SECURITY

Security is very important, probably the most important thing in Information Technology and Computer Science.

We must follow some security rules to protect computers, smartphones, tablets, servers and networks.



1-Below are some DANGERS


SOME NETWORK ATTACKS:
-Denial of Service (DoS).
-Distributed DoS (DDoS).
-Sniffing.
-Scanning.
-Man-in-the-middle.
-Address Spoofing.
-Cracking.
-Reconnaissance attacks.
-Buffer overflow.
-Mail bombing.
-Password vulnerability: "Dictionary password attacks" and "Brute-force attacks".
-Doxxing (disclose on internet confidentials information of someone).



SOCIAL ENGINEERING:
-Phishing (= malicious link sent to one person).
-Spear phishing (= phishing to several persons working in the same company).
-Whaling (= spear phishing for the VIP within the company).
-Vishing (= scam by phone).
-Smishing (= scam by SMS).
-Pharming (= DNS corruption, wrong website).
-Watering hole attacks.



SOME MALICIOUS PERSONS:
-Hacker (he illegally access computer systems to damage or steal data).
-Cracker (he breaks security protections).
-Crasher (he makes attacks and deletes data only for fun).
-Phreaker (phone pirate).
-Black Hat (hackers with bad intentions).
-White Hat (crackers with good intentions).



SOME MALWARE:
MALWARE means MALicious softWARE.

-Viruses (very dangerous; replication with hosts; examples: “ILoveYou” and Stuxnet).

-Worms (dangerous; replication without host; examples: MyDoom and Conficker).

-Spyware (a spyware modifies the security of your computer, spies what you do and sends some information to hackers).

-Keyloggers (there are hardware keyloggers and software keyloggers): record your keystrokes.

-Ransomware (a ransomware blocks access to your PC or encrypts your files so that you cannot use them; then the hacker asks you to give him money if you want to decode your files or access your computer).

-Rootkits (gives to hacker an access to your computer with the administrator rights, so that he can control it).

-Trojan horses: there are different kinds of trojan horses:

-The "remote administration" trojan horse.
-The "files serving" trojan horse.
-The "keylogging" trojan horse.
-The "passwords stealing" trojan horse.
-The "system killing" trojan horse.
-The "distributed denial of service attack" trojan horse: can attack a server through internet, with a BOTNET and DDoS attack.

-Hybrid threats: combination of virus + worm + trojan.

-Rogues (a rogue is false security software created by a hacker; if you install it, then your PC will be infected).



Examples of malware:
Melissa.
I love you.
Nimda.
Blaster.
Sasser.
Sobig.
Netsky.
Stuxnet.
Tchernobyl.
SQL Slammer.
Code red.
Conficker.
MyDoom.
Air-Gap (spyware moving in the air without physical connection between computers).



Other THREATS from internet:
-Hoax.
-Adware (advertisements, pop-up…. Not dangerous but annoying).
-Spam.



BOTNET:
it's roBOT NETwork (= a network of robots, in which a robot can be your computer, the robots are infected by malware, hackers use a BOTNET to attack a target like a server).
Examples of BOTNET:
-Mariposa.
-Rustok.
-Waledac.
-TDL-4.




2-Below are some TOOLS used to be protected against dangers


SOME ANTI-MALWaRE SOFTWARE:
-Microsoft Security Essentials.
-Avast antivirus.
-Kaspersky antivirus.
-Mcafee antivirus.
-FSecure.
-Adaware.
-Malwarebytes.
-Norton antivirus.
-AVG.
-BitDefender.



C.I.a and V.E.T:

C.I.a for Confidentiality (C), Integrity (I) and Availability (a):
-Confidentiality: ensure that authorized persons only can access and read the relevant files.
-Integrity: ensure that the data are reliable and correct, and authorized persons only can modify the relevant files.
-Availability: ensure that the data are always available for users.

V.E.T for Vulnerability (V), Exploit (E) and Threat (T):
-Vulnerability: it's a WEaKNESS in my network that exposes it to attackers.
-Exploit: it's a TOOL used by attackers for exploiting my network's vulnerability.
-Threat: it's the person who uses the exploit.



SOME SECURITY PROTOCOLS:

-HTTPS (HyperText Transfer Protocol Secure): to secure webpages (examples: https://www.google.com and https://www.youtube.com).

-IPsec (Internet Protocol SECurity): to secure the IP packets, for example to secure Virtual Private Networks (VPN).

-SSL (Secure Sockets Layer) and TLS (Transport Layer Security), for example to secure Virtual Private Networks (VPN).

-WPA3, WPA2, WPA and WEP: to secure your Wi-Fi connections. WPA3 is Wi-Fi Protected access 3, it is the last version.

-TKIP, CCMP and GCMP are encryption protocols.
TKIP is Temporal Key Integrity Protocol, CCMP is Counter Mode CBC-MaC Protocol and GCMP is Galois Counter Mode Protocol.

-DNSSEC (Domain Name System SECurity): to secure the DNS.

-SSH (Secure SHell): to secure a connection (often used to secure a connection to UNIX stations).

-SFTP (Secure File Transfer Protocol) and FTPS (File Transfer Protocol Secure): to secure the files transfer with FTP protocol.
SFTP uses SSH and FTPS uses TLS.



FIREWALL:
a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
-a firewall establishes a barrier between a secure internal network and another outside network not secured and/or not trusted, as internet.
-a firewall analyzes the header of each IP packet:
*the IP address of the destination computer.
*the IP address of the source computer.
*the type of transport protocol: TCP or UDP.
*the type of service or application (email; web…).
-a firewall belongs to network, transport and applications OSI layers (3, 4 and 7).
-a firewall can be a software or hardware.
-The protection is really useful only if:
*the firewall configuration is well done, and
*all network traffic passes through the firewall only.



DMZ:
DMZ is DeMilitarized Zone
-DMZ is the military zone between North and South Korea
-In Information Technology, a DMZ is a zone between internet and a Local area Network (LaN)
-The goal of a DMZ is to protect the LaN from outside
-a DMZ can contain some servers; these servers will be reached from internet (for example: mails server and FTP server)
-a DMZ is located between two firewalls.
-a company can use several DMZ to protect the LaN (for example an IT security company, scared to be hacked, can use 8 DMZ so 9 firewalls for decreasing the risk!).



WEB PROXY SERVER:
It is an intermediate server between the computers and internet.
Web proxy server roles are:
-to share the internet access between computers;
-to make ’’web cache’’;
-to block some websites access;
-to prevent some computers from accessing internet;
-to prevent from downloading files from internet;
-to protect the LaN by blocking access to some virtual ports.



VPN:
-VPN is Virtual Private Network.
-The goal of a Virtual Private Network is to secure data transfers between two sites or to make private your internet connection.
-In a VPN, all data packets follow the same and unique path.
-In a VPN, the data are encrypted, for example with IPsec.
-The following protocols can be used by a VPN: IPsec, PPTP, L2F, L2TP, SSL/TLS and SSH.



MFA:
MFA means MultiFactor authentication. The goal is to add a security layer.
For example, a user wants to connect to a website, he writes his login and his password, afterwards MFa can be a SMS received on the user's phone,
MFA can also be Google authenticator for generating another security code.



Digital CERTIFICATE:
a digital certificate is installed on each computer, a server is the certified authority which authentifies the computers and encrypts the information.



AAA:
AAA is authentication authorization accounting.
AAA is for CISCO switches and routers only; AAA adds a new security layer.
Authorization: defines rights and restrictions.
Accounting: recordes what users do.
Authentication: authentifies users.
AAA uses the two following protocols: TaCaCS+ (with TCP and port 49) and RADIUS (with UDP and ports 1812 & 1813).
TACACS+ is Terminal access Controller System, RaDIUS is Remote authentication Dual-In User Service.



IPS:
IPS is Intrusion Prevention Systems, it's a network security device.
IPS uses a database in order to block some malware and some network attacks, but not all.
Even if an IPS is installed within a network, it's better to install a firewall too, and antivirus software on each computer.



Switch Port-Security:
It's a security for CISCO switches only.
The interface of the switch must be in access-mode only.
When port-security is activated on a switch port, by default, only one MaC address is authorized to be connected on this port, so ony one computer.
It's possibe to define several MaC addresses, so a limited number of computers can be plugged on a specific port.
Below are some commands for configuring the switch: switchport mode access.
switchport port-security.
switchport port-security maximum 1.
switchport port-security mac-address writeheretheMaCaddress.



DHCP Snooping:
It's a security method for switches only. His goal is to ensure that each computer got his IP address from the relevant DHCP server, but not from a Rogue Server.
DHCP Snooping avoids DOS attack and Man-in-the-middle attack.
DHCP Snooping uses a small database named DHCP Binding Table, with the following information: IP addresses, MaC addresses, switch interface numbers.
By default, DHCP Snooping is not activated on a switch. Below are some commands for configuring the switch:
ip dhcp snooping
ip dhcp snooping trust
ip dhcp snooping vlan 1
show ip dhcp snooping binding



Dynamic ARP Intrusion:
It's a security method for switches only.
Dynamic aRP Intrusion avoids hackers to steal the IP address of the router, prevents aRP Spoofing attack and Man-in-the-middle attack.
First activate DHCP Snooping on a switch, afterwards activate Dynamic aRP Intrusion.



BIOMETRIC:
The goal is also to add a security layer, like fingers print or eyes print.



Security of WIRELESS networks:
Security of wireless networks is split in two parts: AUTHENTICaTION and ENCRYPTION.

-AUTHENTICATION:
Authentication protocols are: WEP, EAP, LEAP, EAP-FAST, PEAP and EAP-TLS.
WEP= Wired Equivalent Privacy.
EAP= Extensible authentication Protocol.
LEAP= Light EaP.
EAP-FAST= EAP-Flexible authentication by Secure Tunneling.
PEAP= Protected EAP.
EAP-TLS= EAP-Transport Layer Security.

-ENCRYPTION:
Encryption protocols are: WAP, WAP2, WAP3, TKIP, CCMP, GCMP.
WAP= WiFi Protected Access.
WAP2= WiFi Protected Access 2.
WAP3= WiFi Protected Access 3.
TKIP= Temporal Key Integrity Protocol.
CCMP= Counter Mode CBC-MaC Protocol.
GCMP= Galois Counter Mode Protocol.




SOME SECURITY RULES TO PROTECT YOUR COMPUTER:

-create strong & secret passwords: at least 12 characters with letters (lower and upper cases), numbers and special characters (@, !, ?,...)

-try to use several passwords for your accounts (but not only one password for all your accounts);

-never give your passwords to unknown person, never write it somewhere but keep it secret in your head;

-use multi-factor authentication;

-always lock your computer when you leave (even for few minutes);

-use and configure a firewall;

-use a good antivirus software, update the viruses’ database regularly, and make a complete scan once per week (if you find a malware, delete it);

-update your Operating System (like Windows);

-update all your software regularly;

-avoid leaving sensitive data on your computer, smartphone and tablet;

-be careful of some internet websites and if you download files (can contain malware); you can use a virtual machine to go on internet;

-always backup all your data (and it's better to save your data in a different and secure place); backup the systems too; test your backup, ensure you can restore data from the backup;

-always show hidden files;

-don’t plug unknown USB key (or unknown eHDD) because it can contain a new malware;

-avoid opening unknown email and unknown attached file because it can contain a malware;

-avoid clicking on link(s) of unknown emails; you can use the website http://urlxray.com/ for verifying if a link's name is the same than the website;

-use CCleaner regularly;

-be careful of macros (can contain malware). You can deactivate macros in Microsoft Word, Excel, PowerPoint and access by clicking on:

File -> Options -> Trust center -> Trust center Settings -> Macros settings -> Disable macros -> OK;

-hide your webcam when you do not use it (for example with a scotch tape);

-be careful of Wi-Fi connections in public places (airports, railway, bus stations,...); activate WPa3; use a VPN to go on internet

-turn off Bluetooth and Wi-Fi when not in use.




SOME SECURITY RULES TO PROTECT YOUR COMPANY:

-all the above rules for protecting computers, plus:

-use a good router to prevent network attacks;

-use a good anti-malware in all servers and computers;

-use one or several firewall(s);

-use one or several DMZ;

-use VPN if there are several sites (so the data will be encrypted);

-use a web proxy server;

-delete the old and unused network accounts;

-create a Security Policy Guide, ensure that aLL users read it, understand it and respect the IT security rules of the company. Inform users about phishing and ransomware;

-make physical security rules to protect the IT rooms, users entrance and access, electricity, UPS (Uninterruptible Power Supply), protection against fire, temperatures...;

-in case of disaster, it's useful to have spare room(s) with available and clean computers for all company users; and put in place a disaster recovery process;

-try to hire an IT security expert to protect your network;

-the top management should ensure there is an IT Security Responsible within the IT Department of the company;

-try to make a complete security audit by an external company (at least once per year), then correct your security issues.

Back to IT courses page

Back to website main page