Introduction to Network Security

N. Ganesan, Ph.D.

Acknowledgements

Chapter Focus
Introduction to computer security
Overview of security threats
Outline of security measures
Summary

Understanding the Threats

Vulnerability
Intentional attacks on computing
resources and networks persist for a
number of reasons
Complexity of computer software and
newly emerging hardware and software
combinations make computer and the
network susceptible to intrusion
It is difficult to thoroughly test an
application for all possible intrusions

Security Threats
1. Trojan horse programs
2. Back door and remote administration programs
3. Denial of service
4. Being an intermediary for another attack
5. Unprotected Windows shares
6. Mobile code (Java, JavaScript, and ActiveX)
7. Cross-site scripting
8. Email spoofing
9. Email-borne viruses
10. Hidden file extensions
11. Chat clients
12. Packet sniffing

Source: CERT

Trojan Horse Programs

Trojan horses are programs that are
installed without the knowledge of
the user
Trojan horse programs can perform
a wide variety of covert talks such
as modifying and deleting files,
transmitting files to the intruder,
installing programs, installing
viruses and other Trojan horse
programs etc.

Backdoor and Remote

Administration Programs
Covert installation of remote
administration programs such as
BackOrifice, Netbus and SubSeven
Such programs give remote access
to the computer from anywhere on
the Internet

Intermediary for Other Attacks

Client computer is used to launch
mostly denial of service attacks on
other computers
An agent is usually installed using
a Trojan horse program to launch
the denial of service attack on
other computers

Unprotected Windows Share

Malicious code can be stored in
protected Windows share for
propagation

Mobile code
(Java/JavaScript/ActiveX)
Mobile codes in Java, JavaScript, and
ActiveX can be executed by a web browser
is generally useful, but it can also be used
to run malicious code on the client
computer.
Disabling Java, JavaScript, and ActiveX from
running in the Web browser must be
considered when accessing websites that
cannot be trusted
Email received in HTML format is also
susceptible to mobile code attack because
it could also carry the mobile code

Cross-site Scripting
A malicious script can be sent and stored by a
web developer on a website to be downloaded
by an unsuspecting surfer
When this website is accessed by a user, the
script is transferred to the local web browser
Ways of acquiring malicious scripts include
following links in web pages, email messages,
or newsgroup, using interactive forms on an
untrustworthy site, viewing online discussion
groups, forums, or other dynamically
generated pages where users can post text
containing HTML tags - CERT

Email Spoofing
Email spoofing tricks the user in believing
that the email originated from a certain user
such as an administrator although it actually
originated from a hacker
Such emails may solicit personal information
such as credit card details and passwords
Examining the email header may provide
some additional information about the origin
of the email

Email Borne Viruses

Malicious code is often distributed
through email as attachments
Attachments must thus be opened
with caution

Hidden File Extensions

An attachment may have a hidden file
extension
Such files may execute the attachment

Examaple:

Downloader (MySis.avi.exe or
QuickFlick.mpg.exe)
VBS/Timofonica (TIMOFONICA.TXT.vbs)
VBS/CoolNote
(COOL_NOTEPAD_DEMO.TXT.vbs)
VBS/OnTheFly (AnnaKournikova.jpg.vbs)

In the above files, the hidden extension

is .vbs pertaining to an executable Visual
Basic script

Chat Clients
Internet chat applications such as
instant messaging applications and
Internet Relay Chat (IRC) involve the
exchange of information including
files that may contain malicious
executable codes
The same caution that applies to
email attachments apply here as
well

Packet Sniffing
Packet sniffer programs capture the contents
of packets that may include passwords and
other sensitive information that could later
be used for compromising the client
computer
For example, a sniffer installed on a cable
modem in one cable trunk may be able to
sniff the password from other users on the
same trunk
Encryption of network traffic provides one of
the defenses against sniffing

Providing Security

Reasons to Secure Computing and

Network Resources
Many businesses rely heavily on computers
to operate critical business processes
Individuals are using computers for tasks
that required confidentiality
Advent of Internet has provided a physical
path of entry for every computer
connected to the Internet
An always connected broadband connection is
always vulnerable in this case

Providing Security
Providing security requires action on two
fronts, namely the management and the
technical fronts respectively
The management aspect relates to
organizational policies and behavior that
would address security threats and issues
The technical aspect relates to the
implementation of hardware and software
to secure access to computing resources
and the network

Management Aspect
Best practice approach is to ensure
secure behavior
The above can be done by
established guidelines for
managing, addressing and
rectifying security related issues

Technical Aspect
Introduce security related
hardware and software to secure
access to computers and
computing resources

Technical Approaches
From an implementation point of view, the
following are some of the steps that could be
taken to provide security
Implement security patches and other updates
pertaining to an operating system and other
venerable software such as the Internet Explorer
Install self-monitoring an anti-virus, anti-spam and
anti-hacker and pop-up blocker software
Install a firewalls
Use encryption wherever feasible

All the approaches can be used to complement

one another

Self-Monitoring Software and

Security Patches
Security patches are issued by mainly the
OS vendor such as Microsoft to patch
security holes as they are discovered
Examples of self-monitoring software
include anti-virus, spyware elimination,
pop-up blocking, and anti-spam software
Both the security patches and the selfmonitoring software act at the local client
level

Examples of Self-Monitoring
Software
Antivirus
Mcafee

Spyware elimination
Pop-up blocker
Anti-Spam

Firewalls
Firewalls are used for controlling
access to the computing resources
In general, it acts at the network
level controlling network access to
computing resources
Firewalls can be implemented in
software as well as in hardware

Encryption
By encryption, the data can be made
illegible to the intruder
It can be implemented at the network
level as well as the client level
For example, locally stored data can
be encrypted and the network traffic
could equally well be encrypted

Some Applications of Encryption

VPN
PKI
Digital Certificates

More on Security Techniques

Firewalls and encryption will be
discussed further in separate
modules under the section entitled
Network Security

Web References

firewall.com
firewall-net.com
firewallguide.com
msdn.microsoft.com
winroute.com
tinysoftware.com
sunsite.unc.edu

References
http:// www.howstuffworks.com
http://www.microsoft.com
http://www.securityfocus.com
http://grace.com/us-firewalls.htm
http://www.kerio.com/us/supp_kpf_manual
.html
http://www.broadbandreports.com/faq/sec
urity/2.5.1.
http://www.firewall-software.com

References
http://www.tlc.discovery.com/convergence/hackers/h
ackers.html
http://www.tuxedo.org/~esr/faqs/hacker-howto.html
http://www.iss.net/security_center/advice/Undergrou
nd/Hacking/Methods/Technical/
http://www.infosecuritymag.com/articles/march01/fe
atures4_battle_plans.shtml
http://www.nmrc.org/faqs/www/wsec09.html
http://www.microsoft.com/. Tim Rains Technical Lead Networking Team
Q310099, "Description of the Portqry.exe CommandLine Utility"

The End