Module 6: Security threats and

mothods to mitigate
www.saigonlab.vn

Network Security

Vulnerabilities and Threats

Security Policy

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

Security Risks and Assessment

Network Security and its Goals
Confidentiality, Integrity, Availability
Purpose of Network Security
The Closed Network
The Network Today
Trends Affecting Network Security
Key Elements of Network Security

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

Security Risks and Assessment

Security risks cannot be eliminated or

prevented completely
However, effective risk management and
assessment can significantly minimize the
existing security risks
An acceptable level of risk depends on how
much risk the business is willing to assume if it
does not implement the security measure
(either in part or in its entirety)

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

Network Security and its Goals

Network security is the process by which digital

information assets are protected
Security has one purpose, to protect assets,
whether it is personal property, or electronic
files containing certain information. Security
measures should ensure:
Users can perform only authorized tasks
Users can obtain only authorized information
Users cannot cause damage to the data,
applications, or operating environment of a system
Should also involve controlling the effects of errors
and equipment failures

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

Network Security and its Goals

The goals of security are:

Confidentiality
Integrity
Availability

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

Confidentiality, Integrity, Availability

Confidentiality
The protection of data from unauthorized disclosure
to a third party

Integrity
Assurance data is not altered or destroyed in an
unauthorized manner again including sending it
electronic

Availability/Transparently

Connectivity
Performance
Ease of Use
Manageability
Availability

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

The Closed Network

Originally networks were closed and were

only connected to know parties and sites

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

The Network Today

The advent of the Internet, e-business, WWW, and now

even more wireless, has moved the closed system to an
open network
And businesses and individuals must address the balance
of openness and security
One new device introduces were firewall devices (in both
hardware and software)

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

The Network Today

The basic function of the firewall device

Allow anything from inside to go outside or to the

DMZ (Demilitarized Zone)
Only allow outside things in if originated from inside
like web surfing, email responses
Create a DMZ for maybe a web site, etc Create
ACL (conduits) to allow specific
things/people/whatever to access the DMZ

Newer devices include

IDS (Intrusion Detection System) monitoring and

reacting to know attacks
AAA (Authentication, Authorization, Accounting)
Vulnerability Assessment Systems

Bringing a True-long Stand Vocation

Lesson 1: Network Security

www.saigonlab.vn

Trends Affecting Network Security

Increase of Network Attacks

Increased Sophistication of Attacks
Increased Dependence on the Network
Lack of trained personnel
Lack of awareness
Lack of Security Policies
Wireless Access
Legislation
Litigation

Bringing a True-long Stand Vocation

10

Lesson 1: Network Security

www.saigonlab.vn

Key Elements of Network Security

Bringing a True-long Stand Vocation

11

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Network Security Vulnerabilities

Threat Capabilities
Network Security Threats
Specific Attack Types
Three Classes of Network Attacks
Vulnerabilities Exist at all OSI Layers
Virus and Trojan Horses

Bringing a True-long Stand Vocation

12

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Network Security Vulnerabilities

Threats are unauthorized access of a network

or network device. Typically, these threats are
persistent due to vulnerabilities/weaknesses,
which can arise from:
Configuration
Policy
Technology

Bringing a True-long Stand Vocation

13

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Network Security Vulnerabilities Configuration

Weaknesses

Unsecured user accounts (exposed usernames and

passwords during data transmission)
Easily guessed passwords. Some policies include: 1)
minimal password lengths, 2) mixture of letters and digits,
3) no people/pet names, no birthdays, no . Whatever
Misconfigured Internet services
Unsecured default settings within products.
Misconfigured network equipment (routers, switches,
firewalls, ACLs, SNMP community strings, etc)

Bringing a True-long Stand Vocation

14

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Network Security Vulnerabilities Security

Policy Weaknesses

Lack of written policy

Politics
Lack of continuity (employee turnover)
Logical access controls not applied. 1) easily
guessed/cracked passwords, 2) inadequate
monitoring and auditing, 3) failure to act on
unauthorized access (people looking the other
way can pay the price for inaction)
Software and Hardware installation and
changes do not follow policy (possibly
unauthorized and open to security holes)
Disaster Recovery Plan is nonexistent. Causes
1) chaos, 2) panic, 3) and confusion

Bringing a True-long Stand Vocation

15

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Network Security Vulnerabilities

Inherent Technology Weaknesses

Computer and network technologies have

intrinsic security weaknesses including:
TCP/IP protocol weaknesses such as
HTTP, FTP, ICMP, SNMP, and SMTP
Operating system weaknesses such as
Windows, Unix, Linux, MacIntosh, and OS/2
Network equipment weaknesses such as
routers, switches, firewalls, etc

Bringing a True-long Stand Vocation

16

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Threat Capabilities-More Dangerous

and Easier to Use

Bringing a True-long Stand Vocation

17

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Network Security Threats

There are four general categories of security

threats to the network:
Unstructured threats
Structured threats
Internal
exploitation
Internet
External threats
Dial-in
Ex
exploitation
ex tern
p
a
loi l
Internal threats
ta
t io

Compromised
host

Bringing a True-long Stand Vocation

18

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Specific Attack Types

Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms

Bringing a True-long Stand Vocation

19

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Three Classes of Network Attacks

Reconnaissance attacks
Access attacks
Denial of service attacks

Bringing a True-long Stand Vocation

20

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Bringing a True-long Stand Vocation

21

Lesson 2: Vulnerabilities and Threats

www.saigonlab.vn

Virus and Trojan Horses

Viruses refer to malicious software that are

attached to another program to execute a
particular unwanted function on a users
workstation. End-user workstations are the
primary targets
A Trojan horse is different only in that the
entire application was written to look like
something else, when in fact it is an attack tool.
A Trojan horse is mitigated by antivirus
software at the user level and possibly the
network level

Bringing a True-long Stand Vocation

22

Lesson 3: Security Policy

www.saigonlab.vn

What Is a Security Policy?

Why Create a Security Policy?
Security Policy Elements
Network Security as a Continuous Process
Secure the Network
Monitor Security
Test Security
Improve Security
Security Policy Balance
Network Security Models

Bringing a True-long Stand Vocation

23

Lesson 3: Security Policy

www.saigonlab.vn

What Is a Security Policy?

A security policy is a formal statement of the

rules by which people who are given access to
an organizations technology and information
assets must abide
A properly implemented security policy without
dedicated security hardware can be more
effective at mitigating the threat to enterprise
resources than a comprehensive security product
implementation without an associated policy
When creating a policy, always define security
requirements before defining security
implementations

Bringing a True-long Stand Vocation

24

Lesson 3: Security Policy

www.saigonlab.vn

Why Create a Security Policy?

To create a baseline of your current security posture

To set the framework for security implementation
To define allowed and not allowed behaviors
To help determine necessary tools and procedures
To communicate consensus and define roles
To define how to handle security incidents

Bringing a True-long Stand Vocation

25

Lesson 3: Security Policy

www.saigonlab.vn

Security Policy Elements

Data Assessment
Vulnerabilities
Host Addressing
Denial of Service
Application Definition

POLICY
Misuse

Usage Guidelines
Reconnaissance
Topology/Trust Model

On the left are the network design factors upon which

security policy is based
On the right are basic Internet threat vectors toward which
security policies are written to mitigate

Bringing a True-long Stand Vocation

26

Lesson 3: Security Policy

www.saigonlab.vn

Network Security as
a Continuous
Process

Secure

The Security Wheel

Network security is a Improve
continuous process
built around a
security policy

Step 1: Secure
Step 2: Monitor
Step 3: Test
Step 4: Improve

Bringing a True-long Stand Vocation

Security
Policy

Test

27

Monitor

Lesson 3: Security Policy

www.saigonlab.vn

Secure the Network

Implement security
solutions to stop or
prevent unauthorized
access or activities, and to
protect information:
Improve
Authentication
Encryption
Firewalls
Vulnerability patching
Turn off unncessary
services

Bringing a True-long Stand Vocation

28

Secure

Security
Policy

Test

Monitor

Lesson 3: Security Policy

www.saigonlab.vn

Monitor Security

Detects violations to
the security policy
Involves system
auditing and real-time Improve
intrusion detection
(IDS Intrusion
Detection System)
Validates the security
implementation in
Step 1

Bringing a True-long Stand Vocation

29

Secure

Security
Policy

Test

Monitor

Lesson 3: Security Policy

www.saigonlab.vn

Test Security

Validates
effectiveness of the
security policy through
system auditing and
vulnerability scanning Improve
Vulnerability scanning
tools such as SATAN,
Nessus, or NMAP are
useful for periodically
testing the network
security measures

Bringing a True-long Stand Vocation

30

Secure

Security
Policy

Test

Monitor

Lesson 3: Security Policy

www.saigonlab.vn

Secure

Improve Security

Use information from

the monitor and test
phases to make
improvements to the Improve
security implementation
Adjust the security
policy as security
vulnerabilities and risks
are identified

Bringing a True-long Stand Vocation

31

Security
Policy

Test

Monitor

Lesson 3: Security Policy

www.saigonlab.vn

Security Policy Balance

The trade-off between minimizing

the impact on user productivity and
maximizing security measures
Two Levels of Security Policies
Requirements level. The degree to which
the network assets must be protected
against intrusion or destruction, and also
estimates the cost, or consequences, of a
security breach
Implementation level. Defines guidelines
to implement the requirements-level
policy, using specific technology in a
predefined way

Bringing a True-long Stand Vocation

32

Lesson 3: Security Policy

www.saigonlab.vn

Network Security Models

Bringing a True-long Stand Vocation

33

Lesson 3: Security Policy

www.saigonlab.vn

Ope
ratin
g
Sec Syste
m
urity

Plat
form
Sec
urity
Netw
ork
Sec
urity
Phy
s ic a
l Se
curi
Pol
ty
icie
s an
dP
roc
edu
re s

Bringing a True-long Stand Vocation

34

www.saigonlab.vn

Bringing a True-long Stand Vocation