DEBRE BERHAN UNIVERSITY

College of Computing
Department of computer Science

Network Security
Chapter 4
Computer Security

Binyam Tekalign
[email protected]
Outline
• Network security basics

• Threats on network

• Trust, Weaknesses, Risk and Vulnerabilities

• TCP/IP Suit Weaknesses and Buffer Overflows

• Network security protocols

• Wireless security
 Network security basics
Definition of Network Security
• Network security involves implementing measures and protocols to protect the

integrity, confidentiality, and availability of computer networks and data.

• It encompasses both hardware and software technologies

• Aimed at securing the network and data against

• Unauthorized access, cyber attacks, and data breaches.

• Threats can come from a variety of sources, including

• Corporate spies, hackers, terrorist groups, hostile government agencies, and criminal

organizations.
• Common threats include malware, phishing, man-in-the-middle attacks, denial of service

attacks, and data breaches.

 Network security basics
Layers of Protection
• Physical Security:
• Protects the physical components of the network,

• Examples: Routers, Switches, servers, and network cables, etc.

• Technical Security Controls:

• Includes firewalls, antivirus software, intrusion detection systems (IDS), and encryption
protocols.

• Administrative Controls:
• Involves security policies, user training, and incident response planning.
 Threats on Network
Overview of Network Threats
• Network threats can compromise the security of organizations and
individuals.

• These threats can

• Disrupt the operation of the network,

• Lead to the theft of sensitive data, or

• Even damage the physical infrastructure.

• Lead to financial losses,

• Loss of consumer trust, and

• Legal consequences,
 Threats on Network
Types of Threats
• Malware: Malicious software designed to harm, exploit, or unauthorized access to a
computer system.
• Types include viruses, worms, Trojan horses, and ransomware.

• Phishing Attacks: Deceptive attempts to obtain sensitive information such as

• Usernames, passwords, and credit card details by masquerading as a trustworthy entity in electronic
communications.

• Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks:

• Overwhelm a system’s resources, making the system inaccessible to legitimate users.

• DDoS attacks come from multiple compromised devices, often distributed globally.
 Threats on Network
Types of Threats
• Man-in-the-Middle (MitM) Attacks: An attacker intercepts communications between
two parties to steal data or alter the communication.

• SQL Injection: An attack that involves inserting malicious SQL code into databases via
web page input to manipulate or steal data.

• Insider Threats: Threats from people within the organization who may have malicious
intentions or who inadvertently cause harm due to negligence.
 Understanding Trust in Network Security
Understanding Trust in Network Security
• Trust is the expectation that a device or user operates as intended and does
not perform malicious actions

• Methods for establishing trust include

• Authentication protocols,

• Secure certificates

• Importance of maintaining a chain of trust from the hardware level up

through software layers.
 Identifying Weaknesses in Networks
• Poorly designed network architectures can create vulnerabilities such as
• Single points of failure and lack of data segmentation

• Vulnerabilities arising from incorrect implementation of protocols or security

measures

• Examples include inadequate encryption, weak passwords, and unpatched

software.
 Risk Assessment in Network Security
• Risk Assessment Process:

• Identifying assets and their value.

• Determining vulnerabilities and the threats that exploit them.

• Calculating the likelihood and potential impact of threats.

• Tools for risk management:

• Nessus is one of the most complete vulnerability scanners on the market.

• It can scan for vulnerabilities, misconfigurations, and potential risks in your network, and it
provides detailed reports and recommendations for mitigation.

• Acunetix specializes in scanning web applications to detect vulnerabilities, such as:

• SQL injection flaws, and Cross-site scripting (XSS).
 Network Vulnerabilities
• Common Vulnerabilities:
• Software bugs, configuration errors, and outdated systems.

• Specific vulnerabilities in network protocols and services, such as

• DNS spoofing and ARP poisoning.

• Solutions:
• Regular updates and patch management.

• Intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor
and respond to suspicious activities.
 TCP/IP Suite
• The TCP/IP suite, also known as the internet protocol suite,

• Is the conceptual model and set of communications protocols used on the

Internet and similar computer networks.

• Comprises four abstraction layers:

• Link Layer, Internet Layer, Transport Layer, and Application Layer.

• Core protocols include

• IP (Internet Protocol), TCP (Transmission Control Protocol), UDP (User Datagram
Protocol), and ICMP (Internet Control Message Protocol).
 Common Weaknesses in TCP/IP Suite
IP Weaknesses
• IP spoofing is a technique where an attacker falsifies the source IP address in
the IP packet header to impersonate as a trusted host.

• Used to trick the receiving system into thinking that the packet is coming
from a trusted source

• Can be used for

• DOS attack,

• Session Hijacking,
 Common Weaknesses in TCP/IP Suite
TCP Weaknesses
• Session hijacking:
• An attacker might predict the sequence numbers used during a TCP session

• The attacker send a forged packet with the correct sequence number to the server.

• Control the session and commute authorized transaction.

• SYN Flood Attack: a type of DDOS attack

• The attacker sends a flood of TCP/SYN packets, with a spoofed source IP address, to the target
server on specific or random ports
• Each SYN packet received by the server is replied with a SYN-ACK packet from the server.

• The server then waits for a confirming ACK response, which never arrives

• The server’s resources are consumed as it waits for ACK responses to the half-open connections,
eventually leading it to become unresponsive to legitimate traffic.
 Common Weaknesses in TCP/IP Suite
UDP Weaknesses
• Stateless because it does not establish a connection before sending data

• Does not require any acknowledgment that the data has been received.

• IP Spoofing: Since UDP does not validate the source IP address or establish a connection
that confirms the identity of the sender, attackers can easily forge the source IP address in
UDP packets.
• This allows to send UDP packets appearing to originate from a different IP address

• Reflection Attacks: An attacker sends a large number of UDP requests to a server(s) (the
reflectors) with the source IP address spoofed to the victim's IP address.
• These servers then respond to the victim's address.
 Common Weaknesses in TCP/IP Suite
ICMP Weaknesses
• ICMP Flooding
• The attacker sends a large number of ICMP Echo (Ping) Request packets rapidly to
the target's IP address.
• The target, responding to each request with an Echo Reply, becomes overwhelmed,
leading to slowed or completely halted services.
• This type of attack can consume both incoming and outgoing channels, since both
request and reply packets are involved.
 Common Weaknesses in TCP/IP Suite
ICMP Weaknesses
• ICMP Redirection Attacks
• Attacker sends an ICMP redirect message to a target host.

• The message suggests that there’s a more optimal routing path through a router
controlled by the attacker.
• If the host accepts this redirect, future traffic intended for a specific IP address will be
routed through the attacker’s machine.
• This allows the attacker to intercept, manipulate, or block the victim’s traffic.
 Buffer Overflows in TCP/IP
• Occur when more data is put into a buffer or data holding area than it can
handle, leading to overflows that overwrite adjacent memory.

• Impact on TCP/IP:
• Buffer overflows can be exploited to execute arbitrary code, potentially allowing
attackers to gain control over a system.

• Examples:
• Historical vulnerabilities in TCP/IP stack implementations, such as in the handling of
large or malformed packets that lead to buffer overflows.
 Prevention of Buffer Overflows
• Prevention Techniques:
• Implementing robust input validation to prevent buffer overflows.

• Using secure coding practices and tools that can detect potential buffer overflow
vulnerabilities during development.

• Mitigation Strategies:
• Regularly updating systems and applying patches to fix vulnerabilities in the TCP/IP
stack.
• Employing network intrusion detection systems (NIDS) to detect and respond to signs
of TCP/IP exploits.
 Network Security Protocols
• Network security protocols are designed to protect data during transfer
across networks by ensuring confidentiality, integrity, and availability.

• Key Functions:
• Authentication,

• Encryption,

• Data integrity, and

• non-repudiation are fundamental to these protocols.

 Network Security Protocols
Key Network Security Protocols
• SSL/TLS (Secure Sockets Layer/Transport Layer Security):

• Protocols for encrypting information between web servers and clients.

• TLS is the successor to SSL.

• IPsec (Internet Protocol Security):

• A group of protocols for securing Internet Protocol (IP) communications by

authenticating and encrypting each IP packet of a communication session.

• SSH (Secure Shell):

• A protocol for operating network services securely over an unsecured network.

• Commonly used for remote login sessions between machines.

 Network Security Protocols
Application Layer Security
• The application layer is the closest layer to the end user, and thus it is crucial
in securing the data and services that interact directly with users.
• Common Threats:

• Cross-site scripting (XSS),

• SQL injection, and

• Cross-site request forgery (CSRF), among others.

 Network Security Protocols
Application Layer Protocols
• HTTP Security (HTTPS):

• Uses SSL/TLS to encrypt web data.

• Secure Email Transfer (SMTPS, POPS, IMAPS):

• Secure way of transferring email.

• Web Application Firewalls (WAF):

• are a specific type of application firewall that filters, monitors, and blocks HTTP traffic
to and from a web service.
• By inspecting the HTTP traffic, a WAF can prevent attacks stemming from web
application security flaws, such as
• SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
 Network Security Protocols
Transport Layer Security
• Focuses on providing communication security over a computer network.

• Ensures that data transferred between users and applications remains private
and reliable.

• Key Protocols:
• TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer).

• DTLS (Datagram Transport Layer Security) for datagram-based applications.

• They encrypt, authenticate, and check integrity and secure data as it travels
across the network.
 Network Security Protocols
Network Layer Security
• Protects data flow between multiple networks and handles the routing of data packets.

• Uses IPsec for securing Internet Protocol communications by authenticating and

encrypting each IP packet.

• Virtual Private Networks (VPNs) that create secure connections over public networks.
• Forms a private network over the internet.

• Allows for secure communication between remote users and corporate networks.

• Firewall: Can filter traffic based on IP protocols, source and destination IP addresses,
and the ports used in the communication.
• They can deny or allow traffic based on established rules.
 Network Security Protocols
Link Layer Security
• Secures data transmission over the physical and data link layer of the
network.

• Key Challenges:
• Address Resolution Protocol (ARP) spoofing and other link-layer vulnerabilities.

• Security Measures:
• MACsec (IEEE 802.1AE) for securing LAN traffic at link layer by using Encryption
and authentication.
• Use of secure switch configurations and port security features to prevent unauthorized
access.
 Network Security Protocols
Physical Security
• Importance:
• Ensures the physical protection of network resources including hardware, software,
facilities, and personnel.

• Components:
• Physical access controls, surveillance, and environmental controls to prevent damage
from environmental hazards.

• Best Practices:
• Secure server rooms, restricted access to network components, and robust monitoring
and alarm systems.
 Wireless Security
• Wireless security involves protecting wireless networks from unauthorized
access or damage.

• Challenges:
• Wireless networks are inherently more vulnerable due to their broadcast nature,
making signals accessible to anyone within the receiving range.
 Wireless Security
Common Wireless Threats
• Eavesdropping:
• Unauthorized interception of private communication.

• Rogue Access Points:

• Unauthorized access points installed to mislead users or intercept data.

• Evil Twin Attacks:

• A rogue Wi-Fi access point that appears legitimate but is set up to eavesdrop on
wireless communications.
 Wireless Security
Encryption Protocols in Wireless Security
• WEP (Wired Equivalent Privacy):

• Early encryption protocol known for weak security and has been largely deprecated.

• WPA (Wi-Fi Protected Access):

• Improved security over WEP but still vulnerable to some attacks.

• WPA2 and WPA3:

• WPA2 introduced in 2004 provides stronger data protection and network access
control.
• WPA3, launched in 2018, offers even more robust security features, including
individualized data encryption.
 Wireless Security
Best Practices for Securing Wireless Networks
• Use Strong Encryption (Preferably WPA3):

• Always use the strongest available encryption standard to protect wireless traffic.

• Secure Wi-Fi Access Points:

• Change default usernames and passwords, disable WPS, and use firewalls and VPNs.

• Regular Network Monitoring:

• Implement tools to monitor for unauthorized devices or unusual traffic patterns.

• Educate Users:

• Training on security risks and safe practices, like avoiding the use of public Wi-Fi for
sensitive transactions.
 Network Monitoring Tools
• Network monitoring tools are essential for continuously observing a
computer network for slow or failing components,

• Notify the network administrator in case of outages or other trouble.

• Examples
• Wireshark: A network protocol analyzer that lets you capture and interactively
browse the traffic running on a computer network.
• Nagios: Provides monitoring capabilities to identify and resolve IT infrastructure
problems before they affect critical business processes.
 Emerging Technologies in Wireless Security
• IoT Security:
• Addressing the unique challenges posed by the Internet of Things and ensuring secure
connections among billions of devices.

• Advanced Authentication Methods:

• Using biometrics and multi-factor authentication to enhance security beyond
traditional passwords.
 Chapter 5
Security Mechanisms