SlideShare uma empresa Scribd logo

Chapter1 intro network_security_sunorganised

•Transferir como PPT, PDF•
•
B
Bule Hora University

Network security

Internet
1 de 52
Chapter 1 Introduction to Network Security Fifth Edition by William Stallings 1
Introduction What Is Malware? The term "malware" is a combination or blend of two words - malicious and software, and it means malicious software that can be utilized to harm any system, or network, or mobile devices or even the servers. These are unpleasant programs installed without any proper or actual user consent that can damage the performance of your system, erase your data, and mine your personal data. They can be even controlled remotely by malicious cybercriminals. So, from these activities, it is now clear that these malicious programs need to stop accessing any system. Security professionals and analysts are hired in almost all companies to keep track of all systems, networks, and servers to see if there is any malicious activity getting performed or not, or whether there is any data leakage and stealing happening within the organization's network or not. Malware may come from unknown phishing sites, spam emails, or unauthorized or illicit external USB or flash drives. Types of Malware Certain common types of malware can be seen in the wild. These are listed below: • Viruses • Worms • Spyware • Ransomware • Rootkits • Bots • Trojans • Adware
Introduction What Is Computer Virus? Computer viruses are malicious codes that can contaminate multiple files on any system. They get spread when these infected files are sent over emails or via flash or external drives and can replicate and delete useful information. Viruses are of different types: • Boot sector virus. • Polymorphic virus. • Web scripting virus. • Browser hijacking virus. • Direct action virus. • Resident virus. • File infectors. • Multipartite virus. • Macro virus.
Introduction What is Computer Worm? -Computer Worms are particular types of malware that are self-replicating, and through this technique, they spread to another computer. It gets spread by itself through the computer networks or by the use of other flash drives. What is Spyware? -Spywares are unwanted programs that will spy on your system without your knowledge and will steal your sensitive data and other browsing information and will or will take access to your system to damage it. What is Ransomware? -Ransomware's are malicious programs that will encrypt all your system's data and will ask for a ransom to decrypt these files. They take the support of the Bitcoins to get the ransom. What is Rootkit? -A rootkit is a unique harmful program used by cybercriminals to take privileged access to any system by hiding its presence in that system. What is Trojan? -A trojan is programmed for a particular purpose and can be destructive. They act as legitimate files but can bring unexpected changes to your system even when your system is in an idle state. What is Adware? -Adware is malicious software that will hide and will periodically pop up with ads. Some of them also keep track of your online activities and searches. How to Keep the Systems Safe From Malware and Viruses.These are some steps you can follow to protect yourself • Install Anti-Virus/Anti-Malware Software. • Make sure your Anti-Virus software is up to date. • Run scheduled scans for malicious threats and programs using your anti-virus software regularly. • Keep your Operating System updated. • Secure your network with WPA3, honey-pots, strong authentication mechanisms, and passwords. • Think before clicking any malicious or unknown links. • Keep a backup of your work and personal information safe. • Never use any public Wi-Fi while using your corporate work or using your company's system.
Security Policies This is a set of rules and procedures set up for all employees and individuals as to how the assets and information of that organization will be accessed and utilized. Various security policies will permit the employees to enforce corporate assets with rules and specific actions. These security policies are set on the firewalls of the network, which after all brings certain security restrictions on corporate data and other digital assets: • Security on specific file formats. • NAT (Network Address Translation). • Quality of Service (QoS), decryption procedures. • Policy-Based Forwarding (PBF). • Application Overriding policies. • Authentication policies. • Zone protection policies. • Denial of Service (DoS) prevention. These are some of the major policies set up in any organization or firm. All these diverse policies function jointly for allowing, denying, forwarding data packets, encrypting and decrypting packets, authenticating particular access, making exceptions, and prioritizing data packets as required for preserving the security of the organization's network.
information Security • Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electrical one. 6
Aspects of information Security  3 aspects of information security:  security attack  security mechanism (control)  security service  note terms  threat – a potential for violation of security  vulnerability – a way by which loss can happen  attack – an assault on system security, a deliberate attempt to evade security services 7
Network security • Network security is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system. • Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources 8
Goal of network security The primary goal of network security are Confidentiality, Integrity, and Availability. These three pillars of Network Security are often represented as CIA triangle. • Confidentiality − The function of confidentiality is to protect precious business data from unauthorized persons. Confidentiality part of network security makes sure that the data is available only to the intended and authorized persons. • Integrity − This goal means maintaining and assuring the accuracy and consistency of data. The function of integrity is to make sure that the data is reliable and is not changed by unauthorized persons. • Availability − The function of availability in Network Security is to make sure that the data, network resources/services are continuously available to the legitimate users, whenever they require it. 9
Aspects of network security • Privacy: Privacy means both the sender and the receiver expects confidentiality. The transmitted message should be sent only to the intended receiver while the message should be opaque for other users. Only the sender and receiver should be able to understand the transmitted message as eavesdroppers can intercept the message. Therefore, there is a requirement to encrypt the message so that the message cannot be intercepted.. • Message Integrity: Data integrity means that the data must arrive at the receiver exactly as it was sent. There must be no changes in the data content during transmission, either maliciously or accident, in a transit. As there are more and more monetary exchanges over the internet, data integrity is more crucial. The data integrity must be preserved for secure communication. • End-point authentication: Authentication means that the receiver is sure of the sender?s identity, i.e., no imposter has sent the message. • Non-Repudiation: Non-Repudiation means that the receiver must be able to prove that the received message has come from a specific sender. The sender must not deny sending a message that he or she send. The burden of proving the identity comes on the receiver. For example, if a customer sends a request to transfer the money from one account to another account, then the bank must have a proof that the customer has requested for the transaction. 10
What is Cyber Security? • Cyber-security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. .... -kaspersky • Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.-Cisco 11
5 main categories of cyber security: • Critical infrastructure security: Critical infrastructure security consists of the cyber-physical systems that modern societies rely on. ... • Application security: ... • Network security: ... • Cloud security: ... • Internet of things (IoT) security. 12
Levels of Impact  can define 3 levels of impact from a security breach  Low -The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.  Moderate -The loss could be expected to have a serious adverse effect on organizational operations, assets, or individuals.  High- The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals 13
Passive Attack - Interception 14
Passive Attack: Traffic Analysis Observe traffic pattern 15
Active Attack: Interruption Block delivery of message 16
Active Attack: Fabrication Fabricate message 17
Active Attack: Replay 18
Active Attack: Modification Modify message 19
Handling Attacks  Passive attacks – focus on Prevention • Easy to stop • Hard to detect  Active attacks – focus on Detection and Recovery • Hard to stop • Easy to detect 20
Protocols by layers 21
Networking Devices by layers 22
Devices at different layers Layer 7 – I put gateway here. This is not the same as a “Default Gateway”. This is a device that works kind of like a translator. It is able to understand application languages like HTTP, SMTP, etc. The term “Next Generation Firewalls” is some times applied to these devices. Layer 3 – Routers and “Swouters” devices go here. A Swouter is a layer 3 switch. It has more than a couple ports on the back and is capable of routing. Layer 2 – This is the typical layer where switches are put. Switches are able to look at traffic and filter data based on MAC addresses. Layer 1 – Typically Hubs and Repeaters are put here. You don’t really see them anymore because they tend to be slow and pretty brain dead. Because of this they only work “well” in a very small network design. 23
OSI model attacks by Layers OSI model Layer 1 attacks • Layer 1 refers to the physical aspect of networking – in other words, the cabling and infrastructure used for networks to communicate. • Layer 1 attacks focus on disrupting this service in any manner possible, primarily resulting in Denial of Service (DoS) attacks. • This disruption could be caused by physically cutting cable right through to disrupting wireless signals. OSI model Layer 2 attacks • Layer 2 of the OSI model is the data link layer and focuses on the methods for delivering data blocks. • Normally, this consists of switches utilising protocols such as the Spanning Tree Protocol (STP) and the Dynamic Host Configuration Protocol (DHCP), which is used throughout networking for dynamic IP assignment. • Attacks at this layer can focus on the insecurity of the protocols used or the lack of hardening on the routing devices themselves. • As switches focus is on providing LAN connectivity, the majority of threats come from inside the organisation itself. • Layer 2 attacks may also include MAC flooding or ARP poisoning. • In order to mitigate these risks, it is imperative network switches are hardened. • Additional controls may include ARP inspection, disabling unused ports and enforcing effective security on VLAN’s to prevent VLAN hopping. OSI model Layer 3 attacks • Layer 3 is the network layer and utilises multiple common protocols to perform routing on the network. • Protocols consist of the Internet Protocol (IP), packet sniffing and DoS attacks such as Ping floods and ICMP attacks. Because of their layer 3 nature, these types of attacks can be performed remotely over the Internet while layer 2 attacks primarily come from the internal LAN. • To reduce the risk of these types of attacks, routers should be hardened, packet filtering controls should be used and routing information should be controlled. 24
OSI model attacks by Layers OSI model Layer 4 attacks • Layer 4 is the transport layer and utilises common transport protocols to enable network communications. This may include the Transport Control Protocol (TCP) and Universal Data Protocol (UDP). • Port scanning, a method by which to identify vulnerable or open network ports, operates at layer 4 of the OSI model. Implementing effective firewalls and locking down ports only to those required can mitigate risks at this level. OSI model layer 5-7 • Above layer 4, we are looking primarily at application level attacks which result from poor coding practices. Vulnerabilities in applications can be exploited through attacks such as SQL injection, where the developer has failed to ensure that user input is validated against a defined schema. • The attacker would then input code to extract data from the database (e.g. SELECT * from USERS). As the application fails to validate this input, the command is run and data extracted. To reduce this risk, developers must ensure that best practice development guides are adhered to. 25
26
Firewall • Firewall is a network device that isolates organization’s internal network from larger outside network/Internet. It can be a hardware, software, or combined system that prevents unauthorized access to or from internal network. • All data packets entering or leaving the internal network pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria. • Deploying firewall at network boundary is like aggregating the security at a single point. It is analogous to locking an apartment at the entrance and not necessarily at each door. • Firewall is considered as an essential element to achieve network security for the following reasons −Internal network and hosts are unlikely to be properly secured • Internet is a dangerous place with criminals, users from competing companies, disgruntled ex-employees, spies from unfriendly countries, vandals, etc. • prevents an attacker from launching denial of service attacks on network resource. • prevents illegal modification/access to internal data by an outsider attacker. 27
Firewall Firewall is categorized into three basic types 1.Packet filter (Stateless & Stateful) 2. Application-level gateway 3. Circuit-level gateway These three categories, however, are not mutually exclusive. Modern firewalls have a mix of abilities that may place them in more than one of the three categories. 28
Packet Filtering Firewall • In this type of firewall deployment, the internal network is connected to the external network/Internet via a router firewall. The firewall inspects and filters data packet-by- packet. • Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or destination IP addresses, protocol, source and/or destination port numbers, and various other parameters within the IP header. • The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and ACK bits, etc. Packet filter rule has two parts − 1.Selection criteria − It is a used as a condition and pattern matching for decision making. 2. Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The action could be either block (deny) or permit (allow) the packet across the firewall. • Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches. ACL is a table of packet filter rules. • As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds matching criteria and either permits or denies the individual packets. 29
Packet Filtering Firewall 30
Packet Filtering Firewall Stateless firewall & Stateful firewalls • is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is not part of any established ongoing communication. • Hence, such firewalls are replaced by stateful firewalls in modern networks. • This type of firewalls offer a more in-depth inspection method over the only ACL based packet inspection methods of stateless firewalls. • Stateful firewall monitors the connection setup and teardown process to keep a check on connections at the TCP/IP level. This allows them to keep track of connections state and determine which hosts have open, authorized connections at any given point in time. • They reference the rule base only when a new connection is requested. Packets belonging to existing connections are compared to the firewall's state table of open connections, and decision to allow or block is taken. This process saves time and provides added security as well. No packet is allowed to trespass the firewall unless it belongs to already established connection. It can timeout inactive connections at firewall after which it no longer admit packets for that connection 31
Packet Filtering Firewall Stateful firewalls 32
Application Gateways • An application-level gateway acts as a relay node for the application-level traffic. They intercept incoming and outgoing packets, run proxies that copy and forward information across the gateway, and function as a proxy server, preventing any direct connection between a trusted server or client and an untrusted host. • The proxies are application specific. They can filter packets at the application layer of the OSI model. Application-specific Proxies • An application-specific proxy accepts packets generated by only specified application for which they are designed to copy, forward, and filter. For example, only a Telnet proxy can copy, forward, and filter Telnet traffic. • If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services that have no proxies configured. For example, if a gateway runs FTP and Telnet proxies, only packets generated by these services can pass through the firewall. All other services are blocked. Application-level Filtering • An application-level proxy gateway, examines and filters individual packets, rather than simply copying them and blindly forwarding them across the gateway. Application-specific proxies check each packet that passes through the gateway, verifying the contents of the packet up through the application layer. These proxies can filter particular kinds of commands or information in the application protocols. • Application gateways can restrict specific actions from being performed. For example, the gateway could be configured to prevent users from performing the ‘FTP put’ command. This can prevent modification of the information stored on the server by an attacker. Transparent • Although application-level gateways can be transparent, many implementations require user authentication before users can access an untrusted network, a process that reduces true transparency. Authentication may be different if the user is from the internal network or from the Internet. For an internal network, a simple list of IP addresses can be allowed to connect to external applications. But from the Internet side a strong authentication should be implemented. • An application gateway actually relays TCP segments between the two TCP connections in the two directions (Client ↔ Proxy ↔ Server). For outbound packets, the gateway may replace the source IP address by its own IP address. The process is referred to as Network Address Translation (NAT). It ensures that internal IP addresses are not exposed to the Internet. 33
Circuit-Level Gateway • The circuit-level gateway is an intermediate solution between the packet filter and the application gateway. • It runs at the transport layer and hence can act as proxy for any application. • Similar to an application gateway, the circuit-level gateway also does not permit an end-to-end TCP connection across the gateway. • It sets up two TCP connections and relays the TCP segments from one network to the other. But, it does not examine the application data like application gateway. Hence, sometime it is called as ‘Pipe Proxy’. 34
Firewall Deployment with DMZ • The firewall process can tightly control what is allowed to traverse from one side to the other. An organization that wishes to provide external access to its web server can restrict all traffic arriving at firewall expect for port 80 (the standard http port). All other traffic such as mail traffic, FTP, SNMP, etc., is not allowed across the firewall into the internal network. An example of a simple firewall is shown in the following diagram. • In the above simple deployment, though all other accesses from outside are blocked, it is possible for an attacker to contact not only a web server but any other host on internal network that has left port 80 open by accident or otherwise. • Hence, the problem most organizations face is how to enable legitimate access to public services such as web, FTP, and e-mail while maintaining tight security of the internal network. The typical approach is deploying firewalls to provide a Demilitarized Zone (DMZ) in the network. • In this setup (illustrated in following diagram), two firewalls are deployed; one between the external network and the DMZ, and another between the DMZ and the internal network. All public servers are placed in the DMZ. • With this setup, it is possible to have firewall rules which allow public access to the public servers but the interior firewall can restrict all incoming connections. By having the DMZ, the public servers are provided with adequate protection instead of placing them directly on external network. 35
Firewall Identification • Normally, firewalls can be identified for offensive purposes. Because firewalls are usually a first line of defense in the virtual perimeter, to breach the network from a hacker perspective, it is required to identify which firewall technology is used and how it’s configured. Some popular tactics are: • Port scanning Hackers use it for investigating the ports used by the victims. Nmap is probably the most famous port-scanning tool available. • Firewalking The process of using traceroute-like IP packet analysis in order to verify if a data packet will be passed through the firewall from source to host of the attacker to the destination host of the victim. • Banner grabbing This is a technique to enable a hacker to spot the type of operation system or application running on a target server. It works through a firewall by using what looks like legitimate connections. 36
Firewall Audit 37
Firewall Audit Firewall Log Analyzer • A firewall is an important component in your organization's network. It provides network administrators with the ability to control the flow of traffic into and out of the network. • Analyzing firewall logs keeps you up to date on all transactions between your organization's intranet and the internet, or any other external network. Here are a few possible uses for analyzing firewall logs: • List all connections denied by the firewall and flag the odd ones. • Show all remote and VPN connections to your network. • Monitor any changes to the rules on which the firewall is based. • Pick up and preempt any potential security attacks. 38
Firewall Audit 39
Intrusion Detection / Prevention System • The packet filtering firewalls operate based on rules involving TCP/UDP/IP headers only. They do not attempt to establish correlation checks among different sessions. • Intrusion Detection/Prevention System (IDS/IPS) carry out Deep Packet Inspection (DPI) by looking at the packet contents. For example, checking character strings in packet against database of known virus, attack strings. • Application gateways do look at the packet contents but only for specific applications. They do not look for suspicious data in the packet. • IDS/IPS looks for suspicious data contained in packets and tries to examine correlation among multiple packets to identify any attacks such as port scanning, network mapping, and denial of service and so on. 40
Basic variations of IDS Signature-based IDS • It needs a database of known attacks with their signatures. • Signature is defined by types and order of packets characterizing particular attack. • Limitation of this type of IDS is that only known attacks can be detected. This IDS can also throw up a false alarm. False alarm can occur when a normal packet stream matches the signature of an attack. • Well-known public open-source IDS example is “Snort” IDS. Anomaly-based IDS • This type of IDS creates a traffic pattern of normal network operation. • During IDS mode, it looks at traffic patterns that are statistically unusual. For example, ICMP unusual load, exponential growth in port scans, etc. • Detection of any unusual traffic pattern generates the alarm. The major challenge faced in this type of IDS deployment is the difficulty in distinguishing between normal traffic and unusual traffic 41
Types of IDS Network intrusion detection system (NIDS) • It is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub, a network switch configured for port mirroring, or a network tap. In a NIDS, sensors are placed at choke points in the network to monitor, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and analyze the content of individual packets for malicious traffic. An example of a NIDS is Snort. Host-based intrusion detection system (HIDS) • It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category. An example of a HIDS is OSSEC. • Intrusion detection systems can also be system-specific using custom tools and honeypots. 42
Types of IDS Perimeter Intrusion Detection System (PIDS) • Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures. Using either electronics or more advanced fiber optic cable technology fitted to the perimeter fence, the PIDS detects disturbances on the fence, and if an intrusion is detected and deemed by the system as an intrusion attempt, an alarm is triggered. VM based Intrusion Detection System (VMIDS) • It detects intrusions using virtual machine monitoring. By using this, we can deploy the Intrusion Detection System with Virtual Machine Monitoring. It is the most recent type and it’s still under development. There’s no need for a separate intrusion detection system since by using this, we can monitor the overall activities. 43
IPS Intrusion Prevention Systems (IPS): • Fights for the same cause like firewall set up for any network that detects and prevents users from threats involving the external world and the internal network. • Intrusion Prevention Systems proactively rejects those traffics which do not meet the security profile and policies, or the data packets are malicious by nature. 44
Two types of IPS Currently, there are two types of IPSs that are similar in nature to IDS. They consist of 1. Host-based intrusion prevention systems (HIPS) 2. Products and network-based intrusion prevention systems (NIPS) 45
Classification of Intrusion Prevention System (IPS): Intrusion Prevention System (IPS) is classified into 4 types: • Network-based intrusion prevention system (NIPS): It monitors the entire network for suspicious traffic by analyzing protocol activity. • Wireless intrusion prevention system (WIPS): It monitors a wireless network for suspicious traffic by analyzing wireless networking protocols. • Network behavior analysis (NBAIPS): It examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service attacks, specific forms of malware and policy violations. • Host-based intrusion prevention system (HIPS): It is an inbuilt software package which operates on host for doubtful activity by scanning events that occur within that host. 46
Detection Method of Intrusion Prevention System (IPS): • Signature-based detection: Signature-based IPS operates on packets in the network and compares with pre-built and preordained attack patterns known as signatures. • Statistical anomaly-based detection: Anomaly based IPS monitors network traffic and compares it against an established baseline. The baseline will identify what is normal for that network and what protocols are used. However, It may raise a false alarm if the baselines are not intelligently configured. • Stateful protocol analysis detection: This IPS method recognizes divergence of protocols stated by comparing observed events with pre-built profiles of generally accepted definitions of not harmful activity. 47
Honeypot-Based IDS/IPS Systems • The purpose of the honeypot approach is to distract attacks away from real network devices. • By staging different types of vulnerabilities in the honeypot server, you can analyze incoming types of attacks and malicious traffic patterns 48
Honeypots Decoy systems- • appears to be the real system with valuable info • legitimate users would not access • filled with fabricated info • instrumented with monitors and event loggers • divert and hold attacker to collect activity info without exposing production (real) systems • If there is somebody in, then there is an attack benign or malicious • Initially honeypots were single computers • now network of computers that emulate the entire enterprise network 49
1.Outside firewall: • good to reduce the burden on the firewall; keeps the bad guys outside 2. As part of the service (DMZ) network: • firewall must allow attack traffic to honeypot (risky) 3. As part of the internal network: • same as 2; if compromised riskier; advantage is insider attacks can be caught Honeypot Deployment 50
Malware Statistics, Trends & Facts Resources: https://www.accenture.com/_acnmedia/pdf-96/accenture-2019-cost-of-cybercrime-study-final.pdf https://portal.iansresearch.com/content/3792/cat/92-of-malware-is-delivered-through-email https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-cryptojacking-modern-cash-cow-en.pdf https://news.gallup.com/file/poll/244697/181108CrimeWorries.pdf https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-january-2019-1769185063-records-leaked https://hacken.io/research/industry-news-and-insights/no-more-privacy-202-million-private-resumes-exposed/ https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf https://newsroom.ibm.com/2018-07-10-IBM-Study-Hidden-Costs-of-Data-Breaches-Increase-Expenses-for-Businesses https://cybersecurityventures.com/ransomware-damage-report-2017-part-2/ https://www.herjavecgroup.com/wp-content/uploads/2018/07/2017-Cybercrime-Report.pdf https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.pdf https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf https://www-03.ibm.com/press/us/en/photo/51069.wss https://cofense.com/wp-content/uploads/2018/02/PhishMe-Enterprise-Phishing-Susceptibility-and-Resiliency-Report_2016.pdf https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf https://www.pwc.com/us/en/advisory-services/publications/consumer-intelligence-series/protect-me/cis-protect-me-findings.pdf https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124- billion-in-2019 https://www.knowbe4.com/hubfs/rp_DBIR_2017_Report_execsummary_en_xg.pdf 51
To be turned in in 7 days Assignment 1 1.Conduct a Search of Recent Malware Using your favorite search engine, conduct a search for recent malware. During your search, a) choose four examples of malware, each one from a different malware type, and be prepared to discuss details on what each does, how it each is transmitted and the impact each causes. Examples of malware types include: Trojan, Hoax, Adware, Malware, PUP, Exploit, and Vulnerability. Some suggested web sites to search malware are listed below: McAfee ,Malwarebytes, Security Week, TechNewsWorld b)Read the information about the malware found from your search choose one and write a short summary that explains what the malware does, how it is transmitted, and the impact it causes. 2.Write a key logger in any language you know… 3.Set audit policeies in your windows system, and get the snap shot, and explain the events.. 52

Recomendados

Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Network Security
Network Security Network Security
Network Security Abdul Qadir Pattal
 
NSA and PT
NSA and PTNSA and PT
NSA and PTRahmat Suhatman
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Computer security
Computer securityComputer security
Computer securityShashi Chandra
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 

Recomendados

Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Network Security
Network Security Network Security
Network Security Abdul Qadir Pattal
 
NSA and PT
NSA and PTNSA and PT
NSA and PTRahmat Suhatman
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Computer security
Computer securityComputer security
Computer securityShashi Chandra
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cftoamma
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Network security
Network securityNetwork security
Network securityHarsh Kishore Mishra
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Network security
Network securityNetwork security
Network securityEshrak Rahman
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 

Mais conteĂşdo relacionado

Mais procurados

Network security
Network securityNetwork security
Network securitymena kaheel
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cftoamma
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Network security
Network securityNetwork security
Network securityEshrak Rahman
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 

Mais procurados (20)

Cyber attack
Cyber attackCyber attack
Cyber attack
 
Network security
Network securityNetwork security
Network security
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentation
 
Network security
Network securityNetwork security
Network security
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cf
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network security
Network securityNetwork security
Network security
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Network security
Network securityNetwork security
Network security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Network security
Network securityNetwork security
Network security
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 

Semelhante a Chapter1 intro network_security_sunorganised

information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 csebhaskard8
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptxSharmaAnirudh2
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityparveen837153
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Cyber crime , threats and their security measures
Cyber crime , threats and their security measuresCyber crime , threats and their security measures
Cyber crime , threats and their security measuresshraddhazad
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
What is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdfWhat is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdffederaleyecare
 

Semelhante a Chapter1 intro network_security_sunorganised (20)

information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Cyber crime , threats and their security measures
Cyber crime , threats and their security measuresCyber crime , threats and their security measures
Cyber crime , threats and their security measures
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptx
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
What is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdfWhat is Linux SecuritySolutionLinux Security is a module in.pdf
What is Linux SecuritySolutionLinux Security is a module in.pdf
 

Mais de Bule Hora University

Chapter 2_Process Models sunorgamisedASE_finalised.ppt
Chapter 2_Process Models sunorgamisedASE_finalised.pptChapter 2_Process Models sunorgamisedASE_finalised.ppt
Chapter 2_Process Models sunorgamisedASE_finalised.pptBule Hora University
 
Chapter 1_Introduction sunorganisedASE_finalised.pptx
Chapter 1_Introduction sunorganisedASE_finalised.pptxChapter 1_Introduction sunorganisedASE_finalised.pptx
Chapter 1_Introduction sunorganisedASE_finalised.pptxBule Hora University
 
Chapter 5 Software Quality Assurance-Finalised_BW.ppt
Chapter 5 Software Quality Assurance-Finalised_BW.pptChapter 5 Software Quality Assurance-Finalised_BW.ppt
Chapter 5 Software Quality Assurance-Finalised_BW.pptBule Hora University
 
Chapter 4 Software Testing_Finalised_BW.ppt
Chapter 4 Software Testing_Finalised_BW.pptChapter 4 Software Testing_Finalised_BW.ppt
Chapter 4 Software Testing_Finalised_BW.pptBule Hora University
 
Chapter 3_Software Design sunorganisedASE_BW_finalised.ppt
Chapter 3_Software Design sunorganisedASE_BW_finalised.pptChapter 3_Software Design sunorganisedASE_BW_finalised.ppt
Chapter 3_Software Design sunorganisedASE_BW_finalised.pptBule Hora University
 
Chapter1 Advanced Software Engineering overview
Chapter1 Advanced Software Engineering overviewChapter1 Advanced Software Engineering overview
Chapter1 Advanced Software Engineering overviewBule Hora University
 

Mais de Bule Hora University (6)

Chapter 2_Process Models sunorgamisedASE_finalised.ppt
Chapter 2_Process Models sunorgamisedASE_finalised.pptChapter 2_Process Models sunorgamisedASE_finalised.ppt
Chapter 2_Process Models sunorgamisedASE_finalised.ppt
 
Chapter 1_Introduction sunorganisedASE_finalised.pptx
Chapter 1_Introduction sunorganisedASE_finalised.pptxChapter 1_Introduction sunorganisedASE_finalised.pptx
Chapter 1_Introduction sunorganisedASE_finalised.pptx
 
Chapter 5 Software Quality Assurance-Finalised_BW.ppt
Chapter 5 Software Quality Assurance-Finalised_BW.pptChapter 5 Software Quality Assurance-Finalised_BW.ppt
Chapter 5 Software Quality Assurance-Finalised_BW.ppt
 
Chapter 4 Software Testing_Finalised_BW.ppt
Chapter 4 Software Testing_Finalised_BW.pptChapter 4 Software Testing_Finalised_BW.ppt
Chapter 4 Software Testing_Finalised_BW.ppt
 
Chapter 3_Software Design sunorganisedASE_BW_finalised.ppt
Chapter 3_Software Design sunorganisedASE_BW_finalised.pptChapter 3_Software Design sunorganisedASE_BW_finalised.ppt
Chapter 3_Software Design sunorganisedASE_BW_finalised.ppt
 
Chapter1 Advanced Software Engineering overview
Chapter1 Advanced Software Engineering overviewChapter1 Advanced Software Engineering overview
Chapter1 Advanced Software Engineering overview
 

Último

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 

Último (20)

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 

Chapter1 intro network_security_sunorganised

  • 1. Chapter 1 Introduction to Network Security Fifth Edition by William Stallings 1
  • 2. Introduction What Is Malware? The term "malware" is a combination or blend of two words - malicious and software, and it means malicious software that can be utilized to harm any system, or network, or mobile devices or even the servers. These are unpleasant programs installed without any proper or actual user consent that can damage the performance of your system, erase your data, and mine your personal data. They can be even controlled remotely by malicious cybercriminals. So, from these activities, it is now clear that these malicious programs need to stop accessing any system. Security professionals and analysts are hired in almost all companies to keep track of all systems, networks, and servers to see if there is any malicious activity getting performed or not, or whether there is any data leakage and stealing happening within the organization's network or not. Malware may come from unknown phishing sites, spam emails, or unauthorized or illicit external USB or flash drives. Types of Malware Certain common types of malware can be seen in the wild. These are listed below: • Viruses • Worms • Spyware • Ransomware • Rootkits • Bots • Trojans • Adware
  • 3. Introduction What Is Computer Virus? Computer viruses are malicious codes that can contaminate multiple files on any system. They get spread when these infected files are sent over emails or via flash or external drives and can replicate and delete useful information. Viruses are of different types: • Boot sector virus. • Polymorphic virus. • Web scripting virus. • Browser hijacking virus. • Direct action virus. • Resident virus. • File infectors. • Multipartite virus. • Macro virus.
  • 4. Introduction What is Computer Worm? -Computer Worms are particular types of malware that are self-replicating, and through this technique, they spread to another computer. It gets spread by itself through the computer networks or by the use of other flash drives. What is Spyware? -Spywares are unwanted programs that will spy on your system without your knowledge and will steal your sensitive data and other browsing information and will or will take access to your system to damage it. What is Ransomware? -Ransomware's are malicious programs that will encrypt all your system's data and will ask for a ransom to decrypt these files. They take the support of the Bitcoins to get the ransom. What is Rootkit? -A rootkit is a unique harmful program used by cybercriminals to take privileged access to any system by hiding its presence in that system. What is Trojan? -A trojan is programmed for a particular purpose and can be destructive. They act as legitimate files but can bring unexpected changes to your system even when your system is in an idle state. What is Adware? -Adware is malicious software that will hide and will periodically pop up with ads. Some of them also keep track of your online activities and searches. How to Keep the Systems Safe From Malware and Viruses.These are some steps you can follow to protect yourself • Install Anti-Virus/Anti-Malware Software. • Make sure your Anti-Virus software is up to date. • Run scheduled scans for malicious threats and programs using your anti-virus software regularly. • Keep your Operating System updated. • Secure your network with WPA3, honey-pots, strong authentication mechanisms, and passwords. • Think before clicking any malicious or unknown links. • Keep a backup of your work and personal information safe. • Never use any public Wi-Fi while using your corporate work or using your company's system.
  • 5. Security Policies This is a set of rules and procedures set up for all employees and individuals as to how the assets and information of that organization will be accessed and utilized. Various security policies will permit the employees to enforce corporate assets with rules and specific actions. These security policies are set on the firewalls of the network, which after all brings certain security restrictions on corporate data and other digital assets: • Security on specific file formats. • NAT (Network Address Translation). • Quality of Service (QoS), decryption procedures. • Policy-Based Forwarding (PBF). • Application Overriding policies. • Authentication policies. • Zone protection policies. • Denial of Service (DoS) prevention. These are some of the major policies set up in any organization or firm. All these diverse policies function jointly for allowing, denying, forwarding data packets, encrypting and decrypting packets, authenticating particular access, making exceptions, and prioritizing data packets as required for preserving the security of the organization's network.
  • 6. information Security • Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electrical one. 6
  • 7. Aspects of information Security  3 aspects of information security:  security attack  security mechanism (control)  security service  note terms  threat – a potential for violation of security  vulnerability – a way by which loss can happen  attack – an assault on system security, a deliberate attempt to evade security services 7
  • 8. Network security • Network security is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system. • Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources 8
  • 9. Goal of network security The primary goal of network security are Confidentiality, Integrity, and Availability. These three pillars of Network Security are often represented as CIA triangle. • Confidentiality − The function of confidentiality is to protect precious business data from unauthorized persons. Confidentiality part of network security makes sure that the data is available only to the intended and authorized persons. • Integrity − This goal means maintaining and assuring the accuracy and consistency of data. The function of integrity is to make sure that the data is reliable and is not changed by unauthorized persons. • Availability − The function of availability in Network Security is to make sure that the data, network resources/services are continuously available to the legitimate users, whenever they require it. 9
  • 10. Aspects of network security • Privacy: Privacy means both the sender and the receiver expects confidentiality. The transmitted message should be sent only to the intended receiver while the message should be opaque for other users. Only the sender and receiver should be able to understand the transmitted message as eavesdroppers can intercept the message. Therefore, there is a requirement to encrypt the message so that the message cannot be intercepted.. • Message Integrity: Data integrity means that the data must arrive at the receiver exactly as it was sent. There must be no changes in the data content during transmission, either maliciously or accident, in a transit. As there are more and more monetary exchanges over the internet, data integrity is more crucial. The data integrity must be preserved for secure communication. • End-point authentication: Authentication means that the receiver is sure of the sender?s identity, i.e., no imposter has sent the message. • Non-Repudiation: Non-Repudiation means that the receiver must be able to prove that the received message has come from a specific sender. The sender must not deny sending a message that he or she send. The burden of proving the identity comes on the receiver. For example, if a customer sends a request to transfer the money from one account to another account, then the bank must have a proof that the customer has requested for the transaction. 10
  • 11. What is Cyber Security? • Cyber-security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. .... -kaspersky • Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.-Cisco 11
  • 12. 5 main categories of cyber security: • Critical infrastructure security: Critical infrastructure security consists of the cyber-physical systems that modern societies rely on. ... • Application security: ... • Network security: ... • Cloud security: ... • Internet of things (IoT) security. 12
  • 13. Levels of Impact  can define 3 levels of impact from a security breach  Low -The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.  Moderate -The loss could be expected to have a serious adverse effect on organizational operations, assets, or individuals.  High- The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals 13
  • 14. Passive Attack - Interception 14
  • 15. Passive Attack: Traffic Analysis Observe traffic pattern 15
  • 16. Active Attack: Interruption Block delivery of message 16
  • 20. Handling Attacks  Passive attacks – focus on Prevention • Easy to stop • Hard to detect  Active attacks – focus on Detection and Recovery • Hard to stop • Easy to detect 20
  • 23. Devices at different layers Layer 7 – I put gateway here. This is not the same as a “Default Gateway”. This is a device that works kind of like a translator. It is able to understand application languages like HTTP, SMTP, etc. The term “Next Generation Firewalls” is some times applied to these devices. Layer 3 – Routers and “Swouters” devices go here. A Swouter is a layer 3 switch. It has more than a couple ports on the back and is capable of routing. Layer 2 – This is the typical layer where switches are put. Switches are able to look at traffic and filter data based on MAC addresses. Layer 1 – Typically Hubs and Repeaters are put here. You don’t really see them anymore because they tend to be slow and pretty brain dead. Because of this they only work “well” in a very small network design. 23
  • 24. OSI model attacks by Layers OSI model Layer 1 attacks • Layer 1 refers to the physical aspect of networking – in other words, the cabling and infrastructure used for networks to communicate. • Layer 1 attacks focus on disrupting this service in any manner possible, primarily resulting in Denial of Service (DoS) attacks. • This disruption could be caused by physically cutting cable right through to disrupting wireless signals. OSI model Layer 2 attacks • Layer 2 of the OSI model is the data link layer and focuses on the methods for delivering data blocks. • Normally, this consists of switches utilising protocols such as the Spanning Tree Protocol (STP) and the Dynamic Host Configuration Protocol (DHCP), which is used throughout networking for dynamic IP assignment. • Attacks at this layer can focus on the insecurity of the protocols used or the lack of hardening on the routing devices themselves. • As switches focus is on providing LAN connectivity, the majority of threats come from inside the organisation itself. • Layer 2 attacks may also include MAC flooding or ARP poisoning. • In order to mitigate these risks, it is imperative network switches are hardened. • Additional controls may include ARP inspection, disabling unused ports and enforcing effective security on VLAN’s to prevent VLAN hopping. OSI model Layer 3 attacks • Layer 3 is the network layer and utilises multiple common protocols to perform routing on the network. • Protocols consist of the Internet Protocol (IP), packet sniffing and DoS attacks such as Ping floods and ICMP attacks. Because of their layer 3 nature, these types of attacks can be performed remotely over the Internet while layer 2 attacks primarily come from the internal LAN. • To reduce the risk of these types of attacks, routers should be hardened, packet filtering controls should be used and routing information should be controlled. 24
  • 25. OSI model attacks by Layers OSI model Layer 4 attacks • Layer 4 is the transport layer and utilises common transport protocols to enable network communications. This may include the Transport Control Protocol (TCP) and Universal Data Protocol (UDP). • Port scanning, a method by which to identify vulnerable or open network ports, operates at layer 4 of the OSI model. Implementing effective firewalls and locking down ports only to those required can mitigate risks at this level. OSI model layer 5-7 • Above layer 4, we are looking primarily at application level attacks which result from poor coding practices. Vulnerabilities in applications can be exploited through attacks such as SQL injection, where the developer has failed to ensure that user input is validated against a defined schema. • The attacker would then input code to extract data from the database (e.g. SELECT * from USERS). As the application fails to validate this input, the command is run and data extracted. To reduce this risk, developers must ensure that best practice development guides are adhered to. 25
  • 26. 26
  • 27. Firewall • Firewall is a network device that isolates organization’s internal network from larger outside network/Internet. It can be a hardware, software, or combined system that prevents unauthorized access to or from internal network. • All data packets entering or leaving the internal network pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria. • Deploying firewall at network boundary is like aggregating the security at a single point. It is analogous to locking an apartment at the entrance and not necessarily at each door. • Firewall is considered as an essential element to achieve network security for the following reasons −Internal network and hosts are unlikely to be properly secured • Internet is a dangerous place with criminals, users from competing companies, disgruntled ex-employees, spies from unfriendly countries, vandals, etc. • prevents an attacker from launching denial of service attacks on network resource. • prevents illegal modification/access to internal data by an outsider attacker. 27
  • 28. Firewall Firewall is categorized into three basic types 1.Packet filter (Stateless & Stateful) 2. Application-level gateway 3. Circuit-level gateway These three categories, however, are not mutually exclusive. Modern firewalls have a mix of abilities that may place them in more than one of the three categories. 28
  • 29. Packet Filtering Firewall • In this type of firewall deployment, the internal network is connected to the external network/Internet via a router firewall. The firewall inspects and filters data packet-by- packet. • Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or destination IP addresses, protocol, source and/or destination port numbers, and various other parameters within the IP header. • The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and ACK bits, etc. Packet filter rule has two parts − 1.Selection criteria − It is a used as a condition and pattern matching for decision making. 2. Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The action could be either block (deny) or permit (allow) the packet across the firewall. • Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches. ACL is a table of packet filter rules. • As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds matching criteria and either permits or denies the individual packets. 29
  • 31. Packet Filtering Firewall Stateless firewall & Stateful firewalls • is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is not part of any established ongoing communication. • Hence, such firewalls are replaced by stateful firewalls in modern networks. • This type of firewalls offer a more in-depth inspection method over the only ACL based packet inspection methods of stateless firewalls. • Stateful firewall monitors the connection setup and teardown process to keep a check on connections at the TCP/IP level. This allows them to keep track of connections state and determine which hosts have open, authorized connections at any given point in time. • They reference the rule base only when a new connection is requested. Packets belonging to existing connections are compared to the firewall's state table of open connections, and decision to allow or block is taken. This process saves time and provides added security as well. No packet is allowed to trespass the firewall unless it belongs to already established connection. It can timeout inactive connections at firewall after which it no longer admit packets for that connection 31
  • 33. Application Gateways • An application-level gateway acts as a relay node for the application-level traffic. They intercept incoming and outgoing packets, run proxies that copy and forward information across the gateway, and function as a proxy server, preventing any direct connection between a trusted server or client and an untrusted host. • The proxies are application specific. They can filter packets at the application layer of the OSI model. Application-specific Proxies • An application-specific proxy accepts packets generated by only specified application for which they are designed to copy, forward, and filter. For example, only a Telnet proxy can copy, forward, and filter Telnet traffic. • If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services that have no proxies configured. For example, if a gateway runs FTP and Telnet proxies, only packets generated by these services can pass through the firewall. All other services are blocked. Application-level Filtering • An application-level proxy gateway, examines and filters individual packets, rather than simply copying them and blindly forwarding them across the gateway. Application-specific proxies check each packet that passes through the gateway, verifying the contents of the packet up through the application layer. These proxies can filter particular kinds of commands or information in the application protocols. • Application gateways can restrict specific actions from being performed. For example, the gateway could be configured to prevent users from performing the ‘FTP put’ command. This can prevent modification of the information stored on the server by an attacker. Transparent • Although application-level gateways can be transparent, many implementations require user authentication before users can access an untrusted network, a process that reduces true transparency. Authentication may be different if the user is from the internal network or from the Internet. For an internal network, a simple list of IP addresses can be allowed to connect to external applications. But from the Internet side a strong authentication should be implemented. • An application gateway actually relays TCP segments between the two TCP connections in the two directions (Client ↔ Proxy ↔ Server). For outbound packets, the gateway may replace the source IP address by its own IP address. The process is referred to as Network Address Translation (NAT). It ensures that internal IP addresses are not exposed to the Internet. 33
  • 34. Circuit-Level Gateway • The circuit-level gateway is an intermediate solution between the packet filter and the application gateway. • It runs at the transport layer and hence can act as proxy for any application. • Similar to an application gateway, the circuit-level gateway also does not permit an end-to-end TCP connection across the gateway. • It sets up two TCP connections and relays the TCP segments from one network to the other. But, it does not examine the application data like application gateway. Hence, sometime it is called as ‘Pipe Proxy’. 34
  • 35. Firewall Deployment with DMZ • The firewall process can tightly control what is allowed to traverse from one side to the other. An organization that wishes to provide external access to its web server can restrict all traffic arriving at firewall expect for port 80 (the standard http port). All other traffic such as mail traffic, FTP, SNMP, etc., is not allowed across the firewall into the internal network. An example of a simple firewall is shown in the following diagram. • In the above simple deployment, though all other accesses from outside are blocked, it is possible for an attacker to contact not only a web server but any other host on internal network that has left port 80 open by accident or otherwise. • Hence, the problem most organizations face is how to enable legitimate access to public services such as web, FTP, and e-mail while maintaining tight security of the internal network. The typical approach is deploying firewalls to provide a Demilitarized Zone (DMZ) in the network. • In this setup (illustrated in following diagram), two firewalls are deployed; one between the external network and the DMZ, and another between the DMZ and the internal network. All public servers are placed in the DMZ. • With this setup, it is possible to have firewall rules which allow public access to the public servers but the interior firewall can restrict all incoming connections. By having the DMZ, the public servers are provided with adequate protection instead of placing them directly on external network. 35
  • 36. Firewall Identification • Normally, firewalls can be identified for offensive purposes. Because firewalls are usually a first line of defense in the virtual perimeter, to breach the network from a hacker perspective, it is required to identify which firewall technology is used and how it’s configured. Some popular tactics are: • Port scanning Hackers use it for investigating the ports used by the victims. Nmap is probably the most famous port-scanning tool available. • Firewalking The process of using traceroute-like IP packet analysis in order to verify if a data packet will be passed through the firewall from source to host of the attacker to the destination host of the victim. • Banner grabbing This is a technique to enable a hacker to spot the type of operation system or application running on a target server. It works through a firewall by using what looks like legitimate connections. 36
  • 38. Firewall Audit Firewall Log Analyzer • A firewall is an important component in your organization's network. It provides network administrators with the ability to control the flow of traffic into and out of the network. • Analyzing firewall logs keeps you up to date on all transactions between your organization's intranet and the internet, or any other external network. Here are a few possible uses for analyzing firewall logs: • List all connections denied by the firewall and flag the odd ones. • Show all remote and VPN connections to your network. • Monitor any changes to the rules on which the firewall is based. • Pick up and preempt any potential security attacks. 38
  • 40. Intrusion Detection / Prevention System • The packet filtering firewalls operate based on rules involving TCP/UDP/IP headers only. They do not attempt to establish correlation checks among different sessions. • Intrusion Detection/Prevention System (IDS/IPS) carry out Deep Packet Inspection (DPI) by looking at the packet contents. For example, checking character strings in packet against database of known virus, attack strings. • Application gateways do look at the packet contents but only for specific applications. They do not look for suspicious data in the packet. • IDS/IPS looks for suspicious data contained in packets and tries to examine correlation among multiple packets to identify any attacks such as port scanning, network mapping, and denial of service and so on. 40
  • 41. Basic variations of IDS Signature-based IDS • It needs a database of known attacks with their signatures. • Signature is defined by types and order of packets characterizing particular attack. • Limitation of this type of IDS is that only known attacks can be detected. This IDS can also throw up a false alarm. False alarm can occur when a normal packet stream matches the signature of an attack. • Well-known public open-source IDS example is “Snort” IDS. Anomaly-based IDS • This type of IDS creates a traffic pattern of normal network operation. • During IDS mode, it looks at traffic patterns that are statistically unusual. For example, ICMP unusual load, exponential growth in port scans, etc. • Detection of any unusual traffic pattern generates the alarm. The major challenge faced in this type of IDS deployment is the difficulty in distinguishing between normal traffic and unusual traffic 41
  • 42. Types of IDS Network intrusion detection system (NIDS) • It is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub, a network switch configured for port mirroring, or a network tap. In a NIDS, sensors are placed at choke points in the network to monitor, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and analyze the content of individual packets for malicious traffic. An example of a NIDS is Snort. Host-based intrusion detection system (HIDS) • It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category. An example of a HIDS is OSSEC. • Intrusion detection systems can also be system-specific using custom tools and honeypots. 42
  • 43. Types of IDS Perimeter Intrusion Detection System (PIDS) • Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures. Using either electronics or more advanced fiber optic cable technology fitted to the perimeter fence, the PIDS detects disturbances on the fence, and if an intrusion is detected and deemed by the system as an intrusion attempt, an alarm is triggered. VM based Intrusion Detection System (VMIDS) • It detects intrusions using virtual machine monitoring. By using this, we can deploy the Intrusion Detection System with Virtual Machine Monitoring. It is the most recent type and it’s still under development. There’s no need for a separate intrusion detection system since by using this, we can monitor the overall activities. 43
  • 44. IPS Intrusion Prevention Systems (IPS): • Fights for the same cause like firewall set up for any network that detects and prevents users from threats involving the external world and the internal network. • Intrusion Prevention Systems proactively rejects those traffics which do not meet the security profile and policies, or the data packets are malicious by nature. 44
  • 45. Two types of IPS Currently, there are two types of IPSs that are similar in nature to IDS. They consist of 1. Host-based intrusion prevention systems (HIPS) 2. Products and network-based intrusion prevention systems (NIPS) 45
  • 46. Classification of Intrusion Prevention System (IPS): Intrusion Prevention System (IPS) is classified into 4 types: • Network-based intrusion prevention system (NIPS): It monitors the entire network for suspicious traffic by analyzing protocol activity. • Wireless intrusion prevention system (WIPS): It monitors a wireless network for suspicious traffic by analyzing wireless networking protocols. • Network behavior analysis (NBAIPS): It examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service attacks, specific forms of malware and policy violations. • Host-based intrusion prevention system (HIPS): It is an inbuilt software package which operates on host for doubtful activity by scanning events that occur within that host. 46
  • 47. Detection Method of Intrusion Prevention System (IPS): • Signature-based detection: Signature-based IPS operates on packets in the network and compares with pre-built and preordained attack patterns known as signatures. • Statistical anomaly-based detection: Anomaly based IPS monitors network traffic and compares it against an established baseline. The baseline will identify what is normal for that network and what protocols are used. However, It may raise a false alarm if the baselines are not intelligently configured. • Stateful protocol analysis detection: This IPS method recognizes divergence of protocols stated by comparing observed events with pre-built profiles of generally accepted definitions of not harmful activity. 47
  • 48. Honeypot-Based IDS/IPS Systems • The purpose of the honeypot approach is to distract attacks away from real network devices. • By staging different types of vulnerabilities in the honeypot server, you can analyze incoming types of attacks and malicious traffic patterns 48
  • 49. Honeypots Decoy systems- • appears to be the real system with valuable info • legitimate users would not access • filled with fabricated info • instrumented with monitors and event loggers • divert and hold attacker to collect activity info without exposing production (real) systems • If there is somebody in, then there is an attack benign or malicious • Initially honeypots were single computers • now network of computers that emulate the entire enterprise network 49
  • 50. 1.Outside firewall: • good to reduce the burden on the firewall; keeps the bad guys outside 2. As part of the service (DMZ) network: • firewall must allow attack traffic to honeypot (risky) 3. As part of the internal network: • same as 2; if compromised riskier; advantage is insider attacks can be caught Honeypot Deployment 50
  • 51. Malware Statistics, Trends & Facts Resources: https://www.accenture.com/_acnmedia/pdf-96/accenture-2019-cost-of-cybercrime-study-final.pdf https://portal.iansresearch.com/content/3792/cat/92-of-malware-is-delivered-through-email https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-cryptojacking-modern-cash-cow-en.pdf https://news.gallup.com/file/poll/244697/181108CrimeWorries.pdf https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-january-2019-1769185063-records-leaked https://hacken.io/research/industry-news-and-insights/no-more-privacy-202-million-private-resumes-exposed/ https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf https://newsroom.ibm.com/2018-07-10-IBM-Study-Hidden-Costs-of-Data-Breaches-Increase-Expenses-for-Businesses https://cybersecurityventures.com/ransomware-damage-report-2017-part-2/ https://www.herjavecgroup.com/wp-content/uploads/2018/07/2017-Cybercrime-Report.pdf https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.pdf https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf https://www-03.ibm.com/press/us/en/photo/51069.wss https://cofense.com/wp-content/uploads/2018/02/PhishMe-Enterprise-Phishing-Susceptibility-and-Resiliency-Report_2016.pdf https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf https://www.pwc.com/us/en/advisory-services/publications/consumer-intelligence-series/protect-me/cis-protect-me-findings.pdf https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124- billion-in-2019 https://www.knowbe4.com/hubfs/rp_DBIR_2017_Report_execsummary_en_xg.pdf 51
  • 52. To be turned in in 7 days Assignment 1 1.Conduct a Search of Recent Malware Using your favorite search engine, conduct a search for recent malware. During your search, a) choose four examples of malware, each one from a different malware type, and be prepared to discuss details on what each does, how it each is transmitted and the impact each causes. Examples of malware types include: Trojan, Hoax, Adware, Malware, PUP, Exploit, and Vulnerability. Some suggested web sites to search malware are listed below: McAfee ,Malwarebytes, Security Week, TechNewsWorld b)Read the information about the malware found from your search choose one and write a short summary that explains what the malware does, how it is transmitted, and the impact it causes. 2.Write a key logger in any language you know… 3.Set audit policeies in your windows system, and get the snap shot, and explain the events.. 52