Network Security

 

  1. Network Security:

Network security is getting a lot of attention these days. There are a lot of threats going on and organizations need to defend them. In this section we will discuss the most important attacks. Before going into different types of attacks first we need to understand the difference between vulnerability and exploit.
Vulnerability: A weakness in the system is known as vulnerability.
Exploit: Exploit is any software or code which take an advantage of vulnerability to compromise the system.

  1. Need of Network Security:

In this digital era we are using devices to transmit digital information.There are many layers to consider when addressing network security across an organization. Attacks can happen at any layer in the network security layers model, so your network security hardware, software and policies must be designed to address each area. Main need of network security is that we transmit this information in a secure manner. We can say that to achieve the CIA triad.

2. CIA Triad:

CIA stands for Confidentiality, Integrity and Availability.

Confidentiality:
It means that the communication should be kept secret between sender and receiver. It ensures unauthorized disclosure of data. If someone in the network captured the traffic he/she would not be able to read the actual data if he/she would not have permission to access that data. We can achieve confidentiality using different ways some of them are using firewalls, ACL, encryption and steganography helps to achieve the confidentiality.

Integrity:
Integrity means that to make sure that information is not corrupted or unchangeable. No one is allowed to alter the communication without permission or access. Simply means that data is not modified during the transit. Integrity can be achieved by hashing, digital signatures.

Availability:
Availability means that the data is available whenever needed to the authorized users. It can be achieved by the redundancy or fault tolerance. Below are the some methods that can be used for redundancy:
  • Disk Redundancy
  • Server Redundancy
  • Load Balancing
  • Site Redundancy
  • Backups

    3. Common Attacks:
  • DOS:
Denial of service attack is an attack where the target system is overwhelmed with large volumes of request, causing it to consume its resources to the point where i can’t perform its intended functions.
  • Social Engineering Attacks:
Influencing others to reveal confidential information.There different methods to perform social engineering attacks.
  • Authority:
Using this someone pretends to be authority to get information like he/she may become IT help desk or CEO or any authority.
  • Intimidation:
Using this intruder may threaten like if you don’t do this then your payroll will not be proceeded.
  • Scarcity:
Create a trick to give victim benefits in a time stamp. If he/she will not do this then the offer will expire.
  • Urgency:
Creating urgency if the victim will not do this then he/she has to face a big loss.
  • Trust:
Building trust to the victim like if the victim provides confidential data then the attacker builds the trust he will help the victim.
  • Insider Threats:
Some time we configure firewall,IPS and IDS but some attacks are performed within the organization. Some employees may gain some confidential information if we would not have a least privileges policy.
  • Logic Bomb:
This is the very specific kind of malware.It deleting or removing information. It is based on logic like a specific date or time to occur this attack.
  • Phishing:
Attackers may leverage the email or web pages that appear to be legitimate in an attempt to gain confidential information.
  • Ransomware:
Malware that prevents users from accessing their data unless they pay a ransom.Attacker may encrypt the data so the victim is unable to read that data without paying.

  • DNS poisoning:
Modify the DNS server record or send the fake response to legitimate DNS requests.
  • Spoofing:
When malicious users falsify their IP address, in an attempt to conceal their identity, to access protected areas of the network or to impersonate a different device.
  • Vlan Hopping:
When a user gets access to normally restricted vlans, either connected to trunk port or by using doubling the tag.

  • MITM:
An attack where a malicious user somehow injects themselves inside a communication flow between two systems, enabling them to intercept that flow’s traffic.

Comments

Post a Comment

Popular posts from this blog

Analyzing Spear Phishing Email

Image
Phishing is the technique of fraudulent attempt by the attacker to obtain sensitive and confidential information i.e. Credentials, PII information, credit card, bank details. It can also be targeted attack to focus on the specific organization of individual. The attacker often tailors an email to speak directory to targeted user. There are many types of phishing as follow. I wouldn't explain the types. You can read Here . In this article you'll learn how to analyze the sophisticated phishing email. So, Let's start the case study to explain.  Spearphising :  Spearphising is the technique in which attacker aims at one person and lures him/her into providing confidential data. Attacker compile the email according to the specific user. The email would consist some of the target's email, username, designation.  Case Study: User receive the spearphising email containing the PDF attachment with double extension. Email body contains the unprofessional statement "Kindly m
Read more

Cyber Threat Intel

Image
What is Cyber Threat Intel? Threat intel is the information about the threats. Cyber threat intel is used to better understand, predict and adopt to the behavior of malicious actors. It plays an important role in preventing the zero-day attacks. " Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes " (NIST). Threat Intel life Cycle: Intelligence lifecycle is the process of developing raw information into finished intelligence for policymaker to use in decision making and action. CTI Life Cycle Planning and Direction Planning and direction helps in setting up the goals for the threat intel program. Priorities and requirements are defined in this phase. Collection: Collection means gathering of data to produce the finished intelligence. Data includes logs(Firewall, IPS/IDS, Endpoints), threat feeds and OSINT(reports, social media, public forums). Collection Types of Collectio
Read more

Authentication Services

Image
  Authentication Services: In this section we will discuss the authentication services. The main goal of these services are to ensure that unencrypted credentials are not sent across the network. In other words they ensure that credentials are not sent in clear text. Kerberos: It is a network authentication mechanism mostly used in both windows active directory domain and some Unix environments. Kerberos provides mutual authentication that can help prevent MITM attacks and uses tickets to help prevent replay attacks. Working of Kerberos: The KDC(key distribution center) uses a complex process of issuing TGTs(Ticket granting tickets) and other tickets. The KDC packages user credentials within the ticket. Tickets provide authentication for users when they access resources such as files on the file server. These tickets are sometimes referred to as tokens. NTLM: New Technology LAN Manager is a suite of protocols that provide authentication, integrity, and confidentiality within windows sy
Read more