Network Security 1.4

What is malware?

A program designed to damage a computer system or modify the data by embedding itself into other programs infecting them. It can spread to other users and computers if an infected file is sent to someone else.

Give four examples of malware

• Virus

• Worm

• Trojan

• Spyware

• Ransomware

• Adware

State the difference between worms and trojan horses as types of malware

A worm is a standalone program that doesn't need to attach itself to an existing program in order to self replicate..

A Trojan is a program which pretends to have one legitimate function but actually has another. It is normally spread by email.

State three ways in which computer viruses can enter a computer system:

Removable media e.g. USB memory sticks

Email attachments

Downloaded files e.g. Games or programs

State typical impacts of malware on a computer system.

Spying on user activity or confidential information

Blackmail

Prevent user access to their files

Delete files

Modify files

Slow down performance of your computer

What is meant by social engineering?

Tricking or persuading individuals into revealing confidential or personal information such as passwords or bank details.

What is meant by the term “phishing”?

Use of a technique such as email to trick a user into handing over sensitive or personal information to a supposedly trustworthy entity

Give three examples of how phishing emails can be used.

• To steal money by accessing bank account details

• Obtain login details

• Steal an identity

• Reputational damage

• Access to high value/confidential data

State three common signs of a phishing email

• Usually not addressed to recipient

• Poor spelling or grammar

• The email address may have an improper/ suspicious domain name 

• Requiring immediate action

• A forged link, may look genuine but might redirect to a different site

State two ways in which users can prevent being compromised by a phishing email.

• Check the link you’re clicking on

• Look out for the signs - no address, suspicious domain name, forged link

• Spam filters

• Ignore or delete the email

Look at the following text message. What action should the recipient take?

The URL has an IP address in it, therefore block and delete the message from the sender

Look at the following emails. Which of them are genuine? What would you do in each case?

Email 1 - Threat, No address, Domain name, Link

Email 2 - Threat, Conflicting dates, Domain name, Generic

Email 3 - Domain name, No personalized address

 Apart from Phishing emails, complete a list below to illustrate how social engineering (human weaknesses) can result in a “weak point” in secure systems.

Human Weaknesses:

• Not installing OS update

• Not keeping anti-malware up to date or downloading it

• Not locking doors

• Not logging off

• Leaving printouts on desks

• Writing password down on strictly notes

• Sharing passwords

• Losing memory sticks/ laptops

• Using unencrypted / wireless network

• Using weak passwords

• Incorrect disposal of paper records and confidential data

Social Engineering:

• Phishing emails

• Blagging - Persuasion by another person to pass on confidential information - e.g. a password

How to prevent social engineering - Ensure staff are properly trained

What is a brute force attack?

A program which exhausts a list of different passwords or letters until access to an account is eventually gained.

How can brute force attacks be prevented?

-Strong passwords

Password lookouts - 3 attempts

-Captcha - preventing automated responses - prove you are a human

What is meant by a denial of service (DOS) attack?

Preventing legitimate users from accessing a website, due to the web server being overwhelmed  with a high volume of requests in a short space of time.

How can denial of service attacks be prevented?

Firewall

Malware Protection Software

Email filters

What are the implications of DOS attacks on organisations?

Loss of earnings - Customers cannot access your service

Loss of reputation/Trust - Users are put off by  having an unreliable service/ may get nervous about their own data security

 List the various means by which data can be stolen or intercepted on computer systems.

• Physical theft - Laptop being stolen

• Remote hacking - Somebody hacking your device from the other side of the world

• Spyware

• “Shouldering”

• Not logging out

• No WiFi encryption

• Ineffective disposal of paper documents

• Printouts on desks/ in printer

What is a SQL injection attack?

Used to attack websites in which malicious SQL statements are inserted into input fields (e.g. Username and Password)

These SQL statements are then executed against a database.

EXAMPLE 1:

SELECT *

FROM userList

WHERE (Username = $username) OR (1=1)

AND (Password = $password) or (1=1)

The user has typed “OR 1=1” into the username and password text boxes. Since it is always true that 1=1 the hacker will now be able to see all the records in the users table/ data base

EXAMPLE 2:

When searching for products, the user is asked for a product number, but appends on a malicious SQL statement - DROP TABLE Customers

The following query will be ran:

SELECT *

FROM Products

WHERE ProductID=2; DROP TABLE Customers

If the user succeeds, this will delete all customers

How can SQL injection attacks be prevented?

• Check that the data entered by the customer does not contain SQL commands

• Limiting permissions on the database e.g. Tables such as customer can only be deleted by certain users or administrators

What does a penetration test aim to do?

• Identify possible weak points

• Attempt to access unauthorised data

• Modify/ delete data which the user should not have access to

• View confidential information

• Report back the findings

State the difference between an internal penetration test and an external penetration test

• An internal penetration test puts the user in a position where they have some access to the database to determine how much damage could be done. This is to simulate a disgruntled employee 

• An external penetration is used to find out if an attacker can get in or not and once they’re in how much damage they can do.

• Internal - Standard user with standard access rights, attempting to cause damage to the network from within

• External - Trying to gain unauthorised access to the network remotely e.g. bypassing a firewall to give access to a server

Name some possible weaknesses and vulnerabilities that (a) an external penetration test and (b) an internal penetration test might identify

External:

• Can you carry out an external SQL attack

• Can you bypass a firewall

• Can you send an email to an employee with a virus in it

• Can you gain access to internal servers from outside the network

• Can you carry out a DOS

Internal:

• Access unauthorised files e.g. Other users files

• Delete/modify unauthorised files

• View confidential information

• Using removable media with a virus on it

• Physical theft of servers, storage media etc

What is the purpose of anti-malware software?

• It prevents harmful programs from being installed on the computer e.g. Spyware

• It prevents important files such as Operating Systems from being changed or deleted

• If a virus does manage to install itself, the software will detect it when it performs regular scans. Any virus detected will be removed

What is a firewall?

Monitors incoming and outgoing packets on a network based on rules.

Protecting a LAN from all the remote threats on the internet.

What type of criteria does a firewall apply to incoming and outgoing packets?

• Where the access is from (the computer’s address)

• The type of traffic (e.g. .exe files which may carry viruses)

• Specific web site addresses

How could a firewall be used on a school network?

•  Downloading specific file types

• Accessing certain websites

• Searching using appropriate keywords

Apart from the methods listed above, and encryption, describe two other means of preventing vulnerabilities on a network.

• Password Protection:

• Prevents anyone accessing your account. Requires validation to confirm who is entering and make sure its you

• User Access Level:

• Restriction on a certain group of users (e.g. Students) - who are only allowed to access certain folders on the network, or they may have a reduced permission - e.g. Read only instead of read-write

Give examples of how physical security can be used to secure a network.

• Security may start at the perimeter of the premises, with a barrier which can only be opened either by a guard or by entering a PIN or other ID

• CCTV cameras may be used to detect intruders both inside and outside the building

• Security locks at the entrance which can only be unlocked by authorised personnel, including a receptionist to allow visitors to enter, are in common use

• Barriers between the reception area and the rest of the building prevent unauthorised access

Map each method of identifying/preventing vulnerabilities to each security threat:

Method of prevention	Associated Threat
Internal Penetration Testing	Data interception and theft (accessing files they should not be able) Malware - Can an employee implant a virus off a memory stick Brute Force - e.g. Trying to access a password protected folder
External Penetration Testing	Data interception and theft (accessing files they should not be able) Malware - Can an employee send a virus through a network Brute Force - e.g. Trying to access a password protected folder Denial of Service attack - e.g. Sending a vast amount of requests to an internal server from the outside world SQL injection attack - Stopping confidential data being access from an outsider
Anti-malware software	Data interception and theft (accessing files they should not be able) Malware - Protect against malware from internal and external sources - Virus, Worms etc
Firewalls	Data interception and theft (accessing files they should not be able) Malware - Protect against malware from internal and external sources - Virus, Worms etc Denial of Service attack
User access levels	Data interception and theft (accessing files they should not be able) SQL injection - Ensure the database only allows certain users to access sensitive data
Passwords	Data interception and theft (accessing files they should not be able)
Encryption	Data interception and theft (accessing files they should not be able)
Physical security	Data interception and theft (accessing files they should not be able) - Physical data breach
Staff Training / Awareness	Social Engineering - Phishing or other Human Weaknesses