BIE-UKB Lecture 01 - 05 and Network Modeling Basics Recall
- Network Modeling - OSI Model (Open Systems Interconnection)
- Layers of Cybersecurity
- MAC/MIC
ISO/OSI Model
- Router/L3 Switch, Switch, Hub/Repeater
- Physical Layer - Physical Channel
- Channel Capacity
- Confidentiality vs. openness
- Segmentation
- Reliability - encoding, modulation
- Availability (+ regulations: ISM Bands)
BIE-UKB Lecture 06 Notes: Network Security
Models
Perimeter Model
- Phishing - time-limited code (2FA) is hard to exploit
- weakest path is the attack path - attack cost
Zero Trust
- Network is only one component - defense in depth
- defense in depth
- from implicit rights to explicit rights
Network Monitoring
Packet Capture
- Deep Packet inspection
- Past -> Network Forensics Devices
- Big data -> Big-Data Analysis !!!
- Encryption …
-
Now -> On-the-Fly
- Gateway SSL Inspection
- man-in-the-middle-like SSL inspection
- Privacy/Legal Problems
Netflows
- metadata about the connection
- Statistics: typical net flow
Logs
- Information aggregation
- SIEM - Security Information Management
- SEM - Security Event Management
Examples
Example 1
- ngrep tool
- Emails:
- Email headers -> Name, from, to
- email envelope headers contain a “log” about its history/hops - valuable for analysis, but could be altered :-)
- list of phishing-employed IPs for filtering
- reply-to field instead of from
- lines prefixed “X” - extra data by security tools/servers
- Example: X-Spam - spam score
- SPF field in DNS (sender Permitted From)
- measure against the phishing inpersonalization
- DKIM (Domain Keys Identified Emai)
- server signs the e-mail, a signature is published in DNS - message integrity
- DENMARK (Domain-Based Message Authentication, Reporting, and Conformance)
- DNS-based protocol setting DKIM/SPF policy
Example 2 - Netflows
- identifikcation of bad IPs
- Identification of an incident - huge data transfers
- user activity profiling
- fail2ban tool
- collector has timeout -> connections could be longer …