Network Defense and

Countermeasures
Sir. Ahmad Kamalrulzaman Othman
FSKM, UiTM Johor

Chapter 1: Introduction to Network Security

Objectives

Identify the most common dangers to

networks
Employ basic security terminology
Find the best approach to network security
for your organization
Evaluate the legal issues that will affect your
work as a network administrator
Use resources available for network security

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

Introduction
The growth of the Internet has brought many
ways in which networks can be compromised
and data stolen.
Legislators are working to prevent identity theft
and ways to reduce the effects of viruses and
worms such as MyDoom, MSBlaster, and
others.

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

The Basics of a Network

You need to understand the following:

Basic network structure

Data packets
What does this mean for security?

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

Basic Network Structure

The fundamental purpose of networks is for

communication
Part of the network structure includes:

NICs, hubs, switches, routers, and firewalls

Network architecture comprises the format in

which these devices are connected

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

Data Packets

This is the package that holds the data and

transmission information
Ultimately formatted in binary
Size ranges between 32 and 65,000 bytes
Information included in packets:

Source and destination (IP Address) information

Packet size (in bytes) and type (e.g. Ethernet)
Data and other header information

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

What Does This Mean for Security?

There are two points of attack:

The data packet itself

The devices that connect the network

These are also the points of security

Protect the data (encryption)

Secure the network devices

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

Assessing Likely Threats to the

Network

There are two perspectives in relation to

security:

First, there is no real threat

Second, all hackers are experts and out to break
into my network

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

Assessing Likely Threats to the

Network cont.

No real threat:

Fosters a laissez-faire attitude toward security

Promotes a reactive approach to security
Security measures are not put in place until after a
breach has occurred
This approach must be avoided at all costs

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

Assessing Likely Threats to the

Network cont.

Expert hackers out to get me?

Yes, they exist, but not to the extent publicized

Lesser skilled hackers are more pervasive

These target smaller companies

Usually experts seek high profile networks

Financial and ideological gain are the targets

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

10

Assessing Likely Threats to the

Network cont.

The only practical approach is the realistic

one
This approach is a moderate solution to the
two extremes
Assessment is a complex task
Many factors need to be addressed

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

11

Classifications of Threats

Attacks can be classified by function:

Intrusion
Blocking
Malware

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

12

Classifications of Threats cont.

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

13

Intrusion-type Attacks on Security

Cracking
Social engineering
War-dialing or war-driving

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

14

Malware

Additional discussion is needed:

Viruses, worms
Trojan horses
Spyware

Cookies
Key loggers

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

15

Blocking-type Attacks

Denial-of-Service
Dynamic Denial of Service

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

16

Likely Attacks

Administrators should ask:

What are the realistic dangers?

What are the most likely attacks for our network?
What are some common vulnerabilities?
What is the likelihood of an attack?

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

17

Threat Assessment

Three factors to consider:

Attractiveness of the system (discussed earlier)

The nature of the information on the system
Traffic to the system (security devices in place)

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

18

Threat Assessment cont.

A numerical scale can be assigned to each

factor

Attractiveness (A): 1 10
Information content (I): 1 10
Security devices (S): 1 10

The equation is: (A + I) S = V

Where V equals Vulnerability score

Lower score indicates lower risk

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

19

Understanding Security Terminology

Hacking terminology
Security terminology

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

20

Understanding Security Terminology

cont.

Hacking terminology (people & activity)

White hat hackers

Black hat hackers
Gray hat hackers
Script kiddy
Cracker
Ethical hacker or sneaker
Phreaking

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

21

Understanding Security Terminology

cont.

Security terminology (devices & policies)

Firewall
Proxy server
Intrusion-detection system
Access control authentication
Non-repudiation
auditing

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

22

Understanding Security Terminology

cont.

Web sites that are helpful:

www.microsoft.com/security/glossary.mspx
www.yourwindow.to/information%2Dsecurity/
www.ietf.org/rfc/rfc2828.txt

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

23

Approaching Network Security

Perimeter security approach

Layered security approach
Proactive (dynamic) or reactive (passive)
Hybrid approach

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

24

Approaching Network Security cont.

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

25

Network Security and the Law

Sarbanes-Oxley (SOX)
Computer Security Act of 1987
Health Insurance Portability and
Accountability Act (HPAA)

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

26

Using Security Resources

CERT (www.cert.org/)
Microsoft Security Advisor
(www.microsoft.com/security/default.mspx)
F-Secure Corporation (www.f-secure.com/)
SANS Institute (www.sans.org/)

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

27

Summary

Most common dangers to networks:

Viruses, worms, trojan horses

Basic security terminology:

Hacking terms: deal with people and activities

Security terms: deal with devices and policies

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

28

Summary cont.

Approaches to securing your network:

Proactive vs. reactive

Perimeter: focus is on perimeter devices, internal
devices are still vulnerable
Layered: focus includes both perimeter and
individual computers within the network
Hybrid: combination of multiple security
paradigms

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

29

Summary cont.

Legal issues:

SOX
HPAA
State-specific legislation regarding computer
crimes

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

30

Summary cont.

Resources available for network security:

CERT
Microsoft Security Advisor
F-Secure Corporation
SANS institute

2006 by Pearson Education, Inc.

Chapter 1 Introduction to Network Security

31