Unit 32 - Networked Systems Security
Task A - Are We Safe? (P1,P2)
P1: Attacking a Network
When it comes to networks and their security, people may think that they are safe with only a few harmless people in the household/work environment that use the network, however this is not always the case. Depending on what security procedures have been taken to secure the network, it can be vulnerable to malicious attacks targeted at it by harmful people – these attacks are usually done with software whose intentions are for malicious attacks on networks, or through the misuse and exploitation of software/programs which are usually used for other things.
Some examples of attacks could be the likes of Denial of Service (DoS), Backdoor attacks, Spoofing, Brute Force, and Software Exploitation as mentioned above. The source of the attacks however can be found through the likes of internal attacks within the network, external attacks from outside of the network, and via unsecured wireless access points of the network.
• DoS Attack
A Denial of Service attack is essentially a cyber attack in which the attacker intends to make a machine or network resource temporarily unavailable for the end user by disrupting the services of the host when connected to the internet. The attack itself is usually accomplished by flooding the targeted machine with superfluous requests and useless traffic, in an attempt to overload the system's network and prevent some or all legitimate requests being sent through themselves. Another form of DoS attack would be a Distributed Denial of Service (DDoS), where the incoming traffic of the attack comes from many sources, rather than the single source it originates from in a DoS attack – having many sources for the attack makes it very hard to block the IP address(es) of the attack itself, and simply makes it near enough impossible to avoid and stop the DDoS attacks. Known examples of DoS attacks could be the likes of the Ping of Death and Teardrop attacks; the Ping of Death is where the attacker sends an IP packet larger than the allowed 65,536 bytes by the IP protocol, and the Teardrop is where fragmented packets are sent over to the targeted machine where they overlap and cannot reassemble causing the crashing of the network device.
• Backdoor Attacks
Backdoor attacks are what can be seen as an attack by means of gaining access to one's computer system by bypassing security mechanisms, usually going undetected and opening ports for the attacker. Attackers often use exploits in software and programs to accomplish backdoor attacks, and in some cases a worm virus is created to take advantage of the exploits themselves. All in all, Backdoor viruses can compromise files and gather confidential information on the infected system, as well as allowing the attackers to run malicious and harmful software from the system's internet connection and launch other attacks from – the infected system can be used to launch attacks on other victims. A Backdoor virus can be seen to be similar to the likes of a Trojan virus, in the sense that it opens up and exposes the infected computer to the threat of unwanted remote access.
• Spoofing
The act of Spoofing refers to when the attacker impersonates another device or user on a network in order to launch any attack that would usually require a reply from the victim device network such as a sending a ping command or packets. However, the attacker spoofs their identity to portray themselves as another device or user, and therefore any reply from the attack will not go back to the attacker themselves, but to the spoofed identity. This form of attack is usually carried out on a larger scale, so that the attacker can make use of a collection of infected computers without having to do much work himself when attacking a network. Some of the most common forms of Spoofing are the likes of IP Address Spoofing, ARP Spoofing and DNS Spoofing. With the example of IP Address Spoofing, this form of attack fits hand-in-hand with DoS attacks, as it would result in the victim being targeted by what seems to be many 'legitimate' sources, rather than the one source, being the hacker himself.
• Brute Force/Dictionary Attack
Brute Force attacks are essentially the act of guessing one's password protecting some form of important information, whether that be a network password or a password for an account etc. - with regards to attacking a network it will most likely be guessing the password protecting the network access point. The process involves using a computer program in order to begin by guessing every possible password there is, starting with a one digit password, then trying all possible two digit passwords, then three digit etc. The computer program manages to do this automatically at very high speeds depending on the hardware within the computer. An attack similar to Brute Force would be the Dictionary Attack, which is essentially the same as the Brute Force but tries to guess words in the dictionary – or a list of common passwords – rather than going through all possibilities by guessing every character of the password. These two forms of attacks can be very effective as a lot of people use weak and common passwords, so gaining access to a network could be very easy.
• Social Engineering
Social Engineering is essentially the act of attacking password protected things such as a network through the use of finding out certain information from other people. This information could be personal, and by finding it out the user has intentions to try and use it against the victim. For example, the user may ring up the victim claiming to be from a banking company who requires the need of the victim's personal bank details. Another example that could be used to attack a network could be the user calling the victim saying they are from Microsoft saying the victim has a virus on the computer and that they will need to remote access the system to remove it. The user would then get the victim to download a remote access program, to which the hacker would then have full access and control over the victim's machine – unless the machine is disconnected from the internet of course.
P2: How Networked Systems Can Be Protected
Although there are many ways in which a networked system can be attacked from hackers with the likes of viruses and other methods, that doesn't stop the end user from trying to prevent these attacks in the first place – with the correct know how, this can be done.
The first set of methods I am going to talk about is for email security, when it comes to working in an organisation the use of emails tend to be very popular and used on a daily basis. Email servers could become victim of attacks and spam mail, with spam emails making up a large percentage of all network traffic around the world. One way in which these spam emails can try and be stopped is by having a Spam Guard set on the email inbox, which will usually scan through an email as it is delivered, searching for key aspects of spam emails and looking back at databases to see if the email contains spam or not. However sometimes spam emails can bypass the spam guard by having some specific data altered in the email itself, and essentially becoming a hoax email rather than a spam email – a hoax email is usually when the sender alters a small section of the email for it to bypass the guard, usually by changing the 'sent from' address bar to something similar to what the government in the receiving country might use. To prevent this the staff in the company will need to have the correct knowledge on how to spot these types of fake emails by maybe having small talks on what to do and how to spot one etc., but to also help prevent these emails from causing any harm could be to have only one email server/one entry point to the server; if there were more email servers then they might all process the incoming emails differently, some letting through more spam and hoax emails than others, than if there was just one main email server checking all of the mail.
It is not just emails that people can target their victims by, but by targeting them directly if they find a way onto the victim's internet network/wireless network. Wireless networks are a big target to hackers, especially those that are available to the public by having no password to protect it. One main reason they are a big target is due to the fact that they can plant viruses and worms onto the network that will infect all of the users that are connected to the network itself. The first and main way to prevent this from happening is to set a password on the wireless network so that only the people who should be allowed to connect can access the network, blocking out any harmful individual who may intend to infect and harm other users of the network. The password is put onto the network in the form of WPA/WPA2 which is a security technology that requires users to enter a password in order to connect to the wireless network device/router - the data is encrypted at a bit rate of 128-bits. Another form of wireless security would be the use of WEP, which is another security protocol that encrypts all data that is transmitted, but the encryption can be breached if there is a hacker who knows what they are doing with the correct equipment and tools. One final way in which the wireless network can be protected is if a network limits its users by their hardware MAC address – a MAC address is a unique code that all hardware has if it is able to connect to a network. This is a very useful feature to have to prevent unauthorised access to the network as each MAC address is unique, however it is possible for a device to spoof it's MAC address (if they know what MAC addresses are allowed on the network, which is hard to find out) however some devices can tell if one's MAC address is being spoofed or not.
When it comes to making the password for the wireless network and for personal access control in general, to keep it secure there should be a few rules to follow in order to create a strong password that will be hard to crack by hackers. The rules to follow can be shortened down and be called the "8 4 Rule" as it is made up of two simple rules to follow, in order to create a password that will be hard to crack:
• Rule 1 – Length: The minimum amount of characters you should aim for in your password should be eight, but the more the better. The more characters you have the longer it will take a hacker to crack.
• Rule 2 – Complexity: To make a complex password it should contain at least one character from the following groups, and the password as a whole should have at least four characters being the following:
1. Lower case letter
2. Upper case letter
3. Number
4. Special character
The name of the "8 4 Rule" comes from the combination of the above two rules:
• 8 = Eight characters minimum length
• 4 = 1 lower case + 1 upper case + 1 number + 1 special character
However, when it comes to making a password to use for security purposes you need to ensure that you do not use simple passwords that can be cracked easily by the hacker, whether that be dictionary words and phrases along with common passwords that may be used by other people – your password should be changed regularly in order to keep the security of the networked system as high as possible. You should try and avoid using a password that means something to you in a personal way, ie. a pet's name, year of your birth etc. that someone can easily guess if they do their research.
Another way in which networked systems can be protected is with he use of an Anti-virus software being installed on the machine you are using. Anti-virus software's offer a few ways in which they can help protect you from potential threats, including the ability to scan the system for malicious files and viruses along with being able to real-time monitor the system itself. Another prevention method that works hand-in-hand with Anti-virus software's would be the use of an IDS, an intrusion detection system. An IDS is essentially a device or software that monitors a network or system for malicious activity. Any detected activity or violation is usually reported to the administrator of the system.
Task B - What's Best? (P3)
P3: Minimising Security Breaches
Security Policies
Within all organisations there will be a form of policy put into place in order to keep the security of any important work and information safe – this policy will most likely be in the form of a written/digital document which states any rules and regulations which are in place, which are more than often regarding computer network access.
The purpose of the security policies are so that the workers have a set of rules to follow in order to protect the company's devices and systems. The policy is likely to change regularly over time, as improved rules will be added in order to ensure the company's security and safety in regards to networked system access – the updates to the policy will ensure that data and information is secure, and only accessible by authorised people.
Backups
All organisations should have a way of making backups of their data and information, and a way of restoring any necessary information and data also. These procedures should be put into place in order to recover any work when necessary, which could include physical disasters which may wipe out the data within an organisation, or perhaps even if the networked systems were breached and an unauthorised person was able to bypass the security and make a breached entry to take any information or data – if anything is taken then a backup will help to restore it.
Backups should be taken on a daily basis, which are usually taken at the end of the day. By taking the backups at the end of the ensures that the organisation has the most recent copy of any file/information/data that they have or may have been working on in that day so that it will not get lost or damaged. Every now and then all of the backups should be checked to ensure that everything is as it should be and that the backups were taken correctly, and can then be compared to a version of the backups that may also be kept externally from the network within the organisation.
Monitoring
Most organisations will have a policy in place involving the system networked devices to be monitored for all of the employees within an organisation – monitoring of the devices refers mainly to the employee's computers to be watched over to ensure that they are working efficiently and not doing anything that they should not be.
In order for monitoring of the devices to be most effective then random checks should be made during the working day at various times. This will ensure that no worker knows when the check will be made, so anyone who is not doing what they should be can be caught out which will prevent anything that may breach any policy from being carried out.
Permissions
Access permissions for the employees is advised to be set in any organisation as it essentially is a list of things which each user is able and unable to do. For example, some people may have access to certain applications and programs that they may need to use for their specific role within the company, whereas another program on the computer may not be available to them but will be for someone else who needs to use it in order to carry out their work.
Access permissions is unique to individual workers, however they are usually assigned in groups, for example Managers will usually have a lot more permissions set for them than normal employees as they will need to access more things in regards to work on the computer systems.
Physical Security
Physical security of networked systems involves trying to physically protect any networked system within an organisation. This is vital within a company as networked systems are not only breached by the likes of hackers over the internet, but can also be breached by the likes of people breaking into the office building which is why it is important to go the extra step to ensure that all of the networked devices and systems are physically kept safe and secure. There are a few ways in which a company can physically secure their networked systems, which are as follows:
• CCTV/Security Staff – The use of security staff alongside CCTV cameras would ensure that the work area is monitored 24/7. Not only would this help prevent any unlawful action being carried out, but it can help find the culprit if any of the systems were to get breached physically by someone.
• Lock & Key – Using a lock and key to secure the systems is a good idea as will be difficult for people to gain access to them. However, if the key(s) were to get lost then the lock will not be able to open anymore – likewise if an authorised person got ahold of the key they were then have access to the systems.
• Logging of Entry – Within some organisations there are security measures in place that record each person who enters and exits certain areas of the business building, mainly through the use of swipe cards. Like with the previously mentioned lock and key method of security the use of swipe cards to enter different zones gives a high sense of security on the premises, but if someone gets a hold of one of the cards then they will have the access rights to enter and exit through the different doors.
• Biometric Authorisation – This method is similar to the logging of entry with the use of swipe cards, however instead of cards you gain access through doors through the use of physical attributes ie. finger, pal, eyes etc. Unlike the previous two methods an imposter cannot easily replicate physical attributes to be scanned of someone else like with getting a simple key or card, however it is fairly expensive to install and maintain these security systems.
Task C - Start Installing! (P4)
P4: Plan Procedures to Secure a Network
When it comes to the security of a network we have to ensure that no one else – who is not permitted to – can access the network itself. The reason for this is that if the network is not secure then anyone may be able to get onto the network easier, to which we do not know whether that person will be harmless or harmful; people on the network could attack it in a malicious way. There are a few ways in which we can try to prevent this, by carrying out the likes of changing the default login credentials to the network router itself, and enabling WPA/WPA2 wireless network security by changing the wireless network password to something unique that people will not be able to guess to gain access to the network. To be able to change any of the above settings we need to access the router configuration by entering the default IP address in a web browser, to which 192.168.0.1 was entered in the URL bar in the web browser. From here I will be presented with the router login page, and once logged into the router I will be able to go and change the network security settings.
ADD ME ON SC
ReplyDeletestfu and do your work
ReplyDeleteanyone got this due in tonight lmao
ReplyDeleteme lol
Deletebro shut up
DeleteThis comment has been removed by the author.
ReplyDelete