• DISCOVER
  • CREATE
IN-FOCUS
CONCEPTS
PROCESS
ROLES
CONTEXT
RATIONALE
HANDS-ON LAB
CHALLENGE
CONTRIBUTING FACTORS
COURSE OF ACTION
Key Concepts:
  • Intellectual property and privacy data
  • Risk assessment for your network infrastructure
  • Wired and wireless network infrastructure risks, threats, and vulnerabilities
  • Common network hacking tools: applications, exploits, and attacks
  • Social engineering practices and their impact on network security efforts

Network Security,
Firewalls, and VPNs

Network Security Threats

Network Security Threats
Threats and Vulnerability Scanning
Let's review the common types of threats that are likely to be encountered by most organizations. In addition, let's understand the basics of system port and vulnerability scanning. Click each element to read about it. Next, click the ACTIVITY button to attempt a simple activity related to threats.
  • Malware
  • Application vulnerabilities
  • System port and vulnerability scanning
Susceptibility to viruses is a common threat to computers, whether they are owned by individuals or by organizations. But, what are these viruses, and who injects them into our systems? What is the objective behind such activities?

Viruses are nothing but malicious software that unethical code hackers write to cause harm and destruction. Interestingly, viruses are not the only malicious software. There are many others, such as worms, Trojan horses, keyloggers, and spyware. All such destructive software applications are called malware.

Just like our houses, if we don't take effective measures to protect our IT systems, they become highly vulnerable to malicious attacks and security thefts. Even then, no matter what measures we take, security hackers work their way out. That is why our IT professionals are always working toward making their security measures even more robust. To be able do this effectively, these IT professionals need to understand their systems' application vulnerabilities.

Scanning is aimed at identifying ports on your network that are open to known vulnerabilities. Port scanning is useful for both computer professionals and hackers. A port is a place from where information goes into and out of a computer; therefore, port scanning identifies open doors to a computer. Port scanning is of legitimate use in managing networks, but port scanning can also be malicious in nature if someone is looking for a weakened access point to break into a computer.

Risk
Risk is the likelihood of the danger, negative consequence or impact of a vulnerability exercise, considering both the probability and the impact of occurrence. Let's examine how risk is assessed and measured. Think about answers to the following questions and then click each question to reveal its answer.
  • What is risk assessment, and how is it done?
  • How is risk measured?
X
Risk assessment is the study of vulnerabilities and threats, the likelihood and impact of an impending danger, and the theoretical effectiveness of security measures. The risk assessment methodology involves the following steps:
  • Identifying threat-vulnerability pairs by matching threats with vulnerabilities to create exploit scenarios
  • Analyzing the effectiveness of existing controls
  • Determining the impact of a successful exploitation
  • Determining the likelihood of a successful exploitation
  • Determining the risk for each threat-vulnerability pair using a risk matrix
  • Using the results to prioritize mitigation efforts
Click the thumbnail to view the enlarged version of the graphic.
Risk = Impact x Likelihood
The above equation is true when the impact is the consequence of a successful exploitation of a vulnerability. A vulnerability could be financial, reputation-based, or compliance-based. The likelihood is the probability that an impact will occur. Risk can be measured both qualitatively and quantitatively.

IT risk assessment is usually qualitative because it is difficult to obtain quantitative values. It is difficult to put a dollar value on many of the impacts that can be caused by a successful security incident. The impact is often more than just a financial loss. It can involve reputation, employee morale, customer satisfaction, or regulatory issues.

Click the thumbnail to view the enlarged version of the graphic.
The Hacking Process
Hacking falls into five main subgroups of events or activities. They are reconnaissance, scanning, enumeration, attacking, and postattack activities. Position the mouse pointer over each event to learn more. Next, click the ACTIVITY button to attempt a simple activity related to the hacking process.
Reconnaissance
Scanning
Enumeration
Attacking
Postattack Activities
Fall-Back Activities
Success?
Yes
No
Reconnaissance

Reconnaissance is a preliminary process that involves discovery, research, and information gathering. Reconnaissance can be done using techniques such as Web research, search engines, background checks, newspaper searches, and social networking.
Scanning

Scanning is the process of minutely examining a new finding or information gathered during reconnaissance. The various techniques used for scanning are war dialing, war driving, netstumbling, ping sweeps, and port scanning.
Enumeration

Enumeration is the hackers' process of discovering details about a potential target to learn whether any kind of vulnerability exists.
Attacking

Attacking is all about exploiting system vulnerabilities and gaining access to a system. Interestingly, it’s the shortest phase of the overall hacking process. A successful attack based on solid research and preparation can occur in seconds.
Postattack Activities

A successful attack means the hacker has breached the target's security to gain some level of access. Some familiar postattack activities include privilege escalation, depositing of additional hacker tools, data pilfering, and removal of evidence.
Fall-Back Activities

In case a hacker’s intrusion attack fails, the hacker tries other nonintrusion options, such as denial of service (Dos) attack, eavesdropping, breaking and entering, Web site attacks, and social engineering.
Seven Domains of a Typical IT Infrastructure
To better understand possible targets that hackers might choose, let’s review the seven domains of a typical IT infrastructure. Position the mouse pointer over each domain to learn more.

Seven Domains of a Typical IT Infrastructure

User Domain

Users are attacked using psychological techniques, such as persuasion and impersonation, in order to gain access to facilities or computing resources. Users are also tricked into giving away information, such as logon ids or passwords, via fraudulent e-mail messages. Trojan horses and spyware trick users into installing malware on their systems.
Workstation Domain

Malware is a significant threat in this domain. Port scanning can be used to find unsecured ports on a workstation, which gives the attacker insight into what type of attack may be successful. Malicious Web sites use attack techniques, such as XSS, to gain access to secured Web transactions.
LAN Domain

After a hacker gains access to one system on a network, the rest of the local area network (LAN) is vulnerable to attack. A LAN often consists of dozens to thousands of hosts. Electronic threats to a LAN include malware, malicious code, botnets, and software bugs. Physical threats include hardware failure, natural disasters, and accidental or purposeful damage to equipment. Human threats include disgruntled employees, poorly trained employees, and hackers.
LAN-to-WAN Domain

The WAN connections between LAN locations, especially those controlled by third-party entities, are targets. A WAN connection is exposed to the public Internet and so is directly accessible. Sequential port scans can be conducted from public Internet sites, revealing details of configuration that may allow an attacker to better profile additional services.
WAN Domain

A WAN spans a large geographic area, such as a state, province, or country. WANs often connect multiple smaller networks, such as LANs, or metropolitan area networks (MANs). In WAN domains, data moves through a public network, which creates electronic isolation. This electronic isolation allows numerous attacks.
System/Application Domain

This domain consists of servers that host applications, virtualized systems, and/or databases. Attackers may target the physical and virtual systems, the data that resides on them, or even the computing power of the servers.
Remote Access Domain

Remote access is the ability to get access to a computer or a network from a remote distance. Remote access removes the need for the hacker to be physically present to access and attack a LAN. Hackers anywhere in the world with an Internet or telephone connection can still reach out to attack any seemingly isolated target.
Social Engineering
Are you aware of any social engineering attacks? Can security awareness training offset common social engineering techniques? Do you think social engineering attacks are particularly difficult to prevent? Think about answers to the following questions and then click each question to reveal its answer.
  • What is social engineering?
  • What are the common social engineering techniques?
X
Social engineering is the craft of manipulating people into performing tasks or releasing information that violates security. Humans are primary targets of social engineering because humans are the weakest link in most security solutions. Humans are the only element in an organization with free will. In addition, they can be tricked or fooled, while hardware and software can only perform in accordance with their design and programming.

Social engineering can take place using any communication method, including face-to-face communication, telephone, e-mail, and Web sites. Social engineering may focus on extracting information from a target or convincing the target to take action that alters the security status of a host or network.

Social engineering can employ a wide range of techniques, including impersonating a position of authority, reciprocating favors, using social validation, and creating urgency through scarcity. Gaining access to inside information is often the first element of a social engineering attack.

In this section, you will have an opportunity to practice the concepts and processes that you have explored in this lesson.

The Hands-On Lab provides you with an engaging learning experience that is diagnostic and flexible. Following the instructions provided in the Lab Manual, you will be able to practice the steps IT Security Specialists perform on a daily basis and develop the skills required for effective execution and management of IT Security operations.

In this section, you will have an opportunity to apply what you’ve learned in this lesson in the context of analyzing a business situation. Although simplified, a problem scenario provided here depicts the challenges often faced by professionals in the workplace.

In this interactive case study, you will explore a business situation, review critical information related to the problem discussed in the case, decide on the course of action, and receive a decision analysis summary that discusses the implications of your decision. Once you analyze the impact of your decision, explore alternative solutions to learn about other potential ways to address the issue in the case. Complete your work on the case by submitting the graded assignment that will reflect on your process of analyzing the business situation and defining an appropriate course of action.

Jack Lent, your supervisor, calls you for a meeting where he shares some important revelations about the existing security policy of Corporation Techs and assigns you some tasks. Click the image of the supervisor to know what he wants to share with you.

After you have gone through the challenge, navigate to Contributing Factors from the panel at the top of your screen.

Lent: Hello! Come, take a seat.

Did you know that our sales department is quite unhappy with the security department? The sales department has just lost a prestigious bid to the competitor. The department is surprised at how the competitor was able to bid so accurately, just under the bid offered by Corporation Techs, by an exact amount. An outsourced security agency has identified unauthorized access to the Web server as a potential source of compromise. This could be due to the shared reporting and public Web site functions.

Now, your job is to create a security plan that will prevent unauthorized access, while making sure that both public and secured Web access remains available.

You already have the packet trace and vulnerability scans gathered during the outsourcer’s review. Use those scans and meet the consultant, Tim Castleberry for further details.

Contributing Factors
Click the image of the consultant to know what he wants to share with you. After you have gone through the contributing factors, navigate to Course of Action from the panel at the top of your screen.

Ask a Consultant

Select the icon from the top to receive additional
information related to the situation


Tim Castleberry
Security manager Hi! Lent informed me about the project he asked you to work on. Here is some information that you may find useful for your assignment. As you have been told by Lent, our primary competitor has been stealing confidential data from our Web server. The Web server provides public access to the organization's static Web site for contact information, while sales team members transfer contract and bid documents using a site secured with a logon id and password. Needless to say, Corporation Techs has budgeted for new networking hardware but does not want to add additional servers because of cooling issues. Let me remind you that you already have the data you need to complete this project. Good luck!
Course of Action
Use the following checklist as a guide to complete this assignment. Note that the tasks that you have completed are already checked in the list.

Tasks

  • Access the previously gathered data using NetWitness Investigator.
  • Identify hosts within Corporation Techs' network.
  • Identify protocols in use within Corporation Techs' network.
  • Identify services in use within Corporation Techs' network.
  • Create a professional report detailing the findings of the tasks 1-4. This report would be considered the initial document for the development of a network security plan.
At the end of this lesson, you should be able to:
  • Identify the motivation of attackers.
  • Conduct an internal and external risk assessment of the local area network (LAN), wide area network (WAN), and Remote Access domains.
  • Align risks, threats, and vulnerabilities with the seven domains of a typical information technology (IT) infrastructure.
  • Defend social engineering mechanisms with proper awareness training.
In this lesson, you will explore the threats faced by organizations. You will understand the concept of risk assessment. You will discover common network hacking tools. In addition, you will learn about social engineering practices and their impact on network security.