Chapman - Network performance and security: testing and analyzing using open source and low-cost tools

attack

DDoS

malware

penetration testing

volumetric attack

quality of experience (QoE)

perceptual user experience

firewall

IPS/IDS

proxy server

botnet

cross site scripting attack (XSS)

worm

virus

trojan horse attack

zero-day attack

SQL injection attack

hard QoE errors

soft QoE errors

This book is intended to help you practically implement real-world security and optimize performance in your network. Network security and performance is becoming one of the major challenges to the modern information technology (IT) infrastructure. Practical, layered implementation of security policies is critical to the continued function of the organization. I think not a week goes by where we do not hear about data theft, hacking, or loss of sensitive data. If you dig deeper into what actually happens with security breaches, what you read in the news is only a small fraction of the true global threat of inadequate or poorly executed security. One thing that we all hear when an article or a news item is released is excessive amounts of buzz words around security, with little content about how it may have been prevented. The truth is, security mitigation is still in its infant stages, following a very predictable pattern of maturity like other network-based technologies. Performance is another critical part of a well-performing network. Everyone knows they need it, but to test it and measure it is not only a science, but also an art.

I assume that the reader of this book has a desire to learn about practical security techniques, but does not have a degree in cyber security. I assume as a prerequisite to implementing the concepts in this book, the reader has a basic understanding of IT implementation, has a mid level experience with Windows and Active directory, and has had some experience with Linux. Furthermore, my intent in this book is to minimize theory and maximize real-world, practical examples of how you can use readily available open source tools that are free, or relatively low cost, to help harden your network to attacks and test your network for key performance roadblocks before and during deployment in a production network. In fact, the major portion of theory that I will cover is in this chapter, and the focus of that information will be on giving you a baseline understanding in practical deployment and applications of security and performance. I also assume noting, and will take you through execution of best practices.

What is an attack? It is an attempt to gather information about your organization or an attempt to disrupt the normal working operations of your company (both may be considered malicious and generally criminal). Attacks have all the aspects of regular crime, just oriented toward digital resources, namely your network and its data. A threat uses some inefficiency, bug, hole, or condition in the network for some specific objective. The threat risk to your network is generally in proportion to the value or impact of the data in your network, or the disruption of your services no longer functioning. Let me give a few examples to clarify this point. If your company processed a high volume of credit card transactions (say you were an e-commerce business) then the data stored in your network (credit card numbers, customer data, etc.) is a high target value for theft because the relative reward for the criminals is high. (For example, credit card theft in 2014 was as high as $8.6B [source: http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014].) Or, if your business handles very sensitive data, such as patient medical record (which generally have the patient-specific government issued IDs such as social security numbers attached), you are a prime target. In either case, the value of data in your network warrants the investment and risk of stealing it. Say, you are a key logistics shipping company, the value to the attacker may be to disrupt your business, causing wider economic impact (classic pattern for state-sponsored cyber terrorism [example: http://securityaffairs.co/wordpress/18294/security/fireeye-nation-state-driven-cyber-attacks.html]). On the other hand, if you host a personal information blog, it is unlikely that cyber crime will be an issue. To put it bluntly, it is not worth the effort for the attackers. The one variable in all of this is the people who attack network because they can. They tend to use open source exploit tools, and tend to be individuals or very small groups, but can be anywhere on the Internet. We have to be aware of the relative value of our data, and plan security appropriately.