PACE-IT: Common Network Security Issues
Download as PPTX, PDF1 like628 views
The document outlines common network security issues, emphasizing that misconfigurations are a significant threat, including problems with firewalls, authentication services, and unpatched software. It also highlights the risks posed by malicious users, malware, and various forms of attacks such as DDoS and jamming. The document emphasizes best practices for mitigating these vulnerabilities and maintaining a secure network environment.
PACE-IT: Common Network Security Issues
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 – Security issues caused by misconfigurations. – Other network security issues. PACE-IT.
- 4. Page 4 Common network security issues.
- 5. Page 5 It’s easy to assume that a network is secured from threats, while, in reality, it may be very vulnerable. A network may actually be vulnerable because of a misconfigured security setting or because of a common practice within an organization. A network may not be as secure as you think due to the ever changing threat landscape. Nefarious hackers are continually seeking new exploits that they can use to breach network security (including possible misconfigurations in network security settings). Common network security issues.
- 6. Page 6 – Misconfigured firewall and access control list (ACL). » A misconfigured firewall and ACL can result in three different categories of security issues. • Traffic that should be blocked isn’t, allowing threats in. • Traffic that shouldn’t be blocked is; this can prevent receiving vital updates. • All traffic is blocked; this isn’t necessarily a security issue per se but is still a misconfiguration. » To protect against a misconfigured firewall or ACL, thoroughly test them before putting them into action. – Misconfigured application. » A misconfigured application may become a security threat. • A Web application that does not perform proper validation of input may lead to a buffer overflow attack. This may lead to a successful attack on the Web server on which it is hosted. » Thoroughly testing applications before placing them into service will mitigate the threat. Common network security issues.
- 7. Page 7 – Unpatched operating system (OS) or firmware. » The manufacturers of OSs and hardware firmware will often produce security patches (or fixes) for vulnerabilities as they become known. • An unpatched OS or firmware becomes very vulnerable in short order and may become a threat to the network. » Most software makers have an updating service; subscribing to that service will help to mitigate the threat. – Open TCP/IP ports. » Open ports on networks are listening for requests for or by services, applications, or protocols. • All open ports are a security vulnerability and there are 65,535 possible ports that may be open. » A best practice for network security is to specifically close all unnecessary ports to harden a network. Common network security issues.
- 8. Page 8 – Misconfigured authentication services. » The TACACS+ and RADIUS services are often used to authenticate devices and users on networks. • A misconfiguration of either may lead to a security issue that allows malicious users to be authenticated to use network resources. » Thoroughly reviewing the configuration of authentication services will help to mitigate the problem. In addition, all default local accounts should be disabled (these may present a slight opening for a malicious user to exploit authentication services). – Active default usernames and passwords. » Almost all devices and applications come with default usernames and passwords to ease the setup process. • If left active, these defaults create a security issue—as they tend to be well known or are easy to find through simple research. » A best practice is to disable all default usernames and passwords after setting up the device or application. Common network security issues.
- 9. Page 9 Common network security issues.
- 10. Page 10 – Malicious users. » Malicious users may be the single biggest security issue facing any network and they will fall into one of two categories: • An untrusted malicious user: an outside entity that has exploited a security weakness to gain access to network resources (e.g., a hacker who has breached a database’s security features to gain access to valuable information). • A trusted malicious user: a person or entity that has been explicitly granted access to network resources that then exploits this trusted position for malicious purposes. » A best practice is to review log files on a regular basis to see what resources are being accessed and by whom to help maintain security. – Packet sniffers. » Packet sniffers examine network traffic at a very basic level and can be used to help in the administration of a network. • Packet sniffers may also be used by malicious users to see what protocols and activities are allowed on the network. This may help them in further attacking the network. Common network security issues.
- 11. Page 11 – Malware. » It is usually defined as malicious software that has the intent of causing harm. As a category, malware covers any code based threat to a network or system. • Examples of malware include: viruses, Trojans, and spyware. » To protect against malware, anti-malware applications should be running on every device. To be proactive, end user education should also be in place to teach them to recognize the dangers. – ICMP (Internet Control Messaging Protocol) related issues. » ICMP can be a valuable tool for diagnosing issues on networks, but it can also become a security vulnerability. • ICMP can be exploited in a denial-of-service (DoS) type of attack. • ICMP can be used to redirect legitimate users to a new malicious default gateway, possibly resulting in loss of data or sensitive information. » It is now a best practice to deny ICMP requests on a router’s outward facing interface. Common network security issues.
- 12. Page 12 – DoS or distributed DoS (DDoS). » In an attempt to bring down a network or website, malicious users will often send thousands (or hundred of thousands) of requests for services. • The attackers’ goal is to make that resource unreachable by legitimate users. » Many modern firewalls and other network appliances have been configured to recognize the signature of such an attack and can take steps to mitigate the results. – Unintended backdoor access. » When creating applications, developers often create backdoors into the programs. Backdoors are a method of accessing an application or service while bypassing the normal authentication process. Unfortunately, these backdoors are sometimes left open after the development process has been completed. Once these become known, they can be exploited. • In most cases, the application is listening on a specific port (e.g., an open port) for a request for access. » The best mitigation technique is to close all unnecessary ports on a network. Common network security issues.
- 13. Page 13 – Jamming. » All wireless networks use radio frequency (RF) channels to transmit data on the network. It is possible to create enough interference on the RF channel that it is no longer useable on the network. • An attacker will often use jamming when performing a DoS type attack; however, it can also be used to perform an evil twin type attack. » Many of the modern networking standards and devices employ techniques to mitigate the threat of jamming (e.g., 802.11n and 802.11ac are difficult to jam). – Banner grabbing. » Many network devices display banners (displayed messages)when users are signing into or requesting services from network devices. These banners can impart information about the type of device or the type of service that is being requested. • This information may be used by a hacker to research possible exploits. » The best practice is to disable all unnecessary services and banners on network devices. Common network security issues.
- 14. Page 14 Common network security issues. Network security is an ever shifting landscape and some security issues may be inadvertently created by misconfigurations. Some of these misconfiguration issues can occur on: firewalls, ACLs, applications, unpatched OSs or firmware, open TCP/IP ports, and authentication services. The use of default usernames and passwords is another means by which a network can be breached. Topic Security issues caused by misconfigurations. Summary There are many security issues that face modern networks. Some of these issues include: malicious users, packet sniffers, malware, ICMP, DoS or DDoS attacks, unintended backdoor access, jamming, and banner grabbing. Each of these vulnerabilities can be mitigated, thus hardening the network. Other network security issues.
- 16. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.