Knight Talks Tech

Introduction to cyber security – Week 6, Network Security

Firewall basics

Blocks dangerous communications from spreading across network, either from outside into a network or within the network.
Can be dedicated hardware, part of router or integrated with OS.
Compares addressing and protocol information of datagram to rules setup in firewall’s software.
If datagram comes from a hacker and the rules say block unknown then the firewall rejects datagram silently or closes the connection.
Advanced firewalls can block traffic based on type of application e.g. media players or BitTorrent clients.

Personal firewalls

Often installed as part of OS.
Only protects computer (and attached devices) it is installed on.
Useful for mobile computers connecting to various networks.

Other firewalls

Firewall software can be downloaded for free or purchased.
Should only one firewall at a time to prevent degradation of system performance.
Should always have one firewall running.

VPN basics

Virtual Private Network – private network across untrusted network such as the internet. Uses include:

Implemented using dedicated hardware and software.
VPN client – installed on device & responsible for connecting to the VPN to send & receive information securely.
VPN server – part of dedicated network device on perimeter of organisation’s network. Server software authenticates users and routes traffic.
VPN software creates secure tunnel between VPN client and VPN server across any network. Information transmitted is encrypted.

Securing the tunnels

Encryption – usually performed by client and server software.
Authenticity and integrity – methods used to ensure authenticity:

VPN protocols – three main forms in use:

Security risks of VPN

Intrusion Detection System (IDS)

Usually dedicated hardware or software divided into two types by their responsibilities:

IDS can support a network firewall.
Firewall should be closed to all traffic except that know to organisation e.g. web, email, FTP.
IDS can then scan traffic passing through firewall for potential attacks with NIDS. A HIDS can also be used to check for threats from within such as malware on an infected computer.
Intrusion detection is passive – monitors and informs.
Can also be reactive, can inform admins as well as attempt to stop intrusion by blocking further packets being sent from source IP. Also referred to as Intrusion Prevention or Protection Systems (IPS).
Weaknesses

How an IDS works in practise

Use one of two techniques:

Honeypots

Isolated website, computer or network resource used for deflect attacks in order to study them.
Can be used to record activity and study behaviour.

Resources

http://eandt.theiet.org/magazine/2013/08/cyber-securitys-new-hard-line.cfm

Exit mobile version