19
06/26/22 1 General Introduction Network Security Scanning

Securitych1

Tags:

Embed Size (px)

Citation preview

Page 1: Securitych1

04/12/23 1

General IntroductionNetwork Security

Scanning

Page 2: Securitych1

04/12/23 2

Outline

1: Introduction to Network Security2: basics of network4: Network Structure5: Data packets6: Virtual Private Networks7: Defending against Virus Attacks8 Defending against Trojan Horses and Spyware9: Computer-based Espionage and Terrorism

Page 3: Securitych1

04/12/23 3

Introduction

The growth of the Internet has brought many ways in which networks can be compromised and data stolen.

Legislators are working to prevent identity theft and ways to reduce the effects of viruses and worms and others.

Page 4: Securitych1

04/12/23 4

The Basics of a Network

• You need to understand the following:– Basic network structure– Data packets– What does this mean for security?

Page 5: Securitych1

04/12/23 5

Page 6: Securitych1

04/12/23 6

Basic Network Structure

• The fundamental purpose of networks is for communication

• Part of the network structure includes:– NICs (network information card), hubs,

switches, routers, and firewalls

• Network architecture comprises the format in which these devices are connected

Page 7: Securitych1

04/12/23 7

Data Packets

• When a workstation wishes to send data, it uses the client network software to enclose the data in a 'packet' containing a 'header' and a 'trailer'.

• The header and trailer contain information for the destination computer. For example, the header contains the address of the destination computer.

• The exact form the packets take is determined by the protocol the network uses.

Page 8: Securitych1

04/12/23 8

Data Packets

• This is the package that holds the data and transmission information

• Ultimately formatted in binary

• Information included in packets:– Source and destination (IP Address)

information– Packet size (in bytes) and type (e.g. Ethernet)– Data and other header information

Page 9: Securitych1

04/12/23 9

• When a data packet is put onto the network by a workstation, each computer on the network examines the packet to see who it is intended for. The packet quickly dissipates if it is not recognized, allowing other packets to be sent. The rate at which packets can be sent is called the 'bandwidth' (this has a somewhat different meaning to how bandwidth is normally used). As an example, a bandwidth of 10 Megabits per second means that ten million individual 1s and 0s can pass through the network in one second.

http://doit.ort.org/course/networks/bandwidth
Page 10: Securitych1

04/12/23 10

What Does This Mean for Security?

• There are two points of attack:– The data packet itself– The devices that connect the network

• These are also the points of security– Protect the data (encryption)– Secure the network devices

Page 11: Securitych1

04/12/23 11

Port scanning• A port scanner is a handy tool that scans a

computer looking for active ports. With this utility, a potential “hacker” can figure out what services are available on a targeted computer from the responses the port scanner receives.

• These tools scan large IP spaces and report on the systems they encounter, the ports available, and other information, such as OS types.

• The most popular port scanner is Network Mapper (Nmap).

Page 12: Securitych1

04/12/23 12

Nmap

Nmap (“Network Mapper”) is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs

Page 13: Securitych1

04/12/23 13

Vulnerability Scanners

Tools available for scanning vulnerable systems. Vulnerability scanners look for a specific vulnerability or scan a system for all potential vulnerabilities. Vulnerability tools are freely available. The most popular and best-maintained vulnerability scanner available, Nessus.

Page 14: Securitych1

04/12/23 14

• I have often heard that the best approach to computer security is to use a layered approach. Can you describe this approach and how an IDS fits in?

The security model that will protect your organization should be built upon the following layers:

1. Security policy of your organization 2. Host system security 3. Auditing 4. Router security 5. Firewalls 6. Intrusion detection systems 7. Incident response plan

Page 15: Securitych1

04/12/23 15

Threats to Network Security

• Insecure Architectures

A misconfigured network is a primary entry point for unauthorized users. Leaving a trust-based, open local network vulnerable to the highly-insecure Internet

– Centralized Servers– Broadcast Networks

Page 16: Securitych1

04/12/23 16

Threats to Server Security

•Unused Services and Open Ports

•Unpatched Services

Page 17: Securitych1

04/12/23 17

• Technical Controls– Encryption – Smart cards – Network authentication – Access control lists (ACLs) – File integrity auditing software

Page 18: Securitych1

04/12/23 18

Summary

• Approaches to securing your network:– Proactive vs. reactive– Perimeter: focus is on perimeter devices,

internal devices are still vulnerable– Layered: focus includes both perimeter and

individual computers within the network– Hybrid: combination of multiple security

paradigms

Page 19: Securitych1

04/12/23 19

Thank you


The Essence of Design for Startups

The Essence of Design for Startups

Technology
Refresh OKC

Refresh OKC

Technology
Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Technology
Campaign Tracking and Adwords Integration

Campaign Tracking and Adwords Integration

Technology
Become A Photographer

Become A Photographer

Technology
Snapshot of Digital India - March 2014

Snapshot of Digital India - March 2014

Technology
Site Search Analytics in a Nutshell

Site Search Analytics in a Nutshell

Technology
Crafting a UX Strategy for Wearables and the Mobile Mainframe

Crafting a UX Strategy for Wearables and the Mobile Mainframe

Technology
The Value of User Experience (from Web 2.0 Expo Berlin 2008)

The Value of User Experience (from Web 2.0 Expo Berlin 2008)

Technology
Introduction to wireframes

Introduction to wireframes

Technology
Wireframes for the Wicked

Wireframes for the Wicked

Technology
Psychology Of The Winner

Psychology Of The Winner

Technology
What is Big Data?

What is Big Data?

Technology
Automotive20

Automotive20

Technology
PickupPal Eco-Rideshare Program

PickupPal Eco-Rideshare Program

Technology
Ogilvy PR 360 DI Twitter Webinar

Ogilvy PR 360 DI Twitter Webinar

Technology
The Art Of Colors

The Art Of Colors

Technology
Lets Go on a Field Trip! (Physically & Virtually)

Lets Go on a Field Trip! (Physically & Virtually)

Technology
6 key learnings for responsive webdesign

6 key learnings for responsive webdesign

Technology
Google Analytics New Feature

Google Analytics New Feature

Technology
Big Data - The 5 Vs Everyone Must Know

Big Data - The 5 Vs Everyone Must Know

Technology
The Art & Science of Seductive Interactions

The Art & Science of Seductive Interactions

Technology
Stop Buying Tech

Stop Buying Tech

Technology
From Paths to Sandboxes

From Paths to Sandboxes

Technology
Simple Steps to UX/UI Web Design

Simple Steps to UX/UI Web Design

Technology
Social, Digital & Mobile in The Americas

Social, Digital & Mobile in The Americas

Technology
Leaving Positive Impression

Leaving Positive Impression

Technology
Advertising Psychology

Advertising Psychology

Technology
Designing With Vision

Designing With Vision

Technology
How to Set Google Analytics Goals and Funnels

How to Set Google Analytics Goals and Funnels

Technology