1 / 18

CS682- Network Management and Security

CS682- Network Management and Security. Prof. Katz. The Hacker Mentality. The term was originally used to mean someone who made software do that which the programmer did not intend. Over time it was adapted to classify those who do the above for illegal purposes. Different types of hackers.

dai
Download Presentation

CS682- Network Management and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CS682- Network Management and Security Prof. Katz

  2. The Hacker Mentality • The term was originally used to mean someone who made software do that which the programmer did not intend. • Over time it was adapted to classify those who do the above for illegal purposes

  3. Different types of hackers • Network Hackers – Continuously pound on networks looking for holes • Phreaks – Hardware hackers • Crackers – Code breakers • Most hackers believe they are “elite” and will not get caught. Some are right, most are wrong.

  4. Evolution of a hacker • Hackers recently have been High School or undergraduate students. • After learning all they can about the target they begin trying to find a solution to let them in

  5. After a hacker gets in • The hacker will contact the system administrator • The hacker will retrieve the desired data • The hacker will deface the machine

  6. Common forms of entry • Easy passwords • Unpatched servers (known attacks) • Security recommendations unfollowed • Buffer overflows

  7. Progression of a hack • The hacker will initially determine all available information about the target network • The hacker will select a target which has the least amount of protection, which will allow him to get the data he wants. • The target will be compared against well known attacks • If source code is available for the target’s systems, the hacker will examine the code for new ways in. • The hacker may attempt to gain access to the password database. • The hacker will attempt brute force access to the system • The hacker may attempt to gain physical access to the system.

  8. What tools are available? • If the hacker has programming experience, he can create his own tools • Commercially available tools are often free • nmap (www.insecure.org/nmap) • L0phtcrack • Tcpdump (network monitors) • Various assorted tools designed to scan for well known attacks.

  9. RFC-1918 / NAT

  10. RFC-1918 • Hosts not connected to the Internet do not need unique addresses • Hosts connected through a proxy server or Address Translation device do not need unique addresses • NB: The proxy server or NAT device will need at least 1 unique address!

  11. Network Address Translation • IP Address theory provides 4,294,967,296 unique IP addresses. Because of Subnetting we’ve used almost the entire domain. • NAT allows us to use RFC1918 (fake, illegal) addresses for our LAN and have only a few addresses seen on the Internet

  12. Types of NAT • One-to-One: Does not eliminate the number of used IP addresses, but provides for greater security • One-to-Many: Wastes IP addresses, only done when necessary for security • Many-to-One: One real address is used by many fake addresses

  13. Concepts of NAT • Only important if • Every machine needs an IP address unique to its network • Networks need at least one unique address • When data traverses a NAT device the TCP and IP headers will be changed and in some cases the data will be changed too

  14. How NAT works

  15. Why is NAT secure • In Many-to-One NAT, connections are never allowed from the outside to the LAN unless they are expected (ie FTP) • Generally in One-To-One NAT open ports must be indicated and connections specifically allowed • Outside individuals have no concept of the layout of the LAN

  16. Problems with NAT • Non-OSI compliant protocols will not work without special consideration • Protocols which make a connection back to the original host will not work • Sometimes difficult to install/maintain • Sometimes costly

  17. NAT Devices • All Cable Modem/DSL Routers • Checkpoint Firewall-1 • Linux • CISCO IOS • Windows 2000

  18. Linux NAT

More Related