Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learning Network Forensics

You're reading from   Learning Network Forensics Identify and safeguard your network against both internal and external threats, hackers, and malware attacks

Arrow left icon
Product type Paperback
Published in Feb 2016
Publisher
ISBN-13 9781782174905
Length 274 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Samir Datt Samir Datt
Author Profile Icon Samir Datt
Samir Datt
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Becoming Network 007s FREE CHAPTER 2. Laying Hands on the Evidence 3. Capturing & Analyzing Data Packets 4. Going Wireless 5. Tracking an Intruder on the Network 6. Connecting the Dots – Event Logs 7. Proxies, Firewalls, and Routers 8. Smuggling Forbidden Protocols – Network Tunneling 9. Investigating Malware – Cyber Weapons of the Internet 10. Closing the Deal – Solving the Case Index

Network security goals

In today's high-speed, always-on-the-go world, no man is an island. The same is the case with corporate networks. Constant communications and contact with the outside world, cloud-based applications, cloud and offsite storage of data, and BYOD lead to an increasingly connected network environment. A global economy that thrives on information, advanced technology that enables seamless transactions, and the constant human need to access information that is online are the factors leading to higher security risks.

Today, one can safely assume that most corporate networks are interconnected with other networks.

These networks run standards-based protocols.

These networks will also have a number of applications, which may have proprietary protocols. As such applications are bespoke, the focus of the developers is more on functionality and less on security. Further, there is no regular system of patching vulnerabilities in these applications.

The multitude of connected devices and diverse applications in corporate networks are quite complex and their volume is constantly increasing.

From a network security perspective, the primary goals are as follows:

  • Confidentiality
  • Integrity
  • Availability
Network security goals

Information security goals

Confidentiality

The data that resides on the networks is the lifeblood of any organization. The confidentiality aspect of network security involves keeping the data private.

This entails restricting physical access to the networked devices and components as well as logical access to the node data and network traffic.

To do this, network administrators set up firewalls and intrusion detection & prevention systems. Access control lists (ACL) prevent unauthorized access to the network resources. Encrypted network traffic prevents any data leakage caused by traffic interception by an attacker. Specific credentials, such as usernames and passwords, are required to access the network resources.

Snowden's revelations are an example of a breach of the confidentiality goal of network security. The recent headlines relating to the data leakage at Sony Pictures is another glaring example.

Integrity

Networks have data in motion. Should an attacker gain access to a network, they would have the ability to silently modify/tamper with the traffic that would cause, at the very least, a misunderstanding between the people communicating and at the other end of the spectrum, it could cause irreparable harm to the people and organizations.

The examples of network security violations that affect the integrity goal include the following:

  • Interception of communications related to electronic payments, modifying them to reflect different bank details, and diverting the payment from the unsuspecting remitter. This is a common problem that is being observed these days, especially between small-scale exporters and their buyers.
  • A government taxation entity had their website compromised. The attacker very carefully only modified the section relating to tax rates. These were substantially reduced. As a result, the government lost substantial revenues as most of the remittances were made as per the rates posted on the website.

A number of organizations deploy a data integrity solution to perform origin authentication and verify that the traffic is originating from the source that should be sending it.

Availability

Data at rest and in transit is actually performing a task for the organization. As long as this data or information is accessible to authorized and authenticated users, the task can be performed. The moment an incident interrupts the access, preventing the users from performing their tasks, the availability goal of network security is breached.

There have been a number of high-profile examples of availability compromise in the past, as shown in the following:

  • On April 26, 2007, Estonia, a small Baltic state experienced a wave of denial-of-service (DoS) attacks. These cyber attacks were launched as a protest against the Estonian government's removal of the Bronze Soldier monument in Tallinn. This was erected in 1947 as a Soviet World War II war monument. The effect was felt on a number of institutions, including banks, government, and universities, taking the network resources offline. This attack lasted for three weeks and shook the whole country. In fact, one of the repercussions of this attack was the formation of the US government's policy on cyber war.
  • A very popular example was demonstrated in the movie Die Hard 4—Live Free or Die Hard—where super cop, John McClane took on an Internet-based terrorist, who worked at systematically attacking and shutting down the United States government, transport, and economy. This movie is widely credited for adding the word Fire Sale to the vocabulary of the common man in a cyber context.

Today, some of the most common attacks compromising the availability goal are flood attacks, logic/software attacks, mail bombing, DoS attacks, accidental DoS attacks, and distributed denial-of-service (DDoS) attacks.

How are networks exploited?

Just as all humans have weaknesses, networks too have weaknesses. These are known as vulnerabilities. Vulnerability, in an information system, is a weakness that an attacker leverages to gain unauthorized access to the system or its data.

The usual modus operandi to take advantage of a network vulnerability is to write a program that does this. These kind of programs are called exploits. Most exploits are malicious in nature. As the name suggests, an exploit is meant to exploit the system's weakness.

Vulnerabilities can be of many types. Some examples are shown as follows:

  • Physical vulnerabilities or natural disasters (such as, the tsunami in Southeast Asia)
  • Network design vulnerabilities
  • Network configuration vulnerabilities
  • Protocol vulnerabilities
  • Application vulnerabilities
  • Targeted vulnerabilities such as malicious software
  • Standard operating procedure/controls vulnerabilities
  • Physical security vulnerabilities
  • Human vulnerabilities

As we are all aware, a chain is only as strong as its weakest link. In the case of network security, the weakest link is usually human. Statistics show that an insider usually launches the most amount of attacks against information assets. Thus, most organizations set up controls to prevent insider abuse.

You have been reading a chapter from
Learning Network Forensics
Published in: Feb 2016
Publisher:
ISBN-13: 9781782174905
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime