Book Image

Applied Network Security

By : Arthur Salmon, Michael McLafferty, Warun Levesque
Book Image

Applied Network Security

By: Arthur Salmon, Michael McLafferty, Warun Levesque

Overview of this book

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network. The book begins by showing you how to identify malicious network behaviour and improve your wireless security. We will teach you what network sniffing is, the various tools associated with it, and how to scan for vulnerable wireless networks. Then we’ll show you how attackers hide the payloads and bypass the victim’s antivirus. Furthermore, we’ll teach you how to spoof IP / MAC address and perform an SQL injection attack and prevent it on your website. We will create an evil twin and demonstrate how to intercept network traffic. Later, you will get familiar with Shodan and Intrusion Detection and will explore the features and tools associated with it. Toward the end, we cover tools such as Yardstick, Ubertooth, Wifi Pineapple, and Alfa used for wireless penetration testing and auditing. This book will show the tools and platform to ethically hack your own network whether it is for your business or for your personal home Wi-Fi.
Table of Contents (18 chapters)

Security for individuals versus companies

One of the fundamental questions individuals need to ask themselves is, Is there a difference between individuals and an organization? Individual security is less likely due to the attack service area. However, there are tools and sites on the Internet that can be utilized to detect and mitigate data breaches for both: https://haveibeenpwned.com/ or http://map.norsecorp.com/ are good sites to start with. The issue is that individuals believe they are not a target because there is little to gain from attacking individuals, but in truth everyone has the ability to become a target.

Wi-Fi vulnerabilities

Protecting wireless networks can be very challenging at times. There are many vulnerabilities that a hacker can exploit to compromise a wireless network. One of the basic Wi-Fi vulnerabilities is broadcasting the Service Set Identifier (SSID) of your wireless network. Broadcasting the SSID makes the wireless network easier to find and target.

Another vulnerability in Wi-Fi networks is using Media Access Control (MAC) addresses for network authentication. A hacker can easily spoof or mimic a trusted MAC address to gain access to the network. Using weak encryption such as Wired Equivalent Privacy (WEP) will make your network an easy target for attack. There are many hacking tools available to crack any WEP key in under five minutes.

We will explore some of these tools later in this book. A major physical vulnerability in wireless networks is access points (APs). Sometimes APs will be placed in poor locations that can be easily accessed by a hacker. A hacker may install what is called a rogue AP. This rogue AP will monitor the network for data that a hacker can use to escalate their attack.

Often this tactic is used to harvest the credentials of high ranking management personnel, to gain access to encrypted databases that contain the personal/financial data of employees and customers, or both. Peer-to-peer technology can also be a vulnerability for wireless networks.

A hacker may gain access to a wireless network by using a legitimate user as an accepted entry point. Not using and enforcing security policies is also a major vulnerability found in wireless networks. Using security tools such as Active Directory (deployed properly) will make it harder for a hacker to gain access to a network. Hackers will often go after low-hanging fruit (easy targets), so having at least some deterrence will go a long way in protecting your wireless network.

Using Intrusion Detection Systems (IDS) in combination with Active Directory will immensely increase the defense of any wireless network, although the most effective factor is having a well-trained and informed cyber security professional watching over the network. The more a cyber security professional (threat hunter) understands the tactics of a hacker, the more effective that threat hunter will become in discovering and neutralizing a network attack. Although there are many challenges in protecting a wireless network, with the proper planning and deployment those challenges can be overcome.

Knowns and unknowns

The toughest thing about unknown risks to security is that they are unknown. Unless they are found, they can stay hidden. A common practice to determine an unknown risk would be to identify all the known risks and attempt to mitigate them as best as possible. There are many sites available that can assist in this venture. The most helpful are reports from CVE sites that identify vulnerabilities.

False positives

Positive Negative
True TP: correctly identified TN: correctly rejected
False FP: incorrectly identified FN: incorrectly rejected

As it is related to detection for an analyzed event, there are four situations that exist in this context, corresponding to the relationship between the results of the detection for an analyzed event. In this case, each of the corresponding situations is outlined as follows:

  • True positive (TP): This is when the analyzed event is correctly classified as an intrusion or as harmful/malicious.
    For example, a network security administrator enters their credentials into the Active Directory server and is granted administrator access.
  • True negative (TN): This is when the analyzed event is correctly classified and correctly rejected.
    For example, an attacker uses a port such as 4444 to communicate with a victim's device. An intrusion detection system detects network traffic on the authorized port and alerts the cyber security team to this potential malicious activity. The cyber security team quickly closes the port and isolates the infected device from the network.
  • False positive (FP): This is when the analyzed event is innocuous or otherwise clean in the context of security, however, the system classifies it as malicious or harmful.
    For example, a user types their password into a website's login text field. Instead of being granted access, the user is flagged for an SQL injection attempt by input sanitation. This is often caused when input sanitation is misconfigured.
  • False negative (FN): This is when the analyzed event is malicious, but it is classified as normal/innocuous.
    For example, an attacker inputs an SQL injection string into a text field found on a website to gain unauthorized access to database information. The website accepts the SQL injection as normal user behavior and grants access to the attacker. For detection, having systems correctly identify the given situation is paramount.