Network Security

Last updated Jun 24, 2023 Edit

• Compsci
• Theory
• Networking

• Valuable data or infrastructure is held on internet-connected devices
• Hacking can be used to exploit vulnerabilities in computer systems and extract data, hold infrastructure ransom or cause other disruptions.

• Responsible for network security
• Various methods are used to prevent network threats and used to keep networks secure, however there are always vulnerabilities that can be exploited

• Malware is a type of program that can replicate itself and cause a computer to malfunction.
• It can cause the computer to stop, misbehave or become unresponsive.
• May delete or corrupt files

• Virus
  • Replicates
  • Causes damage
• Worms
  • Replicates without user intervention
  • Type of virus
• Trojans
  • User is tricked to install malware
  • The Trojan pretends to be something else

• Copied to memory when the host file is executed. Once the virus resides in the memory, any file copied to the memory can be infected.
• Viruses may reside in macro files:
  • Usually attached to a word processing or spreadsheet file
  • It infects the template when the data file is opened
  • These viruses tend to be less harmful

• Worms trick the user to open an infected file or email attachment
• Worms self-replicate without user action and spread to other users by sending emails to them from the infected computer’s address book.
• Worms affect the speed of the computer, server and and network by occupying bandwidth

• Both self replicate
• Viruses only replicate when the host file is opened or executed
• Alternatively worms do not require any user action to self-replicate

• Trick the user into opening or executing an infected file by camouflaging in the form of a program.
• Trojans infect the computer and give access to the trojan creator via a backdoor
• Backdoors allow outsiders to bypass security checks by opening an access channel.
• Some actions of a trojan creators are stealing personal information and sending spam email via infected network resources
• Groups of computers that function like this are called botnets
• Unlike viruses and worms, trojans do not self-replicate

• Malware can be prevented by installing antivirus software and avoiding software from unknown sources. Must be updated regularly to avoid becoming vulnerable to new attacks.
• Backing up a system in an off-site mode will help to retrieve the corrupted data is attacked by malware.
• Updating the operating system and browser also helps in fixing security vulnerabilities. Browsers identify harmful sites.

• A user might receive emails to gain personal banking details which could be misused

• The emails look as though they are sent by their bank

• The user clicks on a link and enters their personal information into a fake banking website, giving the attacker their credentials

• Not always easily identifiable, some are much better than others

• It is always important to check the URL and email address before interacting

• Many email providers filter out a lot of phishing emails using automatic filters

• Denial of service attacks prevent a user from accessing part of a network such as an Internet server.
• A user can be prevented from accessing websites, emails and banking applications.
• Aims to overwhelm the server, does not really work against modern hardware.

• Data packets travelling across a network can be intercepted and read by a third-party
• This can be prevented by ensuring the communications are encrypted with a secure algorithm
• Packet sniffing software such as Wireshark can be used to examine packets moving across a network that you are currently connected to.
• Some protocols such as VoIP can be reconstructed through this method
• Sometimes it is legitimate to use this software to analyse network trends and detect intrusion attempts. This is done by organisations.
• In wireless LAN, this is done by using special Wi-Fi adapters
• It is easy for an attacker to intrude a wireless signal as this can be done from a range of 300m
• It is important to encrypt data using WPA (Wi-Fi protected access) that uses a key of at least 128 bits.
• Keys are often regenerated for each packet to avoid intrusion.

• An attacker tries many passwords with the hope that he will guess it correctly.
• The attacker tries all the possible passwords systematically until the correct one is found.
• Short passwords can be easily determined

• A brute force attack is delayed by using a CAPTCHA
• This requires a user to answer a different question between successive attempts
• Users are advised to use long, alphanumeric passwords as a measure to improve security.

• SQL injection is a type of attack in which an attacker executes a malicious SQL statement in a web server’s database
• Hence, an unauthenticated user may gain access to sensitive information
• An example would be typing DROP * into a search box (destructive) or something like SELECT * to return the information

• Pharming is a type of attack in which malicious code is installed on the user’s computer or the web server that they access without their knowledge
• This would then redirect the user to a fake website

• A user should ensure that a proper SSL connection is active as this will highlight an issue
• Ensure relevant anti-spyware software is running
• Check that the URL matches what is expected

• Software applications are constantly upgraded by developers to improve security
• Users receive patches that update the software
• Unpatched software may expose you to unnecessary risk

• Shoulder surfing is an attack where the password or pin numbers of a user are obtained by the attacker just by observing them.

• The attacker creates a situation to trick the user into providing sensitive information or perform actions that are not usually permitted.

• Malware uses a buffer overflow attack to write values to memory locations that are larger than it can handle
• As a result, neighbouring locations are overwritten
• In this way, an attacker gains access to locations they do not have
• Now the processor thinks that there are new instructions to execute, and will perform actions as defined by attackers.

“One single vulnerability is all an attacker needs. - Window Snyder”

• Penetration testing is a testing method to analyse a computer system or network for possible vulnerabilities that an attacker may take advantage of.
• Penetration testing can be automated by software and involves the following steps:
  • Identifying a vulnerability in the system
  • Setting up an attack to check the vulnerability
  • Carrying out the attack
  • Testing the ability of the system to recover any lost or corrupted data after the attack

• Hardware and/or software placed between the user’s computer and an external network, such as the internet, to filter data in and out of the computer.

• Firewalls are installed on servers, computers, or routers depending upon the network requirements

• A hardware firewall is a computer that consists of two network interface cards, one connected to the internal network and the other connected to the external network.

• Checks whether the incoming and outgoing data meet the set of requirements imposed by the network administrator.

• Preventing malware and hackers from accessing the internal network.

• Prevent Denial of Service attacks.

• A user is notified when the software in a system tries to access an external source.

• When a firewall is software based, it is usually integrated into the operating system.

• A firewall examines the source and destination IP address in a packet
• Only the data packets with permitted IP addresses are allowed
• Packets may be filtered based on the protocol being used o the port number it is trying to access
• If data fails to meet these requirements a warning is issued or the data is dropped and not allowed to pass through

• The process of filtering data packets by examining the payload is called stateful inspection or packet filtering
• Based on the recent conversations, packets will be filtered
• A data packet is rejected if it does not form a part of a registered communication.

• The use of modems by an internal computer to bypass a firewall cannot be prevented
• Does not take care of password strength and carelessness of an internal user.
• Firewalls can also be disabled in stand-alone computers according to a user’s choice, the computer is not safe
• In an organisation, it is important for a network manager to control the firewall.

• A proxy server installed between a user’s computer and the web server acts as a firewall.

• Access to certain websites can be blocked

• Response time for a web browser’s request can be reduced by using a cache

• During the first visit to a website, its home page is stored in a proxy server cache

• During the next visit, certain features of the website are loaded from this cache, speeding up access

• A proxy server hides the IP address of a user, enhancing security

• Authentication is used to provide access to trusted parties. The security is further strengthened using encryption.
• To login to systems each user is provided with sets of usernames and passwords
• The various sets of usernames and passwords are stored in a security file. If the user provides the correct set of usernames and passwords they are granted access. If they do not match, their access is refused.
• Some systems may ask the user to enter only certain characters of the password to shield from potential keyloggers.

• Biometrics refers to the authentication techniques that rely on measurable physical characteristics.
• Some examples of such characteristics are fingerprint scans, retina scans, and face and voice recognition.

• SSL and TLS are two protocols that ensure communication between the user and the webserver is encrypted.

• Browsers typically display a padlock when this kind of connection is active.

• TLS is the newest protocol

• Encoding a message in such a way that only allows authorised users to decipher it.
• When an unauthorised user receives an encrypted message, they cannot decipher it.
• Public/Private key encryption is typically used here.

• Symmetric ciphers use the same method in different directions to encrypt/decrypt
• Asymmetric ciphers use clock arithmetic to perform a one way function.

• Only kept by the intended recipient
• Used to decrypt the message
• Never transmitted

• Available to all users

• A key making algorithm is responsible for generating public and private keys of the receiver.
• The public key can be found in a directory.
• Sender encrypts the message using a public key in this directory.
• Receiver receives this data and decrypts it using the private key.

• Certificates run the same hashing algorithm against packets to assure that a packet has not been altered in transit
• A hash can be produced by the sender and then encrypted with a private key before being transmitted by the sender.
• If the receiver decrypts the packet and calculates a different hash, they know that something is wrong.
• A certificate authority (CA) such as Let’s Encrypt will issue a digital certificate

• The router compares the MAC address of the device requesting a connection with a list of approved devices.
• The list of approved devices is managed by a network administrator
• MAC address filtering is not completely secure
• MAC addresses can be filtered
• A hacker could intercept packets and find the MAC address of an approved device and then imitate it.

Networking