network threat
any potential malicious attack or unauthorised access to a computer network or system
adware
malware that automatically delivers unwanted advertisements
the Privacy Amendment (Notifiable Data Breaches) Act 2017
Network threats
external network threats
come from outside the organisation and include hackers, cybercriminals etc.
social engineering (phishing)
Attackers send emails that create a sense of urgency and fear that appear to be from reputable sources (banks etc) which asks users to enter personal information on a fake website that looks identical Common indicators include suspicious sender addresses, grammar and spelling mistakes and unsolicited attachments or links Prevention tips include verifying the source, don’t click on suspicious links and use multifactor authentication
denial of service, including distributed denial of service
DoS Aimed at disrupting normal functions of a targeted system, service or network by overwhelming the target with a flood of internet traffic Works by sending more requests from one computer to a system than it can handle, crashing the system Impact includes service interruptions, financial losses and reputational damage Mitigation strategies include network configuration, redundancy and monitoring and responding
DDoS Multiple compromised systems are used to attack a single system Types include volume based (utilises high traffic to overwhelm network bandwidth) and protocol (exploits server resources and network equipment) Impact includes severe disruption of networks, expensive to mitigate and used as a smokescreen
back door
Secret pathway hackers use to access a system, bypassing normal security mechanisms Created by developers intentionally installing them for maintenance and troubleshooting purposes and created by attackers by infecting the system with malware Some risks include regular software updates, comprehensive security and network monitoring
IP spoofing
Attackers disguise their IP addresses by forging header packets, making it appear that the packet is coming from different sources Works by altering the source IP address to trick the receiving system and the attacker masks their location and identify, making it difficult for victim to trace the source of the attack Prevention and mitigation techniques include packet filtering, encryption and authentication & network security tools
SQL Injection
Exploits vulnerabilities in SQL, allowing attacker to execute malicious SQL statements that can control web app database servers Works by attackers taking advantage of improper coding and ‘injecting’ malicious code Includes modifying data, retrieving sensitive information and deleting and manipulating database contents Impact of SQL injections are data breaches, loss of data integrity and system compromise To prevent, input validation, use prepared statements and regular security audits
man-in-the-middle
Attacker inserts themselves into a conversation that should be private, and once inserted, attacker can eavesdrop on the conversation and/or alter the information being sent between them Impact include data breaches, loss of trust and financial fraud To prevent, encryption, secure connections and authentication protocols
cross-site scripting
Attackers place malicious scripts into the content of a webpage and when user loads affected page, malicious script executes, which leads to unauthorised access, data theft or harmful actions Stored – malicious script is permanently stored Reflected – script is reflected off the web server that displays an error message DOM (document object model)-based – vulnerability is in client-side code rather than server-side code and arises when web application’s client-side script writes data the user provides to DOM Impact includes data theft, vandalism and phishing Prevention tips include sanitising input, content security policy and using secure frameworks
types of malware
6 things
Adware – malware automatically delivers unwanted advertisements
Ransomware – type of malware that blocks access to computer systems
Spyware – malware that secretly records user actions so cybercriminals can use it
Trojan horse – malware that disguises itself as legitimate software
Virus – malware that attaches itself to clean files and infect other clean files
Worms – malware that replicates itself to spread to other computers
zero day vulnerabilities
Security flaw in software not known to those interested in mitigating vulnerability Stages Vulnerability – found by an individual who keeps it secret Exploit – knowledge of vulnerability used to develop ‘exploit code’ Attack – exploit is used to perform one or more attacks on vulnerable system Day zero – day vendor learns of vulnerability and begins fixit it Prevention strategies include threat intelligence sharing, use of advance technologies and regular security audits
physical network threats
Any form of physical manipulation of networking hardware Includes unauthorised access to data centres, server rooms and networked devices Types include theft of equipment, vandalism, natural disasters and power failure Prevention and mitigation – physical security controls, environmental controls and data backups
lost or stolen devices
Devices that contain sensitive data that can be stolen and used Consequences include data breaches, financial impact and reputation damage Prevention measures are device encryption, remote wipe capabilities and user education
compromised credentials
Unauthorised access obtained through stolen or weak user credentials, allowing attackers to bypass security measures and gain access Impact is data exposure, operational disruption and reputation damage Prevention strategies are strong password policies, MFA and regular credential updates
misuse by employees
Any improper, unethical or unauthorised use of companies resources Impact is security breaches, legal and compliance issues and loss of reputation Prevention includes clear policies and procedures, regular training and monitoring
analysis of log files
Record of anything happening in a system
Purpose is record keeping (record all actions on a network), monitoring (monitors network performance and detects anomalies) and compliance (most frameworks require organisations to use log files to ensure compliance with security standards
You analyse log files by collecting logs, centralise logging (SIEM – security information and event management – to correlate log data), log review tools, regular review to detect unusual patters, automated alerts. Suspicious activities, unusual login attempts, unauthorised access, malware indicators, system errors and looking for anomalous behaviour
anti-malware software
Software designed to protect systems from malware
Anti-virus programs – software designed to detect and remove viruses Anti-spyware programs – detect and remove spyware
Endpoint protection – security solution that protects all endpoints Network security solutions – tools protect entire network from malware Best practices include regular updates, scheduled scans, user education and email filtering etc.
firewall filtering
Function is traffic control, security barrier, policy enforcement and logging Types include packet filtering, stateful inspection, application layer and proxy firewalls
access control lists
Set of rules that control incoming and outgoing network traffic
Filter traffic based on criteria, like IP addresses, protocols and port numbers
Enhance network security by traffic filtering, segmentation, control and monitoring
intrusion prevention systems
Monitors network traffic to detect and prevent malicious activity by actively blocking and mitigating threats, taking immediate action Best practices include regular security updates, tuning and optimisation and updates
INTRUSION DETECTION SYSTEMS Monitors network traffic for suspicious activities Acts as surveillance system, providing notification without intervening
virtual private networks
Technology that creates a secure, encrypted connection over a less secure connection/network, like the internet
Purpose is a secure connection, and privacy, with types as remote access and site-to-site VPNS
user training
First line of defence – educated users can recognise and prevent breaches
Key topics included are recognising phishing attacks, password management, safe internet and email usage, data protection, secure and incident reporting
