2. Outline
Network security basics
Threats on network
Trust, Weaknesses, Risk and Vulnerabilities
TCP/IP Suit Weaknesses and Buffer Overflows
Network security protocols
Wireless security
2
3. Network Security
Network security has become increasingly important in
the current digital era for maintaining the integrity and
safety of our networks.
The protection of a computer network and its data from
illegal access, theft, or damage is referred to as network
security.
Security precautions must be taken in network systems
to protect the network from various forms of assaults,
including malware, phishing, denial of service (DoS)
attacks, and more.
3
4. Cont’d…
Network security is an important component of network
systems.
It entails using firewalls, encryption, antivirus and anti-
malware software, strong passwords, access control
measures, routine network traffic monitoring and analysis,
and regular network device and software upgrades and
patches.
Network administrators can defend the network against
different assaults and guarantee the integrity and safety of
the network and its data by putting these security
measures in place.
4
5. Threats on network
Cyberattacks
Cyberattacks are attacks by a cybercriminal targeting
one or multiple computer networks or machines.
Cyber attacks can perform malicious actions such as
disabling computers, stealing data, or using infected
computers as a pivot to launch further attacks.
Attackers use various methods to execute cyberattacks,
including social engineering techniques like phishing,
brute force techniques, denial of service (DoS), and
injecting malware or ransomware.
5
6. Phishing
This online scamming technique attempts to obtain
sensitive data like credit card details and credentials.
A phishing attack uses fraudulent email messages
designed to appear legitimate by impersonating a
reputable banking institution, website, or personal
contact.
It tricks the user into clicking on a malicious URL or
replying to the email by sending financial and credential
information.
6
Threats on network…
7. Misconfiguration Exploits
A security misconfiguration is any incorrect or insecure
configuration of security controls that puts the system at
risk.
Poor management practices such as inadequate
documentation of configuration changes, reliance on
defaults, and technical issues affecting endpoint
components can lead to misconfiguration.
7
Threats on network…
8. Denial-of-Service (DoS)
DoS attacks prevent legitimate users from accessing
data or services on a target website. They occur when a
malicious attacker overloads the website with junk
traffic.
Distributed denial-of-service (DDoS) attacks are similar
to DoS but are more difficult to overcome.
Attackers launch a DDoS attack from multiple
computers distributed worldwide in a network of
infected machines.
8
Threats on network…
9. Malware
Malware is short for malicious software.
Attackers usually use it to take control of the target
system, exfiltrate sensitive data, or install unwanted
programs on the target device without the victim’s
knowledge.
Malware can spread spyware, worms, and Trojan horses
via pop-up advertisements, compromised files,
fraudulent websites, or phishing emails.
9
Threats on network…
10. Ransomware
Ransomware is a form of malware that cybercriminals
use to lock the target device and demand a ransom in
exchange for unlocking it.
It spreads via malicious apps and phishing emails,
preventing users from launching apps or encrypting files
in some cases, it completely disables the device.
10
Threats on network…
11. Rogue Security Software
Malware tricks users into believing that their security
measures are outdated or that a virus has infected their
computer.
It prompts the user to install a security feature or update
security settings, often demanding payment for the tool
or download.
When users try to remove the suspected virus, they
unwittingly install real malware on their device.
11
Threats on network…
12. weakness refers to an application error or bug, it may
escalate to a vulnerability in cases where it can be
exploited to perform a malicious action.
Risk
12
Trust, Weaknesses, Risk and Vulnerabilities
13. Trust, Weaknesses, Risk and Vulnerabilities
At the broadest level, network vulnerabilities fall into
three categories:
hardware-based
software-based, and
human-based.
13
14. Applications of Network Security
Firewall: Network security uses firewalls to prevent
unauthorized access to networks and protect them from
external threats.
Intrusion Detection System (IDS): Network security
uses IDS to detect and respond to intrusions and attacks
on networks.
Virtual Private Network (VPN): Network security
uses VPN to create secure connections between remote
users and networks, ensuring that data is transmitted
securely and confidentially.
14
15. Cont’d…
Encryption: Network security uses encryption to protect
sensitive data and prevent it from being intercepted and
read by unauthorized users.
Network Access Control (NAC): Network security uses
NAC to control access to networks and resources,
ensuring that only authorized users can access them.
Antivirus software: Network security uses antivirus
software to detect and remove malware and other
malicious programs from networks and devices.
15
16. Network security controls
Administrative security controls
The management implements administrative access
controls to ensure the safety of the organization.
Examples
Regulatory compliance frame work
Security policy
Employee monitoring and supervising
Information classification
Security awareness and training
16
18. TCP/IP protocol suite was created in 1980 as an
internetworking solution with very little concern for
security aspects.
It was developed for a communication in the limited
trusted network.
However, over a period, this protocol became the de-
facto standard for the unsecured Internet communication.
18
TCP/IP…
19. TCP/IP Suit Weaknesses
It is not generic in nature. ...
It does not clearly separate the concepts of services,
interfaces, and protocols. ...
It does not distinguish between the data link and the
physical layers, which has very different functionalities.
Internet Protocol provides the packet delivery services
for TCP, UDP, and ICMP. The IP layer protocol is
unreliable (called a best-effort protocol).
There is no guarantee that IP packets arrive, or that they
arrive only once and are error-free.
19
20. Buffer Overflows
TCP receive buffer becomes full: Commonly caused by
the receiving application not being able to extract data
from the socket receive buffer quickly enough.
For instance, an overloaded server, i.e. one that is
receiving data at a rate greater than the rate at which it
can process data, would exhibit this characteristic
20
21. For example, introducing additional code into a
program could send it new instructions that give the
attacker access to the organization's IT systems.
In the event that an attacker knows a program's memory
layout, they may be able to intentionally input data that
cannot be stored by the buffer.
21
Buffer Overflows…
22. What if TCP buffer is full?
If the TCP/IP buffers are too large and applications are
not processing data fast enough, paging can increase.
The goal is to specify a value large enough to avoid
flow control, but not so large that the buffer
accumulates more data than the system can process.
22
23. Buffer Overflow and Web Applications
A buffer overflow attack is a common cyberattack that
deliberately exploits a buffer overflow vulnerability
where user-controlled data is written to memory.
By submitting more data than can fit in the allocated
memory block, the attacker can overwrite data in other
parts of memory.
Attackers use buffer overflows to corrupt the execution
stack of a web application.
By sending carefully crafted input to a web application,
an attacker can cause the web application to execute
arbitrary code effectively taking over the machine.
23
24. Network security protocols
Network security protocols are network protocols that
ensure the integrity and security of data transmitted
across network connections.
The specific network security protocol used depends on
the type of protected data and network connection.
Each protocol defines the techniques and procedures
required to protect the network data from unauthorized
or malicious attempts to read or exfiltrate information.
24
25. Following are some of the most common network
security protocols.
They are arranged by the network layer at which they
operate, from bottom to top.
25
Network security protocols…
26. Internet Protocol Security (IPsec) Protocol-OSI Layer 3
IPsec is a protocol and algorithm suite that secures data
transferred over public networks like the Internet.
The Internet Engineering Task Force (IETF) released the
IPsec protocols in the 1990s.
They encrypt and authenticate network packets to
provide IP layer security.
26
Network security protocols…
27. SSL and TLS OSI Layer 5
The Secure Sockets Layer (SSL) protocol encrypts data,
authenticates data origins, and ensures message
integrity.
It uses X.509 certificates for client and server
authentication.
SSL authenticates the server with a handshake,
negotiating security session parameters and generating
session keys.
It can then securely transmit the data by authenticating
its origin.
27
Network security protocols…
28. SSL sessions use cryptographic algorithms similar to
the algorithms used by the client and server (determined
during the handshake).
Servers may support encryption with algorithms like
AES and Triple DES.
Transport Layer Security (TLS) is an SSL-based
protocol defined by the IETF (SSL is not).
28
Network security protocols…
29. Datagram Transport Layer Security (DTLS)- OSI Layer 5
DTLS is a datagram communication security protocol
based on TLS.
It does not guarantee message delivery or that messages
arrive in order.
DTLS introduces the advantages of datagram protocols,
including lower latency and reduced overhead.
29
Network security protocols…
30. Kerberos Protocol- OSI Layer 7
Kerberos is a service request authentication protocol for
untrusted networks like the public Internet.
It authenticates requests between trusted hosts, offering
built-in Windows, Mac, and Linux operating system
support.
Windows uses Kerberos as its default authentication
protocol and a key component of services like Active
Directory (AD).
Kerberos uses shared secret cryptography to authenticate
packets and protect them during transmission.
30
Network security protocols…
31. Simple Network Management Protocol (SNMP)- OSI Layer 7
SNMP is a network device management and monitoring
protocol that works at the application layer.
It can secure devices on LANs or WANs.
SNMP provides a shared language to allow devices like
servers and routers to communicate via a network
management system.
SNMP is an original part of the Internet protocol suite
defined by the IETF.
31
Network security protocols…
32. Components of the SNMP architecture include a
manager, an agent, and a management information base
(MIB).
The manager is the client, the agent is the server, and
the MIB is the database.
The SNMP agent responds to the manager’s requests
using the MIB.
While SNMP is widely available, administrators must
adjust the default settings to enable communication
between the agents and the network management
system to implement the protocol.
32
Network security protocols…
33. HTTP and HTTPS - OSI Layer 7
HTTP is an application protocol that specifies rules for web file
transfers. Users indirectly use HTTP when they open their web
browser. It runs on top of the Internet protocol suite.
HTTPS is the secure version of HTTP, securing the
communication between browsers and websites.
It helps prevent DNS spoofing and man-in-the-middle attacks,
which is important for websites that transmit or receive sensitive
information.
All websites requiring user logins or handling financial
transactions are attractive data theft targets and should be using
HTTPS.
33
Network security protocols…
34. HTTPS runs over the SSL or TLS protocol using
public keys to enable shared data encryption.
HTTP uses port 80 by default, while HTTPS uses port
443 for secure transfers.
With HTTPS, the server and browser must establish
the communication parameters before initiating data
transfers.
34
Network security protocols…
36. Wireless security
Wireless security is the prevention of unauthorized
access or damage to computers or data using wireless
networks,
Security is a critical concern in wireless sensor
networks (WSNs) as these networks are vulnerable to
various security threats such as eavesdropping,
tampering, and denial of service attacks.
Therefore, various security protocols have been
developed to ensure secure data transmission in WSNs.
Here are some examples of security protocols in
WSNs:
36
37. Wireless network vulnerability
Using wireless network can potentially create many
security vulnerabilities
No physical access required
Unknown network boundary
Confidentiality
Integrity
Availability
Unsecure wireless network
37
38. Hijacking a wireless association
SSID broadcasting
Open v closed
MAC spoofing
MAC addresses are not permanent
With an SSID and a spoofed MAD address, an
established, unencrypted wireless association can be
easily hijacked.
38
39. Wireless security encryption
The technique of securing wireless networks against
unauthorized access and data breaches is known as
wireless security encryption.
To ensure that sensitive data carried over wireless
networks is safe and protected against eavesdropping,
interception, and other sorts of assaults, it entails the use
of encryption techniques and protocols.
39
40. From home networks to mobile devices, Wi-Fi hotspots at hotels
and cafes have become an integral part of our daily lives.
Wireless networks are convenient, but this also leaves them open
to security risks.
Hackers and fraudsters may quickly access network traffic,
intercept wireless signals, and steal sensitive data including
passwords, credit card numbers, and personal information.
Data is encoded and rendered unreadable to unauthorized users to
protect wireless networks from such attacks.
Wireless encryption comes in a variety of forms, including WEP,
WPA, and WPA2, each with a different level of security and
strength.
40
Wireless security encryption
41. Types of Wireless security encryption
Our daily lives have become increasingly dependent on
wireless networks, which give us access to the internet
and information from everywhere.
Although wireless networks are convenient, there are
security dangers because wireless signals can be
intercepted and perhaps exploited by hostile people.
Wireless security encryption techniques are used to
encrypt wireless signals and guarantee secure
communication in order to safeguard wireless networks
and their users.
The many forms of wireless security encryption and
their advantages will be covered in this article.
41
42. 1.Wired Equivalent Privacy (WEP): WEP is one of the earliest
wireless encryption protocols used to protect wireless networks. It
uses a shared key to encrypt data and authenticate users. However,
WEP is now considered weak and easily hacked, making it an
unreliable encryption technique.
2.Wi-Fi Protected Access (WPA): WPA is a more secure wireless
encryption protocol that was introduced to replace WEP. It uses a
stronger encryption algorithm, Advanced Encryption Standard (AES),
to encrypt wireless signals.
WPA also supports authentication mechanisms like 802.1x and can
use a pre-shared key (WPA-PSK) for simpler setups. However,
WPA can still be vulnerable to attacks, especially when using a
weak pre-shared key.
42
Types of Wireless security encryption
43. 3.Wi-Fi Protected Access II (WPA2): WPA2 is the
most widely used wireless security encryption protocol
today.
It uses the same AES encryption algorithm as WPA but
introduces additional security measures, including
stronger key management and better authentication
methods.
WPA2 is also backward compatible with WPA,
making it easy to upgrade older networks.
43
Types of Wireless security encryption
44. 4. Wi-Fi Protected Access III (WPA3): WPA3 is the
latest wireless security encryption protocol that was
introduced in 2018.
It introduces several new security features, including
Simultaneous Authentication of Equals (SAE), which
replaces WPA-PSK(Wi-Fi Protected Access Pre-Shared
Key) for easier and more secure authentication.
WPA3 also offers better protection against password
guessing attacks and stronger encryption algorithms for
more secure communication.
44
Types of Wireless security encryption
45. 5. Transport Layer Security (TLS): TLS is a security
protocol used to secure internet communications,
including wireless networks.
It encrypts data during transmission, providing end-to-
end security.
It uses a combination of symmetric and asymmetric
encryption techniques to ensure secure communication
between two devices.
TLS is widely used in web applications, email, and
instant messaging services.
45
Types of Wireless security encryption
46. To sum up, wireless security encryption is essential for
maintaining secure communication across wireless
networks.
Although WEP and WPA are still in use, WPA2 and
WPA3 are the most popular encryption protocols
because of their more robust security features.
TLS is another trustworthy security protocol that is
used to protect internet connections.
Your wireless network needs to be adequately secured
to guard against unauthorized access and potential
security breaches.
46
Types of Wireless security encryption