1 / 32

Beginning Network Security

Beginning Network Security. Monitor and control flow into and out of the LAN Ingress Egress Only let in the good guys Only let out the corp. business. How do they get in?. Vulnerable services Unexpected format and/or quantity Inside information Accounts, passwords & configuration

evelina-jara
Download Presentation

Beginning Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Beginning Network Security • Monitor and control flow into and out of the LAN • Ingress • Egress • Only let in the good guys • Only let out the corp. business

  2. How do they get in? • Vulnerable services • Unexpected format and/or quantity • Inside information • Accounts, passwords & configuration • Lack of access control • Weak/no passwords • Virus payloads • Unsafe computing practices

  3. Where do they get in? • Network Services • Intentional • Unintentional • User Conveniences • File Sharing • File servers • Spy-ware Conveniences • BAD e-mail Practices • Phishing scams • Loop Backs • Peer-to-Peer

  4. What do they get out? • Intellectual Property • myfip • Spam • remailers • Tunes & toons • server • DoS platform

  5. Network servicesIntentional • ftp • telnet • DNS • Mail servers • http • ssh • https • Web servers

  6. Network ServicesUnintentional • Trojans • Spyware • Web services • e-Wallets • e-Cash • Peer-to-Peer networks • Bots • Bot servers • Virus payload

  7. Traffic Flow Source Destination Category Internal Internal Internal Internal External Outbound External Internal Inbound

  8. Secure Shell Protocolssh Client Server Client connects to server's ssh port (22) New connection Server acknowledges client Established connection

  9. Secure Shell Protocolssh • Conn. Src Dest Protocol Src Dst SYN ACK Notes • State Addr. Addr. Port Port • New client server TCP >1023 22 Yes No Client opens • ssh connection • Est server client TCP 22 >1023 Yes Yes Server acknowledges • client • Est client server TCP >1023 22 No Yes Connection • established • Est server client TCP 22 >1023 No Yes Connection • established

  10. File Transfer Protocolftp Server Client User port User port Port 20 data Port 21 cmnd's Client connects to server's ftp command port (21) New connection command port Server acknowledges client Confirm command connection port Server connects to client's ftp data port New connection data port Confirm connection data port Client acknowledges server

  11. File Transfer Protocolftp • Conn. Src Dest Protocol Src Dst SYN ACK Notes • State Addr. Addr. Port Port • New client server TCP >1023 21 Yes No Client opens • ftp connection • Est server client TCP 21 >1023 Yes Yes Server acknowledges • client • Rel server client TCP 20 >1023 Yes No Server opens ftp data • connection to client • Est client server TCP >1023 20 Yes Yes Client acknowledges • connection to server • Est server client TCP 20 >1023 No Yes Established TCP data • connection - server to client • Est client server TCP >1023 21 No Yes Established TCP command • connection - client to server

  12. Http • Conn. Src Dest Protocol Src Dst SYN ACK Notes • State Addr. Addr. Port Port • New client server TCP >1023 80 Yes No Client opens • http connection • Est server client TCP 80 >1023 Yes Yes Server acknowledges • client • Est client server TCP >1023 80 No Yes Connection • established • Est server client TCP 80 >1023 No Yes Connection • established

  13. What to do? • Control! • Who gets in • What comes in • Who goes out • What goes out • What services are offered • Privileges

  14. Blockers and Observers • Blockers • Filters • Firewalls • ACLs • Observers • IDS

  15. Packet Filters • Look at the packet • Varying depths of information in headers • Accept or reject • Depending on rules and filter type • Three types • Static • Statefull • Proxy

  16. Static Packet Filters • Inspect only the IP address and packet header • Each packet is accepted or rejected base only on the info in that packet • Fast • Simple

  17. Stateful Packet Filters • Tracks the state of each connection • Maintains a state table of every connection • Remembers permitted traffic • Accepts or rejects based on the packet's place in a state table

  18. TCPConnection-oriented Protocol • TCP • Connection states are well defined • Start-up • Connected • Shutting down

  19. TCP StatesRFC 793 • CLOSED • Non-state • LISTEN • Server waiting for a connection • SYN-SENT • Host sent a SYN • Waiting for a SYN-ACK • SYN-RCVD • Host receivec SYN • Sent SYN-ACK • ESTABLISHED • After SYN , SYN-ACK, ACK have been sent • FIN-WAIT-1 • After the initial FIN is sent asking for a graceful shutdown • CLOSE-WAIT • Host's state after FIN received and ACK has been sent

  20. TCP StatesRFC 793 • FIN-WAIT-2 • Host has received ACK in response to it's FIN and waits for the final FIN • LAST-ACK • State of host who has sent the second FIN to gracefully close waits for acknowledgement • TIME-WAIT • State of initiating host having sent final ACK to a received ACK. Wait for a specific time, no response is expected • CLOSING • The state employed when a non-standard simultaneous close is used

  21. TCP States3 way handshake Client Server CLOSED LISTEN SYN-SENT SYN SYN-RCVD SYN ACK ESTABLISHED ACK ESTABLISHED

  22. TCP StatesGraceful Shutdown Client Server ESTABLISHED FIN_WAIT_1 FIN CLOSE_WAIT ACK FIN_WAIT_2 FIN LAST_ACK TIME_WAIT ACK CLOSED

  23. TCP StatesSimultaneous Shutdown Client Server FIN FIN_WAIT_1 FIN_WAIT_1 FIN ACK CLOSING CLOSING ACK TIME_WAIT TIME_WAIT

  24. UDP – States • Is connectionless • Has no connection concept • Has no sequence numbers • IP addresses and ports are all we have • Pseudo-states are based on IP and ports • Shutdown is based on time out • ICMP is UDP's error handler • UDP/ICMP relation is important for pseudo-state tracking

  25. Firewall • Purpose • Control Inbound and outbound traffic • Control in accordance with a set of rules • Reduce risk of LAN compromise • Ensure you are a good network citizen • Configuration • Multi-ported host • Set of rules and actions • Set of states

  26. Firewalls • Computer System • Actions • Rules • States

  27. FirewallsSystem • Computer System • Fast • Memory • At least 2 network interfaces • Internal • External • Sometimes only 1 interface • A desktop that does no routing

  28. FirewallsActions • Firewalls inspect all inbound and outbound network traffic • Three actions possible • Accept – permit flow • Reject – send icmp error message • Drop – stealth mode • Logs action

  29. FirewallsRules • Ingress rules – actions for inbound packets • Egress rules – actions for outbound packets Example: Src Addr. Dest Addr. Protocol Src Port Dst Port SYN FIN Action any 172.16.13.3 TCP >1023 22 Yes No Accept

  30. FirewallsStates • New • Packets establishing a connection (tcp) • Established • Connection established and packet is related • Related • Packet is related to an established connection but different protocol or port • Invalid • Not one of the above

  31. FirewallsInternet Services • Application protocols will determine the firewall rules • Crucial to know how a connection is established • Crucial to know how a connection is maintained

  32. FirewallsInfo for Rules Connection state Source IP Destination IP Protocol • Source port • Destination port • SYN flag • ACK flag

More Related