Ec Council
Ec Council
Ec Council
GOAL OF NETWORK DEFENSE incolves predicting , protecting , monitoring , analyzing , detecting , and respondin
1.Confidentiality
2.availability
3.integrity
Confidentiality:-
information is not disclosed to un-authorized parties or other than authorized user no one can access it(
integrity:-
information trnasfered through from sender to receiver cannot be modified or changed by third party.(e
availability:-
the information is available to only authorized user without disturbance
1.preventive :-
techniques that use to avoid threads or attacks. It consist of access control mechanism as a firewall, adm
NAC and NAP, cryptographic application such as IPSec and SSL, biometric techniques as speech and faci
2.reactive :-
techniques that use to detect attacks or threads. It includes security monitoring methods such as IDS, SI
3.retrospective:-
it examine the cause of attacks or any other info which help organization to plan a route to recover the d
it includes fault finfing mechanism such as protocol analyzers and traffic monitors. Security forensics tec
4.proactive:-
basically it is a future plan that helps an organization to prevent from attacks or threads in future
radius , tacacs+ , kerberos , pgp , s/mime , secure HTTP , HTTPS , tls , ssl , Ipsec
radius:- remote authentication dial in user services it works on OSI model by using UDP and TCP as transport pro
it works in 3 differents stages such as:-
access request toward the server (id and pass)
access accepted or rejected
access challenges(accounting request)
TACACS+
network security protocols devided into diff layers such as
*transport
*network
*application
Transport:-
it includes TLS and SSL protocols.
TLS:- TLS protocol provides security and dependability of data between two communicating parties.
SSL:- SSl proviides security to the communication between clients and servers
Network layer:-
IPsec:- this protocol authenticate the packets during the transmission of data.
Application layer:-
PGP(pretty good protocol):- it provides cryptographic privacy and authentication for network communication a
Kerberos:- it is a client-server model that is implemented for authenticating request in computer network
packet filtering:- useful for implementing the controls that are defined by multiple policies, standards, and gui
MODULE 02
ACCESS control
it works as the user sends a request toward the server then the authentication works on access control
and it authorize the request in authorization database which manage by administrator(who add or delet
modify account details in database)then the given request is correct then the access is given either it de
1.Separation of Duties(SoD)
2.need-to-know
3.princile of least privilege
1.Separation of Duties(SoD):-
bassically it’s a brekdown of a task which isure that the no one has the access to perfom all fu
2.need-to-know:-
int this access is provided only to the information that is required for performing a specific task
Access Control Models:- it’s a standard which provides a predifined framework for implementing the neces
MAC(mandatory access control)
DAC(discretionary access control)
RBAC(role-based access control)
RB-RBAC(rule-based access control)
Identity and access management(IAM):- it responsible for providing the rigght individual with right access at the
identity Repository:-
in the attributes related to the users identities are stored.
1.centralizwd authorization
2.decentralized authorization
3.implicit authorization
4.ecplicit authorization
1.centralizwd authorization:-
2.decentralized authorization:-
each network resource maintain its authorization unit and performs authorization locally
it maintain iits own database
3.implicit authorization:-
4.ecplicit authorization:-
REGULATORY FRAMEWORK it contains set of guidelines and best practices for security
use of regulatory framework according to field of uses
regulatory framework :-
under this frame work , an organization must document its pilicies, standards as well as proce
.each of them have different purposes thus they cannot be combined in ine document
Polices:-
polices are high level statements dealing with the administrative network security of an organization.
eg. Policy includes email and encryption policies.
standards:-
it comprise specific low lvl mandatory controls related to the implementation of a specific
technology useful for enforcing and supporting policies.
it includes password policy such as password standard such as password complexity , password length e
includes data encryption standard(DES), advanced encryption standard(AES), and rivest-shamir-adleman
Clear Communication
Brief and Clear Information
Defined Scope and Applicability:
Enforceable by Law
Recognizes Areas of Responsibility
Sufficient Guidance
1. Physical Layer transmit raw bit stream over the physical medium
The physical layer is responsible for the physical cable or wireless connection betw
network nodes. It defines the connector, the electrical cable or wireless technology connectin
devices, and is responsible for transmission of the raw data, which is simply a series of 0s and
3. Network Layer
decides which physical path the data will take
4. Transport Layer
transmit data using transmission protocols including TCP and UDP
5. Session Layer
maintain connection and is responsible for controlling ports and sessions
6. Presentation Layer
ensure the data is in usable format and is where data encryption occurs
7. Application Layer
human-computer interaction layer, where application can access the network services.
preventive controls:- security types like door locks and security guard
detective controls:- includes security controls like motion detector, alarm system and sensors, etc
reovery controls:- used to recover security violation and restore information and system
compensating controls:-
used as an alternative control when the intended controls failed
eg. Hot sites, backup power system.
networl segmentation:-
is a splitting up the network into smaller network segments
firewall:- firewall only protects from network threads which came from outside
firewall allows or denied 4 thinngs
1.protocols
2.ports
3.programs
4. ip addresses
thid all goes under the BASTION HOST
Bastion Host:-
it is a computer system designed and configured to protect network resources
from attacks.
it is only host that can addresed directly from public network
it provide limited range of services such as website hosting and mail to ensure
security
need for baston host:-
minimize chances of penetration by intruders
create all logs which used to identify attacks or attempts to attack
it provide an additional lvl of security
DMZ(demilitarized zone):-
limitations of IDS:-
network logging system
antivirus products
vulnerability assessment tools
cryptographic system
components of IDS
network sensors
alert system
command console
response system
attack signature database
network sensors:- they are hardware and software components that monitors network traffic and
triggers alarm if any abnormal activity is detected
network topology:- IS A physical and logical arrangement of nodes and connections in a networks.
nodes usually includes devices such as devices like switches, routers and software with switch
it uses flexible rules language to describe traffic that it should collect or pass
as well as detection engine that utilizes a modular plug-in architecture
Suricata:-
HoneyPot:- it is use to attract and trap hacker who try to attacks the organization
honeypot tools:- honeybot
KFSensor
mongoDB-honeyproxy
modern honey network
Espot
honeypy
Proxy serverss:- it is a dedicated computer and software system virtually located between
a client and actual server
components of vpn:-
vpn client
network access server(NAS)
tunnel terminating device(vpn server)
vpn protocol
VPN Concentrators:-
used to create secure connection
it acts as vpn router used to create remote access or site-to-site vpn
it uses tunnel protocol to negotiate security
Site-to-Site VPNs
Hardware VPNs A hardware VPN provides load balancing, especially for large client loads.
Software VPNs A software VPN minimizes the cost of additional hardware purchases.
It has high scalability.
TYPES of container
os container
application container
container:-
basically it a storage place where different os systems are stored
its faster than virtual machines
it have more security problems
wireless terminologies:-
GSM universal system used for mobile transportation for wireless networks
worldwide
BANDWIDTH amout of info that broadcast over a connection
WLAN connects user in local area with a network. Used in single room or entire campus
access point (AP):- its hardware device that allows wireless communication devices to connect
to a wireless network via standards like wifi,bluetooth,etc
wireless card(NIC):- it is a network interface card build in system for network connection
wireless modem:- it’s a device that receives and transmit network signals wirelessely
wireless bridge:- its used for increasing the coverage area of the wireless network
wireless repeater:- retransmit existing signal captured from wireless router or AP to create
a new network
wireless router:- provides internet access to various devices
wireless gateway:- a device that makes possible for computers and internet capable devices
to access a shared wireless internet connection
wireless usb adapter:-
it’s a external wireless connector for devices which don’t have in build
wireless connecting option
802.11i :- an IEEE amendment that specifies security mechanism for 802.11 wireless
network
wpa:- it is an advanced wireless encryption protocol using TKIP and MIC to provide stronger encryption
IOT:- it’s a network devices having IP addresses and the capability to sense,collect,
and send data using embedded sensors,communication hardware and processors
IOT TOOLS :-
Azure
ibm waston iot platform
cloud iot core
predix
AT&t iot connectivity managements
cryptography:-
in this conversion of data into a scrambled code that is encrypted and
sent across a private or public network
it used to protect email messages,chat sessions,web transactions,
personal data,etc
symmetric encryption:-
it uses single key for encrypting and decrypting data
it used to encrypt large amounts of data
Asymmetric encryption:-
it uses two keys
one key called public key and another one is called private key
it also called public key encryption
its used to encrypt small amount of data
MODULE 11:- DATA SECURITY
data encryption
data backup
password protection
mirror drive
it’s a method of combining multiple hard drive into one single unit and
writing data across several disk drives, offering fault tollerance
if one drive fails , the system can continue operating
advantages of RAID:-
it enables a balanced overlap of i/o operations
improve system performance
simplify storage management
protect against data loss
SAN:- high speed network connector like ethernet cable, fibre cable etc
BACKUP METHODS:-
COLD BACKUP:-
BACKUP LOCATIONS:-
DATA SECURED FROM PHYSICAL SECURITY THREADS LIKE FIRE AND FLOOD
BACKUP RETENTION:-
its storing and maintaning important information
TYPES OF SIGNATURE:-
normal traffic signature:- accepts traffic patterns allowed to enter the network
attack signature:- suspicious traffic pattern not allowed to enter the network
some tools:-
WIRE SHARK:- widely used network siffers for network monitoring and analysis
END
device to give authorization based on
on prevention system)
from unwantedd traffic and threads.
ks or threads in future
UDP and TCP as transport protocol. Also it uses password authentication protocol(PAP), the challenge handshake authentication(CHAP), o
mmunicating parties.
k communication
ation checks.
gn privileges
ecurity of an organization.
on of a specific
ep-wise instructions
e policies, standards, and guidelines
icies. These are further divided into
tions security, network security,
7. Application Layer
5. Session Layer
d sensors, etc
in a networks.
uters and software with switch and router features
de stronger encryption
legal management.
n layer protocol:-
FTP error control:-
TELNET
HTTP, etc
3. Network Layer
y there is no need to transfer all data from start in case of disconnection or crash
a
protocols:- transmission control protocol(TCP), user datagram protocol(UDP)
this layer is responssible for end to end communication between two devices
it includes taking data from session layer and breaking into segments
before sending it to 3d layer
on receivers side transport layer is respossible for re-assembling the segments
before sending to session layer
it also done flow control and error control
flow control:-
it determines an optimal speed of transmission to ensure that the
sender with fast speed does nit overwhelm a receiver with slow connection.
error control:-
it performs on the receiver's end by ensuring that the data received is complete,
if isn't then request retransmission
Confidentiality:-
information is accessible to only authorized user
integrity:-
prevention of improper changes in data
availability:-
responsible for delivering, storing, and
processing information are accessible when required by authorized users
Authenticity:-
ensures the quality of being genuine or uncorrupted.
Non-Repudiation:-
sender of a message cannot later deny
having sent the message and that the recipient cannot deny having received the
message.
Classification of Attacks
Passive Attacks only monitoring data without interfering sniffing and eavesdropping
Active Attacks disrupt the communication DoS, Man-in-the-Middle, session hijacking, and SQL injec
Close-in Attacks physical with system eavesdropping, shoulder surfing,
and dumpster diving
Insider Attacks tools:-
keyloggers,
backdoors, and malware
Passive Attacks:-
Footprinting
o Sniffing and eavesdropping
o Network traffic analysis
o Decryption of weakly encrypted traffic
Active Attacks:-
o Denial-of-service (DoS) attack
o Bypassing protection mechanisms
o Malware attacks (such as
viruses, worms, ransomware)
o Modification of information
o Spoofing attacks
o Replay attacks
o Password-based attacks
o Session hijacking
o Man-in-the-Middle attack
o DNS and ARP poisoning
o Compromised-key attack
o Firewall and IDS attack
o Profiling
o Arbitrary code execution
o Privilege escalation
o Backdoor access
o Cryptography attacks
o SQL injection
o XSS attacks
o Directory traversal attacks
o Exploitation of application and
OS software
Close-in Attacks:-
o Social engineering (Eavesdropping, shoulder surfing, dumpster diving, and other
methods)
Insider Attacks:-
Distribution Attacks:-
It helps security professionals to understand the adversary’s tactics, techniques, and procedures beforehand
Reconnaissance
collecting information about targets
Weaponization
identify the vulnerabilities and techniques that can exploit and gain unauthorized access to the
target organization
Installation The adversary downloads and installs more malicious software on the target system to
maintain access to the target network for an extended period
o Establishing a two-way communication channel between the victim’s system and the
adversary-controlled server
o Leveraging channels such as web traffic, email communication, and DNS messages
o Applying privilege escalation techniques
o Hiding any evidence of compromise using techniques such as encryption
Actions on Objectives
Techniques:- methods used for an attack and methods used after attack
to stay hidden
Adversary Behavior:-.
Adversary behavioral identification involves the identification of the common methods or techniques
followed by an adversary to launch attacks on or to penetrate an organization’s network
Internal Reconnaissance:-
Once the adversary is inside the target network, they follow various techniques and
methods to carry out internal reconnaissance. This includes the enumeration of
systems, hosts, processes, the execution of various commands to find out information
such as the local user context and system configuration, hostname, IP addresses, active
remote systems, and programs running on the target systems
Use of PowerShell:-
PowerShell can be used by an adversary as a tool for automating data exfiltration and
launching further attacks.
Data Staging:-
the adversary uses data staging
techniques to collect and combine as much data as possible
54
n hijacking, and SQL injection
procedures beforehand
ds or techniques