The Boyle and Panko chapter focusing on Network Security summarizes various risks and controls that can be instituted on wireless or wired networks, network sites, and other network services, as well as denial of service attacks and how they work. What I found interesting in this chapter, was how, when setting up controls to prevent unauthorized access or risk to a system, just how often these controls may interfere with legitimate system use, especially in DOS controls. While things like black holing or rate limits can be effective measures to stop incoming spam traffic, they can just as easily cripple an organization’s ability to access legitimate info or receive legitimate packages. Being able to fully control against a DOS attack seems to come with its own risks to productivity and availability and therefor should only be undertaken with a balanced objective in mind to not fully cripple productivity
A very well-articulated summary of your thoughts. I agree that prevention controls can hinder legitimate system use. That is the question we must ask. Depending on the side of the isle you stand, it could be worth the risk to “loosen the reigns” in the name of productivity. I am in total harmony with you in urging for a balanced approach with talking risk and productivity.
Exactly, this is a pattern that I’ve noticed with IT security and security processes as a whole. A lot of these systems are built around acceptable risk and how secure we can make a system, without sacrificing access to the system, or “availability” if you want to use our three objectives. As we discussed last semester, the only way to have a truly secure device is to never turn it on. Using networked devices will always carry a certain level of risk, and the recommendations we as security experts need to make is how to prioritize and protect against these risks to the best of our availability while not sacrificing productivity within an organization or contractor
I see what you’re saying about performance and hindering CIA, access etc. I like you said about zero risk in not turning anything on but now can think about the public key infrastructure and the certificates. But then again, and this was my question this week, what do you do when those certificates are compromised? I have a good feeling we will have a better idea as the class goes on.
In this chapter 4, Boyle and Panko commenced by delineating four pivotal goals for establishing a secure networking environment: availability, confidentiality, functionality, and access control. It scrutinizes the challenges faced by network administrators in achieving security. Delving into denial-of-service (DoS) attacks, the text elucidates various attack methods and corresponding defenses, including black holing and TCP handshake validation. ARP poisoning is explored next, detailing its potential for man-in-the-middle attacks and traffic interception, highlighting its threat to network functionality and confidentiality. The discourse then transitions to security measures for wired LANs, spotlighting the 802.1X standard’s role in authentication and preventing unauthorized network access. Authentication mechanisms involving EAP are elucidated, with emphasis on the seamless integration of new methods. Wireless network attacks, encompassing unauthorized access and denial-of-service threats, are examined subsequently. The text underscores the importance of VPNs in mitigating security risks posed by evil twin access points. It traces the evolution of wireless security standards from WEP to WPA and ultimately to the robust 802.11i standard, emphasizing the imperative of transitioning to stronger cryptographic methods. Lastly, the narrative underscores the growing trend of centralized access point management and the role of wireless intrusion detection systems in identifying security breaches.
Amazing summary you did here. Goals for a Secure Networking Environment:
The chapter begins by emphasizing four critical goals for secure networks:
Availability: Ensuring uninterrupted access to resources.
Confidentiality: Protecting sensitive information.
Functionality: Maintaining network capabilities.
Access Control: Managing user permissions.
Denial-of-Service (DoS) Attacks:
The text explores various DoS attack methods.
Black holing and TCP handshake validation are discussed as defense mechanisms.
These attacks disrupt availability by overwhelming systems with excessive traffic.
ARP Poisoning:
ARP poisoning can lead to man-in-the-middle attacks and traffic interception.
It threatens both network functionality and confidentiality.
Security Measures for Wired LANs:
The 802.1X standard plays a crucial role in authentication and preventing unauthorized access.
EAP (Extensible Authentication Protocol) methods are explained, emphasizing seamless integration of new techniques.
Wireless Network Attacks:
Unauthorized access and denial-of-service threats are examined.
VPNs are essential for mitigating risks posed by evil twin access points.
Evolution of Wireless Security Standards:
The transition from WEP to WPA and finally to the robust 802.11i standard is highlighted.
Stronger cryptographic methods are emphasized.
Centralized Access Point Management and Intrusion Detection:
The trend toward centralized management and the role of wireless intrusion detection systems are discussed.
In summary, the chapter covers a wide range of security topics, from wired LANs to wireless networks, emphasizing the need for robust defenses and evolving standards.
Great write up as usual. You and the chapter have a ton listed so I simply took one off you list and did some research. EAP aka Extensible authorization protocol actually is not a protocol. It’s a framework, it’s a way of authentication depending on how you are accessing it. For example, if doing over the LAN you will more than likely using a 2.1X that you’re providing a port level access and cannot access network until authenticated via the 802.1 protocol that uses EAP authentication.
This is where you can see a more in detail information.
The chapter starts with explaining the goals of creating secure networks then goes into denial-of-service (DoS) attacks and ARP poisoning works. Continuing with the importance of access control following with securing Ethernet networks and closing with wireless (WLAN) security standards. This chapter provides a lot of great information on securing networks but the one section that stood out to me was section 4.2 DoS attacks.
Denial-of-service attacks is the most common types of attacks. The nature of these attacks is an attempt make networks and servers unavailable. What I learned is that not all service interruptions are attacks. In a time of heighted awareness surrounding cybersecurity, it is not farfetched to assume that an internet service provider (ISP) outage could possibly be an attack. I like the two examples of faulty coding and referral from large sites. Referral from Large sites meaning a larger site links to a smaller site and the smaller site network traffic picks up and slows down the smaller network.
With so many types of DoS attacks, I can understand why everything would seem like you are being attacked. This is why understanding DoS attack methods helps to discern what is and what is not an attack as well as the method of attacks.
. This material provides valuable insights into network security. Here are the main takeaways:
Denial of Service (DoS) Attacks:
A DoS attack aims to disrupt a network or system by overwhelming it with excessive traffic or resource requests.
Attackers exploit vulnerabilities in network protocols or directly exhaust resources to render the target system unresponsive.
Common types include broadband attacks and connectivity attacks.
The consequences of a successful DoS attack can be severe, impacting service availability and causing system crashes.
Four Goals for Secure Networking Environments:
Availability: Authorized users should have uninterrupted access to information, services, and network resources.
Confidentiality: Prevent unauthorized users from gaining sensitive information about the network, including its structure, data flow, and protocols.
Intergrity: Ensuring that network functionality remains intact, preventing attacks from altering capabilities (e.g., routing, hostname resolution).
In Chapter Four, the author discusses the importance of establishing a secure network to fulfill four primary objectives, confidentiality, availability, functionality, and access control, and how various attacks can affect these goals. Attacks such as DDOS can lead to the unavailability of network resources or service degradation, Man in the middle attack can affect confidentiality as an attacker can intercept the communication and gain access to data that was not intended for them.
Section 4.4 the author talks about the significance of access control, which resonated strongly with me as it should be prioritized during network design and implementation. It is important to implement proper access control measures to ensure attackers cannot gain access to the network because if they can connect to the LAN it means all other security measures such as firewalls cannot stop them. Beginning with physical controls to prevent unauthorized personnel from entering corporate facilities and extending to securing network infrastructure such as cables, ports, routers, switches, and access points, is crucial. These components should be concealed from plain sites so that someone who is just walking into the building can not easily access them. Other techniques such as lowering Access point signal strength or transmission power can mitigate threats like wardriving when attackers are trying to conduct reconnaissance on their targets.
Organizations must recognize the importance of access control from the start to strengthen their defenses against potential security breaches.
I agree with you that access controls are essential for network design and implementation as well as network security as a whole. Additionally to what you mentioned, there are software solutions for access controls that exist to dissuade users that are logged into the system from accessing resources they do not have access to. Things like Discretionary Access Controls through Access Control Lists, Role-Based Access Controls through group roles setup in systems, and Attribute-Based Access Controls that are more customizable towards specific demographics per user. I believe there are other software solutions that exist, but these come up when I think about software solutions.
Hi Mariam, I like your point recognizing the importance of access control in maintaining a secure network. By implementing measures like physical controls and securing network infrastructure, organizations can prevent unauthorized access and strengthen their overall defenses. Adjusting access point signal strength is one effective technique to mitigate potential threats. Starting with strong access control from the beginning is vital for safeguarding against security breaches!
Chapter 4 was also packed with a ton of good information. Being out of networking for twenty years I found this chapter interesting. I found how important it is to have your company follow the correct cyber and audit guidelines that are out there. For example, as this is new to me, sometimes when a company’s network goes down the first thing to blame is an attacker or some sorts whether it be internal or external. According to this week text, “Newsnet Scotland claimed to be victims of a DoS attack by pro-Unionism political opponents. However, it turned out that the loss of service was caused by shoddy coding”. In my other class this semester I am taking Systems and Infrastructure Lifecycle Management, and it is mainly concentrated on section 3 of the CISA certification. Making sure you have proper audits done and that all IT project management is up to standards, goes to show that Newsnet Scotland could be possible to be not up to standards on their IT coding practices which could be the reason why they went down vs falsely blaming a DDos attack. The module they made an adjustment was the reason, but could the real reason be that they skipped a couple of steps, and the auditor missed it on their audit or lack thereof an audit?
When I worked in tech support for Comcast, we would have all networking privileges to all SMB modems across the whole United States. One thing that stood out to me as well was the ARP poisoning attacks and I never even knew that I used that command on a daily basis for when a customer would call in and say they never use their services but when I would remote into their equipment it would show what was connected, what port it was using and how much data was being used. We also used a front-line interface that was more user-friendly vs the command line (I’m more of a command line user). I never knew of people grabbing the ARP information and either feeding it their own machine from within or spoofing other machines to make it look like an internal machine. This makes me want to go and refresh myself on all the networking protocols etc. As the chapter goes on besides a Dos attack or an ARP poisoning attack you can also do an ARP Dos attack. This is where the attacker sends all internal hosts a continuous stream of unsolicited spoofed ARP replies saying the gateway is the host record and the IP address. The internal host then will send all traffic intended for the gateway to the nonexistent MAC address. It ultimately cannot deliver the packets as the host is fake and the packets are dropped. It also cannot forward the packets even though it is physically connected directly to the gateway. Keep in mind that the attacker must have access to the local network for this attack to work and why it is very important when you call your ISP like Comcast, that you need to authenticate several ways before we can give information out, especially your gateway address. It is also difficult to explain those types of issues to a pizza shop owner for example that it’s not your ISP that is running slow and dropping packets, it is that you did not secure your network and the pack loss is from your internal network, may your ARP be poisoned. That’s where my job comes in and I have to explain that to them and make sure they understand 100% it them vs ISP and to keep you from disconnecting services to run to another ISP where you’ll have the same issues of slow networking connection. The chapter then goes into how you can prevent ARP poisoning by utilizing a static IP address, which is an ala carte service you can purchase which gives you more protection per but ultimately you need to make sure you network is protected and maintained even if you are a small pizza shop.
A majority of the protocols and attacks in this chapter were fairly new or brought back what I learned years ago. With that being said, a lot has changed, and a lot has stayed the same. You need to be protected and you need to follow standards to have a protected network. The chapter starts out with the now familiar CIA and four goals that are extensions of the CIA which are: confidentiality, integrity, functionality, and access control. It is important to understand that network attacks are typically focused on defeating one or more of these goals. Since we have gone over CIA in the previous class, I wanted to add the two that we have not. Functionality, according to the text, “Means preventing attackers from altering the capabilities or operation of the network”. For example, a disgruntled employee uses ARP poisoning and man-in-the-middle attack to steal and trade secrets. The second goal is access control which is the policy-driven control of access to systems, data, and dialogues. The end goal is to stop any attacks from accessing anything in your internal network which could include up to certain internal employees. That also make me think there is a pattern here employee and network attacks.
Your thoughts into Chapter 4 are very insightful, especially considering your experience and the relevance to your current coursework. The example of Newsnet Scotland highlights the importance of proper IT coding practices and adherence to audit standards, underscoring the potential consequences of overlooking these aspects.
Your experience at Comcast, particularly with ARP poisoning attacks, offers a practical perspective on the challenges of explaining technical issues to non-technical users. Your explanation of ARP DoS attacks and the importance of network security for even small businesses, like pizza shops, adds a practical dimension to the theoretical concepts discussed in the chapter.
Your emphasis on the evolving nature of protocols and attacks, alongside the importance of adhering to standards for network protection, is a crucial takeaway. Connecting the concepts to the CIA model and introducing functionality and access control as additional goals provides a comprehensive understanding of the objectives in securing a network.
Overall, your discussion effectively bridges theoretical concepts with real-world scenarios, offering a well-rounded perspective on the importance of proper network security practices.
Chapter 4 focuses on secure networking, particularly addressing denial-of-service (DoS) attacks in 4.2 which aim to disrupt the availability of servers or networks to legitimate users. 4.2 highlights various aspects of DoS attacks, including their common occurrence, the distinction between intentional attacks and unintentional service interruptions, and the significant impact they can have on organizations. One key point of interest I liked was the discussion on how DoS attacks can manifest not only as deliberate malicious actions but also as unintended consequences of factors like faulty coding or sudden influxes of traffic from large sites. This underscores the complexity of identifying and mitigating such attacks, as well as the potential for misunderstanding the root cause of service disruptions. It’s interesting because it highlights the need for a nuanced understanding of network security issues and the importance of thorough investigation before attributing blame or implementing countermeasures.
I agree with you Nicholas, chapter 4 delves into secure networking, with a focus on denial-of-service (DoS) attacks, which disrupt server or network availability. It underscores the nuances in identifying and mitigating such attacks, highlighting how they can arise from both malicious intent and unintentional factors, emphasizing the need for a nuanced understanding and thorough investigation in network security strategies.
Excellent points! I completely agree with your assessment on the complexity of DoS assaults. The conversation about inadvertent effects, like those brought on by bad code or unexpected spikes in traffic, complicates the mitigation procedure. In fact, it highlights how important it is to have a sophisticated grasp of network security and how careful research is necessary to prevent misunderstandings and put in place efficient remedies. Excellently summed up!
4.2 also stuck out to me as I found it gave me much more info on a DoS attack and how it operates. It does intrigue me how much of an issue misunderstanding root causes of issues in this industry are. Clearly it’s evident that we do complete investigations but considering this has happened numerous times, I wonder if we have to change the way we conduct investigations. Possibly we can look at examples where there were the least misunderstood causes and not only take after some of their methods, but improve on some of them as well.
The most interesting thing I read in this chapter was the section all about ARP poisoning and arp spoofing, it was interesting to note how attackers can abuse an ARP table used by an organization to identify devices by simply constantly overwriting the address with one of their choice either to commit man in the middle, denial of service or MITM attacks. Although ARP poisoning is easily prevented with static IPs its unfeasible for most organizations to use them because they cannot be dynamically updated, other solutions were to limit access to local network for foreign hosts which sounds simple enough and is what most places seemingly do to prevent these disruptive attacks.
I also find attacks related to ARP to be very interesting yet a difficult challenge for organizations to counter. One other solution I found that was interesting is that some network switches offer ARP inspection as a setting to inspect ARP packets for validity. Although you mentioned that using static IPs is not practical for organizations, it is still possible to implement it to some extent for critical devices in an organization to protect those from ARP-type attacks.
Glad you pointed that out as I thought the same as well. For years I’ve been using the ARP table every day and never knew you could poison it and ultimately use it for a man in the middle attack. It’s been years since I was in networking but have to think that this had to be around 20 years ago as ARP was a think back then as well. I guess my questions would be if are using a static I feel that if someone really wanted to, they could get around that and still do the MIM attack. This makes me wish we had a lab set up and we could try to mirror this.
I agree with you Alex, During my Ethical hacking class I used a tool called ettercap on Kali Linux to test ARP poisoning and made myself the default gateway and I could see all other hosts’ information. It’s dangerous to know an attacker can do this and gain access to all information passing on the network. It’s hard for large organizations to use and manage static IPs scheme.
This chapter of the book explores secure networks and explains some times of attacks against networks as well as standards and controls necessary for a secure network. One particular point in this chapter that I found interesting was the different avenues that Denial of Service Attacks take advantage of to succeed in taking down a service. The book describes four methods when initiating a DoS attack: direct/indirect, intermediary, reflected, and sending malformed packets.
Direct/indirect attacks take advantage of flooding a system with a large stream of packets either from the attacker’s computer or from a spoofed IP, which also comes from the attacker’s computer but with what looks like a different IP since spoofing the IP changes how it appears when conducting this kind of attack. Note that there are several kinds of flood attacks such as SYN Floods, Ping Floods, HTTP Floods, and more depending on the type of packets sent by the attacker and to what end the attacker wants to achieve through the flood. Intermediary attacks are what most people usually refer to as Distributed Denial of Service attacks which take advantage of “bots” or other compromised computers by the attacker to overload a system through the usage of other computers. Reflected attacks, while not directly addressed in this section of the book, utilize spoofing to pretend to be the target system and request information from another server which then sends the large amount of information to the target system. Sending malformed packets usually refer to sending carefully crafted packets to a target system in an attempt to cause the system to crash, interrupt traffic, or consume network bandwidth processing the packet causing services to crash.
Out of all these types of attacks, I find the fourth type to be the most interesting since this is where things like the Ping of Death, Teardrop, and other types of packets that an attacker intentionally creates to take advantage of software misconfigurations.
Hi Kenneth, your writing shows good deductive reasoning. DOS is quite common and can cause harm by stopping a critical service or slowly degrading services over time. It is also noteworthy that due to the preponderance of Dos attacks and its press visibility, it’s easy to blame normal service interruptions on external influence.
Personally, the four main goals of secure networks stood out to me. These goals are confidentiality, availability, functionality, and access control. While the CIA triad (Confidentiality, Integrity, and Availability) is frequently emphasized in cybersecurity discourse, establishing a secure network also necessitates ensuring proper network functionality and implementing robust access controls.
Availability entails ensuring that authorized users can consistently access information, services, and network assets. Failure to prioritize availability leaves the network vulnerable to disruptions caused by cyber-attacks such as Denial of Service (DoS), impeding day-to-day operations.
Confidentiality within a secure network involves preventing unauthorized access to sensitive information regarding the network’s architecture, data flow, utilized protocols, and packet header contents. Implementing encryption throughout the network safeguards confidentiality by restricting access to authorized users.
Functionality safeguards against attacks that seek to manipulate network capabilities. Maintaining appropriate network functionality guarantees accurate packet routing, proper resolution of hostnames, exclusion of unauthorized protocols, and correct assignment of IP addresses.
Lastly, access control is crucial for regulating entry to systems, data, and communications based on established policies. This measure prevents unauthorized users from accessing internal resources, fortifying the network’s security posture.
Chidiebere, you’ve identified four critical objectives for creating a secure network beyond the traditional CIA triad. You recognize that securing data against unauthorized access is crucial, but a robust network must ensure availability, functionality, and access control. Your understanding of these objectives demonstrates a meticulous understanding of creating a secure network environment.
Section 4.2 of our course material was quite interesting. I found it intriguing that the book described the GitHub DDOS (Distributed Denial of Service) attack in 2018 as the largest of its time. According to the book, “the attack had a sustained rate of 1.35 Tbps stuffed in 130 million packets per second flooding GitHub’s servers” (Boyle & Panko, 2024, p. 166).
However, it is essential to note that larger DDoS attacks have been reported since then. In Q4 of 2023, Cloudflare reported mitigating a network-layer DDoS attack that peaked at 1.9 Tbps, originating from a Mirai botnet. This attack targeted a European Cloud Provider and was identified as the largest network-layer DDoS attack seen in that quarter (Cloudflare. (2023). DDoS Threat Report 2023 Q4. Cloudflare Blog. https://blog.cloudflare.com/ddos-threat-report-2023-q4).
Thank you for sharing the Cloudflare attack. This help to show how these attacks are evolving and hackers are always uping their game. I know most of the techniques mentioned are valuable in mitigating and minimizing the impact of DoS, but I cannot help but wonder, what other measures organizations can take to effectively defend against these types of attacks.
A denial-of-service attack is one of the most frequent types of network-based attacks (DoS). Its goal is to deplete all of the system or network resources on the target machine, briefly halting or disrupting service and making it unavailable to normal users. In order to cause a denial of service to other users, DoS attacks usually include flooding or swamping the target machine with requests until it is unable to handle normal traffic. DoS attacks are distinguished by their single-computer attack launcher.
Samuel, your description of denial-of-service attacks is exactly correct, especially in highlighting the frequency and disruption they cause. These attacks aim to exhaust system resources and cause disruption for regular users as well as sending employees into damage control. Considering how the tactics of cyber attackers are evolving what proactive measures or strategies do you think organizations should adopt to attempt to effectively mitigate the impact of denial-of-service attacks?
While I always knew how important secure networks were, I never looked into what goes into creating them and what’s required. This chapter was able to clarify many things for me that I was unaware of beforehand. I like how it discussed the four main goals, such as: access control, availability, confidentiality, and functionality. This chapter als0 went more into detail for DoS attacks. As mentioned in 4.2, the goal of a DoS attack is to cause harm to an organization. This harm can be in different ways, such as: destroying the reputation of the company, affecting the customer loyalty, or even sales. It can also be all of these reasons. By understanding the intention behind a certain attack, it allows us to put ourselves in the shoes of an attacker and try to figure out ways to bypass whatever methods they have in store. I will note that I also like that this section did mention that not everything is a DoS attack, and it must be considered what other possibilities could be.
Hi Hashem,
I agree with you that the section was extremely informative. I also learnt various methods of attack and ways to prevent them. I believe it is important for organizations to provide adequate training to employees. DDOS is a distributed denial of service attack in which an attacker will need various to attack a network/ server. If employees are educated regarding security procedures, it would be difficult for attackers to have access to their machines.
I learned a lot regarding network security while reading this chapter. The chapter discussed how organizations’ networks could be attacked using various methods. The part I find fascinating is the man-in-the-middle attack. Man-in-the-middle attack is an attack method where an attacker intercepts and alters traffic without the parties involved noticing. The users would think they are communicating with the intended recipients not knowing the messages have been altered. A way to avoid this is by using strong encryption protocols such as SSL.
Andrew Young says
The Boyle and Panko chapter focusing on Network Security summarizes various risks and controls that can be instituted on wireless or wired networks, network sites, and other network services, as well as denial of service attacks and how they work. What I found interesting in this chapter, was how, when setting up controls to prevent unauthorized access or risk to a system, just how often these controls may interfere with legitimate system use, especially in DOS controls. While things like black holing or rate limits can be effective measures to stop incoming spam traffic, they can just as easily cripple an organization’s ability to access legitimate info or receive legitimate packages. Being able to fully control against a DOS attack seems to come with its own risks to productivity and availability and therefor should only be undertaken with a balanced objective in mind to not fully cripple productivity
Erskine Payton says
A very well-articulated summary of your thoughts. I agree that prevention controls can hinder legitimate system use. That is the question we must ask. Depending on the side of the isle you stand, it could be worth the risk to “loosen the reigns” in the name of productivity. I am in total harmony with you in urging for a balanced approach with talking risk and productivity.
Andrew Young says
Exactly, this is a pattern that I’ve noticed with IT security and security processes as a whole. A lot of these systems are built around acceptable risk and how secure we can make a system, without sacrificing access to the system, or “availability” if you want to use our three objectives. As we discussed last semester, the only way to have a truly secure device is to never turn it on. Using networked devices will always carry a certain level of risk, and the recommendations we as security experts need to make is how to prioritize and protect against these risks to the best of our availability while not sacrificing productivity within an organization or contractor
Jeffrey Sullivan says
I see what you’re saying about performance and hindering CIA, access etc. I like you said about zero risk in not turning anything on but now can think about the public key infrastructure and the certificates. But then again, and this was my question this week, what do you do when those certificates are compromised? I have a good feeling we will have a better idea as the class goes on.
Ikenna Alajemba says
In this chapter 4, Boyle and Panko commenced by delineating four pivotal goals for establishing a secure networking environment: availability, confidentiality, functionality, and access control. It scrutinizes the challenges faced by network administrators in achieving security. Delving into denial-of-service (DoS) attacks, the text elucidates various attack methods and corresponding defenses, including black holing and TCP handshake validation. ARP poisoning is explored next, detailing its potential for man-in-the-middle attacks and traffic interception, highlighting its threat to network functionality and confidentiality. The discourse then transitions to security measures for wired LANs, spotlighting the 802.1X standard’s role in authentication and preventing unauthorized network access. Authentication mechanisms involving EAP are elucidated, with emphasis on the seamless integration of new methods. Wireless network attacks, encompassing unauthorized access and denial-of-service threats, are examined subsequently. The text underscores the importance of VPNs in mitigating security risks posed by evil twin access points. It traces the evolution of wireless security standards from WEP to WPA and ultimately to the robust 802.11i standard, emphasizing the imperative of transitioning to stronger cryptographic methods. Lastly, the narrative underscores the growing trend of centralized access point management and the role of wireless intrusion detection systems in identifying security breaches.
Michael Obiukwu says
Hi Ikenna,
Amazing summary you did here. Goals for a Secure Networking Environment:
The chapter begins by emphasizing four critical goals for secure networks:
Availability: Ensuring uninterrupted access to resources.
Confidentiality: Protecting sensitive information.
Functionality: Maintaining network capabilities.
Access Control: Managing user permissions.
Denial-of-Service (DoS) Attacks:
The text explores various DoS attack methods.
Black holing and TCP handshake validation are discussed as defense mechanisms.
These attacks disrupt availability by overwhelming systems with excessive traffic.
ARP Poisoning:
ARP poisoning can lead to man-in-the-middle attacks and traffic interception.
It threatens both network functionality and confidentiality.
Security Measures for Wired LANs:
The 802.1X standard plays a crucial role in authentication and preventing unauthorized access.
EAP (Extensible Authentication Protocol) methods are explained, emphasizing seamless integration of new techniques.
Wireless Network Attacks:
Unauthorized access and denial-of-service threats are examined.
VPNs are essential for mitigating risks posed by evil twin access points.
Evolution of Wireless Security Standards:
The transition from WEP to WPA and finally to the robust 802.11i standard is highlighted.
Stronger cryptographic methods are emphasized.
Centralized Access Point Management and Intrusion Detection:
The trend toward centralized management and the role of wireless intrusion detection systems are discussed.
In summary, the chapter covers a wide range of security topics, from wired LANs to wireless networks, emphasizing the need for robust defenses and evolving standards.
Jeffrey Sullivan says
Great write up as usual. You and the chapter have a ton listed so I simply took one off you list and did some research. EAP aka Extensible authorization protocol actually is not a protocol. It’s a framework, it’s a way of authentication depending on how you are accessing it. For example, if doing over the LAN you will more than likely using a 2.1X that you’re providing a port level access and cannot access network until authenticated via the 802.1 protocol that uses EAP authentication.
This is where you can see a more in detail information.
https://www.youtube.com/watch?v=3co6j0Rhm4E
Erskine Payton says
The chapter starts with explaining the goals of creating secure networks then goes into denial-of-service (DoS) attacks and ARP poisoning works. Continuing with the importance of access control following with securing Ethernet networks and closing with wireless (WLAN) security standards. This chapter provides a lot of great information on securing networks but the one section that stood out to me was section 4.2 DoS attacks.
Denial-of-service attacks is the most common types of attacks. The nature of these attacks is an attempt make networks and servers unavailable. What I learned is that not all service interruptions are attacks. In a time of heighted awareness surrounding cybersecurity, it is not farfetched to assume that an internet service provider (ISP) outage could possibly be an attack. I like the two examples of faulty coding and referral from large sites. Referral from Large sites meaning a larger site links to a smaller site and the smaller site network traffic picks up and slows down the smaller network.
With so many types of DoS attacks, I can understand why everything would seem like you are being attacked. This is why understanding DoS attack methods helps to discern what is and what is not an attack as well as the method of attacks.
Michael Obiukwu says
Hi Erskine,
I gained more insight on your analysis. Especially on DOS attacks.. Denial-of-Service (DoS) Attacks:. In addition to your thoughts here.
The goal of DOS is to make networks and servers unavailable.
Not all service interruptions are attacks.
ISP outages could be mistaken for attacks.
Michael Obiukwu says
. This material provides valuable insights into network security. Here are the main takeaways:
Denial of Service (DoS) Attacks:
A DoS attack aims to disrupt a network or system by overwhelming it with excessive traffic or resource requests.
Attackers exploit vulnerabilities in network protocols or directly exhaust resources to render the target system unresponsive.
Common types include broadband attacks and connectivity attacks.
The consequences of a successful DoS attack can be severe, impacting service availability and causing system crashes.
Four Goals for Secure Networking Environments:
Availability: Authorized users should have uninterrupted access to information, services, and network resources.
Confidentiality: Prevent unauthorized users from gaining sensitive information about the network, including its structure, data flow, and protocols.
Intergrity: Ensuring that network functionality remains intact, preventing attacks from altering capabilities (e.g., routing, hostname resolution).
Mariam Hazali says
In Chapter Four, the author discusses the importance of establishing a secure network to fulfill four primary objectives, confidentiality, availability, functionality, and access control, and how various attacks can affect these goals. Attacks such as DDOS can lead to the unavailability of network resources or service degradation, Man in the middle attack can affect confidentiality as an attacker can intercept the communication and gain access to data that was not intended for them.
Section 4.4 the author talks about the significance of access control, which resonated strongly with me as it should be prioritized during network design and implementation. It is important to implement proper access control measures to ensure attackers cannot gain access to the network because if they can connect to the LAN it means all other security measures such as firewalls cannot stop them. Beginning with physical controls to prevent unauthorized personnel from entering corporate facilities and extending to securing network infrastructure such as cables, ports, routers, switches, and access points, is crucial. These components should be concealed from plain sites so that someone who is just walking into the building can not easily access them. Other techniques such as lowering Access point signal strength or transmission power can mitigate threats like wardriving when attackers are trying to conduct reconnaissance on their targets.
Organizations must recognize the importance of access control from the start to strengthen their defenses against potential security breaches.
Kenneth Saltisky says
Hi Mariam,
I agree with you that access controls are essential for network design and implementation as well as network security as a whole. Additionally to what you mentioned, there are software solutions for access controls that exist to dissuade users that are logged into the system from accessing resources they do not have access to. Things like Discretionary Access Controls through Access Control Lists, Role-Based Access Controls through group roles setup in systems, and Attribute-Based Access Controls that are more customizable towards specific demographics per user. I believe there are other software solutions that exist, but these come up when I think about software solutions.
Nicholas Nirenberg says
Hi Mariam, I like your point recognizing the importance of access control in maintaining a secure network. By implementing measures like physical controls and securing network infrastructure, organizations can prevent unauthorized access and strengthen their overall defenses. Adjusting access point signal strength is one effective technique to mitigate potential threats. Starting with strong access control from the beginning is vital for safeguarding against security breaches!
Jeffrey Sullivan says
Jeff Sullivan
Week 5
MIS 5214
Temple University
Chapter 4 was also packed with a ton of good information. Being out of networking for twenty years I found this chapter interesting. I found how important it is to have your company follow the correct cyber and audit guidelines that are out there. For example, as this is new to me, sometimes when a company’s network goes down the first thing to blame is an attacker or some sorts whether it be internal or external. According to this week text, “Newsnet Scotland claimed to be victims of a DoS attack by pro-Unionism political opponents. However, it turned out that the loss of service was caused by shoddy coding”. In my other class this semester I am taking Systems and Infrastructure Lifecycle Management, and it is mainly concentrated on section 3 of the CISA certification. Making sure you have proper audits done and that all IT project management is up to standards, goes to show that Newsnet Scotland could be possible to be not up to standards on their IT coding practices which could be the reason why they went down vs falsely blaming a DDos attack. The module they made an adjustment was the reason, but could the real reason be that they skipped a couple of steps, and the auditor missed it on their audit or lack thereof an audit?
When I worked in tech support for Comcast, we would have all networking privileges to all SMB modems across the whole United States. One thing that stood out to me as well was the ARP poisoning attacks and I never even knew that I used that command on a daily basis for when a customer would call in and say they never use their services but when I would remote into their equipment it would show what was connected, what port it was using and how much data was being used. We also used a front-line interface that was more user-friendly vs the command line (I’m more of a command line user). I never knew of people grabbing the ARP information and either feeding it their own machine from within or spoofing other machines to make it look like an internal machine. This makes me want to go and refresh myself on all the networking protocols etc. As the chapter goes on besides a Dos attack or an ARP poisoning attack you can also do an ARP Dos attack. This is where the attacker sends all internal hosts a continuous stream of unsolicited spoofed ARP replies saying the gateway is the host record and the IP address. The internal host then will send all traffic intended for the gateway to the nonexistent MAC address. It ultimately cannot deliver the packets as the host is fake and the packets are dropped. It also cannot forward the packets even though it is physically connected directly to the gateway. Keep in mind that the attacker must have access to the local network for this attack to work and why it is very important when you call your ISP like Comcast, that you need to authenticate several ways before we can give information out, especially your gateway address. It is also difficult to explain those types of issues to a pizza shop owner for example that it’s not your ISP that is running slow and dropping packets, it is that you did not secure your network and the pack loss is from your internal network, may your ARP be poisoned. That’s where my job comes in and I have to explain that to them and make sure they understand 100% it them vs ISP and to keep you from disconnecting services to run to another ISP where you’ll have the same issues of slow networking connection. The chapter then goes into how you can prevent ARP poisoning by utilizing a static IP address, which is an ala carte service you can purchase which gives you more protection per but ultimately you need to make sure you network is protected and maintained even if you are a small pizza shop.
A majority of the protocols and attacks in this chapter were fairly new or brought back what I learned years ago. With that being said, a lot has changed, and a lot has stayed the same. You need to be protected and you need to follow standards to have a protected network. The chapter starts out with the now familiar CIA and four goals that are extensions of the CIA which are: confidentiality, integrity, functionality, and access control. It is important to understand that network attacks are typically focused on defeating one or more of these goals. Since we have gone over CIA in the previous class, I wanted to add the two that we have not. Functionality, according to the text, “Means preventing attackers from altering the capabilities or operation of the network”. For example, a disgruntled employee uses ARP poisoning and man-in-the-middle attack to steal and trade secrets. The second goal is access control which is the policy-driven control of access to systems, data, and dialogues. The end goal is to stop any attacks from accessing anything in your internal network which could include up to certain internal employees. That also make me think there is a pattern here employee and network attacks.
Samuel Omotosho says
Hi Jeffrey,
Your thoughts into Chapter 4 are very insightful, especially considering your experience and the relevance to your current coursework. The example of Newsnet Scotland highlights the importance of proper IT coding practices and adherence to audit standards, underscoring the potential consequences of overlooking these aspects.
Your experience at Comcast, particularly with ARP poisoning attacks, offers a practical perspective on the challenges of explaining technical issues to non-technical users. Your explanation of ARP DoS attacks and the importance of network security for even small businesses, like pizza shops, adds a practical dimension to the theoretical concepts discussed in the chapter.
Your emphasis on the evolving nature of protocols and attacks, alongside the importance of adhering to standards for network protection, is a crucial takeaway. Connecting the concepts to the CIA model and introducing functionality and access control as additional goals provides a comprehensive understanding of the objectives in securing a network.
Overall, your discussion effectively bridges theoretical concepts with real-world scenarios, offering a well-rounded perspective on the importance of proper network security practices.
Nicholas Nirenberg says
Chapter 4 focuses on secure networking, particularly addressing denial-of-service (DoS) attacks in 4.2 which aim to disrupt the availability of servers or networks to legitimate users. 4.2 highlights various aspects of DoS attacks, including their common occurrence, the distinction between intentional attacks and unintentional service interruptions, and the significant impact they can have on organizations. One key point of interest I liked was the discussion on how DoS attacks can manifest not only as deliberate malicious actions but also as unintended consequences of factors like faulty coding or sudden influxes of traffic from large sites. This underscores the complexity of identifying and mitigating such attacks, as well as the potential for misunderstanding the root cause of service disruptions. It’s interesting because it highlights the need for a nuanced understanding of network security issues and the importance of thorough investigation before attributing blame or implementing countermeasures.
Ikenna Alajemba says
I agree with you Nicholas, chapter 4 delves into secure networking, with a focus on denial-of-service (DoS) attacks, which disrupt server or network availability. It underscores the nuances in identifying and mitigating such attacks, highlighting how they can arise from both malicious intent and unintentional factors, emphasizing the need for a nuanced understanding and thorough investigation in network security strategies.
Samuel Omotosho says
Hi Nicholas,
Excellent points! I completely agree with your assessment on the complexity of DoS assaults. The conversation about inadvertent effects, like those brought on by bad code or unexpected spikes in traffic, complicates the mitigation procedure. In fact, it highlights how important it is to have a sophisticated grasp of network security and how careful research is necessary to prevent misunderstandings and put in place efficient remedies. Excellently summed up!
Hashem Alsharif says
Hello Nicholas,
4.2 also stuck out to me as I found it gave me much more info on a DoS attack and how it operates. It does intrigue me how much of an issue misunderstanding root causes of issues in this industry are. Clearly it’s evident that we do complete investigations but considering this has happened numerous times, I wonder if we have to change the way we conduct investigations. Possibly we can look at examples where there were the least misunderstood causes and not only take after some of their methods, but improve on some of them as well.
Alex Ruiz says
The most interesting thing I read in this chapter was the section all about ARP poisoning and arp spoofing, it was interesting to note how attackers can abuse an ARP table used by an organization to identify devices by simply constantly overwriting the address with one of their choice either to commit man in the middle, denial of service or MITM attacks. Although ARP poisoning is easily prevented with static IPs its unfeasible for most organizations to use them because they cannot be dynamically updated, other solutions were to limit access to local network for foreign hosts which sounds simple enough and is what most places seemingly do to prevent these disruptive attacks.
Kenneth Saltisky says
Hi Alex,
I also find attacks related to ARP to be very interesting yet a difficult challenge for organizations to counter. One other solution I found that was interesting is that some network switches offer ARP inspection as a setting to inspect ARP packets for validity. Although you mentioned that using static IPs is not practical for organizations, it is still possible to implement it to some extent for critical devices in an organization to protect those from ARP-type attacks.
Jeffrey Sullivan says
Glad you pointed that out as I thought the same as well. For years I’ve been using the ARP table every day and never knew you could poison it and ultimately use it for a man in the middle attack. It’s been years since I was in networking but have to think that this had to be around 20 years ago as ARP was a think back then as well. I guess my questions would be if are using a static I feel that if someone really wanted to, they could get around that and still do the MIM attack. This makes me wish we had a lab set up and we could try to mirror this.
Mariam Hazali says
I agree with you Alex, During my Ethical hacking class I used a tool called ettercap on Kali Linux to test ARP poisoning and made myself the default gateway and I could see all other hosts’ information. It’s dangerous to know an attacker can do this and gain access to all information passing on the network. It’s hard for large organizations to use and manage static IPs scheme.
Kenneth Saltisky says
This chapter of the book explores secure networks and explains some times of attacks against networks as well as standards and controls necessary for a secure network. One particular point in this chapter that I found interesting was the different avenues that Denial of Service Attacks take advantage of to succeed in taking down a service. The book describes four methods when initiating a DoS attack: direct/indirect, intermediary, reflected, and sending malformed packets.
Direct/indirect attacks take advantage of flooding a system with a large stream of packets either from the attacker’s computer or from a spoofed IP, which also comes from the attacker’s computer but with what looks like a different IP since spoofing the IP changes how it appears when conducting this kind of attack. Note that there are several kinds of flood attacks such as SYN Floods, Ping Floods, HTTP Floods, and more depending on the type of packets sent by the attacker and to what end the attacker wants to achieve through the flood. Intermediary attacks are what most people usually refer to as Distributed Denial of Service attacks which take advantage of “bots” or other compromised computers by the attacker to overload a system through the usage of other computers. Reflected attacks, while not directly addressed in this section of the book, utilize spoofing to pretend to be the target system and request information from another server which then sends the large amount of information to the target system. Sending malformed packets usually refer to sending carefully crafted packets to a target system in an attempt to cause the system to crash, interrupt traffic, or consume network bandwidth processing the packet causing services to crash.
Out of all these types of attacks, I find the fourth type to be the most interesting since this is where things like the Ping of Death, Teardrop, and other types of packets that an attacker intentionally creates to take advantage of software misconfigurations.
Chidiebere Okafor says
Hi Kenneth, your writing shows good deductive reasoning. DOS is quite common and can cause harm by stopping a critical service or slowly degrading services over time. It is also noteworthy that due to the preponderance of Dos attacks and its press visibility, it’s easy to blame normal service interruptions on external influence.
Chidiebere Okafor says
Personally, the four main goals of secure networks stood out to me. These goals are confidentiality, availability, functionality, and access control. While the CIA triad (Confidentiality, Integrity, and Availability) is frequently emphasized in cybersecurity discourse, establishing a secure network also necessitates ensuring proper network functionality and implementing robust access controls.
Availability entails ensuring that authorized users can consistently access information, services, and network assets. Failure to prioritize availability leaves the network vulnerable to disruptions caused by cyber-attacks such as Denial of Service (DoS), impeding day-to-day operations.
Confidentiality within a secure network involves preventing unauthorized access to sensitive information regarding the network’s architecture, data flow, utilized protocols, and packet header contents. Implementing encryption throughout the network safeguards confidentiality by restricting access to authorized users.
Functionality safeguards against attacks that seek to manipulate network capabilities. Maintaining appropriate network functionality guarantees accurate packet routing, proper resolution of hostnames, exclusion of unauthorized protocols, and correct assignment of IP addresses.
Lastly, access control is crucial for regulating entry to systems, data, and communications based on established policies. This measure prevents unauthorized users from accessing internal resources, fortifying the network’s security posture.
Kelly Conger says
Chidiebere, you’ve identified four critical objectives for creating a secure network beyond the traditional CIA triad. You recognize that securing data against unauthorized access is crucial, but a robust network must ensure availability, functionality, and access control. Your understanding of these objectives demonstrates a meticulous understanding of creating a secure network environment.
Kelly Conger says
Kelly Conger
Week 5
MIS 5214
Temple University
Section 4.2 of our course material was quite interesting. I found it intriguing that the book described the GitHub DDOS (Distributed Denial of Service) attack in 2018 as the largest of its time. According to the book, “the attack had a sustained rate of 1.35 Tbps stuffed in 130 million packets per second flooding GitHub’s servers” (Boyle & Panko, 2024, p. 166).
However, it is essential to note that larger DDoS attacks have been reported since then. In Q4 of 2023, Cloudflare reported mitigating a network-layer DDoS attack that peaked at 1.9 Tbps, originating from a Mirai botnet. This attack targeted a European Cloud Provider and was identified as the largest network-layer DDoS attack seen in that quarter (Cloudflare. (2023). DDoS Threat Report 2023 Q4. Cloudflare Blog. https://blog.cloudflare.com/ddos-threat-report-2023-q4).
Mariam Hazali says
Thank you for sharing the Cloudflare attack. This help to show how these attacks are evolving and hackers are always uping their game. I know most of the techniques mentioned are valuable in mitigating and minimizing the impact of DoS, but I cannot help but wonder, what other measures organizations can take to effectively defend against these types of attacks.
Samuel Omotosho says
A denial-of-service attack is one of the most frequent types of network-based attacks (DoS). Its goal is to deplete all of the system or network resources on the target machine, briefly halting or disrupting service and making it unavailable to normal users. In order to cause a denial of service to other users, DoS attacks usually include flooding or swamping the target machine with requests until it is unable to handle normal traffic. DoS attacks are distinguished by their single-computer attack launcher.
Alex Ruiz says
Samuel, your description of denial-of-service attacks is exactly correct, especially in highlighting the frequency and disruption they cause. These attacks aim to exhaust system resources and cause disruption for regular users as well as sending employees into damage control. Considering how the tactics of cyber attackers are evolving what proactive measures or strategies do you think organizations should adopt to attempt to effectively mitigate the impact of denial-of-service attacks?
Hashem Alsharif says
While I always knew how important secure networks were, I never looked into what goes into creating them and what’s required. This chapter was able to clarify many things for me that I was unaware of beforehand. I like how it discussed the four main goals, such as: access control, availability, confidentiality, and functionality. This chapter als0 went more into detail for DoS attacks. As mentioned in 4.2, the goal of a DoS attack is to cause harm to an organization. This harm can be in different ways, such as: destroying the reputation of the company, affecting the customer loyalty, or even sales. It can also be all of these reasons. By understanding the intention behind a certain attack, it allows us to put ourselves in the shoes of an attacker and try to figure out ways to bypass whatever methods they have in store. I will note that I also like that this section did mention that not everything is a DoS attack, and it must be considered what other possibilities could be.
Akintunde Akinmusire says
Hi Hashem,
I agree with you that the section was extremely informative. I also learnt various methods of attack and ways to prevent them. I believe it is important for organizations to provide adequate training to employees. DDOS is a distributed denial of service attack in which an attacker will need various to attack a network/ server. If employees are educated regarding security procedures, it would be difficult for attackers to have access to their machines.
Akintunde Akinmusire says
I learned a lot regarding network security while reading this chapter. The chapter discussed how organizations’ networks could be attacked using various methods. The part I find fascinating is the man-in-the-middle attack. Man-in-the-middle attack is an attack method where an attacker intercepts and alters traffic without the parties involved noticing. The users would think they are communicating with the intended recipients not knowing the messages have been altered. A way to avoid this is by using strong encryption protocols such as SSL.