Major Concepts:
•Rationale for network security
•Data confidentiality, integrity, availability
•Risks, threats, vulnerabilities and countermeasures
•Methodology of a structured attack
•Security model (McCumber cube)
•Security policies, standards and guidelines
•Selecting and implementing countermeasures
•Network security design
What is Network Security?
National Security Telecommunications and Information Systems Security Committee (NSTISSC)
Network security is the protection of information and systems and hardware that use, store, and transmit that information.
Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources.
Rationale for Network Security
Network security initiatives and network security specialists can be found in private and public, large and small companies and organizations. The need for network security and its growth are driven by many factors:
1.Internet connectivity is 24/7 and is worldwide
2.Increase in cyber crime
3.Impact on business and individuals
4.Legislation & liabilities
5.Proliferation of threats
6.Sophistication of threats
Business Impact
1.Decrease in productivity
2.Loss of sales revenue
3.Release of unauthorized sensitive data
4.Threat of trade secrets or formulas
5.Compromise of reputation and trust
6.Loss of communications
7.Threat to environmental and safety systems
8.Loss of time
Goals of an Information
Security Program
•Confidentiality
-Prevent the disclosure of sensitive information from unauthorized people, resources, and processes
•Integrity
-The protection of system information or processes from intentional or accidental modification
•Availability
-The assurance that systems and data are
accessible by authorized users when needed
Risk Management
•Risk Analysis
•Threats
•Vulnerabilities
•Countermeasures
Risk Assessment
•Risk assessment involves determining the likelihood that the vulnerability is a risk to the organization
•Each vulnerability can be ranked by the scale
•Sometimes calculating anticipated losses can be helpful in determining the impact of a vulnerability
Asset Identification
•Categories of assets
-Information Assets (people, hardware, software, systems)
-Supporting Assets (facilities, utilities, services)
-Critical Assets (can be either of those listed above)
•Attributes of the assets need to be compiled
•Determine each item’s relative value
-How much revenue/profit does it generate?
-What is the cost to replace it?
-How difficult would it be to replace?
-How quickly can it be replaced?
Types of Network Threats
•Impersonation
•Eavesdropping
•Denial-of-service
•Packet replay
•Man-in-the-middle
•Packet modification
Vulnerability
•A network vulnerability is a weakness in a system, technology, product or policy
•In today’s environment, several organizations track, organize and test these vulnerabilities
•The US government has a contract with an organization to track and publish network vulnerabilities
•Each vulnerability is given an ID and can be reviewed by network security professionals over the Internet.
•The common vulnerability exposure (CVE) list also publishes ways to prevent the vulnerability from being attacked
Vulnerability Appraisal
•It is very important that network security specialists comprehend the importance of vulnerability appraisal
•A vulnerability appraisal is a snapshot of the current security of the organization as it now stands
•What current security weaknesses may expose the assets to these threats?
•Vulnerability scanners are tools available as free Internet downloads and as commercial products
-These tools compare the asset against a database of known vulnerabilities and produce a discovery
Passive Attack
-Listen to system passwords
-Release of message content
-Traffic analysis
-Data capturing
Active Attack
-Attempt to log into someone else’s account
-Wire taps
-Denial of services
-Masquerading
-Message modifications
Specific Network Attacks
•Rationale for network security
•Data confidentiality, integrity, availability
•Risks, threats, vulnerabilities and countermeasures
•Methodology of a structured attack
•Security model (McCumber cube)
•Security policies, standards and guidelines
•Selecting and implementing countermeasures
•Network security design
What is Network Security?
National Security Telecommunications and Information Systems Security Committee (NSTISSC)
Network security is the protection of information and systems and hardware that use, store, and transmit that information.
Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources.
Rationale for Network Security
Network security initiatives and network security specialists can be found in private and public, large and small companies and organizations. The need for network security and its growth are driven by many factors:
1.Internet connectivity is 24/7 and is worldwide
2.Increase in cyber crime
3.Impact on business and individuals
4.Legislation & liabilities
5.Proliferation of threats
6.Sophistication of threats
Business Impact
1.Decrease in productivity
2.Loss of sales revenue
3.Release of unauthorized sensitive data
4.Threat of trade secrets or formulas
5.Compromise of reputation and trust
6.Loss of communications
7.Threat to environmental and safety systems
8.Loss of time
Goals of an Information
Security Program
•Confidentiality
-Prevent the disclosure of sensitive information from unauthorized people, resources, and processes
•Integrity
-The protection of system information or processes from intentional or accidental modification
•Availability
-The assurance that systems and data are
accessible by authorized users when needed
Risk Management
•Risk Analysis
•Threats
•Vulnerabilities
•Countermeasures
Risk Assessment
•Risk assessment involves determining the likelihood that the vulnerability is a risk to the organization
•Each vulnerability can be ranked by the scale
•Sometimes calculating anticipated losses can be helpful in determining the impact of a vulnerability
Asset Identification
•Categories of assets
-Information Assets (people, hardware, software, systems)
-Supporting Assets (facilities, utilities, services)
-Critical Assets (can be either of those listed above)
•Attributes of the assets need to be compiled
•Determine each item’s relative value
-How much revenue/profit does it generate?
-What is the cost to replace it?
-How difficult would it be to replace?
-How quickly can it be replaced?
Types of Network Threats
•Impersonation
•Eavesdropping
•Denial-of-service
•Packet replay
•Man-in-the-middle
•Packet modification
Vulnerability
•A network vulnerability is a weakness in a system, technology, product or policy
•In today’s environment, several organizations track, organize and test these vulnerabilities
•The US government has a contract with an organization to track and publish network vulnerabilities
•Each vulnerability is given an ID and can be reviewed by network security professionals over the Internet.
•The common vulnerability exposure (CVE) list also publishes ways to prevent the vulnerability from being attacked
Vulnerability Appraisal
•It is very important that network security specialists comprehend the importance of vulnerability appraisal
•A vulnerability appraisal is a snapshot of the current security of the organization as it now stands
•What current security weaknesses may expose the assets to these threats?
•Vulnerability scanners are tools available as free Internet downloads and as commercial products
-These tools compare the asset against a database of known vulnerabilities and produce a discovery
report that exposes the vulnerability and assesses its severity
Risk Management Terms
•Vulnerability – a system, network or device weakness
•Threat – potential danger posed by a vulnerability
•Threat agent – the entity that indentifies a vulnerability and uses it to attack the victim
•Risk – likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact
•Exposure – potential to experience losses from a threat agent
•Countermeasure – put into place to mitigate the potential risk
Types of Attacks
Structured attack
Come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.
Unstructured attack
Consists of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company.
External attacks
Initiated by individuals or groups working outside of a company. They do not have authorized access to the computer systems or network. They gather information in order to work their way into a network mainly from the Internet or dialup access servers.
Internal attacks
More common and dangerous. Internal attacks are initiated by someone who has authorized access to the network. According to the FBI, internal access and misuse account for 60 to 80 percent of reported incidents. These attacks often are traced to disgruntled employees.
Risk Management Terms
•Vulnerability – a system, network or device weakness
•Threat – potential danger posed by a vulnerability
•Threat agent – the entity that indentifies a vulnerability and uses it to attack the victim
•Risk – likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact
•Exposure – potential to experience losses from a threat agent
•Countermeasure – put into place to mitigate the potential risk
Types of Attacks
Structured attack
Come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.
Unstructured attack
Consists of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company.
External attacks
Initiated by individuals or groups working outside of a company. They do not have authorized access to the computer systems or network. They gather information in order to work their way into a network mainly from the Internet or dialup access servers.
Internal attacks
More common and dangerous. Internal attacks are initiated by someone who has authorized access to the network. According to the FBI, internal access and misuse account for 60 to 80 percent of reported incidents. These attacks often are traced to disgruntled employees.
Passive Attack
-Listen to system passwords
-Release of message content
-Traffic analysis
-Data capturing
Active Attack
-Attempt to log into someone else’s account
-Wire taps
-Denial of services
-Masquerading
-Message modifications
Specific Network Attacks
•ARP Attack
•Brute Force Attack
•Worms
•Flooding
•Sniffers
•Spoofing
•Redirected Attacks
•Tunneling Attack
•Covert Channels
•Brute Force Attack
•Worms
•Flooding
•Sniffers
•Spoofing
•Redirected Attacks
•Tunneling Attack
•Covert Channels
Thank you for briefing up all the main points about network security. I am familiar with the types of network security and is curious to learn about the tools and software designed to protect and secure networks.
electronic signature software