This document discusses network security and outlines common threats and countermeasures. It begins by defining security as freedom from harm caused by others. It then outlines organizations that are vulnerable to network attacks, such as financial institutions, governments, and corporations. Common attacks are discussed like denial of service attacks, software exploits, packet sniffing, and social engineering. Countermeasures recommended include antivirus software, firewalls, intrusion detection systems, virtual private networks, and network access control to monitor devices and users on the network. The document emphasizes the importance of staying aware of security updates to patch vulnerabilities.
5. “Security in IT is like locking your house or
car – it dosen’t stop the bad guys, but if
it’s good enough they may move on to an
easier target.
– Paul Herbka (Cyber Security, GCI)
5
6. Vulnerable to the Network Security
▰ Financial institutions and banks
▰ Internet service providers
▰ Pharmaceutical companies
▰ Government and defence agencies
▰ Contractors to various government
agencies
▰ Multinational corporations
▰ ANYONE ON THE NETWORK
6
7. Common Attacks and Threats
Computer Networks are the battlefields of Now…!!
7
8. 8
▰ Finding a way into the Network
▰ Exploiting software bugs, buffer Overflow
▰ Denial of Service
▰ TCP Hijacking
▰ Packet Sniffing
▰ Social Engineering
Common Attacks and Threats
9. Finding a way into the Network
▰ Connecting to a Network Physically
▰ Connecting to a Wireless network
▰ Accessing Remotely by Backdoors.
9
11. Denial of Service
▰ A method to make a network service unusable, usually by overloading the
server or network
▰ different kinds of DoS attacks
○ SYN flooding
○ SMURF
○ Distributed attacks
11
12. The Largest DDoS attack of all the Time
12
▰ Date : February, 2018
▰ Target : GitHub – A popular code management service used by
millions of developers
▰ Peak Incoming Traffic : 1.3 Terabytes per Second (Tbps)
▰ Packet Rate : 126.9 Million per second
▰ Type of Attack : Memcached DDoS attack
▰ Magnitude : Around 50,000x
▰ Length of Attack : 20 Minutes
13. TCP Hijacking
▰ TCP session hijacking is a security attack on a user session over a
protected network.
▰ Another type of session hijacking is known as a man-in-the-middle
attack, where the attacker, using a sniffer, can observe the
communication between devices and collect the data that is
transmitted.
13
14. Packet Sniffing
▰ Packet sniffers work by intercepting and logging network traffic that
they can 'see' via the wired or wireless network interface that the packet
sniffing software has access to on its host computer.
14
15. Social Engineering
▰ Social engineering, in the context of information
security, refers to psychological manipulation of
people into performing actions or divulging
confidential information.
15
18. Antivirus and Antimalware Software
▰ This software is used for protecting against malware, which includes
spyware, ransomware, Trojans, worms, and viruses. Malware can also
become very dangerous as it can infect a network and then remain calm for
days or even weeks. This software handles this threat by scanning for
malware entry and regularly tracks files afterward in order to detect
anomalies, remove malware, and fix damage.
18
19. Firewalls
▰ A firewall is a network security system that monitors and controls
incoming and outgoing network traffic based on predetermined
security rules. A firewall typically establishes a barrier between a
trusted internal network and untrusted external network, such as
the Internet.
19
20. Intrusion Detection System
▰ An intrusion detection system is a device or software application that
monitors a network or systems for malicious activity or policy violations.
Any malicious activity or violation is typically reported either to an
administrator or collected centrally using a security information and
event management system.
20
21. Virtual Private Network
▰ A virtual private network (VPN) is programming that creates
a safe and encrypted connection over a less secure network,
such as the public internet. A VPN works by using the shared
public infrastructure while maintaining privacy through
security procedures and tunnelling protocols.
21
22. Network Access Control (NAC)
▰ This network security process helps you to control who can access your
network. It is essential to recognize each device and user in order to keep
out potential attackers. This indeed will help you to enforce your security
policies. Noncompliant endpoint devices can be given only limited access
or just blocked.
22
23. Conclusion
▰ The Internet works only because we implicitly trust one another
▰ It is very easy to exploit this trust
▰ The same holds true for software
▰ It is important to stay on top of the latest CERT security advisories to know
how to patch any security holes
23
Hi Everyone, Myself Jaydeep Patel an Analyst @ BHP, I am here to make you people aware about an important aspect i.e. Network Security. A risk to everyone’s privacy.
During this presentation will apprise you all about the current issues in network security and also will help you with some tips to keep yourself secure.
In other words, any thing that keeps us safe in first place is known as security, discussing in general terms for an example having lock in the door, which avoids entry of unwanted people inside the door.
It Simply means the better we have, more secure we are.
Applications which uses Internet, can be a door for someone to your computer
SYN flooding attack - Send SYN packets with bogus source address - Server responds with SYN ACK and keeps state about TCP half-open connection
SMURF - Source IP address of a broadcast ping is forged - Large number of machines respond back to victim, overloading it
Distributed Denial of Service - Same techniques as regular DoS, but on a much larger scale
The attack works by sending spoofed requests to a vulnerable server, which then responds with a larger amount of data than the initial request, magnifying the volume of traffic.
Memcached is a database caching system for speeding up websites and networks.
Memcached amplification can be thought of in the context of a malicious teenager calling a restaurant and saying "I’ll have one of everything, please call me back and tell me my whole order." When the restaurant asks for a callback number, the number given is the targeted victim’s phone number. The target then receives a call from the restaurant with a lot of information that they didn’t request.
If an attacker learns the associated TCP state for the connection, then the connection can be hijacked!
Attacker can insert malicious data into the TCP stream, and the recipient will believe it came from the original source