Network Security Principles

Chapter 10 Risk Management

Security Risks

Security risks vary across organizations. For financial institutions, risks involve data and access, potentially exposing customers' financial data. For a local car wash, the risks are less dire if data breaches occur.

The fundamental questions to consider are:

  1. What is at risk?
  2. What do I stand to lose if it is stolen, damaged, or eradicated?
Hackers

Originally, a hacker was someone who mastered computer hardware and software. Today, the term describes individuals who gain unauthorized access to systems with or without malicious intent.

Hackers are categorized based on their intent and organizational approval:

  • White Hat Hacker: IT security experts hired to assess a company's security and risks; sometimes called ethical hackers.
  • Black Hat Hacker: Individuals who bypass security systems to cause damage, steal data, or compromise privacy.
  • Gray Hat Hacker: Hackers who abide by their own ethical code, often engaging in illegal activities to educate and assist.
Vulnerabilities and Exploits

A vulnerability is a weakness in a system that could lead to compromised information or unauthorized access. An exploit is the act of taking advantage of a vulnerability.

Cybersecurity vulnerabilities are tracked by The MITRE Corporation in the CVE (Common Vulnerabilities and Exposures) dictionary, funded by the U.S. Department of Homeland Security. Each vulnerability receives a standardized identifying number, facilitating tracking across systems.

A zero-day exploit (or attack) takes advantage of a software vulnerability that is not yet public or has only recently become public. These are particularly dangerous because they are exploited before a solution is available.

Patch Tuesday is when Microsoft releases regular security updates for Windows. The day after, informally called Exploit Wednesday, hackers can target unpatched machines using identified vulnerabilities from the updates.

Any risk can open the door to further exploitation. Determined intruders may use multiple techniques to achieve their goals.

People Risks

Human error causes more than half of all security breaches. Social engineering is a common method intruders use to gain access to a network by manipulating individuals into revealing passwords or providing access.

Common types of social engineering include:

  • Phishing: Communication that appears to come from a legitimate source, requesting access or authentication information.
  • Baiting: Leaving a malware-infected file or device in an unguarded location for someone to use.
  • Quid Pro Quo: Offering a free gift or service in exchange for private information or temporary access to a user’s system.

Other attacks related to foot traffic flow include:

  • Tailgating: An unauthorized person following an authorized person into a secure area.
  • Piggybacking: Using deception to follow an authorized employee into a restricted area.
  • Shoulder Surfing: Secretly observing an authorized person entering credentials to access a secure area.

Increasing environmental or situational awareness is key to protecting secure spaces from unauthorized access.

Social Engineering Attack Cycle
  1. Research: Attackers gather seemingly benign information.
  2. Building Trust: Attackers build trust using gathered data to gain access to more private information.
  3. Exploit: The victim takes action, granting the attacker desired access.
  4. Exit: The attacker executes an exit strategy without leaving evidence or raising suspicion.

The primary defense against social engineering is employee training, with frequent reminders and tips regarding the latest scams. Regular training programs with required compliance help reinforce cybersecurity concepts. Organizations can also conduct practice runs to identify weaknesses in employee understanding.

To address internal threats from insiders (employees, former employees, contractors), companies can:

  • Perform background checks for new hires and contractors.
  • Enforce the principle of least privilege.
  • Design checks and balances on employee behavior.
  • Deploy a DLP (Data Loss Prevention) solution.

Technology Risks

Technology risks are related to all seven layers of the OSI model. Attacks on transmission media, NICs, network access methods (e.g., Ethernet), switches, routers, access points, and gateways require more technical sophistication than attacks that take advantage of human errors.

A DoS (Denial of Service) attack occurs when legitimate users are unable to access normal network resources due to an attacker's intervention, often by flooding the system with so many requests that it can’t respond.

DoS subtypes include:

  • DDoS (Distributed DoS) Attack: Orchestrated through many sources (zombies) controlled by a bot herder.
  • DRDoS (Distributed Reflection DoS) Attack: Bounced off uninfected computers (reflectors) before being directed at the target, spoofing the source IP address.
  • Amplified DRDoS Attack: Uses small requests that trigger very large responses from the target (e.g., using DNS, NTP, ICMP, SNMP, and LDAP protocols).
  • PDoS (Permanent DoS) Attack: Damages a device’s firmware beyond repair,