SlideShare a Scribd company logo

Computer Network Security study mate.pdf

D
Dorcask3

The document outlines the fundamentals of data communication networks and security, focusing on components, criteria, and models such as the OSI and TCP/IP frameworks. Key aspects include performance, reliability, security, and the roles of various devices and protocols in network communication. It emphasizes the importance of protecting data integrity, confidentiality, and availability while also addressing vulnerabilities and common security attacks.

Technology
1 of 67
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Computer Network Security AFRICA CENTRE OF EXCELLENCE, OBAFEMI AWOLOWO UNIVERSITY CYBERSECURITY MODULAR WORKSHOP @ ISLAMIC UNIVERSITY IN UGANDA (MAY 22ND – MAY 26TH, 2023) Bodunde Akinyemi (Ph.D.) Obafemi Awolowo University, Ile-Ife, Nigeria
Overview of Data Communication Network • A Data Communication Network (DCN) is the infrastructure that allows two or more computers called work stations, to communicate with each other. • Communication is the conveyance of a message from one entity, called the source or transmitter, to another, called the destination or receiver, via a channel of some sort. • Data communication can be defined as the transmission of data through a conducted medium such as copper cables, or fiber optic cables, or electromagnetic waves such as broadcast radio, infrared light, or microwaves.
Basic Components of a Data Communication Network • A data communication network comprises two or more computers that are connected together by a medium and they are sharing resources. Broadly speaking, communication requires a message, a sender, a receiver and a medium. The components are: i. Source: This is the transmitter of data. Examples are: Terminal, Computer, or Mainframe. ii. Medium: The communications stream through which the data is being transmitted. Examples are: Cabling, Microwave, Fibre optics, Radio Frequencies (RF), and Infrared Wireless. iii. Receiver: This is the receiver of the data transmitted. Examples are: Printer, Terminal, Mainframe, Computer.
A Data Communication Model Data Communication can simply be stated as the transfer of data or information between a source and a receiver
Criteria for Data Communication Network There are some criteria that a data communication network must meet. All these must be achieved at an affordable cost. The major criteria that must be met are performance, consistency, reliability, recovery, and security. the most important ones are performance, reliability and security. 1. Performance Performance is defined as the rate of transferring error free data. It can be measured using the transit time and the response time. ➢The transit time is the amount of time required for a message to travel from one device to another while ➢the response time is the elapsed time between the end of an inquiry and the beginning of a response. Any factors that affects these parameters, automatically will affect the network performance.
Criteria for Data Communication Network-(2) 2. Reliability Reliability is the measure of how often a network is useable. It can also be defined as how well a system can be fault tolerant. Network reliability is measured by the frequency of failure and the time it takes a link to recover from a failure and the network’s robustness in a catastrophe ➢ Mean Time Between Failures (MTBF) is a measure of the average time a component is expected to operate between failures. It is normally provided by the manufacturer. ➢A network failure can emanate from a problematic hardware, data carrying medium or Operating System 3 . Security Security is the protection of resources of a computer from unauthorized access. The resources could be the hardware, software and even data. The most common security methods used are: restricted physical access to computers, password protection, limiting user privileges and data encryption. Anti-Virus monitoring programs to defend against computer viruses are a security measure.
Criteria for Data Communication Network- (3) 4. Consistency Consistency is the predictability of response time and accuracy of data. Generally speaking, users prefer to have consistent response times; they develop a feel for normal operating conditions. Accuracy of data determines if the network is reliable. If a system loses data, then the user loses confidence in the information, thereby loses interest in using the system. 5. Recovery Recovery is the network's ability to return to a prescribed level of operation after a network failure. This level is where the data loss is at zero level or non- existent. Recovery is mostly achieved by incorporating back-up systems.
Computer Networks • Data communication between digital computers is aided by the type of computer networks. Over the years, computer networks have become an unquestionable means of data communication. • A computer network consists of nodes and communication links which implement the data communication protocols. It interconnects a set of hosts which conform to the network protocols. • A computer network is defined as an aggregate of two or more autonomous computers that are separated by physical distances and connected together.
Basic Definitions • Computer Security – Controls which ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated • Network Security – Measures to prevent, detect, and correct security violations that involve the transmission of information
A super set of cyber security and network security. It concerns information irrespective of the realm. Preservation of the Confidentiality, Integrity and Availability (CIA) of Information/Data Protection of information and information systems from any form of threat e.g. unauthorized access, use, disclosure, disruption, modification, or destruction Information Security Synonymous with IT Security. Information security worldwide is considered the main fixed asset of any public or private organization.
Elements of network security
5/26/2023 12 Elements of network Security (Transit/Stationary Data) Confidentiality protects information from unauthorized disclosure or intelligible interception. Availability ensures that information are accessible and functional when needed. Integrity ensures that information or software is complete, accurate, and authentic. (No Modification) 12
Pillars of network security 5/26/2023 Others: • Authenticity • Authorization • Non- repudiation • Accountability 13
Network Security Objectives There are three security objectives to reach or security properties to respect. The three network security objectives as described in Figure are Confidentiality, Integrity and Availability. (a) Confidentiality • Confidentiality protects sensitive information from unauthorized disclosure or intelligible interception. It gives assurance that information is not disclosed to unauthorized individuals, processes, or devices. Access controls are used to protect confidentiality. Access control is the process of limiting the privilege to use system resources. There are three types of controls for limiting access: ➢Administrative Controls: These are based upon policies. Information security policies should state the organization’s objectives regarding control over access to resources, hiring and management of personnel, and security awareness. ➢Physical Controls: These include limiting access to network nodes, protecting the network wiring, and securing rooms or buildings that contain restricted assets. ➢Logical Controls: These are the hardware and software means of limiting access and include access control lists, communication protocols, and cryptography.
Network Security Objectives –(2) (b) Integrity Integrity ensures that information or software is complete, accurate, and authentic. The information must be protected from unauthorized, unanticipated, or unintentional modification. It also provides protection against unauthorized creation and destruction of information. Network integrity is ensuring that the message received is the same message that was sent. The content of the message must be complete and unmodified. Connection integrity can be provided by cryptography and routing control. This includes, but is not limited to: ➢Authenticity: A third party must be able to verify that the content of a message has not been changed in transit. ➢Non-repudiation: The origin or the receipt of a specific message must be verifiable by a third party. ➢Accountability: This is the process of tracing, or the ability to trace, activities to a responsible source. It is a security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. from a security perspective, it is most important for detecting, analyzing, and responding to security incidents on the network. System logs, audit trails, and accounting software can all be used to hold users accountable for what happens under their logon ID.
Network Security Objectives –(3) (c) Availability • Availability ensures that information and services are accessible and functional when needed. It provides timely and reliable access to data and information services for authorized users. • The information technology resources i.e. system or data must be available on a timely basis to meet mission requirements or to avoid substantial losses. • Availability also includes ensuring that resources are used only for intended purposes. Redundancy, fault tolerance, reliability, failover, backups, recovery, resilience, and load balancing are the network design concepts used to assure availability. If a system is non-available, then integrity and confidentiality of such system will not matter.
Interruption: This is an attack on availability- Denial of service (DOS) attacks Interception: This is an attack on confidentiality(Overhearing, eavesdropping) Modification: This is an attack on integrity (Corrupting transmitted data- modification, masquerading, replaying and repudiation) Fabrication: This is an attack on authenticity (Faking Data) Some Common network Security Attacks
COMMON TERMINOLOGIES • Vulnerability: is a weakness in an IT system that can be exploited by an attacker to deliver a successful attack • Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. • Threat: is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. • Risk: Cybersecurity risk is the probability of exposure or loss resulting from a cyber attack or data breach on your organization.
Computer Network Basics • Computer Network is a group of two or more interconnected computer systems. Computer networks help you to connect with multiple computers together to send and receive information • Switches work as a controller which connects computers, printers, and other hardware devices • Routers help you to connect with multiple networks. It enables you to share a single internet connection and saves money • Servers are computers that hold shared programs, files, and the network operating system • Clients are computer device which accesses and uses the network and shares network resources
Computer Network Basics –(2) • Hub is a device that split a network connection into multiple computers. • Access points allow devices to connect to the wireless network without cables • Network Interface card sends, receives data and controls data flow between the computer and the network • A protocol is the set of defined rules which that allows two entities to communicate across the network • Unique Identifier include Hostname, IP Address, DNS Server, and host are important unique identifiers of computer networks. • ARP stands for Address Resolution Protocol • Reverse Address Resolution (RAR) Protocol gives an IP address of the device with given a physical address as input.
Network reference Models • There are two important network architectures: ➢the OSI reference model ➢the TCP/IP reference model.
Network model-Open Systems Interconnection (OSI) • The OSI reference model arrived in 1984. • OSI model is used as an abstract framework and most operating systems and protocols adhere to it. • This is the standard model for networking protocols and distributed applications and is the International Standard Organization's Open System Interconnect (ISO/OSI) model. • Its main objectives were to: ➢ Allow the manufacture of different systems to interconnect equipment through standard interfaces. ➢Allow software and hardware to integrate well and be portable on different systems. • It has 7 layers
Open Systems Interconnection (OSI) Model
Open Systems Interconnection (OSI) Layer 1 - Physical Layer • Physical Layer defines electrical and mechanical specifications of cables, connectors and signaling options that physically link two nodes on a network. • Physical layer defines the cable or physical medium itself, e.g., thinnet, thicknet, unshielded twisted pairs (UTP). • All media are functionally equivalent. The main difference is in convenience and cost of installation and maintenance. • Converters from one media to another operate at this level. This layer converts bits into voltage for transmission. Couples of the standard interfaces at this layer are HSSI and X.21.
Open Systems Interconnection (OSI) Layer 2 - Data Link Layer • Data Link layer defines the format of data on the network. • Packages raw bits from the Physical layer into frames (logical, structured packets for data). • Provides reliable transmission of frames ➢ It waits for an acknowledgment from the receiving computer. ➢ Retransmits frames for which acknowledgement not received • The main task of the Data Link Layer is to provide error free transmission. It accomplishes this task by having the sender break the input data up into data frames, transmit the frames sequentially, and process the acknowledgement frames sent back to the receiver.
Open Systems Interconnection (OSI) Layer 3 - Network Layer • The Data Link Layer is responsible for end to end delivery, the network layer ensures that each packet travels from its source to destination successfully and efficiently. • The main responsibility of network layer is to insert information in the packet header so that it can be properly addressed and routed. • Routing protocols build their routing table at this layer. NFS uses Internetwork Protocol (IP) as its network layer interface. IP is responsible for routing, directing datagrams from one network to another. The network layer may have to break large datagrams, larger than MTU, into smaller packets and host receiving the packet will have to reassemble the fragmented datagram.
Open Systems Interconnection (OSI) Layer 4 - Transport Layer • The transport layer provides end to end transport services and establishes the logical connection between two computers. • Transport layer subdivides user-buffer into network-buffer sized datagrams and enforces desired transmission control. • Manages transmission packets ➢ Repackages long messages when necessary into small packets for transmission ➢ Reassembles packets in correct order to get the original message. • Handles error recognition and recovery. ➢ Transport layer at receiving acknowledges packet delivery. ➢ Resends missing packets
Open Systems Interconnection (OSI) Layer 5 - Session Layer • Allows two applications on different computers to establish, use, and end a session. ➢ e.g. file transfer, remote login • The connection is maintained during data transfer and released once done. • Establishes dialog control ➢ Regulates which side transmits, plus when and how long it transmits. • Performs token management and synchronization.
Open Systems Interconnection (OSI) Layer 6 - Presentation Layer • The presentation layer receives information from the application layer protocol and translates in the format all computers can understand. • The presentation layer is not concerned with the meaning of data. This layer is also meant to handle issues related to data compression and encryption. • Related to representation of transmitted data ➢ Translates different data representations from the Application layer into uniform standard format • Providing services for secure efficient data transmission ➢ e.g. data encryption, and data compression.
Open Systems Interconnection (OSI) Layer 7 - Application Layer • The application layer works closer to the user and provides network services to the end-users. • Level at which applications access network services. • This layer does not include the actual applications but the protocols that support the applications. FTP, telnet, DNS, NIS, NFS are examples of network applications. • Represents services that directly support software applications for file transfers, database access, and electronic mail etc.
TCP/IP MODEL • TheOSI Model is just a reference/logical model.It was designedto describethe functions of thecommunicationsystemby dividing thecommunicationprocedure intosmallerand simpler components. • Butwhenwetalk about theTCP/IPmodel,it wasdesigned and developed by Departmentof Defense(DoD)in1960s and isbasedonstandard protocols.It standsfor TransmissionControl Protocol/InternetProtocol. The TCP/IP modelis a concise version of the OSI model. It contains four layers, unlike seven layers in the OSI model. • The layers are: 1. Process/Application Layer 2. Host-to-Host/Transport Layer 3. Internet Layer 4. Network Access/Link Layer
TCP/IP Model vs OSI Model
Difference between OSI Reference Model & TCP Reference Model
OSI Layers Vulnerabilities and Attacks • The weakness of the system can be encountered in any of the layers. For making the system strong against the attacks we should be educating ourselves enough about the vulnerabilities which can be impacted at each layer. • Listed below are the few weaknesses which is observed on each layer. 1. Physical Layer: • Data/Hardware theft, Unauthorized changes to the functional environment, Undetectable data interception, Wiretaps and reconnaissance, Open authentication, Rogue employees and Access points
OSI Layers Vulnerabilities and Attacks • Data Link Layer: Unauthorized joining and expansion of the network, VLAN join, Tagging and Hopping, Remote access of LAN, Topology and vulnerability discovery, Break-ins, Switch control, VLAN circumvention, spanning tree errors may be fortuitously or with intentionally introduced causing the data link layer to transmit packets in infinite loops. • Network Layer: Guessing TCP sequence numbers, stealing existing session, No cryptography, No authentication, Works in broadcast, Unauthorized access, Route spoofing – circulate false network topology • Transport Layer: Three-way handshake flaws, TCP sequence number prediction, Port scan
Attacks at each layer of OSI model
DomainNameSystem • The domain name system (DNS) is a naming database in which internet domain names are located and translated into Internet Protocol (IP) addresses. • The domain name system maps the name people use to locate a website to the IP address that a computer uses to locate that website.
IP addressing • An IP address is an address used to uniquely identify a device/node on an IP network. • A core function of IP is to provide logical addressing for hosts. An IP address provides a hierarchical structure to both uniquely identify a host, and what network that host exists on. • The address is made up of 32 binary bits which can be divisible into a network portion and host portion with the help of a subnet mask. • It can change based on the location of the device • It can be assigned manually or dynamically • There are two types of IP address ➢IPV4 ➢IPV6
IP provides two fundamental Network layer services: ➢Logical addressing – provides a unique address that identifies both the host, and the network that host exists on. ➢Routing – determines the best path to a particular destination network, and then routes data accordingly.
IPV4 address formats • An IPV4 address is most often represented in Dotted decimal format, in the following format: 158.80.164.3 • 32 binary bits are broken into four octets (1 octet = 8 bits) • An IPV4 address is comprised of four octets, separated by periods: First Octet . Second Octet . Third Octet . Fourth Octet 158 . 80 . 164 . 3 • IPV4 addresses are written as four dot-separated decimal numbers between 0 and 255 i.e. 0.0.0.0 and 255.255.255.255 • Each octet is an 8-bit number, resulting in a 32-bit IP address. • The smallest possible value of an octet is 0, or 00000000 in binary. • The largest possible value of an octet is 255, or 11111111 in binary
IPV6 address format • An IPv6 address can have either of the following two formats: ➢ Normal - Pure IPv6 format ➢ Dual - IPv6 plus IPv4 formats • It can be any hexadecimal value between 0000 and FFFF. • The segments are separated by colons - not periods.
Pure IPv6 format • An IPv6 (Normal) address has the following format: y : y : y : y : y : y : y : y where y is called a segment • An IPv6 normal address must have eight segments • Short notation for segments that are zeros (: :) • The following list shows examples of valid IPv6 (Normal) addresses: ➢ 2001 : db8: 3333 : 4444 : 5555 : 6666 : 7777 : 8888 ➢ 2001 : db8 : 3333 : 4444 : CCCC : DDDD : EEEE : FFFF ➢ : : (implies all 8 segments are zero) ➢ 2001: db8: : (implies that the last six segments are zero) ➢ : : 1234 : 5678 (implies that the first six segments are zero) ➢ 2001 : db8: : 1234 : 5678 (implies that the middle four segments are zero) ➢ 2001:0db8:0001:0000:0000:0ab9:C0A8:0102 (This can be compressed to eliminate leading zeros, as follows: 2001:db8:1::ab9:C0A8:102 )
Dual - IPv6 plus IPv4 formats • An IPv6 (Dual) address combines an IPv6 and an IPv4 address and has the following format: y : y : y : y : y : y : x . x . x . x. The IPv6 portion of the address (indicated with y's) is always at the beginning, followed by the IPv4 portion (indicated with x's). • In the IPv6 portion of the address, y is called a segment and can be any hexadecimal value between 0 and FFFF. The segments are separated by colons - not periods. The IPv6 portion of the address must have six segments but there is a short form notation for segments that are zero. • In the IPv4 portion of the address x is called an octet and must be a decimal value between 0 and 255. The octets are separated by periods. The IPv4 portion of the address must contain three periods and four octets.
IPV6 dual- Examples • The following list shows examples of valid IPv6 (Dual) addresses: ➢ 2001 : db8: 3333 : 4444 : 5555 : 6666 : 1 . 2 . 3 . 4 ➢ : : 11 . 22 . 33 . 44 (implies all six IPv6 segments are zero) ➢ 2001 : db8: : 123 . 123 . 123 . 123 (implies that the last four IPv6 segments are zero) ➢ : : 1234 : 5678 : 91 . 123 . 4 . 56 (implies that the first four IPv6 segments are zero) ➢ : : 1234 : 5678 : 1 . 2 . 3 . 4 (implies that the first four IPv6 segments are zero) ➢ 2001 : db8: : 1234 : 5678 : 5 . 6 . 7 . 8 (implies that the middle two IPv6 segments are zero)
How to view IP address of a device • Go to command prompt- type cmd on the start menu • Type ipconfig and press enter PowerShell can be used too. It performs same functions as the command prompt. PowerShell is significantly more powerful and rich in capabilities compared to CMD.exe
IP address of a device- IPV4
How to view IP address (2) • Open command prompt • type ipconfig /all and press enter Finding the Host Name, IP Address or Physical Address of your machine
Finding the Host Name, IP Address or Physical Address of your machine
Exercise 1
Exercise 1- solution
What is a subnet? | How subnetting works • A subnet or subnetwork is a smaller network inside a large network. Subnetting makes network routing much more efficient. • Subnets make networks more efficient. • Through subnetting, network traffic can travel a shorter distance without passing through unnecessary routers to reach its destination.
Subnet mask
IP Address Classes • Every IP address has two parts. The first part indicates which network the address belongs to. The second part specifies the device(subnet/host) within that network. However, the length of the "first part" changes depending on the network's class. • Networks are categorized into different classes, labeled A through E. Class A networks can connect millions of devices. Class B networks and Class C networks are progressively smaller in size. (Class D and Class E networks are not commonly used.) ➢Class A: The first octet is the network portion. Octets 2, 3, and 4 are for subnets/hosts e.g. 203.0.113.112- the network is indicated by "203" and the device by "0.113.112." ➢Class B: The first two octets are the network portion. Octets 3 and 4 are for subnets/hosts e.g. 203.0.113.112- the network is indicated by "203.0." and the device by "113.112." ➢Class C: The first three octets are the network portion. Octet 4 is for subnets/hosts.e.g. 203.0.113.112- the network is indicated by "203.0.113." and the device by "112."
Computer Network Security study mate.pdf
Computer Network Security study mate.pdf
Computer Network Security study mate.pdf
Computer Network Security study mate.pdf
Computer Network Security study mate.pdf
Computer Network Security study mate.pdf
MULTI LAYER SECURITY THREATS AND ATTACKS Procedures / Approaches for Mitigation
MULTI LAYER SECURITY THREATS AND ATTACKS 1. Network Security • You need to know who and what is trying to connect to your network. Firewalls can block known bad connections — such as IP addresses associated with malware — but attackers can get around this. Too much inspection can also slow down internet traffic. • IDS adds an extra layer of security by inspecting packets as they go through your perimeter. Unlike a firewall, the IDS does this without stopping them, allowing your network traffic to keep moving. Suspicious activity is flagged for attention by your NOC (network operations center). • Finally, network segmentation adds layers of strong authentication to your internal network. Even if an attacker gets through your firewall and IDS, they’ll need to steal multiple credentials in order to move through and find the data they want.
MULTI LAYER SECURITY THREATS AND ATTACKS • 2. Endpoint Security • An endpoint is generally a personal computer, but the term can refer to servers as well. Endpoints are particularly prone to infection or compromise because they’re often operated directly by humans, and humans are easy to fool. • You’re probably familiar with antivirus as it relates to endpoint security. Generally, antivirus works by scanning file types in order to see if they match known viruses, but more advanced enterprise often uses machine learning or behavioral detection to fight malware. • Browsers are a huge vector for infections on endpoints. Isolated browsing features place the user’s browser inside a virtual machine. If a browser is attacked by malware, such as a drive-by-download, the malicious file will execute harmlessly inside the VM, away from the network.
MULTI LAYER SECURITY THREATS AND ATTACKS • 3. Application Security • If your organization relies heavily on SaaS applications, application security — rather than firewalls or antivirus — might be an important mode of defense. Since the application vendor has responsibility for securing the application itself, your main job will be preventing attackers from stealing passwords. • The most effective thing you can do to secure application passwords is to implement two-factor or multi- factor authentication. This involves using an extra piece of information — usually, a one-time password (OTP) sent to the user’s phone — to authenticate a user alongside the password itself. • Although 2FA or MFA are the most effective ways to defend against an attack, you can improve their effectiveness by implementing strong access policies. Mandating strong passwords is one solution, but another one is the principle of “least privilege.” In other words, every employee should have access only to the applications and data stores necessary to do their jobs.
MULTI LAYER SECURITY THREATS AND ATTACKS • 4. Data Security • Users create vulnerability even apart from their propensity to download viruses onto their own desktops. • breaches where users have emailed sensitive records outside of the organization… in plain text. • Whether accidentally, maliciously, or through enemy action, email is the primary vector for sensitive information to escape from your organization. Fortunately, there are a few ways to put a stop to this.
MULTI LAYER SECURITY THREATS AND ATTACKS • 5. Physical Security • Never underestimate the power of an attacker dressed as a FedEx guy. If you don’t keep track of the people entering and leaving your building, you’re putting yourself at risk. It’s incredibly easy for unmonitored guests to conduct espionage (spies)— leaving malicious USBs in your desktops, accessing server rooms, or even downloading papers at an unattended desk. • You want to keep track of everyone who enters or leaves your building while adding more rigorous protections for sensitive areas. • Visitors should never be unaccompanied as they wander around your building, and employees should be unafraid to challenge strangers if they don’t have a badge or a lanyard(means of identification). • Biometric authentication is a must for your server room or data centre.
Computer Network Security study mate.pdf
Network Scanning Tools • Network Mapper (Nmap) • Wireshark • Snort • TCPDump • T -Shark

More Related Content

PPTX
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
PPTX
Unit 1-NETWORK Security.pptx............
r47381047
 
PPTX
Computer Security Chapter 1
Temesgen Berhanu
 
PDF
Ijcatr04061002
Editor IJCATR
 
PPTX
information security (network security methods)
Zara Nawaz
 
PPTX
Information security ist lecture
Zara Nawaz
 
PDF
BAIT1103 Chapter 1
limsh
 
PPT
Network and Information Security unit 1.ppt
Vivekananda Gn
 
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Unit 1-NETWORK Security.pptx............
r47381047
 
Computer Security Chapter 1
Temesgen Berhanu
 
Ijcatr04061002
Editor IJCATR
 
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Zara Nawaz
 
BAIT1103 Chapter 1
limsh
 
Network and Information Security unit 1.ppt
Vivekananda Gn
 

Similar to Computer Network Security study mate.pdf (20)

DOCX
Seguridad web -articulo completo- ingles
isidro luna beltran
 
PPT
VIT311 Network Security Essentials Unit 1.ppt
ssuser000e54
 
PPTX
Cyber-Security-Unit-1.pptx
TikdiPatel
 
PDF
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
karthikasivakumar3
 
PPTX
Provide Network System Administrationa.pptx
nahomtilahun29
 
PPTX
Computer Security Essentials.pptx
Guna Dhondwad
 
PPTX
Securing Networks and Operating Systems.pptx
lionbitme
 
PDF
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
PDF
Module 3.Infrastructure and Network Security:
Sitamarhi Institute of Technology
 
PDF
Module 3.pdf
Sitamarhi Institute of Technology
 
PDF
Unit v
bharatnaruka90
 
PPTX
security of information systems
♥♛❁Sukla♥❀njoyng Breath♥
 
PPTX
network security.001.pptx................
MuhammadKhalil858111
 
PPTX
information security unit 1 notes ppt contents
Krishna681298
 
PDF
network security.pdf
JeganathanJayaran
 
PPTX
Information and network security 2 nist security definition
Vaibhav Khanna
 
PPTX
Computer security concepts
Prachi Gulihar
 
PDF
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
Abiramis19
 
PPTX
I MSc CS CNS Day 1.pptx
Arumugam90
 
PPTX
Ch01 NetSec5e.pptx
Awais725629
 
Seguridad web -articulo completo- ingles
isidro luna beltran
 
VIT311 Network Security Essentials Unit 1.ppt
ssuser000e54
 
Cyber-Security-Unit-1.pptx
TikdiPatel
 
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
karthikasivakumar3
 
Provide Network System Administrationa.pptx
nahomtilahun29
 
Computer Security Essentials.pptx
Guna Dhondwad
 
Securing Networks and Operating Systems.pptx
lionbitme
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
Module 3.Infrastructure and Network Security:
Sitamarhi Institute of Technology
 
Module 3.pdf
Sitamarhi Institute of Technology
 
Unit v
bharatnaruka90
 
security of information systems
♥♛❁Sukla♥❀njoyng Breath♥
 
network security.001.pptx................
MuhammadKhalil858111
 
information security unit 1 notes ppt contents
Krishna681298
 
network security.pdf
JeganathanJayaran
 
Information and network security 2 nist security definition
Vaibhav Khanna
 
Computer security concepts
Prachi Gulihar
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
Abiramis19
 
I MSc CS CNS Day 1.pptx
Arumugam90
 
Ch01 NetSec5e.pptx
Awais725629
 
Ad

More from Dorcask3 (14)

PPTX
DNS & SITES-SERVICES OF Active Directory.pptx
Dorcask3
 
PPTX
FAMILY CONFERENCE UCU MAY 21-22. S UBOMBA-JASWA.pptx
Dorcask3
 
PPTX
FINAL PRESENTATION - COMMODITY STRATEGY.pptx
Dorcask3
 
PPTX
FAMILY CRISIS _crisis in uganda-202.pptx
Dorcask3
 
PPTX
Victron-Global-Remote-and-Victron-E.pptx
Dorcask3
 
PPT
BGP Policy Control Guidelines to fol.ppt
Dorcask3
 
PPTX
00.2_IP_Addressing lecture about IPV.pptx
Dorcask3
 
PPTX
Backups _Disaster_Recovery for 202 .pptx
Dorcask3
 
PDF
FOUNDATIONS OF CYBERSECURITY beginner l
Dorcask3
 
PDF
PENETRATION TESTING LECTURE SLIDES start
Dorcask3
 
PPTX
ITE8_Chp3ciscoitessentialsslidessss.pptx
Dorcask3
 
PPTX
Windows Configuration steps and guidesss
Dorcask3
 
PDF
Kabale University Academic Prog Brochure
Dorcask3
 
PPTX
Workstations-02.pptx
Dorcask3
 
DNS & SITES-SERVICES OF Active Directory.pptx
Dorcask3
 
FAMILY CONFERENCE UCU MAY 21-22. S UBOMBA-JASWA.pptx
Dorcask3
 
FINAL PRESENTATION - COMMODITY STRATEGY.pptx
Dorcask3
 
FAMILY CRISIS _crisis in uganda-202.pptx
Dorcask3
 
Victron-Global-Remote-and-Victron-E.pptx
Dorcask3
 
BGP Policy Control Guidelines to fol.ppt
Dorcask3
 
00.2_IP_Addressing lecture about IPV.pptx
Dorcask3
 
Backups _Disaster_Recovery for 202 .pptx
Dorcask3
 
FOUNDATIONS OF CYBERSECURITY beginner l
Dorcask3
 
PENETRATION TESTING LECTURE SLIDES start
Dorcask3
 
ITE8_Chp3ciscoitessentialsslidessss.pptx
Dorcask3
 
Windows Configuration steps and guidesss
Dorcask3
 
Kabale University Academic Prog Brochure
Dorcask3
 
Workstations-02.pptx
Dorcask3
 
Ad

Recently uploaded (20)

PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
August Patch Tuesday
Ivanti
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Modernising the Digital Integration Hub
Daniel Toomey
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 

Computer Network Security study mate.pdf

  • 1. Computer Network Security AFRICA CENTRE OF EXCELLENCE, OBAFEMI AWOLOWO UNIVERSITY CYBERSECURITY MODULAR WORKSHOP @ ISLAMIC UNIVERSITY IN UGANDA (MAY 22ND – MAY 26TH, 2023) Bodunde Akinyemi (Ph.D.) Obafemi Awolowo University, Ile-Ife, Nigeria
  • 2. Overview of Data Communication Network • A Data Communication Network (DCN) is the infrastructure that allows two or more computers called work stations, to communicate with each other. • Communication is the conveyance of a message from one entity, called the source or transmitter, to another, called the destination or receiver, via a channel of some sort. • Data communication can be defined as the transmission of data through a conducted medium such as copper cables, or fiber optic cables, or electromagnetic waves such as broadcast radio, infrared light, or microwaves.
  • 3. Basic Components of a Data Communication Network • A data communication network comprises two or more computers that are connected together by a medium and they are sharing resources. Broadly speaking, communication requires a message, a sender, a receiver and a medium. The components are: i. Source: This is the transmitter of data. Examples are: Terminal, Computer, or Mainframe. ii. Medium: The communications stream through which the data is being transmitted. Examples are: Cabling, Microwave, Fibre optics, Radio Frequencies (RF), and Infrared Wireless. iii. Receiver: This is the receiver of the data transmitted. Examples are: Printer, Terminal, Mainframe, Computer.
  • 4. A Data Communication Model Data Communication can simply be stated as the transfer of data or information between a source and a receiver
  • 5. Criteria for Data Communication Network There are some criteria that a data communication network must meet. All these must be achieved at an affordable cost. The major criteria that must be met are performance, consistency, reliability, recovery, and security. the most important ones are performance, reliability and security. 1. Performance Performance is defined as the rate of transferring error free data. It can be measured using the transit time and the response time. ➢The transit time is the amount of time required for a message to travel from one device to another while ➢the response time is the elapsed time between the end of an inquiry and the beginning of a response. Any factors that affects these parameters, automatically will affect the network performance.
  • 6. Criteria for Data Communication Network-(2) 2. Reliability Reliability is the measure of how often a network is useable. It can also be defined as how well a system can be fault tolerant. Network reliability is measured by the frequency of failure and the time it takes a link to recover from a failure and the network’s robustness in a catastrophe ➢ Mean Time Between Failures (MTBF) is a measure of the average time a component is expected to operate between failures. It is normally provided by the manufacturer. ➢A network failure can emanate from a problematic hardware, data carrying medium or Operating System 3 . Security Security is the protection of resources of a computer from unauthorized access. The resources could be the hardware, software and even data. The most common security methods used are: restricted physical access to computers, password protection, limiting user privileges and data encryption. Anti-Virus monitoring programs to defend against computer viruses are a security measure.
  • 7. Criteria for Data Communication Network- (3) 4. Consistency Consistency is the predictability of response time and accuracy of data. Generally speaking, users prefer to have consistent response times; they develop a feel for normal operating conditions. Accuracy of data determines if the network is reliable. If a system loses data, then the user loses confidence in the information, thereby loses interest in using the system. 5. Recovery Recovery is the network's ability to return to a prescribed level of operation after a network failure. This level is where the data loss is at zero level or non- existent. Recovery is mostly achieved by incorporating back-up systems.
  • 8. Computer Networks • Data communication between digital computers is aided by the type of computer networks. Over the years, computer networks have become an unquestionable means of data communication. • A computer network consists of nodes and communication links which implement the data communication protocols. It interconnects a set of hosts which conform to the network protocols. • A computer network is defined as an aggregate of two or more autonomous computers that are separated by physical distances and connected together.
  • 9. Basic Definitions • Computer Security – Controls which ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated • Network Security – Measures to prevent, detect, and correct security violations that involve the transmission of information
  • 10. A super set of cyber security and network security. It concerns information irrespective of the realm. Preservation of the Confidentiality, Integrity and Availability (CIA) of Information/Data Protection of information and information systems from any form of threat e.g. unauthorized access, use, disclosure, disruption, modification, or destruction Information Security Synonymous with IT Security. Information security worldwide is considered the main fixed asset of any public or private organization.
  • 12. 5/26/2023 12 Elements of network Security (Transit/Stationary Data) Confidentiality protects information from unauthorized disclosure or intelligible interception. Availability ensures that information are accessible and functional when needed. Integrity ensures that information or software is complete, accurate, and authentic. (No Modification) 12
  • 13. Pillars of network security 5/26/2023 Others: • Authenticity • Authorization • Non- repudiation • Accountability 13
  • 14. Network Security Objectives There are three security objectives to reach or security properties to respect. The three network security objectives as described in Figure are Confidentiality, Integrity and Availability. (a) Confidentiality • Confidentiality protects sensitive information from unauthorized disclosure or intelligible interception. It gives assurance that information is not disclosed to unauthorized individuals, processes, or devices. Access controls are used to protect confidentiality. Access control is the process of limiting the privilege to use system resources. There are three types of controls for limiting access: ➢Administrative Controls: These are based upon policies. Information security policies should state the organization’s objectives regarding control over access to resources, hiring and management of personnel, and security awareness. ➢Physical Controls: These include limiting access to network nodes, protecting the network wiring, and securing rooms or buildings that contain restricted assets. ➢Logical Controls: These are the hardware and software means of limiting access and include access control lists, communication protocols, and cryptography.
  • 15. Network Security Objectives –(2) (b) Integrity Integrity ensures that information or software is complete, accurate, and authentic. The information must be protected from unauthorized, unanticipated, or unintentional modification. It also provides protection against unauthorized creation and destruction of information. Network integrity is ensuring that the message received is the same message that was sent. The content of the message must be complete and unmodified. Connection integrity can be provided by cryptography and routing control. This includes, but is not limited to: ➢Authenticity: A third party must be able to verify that the content of a message has not been changed in transit. ➢Non-repudiation: The origin or the receipt of a specific message must be verifiable by a third party. ➢Accountability: This is the process of tracing, or the ability to trace, activities to a responsible source. It is a security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. from a security perspective, it is most important for detecting, analyzing, and responding to security incidents on the network. System logs, audit trails, and accounting software can all be used to hold users accountable for what happens under their logon ID.
  • 16. Network Security Objectives –(3) (c) Availability • Availability ensures that information and services are accessible and functional when needed. It provides timely and reliable access to data and information services for authorized users. • The information technology resources i.e. system or data must be available on a timely basis to meet mission requirements or to avoid substantial losses. • Availability also includes ensuring that resources are used only for intended purposes. Redundancy, fault tolerance, reliability, failover, backups, recovery, resilience, and load balancing are the network design concepts used to assure availability. If a system is non-available, then integrity and confidentiality of such system will not matter.
  • 17. Interruption: This is an attack on availability- Denial of service (DOS) attacks Interception: This is an attack on confidentiality(Overhearing, eavesdropping) Modification: This is an attack on integrity (Corrupting transmitted data- modification, masquerading, replaying and repudiation) Fabrication: This is an attack on authenticity (Faking Data) Some Common network Security Attacks
  • 18. COMMON TERMINOLOGIES • Vulnerability: is a weakness in an IT system that can be exploited by an attacker to deliver a successful attack • Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. • Threat: is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. • Risk: Cybersecurity risk is the probability of exposure or loss resulting from a cyber attack or data breach on your organization.
  • 19. Computer Network Basics • Computer Network is a group of two or more interconnected computer systems. Computer networks help you to connect with multiple computers together to send and receive information • Switches work as a controller which connects computers, printers, and other hardware devices • Routers help you to connect with multiple networks. It enables you to share a single internet connection and saves money • Servers are computers that hold shared programs, files, and the network operating system • Clients are computer device which accesses and uses the network and shares network resources
  • 20. Computer Network Basics –(2) • Hub is a device that split a network connection into multiple computers. • Access points allow devices to connect to the wireless network without cables • Network Interface card sends, receives data and controls data flow between the computer and the network • A protocol is the set of defined rules which that allows two entities to communicate across the network • Unique Identifier include Hostname, IP Address, DNS Server, and host are important unique identifiers of computer networks. • ARP stands for Address Resolution Protocol • Reverse Address Resolution (RAR) Protocol gives an IP address of the device with given a physical address as input.
  • 21. Network reference Models • There are two important network architectures: ➢the OSI reference model ➢the TCP/IP reference model.
  • 22. Network model-Open Systems Interconnection (OSI) • The OSI reference model arrived in 1984. • OSI model is used as an abstract framework and most operating systems and protocols adhere to it. • This is the standard model for networking protocols and distributed applications and is the International Standard Organization's Open System Interconnect (ISO/OSI) model. • Its main objectives were to: ➢ Allow the manufacture of different systems to interconnect equipment through standard interfaces. ➢Allow software and hardware to integrate well and be portable on different systems. • It has 7 layers
  • 24. Open Systems Interconnection (OSI) Layer 1 - Physical Layer • Physical Layer defines electrical and mechanical specifications of cables, connectors and signaling options that physically link two nodes on a network. • Physical layer defines the cable or physical medium itself, e.g., thinnet, thicknet, unshielded twisted pairs (UTP). • All media are functionally equivalent. The main difference is in convenience and cost of installation and maintenance. • Converters from one media to another operate at this level. This layer converts bits into voltage for transmission. Couples of the standard interfaces at this layer are HSSI and X.21.
  • 25. Open Systems Interconnection (OSI) Layer 2 - Data Link Layer • Data Link layer defines the format of data on the network. • Packages raw bits from the Physical layer into frames (logical, structured packets for data). • Provides reliable transmission of frames ➢ It waits for an acknowledgment from the receiving computer. ➢ Retransmits frames for which acknowledgement not received • The main task of the Data Link Layer is to provide error free transmission. It accomplishes this task by having the sender break the input data up into data frames, transmit the frames sequentially, and process the acknowledgement frames sent back to the receiver.
  • 26. Open Systems Interconnection (OSI) Layer 3 - Network Layer • The Data Link Layer is responsible for end to end delivery, the network layer ensures that each packet travels from its source to destination successfully and efficiently. • The main responsibility of network layer is to insert information in the packet header so that it can be properly addressed and routed. • Routing protocols build their routing table at this layer. NFS uses Internetwork Protocol (IP) as its network layer interface. IP is responsible for routing, directing datagrams from one network to another. The network layer may have to break large datagrams, larger than MTU, into smaller packets and host receiving the packet will have to reassemble the fragmented datagram.
  • 27. Open Systems Interconnection (OSI) Layer 4 - Transport Layer • The transport layer provides end to end transport services and establishes the logical connection between two computers. • Transport layer subdivides user-buffer into network-buffer sized datagrams and enforces desired transmission control. • Manages transmission packets ➢ Repackages long messages when necessary into small packets for transmission ➢ Reassembles packets in correct order to get the original message. • Handles error recognition and recovery. ➢ Transport layer at receiving acknowledges packet delivery. ➢ Resends missing packets
  • 28. Open Systems Interconnection (OSI) Layer 5 - Session Layer • Allows two applications on different computers to establish, use, and end a session. ➢ e.g. file transfer, remote login • The connection is maintained during data transfer and released once done. • Establishes dialog control ➢ Regulates which side transmits, plus when and how long it transmits. • Performs token management and synchronization.
  • 29. Open Systems Interconnection (OSI) Layer 6 - Presentation Layer • The presentation layer receives information from the application layer protocol and translates in the format all computers can understand. • The presentation layer is not concerned with the meaning of data. This layer is also meant to handle issues related to data compression and encryption. • Related to representation of transmitted data ➢ Translates different data representations from the Application layer into uniform standard format • Providing services for secure efficient data transmission ➢ e.g. data encryption, and data compression.
  • 30. Open Systems Interconnection (OSI) Layer 7 - Application Layer • The application layer works closer to the user and provides network services to the end-users. • Level at which applications access network services. • This layer does not include the actual applications but the protocols that support the applications. FTP, telnet, DNS, NIS, NFS are examples of network applications. • Represents services that directly support software applications for file transfers, database access, and electronic mail etc.
  • 31. TCP/IP MODEL • TheOSI Model is just a reference/logical model.It was designedto describethe functions of thecommunicationsystemby dividing thecommunicationprocedure intosmallerand simpler components. • Butwhenwetalk about theTCP/IPmodel,it wasdesigned and developed by Departmentof Defense(DoD)in1960s and isbasedonstandard protocols.It standsfor TransmissionControl Protocol/InternetProtocol. The TCP/IP modelis a concise version of the OSI model. It contains four layers, unlike seven layers in the OSI model. • The layers are: 1. Process/Application Layer 2. Host-to-Host/Transport Layer 3. Internet Layer 4. Network Access/Link Layer
  • 32. TCP/IP Model vs OSI Model
  • 33. Difference between OSI Reference Model & TCP Reference Model
  • 34. OSI Layers Vulnerabilities and Attacks • The weakness of the system can be encountered in any of the layers. For making the system strong against the attacks we should be educating ourselves enough about the vulnerabilities which can be impacted at each layer. • Listed below are the few weaknesses which is observed on each layer. 1. Physical Layer: • Data/Hardware theft, Unauthorized changes to the functional environment, Undetectable data interception, Wiretaps and reconnaissance, Open authentication, Rogue employees and Access points
  • 35. OSI Layers Vulnerabilities and Attacks • Data Link Layer: Unauthorized joining and expansion of the network, VLAN join, Tagging and Hopping, Remote access of LAN, Topology and vulnerability discovery, Break-ins, Switch control, VLAN circumvention, spanning tree errors may be fortuitously or with intentionally introduced causing the data link layer to transmit packets in infinite loops. • Network Layer: Guessing TCP sequence numbers, stealing existing session, No cryptography, No authentication, Works in broadcast, Unauthorized access, Route spoofing – circulate false network topology • Transport Layer: Three-way handshake flaws, TCP sequence number prediction, Port scan
  • 36. Attacks at each layer of OSI model
  • 37. DomainNameSystem • The domain name system (DNS) is a naming database in which internet domain names are located and translated into Internet Protocol (IP) addresses. • The domain name system maps the name people use to locate a website to the IP address that a computer uses to locate that website.
  • 38. IP addressing • An IP address is an address used to uniquely identify a device/node on an IP network. • A core function of IP is to provide logical addressing for hosts. An IP address provides a hierarchical structure to both uniquely identify a host, and what network that host exists on. • The address is made up of 32 binary bits which can be divisible into a network portion and host portion with the help of a subnet mask. • It can change based on the location of the device • It can be assigned manually or dynamically • There are two types of IP address ➢IPV4 ➢IPV6
  • 39. IP provides two fundamental Network layer services: ➢Logical addressing – provides a unique address that identifies both the host, and the network that host exists on. ➢Routing – determines the best path to a particular destination network, and then routes data accordingly.
  • 40. IPV4 address formats • An IPV4 address is most often represented in Dotted decimal format, in the following format: 158.80.164.3 • 32 binary bits are broken into four octets (1 octet = 8 bits) • An IPV4 address is comprised of four octets, separated by periods: First Octet . Second Octet . Third Octet . Fourth Octet 158 . 80 . 164 . 3 • IPV4 addresses are written as four dot-separated decimal numbers between 0 and 255 i.e. 0.0.0.0 and 255.255.255.255 • Each octet is an 8-bit number, resulting in a 32-bit IP address. • The smallest possible value of an octet is 0, or 00000000 in binary. • The largest possible value of an octet is 255, or 11111111 in binary
  • 41. IPV6 address format • An IPv6 address can have either of the following two formats: ➢ Normal - Pure IPv6 format ➢ Dual - IPv6 plus IPv4 formats • It can be any hexadecimal value between 0000 and FFFF. • The segments are separated by colons - not periods.
  • 42. Pure IPv6 format • An IPv6 (Normal) address has the following format: y : y : y : y : y : y : y : y where y is called a segment • An IPv6 normal address must have eight segments • Short notation for segments that are zeros (: :) • The following list shows examples of valid IPv6 (Normal) addresses: ➢ 2001 : db8: 3333 : 4444 : 5555 : 6666 : 7777 : 8888 ➢ 2001 : db8 : 3333 : 4444 : CCCC : DDDD : EEEE : FFFF ➢ : : (implies all 8 segments are zero) ➢ 2001: db8: : (implies that the last six segments are zero) ➢ : : 1234 : 5678 (implies that the first six segments are zero) ➢ 2001 : db8: : 1234 : 5678 (implies that the middle four segments are zero) ➢ 2001:0db8:0001:0000:0000:0ab9:C0A8:0102 (This can be compressed to eliminate leading zeros, as follows: 2001:db8:1::ab9:C0A8:102 )
  • 43. Dual - IPv6 plus IPv4 formats • An IPv6 (Dual) address combines an IPv6 and an IPv4 address and has the following format: y : y : y : y : y : y : x . x . x . x. The IPv6 portion of the address (indicated with y's) is always at the beginning, followed by the IPv4 portion (indicated with x's). • In the IPv6 portion of the address, y is called a segment and can be any hexadecimal value between 0 and FFFF. The segments are separated by colons - not periods. The IPv6 portion of the address must have six segments but there is a short form notation for segments that are zero. • In the IPv4 portion of the address x is called an octet and must be a decimal value between 0 and 255. The octets are separated by periods. The IPv4 portion of the address must contain three periods and four octets.
  • 44. IPV6 dual- Examples • The following list shows examples of valid IPv6 (Dual) addresses: ➢ 2001 : db8: 3333 : 4444 : 5555 : 6666 : 1 . 2 . 3 . 4 ➢ : : 11 . 22 . 33 . 44 (implies all six IPv6 segments are zero) ➢ 2001 : db8: : 123 . 123 . 123 . 123 (implies that the last four IPv6 segments are zero) ➢ : : 1234 : 5678 : 91 . 123 . 4 . 56 (implies that the first four IPv6 segments are zero) ➢ : : 1234 : 5678 : 1 . 2 . 3 . 4 (implies that the first four IPv6 segments are zero) ➢ 2001 : db8: : 1234 : 5678 : 5 . 6 . 7 . 8 (implies that the middle two IPv6 segments are zero)
  • 45. How to view IP address of a device • Go to command prompt- type cmd on the start menu • Type ipconfig and press enter PowerShell can be used too. It performs same functions as the command prompt. PowerShell is significantly more powerful and rich in capabilities compared to CMD.exe
  • 46. IP address of a device- IPV4
  • 47. How to view IP address (2) • Open command prompt • type ipconfig /all and press enter Finding the Host Name, IP Address or Physical Address of your machine
  • 48. Finding the Host Name, IP Address or Physical Address of your machine
  • 51. What is a subnet? | How subnetting works • A subnet or subnetwork is a smaller network inside a large network. Subnetting makes network routing much more efficient. • Subnets make networks more efficient. • Through subnetting, network traffic can travel a shorter distance without passing through unnecessary routers to reach its destination.
  • 53. IP Address Classes • Every IP address has two parts. The first part indicates which network the address belongs to. The second part specifies the device(subnet/host) within that network. However, the length of the "first part" changes depending on the network's class. • Networks are categorized into different classes, labeled A through E. Class A networks can connect millions of devices. Class B networks and Class C networks are progressively smaller in size. (Class D and Class E networks are not commonly used.) ➢Class A: The first octet is the network portion. Octets 2, 3, and 4 are for subnets/hosts e.g. 203.0.113.112- the network is indicated by "203" and the device by "0.113.112." ➢Class B: The first two octets are the network portion. Octets 3 and 4 are for subnets/hosts e.g. 203.0.113.112- the network is indicated by "203.0." and the device by "113.112." ➢Class C: The first three octets are the network portion. Octet 4 is for subnets/hosts.e.g. 203.0.113.112- the network is indicated by "203.0.113." and the device by "112."
  • 60. MULTI LAYER SECURITY THREATS AND ATTACKS Procedures / Approaches for Mitigation
  • 61. MULTI LAYER SECURITY THREATS AND ATTACKS 1. Network Security • You need to know who and what is trying to connect to your network. Firewalls can block known bad connections — such as IP addresses associated with malware — but attackers can get around this. Too much inspection can also slow down internet traffic. • IDS adds an extra layer of security by inspecting packets as they go through your perimeter. Unlike a firewall, the IDS does this without stopping them, allowing your network traffic to keep moving. Suspicious activity is flagged for attention by your NOC (network operations center). • Finally, network segmentation adds layers of strong authentication to your internal network. Even if an attacker gets through your firewall and IDS, they’ll need to steal multiple credentials in order to move through and find the data they want.
  • 62. MULTI LAYER SECURITY THREATS AND ATTACKS • 2. Endpoint Security • An endpoint is generally a personal computer, but the term can refer to servers as well. Endpoints are particularly prone to infection or compromise because they’re often operated directly by humans, and humans are easy to fool. • You’re probably familiar with antivirus as it relates to endpoint security. Generally, antivirus works by scanning file types in order to see if they match known viruses, but more advanced enterprise often uses machine learning or behavioral detection to fight malware. • Browsers are a huge vector for infections on endpoints. Isolated browsing features place the user’s browser inside a virtual machine. If a browser is attacked by malware, such as a drive-by-download, the malicious file will execute harmlessly inside the VM, away from the network.
  • 63. MULTI LAYER SECURITY THREATS AND ATTACKS • 3. Application Security • If your organization relies heavily on SaaS applications, application security — rather than firewalls or antivirus — might be an important mode of defense. Since the application vendor has responsibility for securing the application itself, your main job will be preventing attackers from stealing passwords. • The most effective thing you can do to secure application passwords is to implement two-factor or multi- factor authentication. This involves using an extra piece of information — usually, a one-time password (OTP) sent to the user’s phone — to authenticate a user alongside the password itself. • Although 2FA or MFA are the most effective ways to defend against an attack, you can improve their effectiveness by implementing strong access policies. Mandating strong passwords is one solution, but another one is the principle of “least privilege.” In other words, every employee should have access only to the applications and data stores necessary to do their jobs.
  • 64. MULTI LAYER SECURITY THREATS AND ATTACKS • 4. Data Security • Users create vulnerability even apart from their propensity to download viruses onto their own desktops. • breaches where users have emailed sensitive records outside of the organization… in plain text. • Whether accidentally, maliciously, or through enemy action, email is the primary vector for sensitive information to escape from your organization. Fortunately, there are a few ways to put a stop to this.
  • 65. MULTI LAYER SECURITY THREATS AND ATTACKS • 5. Physical Security • Never underestimate the power of an attacker dressed as a FedEx guy. If you don’t keep track of the people entering and leaving your building, you’re putting yourself at risk. It’s incredibly easy for unmonitored guests to conduct espionage (spies)— leaving malicious USBs in your desktops, accessing server rooms, or even downloading papers at an unattended desk. • You want to keep track of everyone who enters or leaves your building while adding more rigorous protections for sensitive areas. • Visitors should never be unaccompanied as they wander around your building, and employees should be unafraid to challenge strangers if they don’t have a badge or a lanyard(means of identification). • Biometric authentication is a must for your server room or data centre.
  • 67. Network Scanning Tools • Network Mapper (Nmap) • Wireshark • Snort • TCPDump • T -Shark