Network Security Threats:
Threats can occur in a network in any way possible. From known vulnerabilities to basic human errors. Here are a list of most common Network Security Threats:
- Compromise with Intellectual Property
- Deliberate Software Attacks
- Espionage or trace pass
- Natural cause or disaster
- Human Errors
- Missing, Inadequate or Incomplete Security Controls
- Open ports or Missing Security Headers
- Technical Hardware/ Software Failure
Access control means that there is selective access to specific data depending on the role the user holds.
- Physical Security: A proper monitoring mechanism should be implemented inside the organization, to track the working of employees and check for any threat related activities. Few common means of physical security include: CCTV cameras, Security Personnel, etc.
- Authentication and Authorization: Authentication means checking the authenticity or originality of a user logging in a system. Authorization means giving access to a user based on its authentication details. Authentication includes: Credential checks, Certificate Based Authentication, Biometric Authentication. Authorization includes: Deciding User Rights and privileges, Role or Rules based on Authentication details, ACL[Access Control List].
- Data Security: Data Security means protection of data by maintaining confidentiality, Integrity, Availability and Non- Repudiation of data. A users data privacy should be of utmost concern for an organization and no vulnerabilities should be left unchecked, as it might cause major identity thefts.
- Device Security: Not just the network, but the devices used inside an organization should be maintained properly and proper security measures should be maintained for every device to reduce theft attacks. Some common measures are: Switch/Router Security, Network Hardening, Physical Hardening.
Network Security Architecture:
VPN or Virtual Private Network has earned immense popularity in the world of network security. They provide an extra layer of security during network communications.
A VPN works by routing your device’s internet connection through your chosen VPN’s private server rather than your internet service provider (ISP) so that when your data is transmitted to the internet, it comes from the VPN rather than your computer. The VPN acts as an intermediary of sorts as you connect to the internet, thereby hiding your IP address — the string of numbers your ISP assigns your device — and protecting your identity. Furthermore, if your data is somehow intercepted, it will be unreadable until it reaches its final destination. A VPN creates a private “tunnel” from your device to the internet and hides your vital data through something that is known as encryption.
Types of VPN Technologies:
- Point to Point Tunneling Protocols: PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate PPP packets. Many modern VPNs use various forms of UDP for this same functionality.
- IPSec: In computing, Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.
- Layer 2 Tunneling Protocol: Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks or as part of the delivery of services by ISPs. It uses encryption only for its own control messages, and does not provide any encryption or confidentiality of content by itself.
- Secure Shell Protocol(SSH): The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. It is the most secure and the most used protocol in the latest VPN market.
Security Mechanism: VPNs are planted in a network for their implementation of Confidentiality, Integrity and Authenticity. They provide an extra layer of security to the network.
Wireless Network Security:
Wireless Network Threats:
- Traffic Analysis: It is the kind of attack where the attacker listens on a communication in a network and analyses the route to locate the key nodes in the network.
- Passive and Active Eavesdropping: In this kind of attacks the attacker monitors the network and looks for vulnerabilities that are interfered by the attacker in case of an active attack.
- Unauthorized Access: Access to the organization’s network without permission.
- MITM: The Man In the Middle Attack, where the attacker compromises the network’s access point and forms a parallel access point that is been monitored by the attacker.
- DOS: The denial of service attack, where the attacker floods the network with unwanted traffic, causing crash in the network.
- Session Hijacking: It is a kind of attack where the attacker takes over a particular session in a network.
There are innumerous number of threats, these are the most common ones.
Wireless Security Protocols:
- WEP/WEP2: The Wireless Equivalent Protocol is a security protocol that works using the RC4 cryptography. The key length is generally 40 or 104 bits, with a key life of 24 bits IV. The key is generated using concatenation technique and it is a open or shared key.
- WPA/WPA2: The Wi-Fi Protected Access is a security protocol using AES cryptography. The key length is 128 bit, with a key life of 48 bit IV. The key is produced through two phase mixing in case of WPA and it is not needed in case of WPA2. The key management is done through EAS and is authenticated by 802.11x or PSK.
Firewall is a security system that monitors the incoming and outgoing traffic based on the predetermined security rules. It is like a semipermeable wall between a client and the server or internet. It filters out all the untrusted network from accessing the client’s data.
Based on how firewalls can be implemented there are two types:
- Rule Based Firewalls: Rules based firewall systems use rules to control communication between hosts inside and outside the firewall. These rules are a single line of text information containing network addresses and virtual port numbers of services that are permitted or denied. Example on how to implement this is: iptables -A INPUT -s 192.168.abc.xyz -j DROP.
- Policy Based Firewalls: Policy-based systems are more flexible than rules based systems. They allow the administrator to define conditions under which general types of communication are permitted, as well as specifying what functions and services will be performed to provide that communication. Example to implement this type of firewall is: iptables -P FORWARD DROP.
I have used the iptables tool in Kali Linux to implement the firewalls, there are many more such tools that can perform these tasks.
Intrusion Detection System(IDS):
Intrusion is the attempt to enter into a network without authentication. Intrusion Detection Systems alarm the system of possible intrusions. Its basic functions are:
- Identity suspicious activities
- Log Security events
- Attempt to block intrusion or limit damage
- Report intrusion attempts
Types of IDS:
Based on installation location:
- Network Intrusion Detection
- Host Intrusion Detection
Based on Detection:
- Signature Based Detection
- Anomaly Based Detection
Along with IDS there also exists IPS(Intrusion Prevention Systems) that prevents intrusion.
A very commonly used IDS is Security Onion. It is an open source Linux distribution, for intrusion detection, Enterprise security monitoring and Log Management.
It consists of:
NIDS: snort, suricata, squil, squert, bro.
Log Management: Elasticsearch, Logstash, Kibana.