SEC 410 – Discussion – Week 1

What are today’s most significant threats to network security?

Phishing is pretty common. It’s a type of social engineering. Social engineering gets people to do what you want them to, thereby allowing an attack to proceed regardless of security.

https://www.youtube.com/watch?v=pnaoUEVx9wI

Poor passwords –

https://www.youtube.com/watch?v=7U-RbOKanYs

Not having two-factor authentication on wireless access points leaves them more vulnerable to attack. While not so common, I think it will become more common once more criminals figure out how easy it can be to exploit a wireless access point regardless of the password used. 

https://img2.insight.com/graphics/uk/media/pdf/securing_wlans.pdf

 

What are some steps you can take to mitigate these threats?

Phishing

  • educate employees on best standards and practices.
  • Have good antivirus on the computers
  • Have a good email filter
  • Have good passwords on company email accounts
  • Have logging to monitor for suspicious email account activity (lots of email sent at the same time, or at unusual hours).

Poor Passwords

  • Follow current best practices

Wireless

  • Definitely enable two-factor authentication

 

What is meant by implementing a layered approach to network defense?

Have multiple preventative and responsive measures in place to secure your network. They can overlap. So a firewall can be secured. A switch after the firewall can be secured in it’s own way.  They can both be physically secured, and security settings enabled and configured in software. Antivirus can be run on the computers. Logging software such as solarwinds, prtg, nagios, or cacti can be used to monitor and alert of suspicious activity.

 

How can you assess the effectiveness of network security?

Logging and effective notifications. Simply enabling logs can leave you with huge dumps of information that you have to manually go through. Enabling them to alert you of only high-security or critical alerts via email can keep automatic emails to a minimum, where only important information is being sent to you to manually review. You could also write a program in python or bash to go in and check logs for certain criteria that applies to your job, and that you would want to know about if it happens. Most business-class hardware will have logging for all sorts of things – bandwidth, cpu, amount of email traversing the equipment, radio frequency, etc. Outside software can be set up so that certain thresholds, if met, can let you know. For example, a common denial of service attack would be to send a bunch of traffic to someone’s network. You could configure monitoring to let you know if your bandwidth is above 50% for an hour, and then if it is then you get an email and you know. Grep is also a nice linux command for searching through logs manually.

 

https://www.youtube.com/watch?v=pnaoUEVx9wI

https://www.youtube.com/watch?v=7U-RbOKanYs