320 likes | 427 Views
NETE4630 Advanced Network Security and Implementation. Supakorn Kungpisdan supakorn@mut.ac.th. Course Descriptions. Lecture: Sunday 12.30PM-3.30PM Lab: Sunday 3.30PM-6.30PM Textbooks
E N D
NETE4630 Advanced Network Security and Implementation Supakorn Kungpisdan supakorn@mut.ac.th NETE4630
Course Descriptions • Lecture: Sunday 12.30PM-3.30PM • Lab: Sunday 3.30PM-6.30PM • Textbooks • M. Gregg et al., Hack the Stack: Using SNORT and Ethereal to Master the 8 Layers of An Insecure Network, Syngress, 2006, ISBN 1-59749-109-8 • http://www.msit.mut.ac.th/ NETE4630
Course Information (cont’d) • Evaluation • Quizzes 20% • Assignment 10% • Project 30% • Final exam 40% NETE4630
Course Outline • Extending OSI to Network Security • Securing Physical Layer • Securing Data Link Layer • Securing Network Layer • Securing Transport Layer • Securing Session Layer • Securing Presentation Layer • Presentation#1 • Securing Application Layer • Securing People Layer • Cryptanalysis • Advanced Cryptographic Protocols • Advanced Topic#1: Mobile Payments • Advanced topic#2: Access Controls and Authentication • Presentation#2 NETE4630
Extending OSI to Network Security Lecture 1 Supakorn Kungpisdan supakorn@mut.ac.th NETE4630
Roadmap • OSI and People Layer • Common Stack Attacks • Mapping OSI to TCP/IP • Current State of IT Security NETE4630
OSI Security NETE4630
Roadmap • OSI and People Layer • Common Stack Attacks • Mapping OSI to TCP/IP • Current State of IT Security NETE4630
People Layer • Social Engineering Attacks • Dumpster Diving • Attacks usually takes on one of the following angles: • Diffusion of Responsibility: I know the policy is not to give out passwords, but I will take responsibility for this • Identification: We both work for the same company; this benefits everyone • Chance for Ingratiation: This is a win-win situation. The company is going to reward you for helping me in this difficult situation • Trust Relationships: Although I am new here, I am sure I have seen you in the break room • Cooperation: Together we can get this done • Authority: I know what the policy is; I drafted those policies and I have the right to change them NETE4630
Application Layer • Traditional network applications are vulnerable to several attacks: • FTP: sniffing cleartext passwords • Telnet: sniffing cleartext passwords • SMTP: spoofing and spamming • DNS: DNS poisoning • TFTP: lack of session management and authentication • HTTP: stateless connection • SNMP: community strings are passed in cleartext and default community strings are well-known NETE4630
Session Layer • Windows NT LanMan (NTLM) authentication system has a weak encryption (NTLM password can be cracked in less than 1 second) • To create an NTLM password: • Password is stored in uppercase • Pad the password to 14 characters • Divided into seven character parts and hash them • Concatenate two hash values and store as a LAN Manager (LM) hash, which is stored in the SAM. • Session hijacking NETE4630
Session Layer (cont.) • NetBIOS allows applications of different systems to communicate through the LAN • Hosts using NetBIOS systems identify themselves using a 15-character unique name. • NetBIOS is used in conjunction with SMB, which allows for the remote access of shared directories and files. • It also givers attackers the ability to enumerate systems and gather sue names and accounts, and share information • Almost every script kiddie and juniour league hacker has exploited the net use command NETE4630
Transport Layer • UDP is connectionless; it is vulnerable to DoS and easy to spoof • TCP allows hackers to gather information about targets • From illegal flag settings, NULL and XMAS, to SYN and RST, TCP helps attackers identify services and operating systems NETE4630
Network Layer • IPv4 has no security services built in • Vulnerable to various attacks: • Source routing • DoS • Idle scan (or IPID scan) • Smurf Dos attack on ICMP protocol • Convert channel on ICMP protocol using Loki • IPSec is now a component of IPv6 NETE4630
Data Link Layer • Address Resolution Protocol (ARP) resolves logical to physical addresses • Vulnerable to ARP Poisoning and passive sniffing NETE4630
Physical Layer • An open port in the conference room, or an unused office could be the foothold needed to breach the network or gain access to a server • If someone gains physical access to an item, they can control it. NETE4630
Stack Attacks and Vulnerabilities NETE4630
Virus Scanners PGP S/MIME Privacy Enhanced Mail (PEM) SSH SET Terminal Access Controller Access Control System (TACACS) Kerberos SSL and TLS Windows Sockets (SOCKS) Secure RPC (S/RPC) IPSec PPTP Challenge Handshake Authentication Protocol (CHAP) Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Packet Filters NAT Fiber Cable Secure Coding Countermeasure Found in Each Layer NETE4630
Roadmap • OSI and People Layer • Common Stack Attacks • Mapping OSI to TCP/IP • Current State of IT Security NETE4630
Physical Security • Egyptians used locks more than 2,000 years ago. It the information is important, it was carved in stone or later written on paper • The loss of information usually meant the loss of critical assets, because knowledge is power • Even when information was not in transit, many levels of protection were typically used to protect it • including guards, walls, dogs, motes, and fences NETE4630
Communications Security • A means of communication security was found in the discovery of encryption • Skytale • ATBASH • In the ninth century, Abu al-Kindi published “A Manuscript on Deciphering Cryptographic Messages” • National Security Agency (NSA) became involved at the beginning of the twentieth century • William Frederick Friedman, on of the best cryptologists of all time, helped break Japanese cryptographic schemes NETE4630
Signal Security • Coreless phone had no security. It is easy to intercept conversation • Early cell phones were also easily intercepted • TEMPEST program, a US-led initiative designed to develop shielding for equipment to make it less vulnerable to signal theft • Spread Spectrum technology improves security and reliability • Direct-sequence Spread Spectrum (DSSS) • Frequency-hopping Spread Spectrum (FHSS) NETE4630
Computer Security • Computer Security is focused on secure computer operations • A number of access control models: • Bell LaPadula model was designed to protect confidentiality of information • Clark Wilson model was the first integrity model • Separation of Duties: subjects must access data through an application, and auditing is required NETE4630
Computer Security (cont.) • Trusted Computing System Evaluation Criteria (TCSEC) known as “Orange Book” defines confidentiality of computer systems according to the following scales: • A: Verified Protection: The highest security division • B: Mandatory Security: Has mandatory protection of the TCB • C: Discretionary Protection: Provides discretionary protection of the TCB • D: Minimal Protection: Failed to meet any of the standards of A, B, or C; has to security controls NETE4630
Network Security • Need for network security was highlighted by the highly successful attacks e.g. Nimda, CodeRed, and SQL Slammer • Such exploits highlight the need for better network security • Several tools have been deployed to prevent such attacks NETE4630
Information Security • Only physical security, communication security, signal security, compute security, and network security are not enough to solve all security risks • Only when combined together and examined from the point of information security can we start to build a complete picture. NETE4630
Information Security (cont.) • It also requires • senior management support, • good security policies, • risk managements, • employee training, • vulnerability testing, • patch management, • good code design, and so on NETE4630
Vulnerability Testing • Vulnerability Testing includes a systematic examination of an organization’s network, policies, and security controls • The purpose is to • determine the adequacy of security measures, • identify security deficiencies, • provide data from which to predict the effectiveness of potential security measures, • confirm the adequacy of such measures after implementation NETE4630
Security Testing • Security Audits • Vulnerability Scanning • Ethical Hacks (Penetration Testing) • Stolen Equipment Attack • Physical Entry • Signal Security Attack • Social Engineering Attack NETE4630
Security Testing (cont.) • Open Source Security Testing Methodology Manual (OSSTMM) divides security reviews into six key points: • Physical Security • Internet Security • Information Security • Wireless Security • Communications Security • Social Engineering NETE4630
Finding and Reporting Vulnerabilities • During security testing, it is necessary to keep management know about it. Do not let them know at the completion of the testing • Need to report findings before developing a final report • Focus on what is found and its potential impact, not on its solutions • People don’t like to hear about problems • www.cert.org has developed a way to report anonymously at www.cert.org/reporting/vulnerability_form.txt NETE4630
Question? Next week Physical Layer Security NETE4630