Network Security and Defense against Insider Attacks

Verified

Added on 2019/09/24

AI Summary

The provided content discusses various aspects of network security, including insider attackers, network defense requirements, network devices, network vulnerabilities, and host defense requirements. Insider attackers pose a significant threat as they have knowledge about the secured data storage location. Network defense requires a set of processes and measures to detect, monitor, and control network attacks. The main disadvantage is losing data privacy. Network devices such as routers, hubs, repeaters, bridges, and switches are used to connect LANs. Network vulnerabilities include weak passwords, viruses, worms, Trojan horses, and unauthorized software. Various types of attacks such as denial-of-service attacks, spoofing, man-in-the-middle attacks, and replay attacks can cause disruptions. To avoid these threats, secure connections, remote access, data privacy, and security principles must be satisfied. Host defense requirements include preventing malware from attacking the host, running static and dynamic analysis to defend the system.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Table of Contents
Introduction 2
Part 2: Network security Assessment 3
Bibliography 7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Introduction:
Securing the information from the threat is information security. It involves in
information management, network security and data security. Different security layers are
physical security, network security, host security, perimeter defense and mobile device security.
For any information three types of security goals should be satisfied. Confidentiality, integrity
and availability of information should be maintained. But when these goals are unable to satisfy
then it will be easy for the attacker to gain the access to the information. Let us discuss some of
the security requirements, preventions and counter measures to provide network security.
Physical security:
Physical security is the process of securing the hardware, network and stored data from the
physical conditions which could cause permanent or temporary loss to an organization. The
attack may be two types of category. It can be from the outside of the company or from within
the organization. The attacker tries to hack the system by threatening the password protected by
the company. This type of attack is from the outside of the company. When an employee of the
company tries to hack the system in order to give the information of the company to the third
party attacker then this is said to be the attack within the company.
Physical security requirements:
Some of the physical security requirements are
i. Stored data must be kept confidentially and should be used in one or more secure room in
the organization.
ii. The secure rooms or server room should not be dedicated to specific project level.
iii. The rooms must have one or two entry or exit point and should be protected with the
employee id.
iv. The inside environment of the organization should not be visible to the outside
environment.
Prevention:
Physical security of the organization should be taken care. Facility such as traffic flow, natural
terrain, interior walls and doors, fire security should be considered. To avoid the physical
security issues it should be prevented using alarm system, lock and keys, electronic monitoring,
ID cards, smart card and vulnerabilities, motion detectors and using RFID tags. Alarm system is
used by sensing the environmental changes by using sensors such as water sensor, motion sensor,
ultrasonic sensor etc. ID cards and smart cards are used for security purposes in order to avoid
unnecessary people to the secured room.

Detection:
Access controls are used for the security. The attackers can be detected by using the punch cards,
biometric and electronic authentication. When the authentication does not matches then it is
detected as attacker is trying to access the system. Intrusion detection system is used to monitor
the system when any changes occurs it sounds the alarm to alert the company that there is some
problem in the server room .Electronic surveillance must be kept in the server room to detect the
changes made by the attacker. When the attacker is trying to enter the room it is monitored
through the electronic surveillance and intrusion detection system. The sensor used to detect the
attacker and sounds an alarm. If intrusion detection is failed then we can find through the video
surveillance.
Recovery:
Recovery policies and procedures should be done regularly to ensure safety and to reduce the
time taken to recover from the man-made or natural disasters. The stored data should be taken
back up whenever a data is getting updated. If back up is taken then we need not worry about the
data loss. We can use the data from the existing back up data.
Control measures:
These control measures should be taken by every organization inorder to avoid or prevent from
the security disaster. They are
1. Server room should be kept locked.
2. Surveillance set up is needed to be fixed.
3. Vulnerable devices must be kept in the server room.
4. Rack mount servers should be used.
5. Keep intruders from opening the case.
6. Pack up the backups
7. Protect the printers
Mobile device security:
A device typically has a display screen with a touch keyboard or input. Different types of
mobile devices are mobile PC, digital camera, laptop, smart phones, tablet, pager etc. All these
mobile devices must support the multi security such as confidentiality, integrity and availability.
To achieve these objectives the mobile devices must be secured against the variety of threats.
Since people store every details in their mobile device. For example if a user has a smart phone
he or she has to register their own email id to use any of the applications. By registering the mail
id their mobile number is also registered. When both are synchronized their mobile device id is
also registered. Nowadays every one use mobile banking and net banking so their bank details

also registered with it. If a mobile is lost then user entire details gets steeled. This may happen to
the organization also. In order to avoid these issues the security measures must be taken to avoid
mobile threat and lost.
These are the guidelines to improve the security of mobile devices.
 A mobile device security policy must be created in every organization.
 Mobile devices should be developed with the threat models.
 Organization should check mobile devices to protect it from the threat before the user is
allowed to access it which is given by the organization.
 Before putting the solution into the production the mobile device should be tested.
 When a mobile device is to be deployed, the organization should consider all the merits
and demerits of device to provide security which is needed for their environment. The
design should be in such a way that they should provide the necessary services such as
 General policy of security
 Data communication and storage capacity
 User and device authentication services
 Applications
 Maintain mobile device security regularly.
Control measures:
Best security practices made for the mobile devices is by protecting with
 Password protection
 Pass code protection
 Installing secure software such as Anti-virus and anti-malware to protect mobile
devices
 Mobile devices must be kept up-to-date
 It is necessary to install phone finder app for any security reasons.
 Back up of the mobile devices should be taken
 If the count of failed login exceeds then the device is set wipe content from the
device.
 Before installing any apps some time must be taken to read the information given
to the application and you should know the need of the application.
 Device location must be known every time.
 When the device is in use some guidelines should be followed and URL’s should
be secured for accessing.
 Do not access links which are not secure.
 Do not give any personal details to unsecure website.
 Do not use public Wi-Fi which is not secure to do mobile activities.
Perimeter Defense requirements:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Perimeter defense is the type of defending your own network from attacks and it helps to
protect as firewall from external attacks. The main aim of perimeter defense is to focus on
firewall devices. By using wired network this defense seems to be an evil. Nowadays unplugged
methods are used but for most of business work it does not work. For evil conditions the
perimeter defense must be attempted. By limiting the network connections it helps but for fewer
connections they need to manage the protection. Some tips are mentioned to design the perimeter
to secure network.
 Building the level of security
 To harden the device configuration, software update, security principles and policies.
 Network access control must be enabled.
Elements of perimeter defense are firewall, intrusion detection system, intrusion prevention
system, Virtual Private Network and De-militarized zones. Perimeter defense are not suitable for
wireless access points, organization with higher employees. Different types of perimeter are used
for the network such as static packet filter, stateful firewall, proxy firewall, IDS (Intrusion
Detection System) and IPS(Intrusion Prevention System) and VPN (Virtual Private Network)
device. Using the perimeter defense security model the attacks are absorbed and detected to
reduce the risk at the end of the system. Firewall is used to absorb the incoming network to be
secure. It allows only the secured connection to the end users. If any websites or link is absorbed
as a threat it blocks the content from the connection. It allows only the secure connection. For
differentiating the absorption it has three types of firewall. Each type protects the system in a
different way. Intrusion detection system is to detect the abnormal changes in the environment. If
any changes occur it gives an alarm to the people in the organization. If alarm starts then the
people gets alert to protect the system. Virtual private network is used for authentication of
secure connection to users.
Types of attacks:
Different types of attacks such as code Red, Denial of Service (DOS) attack, syn flood attack are
possible. Attacks can be new from the attacker. Attacker tries to hack with various forms of the
attacks in order to confuse the user.
Attackers can be of skilled attacker and insider attackers.
Skilled attacker:
The one who is skilled with attacking the organization, makes less number of times to attack by
it will be successful one. The attacker research about the company to attack and utilizes
additional methods and tools. Firewall, intrusion detection system and antivirus software must
be configured properly. The skilled attacker studies the network of the company with all its entry
and exit point. Once all the points are noticed the attacker tries to make the best path for breaking
the security policy to attain the process successful.

Insider attacker:
Inside attackers are employee with the higher position in the organization .Their threat is the
largest one because they know where the secured data is stored so it is very easy for them to
threat the important data of the organization. Security policies are necessary to secure the
network.
Network defense requirements:
A set of process and measures to which helps the network to detect, monitor and control
the network attack to avoid denial of services and any disruptions. Network security protects the
connections, components and information. The main disadvantage of this network security is
losing the data, privacy and other related information. Before protecting the data, the users need
to know about the type of attackers and in what way the attacker tries to attack the information.
Based on the type of attacking the information should be protected.
Network devices:
In general, LAN does not operate in individual manner. It is operated by connecting it by one
another. Some of the connecting devices are used to connect these LAN. Connecting devices
such as Router, Hub, Repeater, bridges and switches are used. Each component has individual
functionalities and operation.
Network vulnerabilities:
Generally the system is protected with the password. The password should be strong and
different. It should not be weak. If the password is weak the hacker can easily find the system.
Password should not be any personal information. Personal information such as ATM pin
number, date of birth, surname etc. One password should not be used for all the accounts. It
must consist of strong with password constraints. For some process a password is given by the
administrator. Consider net banking for an example. Initially the password for accessing the net
banking is used by the default password given by the administrator. It is better to change to avoid
vulnerabilities. Some people think that changing of password often is an unnecessary one. But
changing the passwords often will make the chance of threat lesser. Viruses, Worms, Trojan
horse are also responsible to threat. A program or any software without any license agreement is
also cause threat.
Attacks such as Denial of service attack, spoofing, man in the middle attack, replay attack are
some of attacks which cause disruptions to the system. There are some methods to use for
network attack. They are Simple Network Management Protocol, Domain Name System,
Address Resolution Protocol, TCP Hijacking, wireless attacks and DNS poisoning.
To avoid these vulnerabilities secure connections, remote access should be provided. Data
privacy is necessary. It should satisfy security principles such as confidentiality, integrity and

availability. These measures should be taken care for controlling the threats made by the third
party services.
Host Defense requirements:
This type of defense will be last try of the third party member to the network attack. The attacker
tries to steal the information by the data security. The main target of the attacker is to threat the
information by the basic form of system attack. If the attacker fails to access the information the
last try of them is to attack the host. This may happen through running the malicious code to
defense the operating system. When malicious code runs inside the OS then it gets corrupted. So
measures to be taken to avoid such malware to make changes in the system. As years went
growth of internet increased. As the growth gets increased the problem is also increased.
Organizations are making large effort to detect, prevent from the malware. Another way of
attacking the host is by usage of website by the user. When the user access the malicious link the
host gets corrupted. Analysis should be made for protecting it from the malware. Static analysis
is made before running any code in the system. If any code is initialized for execution then it
must be analyzed for the weakness. Dynamic analysis is made during the execution of the code
to defense the system. Based on this analysis the code is executed.
Conclusion:
Due to the growth of internet threats occurring to the network various from physical, network,
host, mobile devices and perimeter varies but the target of the attacker is to get the information
of the organization. So the motive is same but the type of attack is different in different ways.
For every type of requirements the defense methods and preventive measures should be known
and followed. So we can conclude that measures should be taken for every threat that occurs to
secure the network.
Bibliography
“Physical security and why its important”, available at https://www.sans.org/reading-
room/whitepapers/physical/physical-security-important-37120

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

“MalwareD: A study on network and host based defenses that prevent malware from
accomplishing its goals”, Available at
https://www.sans.org/reading-room/whitepapers/bestprac/malwared-study-network-host-
based-defenses-prevent-malware-accomplishing-go-35432
“Network defense and control measures” available at
http://ptgmedia.pearsoncmg.com/images/9780789750945/samplepages/0789750945.pdf
“Perimeter defense model for security”, available at https://www.scmagazine.com/perimeter-
defense-model-for-security/article/548761/
“Host defense components” available at https://www.safaribooksonline.com/library/view/inside-
network-perimeter/0672327376/ch10.html

1 out of 8

+13062052269

info@desklib.com

Network Security and Defense against Insider Attacks

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Protecting Network Security and Defending Against Threats

Intrusion Detection Systems in WSNs

Information and System Security Research Paper 2022

Testing and Implementation of Physical Security Measures

Effective Physical Security Measures

Information and Systems Security