Costs, Time, Reputation, System resources, Development opportunities), If physical connection is not safe, the risks of system is high - From the above - It is noted tha - Evaluate risk assessment at the enterprise? Evaluate system vul III. Security vulnerabilities and classification - Security vulnerabilities In the past, many people viewed a security vulnerability as a bug in a piece of software and hardware that was infected with malicious code. However, over the years, the above concept of a security vulnerability has remained unchanged, but it has added a concept of misconfiguration. - Classification of security vulnerabilities There are many organizations that have different classifications of vulnerabilities. According to the US Department of Defense, vulnerabilities are classified into three categories as follows: Vulnerabilities class C o Allows the implementation of attacks according to DoS Low threat level only affects the quality of service, disrupts the system, does not damage data or gain access illegal. o DoS is a form of attack that uses Internet – layer protocols in the TCP/IP protocol suite to disrupt the system, resulting in the denial of legitimate users to access or use the system. o Vulnerable services that allow DoS attacks can be upgrades or fixed with newer versions of the service provides. Currently, there is no effective measure to overcome this type of attack because the design at the Internet layer (IP) in particular and the TCP/IP protocol suite in general has hidden potential risks of this class of vulnerabilities. Vulnerabilities class B o Allows the user to have more rights on the system without checking the validity, leading to the loss of information required to be kept confidential. This vulnerability is often present in applications on the system. Has a moderate level of danger. o This vulnerability class B is more dangerous than the vulnerability class C. It allows internal users to gain higher permissions or gain unauthorized access. Vulnerabilities of this type often appear in the above services system. Local user is understood as someone who has access to the system with certain permission. o Another form of Vulnerabilities class B appears with programs written in C code. Programs written in C code often use a buffer pool, an area of memory used to store data before physical processing. o Programmer usually use an in memory buffer before assigning a memory space to each block of data. o For example, when writing a program to enter the username field, specify that this field is 20 characters long by declaring: char first_name[20]; o This declaration allows the user to enter up to 20 characters. When initial data is entered the data is stored in the buffer. o When the user enter more than 20 characters, the buffer will overflow. The extra characters will be out the buffer, making it impossible to control. But for attackers, they can take advantage of these vulnerabilities to enter special characters to execute some special commands on the system. o Usually these vulnerabilities are exploited by the users on the system to gain invalid root privileges. o In order to limit type vulnerabilities class B, it is necessary to strictly control system configuration and programs. Vulnerabilities class A o Allow outsiders to gain illegal access to the system. Can destroy the entire system. This type of vulnerability has a very dangerous level that threatens the integrity and security of the system. These vulnerabilities often appear in systems that are weak or have no control over the network configuration. o For example, with web server running on Novell operating systems, these servers have a script called convert.bas running this script that allows reading the entire content of files on the system. o Vulnerabilities of this class are very dangerous because they already exist on the software used, and administrators who do not understand deeply about the service and the software used can ignore this weakness. o Therefore, it is necessary to regularly check the announcements of security newsgroups on the network to detect these types of vulnerabilities. A variety of commonly used old version programs have class A vulnerabilities such as: FTP, Gopher, Telnet, Sendmail, ARP, finger,…