Tools and Mechanisms for Network Security in an Organization.
Physical Security, Administrative Security and Technical Security measures have been described.
Security Testing Tools are Nessus, THC Hydra, Kismet, Nikto, WireShark and NMAP.
3. Company Scenario
We are a startup company offering software on demand. The company has a
single subnet in a small office. The business is comprised of 50 employees
operating off of two shared servers.
One server houses employee data and the other houses client data. All machines
are on the same local network.
The 50 hosts in the core network are a mixture of Windows and Linux based
systems, used by development staff to develop new applications.
Often these employees must work remotely from client sites.
4. Classes of Threats
● Privilege Elevation
● SQL Injection
● Unauthorized Data Access
● Denial of Service
● Identity Spoofing
● Data Spoofing
5. Security Techniques
1. Malware Incidents: Update the policy to disallow non-company end-point
devices on the corporate network by deploying a proxy to authenticate users
prior to accessing the network
2. Denial of Service: Use rate limiting to limit traffic.
3. Data Breaching: Implement full disk encryption on all storage devices the firm
owns as well as the employees laptops to avoid data breaching due to
misplaced assets.
4. Abnormal HTTP requests: Host Firewall and WAF to prevent from SQL
injection, DOM based XSS and HTTP exhaustion
6. Security Techniques
5. Port security on switches, point to point VPN tunnels for user server
connections, two-factor, physical locks, and a standby hot site.
6. Using a IP Camera based system for surveillance, protecting the company’s
assets and protection against cyber attacks.
8. NMAP
● Nmap (Network Mapper) is an open-source tool that specializes in network
exploration and security auditing
● Nmap uses raw IP packets in novel ways to determine what hosts are available
on the network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running, what type
of packet filters/firewalls are in use, and dozens of other characteristics
9. NMAP
● When you have identified which ports are open, you can close any that are not
required, thus reducing the number of potentially exploitable services.
● And when you have mapped your network, you can also see if any
unexpected changes have occurred since the last scan.
● For example, a machine infected by a worm will try to open ports in order to
listen for instructions from its controller.
10. Nikto
● Nikto is an open source Web server vulnerability scanner that performs
comprehensive tests for over 6,100 potentially dangerous files/CGIs, checks
for outdated versions of over 950 servers, and for version-specific problems
on over 260 servers.
● Nikto is fast and effective
● It is not designed as an overly stealthy tool
11. Nikto
Scenario:
Early one morning, the webpage of the company was being identified by Firefox as a
“reported attack page”. It appeared that the Web server had been cracked, and was now
serving malware to visitors, including the company's clients!
Solution:
Download a local copy of the website and scan it using Nikto. The website was vulnerable to
attack because the website developers had not taken the trouble to install updated versions
that addressed known vulnerabilities. After updating the local copy of the site and after
verifying that the site didn’t have any known vulnerabilities, it was uploaded to the Web
server, overwriting the compromised site.
12. Wireshark
● Wireshark, formerly known as Ethereal, is one of the most powerful tools in a
network security analyst's toolkit. As a network packet analyzer, Wireshark can
peer inside the network and examine the details of traffic at a variety of levels,
ranging from connection-level information to the bits comprising a single
packet.
● This flexibility and depth of inspection allows the valuable tool to analyze
security events and troubleshoot network security device issues.
● First, peering into the details of packets can prove invaluable when dissecting
a network attack and designing countermeasures.
13. Wireshark
● For example, if a denial of service occurs, Wireshark can be used to
identify the specific type of attack. The tool can then craft upstream
firewall rules that block the unwanted traffic.
● The second major use of Wireshark is to troubleshoot security devices.
● If systems running Wireshark are connected to either side of a firewall, it's
easy to see which packets successfully traverse the device and identify
whether the firewall is the cause of connectivity problems.
14. Nessus
● Nessus is a free remote security scanner.
● It is one of the full fledged vulnerability scanners which allow you to detect
potential vulnerabilities in the systems.
● Nessus is the world’s most popular vulnerability scanning tool and supported
by most of the research teams around the world.
● Nessus uses web interface to set up, scan and view reports.
15. Nessus
Key Features:
● Identifies Vulnerabilities that allow a remote attacker to access sensitive
information from the system.
● Checks whether the systems in the network has the latest software patches.
● Tries with Default passwords, common passwords, on systems account
● Configuration audits.
● Vulnerability analysis.
● Mobile Device audits.
● Customized reporting
16. Kismet
● It's not always easy to keep tabs on every network, especially Wi-Fi networks
that can come and go frequently.
● This opens up opportunities for attacks such as evil twin attacks, where an
attacker creates a network with a name similar to that of a trusted network, but
leaves it unsecured.
● Unsuspecting users log onto its unprotected connections, and suddenly all of
their data is vulnerable.
● There ought to be a way for security professionals to track all the available
access points and see details about them in order to try to prevent these and
other types of leaks.
17. Kismet
● The free network monitoring tool Kismet can help.
● Kismet is a utility that can be placed on the network passively, meaning that a
security team can look at data immediately, should the need arise.
● Another great feature of Kismet is that it can connect via Bluetooth to a
computer or smartphone with a GPS, and show the location of each detected
network.
● This is especially useful on campuses where there might be unauthorized
wireless networks, because security teams can see exactly where the network
comes from.
18. THC Hydra
● Hydra is a very well-known and respected network log on cracker (password
cracking tool) which can support many different services.
● Hydra is a brute force password cracking tool.
● Brute force just means that the program launches a relentless barrage of
passwords at a log in to guess the password.
● As we know, the majority of users have weak passwords and all too often they
are easily guessed. A little bit of social engineering and the chances of finding
the correct password for a user are multiplied.
19. THC Hydra
● Brute force will take the list that the hacker built and will likely combine it with
other known (easy passwords, such as ‘password1, password2’ etc) and begin
the attack.
● Depending on the processing speed of the hackers computer and Internet
connection, the brute force methodology will systematically go through each
password until the correct one is discovered.
● Hydra can be used to crack FTP servers, login forms, SQL database and many
others
20. Control Measures for Information security
Controls are selected and applied based on a risk assessment of the information
system. The risk assessment process identifies system threats and vulnerabilities,
and controls are for mitigating risk and to reduce probability of loss. When
management chooses to mitigate a risk, they will do so by implementing one or
more of three different types of controls
21. Physical Security Controls
Physical security controls are means and devices to control physical access to
sensitive information and to protect the availability of the information.
All types of computers, computing devices and associated communications
facilities must be considered as sensitive assets and spaces and be protected
accordingly.
Examples of physical security controls are physical access systems including
guards and receptionists, door access controls, restricted areas, closed-circuit
television (CCTV), automatic door controls and human traps, physical intrusion
detection systems, and physical protection systems. Administrative and technical
controls depend on proper physical security controls being in place.
22. Technical Security Controls
Software elements that provide access management capabilities. These are the key
security elements in a program to protect electronic information. An effective
logical security system provides the means to identify, authenticate, authorize, or
limit the authenticated user to certain previously stipulated actions, for each system
user who may sign on or for each program that may be called on by the computer
to process files with established value factors.
23. Administrative Security Controls
Administrative security controls (also called procedural controls) are primarily
procedures and policies which put into place to define and guide employee actions
in dealing with the organization's sensitive information. They inform people on how
the business is to be run and how day to day operations are to be conducted Laws
and regulations created by government bodies are also a type of administrative
control because they inform the business .
24. References
1. Bhaskar SM, Ahson SI (2008) Information Security: Apractical Approach. Oxford: Alpha Science
International Ltd.
2. Purcell JE (2007) Security Control Types and Operational Security. Retrieved from World Wide
Web.
3. Schweitzer J A (1990) Managing Information Security: Administrative, Electronics, and Legal
measures to Protect Business Information. Boston: Butterworths.