Comprehensive Study Notes on Security in Computing - Networks

Security in Computing Chapter 6 - Networks

This chapter focuses on the security of networks, using a detailed exploration of vulnerabilities and protections related to network operations. It encompasses various types of threats, cryptographic protections, intrusion detection systems, and other security management technologies.

1. Vulnerabilities

  • Threats in Networks:

    • Wiretapping: Unauthorized interception of communications.

    • Modification: Alteration of data during transmission.

    • Interruption: Denial of service (DoS) or Distributed Denial of Service (DDoS) attacks.

  • Wireless Networks:

    • Interception: Unauthorized accessing of wireless communications.

    • Association: Misconnections with rogue access points.

    • WEP (Wired Equivalent Privacy): Weak security protocol vulnerable to attacks.

    • WPA (Wi-Fi Protected Access): Improved security mechanism over WEP.

1.1 Types of Threats

  • Interception: Often called wiretapping or eavesdropping. Example: Listening in on digital conversations.

  • Modification: Attacks aimed at changing data integrity. Example: Changing financial amounts in transactions.

  • Denial of Service (DoS): Disrupting normal service availability.

    • Example: Flooding traffic to exhaust server resources.

  • Distributed Denial of Service (DDoS): Combination of multiple compromised systems attacking a single target.

1.2 Specific Network Vulnerabilities
Media Interceptions:

  • Cables and Signals:

    • Radiation Leakage: Signals emitted from copper cables can be intercepted without physical access.

    • Packet Sniffing: Programs that capture data packets on a network.

Wireless Vulnerabilities:

  • WiFi Exposure: Wireless signals are susceptible to interception due to their nature.

  • Use of Rogue Access Points: Attackers can set up fake networks to capture sensitive information.

2. Protections

2.1 Cryptography for Networks

  • SSL (Secure Sockets Layer): Encrypts communications between web browser and server.

  • IPsec: Provides encryption and authentication at the IP layer.

  • VPN (Virtual Private Network): Creates a secure network over public infrastructure.

2.2 Firewalls

  • Function: Blocks unauthorized access while allowing legitimate traffic.

  • Types: Includes packet filtering, stateful inspection, and application proxies.

  • Configuration: Must be continuously updated to adapt to changing security environments and threats.

2.3 Intrusion Detection and Prevention Systems (IDPS)

  • Purpose: Monitors network traffic for suspicious activity and can take automatic protective actions.

  • Types: Signature-based (matches known attack patterns) and heuristic (detects abnormalities in behavior).

2.4 Security Information and Event Management (SIEM)

  • Role: Integrates security management tools to provide comprehensive monitoring and response capability over a network.

  • Functions: Real-time threat detection, compliance auditing, alert signals, and incident management support.

3. Network Concepts

3.1 Networking Basics

  • Networks connect multiple computing devices to share resources and information.

  • Protocols: Standard rules governing communication, such as TCP/IP.

  • Routing: Process of forwarding packets from source to destination based on address information.

3.2 Important Network Terms

  • Packet: Smallest data unit sent over networks with address headers indicating source and destination.

  • MAC Address: Unique identifier for a device on a network.

  • Port Numbers: Used to identify specific processes or services within a device.

4. Denial of Service Attacks

4.1 Overview of DoS

  • Individual Ps: Attacks can aim at one target to exhaust resources or disrupt accessibility.

  • Mechanisms: User challenges arise from attacks that saturate bandwidth or disrupt service due to software errors.

4.2 Types of DoS Attacks

  • Flooding: Overwhelming requests to a server, blocking valid access.

  • Misrouting: Supplying false routes to direct traffic away from intended targets.

  • DNS Spoofing and Poisoning: Manipulating DNS responses to redirect traffic.

  • SYN Floods: Exploiting the TCP connection initiation process by sending multiple requests that go unreplied.

5. Network Security Countermeasures

5.1 Encryption Techniques

  • Discusses use of symmetric vs. asymmetric encryption in network frameworks, focusing on key management and encryption protocols.

5.2 Firewall Configurations

  • Outlines the use of different kinds of firewalls and importance of proper setups to ensure network performance and allocations against malicious traffic.

5.3 Intrusion Detection Systems

  • Discusses various IDS configurations, focusing on detecting attacks before they cause damage.

6. Conclusions

While numerous network vulnerabilities exist, there are equally many strategies and technologies that can counteract such threats. The security landscape is complex, and continuous evolution in both attacks and defenses is necessary. Firewalls, IDS, and SIEM tools work together to provide comprehensive security management across all network levels.