PACE-IT: Common Network Security Issues

Common network security issues.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.

Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Security issues caused by misconfigurations.

– Other network security issues.

PACE-IT.

Security issues caused by misconfigurations.Common network security issues.

Security issues caused by misconfigurations.

It’s easy to assume that a network is secured from threats, while, in reality, it may be very vulnerable.

A network may actually be vulnerable because of a misconfigured security setting or because of a common practice within an organization.

A network may not be as secure as you think due to the ever changing threat landscape. Nefarious hackers are continually seeking new exploits that they can use to breach network security (including possible misconfigurations in network security settings).



– Misconfigured firewall and access control list (ACL).

» A misconfigured firewall and ACL can result in three different categories of security issues.

• Traffic that should be blocked isn’t, allowing threats in.• Traffic that shouldn’t be blocked is; this can prevent

receiving vital updates.• All traffic is blocked; this isn’t necessarily a security

issue per se but is still a misconfiguration.» To protect against a misconfigured firewall or ACL,

thoroughly test them before putting them into action.

– Misconfigured application.» A misconfigured application may become a security

threat.• A Web application that does not perform proper

validation of input may lead to a buffer overflow attack. This may lead to a successful attack on the Web server on which it is hosted.

» Thoroughly testing applications before placing them into service will mitigate the threat.



– Unpatched operating system (OS) or firmware.

» The manufacturers of OSs and hardware firmware will often produce security patches (or fixes) for vulnerabilities as they become known.

• An unpatched OS or firmware becomes very vulnerable in short order and may become a threat to the network.

» Most software makers have an updating service; subscribing to that service will help to mitigate the threat.

– Open TCP/IP ports.» Open ports on networks are listening for requests for or

by services, applications, or protocols.• All open ports are a security vulnerability and there

are 65,535 possible ports that may be open.» A best practice for network security is to specifically

close all unnecessary ports to harden a network.



– Misconfigured authentication services.

» The TACACS+ and RADIUS services are often used to authenticate devices and users on networks.

• A misconfiguration of either may lead to a security issue that allows malicious users to be authenticated to use network resources.

» Thoroughly reviewing the configuration of authentication services will help to mitigate the problem. In addition, all default local accounts should be disabled (these may present a slight opening for a malicious user to exploit authentication services).

– Active default usernames and passwords.

» Almost all devices and applications come with default usernames and passwords to ease the setup process.

• If left active, these defaults create a security issue—as they tend to be well known or are easy to find through simple research.

» A best practice is to disable all default usernames and passwords after setting up the device or application.


Other network security issues.Common network security issues.

Other network security issues.

– Malicious users.» Malicious users may be the single biggest security

issue facing any network and they will fall into one of two categories:

• An untrusted malicious user: an outside entity that has exploited a security weakness to gain access to network resources (e.g., a hacker who has breached a database’s security features to gain access to valuable information).

• A trusted malicious user: a person or entity that has been explicitly granted access to network resources that then exploits this trusted position for malicious purposes.

» A best practice is to review log files on a regular basis to see what resources are being accessed and by whom to help maintain security.

– Packet sniffers.» Packet sniffers examine network traffic at a very basic

level and can be used to help in the administration of a network.

• Packet sniffers may also be used by malicious users to see what protocols and activities are allowed on the network. This may help them in further attacking the network.



– Malware.» It is usually defined as malicious software that has the

intent of causing harm. As a category, malware covers any code based threat to a network or system.

• Examples of malware include: viruses, Trojans, and spyware.

» To protect against malware, anti-malware applications should be running on every device. To be proactive, end user education should also be in place to teach them to recognize the dangers.

– ICMP (Internet Control Messaging Protocol) related issues.

» ICMP can be a valuable tool for diagnosing issues on networks, but it can also become a security vulnerability.

• ICMP can be exploited in a denial-of-service (DoS) type of attack.

• ICMP can be used to redirect legitimate users to a new malicious default gateway, possibly resulting in loss of data or sensitive information.

» It is now a best practice to deny ICMP requests on a router’s outward facing interface.



– DoS or distributed DoS (DDoS).» In an attempt to bring down a network or website,

malicious users will often send thousands (or hundred of thousands) of requests for services.

• The attackers’ goal is to make that resource unreachable by legitimate users.

» Many modern firewalls and other network appliances have been configured to recognize the signature of such an attack and can take steps to mitigate the results.

– Unintended backdoor access.» When creating applications, developers often create

backdoors into the programs. Backdoors are a method of accessing an application or service while bypassing the normal authentication process. Unfortunately, these backdoors are sometimes left open after the development process has been completed. Once these become known, they can be exploited.

• In most cases, the application is listening on a specific port (e.g., an open port) for a request for access.

» The best mitigation technique is to close all unnecessary ports on a network.



– Jamming.» All wireless networks use radio frequency (RF) channels

to transmit data on the network. It is possible to create enough interference on the RF channel that it is no longer useable on the network.

• An attacker will often use jamming when performing a DoS type attack; however, it can also be used to perform an evil twin type attack.

» Many of the modern networking standards and devices employ techniques to mitigate the threat of jamming (e.g., 802.11n and 802.11ac are difficult to jam).

– Banner grabbing.» Many network devices display banners (displayed

messages)when users are signing into or requesting services from network devices. These banners can impart information about the type of device or the type of service that is being requested.

• This information may be used by a hacker to research possible exploits.

» The best practice is to disable all unnecessary services and banners on network devices.


What was covered.Common network security issues.

Network security is an ever shifting landscape and some security issues may be inadvertently created by misconfigurations. Some of these misconfiguration issues can occur on: firewalls, ACLs, applications, unpatched OSs or firmware, open TCP/IP ports, and authentication services. The use of default usernames and passwords is another means by which a network can be breached.

Topic


Summary

There are many security issues that face modern networks. Some of these issues include: malicious users, packet sniffers, malware, ICMP, DoS or DDoS attacks, unintended backdoor access, jamming, and banner grabbing. Each of these vulnerabilities can be mitigated, thus hardening the network.


THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

PACE-IT: Common Network Security Issues

Education

Transcript of PACE-IT: Common Network Security Issues