Operating Systems and Network Sec Course

Network Security

Having control of unwanted intrusion into communications on a network

Permission

authorization to access an asset

Privilege

The level of access a user/system has on a network

Confidentiality

Protecting data from unauthorized access

Integrity

Protection against unauthorized changes

Ensures data stays consistent

Authorization

The process of giving permission to a user to access certain functions on a system

Authentication

The process of verifying a user’s identity before granting access

Availability

The process of keeping a system running to avoid downtime

First Domain

User Domain

Second Domain

Workstation Domain

Third Domain

LAN Domain

Fourth Domain

LAN-to-WAN Domain

Fifth Domain

WAN Domain

Sixth Domain

Remote Access Domain

Seventh Domain

System/Application Domain

User Domain

The people (end users) who use IT systems and data

Risks: weak passwords, social engineering

Workstation Domain

Devices such as desktops and laptops where users interact with system

Risks: Malware, unauthorized software

LAN Domain

Internal networks that connects users and devices in one location

Risks: Unauthorized access, internal threats

LAN-to-WAN Domain

The point where the internal network connects to the internet (WAN)

Risks: external attacks, DDoS, malware from the web

WAN Domain

The broader external network including the internet

Risks: Data interception, DoS

Remote Access Domain

Access to the internal network from outside locations

Risks: Unsecure connections, stolen credentials

System/Application Domain

Includes servers, operating systems, and applications that store and process data

Risks: Unpatched software, misconfigurations

Auditors

Overlook a network to ensure everything is aligning with security policies

Van Eck Phreaking

Attack that listen on devices from afar

Defense in Depth

Strategy that uses multiple layered security controls to protect a network

Zero Day Exploits

New and unknown attacks that have no real defense mechanisms

Node

Any device on a network

MAC Address

48-bit hardware address

Hardening

The process of protecting a host from threats/attacks

Host

A form of node that has a logical address assigned to it

Firewall

Security device (hardware or software) that monitors and controls incoming and outgoing network traffic based on predefined security rules

Firewall Purpose

To block unauthorized access while still allowing legit communication on a network

Virtual Private Network (VPN)

A secure connection that encrypts data and creates a private tunnel between a user and network over the internet

VPN Purpose

To protect data from being intercepted 

Intrusion Detection System (IDS)

A security tool used to monitor a network system activity for malicious behavior or policy violations

IDS Purpose

To detect potential attacks

Intrusion Prevention System (IPS)

A security tool used to detect and block malicious activity in real time

IPS Purpose

To stop attacks before they cause damage

Encapsulation

The process of wrapping data inside a another protocol to protect data as it travels across the internet

Tunneling

The process of transmitting data securely through a public network by encapsulation it inside another protocol 

Proxy Servers

A server that sits between a user and the internet and forwards requests and responses on behalf of the user

Proxy Server Purpose

• Hide the user’s IP address

• Filter traffic

• Improve security and performance

Network Address Translation (NAT)

A process used by routers to allow multiples devices on a private network to share one IP address

Static NAT

Maps one public IP address to one Private IP address permanently

Dynamic NAT

Maps private IP addresses to a pool of public IP addresses, dynamically assigned when needed

Port Address Translation (PAT)

Type of NAT that allows multiple devices on a private network to share one public IP address by assigning a unique port number to each connection

Domain Name System (DNS)

The translation of complex IP addresses into human-friendly domain names

DNS Spoofing

An attack that gives false DNS responses so a user is redirected to a malicious site

Network Access Control

A security tool used to control who and what can connect to a network by enforcing security policies

NAC Purpose

To ensure that only authorized devices can access the network

Hacking

Malicious intrusion/manipulation of computers

Breach

A successful attempt to get past a networks defense mechanisms

The Hacking Process

1. Reconaissance

2. Scanning

3. Enumeration

4. Attacking

Reconaissance Phase

The process of gathering as much information about a system as possible before launching an attack

Scanning Phase

The process of identifying live hosts and open ports on a network to discover potential vulnerabilities.

Enumeration Phase

The process of reviewing data from scanning to see if there is any vulnerability that can be exploited

Attacking Phase

The process of executing the actual exploit

Wardriving

Moving through an area on foot/car while scanning for wireless networks

Ping Sweeps

Technique that send ICMP echo requests across a range of IP addresses to find responding hosts

Port Scanning

Technique that monitor a host’s UDP/TCP ports to find the services that are listening and can be exploitable

Signature

string of code used to detect and identify specific malware

Malware

Unethical code hackers write to cause harm and destruction

Virus

Type of malware made to infect and replicate on a computer and networks by attaching itself to a host file

Goal: Replicates itself, spreads to other files/systems, disrupt normal operation, cause damage to data

Worms

Type of malware that self-replicates and spreads across networks without needing to attach itself to a host file or program

Goals: spread rapidly to multiple systems, cause harm, steal data

Keystroke Loggers

Type of malware that records every keystroke a user types on a device 

Goal: capture sensitive information (passwords, credit card number, usernames)

Spyware

Type of malware that secretly monitors and collect information from a user’s device

Goals: gather personal data

Adware

Type of malware that displays advertisements when the user is online

Trojan Horse

Type of malware that disguises itself as a real program to trick users to install it

Goal: provides unauthorized access to a system, install more malware, control system remotely

Logic Bomb

Malicious code intentionally inserted in software that stays quiet on a system until triggered

Goal: cause damage, sabotage, data deletion

Hijack Attack

Attack that disconnects one host in a active session and acts as the host to redirect/control traffic

SQL Injection

IPv6

Use 128-bit address space in hexadecimal format

Provides unlimited addresses

IPv4

Uses 32-bit address space in a decimal format

Addressing

The way devices are given unique identifiers so they can find and communicate with each other

Router Configuration

The process of setting up a router to control how devices connect to the internet and each other

Router

A device that connects devices to the internet and to each other

Encrypted Protocols

Ways to send data that no one else can read

Examples: HTTPS, SSL/TLS, SSH, VPN

Filtering

The process of controlling the flow of traffic to decide what is allowed or blocked 

Covert Channels

Pathways of communication that are hidden to avoid security systems

Types of IDS

• Host based

• Network based

Host Based IDS

Monitors and protects a single computer or device from suspicious activity

Network Based IDS

Monitors network traffic to detect malicious activity across many devices

Brute Force Attack

An attack where someone tries many passwords until they found the right one

Dictionary Password Attack

Attack that tries common words and phrases to guess the password

Multi-Factor Authentication

A security method that requires 2 or more ways to prove who you are before granting access

Multi-Factor Authentication Methods

1. Something you know: password, PIN

2. Something you have: key, code, ID

3. Something you are: fingerprint, voice, face scan

Principle of Least Privilege

Grants users with enough access to only complete their job

Accounting

Logs and monitors the system’s environment to ensure compliance

Communication Encryption

The process of converting messages or data into a secret code to keep it secure

Data Encryption

The process of turning data into a code to protect it from unauthorized access

Redundancy

Extra or backup systems in place to keep things running if something fails

Redundancy Array or Independent Disks (RAID)

A way to store data across multiple hard drives to improve performance and protect against HD failure

RAID Levels

RAID 0 (Striping)

RAID 1 (Mirroring)

RAID 5 (Striping with (Parity)

RAID 10 (1+0)

Uninterruptible Power Supply (UPS)

Provides temporary power in case of blackout

Risk Assessment

The process of finding, analyzing and evaluating security risks to protect systems

Risk Management

The process of identifying, assessing, and controlling risks to reduce their impact

Zone Risks

A collection of networks that represent a level or risk