1 / 35

NETE4630 Advanced Network Security and Implementation

NETE4630 Advanced Network Security and Implementation. Supakorn Kungpisdan supakorn@mut.ac.th. Course Descriptions. Lecture: Sunday 12.30PM-3.30PM Lab: Sunday 3.30PM-6.30PM Textbooks

ronald
Download Presentation

NETE4630 Advanced Network Security and Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETE4630: Advanced Network Security and Implementation NETE4630 Advanced Network Security and Implementation Supakorn Kungpisdan supakorn@mut.ac.th

  2. NETE4630: Advanced Network Security and Implementation Course Descriptions • Lecture: Sunday 12.30PM-3.30PM • Lab: Sunday 3.30PM-6.30PM • Textbooks • M. Gregg et al., Hack the Stack: Using SNORT and Ethereal to Master the 8 Layers of An Insecure Network, Syngress, 2006, ISBN 1-59749-109-8 • http://www.msne.mut.ac.th/

  3. NETE4630: Advanced Network Security and Implementation Course Information (cont.) • Evaluation • Quizzes 20% • Assignment 10% • Project 30% • Final exam 40%

  4. NETE4630: Advanced Network Security and Implementation Course Outline • Extending OSI to Network Security • Securing Physical Layer • Securing Data Link Layer • Securing Network Layer • Securing Transport Layer • Securing Session Layer • Securing Presentation Layer • Securing Application Layer • Securing People Layer 10. Advanced Cryptographic Protocols 11. Advanced Topic#1: Mobile Payments 12. Advanced topic#2: Access Controls and Authentication 13. Computer Crime and Computer Forensics 14. Network Security in the Real World #1 15. Network Security in the Real World #2

  5. NETE4630: Advanced Network Security and Implementation Lab Works 40% • Group projects • Check out the list of assigned security project during the lab class • A number of progresses must be reported • Project demonstration periodically • Submit a report of the project assigned

  6. NETE4630: Advanced Network Security and Implementation Task • Work in a group of 10 students • Spend 10 minutes on the following tasks: • (3 students) draw a picture that you can think of before attending the class. • (2 students) as a security administrator, draw a picture that you can imagine what users look like • (3 students) draw a picture that represents an organization network with best security implementation • (2 students) draw a picture that represents the IT Security manager of your organization

  7. Extending OSI to Network Security Lecture 1 Supakorn Kungpisdan supakorn@mut.ac.th

  8. NETE4630: Advanced Network Security and Implementation Roadmap • OSI and People Layer • Mapping OSI to TCP/IP • Current State of IT Security

  9. NETE4630: Advanced Network Security and Implementation OSI Security

  10. NETE4630: Advanced Network Security and Implementation People Layer • Social Engineering Attacks/Dumpster Diving • Attacks usually takes on one of the following angles: • Diffusion of Responsibility: I know the policy is not to give out passwords, but I will take responsibility for this • Identification: We both work for the same company; this benefits everyone • Chance for Ingratiation: This is a win-win situation. The company is going to reward you for helping me in this difficult situation • Trust Relationships: Although I am new here, I am sure I have seen you in the break room • Cooperation: Together we can get this done • Authority: I know what the policy is; I drafted those policies and I have the right to change them

  11. NETE4630: Advanced Network Security and Implementation Application Layer • Traditional network applications are vulnerable to several attacks: • FTP: sniffing cleartext passwords • Telnet: sniffing cleartext passwords • SMTP: spoofing and spamming • DNS: DNS poisoning • TFTP: lack of session management and authentication • HTTP: stateless connection • SNMP: community strings are passed in cleartext and default community strings are well-known • SNMP version 3 offers encryption for more robust security

  12. NETE4630: Advanced Network Security and Implementation Session Layer • Windows NT LanMan (NTLM) is a Microsoft authentication protocol used with SMB (Server Message Block, used to share files in Windows network) protocol for MS remote access protocols • NTLM has a weak encryption (NTLM password can be cracked in less than 1 second) • To create an NTLM password: • Password is stored in uppercase • Pad the password to 14 characters • Divided into seven character parts and hash them • Concatenate two hash values and store as a LAN Manager (LM) hash, which is stored in the SAM (Security Account Manager). • Session hijacking

  13. NETE4630: Advanced Network Security and Implementation Session Layer (cont.) • NetBIOS allows applications of different systems to communicate through the LAN • Hosts using NetBIOS systems identify themselves using a 15-character unique name. • NetBIOS is used in conjunction with SMB, which allows for the remote access of shared directories and files. • It also gives attackers the ability to enumerate systems and gather user names and accounts, and share information • Almost every script kiddie and junior league hacker has exploited the nbtstat, net view, then net use command • net use is used to map drive on Windows network

  14. NETE4630: Advanced Network Security and Implementation Transport Layer • UDP is connectionless; it is vulnerable to DoS and easy to spoof • TCP allows hackers to gather information about targets • From illegal flag settings, NULL and XMAS, to SYN and RST, TCP helps attackers identify services and operating systems

  15. NETE4630: Advanced Network Security and Implementation Network Layer • IPv4 has no security services built in • Vulnerable to various attacks: • Source routing • DoS • Idle scan (or IPID scan) • Smurf DoS attack on ICMP protocol • Convert channel on ICMP protocol using Loki • IPSec is now a component of IPv6

  16. NETE4630: Advanced Network Security and Implementation Data Link Layer • Address Resolution Protocol (ARP) resolves logical to physical addresses • Vulnerable to ARP Poisoning (Dsniff and Ettercap) and passive sniffing

  17. NETE4630: Advanced Network Security and Implementation Physical Layer • An open port in the conference room, or an unused office could be the foothold needed to breach the network or gain access to a server • If someone gains physical access to an item, they can control it.

  18. NETE4630: Advanced Network Security and Implementation Stack Attacks and Vulnerabilities

  19. NETE4630: Advanced Network Security and Implementation Virus Scanners PGP S/MIME Privacy Enhanced Mail (PEM) SSH SET Terminal Access Controller Access Control System (TACACS) Kerberos SSL and TLS Windows Sockets (SOCKS) Secure RPC (S/RPC) IPSec PPTP Challenge Handshake Authentication Protocol (CHAP) Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Packet Filters NAT Fiber Cable Secure Coding Countermeasure Found in Each Layer

  20. NETE4630: Advanced Network Security and Implementation Roadmap • OSI and People Layer • Mapping OSI to TCP/IP • Current State of IT Security

  21. NETE4630: Advanced Network Security and Implementation Physical Security • Egyptians used locks more than 2,000 years ago. It the information is important, it was carved in stone or later written on paper • The loss of information usually meant the loss of critical assets, because knowledge is power • Even when information was not in transit, many levels of protection were typically used to protect it • including guards, walls, dogs, motes, and fences

  22. NETE4630: Advanced Network Security and Implementation Communications Security • A means of communication security was found in the discovery of encryption • Skytale • ATBASH • In the ninth century, Abu al-Kindi published “A Manuscript on Deciphering Cryptographic Messages” • National Security Agency (NSA) became involved at the beginning of the twentieth century • William Frederick Friedman, on of the best cryptologists of all time, helped break Japanese cryptographic schemes

  23. NETE4630: Advanced Network Security and Implementation Signal Security • Coreless phone had no security. It is easy to intercept conversation • Early cell phones were also easily intercepted • TEMPEST program, a US-led initiative designed to develop shielding for equipment to make it less vulnerable to signal theft • Spread Spectrum technology improves security and reliability • Direct-sequence Spread Spectrum (DSSS) • Frequency-hopping Spread Spectrum (FHSS)

  24. NETE4630: Advanced Network Security and Implementation Computer Security • Computer Security is focused on secure computer operations • A number of access control models: • Bell LaPadula model was designed to protect confidentiality of information • Clark Wilson model was the first integrity model • Separation of Duties: subjects must access data through an application, and auditing is required

  25. NETE4630: Advanced Network Security and Implementation Computer Security (cont.) • Trusted Computing System Evaluation Criteria (TCSEC) known as “Orange Book” (in the rainbow series of DoD) defines confidentiality of computer systems according to the following scales: • A (A1): Verified Protection: The highest security division • B (B1-B3): Mandatory Security: Has mandatory protection of the trusted computing base (TCB) • C (C1-C2): Discretionary Protection: Provides discretionary protection of the TCB • D: Minimal Protection: Failed to meet any of the standards of A, B, or C; has to security controls

  26. NETE4630: Advanced Network Security and Implementation TCSEC (Orange Book)

  27. NETE4630: Advanced Network Security and Implementation Network Security • Need for network security was highlighted by the highly successful attacks e.g. Nimda, CodeRed, and SQL Slammer • Such exploits highlight the need for better network security • Several tools have been deployed to prevent such attacks

  28. NETE4630: Advanced Network Security and Implementation Information Security • Only physical security, communication security, signal security, computer security, and network security are not enough to solve all security risks • Only when combined together and examined from the point of information security can we start to build a complete picture.

  29. NETE4630: Advanced Network Security and Implementation Information Security (cont.) • It also requires • senior management support, • good security policies, • risk managements, • employee training, • vulnerability testing, • patch management, • good code design, and so on

  30. NETE4630: Advanced Network Security and Implementation Vulnerability Testing • Vulnerability Testing includes a systematic examination of an organization’s network, policies, and security controls • The purpose is to • determine the adequacy of security measures, • identify security deficiencies, • provide data from which to predict the effectiveness of potential security measures, • confirm the adequacy of such measures after implementation

  31. NETE4630: Advanced Network Security and Implementation Security Testing • Security Audits • Vulnerability Scanning • Ethical Hacks (Penetration Testing) • Stolen Equipment Attack • Physical Entry • Signal Security Attack • Social Engineering Attack

  32. NETE4630: Advanced Network Security and Implementation Security Testing (cont.) • Open Source Security Testing Methodology Manual (OSSTMM) divides security reviews into six key points: • Physical Security • Internet Security • Information Security • Wireless Security • Communications Security • Social Engineering

  33. NETE4630: Advanced Network Security and Implementation Finding and Reporting Vulnerabilities • During security testing, it is necessary to keep management know about it. Do not let them know at the completion of the testing • Need to report findings before developing a final report • Focus on what is found and its potential impact, not on its solutions • People don’t like to hear about problems • www.cert.org has developed a way to report anonymously at www.cert.org/reporting/vulnerability_form.txt

  34. NETE4630: Advanced Network Security and Implementation Readings • Chapter 2: The Physical Layer, Hack-the Stack • James Messer, Secrets of Network Cartography: A Comprehensive Guide to nmap, http://www.networkuptime.com/nmap/index.shtml

  35. Question? Next week Physical Layer Security

More Related