1
Fundamentals of Network Security

This chapter studies the following subjects:

• – the chief objectives of securing a network;
• – information security terminology:
  • - general terminology,
  • - types of hackers,
  • - malicious codes;
• – the types of network security:
  • - physical security,
  • - logical security,
  • - administrative security;
• – the chief risks related to the logical security of a network:
  • - the different kinds of network attacks,
  • - measures for network security,
  • - vulnerability audit measures

1.1. Introduction

Network security is the branch of computer science that consists of protecting all components of a computer network in order to prevent unauthorized access, data stealing, misuse of a network connection, modification of data, etc. The aim of network security is to provide proactive defense methods and mechanisms to protect a network against internal and external threats.

1.1.1. The main objectives of securing a network

The three main objectives in securing a network are to ensure:

• – confidentiality: this consists of protecting data stored on or traveling over a computer network from unauthorized persons;
• – integrity: this maintains or ensures the reliability of data. The data received by a recipient must be identical to the data transmitted by the sender;
• – availability: this ensures that network data or services are constantly accessible to users.

1.1.2. Information security terminology

1.1.2.1. General terminology

• – A resource: any object that has value for an organization and must be protected.
• – A vulnerability: a weakness in a system, which may be exploited by a threat.
• – A threat: a potential danger to a resource or to the functioning of a network.
• – An attack: this is an action carried out to harm a resource.
• – A risk: the possibility of an organization’s resource being lost, modified, destroyed or suffering other negative consequences. The risk may arise from a single threat or several threats or the exploitation of a vulnerability:

  A risk = a resource + a threat + a vulnerability

• – A countermeasure: protection that mitigates a potential threat or a risk.

1.1.2.2. Types of hackers

There are different kinds of hackers in the field of information technology:

• – “hackers”: this group is defined as people who are “network maniacs” and only wish to understand the working of computer systems, while also testing their own knowledge and tools;
• – “white hat hackers”: these are individuals who carry out safety audits in order to test that an organization’s computer networks are well-protected;
• – “black hat hackers”: these are experienced individuals who work towards illegal ends by carrying out data theft, hacking accounts, infiltrating systems etc.;
• – “gray hat hackers”: individuals who are a mix of a “white hat” and “black hat” hackers;
• – “blue hat hackers”: these are individuals who test bugs in order to ensure that applications work smoothly;
• – “script-kiddies”: these are individuals with very basic IT security management skills and who try to infiltrate systems using scripts and programs developed by others;
• – “hacktivists”: these are individuals who are chiefly driven by ideological motives;
• – “phreakers”: these are individuals who are specialized in attacking telephonic systems. In general, they work towards placing free calls;
• – “carders”: these are individuals who specialize in attacking smart card systems.

1.1.2.3. Malicious codes

The most common types of malicious codes or malware that may be used by hackers are:

• – virus: this is a program that attaches itself to a software to carry out a specific, undesirable function on a computer. Most viruses need to be activated by the user. However, they can also be set to “idle mode” for prolonged periods as they can also be programmed to avoid detection;
• – worms: these are independent programs that exploit known vulnerabilities with the aim of slowing down a network. They do not need to be activated by the user, and they can duplicate themselves and attempt to infect other hosts in the network;
• – spyware: these are spy software that are generally used in order to influence the user, to buy certain products or services. Spyware is not usually automatically self-propagating but install themselves without permission. They are programmed to:
  • - collect the user’s personal information,
  • - track browsing activity on the internet in order to detect the user’s preferences,
  • - redirect HTTP requests towards pre-set advertising sites;
• – adware: this refers to any software that displays advertisements without the user’s permission, often in the form of pop-up windows;
• – scaryware: this refers to a category of software that is used to convince users that their system has been infected by viruses and suggests solutions, with the goal being to sell software;
• – Trojan horse: this is a program characterized by two features:
  • - behavior that is apparently useful to the user,
  • - hidden malicious behavior, which usually leads to access to the machine on which this software is executed;
• – ransomware: ransomware is a program that is designed to block access to a computer system, by encrypting the contents until a certain amount of money is paid in order to restore the system.

1.2. Types of network security

We identify three categories of network security.

1.2.1. Physical security

Physical security involves all aspects of the environment in which the resources are installed. This may include:

• – the physical security of server rooms, network devices etc.;
• – the prevention of accidents and fires;
• – uninterrupted power supply;
• – video surveillance etc.

1.2.2. Logical security

Logical security refers to the implementation of an access control system (using a software) in order to secure resources. This may include:

• – applying a reliable security strategy for passwords;
• – setting up an access model that is based on authentication, authorization and traceability;
• – ensuring the correct configuration of network firewalls;
• – putting in place IPS (intrusion prevention systems);
• – using VPNs (Virtual Private Network) etc.

1.2.3. Administrative security

Administrative security allows the internal monitoring of an organization using a manual of procedures.

This may include:

• – preventing errors and frauds;
• – defining the responsibilities of different actors or operators;
• – protecting the integrity of the company’s property and resources;
• – ensuring that all operations concerning handling of material are recorded;
• – rationally managing the company’s property;
• – ensuring effective and efficient management of activities.

NOTE.– You can now attempt Exercise 1.

1.3. The main risks related to the logical security of the network

1.3.1. Different kinds of network attacks

1.3.1.1. Reconnaissance attacks

The aim of reconnaissance attack or “passive attack” is to collect information on the target network in order to detect all the vulnerabilities. In general, this attack uses the following basic methods:

• – “ping sweep”: the attacker sends ping packets to a range of IP addresses to identify the computers that are part of a network.
• – port scanning: the attacker carries out a port analysis (TCP and UDP) in order to discover what services are being run on a target computer;
• – packet sniffing: “packet sniffing” makes it possible to capture data (generally Ethernet frames) that are traveling over a network, with the aim of identifying MAC addresses, IP addresses or the number of ports used in a target network. This attack can even make it possible to discover user names or passwords. The most commonly used packet capture software is wireshark and tcpdump.

1.3.1.2. Password attacks

The goal of these attacks is to discover usernames and passwords in order to access various resources. There are two commonly used methods in this type of attack:

• – dictionary attack: this method uses a list of words or phrases that are...