Microsoft Network Security: Threats, Countermeasures and Denial of Service

bis business information systems microsoft network security

ERP Network Security

Safeguarding

Protecting network systems, data and traffic is one of the greatest challenges for enterprises today. Securing your network infrastructure is key to preventing attacks, keeping out malware, and protecting your enterprise data from unauthorized access and loss. Meeting these demands is essential. Therefore, it is critical to identity your users and your network assets, because remote access, wireless networks, different sites and distributed systems are a reality of Enterprise Resource Planning.

for support questions and more support information on the sage 100 erp library master features and benefits contact business information system - a sage authorized partner sage reseller sage certified consultant support and solution providerHave Microsoft Network Security or Sage 100 Software Questions? Contact Brian Parker at BIS.

For support questions and more information about Microsoft Network Security and Sage 100 Software, contact Business Information System – a Sage Authorized Partner, Sage Reseller, Sage Certified Consultant, Support and Solution Provider.

  • Regards,
  • Brian Parker
  • Business Information Systems Inc.
  • call: (858) 449-5947
  • e-mail: bparker@bisnets.net

Securing Your Network

microsoft network security securing your network

Network Security

Network security involves protecting network devices and the data that they forward. The network is the entry point to your business applications. It provides the first gatekeepers that control access to the various servers in your business environment. Servers are protected with their own operating system, but it is important not to allow them to be deluged with attacks from the network layer. It is equally important to ensure that network gatekeepers cannot be replaced or reconfigured by imposters.

Securing your Network against Vulnerabilities and Attacks

  1. Identifying network threats and describing countermeasures
  2. Showing secure router, firewall, and switch configurations
  3. Providing a snapshot of a secure network

Network Components

microsoft network security

Network Components

The basic components of a network, which act as the front-line gatekeepers, are:

  1. the router
  2. the firewall
  3. the switch

The Network Attacker

microsoft network security attacker

The Attacker

The Network Attacker looks for poorly configured network devices to exploit.

Network Vulnerabilities that The Attacker searches for:

  1. Weak defaolt installation settings
  2. Wide-open access controls
  3. Unpatched devices

High-level Network Threats and Vulnerabilities:

  1. Information gathering
  2. Sniffing
  3. Spoofing
  4. Session hijacking
  5. Denial of service

With knowledge of the threats and Vulnerabilities that can affect the network, you can apply effective countermeasures.


Information Gathering

microsoft network security information gathering

Information Gathering

Information Gathering can reveal detailed information about network topology, system configuration, and network devices. An attacker uses this information to mount pointed attacks at the discovered Vulnerabilities

Information Gathering Network Vulnerabilities

  1. The inherently insecure nature of the TCP/IP protocol suite
  2. Configuration information provided by banners
  3. Exposed services that shoold be blocked

Information Gathering Network Attacks

  1. Using Tracert to detect network topology
  2. Using Telnet to open ports for banner grabbing
  3. Using port scans to detect open ports
  4. Using broadcast requests to enumerate hosts on a subnet

Information Gathering Network Countermeasures

  1. Use generic service banners that do not give away configuration information such as software versions or names.
  2. Use firewalls to mask services that shoold not be publicly exposed.

Sniffing and Eavesdropping

microsoft network security packet sniffing and eavesdropping

Sniffing and Eavesdropping

Sniffing, also called eavesdropping, is the act of monitoring network traffic for data, such as clear-text passwords or configuration information. With a simple packet sniffer, all plaintext traffic can be read easily. Also, lightweight hashing algorithms can be cracked and the payload that was thought to be safe can be deciphered.

Sniffing and Eavesdropping Network Vulnerabilities

  1. Weak physical security
  2. Lack of encryption when sending sensitive data
  3. Services that communicate in plain text or weak encryption or hashing

Sniffing and Eavesdropping Network Attacks

  1. The attacker places packet sniffing tools on the network to capture all traffic.

Sniffing and Eavesdropping Network Countermeasures

  1. Strong physical security that prevents rogue devices from being placed on the network
  2. Encrypted credentials and application traffic over the network

Spoofing and Identity Obfuscation

microsoft network security spoofing and identity obfuscation

Spoofing

Spoofing, also called identity obfuscation, is a means to hide one’s true identity on the network. A fake source address is used that does not represent the actual packet originator’s address. Spoofing can be used to hide the original source of an attack or to work around network access control lists (ACLs) that are in place to limit host access based on source address roles.

Spoofing and Identity Obfuscation Network Vulnerabilities

  1. The inherently insecure nature of the TCP/IP protocol suite
  2. Lack of ingress and egress filtering. Ingress filtering is the filtering of any IP packets with untrusted source addresses before they have a chance to enter and affect your system or network. Egress filtering is the process of filtering outbound traffic from your network.

Spoffing and Identity Obfuscation Network Attacks

  1. An attacker can use several tools to modify outgoing packets so that they appear to originate from an alternate network or host.

Spoffing and Identity Obfuscation Network Countermeasures:

  1. You can use ingress and egress filtering on perimeter routers.

Session Hijacking

microsoft network security session hijacking

Session Hijacking

With Session Hijacking, also known as man in the middle attacks, the attacker uses an application that masquerades as either the client or the server. This resolts in either the server or the client being tricked into thinking that the upstream host is the legitimate host. However, the upstream host is actually an attacker’s host that is manipolating the network so that it appears to be the desired destination. Session hijacking can be used to obtain logon information that can then be used to gain access to a system or to confidential information.

Session Hijacking Network Vulnerabilities

  1. Weak physical security
  2. The inherent insecurity of the TCP/IP protocol suite
  3. Unencrypted communication

Session Hijacking Network Attacks

  1. An attacker can use several tools to combine spoofing, routing changes, and packet manipolation.

Session Hijacking Network Countermeasures

  1. Session encryption
  2. Statefol inspection at the firewall

Denial of Service

microsoft network security denial of service

Denial of Service

A denial of service attack is the act of denying legitimate users access to a server or services. Network-layer denial of service attacks usually try to deny service by flooding the network with traffic, which consumes the available bandwidth and resources.

Denial of Service Network Vulnerabilities

  1. The inherent insecurity of the TCP/IP protocol suite
  2. Weak router and switch configuration
  3. Unencrypted communication
  4. Service software bugs

Denial of Service Network Attacks

  1. Brute force packet floods, such as cascading broadcast attacks
  2. Syncronized flood attacks
  3. Service exploits, such as buffer overflows

Denial of Service Network Countermeasures

  1. Filtering broadcast requests
  2. Filtering Internet Control Message Protocol (ICMP) requests
  3. Patching and updating of service software

Sage Software, the Sage Software logos, and the Sage Software product and service names mentioned herein are registered trademarks or trademarks of Sage Software, Inc., or its affiliated entities. All other trademarks are property of their respective owners.