SEC 3302, Advanced IS Security 1

Course Learning Outcomes for Unit IV

Upon completion of this unit, students should be able to:

1. Analyze access controls used to secure information systems (IS).
1.1 Explore best practices for controlling access to data and systems.

2. Examine encryption types used for the physical security protection of an organization.

2.1 Explain the general principles of security for a network.

Required Unit Resources

Chapter 4: Secure Networks

In order to access the following resource, click the link below. You can access the transcript for the video by
clicking on the three dots below the video on the right, then clicking “Open transcript.”

Professor Messer. (2021, April 7). Secure networking – SY0-601 CompTIA Security+ : 3.3 [Video]. YouTube.

https://www.youtube.com/watch?v=Nj_VF6tuBpw

Unit Lesson

Principles of Secure Networks

Today, employees bring their own electronic devices to work, use personal hot spots, and tether their
cellphones to laptops. How do you keep your corporate network secure in light of all this?

It should be noted that network security, like information technology (IT) security, has to constantly adapt in
response to challenges such as these. As attackers learn more ways of exploiting weaknesses, security has
to learn ways to protect its infrastructure. Basically, as technology improves, security has to keep up. Chapter
4 covers some of the attacks that occur on networks. It also discusses defenses against these attacks. We
cannot cover them all in this lesson, but they are important to learn, so please read the chapter. You are also
encouraged to research further into the topic to learn more.

While the previous unit addressed protecting communications through the use of cryptography, this unit is
more concerned with how networks themselves are maliciously attacked. Messages in modern
telecommunications can be attacked both through their means of conveyance and through the route they
take. A secure network environment must be created that will prevent these attacks. The principles of
availability, confidentiality, functionality, and access control should be utilized to effectuate this security, as
described in the textbook.

UNIT IV STUDY GUIDE
Securing Networks

SEC 3302, Advanced IS Security 2

UNIT x STUDY GUIDE
Title

Because access control is so important, we will return to that subject in Chapter 5. For now, let’s jump right
into some of the attacks that networks encounter and how they work.

Denial-of-Service (DoS) Attacks

One consideration when securing a network is that security involves more than just intruders. Securing a
network requires a balance between keeping your system and data secure and allowing users the access
they need. As mentioned above, the first goal of a secure network is availability. Authorized users have to be
able to access their data, services, and applications. Availability can be affected by conditions like poor
coding or the complications that arise when a large site links to a small site and overwhelms the smaller site.
But there are also intentional attacks that impact access. One of the most well-known is the DoS attack, which
can grind a system to a halt and cause an enormous amount of financial damage.

DoS attacks operate by stopping a service, such as a web service, or by degrading service. A service-
degrading attack can be especially damaging because it cannot be easily identified. A slow degradation of
services may not even be immediately recognized as an attack and may cause damage for a long time before
being discovered. Even worse, the entity who is attacked may spend valuable resources upgrading systems
unnecessarily when they see that their service is not allowing sufficient and reliable access to customers.

DoS attacks can be direct or indirect. They may utilize tactics such as flooding, spoofing, or backspatter, and
they may do their damage through the use of intermediaries, bots, and handlers. These concepts are covered
in your readings and should be reviewed.

SEC 3302, Advanced IS Security 3

UNIT x STUDY GUIDE
Title

Unlike other system attacks, DoS and distributed DoS (DDoS) attacks do not focus on stealing

information or other assets. Instead, these attacks are intended to prevent legitimate users from
accessing servers and services by flooding the servers with more traffic than they are set up to

handle so that they become more and more sluggish until they are either unable to respond or they
crash from the overload. DoS attacks may originate from one machine or system; for DDoS attacks,

multiple systems attack the target, as illustrated in the graphic above.

Defending against DoS attacks can be tricky, even when the attacks are detected. We have some tactics that
can get the system out of trouble, though each tactic has its strengths and weaknesses. One defense, known
as blackholing, drops all of the Internet Protocol (IP) packets from an attacker. While this will stop traffic, the
attacker can simply change IP addresses and restart the attack. Even worse, if an attacker knows blackholing
will be done automatically, they can spoof the attack packets from a known, legitimate corporate partner—
which will cut off that desired traffic.

Other tactics to fight DoS attacks include validating the handshake and rate limiting, which involves limiting a
certain type of traffic to a reasonable amount. Unfortunately, rate limiting can have the unintended impact of
limiting legitimate as well as illegitimate traffic.

Address Resolution Protocol (ARP) Poisoning

ARP poisoning is an attack that is specific to local area network (LAN) traffic. For the attack to work, the
attacker must have a computer on the local network. ARP tables are manipulated to reroute LAN traffic, which
effectuates an attack on both network confidentiality and functionality. In contrast, remember that DoS attacks
are an attack on the availability of a network.

The attack works by taking advantage of the fact that hosts on the same network have to know each other
before they can start exchanging packets using IP addresses. Hosts thereby build ARP tables, and after
validation, the hosts trust all ARP replies. This opens the door for spoofing, allowing the attacker to
manipulate the tables and create false entries for internal hosts and gateways. The stream of spoofed ARP
replies have to be continuous to keep the tables from self-correcting.

ARP poisoning can be prevented using methods like static ARP tables, which involves manually setting tables
that cannot be dynamically updated. A weakness with this method is that business changes will require a
huge amount of work to manage static ARP and IP tables. Another method would simply be to limit local
access by preventing foreign hosts from operating on the LAN. This is a form of network access control,
which we will now discuss further.

SEC 3302, Advanced IS Security 4

UNIT x STUDY GUIDE
Title

Access Controls

Corporate LANs require protection to ensure confidentiality of data sent across the network, but they must
also provide access controls so that only authorized users are allowed on the network. In modern companies,
an intruder can access wired LANs from a wall jack or Ethernet wires, and wireless LANs can be accessed by
radio through an unprotected wireless access point. After gaining this access, an intruder can use a packet
sniffer to detect, intercept, and read traffic. To prevent this from happening, access controls must be utilized in
both wired (Ethernet) networks and wireless networks.

Ethernet LAN security utilizes standards such as 802.1X (port-based access control), extensible
authentication protocol (EAP), and radius servers—each of which functions in different ways and contains
different authorization, audit, and authentication features. These standards and protocols are detailed in your
Chapter 4 readings.

Wireless networks are often attacked using one of three major attack forms:

1. unauthorized access to the network;
2. an attack using an “evil twin,” which is also known as a man-in-the-middle attack; or
3. wireless DoS attacks, which are similar to the DoS attacks we discussed earlier in that their main aim

is to negatively impact the availability of a network.

These attacks prevent the host from accessing a wireless network by utilizing tactics such as flooding the
frequency with electromagnetic interference (EMI) or radio frequency interference (RFI). These tactics make
data packets unreadable due to “noise,” or disturbances in the electrical signal. Another method is to flood the
access point (AP), which would result in the AP using all of its resources to send and receive attack packets
and thereby effectively deny access to any other host. Lastly, attack commands can be sent to APs or clients
that result in a continuous stream of spoofed messages, request-to-send (RTS) frames, or clear-to-send
(CTS) frames that prevent clients from connecting to the AP.

Conclusion

As we stated at the beginning of the lesson, there are clear goals that must be determined when considering
how to secure a networking environment. These goals consist of availability, confidentiality, access control,
and functionality. When dealing with common attacks, such as DoS, ARP poisoning, and attacks on wired and
wireless LANs, one must keep these goals in mind.