1 / 56

Introduction to Network Security

2/14/01. Fujitsu Systems Business of America. 2. What is Network Security?. Network security addresses the vulnerabilities to which your organization is exposed as a consequence of being connected to a network.. 2/14/01. Fujitsu Systems Business of America. 3. Topics of Discussion. Who's vulnerable

deanna
Download Presentation

Introduction to Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. 2/14/01 1 Introduction to Network Security Charles Hill Director, Hawaii Operations E-mail: chill@fsba.com Phone: (808) 524-7786

    2. 2/14/01 Fujitsu Systems Business of America 2 What is Network Security? Network security addresses the vulnerabilities to which your organization is exposed as a consequence of being connected to a network.

    3. 2/14/01 Fujitsu Systems Business of America 3 Topics of Discussion Who’s vulnerable? Who’s attacking? What are the kinds of attacks? How do we protect ourselves? What do you do when you’ve been hacked? References and Q&A

    4. 2/14/01 Fujitsu Systems Business of America 4 Who’s vulnerable? Everyone in your organization who uses computers or networks in the process of doing their job. Everyone in your organization who is affected by the information stored in computers. Everyone in your organization. Outsiders who rely on your organization – your customers, the public.

    5. 2/14/01 Fujitsu Systems Business of America 5 Who’s vulnerable? Both Servers and End-Users are subject to attack. Web servers, E-mail servers, File servers, Communications servers, Network devices End-users receiving e-mail, visiting web sites, downloading files, participating in online services

    6. 2/14/01 Fujitsu Systems Business of America 6 Who’s vulnerable? You are exposed to network security threats by: using e-mail (e.g. viruses, worms) using web-browsers (e.g. malicious applets and scripts) simply being connected to the network (protocol hacks, breaking and entering)

    7. 2/14/01 Fujitsu Systems Business of America 7 Who’s vulnerable? From 2000 CSI/FBI Computer Crime and Security Survey of 643 US Organizations 90% of respondents detected computer security breaches w/in last 12 months 74% acknowledged financial losses due to computer breaches

    8. 2/14/01 Fujitsu Systems Business of America 8 Who’s vulnerable? 70% reported a variety of serious computer security breaches other than viruses, laptop theft, or “net abuse” Quantified financial losses from 273 respondents totaled $265,589,940

    9. 2/14/01 Fujitsu Systems Business of America 9 Who’s vulnerable? 20-year-old man arrested for breaking into two computers of NASA’s Jet Propulsion Laboratory. Hacking started in 1998 One computer was used to host chat room devoted to hacking Thousands of usernames and passwords were stolen Reuters News, July 12, 2000

    10. 2/14/01 Fujitsu Systems Business of America 10 Who’s vulnerable? Hacker boosted stock price by posting fake merger press release A hacker boosted the stock of Aastrom Biosciences by 6.5% by posting a fake press release on the company's Web site announcing a merger with California biopharmaceutical company Geron. Reuters News, Feb. 17, 2000

    11. 2/14/01 Fujitsu Systems Business of America 11 Who’s vulnerable? Thousands of Safeway customers received emails that appeared to come from the company, saying Safeway would raise its prices by 25 percent. The emails also said, “If you wanted to shop elsewhere, you could.” Safeway shut down U.K. site after hacker attack on August 12, 2000 Bloomberg News, Aug. 14, 2000

    12. 2/14/01 Fujitsu Systems Business of America 12 Who’s vulnerable? April 1998, “Masters of Downloading” cracked the DISN and stole software used to control vital military GPS satellites used to pinpoint missile strikes, guide troops and assess ground conditions

    13. 2/14/01 Fujitsu Systems Business of America 13 Who’s vulnerable? ILOVEYOU Virus MELISSA Virus Anna Kournikova Virus ( “Here you have, ;o)” ) of last week Denial of Service attack against Microsoft two weeks ago Home users with network connections – dialup or dedicated

    14. 2/14/01 Fujitsu Systems Business of America 14 Who’s attacking? Attacks from within “Within” means originating from inside the LAN/intranet, a “trusted source”

    15. 2/14/01 Fujitsu Systems Business of America 15 Who’s attacking? “Case studies have shown that a vast majority of attacks originate from within an organization. In fact, some studies state that as much as 70% of all attacks from someone within an organization or from someone with inside information (such as an ex-employee).” Chris Brenton, Mastering Network Security, c. 1999, SYBEX Network Press, p.6.

    16. 2/14/01 Fujitsu Systems Business of America 16 Who’s attacking? Sometimes the damage is done without intent People making mistakes Only give root privileges to people who know what they are doing People experimenting with things they’ve heard about “I was just testing this downloaded script....”

    17. 2/14/01 Fujitsu Systems Business of America 17 Who’s attacking? Sometimes the damage is done on purpose Malicious attacks from disgruntled people (e.g. ex-employees) Snoop attacks from nosey co-workers Acts of vandalism Espionage

    18. 2/14/01 Fujitsu Systems Business of America 18 Who’s attacking? Attacks from the Outside “Outside” means originating from anyone/anyplace outside of your LAN/intranet, an unknown source. Sometimes the damage is done without intent.... Sometimes the damage is done on purpose.

    19. 2/14/01 Fujitsu Systems Business of America 19 Who’s attacking? What do they hope to gain? bragging rights, simply to say “I did it!” theft of information theft of service theft of real assets/money defacement/vandalism destruction of data corruption of data

    20. 2/14/01 Fujitsu Systems Business of America 20 Who’s attacking? What do they hope to gain, continued corruption of operational systems controlled by computers (phone system, TV systems, etc.) denial of service plant ‘bots which can be remotely activated and controlled to accomplish any of the attacks listed above using your machine as the host

    21. 2/14/01 Fujitsu Systems Business of America 21 What are the kinds of attacks? Denial of Service (DoS) attacks DoS attacks have one goal – to knock your service off the net. Crash your host Flood your host Flood the network connecting to your host

    22. 2/14/01 Fujitsu Systems Business of America 22 What are the kinds of attacks? Viruses A computer virus attaches itself to files on the target machine Master Boot Sector/Boot Sector viruses File viruses, Macro viruses Stealth viruses, Polymorphic viruses Hoax Viruses http://www.mcafee.com/anti-virus http://www.symantec.com/avcenter

    23. 2/14/01 Fujitsu Systems Business of America 23 What are the kinds of attacks? Trojans, Worms and Backdoors Trojans are programs that appear to perform a desirable and necessary function that perform functions unknown to (and probably unwanted by) the user. Worms are memory resident viruses. Unlike a virus, which seeds itself in the computer's hard disk or file system, a worm will only maintain a functional copy of itself in active memory.

    24. 2/14/01 Fujitsu Systems Business of America 24 What are the kinds of attacks? Worms frequently “sleep” until some event triggers their activity - send password file to hacker, send copy of registry to hacker. Worms and Trojans are frequently methods by which Backdoors are enabled on a system. Backdoors allow hidden access and control of a system (e.g. Back Orifice, BO2K, SubSeven).

    25. 2/14/01 Fujitsu Systems Business of America 25 What are the kinds of attacks? Scanners Programs that automatically detect security weaknesses in remote or local hosts. Tells the hacker: What services are currently running What users own those services Whether anonymous logins are supported Whether certain network services require authentification

    26. 2/14/01 Fujitsu Systems Business of America 26 What are the kinds of attacks? Password Crackers Some actually try to decrypt.... Most simply try “brute force” or intelligent “brute force” Dictionary words, days of year, initials Social Engineering “This is MIS, I need to fix your e-mail box, what’s your password?”

    27. 2/14/01 Fujitsu Systems Business of America 27 What are the kinds of attacks? Sniffers Devices that capture network packets Extremely difficult to detect because they are passive

    28. 2/14/01 Fujitsu Systems Business of America 28 How do we protect ourselves? One product cannot provide full protection The computer networking environment consists of too many different subsystems for one product to provide full protection

    29. 2/14/01 Fujitsu Systems Business of America 29 How do we protect ourselves? Ethernet protocol IP protocol TCP protocol Routing protocols Operating Systems Presentation protocols - HTML, DHTML, XHTML, XML Remote Program execution protocols - VBS, ASP, DCOM, CORBA, JavaScript, Java Applets, Jini Applications - MS Outlook, Netscape Communicator, server SW (MS IIS, etc.)

    30. 2/14/01 Fujitsu Systems Business of America 30 How do we protect ourselves? Anti-virus software Personal Anti-virus SW on your machine Make sure it is set to scan all executables, compressed files, e-mail, e-mail attachments, web pages Keep your virus information files up to date!!!

    31. 2/14/01 Fujitsu Systems Business of America 31 How do we protect ourselves? Firewalls “A combination of hardware and software resources positioned between the local (trusted) network and [an untrusted network]. The firewall ensures that all communication between an organization's network and the Internet connection conforms to the organization's security policy. Firewalls track and control communications, deciding whether to pass, reject, encrypt, or log communications.” Checkpoint Firewall-1 Administration Guide

    32. 2/14/01 Fujitsu Systems Business of America 32 How do we protect ourselves? Types of Firewalls Static Packet Filtering - a.k.a. Access Control Lists Dynamic Packet Filtering - a.k.a. “Stateful Inspection” Proxy - a.k.a. Application Gateway Non-Transparent Transparent

    33. 2/14/01 Fujitsu Systems Business of America 33 How do we protect ourselves?

    34. 2/14/01 Fujitsu Systems Business of America 34 How do we protect ourselves? Today’s firewalls are multi-purpose network security platforms. Well... the best firewalls are multi-purpose network security platforms (Checkpoint Firewall-1): CVP (Content Vector Protocol) UFP (URL Filter Protocol) Bandwidth Management VPN (Virtual Private Networking) Intrusion Detection (MAD)

    35. 2/14/01 Fujitsu Systems Business of America 35 How do we protect ourselves? E-mail Server filters Provide anti-virus protection for e-mail passing through the server Integrate directly with the E-mail Server software - MS Exchange, Lotus Notes, Netscape, cc:Mail, etc. Example products: McAfee GroupShield, Trend Micro ScanMail

    36. 2/14/01 Fujitsu Systems Business of America 36 How do we protect ourselves? Web based protection filters Web Server protection Protects web server from hacking (e.g. AppShield (Sanctum Inc.)) Web Access Control Restricts web sites to which you can connect. Can protect you by not allowing you to go to malicious web sites (e.g. WebSENSE)

    37. 2/14/01 Fujitsu Systems Business of America 37 How do we protect ourselves? More on Web Site/Application hacking Some examples....

    38. 2/14/01 Fujitsu Systems Business of America 38 How do we protect ourselves? Hidden Manipulation Parameter Tampering Cookie Poisoning Stealth Commanding Forceful Browsing BackDoors and Debug Options Configuration Subversion Buffer Overflow Vendor assisted hacking through 3rd-party software vulnerabilities

    39. 2/14/01 39 Example: Medical Records Access Parameter Tampering - SQL Query via CGI Parameters

    42. 2/14/01 42 Example: Money Theft Utilizing Debug Options

    46. 2/14/01 46 Example: Shutting Down a Site Buffer overflow

    52. 2/14/01 Fujitsu Systems Business of America 52 How do we protect ourselves? VPN technologies Access Control Who can talk to us through the network? Authentication How do we know you're who you say you are? Integrity How can we guarantee that what we receive is what you sent? Confidentiality How can we guarantee that no one else can read this information?

    53. 2/14/01 Fujitsu Systems Business of America 53 How do we protect ourselves? Intrusion Detection Systems Suspicious Pattern Detection Looks for known patterns of types of traffic that are common to electronically "casing the joint" Bit Pattern Signature Detection Looks for known signatures of attacks Anomaly Detection - the AI approach Monitors network for a period of time to establish a statistical norm for traffic on the network. Generates alarms when abnormal traffic occurs

    54. 2/14/01 Fujitsu Systems Business of America 54 What do you do when you’ve been hacked? Too big of a topic to go into here.... but it’s a vital part of network security. What can you do to ensure the compromise has been abated? How do you identify what’s been changed? What did you lose? What can you recover?

    55. 2/14/01 Fujitsu Systems Business of America 55 References Hacking Exposed, Network Security Secrets and Solutions, Joel Scambray, Stuart McClure, and George Kurtz, Osborne/McGraw-Hill Mastering Network Security, Chris Brenton, Sybex Network Press Maximum Security, A Hacker's Guide to Protecting Your Internet Site and Network, Anonymous, SAMS Secrets and Lies, Digital Security In A Networked World, Bruce Schneier, John Wiley and Sons

    56. 2/14/01 Fujitsu Systems Business of America 56 References Reputable sites www.hackingexposed.com www.securityfocus.com Questionable sites www.because-we-can.com www.digicrime.com www.insecure.org

More Related