Introduction to Network

Security

Based on slides accompanying the book

Network Defense and Countermeasures
by Chuck Easttom (2018)
Objectives
 Identify the most common dangers to
networks
 Understand basic networking
 Employ basic security terminology
 Find the best approach to network security
for an organization
 Evaluate the legal issues that will affect your
work as a network administrator
 Use resources available for network security

2
Introduction

 The growth of the Internet has brought many

ways in which networks can be compromised
and data stolen.

 Legislators are working to create laws to

prevent identity theft and ways to reduce the
effects of viruses and worms such as
MyDoom, MSBlaster, and others.

3
The Basics of a Network

 You need to understand the following:

 Basic network structure
 Data packets
 IP addresses
 Uniform Resource Locators (or URL)
 MAC addresses
 Protocols
 Basic network utilities
 The ISO/OSI Model

4
Basic Network Structure

 The fundamental purpose of networks is for

communication

 Part of the network structure includes:

 NICs, hubs, switches, routers, and firewalls

 Network architecture comprises the format in

which these devices are connected

5
Data Packets

 This is the package that holds the data and

transmission information
A network packet = header + payload

 Ultimately formatted in binary

 Information included in packets:
Source and destination (IP Address) information
Packet size (in bytes) and type (e.g. Ethernet)

Data and other header information

6
IP Addresses
= network prefix + host identifier
 IPv4 is a series of four three-digit numbers
separated by periods: [Link] (the dot-
decimal notation)
 Each three-digit is between 0 and 255 (a byte/octet)

 Classful network addressing

 The first byte indicates the network class.
 classes A through E (See the table in
[Link]

7
Bitwise
representation
of Classful IP
addressing

source:
[Link]
ki/Classful_network

class D for multicasting

class E reserved (for
experimental use)

8
IP Addresses
= network prefix + host identifier
 Classless Inter-Domain Routing (CIDR)
 The suffix indicate the number of bits of the
network prefix
 e.g., [Link]/24

Q1: What is the network prefix?

Q2: What is the range of host addresses?

9
IP Addresses

 Certain ranges are private, for use within a

private network
 [Link] – [Link]
 [Link] – [Link]
 [Link] – [Link]

10
IP Addresses
 IPv6 uses a 128-bit address and hex
numbering.
 IPv6 addresses are represented as eight groups of
four hexadecimal digits (with the groups being
separated by colons)
 Example: [Link]
 An IPv6 address may have more than one representation.
Initial address: [Link]
After removing all leading zeroes in each group:
[Link]
After using :: to replace consecutive sections of zeroes:
[Link]

11
Uniform Resource Locators
 URLs are text-based web
addresses, such as
[Link],
that translate into Internet
IP addresses

 Translation is performed
by Domain Name
System/Service (DNS)
servers
Source:
[Link]
/41620/dns
12
MAC Addresses

 MAC addresses are unique hardware

addresses
 Every NIC in the world has a unique MAC
address
 Six-byte hexadecimal numbers
 Address Resolution Protocol (ARP) converts
IP addresses to MAC addresses

13
Protocols

 Types/standards of network communication

are called protocols
 Examples include
 FTP, SSH, Telnet, SMTP
 WhoIS, DNS, tFTP
 HTTP, POP3, NNTP
 NetBIOS, IRC, HTTPS
 SMB, ICMP

14
Basic Network Utilities
 Ipconfig
 gives you information about the computer’s network
connection, addresses, …
 Ping
 Used to send a test packet to a target machine to find
out whether that machine is reachable and how long it
takes …
 Tracert
 Trace route (= ping + intermediate hops)
 Netstat
 Net Status
15
The Open Systems Interconnect
(OSI) Model

16
Source: [Link] 17
What Does This Mean for Security?

 There are three points of attack:

The data itself

 Data at rest vs data in transit/motion

The network connection points

The people

18
Assessing Likely Threats to the
Network
 Extreme, ill-informed attitudes about security
threats can lead to poor decisions.

 These are the two ends of the spectrum

 There is no real threat, nothing to worry about
 Extreme alarm: all hackers are experts and out to
break into my network

19
Assessing Likely Threats to the
Network
 No real threat:
 Fosters a laissez-faire attitude toward security
 Promotes a reactive approach to security
 Security measures are not put in place until after a
breach has occurred.
 This approach must be avoided at all costs.

20
Assessing Likely Threats to the
Network
 Is the world full of hackers out to get me?
 Yes, they exist, but not to the extent publicized
 Lesser skilled hackers are more pervasive
 They target smaller companies
 Usually experts seek high profile networks
 Financial and ideological gain are the targets

21
Assessing Likely Threats to the
Network
 The only practical approach is the realistic
one.
 This approach is a moderate solution to the
two extremes.
 Assessment is a complex task.
 Many factors need to be addressed.

22
Classifying Threats by Function
 Intrusion  Malware
 Cracking  Viruses
 Social engineering  Worms
 War-dialing  Trojan horses
 War-driving  Bots
 Blocking  Ransomware
 Denial of Service (DoS)  Spyware
 Cookies
 Distributed Denial of
 Key loggers
Service (DDoS)

23
Likely Attacks

 Administrators should ask:

 What are the realistic dangers?
 What are the most likely attacks for our network?
 What are some common vulnerabilities?
 What is the likelihood of an attack?

 Risk Management

24
Threat Assessment Factors

 Attractiveness of the system (discussed

earlier)
 The nature of the information on the system
 Traffic to the system (security devices in
place)

25
Threat Assessment
- Vulnerability score
 A numerical scale can be assigned to each
factor
 Attractiveness (A): 1–10
 Information content (I): 1–10
 Security devices present (S): 1–10
 The equation is: V = (A + I) – S
 Where V equals Vulnerability score
 Lower score indicates lower risk (-18 .. 19)

26
Understanding Security Terminology
Hacking terminology Security terminology
 Firewall
 Proxy server
 White hat hackers
 Intrusion-detection system
 Black hat hackers
 Non-repudiation
 Gray hat hackers
 Confidentiality
 Script kiddy
 Authentication
 Cracker  Data integrity vs origin
 Ethical hacker (or pen integrity
tester)  Auditing
 Phreaking  Access control
 …
27
Helpful Websites for Security Terminology

 [Link]/information%2Dsecurity/
 [Link]/rfc/[Link]

28
Approaching Network Security

 Proactive versus reactive/passive

 Perimeter security approach: Focus is on
perimeter devices; internal devices are still
vulnerable
 Layered security approach: Focus includes
both perimeter and individual computers
within the network
 Hybrid security approach: Combination of
multiple security paradigms
29
 Layered

Reactive/
passive Proactive/
dynamic

Perimeter-based

30
Network Security and the Law

 Sarbanes-Oxley (SOX)
 Computer Security Act of 1987
 Health Insurance Portability and
Accountability Act (HIPAA)

31
Using Security Resources

 CERT ([Link]/)
 Microsoft Security TechCenter
([Link]
 F-Secure Corporation ([Link]/)
 SANS Institute ([Link]/)

32
Summary
 Most common dangers to networks are viruses,
worms, Trojan horses, and ransomware.

 Basic security terminology:

 Hacking terms: Deal with people and activities
 Security terms: Deal with devices and policies

 Approaches to securing your network:

 Proactive versus reactive
 Perimeter versus Layered
 Hybrid

33
Summary
 Legal issues:
 SOX
 HIPAA
 State-specific legislation regarding computer crimes
 Business-specific legislations

 Resources available for network security:

 CERT
 Microsoft Security TechCenter
 F-Secure Corporation
 SANS institute

34