Book Image

Applied Network Security

By : Arthur Salmon, Michael McLafferty, Warun Levesque
Book Image

Applied Network Security

By: Arthur Salmon, Michael McLafferty, Warun Levesque

Overview of this book

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network. The book begins by showing you how to identify malicious network behaviour and improve your wireless security. We will teach you what network sniffing is, the various tools associated with it, and how to scan for vulnerable wireless networks. Then we’ll show you how attackers hide the payloads and bypass the victim’s antivirus. Furthermore, we’ll teach you how to spoof IP / MAC address and perform an SQL injection attack and prevent it on your website. We will create an evil twin and demonstrate how to intercept network traffic. Later, you will get familiar with Shodan and Intrusion Detection and will explore the features and tools associated with it. Toward the end, we cover tools such as Yardstick, Ubertooth, Wifi Pineapple, and Alfa used for wireless penetration testing and auditing. This book will show the tools and platform to ethically hack your own network whether it is for your business or for your personal home Wi-Fi.
Table of Contents (18 chapters)

Mitigation against threats

There are many threats that a network faces. New network threats are emerging all the time. As a network security professional, it would be wise to have a good understanding of effective mitigation techniques. For example, a hacker using a packet sniffer can be mitigated by only allowing the network admin to run a network analyzer (packet sniffer) on the network. A packet sniffer can usually detect another packet sniffer on the network right away.

Although there are ways a knowledgeable hacker can disguise the packet sniffer as another piece of software, a hacker will not usually go to such lengths unless it is a highly-secured target. It is alarming that most businesses do not properly monitor their network or even at all.

It is important for any business to have a business continuity/disaster recovery plan. This plan is intended to allow a business to continue to operate and recover from a serious network attack. The most common deployment of the continuity/disaster recovery plan is after a DDoS attack. A DDoS attack could potentially cost a business or organization millions of dollars in lost revenue and productivity. One of the most effective and hardest to mitigate attacks is social engineering.

All the most devastating network attacks have begun with some type of social engineering attack. One good example is the hack against Snapchat on February 26th, 2016. "Last Friday, Snapchat's payroll department was targeted by an isolated e-mail phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information," Snapchat explained in a blog post. "Unfortunately, the phishing e-mail wasn't recognized for what it was - a scam - and payroll information about some current and former employees was disclosed externally." Socially engineered phishing e-mails, such as the one that affected Snapchat, are common attack vectors for hackers.

The one difference between phishing e-mails from a few years ago and those in 2016 is the level of social engineering hackers are putting into the e-mails. The Snapchat HR phishing e-mail indicated a high level of reconnaissance on the Chief Executive Officer of Snapchat. This reconnaissance most likely took months. This level of detail and targeting of an individual (The Chief Executive Officer) is more accurately known as a spear-phishing e-mail. Spear phishing campaigns go after one individual (fish) compared to phishing campaigns that are more general and may be sent to millions of users (fish). It is the same as casting a big open net into the water and seeing what comes back.

The only real way to mitigate against social engineering attacks is training and building awareness among users. Properly training the users that access the network will create a higher level of awareness of socially engineered attacks.