Network Security Overview 

Asset - a person, device, location, or information that SecOps aims to protect from an attack 

Vulnerability - a weakness in software, hardware, facilities, or humans that can be exploited by a threat

Exploit - a program, or piece of code, designed to find and take advantage of a security flow or vulnerability in an application or computer system

Threat - Something or someone that can exploit a vulnerability to attack an asset

Attack - An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset. 

Risk - The potential of a threat to exploit a vulnerability via an attack 

SecOps - the abbreviation for IT security operations; a discipline within IT responsible for protecting assets by reducing the risk of attacks 

List of Vulnerabilities: 

Personal Devices Within the Network - If we allow in the users in the organization to bring personal devices such as laptops, telephones and tablets and join them to the corporate network, we are risking having our network be infected by some malware or other viruses that live on those personal devices that then get into our network and infect the rest of our network. 

Poor User Security Practices - This is a big topic. No matter how much time, effort and money we put into building a strong i.t. Security, A user can circumvent security by doing things that are not best practice. Examples: having password on post-it note near computer, poor email practices and clicking attachments they don’t know/trust, clicking links and entering info on fraudulent website, social engineering

Unpatched Software - whether it be the operating system or an individual application that attackers can find the vulnerabilities and they can exploit them. As software companies become aware of these vulnerabilities, they create software patches that once downloaded and installed, closed the vulnerabilities so that they can no longer be exploited. But those security updates only work if they're downloaded and installed. 

Zero-Day Exploits - A zero day exploit is a new type of attack that is commonly unknown and the security software that you may implement in. Your network is not aware that they exist yet, and therefore the attack can happen without your security tools identifying it. 

Weak Passwords or Default Passwords - Default passwords are particularly problematic. Every time that you implement a router or a switch or a wireless access point or any other device into your network, they generally come configured out of the box with a very weak, easily gas able default password. We need to make sure we're changing those to something that is unique and hard to grasp so that our devices are not compromised. We also need to deal with weak passwords. We need to have good password policies in place so that our users create strong, complex passwords that are not easy to guess or easy to crack. 

Poor Physical Security - Too often in I.T., we get concerned with technological security enhancements, but we forget to lock the front door. If an attacker can gain physical access to the data center, to a server, to a router or a switch, they can physically circumvent any of the technology based security controls. We need to make sure that we're implementing strong physical security as a barrier from allowing attackers to get physical access to our assets. 

Misconfigured Firewall Rules - A firewall is a device that filters traffic either incoming or outgoing, based on a set of rules to determine whether that traffic should be allowed to pass or whether it should be dropped. If those rules are either misconfigured or frankly put in the wrong order, it can not work as expected. 

Advanced Persistent Threats - This might be something like a malware or a virus that is sitting on the network or sitting on a computer, and it hasn't launched yet. It is waiting to attack at the optimum moment. 

Attacker types…

Vulnerability testers - These are good guys who actually use their hacking skills professionally in order to test the vulnerability of computer networks. Identifying the issues and help the company resolve those issues before a malicious attacker can take advantage of them. Often during vulnerability testing, we have security teams that either play offense or defense during the exercise. 

Hackers

-White Hat: IT Professionals who use hacking skills to protect networks. (Ethical Hackers)

-Black Hat: Bad actors who use hacking skills for profit. (Money, credibility, or entertainment)

-Gray Hat: Hackers with no malicious intent, but do not have permission to perform the attack 

Insider threats - We were too focused on the perimeter of the network and the outside of that perimeter was considered untrusted and bad. And the inside of that perimeter, meaning the local area network or the private network, was considered trusted and good. Unfortunately, that's not a great way of looking at it, because a lot of threats come from inside the network. Sometimes they’re malicious, sometimes they’re accidental. In cases of being malicious, it could be a disgruntled employee who's upset with the company and they are trying to destroy data or steal data in order to get back at the company for some reason. It could be someone who that was hired as a spy for another company. But insider threats aren't always malicious. It could be accidental. It could be some well-meaning end user who accidentally clicks the wrong link or opens the wrong email, and their computer is infected with malware. And that becomes a launching point for an attacker to attack the rest of the network. 

Nation States - Next, we have nation states that maybe a foreign government sponsored hacking attempt where they are trying to break into the government critical infrastructure or profitable organizations in order to either disrupt function or to steal information.

Script Kiddies - Lastly, we have script kiddies. When we look at the white hat, the black hat and the gray hat these are highly skilled I.T. practitioners who have programing skills in cybersecurity skills to penetrate and create custom attacks. Script kiddies are hacker wannabes. They do not have the same level of skill as a true hacker. They are using pre-written tools, pre-written programs, pre-written exploits, trying to attack a network. 

Common Types of Malware

Malware is the generic term used for any malicious software that does something that we don't want it to. You may have heard of viruses or computer worms or spyware or Trojan horses or ransomware. They're all various types of malicious code that if a computer or a computer network is infected, it can either steal data, It can destroy data. It can encrypt all the data so that the users cannot access it without paying a ransom. Or it could act as a backdoor, giving the attacker a entry point into the network to perform additional attacks. 

Phishing - Phishing is an email based attack where the attacker is sending an email to someone with a link in it that they are trying to trick the person into clicking the link and taking them to a fraudulent web site and trying to trick the user into entering usernames and passwords that the attacker can then capture and use for nefarious purposes after the fact. 

Common Threats and Attacks 

Wiretapping - this is an attacker trying to listen to the network activity so that they can capture information and data packets off of the network and they can read them to either pull out private information or pull out usernames and passwords that can be used for later attacks

-Packet Sniffer
-Electromagnetic Field (EMF) eavesdropping 

Port Scanning - a way for an attacker to scan the network, looking for available hosts on the network that respond 

-Scan network or computer listening for open ports and services to exploit

Taking Control 

-Run Vulnerability scanner against open ports and services to discover exploits 

-SQL Injection: Inserting special SQL commands into input boxes instead of entering basic texts

-Buffer Overflow: Entering text that is too Large to fit within a region of memory (buffer) & running executable code 

Spoofing 

Spoofing is basically when a malicious user tries to impersonate another person or device in order to insert themselves in the middle of a conversation

-Man-in-the-middle attack often known as an on path attack. Imagine that your computer is speaking to your bank, if an attacker can insert themselves in the middle of that conversation and trick your computer into thinking that they're the bank and trick the bank into thinking that they're you they can insert themselves in the middle of the conversation and they can either capture all of the information or they can manipulate the information 

Denial-of-Service DOS

-Ping Flood: Attacker sends ICMP echo-request packets with forged source addresses

-Smurf Attack: DDOS attack where attacker sends a forged ICMP echo-request packet to the broadcast address of a large IP subnet and all computers on the network reply to a victim computer 

Any given computer based on its hardware performance can only handle a certain number of requests before it gets bogged down, overloaded, and can no longer handle those requests. 

What's happening in a denial of service attack is the attacker is trying to flood that computer with so much bogus information or bogus request that it's so busy dealing with the illegitimate fake requests that it's no longer able to provide the actual functionality for legitimate requests

Both a ping flood and a smurf attack are examples of a denial of service attack

Social Engineering

The best way to define social engineering is taking advantage of human behavior and kindness in order to hack a human rather than hacking a computer network

rather than an attacker trying to break through firewalls in multiple layers of perimeter security.

Sometimes it's just easier to trick somebody into helping them or trick somebody into providing them information that allow