Network Security Basics

Lets start with, what is Network security? Network security means the protection of the information and systems and the hardware In addition to that it also need to ensure the confidentiality, integrity and availability of the data or resources. And talking about the threats which is rapid increase in the network parts. In 2001, the National infrastructure  Protection Center at the FBI released a document summarizing Ten Most Critical Internet Security Vulnerabilities. sans Tops 25 software errors(https://www.sans.org/top25-software-errors) These is the important vulnerabilities which can be common in many other companies to to patch up their hole in the system.

                                                        Sophistication of Threats

Information Security Models

In the more details of the respective subject that is information states can be in the processing, storage or transmission. And the security properties are confidentiality, integrity and availability. The security measures are the policy and procedures, technology and education, training and awareness.

CIA where confidentiality means to prevent the disclosure of sensitive information from unauthorized people and process. And the integrity means the prevention of system information from being modified. Availability means to make available of the data and system to the authorized users when needed. It was the information security properties. Now the information can in the following states like in the storage which means the data is in the rest condition. It can be located in a database or stores in local drive. network shared drive or in cloud storage. Example can be a USB key or external drive if they are not being processed. Now talking about the information in processing state, the data is in use. example can be creating a new document or processing a payment. Similarly the data in transmission is when information is transferred from one network node to another when sending email or retrieving a web page.

And different security measures can be used to be aware of information security that is policy and procedures, through technology, education, training and awareness.

 

Trojans

Trojan is a type of the malicious program that disguised as a legitimate software. This programs can provide unauthorized access to the user’s computer. The name came from the Ancient Geek story. The working is also like similar. The way they disguised the horse to invade the troy.

There are two components of the Trojan

Overt component: Overt component can be seen or in the form dis-tractor to the users. It comes in the games, freeware software and dis-tractor software.
Covert component: Covert component cannot be seen or is in the hidden form. It is usually perform by the hacker or pen tester to gain access to the victims computer by BackDoors, RootKits, KeyLoggers, Spyware

Different types of the Trojans

  • Virtual Network Computing Trojan (VNC)

  • HTTP(web based)

  • IRC

  • Command Shell

  • Destruction

  • Documents

  • Botnet

  • Proxy

  • Remote Access Trojan (RAT)

  • Email

  • FTP

  • GUI

  • Spam

  • Defacement

  • Mobile

Different Infections Techniques

  • Instant Messaging

  • IRC

  • Physically installing on the computer

  • Browser(Through the different script like java-script on the browsers)

  • Fake programs

  • Attachments(Through email)

  • Freeware

  • Games

Detecting the Trojan

  • Monitor the common ports used by Trojans (PORTS)

  • Check the different process whether it is legitimate or not(Running Process)

  • Scan register(Registry)

  • Monitor authorized or unauthorized drivers (Drivers)

  • Scan different services running  (Services)

  • Startup

  • Files/Folder

  • Network Activity

  • Using different scanner to detect the viruses(Scanners)

Counter Measures

  • Since though Email Attachment viruses can be transferred (Blocking the certain Email attachment)

  • Blocking certain instant messaging (shutdown Instant Messaging)

  • Security Technical Implementation Guide  (STIG)

  • Monitor traffic

  • Hardening system

  • Restricting some the port and authorizing some of the ports (Blocking Ports)

  • Patch management

  • Monitoring the system by hashing files or from the networking level like intrusion detection system (Monitor Integrity)

  • Trusted sources (Installing software though trusted sources)

  • Anti “Trojans” software

XSRF : Cross-Site Request Forgery

Cross-Site Request Forgery is another web based attack. For the basic understanding, Suppose a user’s browser may be running a script from a good site and also malicious script from a bad site. This can happen when the user has logged into the good site and kept the session alive. For examples the user has logged into Gmail and has not logged off and Similarly the user may be browsing the other sites include bad site that sends the malicious script to the browser. The malicious script can then forge a request to the good site using the user cookie. but they do not know that the request was not sent by the user.

Figure : 1

In the figure above, the user logs in and establish session with good site, and keep session alive. Similarly, the user browses a bad site and runs malicious script on the browser. The malicious script forged request to the good site.

Examples of XSRF

A user logs into bank.com forget to logged off. The session cookie remain in the browser. If the user is phished to visit a malicious website attacker.com which sends an HTML page that contains a hidden I frame that include the malicious content, that the HTML page with action will be performed on the bill payment form of bank.com. In this way the malicious script forged the request on be half of user without knowing the users. Just for understanding you can see the script below.

<form name = BillPay Form action=http://bank.com/BillPay.php>
<input name=recipent value=badguy>….
<script>document.BillPayForm.submit();</script>

The following pictures depicts more.

Figure: 2

Source: GaTech OMSCS – CS 6035: Introduction to Information Security

Security Mindset

At first my source of writing is from udacity, intro to information security. for more information we can view from the udacity website.

When you have something of value and there is a risk to it. But in the today world we have more value to the data or information. the threat is a possible danger that exploit our weakness and therefore causes harm

Cyber Assets at Risk

we need to develop a security mindset:

Threat Source:

    > Cyber criminals

    > Hacktivists

    > Nation States

 Vulnerabilities and Attacks:

    > Compromises

    >  Security Breach

    > Vulnerabilities are in software, networks, humans

lets take a real world examples: Target Store Breach

     > what is of value –  credit card data

     > what is threat source – criminals

     > what was vulnerability – phishing was used to obtain credentials of the network

The following figures with the relationship of threats, vulnerabilities, attack and Risk will demonstrate more.

selection_001

fig: Relationship of Threats, Vulnerabilities, Attacks, and Risk

What should we do in Cyber Security

Make threats go away – Not really practical

Reduce vulnerabilities – Will never go away

But,  we can follow the CIA principles.

     > Confidentiality:  It is roughly equivalent to privacy. The ability to hide information from those people   unauthorized to view it.

    > Integrity: It involves maintaining the consistency, accuracy and trustworthy of data. the data must not be changed in transit and should take some measures to ensure that the data cannot be altered by authorized people

    > Availability:  it is important to ensure that the information is accessible to authorized people all the times. we can view short video about CIA

https://www.youtube.com/watch?v=SP8cr0fg5Sg

What should the good guys do?

Prevention – Keep bad guys out. We will never have 100 % prevention

Detection – Detect the bad guys are in the system

Response – Respond to the intrusion

Recovery and remediation – Restore corrupted data and stop similar future attacks

Policy vs Mechanism – What vs how will attacks be handled

How do We Address Cyber Security

To reduce the vulnerabilities, follow the basic design principle for securing systems.

Economy of mechanism – Keep systems simple and small.

Fail-safe defaults – Means default access is denial

Complete mediation – No one should be able to bypass security

Open Design – Is good because not counting on secrecy

Least privilege – Only give users the minimum level of access that they need

Psychological acceptability – Don’t expect people to do what is inconvenient.

Security Mechanism used in handling users

In the web application, the common problem is that all the users inputs are untrusted. Some security measures need to be taken by application to defend themselves from attack. So to handle user access to the application ‘s data and functionality to prevent users from gaining unauthorized access, handling the user input to the application from causing malformed input undesirable behavior, handling attacker and taking suitable defensive measures, managing the application itself by enabling administrators to monitors activities and configure functionality

In any application the central security requirement is controlling the user’ access to its data and functionality. There are different kinds of users some are authenticated users, some are anonymous, some are administrative. The application should be handled so that users can reads the emails own not of others. The following security mechanisms can be used to handle the application.

> Authentication

> Session management

> Access control

Authentication

authentication

The authentication mechanisms is basic way to handle the user access. Authenticating is the process of knowing who he/she claims to be. Authentication used in application by basically with the user name and password. In the security critical application like for bank, there can be additional credential or multistage login processes. for the higher security requirement other authentication model may be used based on client certificates, smart cards or challenge response tokens. The authentication process should be carefully handled because any flaws in design and implementation. Flaws can be taken advantages by the attacker to use to guess user name and bypass password and unauthorized access to sensitive data and functionality.

Session Management

session

The another task for handling the users are session management. First I want to explain session. After successfully login into application user access different pages and makes series of HTTP request from its browser. At the same time different user some are authenticated and some anonymous try to login the application. So to identify the different users. The application meet the way to create the session for each user and issuing the user a token that identifies the session. Session itself is data Structure held on the server that track the state of the user interaction with application. When the user receive the token, submit it back to the server in subsequent HTTP request enabling the application to associate with that users. When the users does not make request for certain time then the session is expired.

In the term of attack, attacker can use other tokens to authentication and use application. similarly another areas of attack is knowing the how the tokens are generated. Attackers can guess tokens to access different others user tokens.

Access Control

access

Access control also called authorization is the process to access the particular resources to be granted or denied. Authorization and authentication are different things. From the authentication it can be known the which kinds of the users are and according to the types of users the resources are granted or denied that is authorization or access control. So access control is important part of application. Omitting the access control check part causes attacker to gain unauthorized access to data and functionality.