Popular in Course
verified elite notetaker
Popular in Department
This 10 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 19 views.
Reviews for ISSC421_Final_Project_Resubmission_
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
Firewalls and VPNs and Modern Day Threats 1 Firewalls and VPNs and Modern Day Threats Matthew Eliason ISSC 421 American Military University Les Pang Firewalls and VPNs and Modern Day Threats 2 Firewalls and VPNs and Modern Day Threats With the evolution of the internet structure, a vast amount of new vulnerabilities have been created through webbased applications. Hackers and groups of hackers (Anonymous is a prime example of this) have been able to penetrate internal and external business practices and have exploited Virtual Private Networks (VPN) through bad user practices. These bad user practices have compromised numerous large corporations targeting a user’s Personal Identifiable Information (PII) and their money accounts. The Transmission Control Protocol (TCP) was developed for initiating efficient communications through physical networks across vast distances. Through its development, loopholes and vulnerabilities were found that could override security and “hack” into otherwise secure physical servers remotely. Developers became aware of these vulnerabilities and were able to implement patches to cover these loopholes. But hackers seem to be ahead of developers at every turn and created worms that can defeat even the most secure enterprises and penetrate corporate networks. In the infancy of the internet and the information age, security has always been an important factor. But only until recently has it become the most important topic of concern in regard to an information technology enterprise. The massive expansion of the internet across the world has put its use at the forefront of security threats. As the internet domain increases so does Firewalls and VPNs and Modern Day Threats 3 the targets for attack. Administrators have developed many tools to combat and increase the difficulty for attackers successfully penetrate networks. Physically securing each server, switch, hub, and closing ports are the basics to good network practices. Even with these steps something more is needed. With the advancement and complexity of attacks, something was needed to prevent incoming and outgoing connections that were not authorized. The firewall was developed to provide such a capability. Firewalls gave the average IT administrator the ability to screen connections enforce access control and segmentation. But the problem with firewalls is they are not effective in and of themselves. Firewalls do not protect against insider threats who have physical access to CD Rom drives and floppy drives through which a plethora of viruses and worms can be introduced. Firewalls can be susceptible to website defacement and zombie bot net recruitment which are used by thousands of hackers to exploit another vulnerability, distributed denial of service attacks (DDoS). These DDoS attacks use exploited networks of infected computers to effectively shut down the communication pathways through a targeted firewall. While there is not much that can be done to prevent a DDos attack, networks need something that alerts the system when it has been breached and a virus is running rampant throughout the system. The Intrusion Detection System (IDS) and the Intrusion Protection System (IPS) were developed. The IDS coupled with a firewall and an IPS to detect and alert the administrators of a system breach that something affecting the system. With this also came the ability to Firewalls and VPNs and Modern Day Threats 4 applicationbased filtering with protocol execution control. Unauthorized execution of programs on the system outside of the authorized executable programs are detected and through the Intrusion Protection System are preventing from spreading. With more advanced IPSs systems is the ability to quarantine the suspected file or files to prevent them from replicating through the network. If a malicious file is allowed to replicate and propagate throughout the network it becomes increasingly more difficult to isolate and destroy. With network security becoming increasingly more complex, there has developed a point of diminishing returns in regards to how secure a network is required to be without damaging the ease of use aspect. An example of this is password complexity. A typical network access password may require up to 15 characters with one special character and a number. While a password with this complexity is tremendously hard to break, the average user cannot put this to memory effectively. Because of this issue, the average user will write the password somewhere or store it in a Word file of some sort on his roaming profile. This bad practice leads to the compromise of the password, and in turn, the compromise of the network. “Complexity is enemy of security” and it rings true on even the average network (Behringer Michael, May 1, 2011). The thought process with this is the fact that the more secure the network equals less work production and less security. Virtual Private Networks are becoming increasingly more prevalent throughout the world because of what a VPN is designed to do, protect sensitive data when tunneled through a public domain. Common users trust this system with their everyday purchases and their exchange of Firewalls and VPNs and Modern Day Threats 5 personal data on a day to day basis. Unfortunately, this trust is misguided in many cases. There is no way for an average user to verify that the credentials used in the transaction are stored in a secure manner and in many cases they are not. An example of this would be the recent attack against the Sony Enterprise networks in which hackers were able to penetrate and obtain the Personal Identifiable Information (PII) of over 77 million accounts on the PlayStation Network. Sony estimated that this one successful penetration cost them over $170 million dollars. This example is one of many daily threats that target VPNs and their complexity and periodicity increase each day. VPNs also face threats from being vulnerable to user name enumeration, man – in – the middle attacks, and offline and online brute force password cracking. VPN fingerprinting can also be problematic if a network is attacked by very skillful hackers as it gives them useful data to use in the afore mentioned man – in – the middle attack. Along with these stated susceptibilities comes the oft enacted poor networking practices and configurations such as not having a password and screen lockout timer set, leaving configurations at their default settings and lack of network best practices training for employees. (Hills Roy, January 2005) Modern day attacks are increasingly more and more complex and use a number of means to successfully penetrate corporate and private networks and VPNs. These attacks can come from a variety of methods employed by hackers in today’s information technology era. The most well known of these malicious occurrences are the oft mentioned virus. Firewalls and VPNs and Modern Day Threats 6 A virus is a constructed software executable program that injected into a target system is designed to replicate through auto executable code. Once replication begins, it can infest the system like termites in wood and quickly make the system completely unusable or in some extreme cases permanently alter the BIOS firmware. It is normally introduced into the network via the internet, or physically through removable media. By and far, the virus is one of the most common threats to any network and can be one of the most damaging. (Gowdiak Adam, n.d.) The term spyware was coined to describe malicious programs designed not to disturb a user’s day to day activities, but simply record and transmit the user data for possible malicious use by the perpetrator. Spyware is typically attached to an executable or file that is downloaded by the user. Spyware can be used in some cases to actually see what the user is doing with the mouse and can in some cases record the password and usernames of the oblivious user inputs into the system. Spyware is generally not always detected because the user has no reason to know that the system is infected. An up – to – date antivirus definition and an antimalware program such as Malwarebytes can prevent a system from being susceptible to spyware (Stewart J. Michael, 2011) Keystroke logging is a type of spyware and can be attached to a virus or Trojan software that has been installed on the computer. Keystroke logging software has the ability record keystrokes and transmit them at a later time to another user for exploitation. This type of exploitation can be devastating to an individual’s banking accounts as these credentials are the Firewalls and VPNs and Modern Day Threats 7 most targeted with this particular type of attack. Keystroke logging costs users millions per year in stolen money from exploited accounts. The worm can be one the most devastating forms of attack in the modern information age. A worm is a self replicating program that unlike a virus which needs to be attached to “legitimate” program or Trojan to ride into the system, can execute, replicate and move freely throughout an unprotected system. Once a worm has successfully replicated through the system it can do many things such as email itself across multiple domains, give control of the system to a remote user or render the system completely inoperable. One of the most damaging worms in history was the infamously self proclaimed “MyDoom” email worm and in 2004, caused over $38 billion dollars in damages. Mydoom was a self – replicating email worm that replicated by automatically sending a copy of itself to everyone on the infected user’s address book. It was estimated that one out of every ten emails had the mail worm attached to it. For over a month it wreaked havoc across the internet domain before being eradicated. Spoofing and phishing follow the same correlation of attack vector. Spoofing preys on uneducated users who do not have any proper training on what key identifiers of spoofed or phishing webpages. These spoofed sites are designed to trick a user into believing that the website is legitimate and this in turn allows the user to enter credentials into the system which are recorded. Spoofing can be used to describe other types of attacks such as DNS spoofing and VPN spoofing. These spoofing attacks are conducted to fool a website’s authentication protocols Firewalls and VPNs and Modern Day Threats 8 into an authenticated handshake and access to the system that is targeted. (Grimes Roger, June 23, 2002) In conclusion, even the most complex and hardened network is only as strong as its most uneducated trusted user. Information awareness training is just as vital to an information enterprise as the firewalls, IPS and IDS that protect the information stored on the local network, or in many cases, a virtual private network infrastructure. Networks must be patched on a real – time basis in order to protect itself from the more agile viruses, worms and other daily threats that abound throughout the cyberspace domain. Everyday thousands of network are attacked in a variety of ways and the inflicted losses of compromised data costs users billions through the loss of credentials. While some hackers look to gain information to exploit for profit, other groups such as Anonymous attack networks for political aims. Regardless of the motive, network security must be robust with a strong foundation in training, best network practices and thoughtful construction of the security infrastructure. Integrity of data is the number one concern among IT professionals in today’s information age and every time that data in compromised allows hackers to gain more confidence in their work. As compromises become more common place due to complacency, it becomes more and more lucratively attractive to engage in this destructive and illegal practices. Firewalls and VPNs and Modern Day Threats 9 References 1. Stewart J. Michael, 2011, Network Security, Firewalls and VPNs 2. Information security: Challenges and solutions, data retrieved on May 19, 2014 from http://www.peterindia.net/ITSecurityView.html 3. Behringer Michael, May 1, 2011, Network complexity and how to deal with it, data retrieved on May 19, 2014 from https://labs.ripe.net/Members/mbehring/network complexityandhowtodealwithit 4. Chapter 9, Firewalls and Virtual Private Networks, data retrieved on May 19, 2014 from http://www.wiley.com/legacy/compbooks/press/0471348201_09.pdf 5. Hills Roy, January 2005, Common VPN security flaws, data retrieved on May 19, 2014 from http://www.ntamonitor.com/files/whitepapers/VPNFlawsWhitepaper.pdf Firewalls and VPNs and Modern Day Threats 10 6. Fire walls, data retrieved on May 19, 2014 from http://www.cs.fsu.edu/~breno/CIS 5357/lecture_slides/class16.pdf 7. Gowdiak Adam, Techniques used for bypassing firewall systems, data retrieved on May 19, 2014 from http://www.terena.org/activities/tfcsirt/meeting9/gowdiakbypassing firewalls.pdf 8. The 11 most common computer security threats…. And what you can do to protect yourself from them, data retrieved on May 19, 2014 from http://www.symantec norton.com/11mostcommoncomputersecuritythreats_k13.aspx 9. Grimes Roger, June 23, 2002, External firewall attack, data retrieved on May 19, 2014 from http://windowsitpro.com/networking/externalfirewallattacks 10. The NIST Handbook, Threats to computer security, data retrieved on May 19, 2014 from http://alcor.concordia.ca/~helpline/security/threats.html 11. Williams, M. (2011, May 23). PlayStation Network hack will cost Sony $170M. PlayStation Network Hack Will Cost Sony $170M Computerworld. Retrieved May 25, 2014, from http://www.computerworld.com/s/article/9216926/PlayStation_Network_hack_will_cost _Sony_170M 12. S, E. (2010, October 10). 10 Most Destructive Computer Worms and Viruses Ever. 10 Most Destructive Computer Worms and Viruses Ever. Retrieved May 25, 2014, from http://wildammo.com/2010/10/12/10mostdestructivecomputerwormsandviruses ever/
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'