Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 1 : INTRODUCTION TO NETWORK SECURITY (SOURCES OF THREATS (Internal…
CHAPTER 1 : INTRODUCTION TO NETWORK SECURITY
THREATS TERMINOLOGY
1) Information Theft
Get the private information (ID number/pin number/password) without any permission.
2) Unauthorized Disclosure
An event involving the exposure of information to entities not authorized access to the information
3) Information Warfare
May involve collection of tactical information to demoralize the enemy and the public
4) Accidental Data Loss
-Delete files unfortunately
-Fire or short-circuit
SOURCES OF THREATS
Internal threat - organization
Mobile and remote users
Internet and TCP/IP
Physical
Phone attacks
Social engineering
SECURITY THREATS
1) Insecure Architectures
A misconfigured network is a primary entry point for unauthorized users.
2) Broadcast Networks
Using hardware (hubs, switch, router) without implement protection to save the data that has been processed there.
3) Centralized Servers
Central server can allow access to the entire networks.
CATEGORIES
Data disclosure
(the internal data are being exposed to outside user)
Data modification
(the data are being alter from its original form)
Data availability
(information/data easily gathered by hacked)
ACTIVITIES
Hacking
Cracking
Spoofing
Sniffing
SECURITY POLICIES
Placed all network machine behind the firewall
Authenticate all network protocols
Restrict access to secure parts of the network using MAC address
Do not allow external traffic into secure network areas
Use VLAN for added levels of switch security
METHODS OF ATTACKS
Authentication compromises
Improper Input Validation
Sniffing activities
Denial of service (DoS)
Exploiting physical access
Virus, worms and trojans
CAUSES OF SUCCESSFUL ATTACKS
Lack of basic password security
Lack of basic firewall port blocking
Lack of updating