1. COMPUTER SECURITY
Computer security is the
protection of computer systems
from the theft of or damage to their
hardware, software, or electronic
data, as well as from the
2. COMPUTER ATTACKS
Classes of attack might include passive monitoring of
communications, active network attacks, close-in attacks,
exploitation by insiders, and attacks through the service
provider. Information systems and networks offer
attractive targets and should be resistant to attack from
the full range of threat agents, from hackers to nation-
states.
3. COMPUTER ATTACK CONT’D…
A passive attack monitors unencrypted traffic and looks
for clear-text passwords and sensitive information that
can be used in other types of attacks. Passive
attacks include traffic analysis, monitoring of unprotected
communications, decrypting weakly encrypted traffic, and
capturing authentication information such as passwords.
4. COMPUTER ATTACK CONT’D…
Passive interception of network operations enables
adversaries to see upcoming actions. Passive attacks
result in the disclosure of information or data files to an
attacker without the consent or knowledge of the user
5. ACTIVE ATTACK
In an active attack, the attacker tries to bypass or break
into secured systems. This can be done through stealth
(movement that is quiet and careful in order not to be
seen or heard, or secret action), viruses, worms, or
Trojan horses.
6. ACTIVE ATTACK CONT’D…
Active attacks include attempts to circumvent or break
protection features, to introduce malicious code, and to
steal or modify information.
7. ACTIVE ATTACK CONT’D…
These attacks are mounted against a network backbone,
exploit information in transit, electronically penetrate an
enclave, or attack an authorized remote user during an
attempt to connect to an enclave. Active attacks result in
the disclosure or dissemination of data files, DoS, or
modification of data.
8. DISTRIBUTED ATTACK
A distributed attack requires that the adversary
introduce code, such as a Trojan horse or back-door
program, to a “trusted” component or software that will
later be distributed to many other companies and users.
9. DISTRIBUTED ATTACK CONT’D…
Distribution attacks focus on the malicious modification of
hardware or software at the factory or during distribution.
These attacks introduce malicious code such as a back
door to a product to gain unauthorized access to
information or to a system function at a later date.
10. INSIDER ATTACK
An insider attack involves someone from the inside,
such as a disgruntled employee, attacking the network.
Insider attacks can be malicious or non malicious.
Malicious insiders intentionally eavesdrop, steal, or
damage information; use information in a fraudulent
manner; or deny access to other authorized users.
11. INSIDER ATTACK CONT’D…
No malicious attacks typically result from carelessness,
lack of knowledge, or intentional circumvention of
security for such reasons as performing a task.
12. CLOSE-IN ATTACK
A close-in attack involves someone attempting to get
physically close to network components, data, and
systems in order to learn more about a network.
13. CLOSE-IN ATTACK CONT’D…
Close-in attacks consist of regular individuals attaining
close physical proximity to networks, systems, or facilities
for the purpose of modifying, gathering, or denying
access to information.
Close physical proximity is achieved through stealth entry
into the network, open access, or both.
14. PHISHING ATTACK
In phishing attack the hacker creates a fake web site that
looks exactly like a popular site such as the SBI bank or
paypal.
15. PHISHING ATTACK CONT’D…
The phishing part of the attack is that the hacker then
sends an e-mail message trying to trick the user into
clicking a link that leads to the fake site.
When the user attempts to log on with their account
information, the hacker records the username and
password and then tries that information on the real site.
16. HIJACK ATTACK
In a hijack attack, a hacker takes over a session between
you and another individual and disconnects the other
individual from the communication.
You still believe that you are talking to the original party
and may send private information to the hacker by
accident.
17. SPOOF ATTACK
In a spoof attack, the hacker modifies the source address
of the packets he or she is sending so that they appear to
be coming from someone else. This may be an attempt
to bypass your firewall rules.
18. BUFFER OVERFLOW
A buffer overflow attack is when the attacker sends more
data to an application than is expected. A buffer overflow
attack usually results in the attacker gaining
administrative access to the system in a command
prompt or shell.
19. EXPLOIT ATTACK
In this type of attack, the attacker knows of a security
problem within an operating system or a piece of
software and leverages that knowledge by exploiting the
vulnerability (the quality or state of being exposed to the
possibility of being attacked or harmed, either physically
or emotionally).
20. PASSWORD ATTACK
An attacker tries to crack the passwords stored in a
network account database or a password-protected file.
There are three major types of password attacks: a
dictionary attack, a brute-force attack, and a hybrid
attack.
21. PASSWORD ATTACK CONT’D…
A dictionary attack uses a word list file, which is a list of
potential passwords. A brute-force attack is when the
attacker tries every possible combination of characters
and a hybrid attack is a blend of both a dictionary attack
method as well as brute force attack.
22. NETWORKING SECURITY
Defined: Network security is any activity designed to
protect the usability and integrity of your network and
data.
It includes both hardware and software technologies.
Effective network security manages access to the
network. It targets a variety of threats and stops them
from entering or spreading on your network.
23. HOW DOES NETWORK SECURITY WORK?
Network security combines multiple layers of defenses at
the edge and in the network. Each network security layer
implements policies and controls. Authorized users gain
access to network resources, but malicious actors are
blocked from carrying out exploits and threats.
24. HOW DO I BENEFIT FROM NETWORK SECURITY?
Digitization has transformed our world. How we live,
work, play, and learn have all changed. Every
organization that wants to deliver the services that
customers and employees demand must protect its
network. Network security also helps you protect
proprietary information from attack. Ultimately it protects
your reputation.
25. HOW DO I BENEFIT FROM NETWORK
SECURITY? CONT’D…
Without security measures and controls in place, your
data might be subjected to an attack. Some attacks are
passive, meaning information is monitored; others are
active, meaning the information is altered with intent to
corrupt or destroy the data or the network itself.
26. COMMON TYPES OF NETWORK ATTACKS
Your networks and data are vulnerable to any of the
following types of attacks if you do not have a security
plan in place.
27. EAVESDROPPING
In general, the majority of network communications occur
in an unsecured or “cleartext” format, which allows an
attacker who has gained access to data paths in your
network to “listen in” or interpret (read) the traffic. When
an attacker is eavesdropping on your communications, it
is referred to as sniffing or snooping.
28. EAVESDROPPING CONT’D…
The ability of an eavesdropper to monitor the network is generally the biggest security
problem that administrators face in an enterprise. Without strong encryption services that
are based on cryptography, your data can be read by others as it traverses the network.
29.
30. DATA MODIFICATION
After an attacker has read your data, the next logical step
is to alter it. An attacker can modify the data in the packet
without the knowledge of the sender or receiver.
Even if you do not require confidentiality for all
communications, you do not want any of your messages
to be modified in transit.
31. DATA MODIFICATION CONT’D…
For example, if you are exchanging purchase
requisitions, you do not want the items, amounts, or
billing information to be modified.
32. IDENTITY SPOOFING (IP ADDRESS SPOOFING)
• Most networks and operating systems use the IP
address of a computer to identify a valid entity. In
certain cases, it is possible for an IP address to be
falsely assumed identity spoofing. An attacker might
also use special programs to construct IP packets that
appear to originate from valid addresses inside the
corporate intranet.
33. IDENTITY SPOOFING (IP ADDRESS SPOOFING)
CONT’D…
After gaining access to the network with a valid IP
address, the attacker can modify, reroute, or delete your
data. The attacker can also conduct other types of
attacks, as described in the following sections.
34.
35. PASSWORD-BASED ATTACKS
A common denominator of most operating system and network security plans is password-
based access control. This means your access rights to a computer and network resources
are determined by who you are, that is, your user name and your password.
Older applications do not always protect identity information as it is passed through the
network for validation.
37. DENIAL-OF-SERVICE ATTACK
Unlike a password-based attack, the denial-of-service
attack prevents normal use of your computer or network
by valid users.
After gaining access to your network, the attacker
can do any of the following:
38. DENIAL-OF-SERVICE ATTACK CONT’D…
• Randomize the attention of your internal Information
Systems staff so that they do not see the intrusion
immediately, which allows the attacker to make more
attacks during the diversion.
39. DENIAL-OF-SERVICE ATTACK CONT’D…
• Send invalid data to applications or network services, which
causes abnormal termination or behavior of the applications
or services.
• Flood a computer or the entire network with traffic until a
shutdown occurs because of the overload.
• Block traffic, which results in a loss of access to network
resources by authorized users.
40. MAN-IN-THE-MIDDLE ATTACK
As the name indicates, a man-in-the-middle attack occurs
when someone between you and the person with whom
you are communicating is actively monitoring, capturing,
and controlling your communication transparently. For
example, the attacker can re-route a data exchange.
41. MAN-IN-THE-MIDDLE ATTACK CONT’D…
When computers are communicating at low levels of the
network layer, the computers might not be able to
determine with whom they are exchanging data.
Man-in-the-middle attacks are like someone assuming
your identity in order to read your message.
42. MAN-IN-THE-MIDDLE ATTACK CONT’D…
The person on the other end might believe it is you
because the attacker might be actively replying as you to
keep the exchange going and gain more information.
This attack is capable of the same damage as an
application-layer attack, described later in this section.
43. MAN-IN-THE-MIDDLE ATTACK CONT’D…
• A client connects to a server.
• The attacker’s computer gains control of the client.
• The attacker’s computer disconnects the client from the
server.
44. MAN-IN-THE-MIDDLE ATTACK CONT’D…
• The attacker’s computer replaces the client’s IP address
with its own IP address and
spoofs the client’s sequence numbers.
• The attacker’s computer continues dialog with the
server and the server believes it is still communicating
with the client.
47. COMPROMISED-KEY ATTACK
A key is a secret code or number necessary to interpret
secured information. Although obtaining a key is a difficult
and resource-intensive process for an attacker, it is
possible. After an attacker obtains a key, that key is
referred to as a compromised key.
48. COMPROMISED-KEY ATTACK CONT’D…
An attacker uses the compromised key to gain access to
a secured communication without the sender or receiver
being aware of the attack. With the compromised key, the
attacker can decrypt or modify data, and try to use the
compromised key to compute additional keys, which
might allow the attacker access to other secured
communications.
49. SNIFFER ATTACK
A sniffer is an application or device that can read,
monitor, and capture network data exchanges and read
network packets. If the packets are not encrypted, a
sniffer provides a full view of the data inside the packet.
50. SNIFFER ATTACK CONT’D…
Even encapsulated (tunneled) packets can be broken
open and read unless they are encrypted and the
attacker does not have access to the key.
51. SNIFFER ATTACK CONT’D…
Using a sniffer, an attacker can do any of the
following:
• Analyze your network and gain information to eventually
cause your network to crash or to become corrupted.
• Read your communications.
52. APPLICATION-LAYER ATTACK CONT’D…
An application-layer attack targets application servers by
deliberately causing a fault in a server’s operating system
or applications. This results in the attacker gaining the
ability to bypass normal access controls.
53. APPLICATION-LAYER ATTACK
The attacker takes advantage of this situation, gaining
control of your application, system, or network, and can
do any of the following:
• Read, add, delete, or modify your data or operating
system.
54. APPLICATION-LAYER ATTACK CONT’D…
• Introduce a virus program that uses your computers and
software applications to copy viruses throughout your
network.
• Introduce a sniffer program to analyze your network and
gain information that can eventually be used to crash or
to corrupt your systems and network.
55. APPLICATION-LAYER ATTACK CONT’D…
• Abnormally terminate your data applications or
operating systems.
• Disable other security controls to enable future attacks.
56. TYPES OF NETWORKING SECURITY
CONTROLS
Access control
Not every user should have access to your network. To
keep out potential attackers, you need to recognize each
user and each device. Then you can enforce your
security policies. You can block non compliant endpoint
devices or give them only limited access. This process is
network access control (NAC).
57. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Antivirus and antimalware software
"Malware," short for "malicious software," includes
viruses, worms, Trojans, ransomware, and spyware.
Sometimes malware will infect a network but lie dormant
for days or even weeks.
58. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
The best antimalware programs not only scan for
malware upon entry, but also continuously track files
afterward to find anomalies, remove malware, and fix
damage.
59. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Application security
Any software you use to run your business needs to be
protected, whether your IT staff builds it or whether you
buy it.
60. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Unfortunately, any application may contain holes, or
vulnerabilities, that attackers can use to infiltrate your
network. Application security encompasses the hardware,
software, and processes you use to close those holes.
61. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Behavioral analytics
To detect abnormal network behavior, you must know
what normal behavior looks like. Behavioral analytics
tools automatically discern activities that deviate from the
norm.
62. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Your security team can then better identify indicators of
compromise that pose a potential problem and quickly
remediate threats.
63. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Data loss prevention
Organizations must make sure that their staff does not
send sensitive information outside the network. Data loss
prevention, or DLP, technologies can stop people from
uploading, forwarding, or even printing critical information
in an unsafe manner.
64. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Email security
Email gateways are the number one threat vector for a
security breach. Attackers use personal information and
social engineering tactics to build sophisticated phishing
campaigns to deceive recipients and send them to sites
serving up malware.
65. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
An email security application blocks incoming attacks and
controls outbound messages to prevent the loss of
sensitive data.
66. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Firewalls
Firewalls put up a barrier between your trusted internal
network and untrusted outside networks, such as the
Internet. They use a set of defined rules to allow or block
traffic.
67. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
A firewall can be hardware, software, or both. Cisco
offers unified threat management (UTM) devices and
threat-focused next-generation firewalls.
68. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Intrusion prevention systems
An intrusion prevention system (IPS) scans network
traffic to actively block attacks.
69. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Mobile device security
Cybercriminals are increasingly targeting mobile devices
and apps. Within the next 3 years, 90 percent of IT
organizations may support corporate applications on
personal mobile devices.
70. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Of course, you need to control which devices can access
your network. You will also need to configure their
connections to keep network traffic private.
71. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Network segmentation
Software-defined segmentation puts network traffic into
different classifications and makes enforcing security
policies easier. Ideally, the classifications are based on
endpoint identity, not mere IP addresses.
72. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
You can assign access rights based on role, location, and
more so that the right level of access is given to the right
people and suspicious devices are contained and
remediated.
73. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
VPN
A virtual private network encrypts the connection from an
endpoint to a network, often over the Internet. Typically, a
remote-access VPN uses IPsec or Secure Sockets Layer
to authenticate the communication between device and
network.
74. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Web security
A web security solution will control your staff’s web use,
block web-based threats, and deny access to malicious
websites. It will protect your web gateway on site or in the
cloud. "Web security" also refers to the steps you take to
protect your own website.
75. TYPES OF NETWORKING SECURITY
CONTROLS CONT’D…
Wireless security
Wireless networks are not as secure as wired ones.
Without stringent security measures, installing a wireless
LAN can be like putting Ethernet ports everywhere,
including the parking lot. To prevent an exploit from
taking hold, you need products specifically designed to
protect a wireless network.