1

Guide to common threats and security for Home, Business, and Government Networks
Steven Sturgeon, Justin Taormina Abstract today, networks have become an integral part of almost all facets of providing internet. There are computer networks in almost countless numbers of places including in homes, businesses, and in government. Each of these networks comes with its own threats and problems. These networks also all require security and require different levels of security. There are threats that are both physical and virtual that endanger each type of network and need specific security in order to prevent them from doing damage. network within each of the different environments. Each environment will have different threats to it including some external, physical threats that will also be discussed. We will provide a description and breakdown of the best possible solutions for each threat and suggestions on how to protect ones self from the threats. We are aiming for our report to be accessible and understood by the general public because our goal is to inform people who do not have the highest understanding of computers/networks and the security necessary to protect it. Our goal is to help users understand the threats that they may face and how to protect themselves against realistic threats they may face. II. HOME NETWORKS AND THREATS The most common network we are discussing is the home network. This is the network that is in the majority of homes and is the biggest concern for regular people. There are four major threats to a home network. The four major digital threats are malware, spam, unsecured wireless networks, and hacked accounts[1]. One of the most annoying and common threats to a home user is malware. Malware (or malicious software) is described as software that is intended to damage or disable computers and computer systems. [2] Malware encompasses the most known and publicized threats to a computer and network. Malware includes programs such as viruses, worms, Trojan horses and spyware. The viruses are small programs or scripts that can negatively affect the health of your computer.[3] The best way to think of this is in terms of your own health. Catching a cold (caused by bacteria or a virus) is

I. INTRODUCTION This research project is based on something that every person who owns and runs a computer should be interested and aware of, security and potential threats to their computer and their networks. In our project, we are aiming to breakdown three different types of networks (Home, Business, and, Government) and give a list and descriptions of the biggest threats to each network. Then, we will give a list of how to protect each network and how to keep information safe in each scenario. We are working off of the assumption that as a network grows larger (home being the smallest, then business and finally government being the largest) the network encompasses the same issues in the smaller networks, and therefore should take the same precautions for the same problems. The main focus of each section will be looking at the network connected to a computer connected to a

annoying and can lead to other more serious problems; this is the same idea with a computer virus. A virus can be contracted many different ways and can have a variety of functions. Some of the most common ways to get a virus are through infected programs, infected web sites and through opening infected e-mail attachments. A good rule of thumb when dealing with questionable e-mails and websites is do you recognize the site/sender? If the answer is no, you should be cautious when dealing with the questionable item. A virus can have many different functions and can be extremely destructive and disruptive to a network. The virus can do things like: erase data from your computer, make copies of itself and attach itself to emails, it can create files, it can eat up memory and it can even cause your computer to not run properly or disrupt anti-virus programs. Viruses can be extremely annoying to remove and extremely dangerous depending on how it was programmed. A type of virus that can be dealt with is called a worm. A worm is a virus that replicates itself, but does not alter any files on your machine.[4] The worms main goal is to eat up all the available memory and can potentially cause your computer to crash. Worms are especially annoying because they create invisible files to eat up space and are hard to detect. Another major threat is called a Trojan horse. Trojan horses (or just Trojan) are software programs that masquerade as regular programs. [5]These are basically viruses that are hiding behind the guise of being a useful program. Much like a virus, the Trojans destructive activity can vary from a small annoyance to a major disruption/destruction. Trojans differ from worms and viruses because they are not concerned with spreading but just damaging where they currently are installed. One final part of viruses would be spyware. Spyware does exactly what you would expect, it spies on the user. It can capture information like Web browsing habits, e-mail messages, usernames and passwords, and credit card information.[5] Unlike a virus or Trojan, the spyware only wants to gather information and not wreck anything on the computer. The second threat to home networks and home computers is spam. Spam is basically junk/unsolicited email that is trying to sell something or trying to get the user to open an attachment to give them malware[6]. Spam is dangerous because it can link to unsafe websites or it can actually contain infected/dangerous attachments which can lead to viruses or other types of

malware being installed. [7]Spam can also lead to accounts being hacked which are the next threat against networks[12]. The third threat to home networks is someone hacking someone elses account. This can lead to the sending of spam, viruses, malware, etc. By getting into a different persons account (email or otherwise) the invader can then send messages and other types of communication to other users and try to scam them from the trusted persons account. One of the most common forms of this is called phishing. Phishing is trying to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake Web site that replicates the real one. [8] In other words, an unauthorized user sends a fake, but official looking email to users, in the hope of gathering their information. Phishing can lead to identity fraud and credit cards being stolen, among other serious things. [13] There are many different kinds of phishing emails but there are certain phrases/characteristics that should raise a red flag if you receive one of these emails. Among the common characteristics of a phishing email there are: generic greeting, unsolicited request for sensitive information, email consists of clickable image, content appears genuine, and disguised links/sender address.[9] The goal for phishing is to steal vital information and exploit it for the persons gain. The final major threat to a home network is having the wireless access for the home network unsecured. The biggest problem with this is that it allows anyone with a wireless card/a wireless accessible item to connect and use the network. With the network being unprotected, anyone can connect and can do anything on the network, which could lead to problems for the owner of the network. An unauthorized user could do anything from harmlessly checking their Facebook or email account to illegally download copyright protected materials or even committing other illegal activities on the network. The unprotected network could even allow an unauthorized person to gain control of other devices on the network and use them for their own nefarious actions. Luckily, there are numerous ways to prevent all of these threats and there are many free solutions (there are pay solutions as well) to protect yourself from these threats.

III. HOME NETWORKS AND PROTECTION There are a handful of very helpful programs and ways of doing things to help protect the user and the network the user is on. The first thing a user should do when dealing with a computer or network is to ensure there is a firewall and antivirus programs set up and up to date to current threats. The person should set up a firewall for both the router and the computer. The idea of a firewall is to help protect and block unsolicited traffic that is incoming to the network and/or computer. The firewall on the router is a good idea because it cannot be disabled via a virus but it does have its own limitations. The firewall on the computer is a good idea because it helps protect against other users that may become infected or infected hosts on the network[16]. Another good type of software a user should install is anti-virus software. This is exactly what it sounds like, a program that helps protect against viruses and can scan/remove viruses from an infected system. Along with this, anti-spyware and anti-malware software would be good ideas to install and keep up to date, just in case something happens. When setting up a wireless network, there are a few different options that the user should opt to do in order to keep the network secure. The first thing you should do is use a robust password. A robust password has have a minimum of eight character length, contain a combination of letters, numbers, and special characters, contain mixed-case letters, and does not create a word in English. [10] There are other rules to creating a difficult password, but these are some of the most basic and easy to follow rules. Next, you should use the strongest security allowed by your router (for example: using WPA2 with AES). If confused, you can always google which option is considered more secure and go from there. After this the user should change the default SSID network name and disable SSID broadcast. Next the user should disable ICMP ping on the router. In addition to all of this, the user should use passwords on all their accounts but use different passwords. One good way to do this is to use a password manager to hold all the passwords and you only need to remember one to get into the program. One final thing, if the user has children, is to educate the children on safe and proper use of the technology to help avoid risks that they may encounter while surfing the web.

IV. BUSINESS NETWORKS AND THREATS The threats businesses face can be incredibly similar to that of home networks but often they are much more complex and much more difficult to protect against. [19]There are hundreds, if not thousands, of types of attacks and exploits available to those who wish to use them. There are new ones being found and old ones being patched regularly.[20] The two types of attacks are passive and active. Passive attacks have a trespasser on the network intercepting and reading data. In other words, a passive attack would be like someone reading your mail or looking over your shoulder at an ATM and trying to get your pin. Active attacks have a trespasser with the ability to run commands on the network in order to disturb normal network activities. Or in other words, an active attacker is if someone were to mug you or pickpocket your wallet. The threats detailed here tend to be the more commonly used ones[21]. A man-in-the-middle attack is a form of listening in to a two-sided conversation between two different users or networks. The man-in-the-middle will intercept packets being sent, take the data, then send it to its intended recipient without either side knowing. In order for this type of interception to work, the man-inthe-middle must be able to impersonate and authenticate each end of the conversation. This can be likened to identity or credit card fraud, in the fact that the protected information is stolen by a third party and used illegally and without the knowledge or consent of the person. This can be relatively easy on unencrypted and unprotected wireless networks using ARP spoofing. However, things like encryption and SSL authentication can easily thwart this attack. A distributed denial-of-service attack, also known as DDoS, is intended to overload network resources rendering the network unusable. [23] This is most commonly done to suspend access to web servers and services. A DDoS is usually accomplished by sending an absurd amount of requests to a server which will consume so many resources that service will cease to exist. Another way to think of this is if a person is carrying a bunch of items in their arms and someone else continuously piles more and more things on top of them. There is a breaking point where the person will drop all of the items and be broken. A common DDoS attack is known as a smurf attack. This variant of DDoS utilizes the ping utility, sending the victim irregular ping packets causing a hardware or software crash. Large scale DDoS attacks will utilize a mass amount of botnets and packet injectors. Another variant of DDoS is known

as a SYN flood. A SYN flood happens when an attacker sends a flood of TCP/SYN packets with forged addresses. The server then initiates a connection with each of these forged addresses and waits for a response which never comes. This will overload the number of connections the server can make. These attacks can be difficult to counteract. Firewalls will work in some cases. Specific ports can be blocked to stop a DDoS attack but sometimes this will not be a viable option. If the attacker is targeting a commonly used port, such as port 80, a firewall can be pretty useless since this port is used for most legitimate web services. Some switches provide TCP splicing which is helpful in thwarting SYN floods. [22] Wiretapping is most commonly thought to be used on telephone communication but can also be used on internet traffic. Tapping is the monitoring and surveillance of communication. Passive wiretapping is solely monitoring the traffic while active wiretapping is monitoring and altering the traffic. This can be easily done over unencrypted wireless networks. It is also possible to crack WEP or WPA keys on a wireless network. Along with some of the other threats discussed, the information flowing over these unprotected networks is up for grabs and anyone can grab it and who knows what they can do with the information you send out. SQL (Structured Query Language) Injection is an attack used to inject code into data applications. This is mostly used to attack websites but is also effect against any SQL database. The attacker injects harmful SQL code into an entry field which is then executed. This is done using exploits created by mistakes by the developer. For example, SQL user input must be filtered for escape characters then passed to a statement. If this is not done, an attacker can alter a variable or type using unintended characters. This can be defended against by properly using type handling and character filtering as well as strict database permissions. ARP (Address Resolution Protocol) spoofing, also known as ARP poisoning, is an attack where fake ARP message are sent over a LAN. This result of this is the dissociation between one MAC address and one IP address. Effectively this allows an attacker to change the MAC address associated with an IP on the network thus spoofing the identity of the host. This allows the attacker to intercept all traffic intended for a certain host without the sender noticing. There are multiple defenses against this including static ARP mappings over the network and ARP spoof detection software. This

software can interact with a DHCP server or a switch so that IPs and MACs are certified. V. BUSINESS NETWORKS AND PROTECTION Network security implementations are vastly more complicated than that of a home network. There exists much more hardware and much more sophisticated software. The business faces both the set of threats and problems offered from a home network but also have its own set of unique threats and problems. These new threats and problems also come with their own unique solutions and precautions that should be in place for a secure network in a business. Proxy servers are servers which communicate requests between clients. Proxies allow for all of the machines behind them to be completely anonymous. The machines behind a proxy send a request to the proxy, which then sends its own request to the originally intended recipient. The recipient then sends the response back to the proxy who then sends the response to the original sender. Another way of thinking of a proxy server is like if a paper was handed in with no names or no identification attached to it. The paper would still be handed in but no one would know who did it or who gets credit for it. This is similar to using a proxy server, the information is sent but no one has any idea who sent it. Keeping a network anonymous from the public internet is incredibly useful in deterring and defending against attackers. A virtual private network, or VPN, is used to maintain the privacy of a private network over the public internet. VPNs often use heavy authentication and strong encryption techniques. These include SSL and SSH as well as passwords and digital certificates. This is done by use tunneling protocols which allows for a secure transfer path over an unsecured network. Another way to think about a VPN is like writing a coded message and then having it being delivered to someone else locked in a safe. Not only does someone need to break through the safe, they will then need to decode the message. All users of computers are familiar with passwords. Businesses have much more riding on the line in terms of user accountability and intruder prevention. A strong password goes a long way in thwarting attackers. Passwords can be cracked through brute forcing and hash cracking though it takes a long time. Long passwords with many random strings of uppercase and lowercase letters, numbers, and symbols increase the cracking time. Its also recommended to

regularly change passwords. For example, if a passwords estimated cracking time is fifty days, the password should be forcefully changed in that fifty day window. Hardware firewalls are similar to software firewalls in that they filter unwanted packets. Hardware firewall is the first line of defense against all unwanted traffic. All network traffic must travel through this hardware device. Packet filtering is utilized and examines the header of the packet to identify the source and destination addresses and then makes a decision to allow or discard the packet. Antivirus solutions on a home network and a business network vary greatly. The software needs to function over an entire network with a large amount of hosts. This software offers real-time protection against and removal of viruses, malware, Trojans, rootkits, etc. Being software, it has the ability to update its registries in order to protect against new infections. Although this software can be incredibly effective, there are always new attacks and workarounds being developed to bypass antivirus. VI. GOVERNMENT NETWORKS AND THREATS When speaking in terms of threats, the government has the largest stake in defending against them. Not only does the government have sensitive data regarding public and classified activities; they also contain confidential information pertaining to businesses and citizens. Strict regulations are put in place combat threats to this information. Government networks face all threats that home and business networks face as well as a unique one: cyber warfare. Cyber warfare is simply defined as any form of hacking done for politically motivated intentions. The intent of these attacks is usually to disrupt and sabotage normal network operations or to gather secret and confidential intelligence. All major world powers have been engaged in cyber warfare at one point or another. Many are constantly involved and might be completely oblivious to it. As of 2013, the United States now considers these attacks to be the number one threat, larger than terrorism and Al Qaeda. VII. GOVERNMENT NETWORKS AND PROTECTION Physical security can take many forms. Server racks need to be locked down. Server rooms should have strong locks on doors that could be either be functioned with a keypad, card reader, biometrics, or a

combination of these. [15] Motion-detecting video surveillance is necessary with an effective offsite backup solution. In military and intelligence facilities, a 24/7 staff of security guards is needed. Devices that connect to the network wirelessly should be locked away when not in use. Most authentication processes are a single factor, most commonly a password. In a network of this importance, multi-factor authentication is a must. Twofactor authentication involves verifying ones identity in two stages and three-factor in three stages. Some popular examples of a two-factor solution are ATMs which require a card and a PIN. This is called layered security which is designed so that in the case that one of the factors is lost or stolen, the information is still safe. Google offers a two-factor authentication service which requires a password and an SMS verification code which allows the device onto the account. Government networks regularly include key cards, USB tokens, keypad patterns, passwords, and biometrics. It is incredibly common for government networks to have fingerprint scanners and iris scanners installed in highsecurity clearance areas. Most networks work on a device authorization policy that is very lenient. In a home or business environment it is very typical to be able to connect any device to the network. Using whitelist authorization lessens the chances of an unwanted device with an unwanted user on the network. This is simply done by have an allowed list of MAC addresses and blocking all unknown addresses. Intrusion prevention systems (IPS) are monitors that analyze traffic and detect when malicious activity is present. The IPS is then able to end the malicious activity and send a report to an administrator. This is done using signature-detection of known attacks and statistical analysis of abnormal network activity. Many enterprise-grade hardware firewalls ship with included intrusion prevention systems.

VIII. OUR SUGGESTED SOLUTIONS FOR HOME NETWORKS For the majority of people, their main interest is going to be protecting themselves at home and their home network. Some of the best ways to do this is to make sure you have a password on everything that can have a password. Do not just use an easy password but use a strong password that someone will not be able to guess. By following the steps laid out earlier, one can create a fairly strong password. Another suggestion is to use password manager and a password generator.

One password manager we can suggest is called Keepass (http://keepass.info/) Password Safe[14]. With this manager all you need to remember is the password to get into the program. This program will keep your passwords encrypted on a database and not require you to remember overly complicated passwords. With this we would suggest a random password generator to set all your passwords. Using the random generator will help ensure that it is a completely random jumble of letters and numbers (and in some cases symbols). After getting everything password protected and set, a person should download and install anti-virus and anti-malware software. For free versions of the software, we would suggest AVG Free Anti-virus and MalwareBytes Anti-malware software. Both of these are free software and easy to install and run. There are other pay options which vary in effectiveness. One of the top pay anti-virus software developers is Norton[17], and there is also another major developer named McAfee.[18] These are two of the most trusted anti-virus developers and can be used by almost any level of user. Along with this, Windows users should use the Windows provided firewall and security input into each machine. IX. CONCLUSION To conclude our research, we believe that every user of a network and computer should be able to set up and maintain a good level of defense without having a ton of technical ability. By following the simple steps we have laid out, even the most technically challenged user should be able to set up a good amount of security for their network. The biggest idea that comes through is that a lot of issues can be avoided by using common sense and having a good level of skepticism when dealing with unknown users on the internet. In addition to this, the biggest a network becomes, the more threats it will face and the more security it will need.

References [1]DeVry University. The top 5 cyber security threats that could affect your life. <http://www.devry.edu/know-how/top-5-cybersecurity-threats-that-could-affect-your-life/> [2]Tech Terms Online Dictionary. 2013 <http://www.techterms.com/definition/malware> [3] Tech Terms Online Dictionary. 2013

<http://www.techterms.com/definition/virus> [4] Tech Terms Online Dictionary. 2013 <http://www.techterms.com/definition/worm> [5] Tech Terms Online Dictionary. 2013 <http://www.techterms.com/definition/trojanhorse> [6] Tech Terms Online Dictionary. 2013 <http://www.techterms.com/definition/spyware> [7] Tschabitscher, Heinz. 2013. About.com <http://email.about.com/od/spamandgettingridofit/a/ what_is_spam.htm> [8 ] Dictionary.com, "phishing," in The Free On-line Dictionary of Computing. Source location: Denis Howe. http://dictionary.reference.com/browse/phishing. Available: http://dictionary.reference.com. Accessed: December 02, 2013 [9]Christensen, Brett. 2013. Phishing Scams-AntiPhishing Information <http://www.hoax-slayer.com/phisherscams.html#phishing-characteristics> [10]University of California. August 28, 2013.Password Management-Secure and Robust Passwords <http://cnc.ucr.edu/passwords/securepass.html#create > [11]Chou N.,Ledesma R., Teraguchi Y., Boneh D., and Mitchell J.C.. Client-side defense against web-based identity theft. Stanford University. < http://seclab.stanford.edu/websec/> [12] Sinha S., Bailey M.,Jahanian F. Improving Spam Blacklisting Through Dynamic Thresholding and Speculative Aggregation. University of Michigan. <http://www.eecs.umich.edu/fjgroup/pubs/ndss10_fina l.pdf> [13]University of Oregon. 07-21-2012 Humboldt-Active Phishing Disruption <http://netsec.cs.uoregon.edu/research/humboldt.shtm l> [14]Schneier, Bruce. 2013. KeePass Password Safe <http://keepass.info/ > [15]Physical Security. Cisco. 2013 <http://www.cisco.com/en/US/products/ps6712/index. html> [16]Palo Alto Networks, firewall. <https://www.paloaltonetworks.com/company.html> [17]Symantec by Norton. 2013. < http://us.norton.com/> [18] McAfee software. 2013 < http://www.mcafee.com/us/products/networksecurity/index.aspx> [19]XO Communication. Premised Based Network Security. 2013 <http://www.xo.com/secure/managed-security/>

[20]Cuppens F., Cuppens-Boulahia N., Sans T., Miege A. A formal approach to specify and deploy a network security policy. < http://link.springer.com/chapter/10.1007/0-38724098-5_15#> [21] Network Security, Volume 2002, Issue 6, 1 June 2002,
Pages 1416 <http://dx.doi.org/10.1016/S13534858(02)06011-7> [22] Bishop, M., "What is computer security?," Security & Privacy, IEEE , vol.1, no.1, pp.67,69, Jan.-Feb. 2003 <http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1 176998&isnumber=26429>

[23]Curtain M. Introduction to Network Security. 1997 Kent Information Services. <http://www.interhack.net/pubs/networksecurity/network-security.html >