1
Network & Cyber Security
Outline
oIntroduction to Network Security
oNeeds for Network Security
oTypes of Security
oIntroduction of CIA
oConfidentiality
oIntegrity
oAvailability
oAAA (Authentication, Authorization, Accounting)
oDHCP
oDNS
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
cyber security basics, Study notes of Cybercrime, Cybersecurity and Data Privacy
this the basic introduction of network and cyber security
Typology: Study notes
2021/2022
1 / 14
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download cyber security basics and more Study notes Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
Network & Cyber Security
Outline
o Introduction to Network Security o Needs for Network Security o Types of Security o Introduction of CIA o Confidentiality o Integrity o Availability o AAA (Authentication, Authorization, Accounting) o DHCP o DNS
Introduction to Network Security
๏ท Network Security deals with all aspects related to the protection of the sensitive information assets existing on the network. ๏ท It covers various mechanisms developed to provide fundamental security services for data communication. ๏ท This lecture introduces you to several types of network vulnerabilities and attacks followed by the description of security measures employed against them. ๏ท It describes the functioning of most common security protocols employed at different networking layers right from application to data link layer. After going through this lecture, you will find yourself at an intermediate level of knowledge regarding network security.
Needs for Network Security
๏ Unless itโs properly secured, any network is vulnerable to malicious use and accidental damage. Hackers, disgruntled employees, or poor security practices within the organization can leave private data exposed, including trade secrets and customersโ private details. ๏ Losing confidential research, for example, can potentially cost an organization millions of dollars by taking away competitive advantages it paid to gain. While hackers stealing customersโ details, and selling them to be used in fraud, creates negative publicity and public mistrust of the organization.
Introduction CIA
๏ The general state in Computer Security has the ability to detect and prevent attacks and to be able to recover. If these attacks are successful as such then it has to contain the disruption of information and services and check if they are kept low or tolerable. ๏ In order to fulfill these requirements, we come to the three main elements which are confidentiality, integrity , and availability.
Confidentiality
๏ Confidentiality is the concealment of information or resources. Also, there is a need to keep information secret from other third parties that want to have access to it, so just the right people can access it. ๏ Example in real life โ Letโs say there are two people communicating via an encrypted email they know the decryption keys of each other and they read the email by entering these keys into the email program. If someone else can read these decryption keys when they are entered into the program, then the confidentiality of that email is compromised.
Integrity
๏ Integrity is the trustworthiness of data in the systems or resources by the point of view of preventing unauthorized and improper changes. Generally, Integrity is composed of two sub-elements data-integrity, which it has to do with the content of the data and authentication which has to do with the origin of the data as such information has values only if it is correct. ๏ Example in real life โ Letโs say you are doing an online payment of 5 USD, but your information is tampered without your knowledge in a way by sending to the seller 500 USD, this would cost you too much. ๏ In this case cryptography plays a very major role in ensuring data integrity. Commonly used methods to protect data integrity includes hashing the data you receive and comparing it with the hash of the original message. However, this means that the hash of the original data must be provided in a secure way.
Availability
๏ Availability refers to the ability to access data of a resource when it is needed, as such the information has value only if the authorized people can access at right time. Denying access to data nowadays has become a common attack. Imagine a downtime of a live server how costly it can be. ๏ Example in real life โ Letโs say a hacker has compromised a web server of a bank and put it down. You as an authenticated user want to do an e-banking transfer but it is impossible to access it, the undone transfer is a money lost for the bank.
Authorization
๏ Defines the userโs rights and permissions on a system. ๏ Typically done after user has been authenticated ๏ Grants a user access to a particular resource and what actions he/she is permitted to perform on that resource. ๏ Access criteria based on the level of trust: ๏ Roles ๏ Groups ๏ Location ๏ Time ๏ Transaction type
Accountability
๏ The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity ๏ Senders cannot deny sending information ๏ Receivers cannot deny receiving it ๏ Users cannot deny performing a certain action ๏ Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action.
๏ A threat actor could configure a client to continually change its credentials and quickly exhaust all available IP addresses in the scope, preventing company endpoints from accessing the network
Components of DHCP
๏ When working with DHCP, itโs important to understand all of the components. Below is a list of them and what they do: ๏ DHCP server: A networked device running the DCHP service that holds IP addresses and related configuration information. This is most typically a server or a router but could be anything that acts as a host, such as an SD-WAN appliance. ๏ DHCP client: The endpoint that receives configuration information from a DHCP server. This can be a computer, mobile device, IoT endpoint or anything else that requires connectivity to the network. Most are configured to receive DHCP information by default. ๏ IP address pool: The range of addresses that are available to DHCP clients. Addresses are typically handed out sequentially from lowest to highest. ๏ Subnet: IP networks can be partitioned into segments known as subnets. Subnets help keep networks manageable. ๏ Lease: The length of time for which a DHCP client holds the IP address information. When a lease expires, the client must renew it. ๏ DHCP relay: A router or host that listens for client messages being broadcast on that network and then forwards them to a configured server. The server then sends responses back to the relay agent that passes them along to the client. This can be used to centralize DHCP servers instead of having a server on each subnet.
What is DNS?
๏ In the world of networking, computers do not represent by names like humans do, they represent by numbers because that is how computers and other similar devices talk and identify with each other over a network, which is by using numbers such as IP addresses. ๏ Humans on the other hand are accustomed to using names instead of numbers, whether is talking directly to another person or identifying a country, place, or things, humans identify with names instead of numbers. So in order to bridge the communication gap between computers and humans and make the communication of a lot easier networking engineers developed DNS. ๏ DNS stands for a Domain Name System. ๏ DNS resolves names to numbers, to be more specific it resolves domain names to IP addresses. So if you type in a web address in your web browser, DNS will resolve the name to a number because the only thing computers know are numbers.
๏ So when you type in google.com in your web browser and if your web browser or operating system cannot find IP address in its own cache memory, it will send a query to next level to what is called resolver server. ๏ Resolver server is basically your ISP or Internet service provider, so when resolver receives this query, it will check its own cache memory to find an IP address for google.com, and if it cannot find it it will send query to next level which is root server. The root servers are the top most server in the DNS hierarchy. ๏ There are 13 sets of these root servers from a.root-servers.net to m.root-servers.net and they are strategically placed around world, and they are operated by 12 different organizations and each set of these root servers has their own unique IP address. ๏ So when root server receives query for IP address for google.com, root server is not going to know what IP address is, but root server does know where to send resolver to help it find IP address. ๏ So root server will direct resolver to TLD or top-level domain server for .com domain. So resolver will now ask TLD server for IP address for google.com. ๏ The top-level domain server stores address information for top- level domains such as .com and .net, .org, and so on. This particular TLD server manages .com domain which google.com is a part of. ๏ So when a TLD server receives query for IP address for google.com, TLD server is not going to know what IP addresses for google.com. So the TLD will direct resolver to next and final level, which are authoritative name servers. So once again the resolver will now ask authoritative name server for IP address for google.com. ๏ Authoritative name server or servers are responsible for knowing everything about domain which includes IP address. ๏ They are final authority. ๏ DNS servers has different types of records to manage resolution efficiently and provide important information about a domain. These records are the details which are cached on DNS servers.
๏ Each records have a TTL(Time To Live) value in seconds associated with it, these values set time for the expiration of cached record in DNS server which ranges to 60 to 86400 depending on the DNS provider. ๏ A records โ points to IPv4 address of machine where website is hosted ๏ AAAA records โ points to IPv6 address of machine where website is hosted ๏ MX โ points to email servers ๏ CNAME โ canonical name for alias points hostname to hostname ๏ ANAME โ Auto resolved alias, works like cname but points hostname to IP of hostname ๏ NS โ nameservers for subdomains ๏ PTR โ IP address to hostname ๏ SOA โ containing administrative information about the DNS zone ๏ SRV โ service record for other services ๏ TXT โ Text records mostly used for verification, SPF, DKIM, DMARC and more ๏ CAA โ certificate authority record for SSL/TLS certificate