Professional Documents
Culture Documents
Network and Telecommunications Technologies IT Network and Telecommunications Risks IT Network and Telecommunications Security Auditing Network Security Auditing Switches, Routers and Firewalls Auditing WLAN and Mobile Devices
2
Network Components
Components
in a computer network:
Computers and terminals (dumb or smart) Telecommunications channels (physical or wireless) Telecommunications processors Routers and switching devices
Destination Address Field is Used by Switches and Routers Like the Address on an 2-5 Envelope
CSI/FBI Survey
Viruses (and other malware) Decreasing Frequency Insider abuse of net access Laptop theft Unauthorized access by insiders Denial-of-service attacks System penetration Sabotage Theft of proprietary information Fraud Telecoms eavesdropping and active wiretaps
In Order of
CSI/FBI Survey
Network Types
Site-to-site VPNs protect traffic between sites Will dominate VPN traffic
Host-to-Host VPN Remote Access VPN Remote Corporate PC
OSI Layers
Layer OSI Name Number 1 2 Physical Data Link Purpose Physical connections between adjacent devices Use Nearly 100% dominant
End-to-end transmission in a single switched Nearly 100% network. Frame organization. Switch dominant operation Generally equivalent to the TCP/IP internet Rarely used layer. However, OSI network layer standards are not compatible with TCP/IP internet layer standards Generally equivalent to the TCP/IP transport Rarely used layer. However, OSI transport layer standards are not compatible with TCP/IP transport layer standards
Network
Transport
2-12
OSI Layers
Layer OSI Name Number 5 Session Purpose Initiates and maintains a connection between application programs on different computers If a session is broken, only have to go back to the last rollback point Brilliant idea, but few applications need it and those that do have their own methods for managing sessions 6 Presentation Designed to handle data formatting differences, data compression, and data encryption Rarely used as a layer. However, many file format standards are assigned to this layer. Some OSI applications are used
2-13
Application
In practice, a category for general file format standards used in multiple applications Governs remaining application-specific matters
Programmed Threats
viruses, worms, Trojan horses, hoaxes, blended threats
Malware
Malware
A general name for evil software
Viruses
Pieces of code that attach to other programs When infected programs execute, the virus executes Infects other programs on the computer Spreads to other computers by e-mail attachments, IM, peer-to-peer file transfers, etc. Antivirus programs are needed to scan arriving files
Also scans for other malware
Malware
Worms
Stand-alone programs that do not need to attach to other programs Can propagate like viruses through e-mail, etc.
But this require human gullibility, which is slow
Vulnerability-enabled worms jump to victim hosts directly Can do this because hosts have vulnerabilities
Vulnerability-enabled worms can spread with amazing speed Vendors develop patches for vulnerabilities but companies often fail or are slow to apply them
Malware
Payloads
After propagation, viruses and worms execute their payloads (damage code)
Payloads erase hard disks, send users to pornography sites if they mistype URLs Trojan horses: exploitation programs disguise themselves as system files
Malware
Attacks on Individuals
Social engineeringtricking the victim into doing something against his or her interests
Spamunsolicited commercial e-mail Credit card number theft is performed by carders Identity theft: collect enough data to impersonate the victim in large financial transactions Fraud: get-rich-quick schemes, medical scams
Malware
Attacks on Individuals
Adware pops up advertisements
Spyware collects sensitive data and sends it to an attacker Phishing: sophisticated social engineering attack in which an authentic-looking e-mail or website entices the user to enter his or her username, password, or other sensitive information
Human Break-Ins
Viruses and worms rely on one main attack method
Humans can keep trying different approaches until they succeed
Hacking
Breaking into a computer Hacking is intentionally using a computer resource without authorization or in excess of authorization
Scanning Phase
Send attack probes to map the network and identify possible victim hosts
Nmap programming is popular
Social Engineering
Social engineers use their personalities and social skills to obtain confidential information or unauthorized access.
Learn about the target organization Pretend to be an IT employee or upper level manager Cajole or threaten the staff to get the information
24
25
A denial of service (DOS) attack occurs when a system is tied up and unable to perform its functions. Three-way handshake:
A sends an SYN packet to B B accepts and acknowledges it with SYN/ACK A returns an acknowledgment of the SYN/ACK and establishes a connection
When multiple messages are sent from A to B with the connections left open, B is tied up trying to make continuous ACK connections.
26
SYN SYN/ACK
ACK
A SYN segment is a segment in which the SYN bit is set. One side sends a SYN segment requesting an opening. The other side sends a SYN/acknowledgment segment. Originating side acknowledges the SYN/ACK.
Handler
Victim 60.168.47.47
The attacker installs handler and zombie programs on victims The attacker sends an attack command to handlers. Handlers send attack commands to zombies. The zombies overwhelm the victim with attack packets.
31
32
33
An IT audit program for network security have components similar to those for auditing any IT application area, including:
Obtain an understanding of network configuration and network security administration. Evaluate physical and logical access security. Evaluate programmed threat security. Examine backup and contingency plans.
34