Network Security

avatar
Created by
Zoiii

Cards (54)

  • Network Security
    It protects the computer systems and services in the network from unwanted interferences or disturbances such as malicious code
  • Network Security
    Protection of all components associated with a network (data, media, and infrastructure)
  • Example of Network Security
    • Use of User ID and Password to access information and programs within the authority
  • Malicious Code
    Any code intentionally designed to cause harm exploit vulnerabilities in software, systems, or networks
  • Types of Malicious Code
    • Viruses
    • Worms
    • Trojan Horses
    • Ransomware
    • Spyware
    • Adware
    • Rootkits
    • Logic Bombs
    • Botnets
  • Threat Assessment
    • Evaluating potential risks and vulnerabilities to identify, prioritize, and understand potential threats to individuals, organizations, or systems
  • Key Components of Threat Assessment
    • Identification of Threats
    • Vulnerability Analysis
    • Risk Analysis
    • Asset Valuation
    • Threats Intelligence
    • Security Controls
    • Scenario Analysis
    • Human Factors
    • Compliance and Legal Considerations
    • Continuous Monitoring
    • Collaboration and Information Sharing
    • Crisis Management and Response Planning
  • Types of Threats Assessment
    • Threat to hardware
    • Threat to software
    • Threat to information
    • Threat to system or network operation
    • Threat to security measure
  • Security Goals
    • Confidentiality
    • Integrity
    • Availability
  • Confidentiality
    The most common aspect of information security of an organization needs to keep their information confidential and secure
  • Integrity
    Information changes constantly - it means any changes must be done only by authorized entities and mechanism
  • Availability
    Information created and stored must be available to authorized entities
  • Attacks in Relation to Security Goals
    • Snooping - Eavesdropping (Confidentiality)
    • Traffic Analysis (Confidentiality)
    • Modification (Integrity)
    • Masquerading (Integrity)
    • Denial of Service (Availability)
  • Snooping - Eavesdropping
    Refers to unauthorized access to or interception of data
  • How to prevent snooping - eavesdropping?
  • Traffic Analysis
    Monitoring online traffic - guess the nature of the transaction by collecting requests and response pairings
  • Modification
    The attacker intercepts the message and changes it
  • Masquerading
    The attacker pretends to be an authorized user to gain access to the system
  • Denial of Service
    The attacker overwhelms the system with requests to make it unavailable to legitimate users
  • Snooping
    Eavesdropping - Unauthorized access to or interception of data
  • Snooping
    • File transferred through internet containing confidential information - intercept during transmission
  • Traffic Analysis
    Collecting the electronic address (email address) of the sender and receiver
  • Modification
    • A customer sends a message to a bank to initiate some transaction. The attacker intercepts the message and changes the type of transaction to benefit themselves or delete or delay the message to harm the system to get benefit from it
  • Masquerading or Spoofing
    The attacker impersonates somebody else
  • Masquerading or Spoofing
    • An attacker might steal the bank card and PIN number of a customer and pretend to be that customer
  • Replaying
    The attacker obtains a copy of a message sent by a user and later tries to replay it
  • Replaying
    • A customer sends a request to a bank to ask for payment to be sent, an attacker who has performed a service. The attacker intercepts the message and sends it again to receive another payment from the bank
  • Repudiation
    The sender of the message might later deny that he/she has sent the message; the receiver of the message might later deny that he/she has received the message
  • Repudiation
    • A customer sends a request to a bank to ask for payment to be sent, an attacker who has performed a service. The attacker intercepts the message and sends it again to receive another payment from the bank
  • Denial of Service
    It is a very common attack that may slow down or totally interrupt the service of a system
  • Denial of Service
    • It generally consists of the efforts of one or more people to temporarily of indefinitely interrupt or suspend services of a host connected to the internet
  • Malware
    Malicious Software or Malevolent Software - Used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems
  • Malware
    • Computer viruses, worms, Trojan horses, Spyware, Adware
  • Denial of Service Attack (DoS Attack)

    Attempt to make network or system resource unavailable to its intended users
  • Denial of Service Attack (DoS Attack)

    • A lot of pings or communication requests to the target machine, making it unable to respond properly to legitimate traffic
  • Denial of Service Attack (DoS Attack)

    • The attacker intercepts and deletes the server's response to the client making it seem that the server is not responding
  • DNS Spoofing
    Also known as DNS Cache Poisoning - It is a computer hacking attack whereby data is introduces into Domain Name System (DNS) name server cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the hacker's)
  • Patches
    A software designed to fix problems, or update a program or its supporting data
  • Updates
    Older software that fixes security issues and enables compatibility with newer versions
  • Anti Malware
    Used to prevent, detect, and remove malwares for individual computing devices including virus and anti spyware