2. Outline
1: Introduction to Network Security
2: basics of network
4: Network Structure
5: Data packets
6: Virtual Private Networks
7: Defending against Virus Attacks
8 Defending against Trojan Horses and Spyware
9: Computer-based Espionage and Terrorism
10/23/13
2
3. Introduction
The growth of the Internet has brought many
ways in which networks can be
compromised and data stolen.
Legislators are working to prevent identity
theft and ways to reduce the effects of
viruses and worms and others.
10/23/13
3
4. The Basics of a Network
• You need to understand the following:
– Basic network structure
– Data packets
– What does this mean for security?
10/23/13
4
6. Basic Network Structure
• The fundamental purpose of networks is
for communication
• Part of the network structure includes:
– NICs (network information card), hubs,
switches, routers, and firewalls
• Network architecture comprises the format
in which these devices are connected
10/23/13
6
7. Data Packets
• When a workstation wishes to send data, it
uses the client network software to enclose
the data in a 'packet' containing a 'header'
and a 'trailer'.
• The header and trailer contain information for
the destination computer. For example, the
header contains the address of the
destination computer.
• The exact form the packets take is determined
by the protocol the network uses.
10/23/13
7
8. Data Packets
• This is the package that holds the data
and transmission information
• Ultimately formatted in binary
• Information included in packets:
– Source and destination (IP Address)
information
– Packet size (in bytes) and type (e.g. Ethernet)
– Data and other header information
10/23/13
8
9. • When a data packet is put onto the network by a
workstation, each computer on the network
examines the packet to see who it is intended
for. The packet quickly dissipates if it is not
recognized, allowing other packets to be sent.
The rate at which packets can be sent is called
the 'bandwidth' (this has a somewhat different
meaning to how bandwidth is normally used).
As an example, a bandwidth of 10 Megabits per
second means that ten million individual 1s and
0s can pass through the network in one second.
10/23/13
9
10. What Does This Mean for Security?
• There are two points of attack:
– The data packet itself
– The devices that connect the network
• These are also the points of security
– Protect the data (encryption)
– Secure the network devices
10/23/13
10
11. Port scanning
• A port scanner is a handy tool that scans a
computer looking for active ports. With this utility,
a potential “hacker” can figure out what services
are available on a targeted computer from the
responses the port scanner receives.
• These tools scan large IP spaces and report on
the systems they encounter, the ports available,
and other information, such as OS types.
• The most popular port scanner is Network
Mapper (Nmap).
10/23/13
11
12. Nmap
Nmap (“Network Mapper”) is an open source
utility for network exploration or security
auditing. It was designed to rapidly scan large
networks, although it works fine against single
hosts. Nmap uses raw IP packets to determine
what hosts are available on the network, what
services (ports) they are offering, what operating
system (and OS version) they are running, what
type of packet filters/firewalls are in use, and
dozens of other characteristics. Nmap runs
10/23/13
12
13. Vulnerability Scanners
Tools available for scanning vulnerable systems.
Vulnerability scanners look for a specific
vulnerability or scan a system for all potential
vulnerabilities. Vulnerability tools are freely
available. The most popular and best-maintained
vulnerability scanner available, Nessus.
10/23/13
13
14. •
I have often heard that the best approach to
computer security is to use a layered approach.
Can you describe this approach and how an IDS
fits in?
The security model that will protect your organization
should be built upon the following layers:
1. Security policy of your organization
2. Host system security
3. Auditing
4. Router security
5. Firewalls
6. Intrusion detection systems
7. Incident response plan
10/23/13
14
15. Threats to Network Security
• Insecure Architectures
A misconfigured network is a primary entry point for
unauthorized users. Leaving a trust-based, open local
network vulnerable to the highly-insecure Internet
– Centralized Servers
– Broadcast Networks
10/23/13
15
16. Threats to Server Security
•Unused Services and Open Ports
•Unpatched Services
10/23/13
16
18. Summary
• Approaches to securing your network:
– Proactive vs. reactive
– Perimeter: focus is on perimeter devices,
internal devices are still vulnerable
– Layered: focus includes both perimeter and
individual computers within the network
– Hybrid: combination of multiple security
paradigms
10/23/13
18
Securing the data and the network devices are covered in later chapters. This is the basic purpose of this book, to secure the data and the network devices that allow communication between and among organizations.
