The unique feature here was understanding that newer cell phones can allow wireless laptops to tether themselves to the cell phone and share their Internet connectivity. Allowing cell phones into the corporate network completely circumvents access control procedures, firewalls, antivirus protection, data loss prevention systems, and so on. This makes securing corporate networks extremely difficult.
I learned that networking security has four broad goals to consider when creating a secure networking environment and even though they are similarly related to the CIA, they are quite differently looked at as regards to networking. These include availability, confidentiality, functionality, and access control. Availability, Attacks on network availability can prevent customers, suppliers, and employees from transacting business and Confidentiality In the context of network security, confidentiality means preventing unauthorized users from gaining information about the network’s structure, data flowing across the network, network protocols used, or packet header values. Functionality means preventing attackers from altering the capabilities or operation of the network while Access control within the context of network security is the policy-driven control of access to systems, data, and dialogues. Essentially, the goal is to keep attackers from accessing any internal resources. This would also include limiting access to internal employees.
This chapter provides information about the important of securing networks, how attackers use the several techniques such as DoS attacks and ARP poisoning, and how to establish controls to secure networks from those attacks. One key point that I took from this chapter is the four main objectives to secure network environment which are availability, confidentiality, functionality, and access control. It is important to identify risk and security measures to protect and detect networks to ensure that unauthorized persons cannot access to the services and resources (Availability), gain information about network structure (Confidentiality), modify the capabilities of the network (Functionality), and have excess authorization to gain intrusion to the network (Access control).
You have rightly said that it is important to identify security risks and appropriate mitigating measures to protect networks from unauthorized access or use. Also, the constant evolution in network technologies has been a constant headache to network administrators who have to constantly update their skill set to overcome the latest security threats. Due to budget limitations or the dependency on previous technologies, organizations are very hesitant to migrate to latest network security solutions, which further complicate the tasks for network administrators.
One interesting point that I learnt from this chapter is that what ARP (Address Resolution Protocol) poisoning is and how it works. ARP is a protocol that resolves IP addresses to machine MAC addresses. It means when a machine needs to communicate with another, it searches its ARP table. If one of the machines identifies this address, then ARP request is responded, and the requesting computer stores the address pair in its ARP table.
ARP poisoning is done by an attacker by sending falsified ARP messages over a local area network to link an attacker’s MAC address with the IP address of a legitimate computer or server on the network so that the attacker can link his/her MAC address with an authentic IP address and direct messages to this MAC address. Therefore, rerouting the network traffic using ARP poisoning enable attackers to intercept, modify or block communications which harms both functionality and confidentiality of a network.
It is true, and this can be prevented by using static IP and ARP tables. According to the explanation in chapter four, static ARP tables are manually set and cannot be dynamically updated with the ARP. The only challenge in using static IP and ARP tables is that organizations change, so, while this may work in small network with minor changes, it may not work in large organizations because they change too quickly, and lack the experience to effectively manage static IP and ARP tables. However, large organizations are good at preventing ARP poisoning by limiting access to the local network.
One key takeaway from this chapter is that the wireless denial of service affects the availability of the network. Some of the ways to prevent hosts from accessing a wireless network are: Flooding the entire transmission Frequency. Attackers can alter wireless devices to flood these frequency bands with electromagnetic interference (EMI), also known as radio frequency interference (RFI). The noise damages the 802.11 signal and makes its packets unreadable.
Interestingly, attackers can use common household items such as baby monitors, cordless phones, and Bluetooth devices to interfere with an 802.11 network.
However, Network administrators can use wireless spectrum analyzers to record all signals, including packet transmissions, within a given radio frequency band, and identify DoS floods.
Secondly, attackers can overwhelm an access point with too much traffic. If an attacker continually sends an inordinate number of packets to the AP, all other hosts would be effectively denied access. Also, an attacker could use packet injection to send spoofed deauthenticate on the WLAN.
A continuous stream of spoofed deauthenticate messages could keep clients from connecting to the AP. The spoofed deautheticate message is effective because the source of the message is not authenticated or verified.
Hi ugo,
you raise important points, DOS attacks prevent hosts from accessing a wireless network by flooding the entire transmission frequency. As regards to the CIA triad(confidentiality, integrity and availability) this attack affects system availability.
After reading through Chapter 4 of the Corporate Computer Security textbook, which pertained to the threats faced and the facets of the risk mitigation techniques employed by modern information systems, I found myself learning quite a bit about the various network security standards created by the Wi-Fi Alliance and how they apply to all of who use Wi-Fi to this day. The first network security standard created was the Wired Equivalent Privacy (WEP) Standard in 1997, which also happened to be the weakest standard in terms of security features. The network security features that were mandated in this standard included the implementation of a shared key across all access points which when known gave full access to the network, and the RC4 and 24-bit Initialization Vector (IV) for encryption which frequently bits of the encryption key. Thankfully, the Wi-Fi Protected Access (WPA) standard came shortly afterwards to replace it, mandating the need for the Temporal Key Integrity Protocol (TKIP) to address the single shared key issue, and RC4 and 48-bit IV encryption which significantly reduced leakage and made it exponentially harder to crack.
Chapter 4 discusses about the security goals related to confidentiality, integrity, functionality and access management of networks. This chapter discussed the various forms of DOS, ARP and wireless security attacks. I found the evolution of wireless attacks interesting. WEP was rendered useless a long time ago and even the more recent WPA (Wi-Fi Protected Access) has been cracked. This shows that even though wireless technologies have made it easier and cost effective to provide network connectivity, they are more susceptible than the traditional wired networks. The chapter also discussed the importance of VPN technology in overcoming the wireless security threats. This can be connected to the increasing use of IPsec technology discussed in the Cryptography chapter.
Thank you for your summary of chapter 4. Like you’ve said, wireless attacks are more and more these days, and protections like WEP and WPA are being cracked. That is the reason why WPA needs upgrades, like WPA 2, and the newly released WPA 3. As more and more devices support the new standard, our digital life will become more secure with it.
Chapter four discusses the relationship between the cyber security environment and the CIA.You need to keep the information confidential.Access to information, and information is not tampered with.Of the four major goals: the Availability, Confidentiality, Functionality, and Access control. In addition, the fourth chapter also explains some typical network attacks.For example, DOS attacks.The main purpose of a DoS attack is to stop certain critical services.The use of a large number of fake accounts to occupy the capacity of the network server, thereby achieving a slow service speed.
Chapter discusses quite a lot on how the system will be attacked. The point I want to say it about the Denial of Service, which is one of the most common network based attack. Denial of Service is the result of the attack, with the ultimate goal of crashing companies’ most critical web server. Denial of Service attack is not only happening for companies, but also for individual users, such as online gaming. Fortunately, we can defend the attack by black holing, handshake validating and rate limiting.
One interesting point from Chapter 4 was the section on wireless security and the struggle to keep up with new types of network attacks. While wireless networks have more security issues to consider, their convenience, accessibility, and cheaper cost seemingly outweigh the risks associated with these networks. Some examples of wireless attacks discussed in this chapter include unauthorized network access, evil twin access point (man-in-the-middle), and wireless DoS. There are methods used to prevent these attacks, like using a VPN and extended EAP standards, however we can see that every control can also come with its own flaws and hackers can still potentially gain access to these networks if they have the right software at their disposal.
One aspect I found interesting was the mention of DoS (Denial of Service). DoS is an attack that denies users access to the systems because the computers are all shut down. In this occurrence, a company could lose a lot of money if too much time has passed with users denied of access. It is imperative that organizations have firm security software to combat against the possibility of this occurring, especially to help protect their revenue and client base.
Hello,
After reading through your biggest takeaway from the fourth chapter of the Corporate Computer Security textbook, I found myself in agreement with your overall position on Denial of Service attacks. Aside from just the monetary loss a company suffers while their systems are being attacked, it should be noted that company’s also suffer critically on the reputation front for current and potential customers. One of the more interesting ways that organizations can help alleviate the potential damage of a DoS attack include the implementation of alternate network paths and load balancing.
An interesting takeaway from chapter 4 is how difficult it can be to secure wireless networks or defend against wireless attacks. One example was rouge access points. Here you could have a department like engineering that want better wireless for their lab and go out and get an access point without telling IT. IT may eventually see the device on the network but during that time frame it was up there could have been the equivalent of a front door into the network. The evil twin attack was also very interesting and would be a difficult attack to defend against without out proper key infrastructure or VPN.
Hi James, I like your explanation on the rouge access points. This is an example of a department acquiring and running a software in a firm’s network application without proper documentation, authorization, testing and approval.
Also, it is really shocking to know that the evil twin access points can capture credential transmission and keys which it can use to decrypt encrypted messages, read it, encrypt it again, and pass it on. It therefore means that Wi-Fi Protected Access and 802.11i are useless when man-in-the-middle attack is executed by an evil twin. So, organizations must require clients accessing the network remotely to establish a VPN connection to protect the secret that the client and server exchange and to ensure that it is not intercepted by evil twin.
Wireless internet connections have become the backbone of our worldly existence. In school, work, and life all of our devices need a wireless network to be productive. However, when dealing with large wireless networks, you are often responsible for an endless amount of endpoints. WIth each endpoint, you could possibly encounter an additional attack or vulnerability. One thing that I found interesting in Chapter 4 was how network administrators keep all of the endpoints in check. The admin places accessibility at the forefront of their network priority, yet they still keep confidentiality and integrity in check.
For the maximum wireless security, it is recommended to use WPA2 authentication, which requires an up-to-date security certificate from the server AP. That avoids also, in my opinion, the most dangerous vulnerability while using the wireless network, which is a man-in-the-middle attack. Because you don’t really want hackers intercepting your passwords or data while surfing.
The unique feature here was understanding that newer cell phones can allow wireless laptops to tether themselves to the cell phone and share their Internet connectivity. Allowing cell phones into the corporate network completely circumvents access control procedures, firewalls, antivirus protection, data loss prevention systems, and so on. This makes securing corporate networks extremely difficult.
I learned that networking security has four broad goals to consider when creating a secure networking environment and even though they are similarly related to the CIA, they are quite differently looked at as regards to networking. These include availability, confidentiality, functionality, and access control. Availability, Attacks on network availability can prevent customers, suppliers, and employees from transacting business and Confidentiality In the context of network security, confidentiality means preventing unauthorized users from gaining information about the network’s structure, data flowing across the network, network protocols used, or packet header values. Functionality means preventing attackers from altering the capabilities or operation of the network while Access control within the context of network security is the policy-driven control of access to systems, data, and dialogues. Essentially, the goal is to keep attackers from accessing any internal resources. This would also include limiting access to internal employees.
This chapter provides information about the important of securing networks, how attackers use the several techniques such as DoS attacks and ARP poisoning, and how to establish controls to secure networks from those attacks. One key point that I took from this chapter is the four main objectives to secure network environment which are availability, confidentiality, functionality, and access control. It is important to identify risk and security measures to protect and detect networks to ensure that unauthorized persons cannot access to the services and resources (Availability), gain information about network structure (Confidentiality), modify the capabilities of the network (Functionality), and have excess authorization to gain intrusion to the network (Access control).
Hello Num,
You have rightly said that it is important to identify security risks and appropriate mitigating measures to protect networks from unauthorized access or use. Also, the constant evolution in network technologies has been a constant headache to network administrators who have to constantly update their skill set to overcome the latest security threats. Due to budget limitations or the dependency on previous technologies, organizations are very hesitant to migrate to latest network security solutions, which further complicate the tasks for network administrators.
One interesting point that I learnt from this chapter is that what ARP (Address Resolution Protocol) poisoning is and how it works. ARP is a protocol that resolves IP addresses to machine MAC addresses. It means when a machine needs to communicate with another, it searches its ARP table. If one of the machines identifies this address, then ARP request is responded, and the requesting computer stores the address pair in its ARP table.
ARP poisoning is done by an attacker by sending falsified ARP messages over a local area network to link an attacker’s MAC address with the IP address of a legitimate computer or server on the network so that the attacker can link his/her MAC address with an authentic IP address and direct messages to this MAC address. Therefore, rerouting the network traffic using ARP poisoning enable attackers to intercept, modify or block communications which harms both functionality and confidentiality of a network.
It is true, and this can be prevented by using static IP and ARP tables. According to the explanation in chapter four, static ARP tables are manually set and cannot be dynamically updated with the ARP. The only challenge in using static IP and ARP tables is that organizations change, so, while this may work in small network with minor changes, it may not work in large organizations because they change too quickly, and lack the experience to effectively manage static IP and ARP tables. However, large organizations are good at preventing ARP poisoning by limiting access to the local network.
One key takeaway from this chapter is that the wireless denial of service affects the availability of the network. Some of the ways to prevent hosts from accessing a wireless network are: Flooding the entire transmission Frequency. Attackers can alter wireless devices to flood these frequency bands with electromagnetic interference (EMI), also known as radio frequency interference (RFI). The noise damages the 802.11 signal and makes its packets unreadable.
Interestingly, attackers can use common household items such as baby monitors, cordless phones, and Bluetooth devices to interfere with an 802.11 network.
However, Network administrators can use wireless spectrum analyzers to record all signals, including packet transmissions, within a given radio frequency band, and identify DoS floods.
Secondly, attackers can overwhelm an access point with too much traffic. If an attacker continually sends an inordinate number of packets to the AP, all other hosts would be effectively denied access. Also, an attacker could use packet injection to send spoofed deauthenticate on the WLAN.
A continuous stream of spoofed deauthenticate messages could keep clients from connecting to the AP. The spoofed deautheticate message is effective because the source of the message is not authenticated or verified.
Hi ugo,
you raise important points, DOS attacks prevent hosts from accessing a wireless network by flooding the entire transmission frequency. As regards to the CIA triad(confidentiality, integrity and availability) this attack affects system availability.
After reading through Chapter 4 of the Corporate Computer Security textbook, which pertained to the threats faced and the facets of the risk mitigation techniques employed by modern information systems, I found myself learning quite a bit about the various network security standards created by the Wi-Fi Alliance and how they apply to all of who use Wi-Fi to this day. The first network security standard created was the Wired Equivalent Privacy (WEP) Standard in 1997, which also happened to be the weakest standard in terms of security features. The network security features that were mandated in this standard included the implementation of a shared key across all access points which when known gave full access to the network, and the RC4 and 24-bit Initialization Vector (IV) for encryption which frequently bits of the encryption key. Thankfully, the Wi-Fi Protected Access (WPA) standard came shortly afterwards to replace it, mandating the need for the Temporal Key Integrity Protocol (TKIP) to address the single shared key issue, and RC4 and 48-bit IV encryption which significantly reduced leakage and made it exponentially harder to crack.
Chapter 4 discusses about the security goals related to confidentiality, integrity, functionality and access management of networks. This chapter discussed the various forms of DOS, ARP and wireless security attacks. I found the evolution of wireless attacks interesting. WEP was rendered useless a long time ago and even the more recent WPA (Wi-Fi Protected Access) has been cracked. This shows that even though wireless technologies have made it easier and cost effective to provide network connectivity, they are more susceptible than the traditional wired networks. The chapter also discussed the importance of VPN technology in overcoming the wireless security threats. This can be connected to the increasing use of IPsec technology discussed in the Cryptography chapter.
Hi Akshay,
Thank you for your summary of chapter 4. Like you’ve said, wireless attacks are more and more these days, and protections like WEP and WPA are being cracked. That is the reason why WPA needs upgrades, like WPA 2, and the newly released WPA 3. As more and more devices support the new standard, our digital life will become more secure with it.
Chapter four discusses the relationship between the cyber security environment and the CIA.You need to keep the information confidential.Access to information, and information is not tampered with.Of the four major goals: the Availability, Confidentiality, Functionality, and Access control. In addition, the fourth chapter also explains some typical network attacks.For example, DOS attacks.The main purpose of a DoS attack is to stop certain critical services.The use of a large number of fake accounts to occupy the capacity of the network server, thereby achieving a slow service speed.
Chapter discusses quite a lot on how the system will be attacked. The point I want to say it about the Denial of Service, which is one of the most common network based attack. Denial of Service is the result of the attack, with the ultimate goal of crashing companies’ most critical web server. Denial of Service attack is not only happening for companies, but also for individual users, such as online gaming. Fortunately, we can defend the attack by black holing, handshake validating and rate limiting.
Hi, Peiran Liu
You are right that DOS attack can affect not only a company, but also a personal network.Some DOS attacks have no purpose.
One interesting point from Chapter 4 was the section on wireless security and the struggle to keep up with new types of network attacks. While wireless networks have more security issues to consider, their convenience, accessibility, and cheaper cost seemingly outweigh the risks associated with these networks. Some examples of wireless attacks discussed in this chapter include unauthorized network access, evil twin access point (man-in-the-middle), and wireless DoS. There are methods used to prevent these attacks, like using a VPN and extended EAP standards, however we can see that every control can also come with its own flaws and hackers can still potentially gain access to these networks if they have the right software at their disposal.
One aspect I found interesting was the mention of DoS (Denial of Service). DoS is an attack that denies users access to the systems because the computers are all shut down. In this occurrence, a company could lose a lot of money if too much time has passed with users denied of access. It is imperative that organizations have firm security software to combat against the possibility of this occurring, especially to help protect their revenue and client base.
Hello,
After reading through your biggest takeaway from the fourth chapter of the Corporate Computer Security textbook, I found myself in agreement with your overall position on Denial of Service attacks. Aside from just the monetary loss a company suffers while their systems are being attacked, it should be noted that company’s also suffer critically on the reputation front for current and potential customers. One of the more interesting ways that organizations can help alleviate the potential damage of a DoS attack include the implementation of alternate network paths and load balancing.
An interesting takeaway from chapter 4 is how difficult it can be to secure wireless networks or defend against wireless attacks. One example was rouge access points. Here you could have a department like engineering that want better wireless for their lab and go out and get an access point without telling IT. IT may eventually see the device on the network but during that time frame it was up there could have been the equivalent of a front door into the network. The evil twin attack was also very interesting and would be a difficult attack to defend against without out proper key infrastructure or VPN.
Hi James, I like your explanation on the rouge access points. This is an example of a department acquiring and running a software in a firm’s network application without proper documentation, authorization, testing and approval.
Also, it is really shocking to know that the evil twin access points can capture credential transmission and keys which it can use to decrypt encrypted messages, read it, encrypt it again, and pass it on. It therefore means that Wi-Fi Protected Access and 802.11i are useless when man-in-the-middle attack is executed by an evil twin. So, organizations must require clients accessing the network remotely to establish a VPN connection to protect the secret that the client and server exchange and to ensure that it is not intercepted by evil twin.
Wireless internet connections have become the backbone of our worldly existence. In school, work, and life all of our devices need a wireless network to be productive. However, when dealing with large wireless networks, you are often responsible for an endless amount of endpoints. WIth each endpoint, you could possibly encounter an additional attack or vulnerability. One thing that I found interesting in Chapter 4 was how network administrators keep all of the endpoints in check. The admin places accessibility at the forefront of their network priority, yet they still keep confidentiality and integrity in check.
For the maximum wireless security, it is recommended to use WPA2 authentication, which requires an up-to-date security certificate from the server AP. That avoids also, in my opinion, the most dangerous vulnerability while using the wireless network, which is a man-in-the-middle attack. Because you don’t really want hackers intercepting your passwords or data while surfing.