1 / 27

Network Security

Network Security. Onno W. Purbo onno@indo.net.id. Buku. Keamanan Jaringan Internet Toko Buku Gramedia. http://www.sans.org. http://www.rootshell.com. Overview Roadmap SANS. Integrating Security Into Your Site How to Get the Work Done Where to Find the Right Information

mascarenas
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Onno W. Purbo onno@indo.net.id

  2. Buku • Keamanan Jaringan Internet • Toko Buku Gramedia

  3. http://www.sans.org

  4. http://www.rootshell.com

  5. Overview Roadmap SANS • Integrating Security Into Your Site • How to Get the Work Done • Where to Find the Right Information • Pitfalls and Vulnerabilities

  6. Integrating Security Into Your Site

  7. Integrating Security Into Your Site • How do you justify the security infrastructure investment? • How do you determine your site's security mission statement? • What are the key elements of a successful security awareness training program? • What are the key elements of a good security infrastructure? • What are some common security problems which continue to plague many sites?

  8. How to Get the Work Done

  9. How to Get the Work Done • duties of security support personnel? • ensure or document security infrastructure? • types of security tools and the most popular tools in use today? • Where can you find some consolidated information security vulnerabilities? • find vendor-specific security patches? • find many of the public domain security tools? • seven items when responding to incident? • five low-cost security improvements?

  10. 7 items to remember? • Follow your organization’s policies and procedures. • Contact incident response agencies. • Communication via out-of-band (e.g., a phone call). • Document your actions. • Make copies of files the intruders may have left or touched & store them off-line. • If you are unsure of what actions to take, seek additional help and guidance. • Contact law enforcement officials.

  11. 5 low-cost improvements • Document and publish what you expect. • Configure your routers to deny all unnecessary incoming traffic. • Keep sendmail properly configured and updated.  • Use freeware vulnerability assessment tools. Publish the results. • Install freeware host and network based auditing and traffic analysis tools on critical hosts.

  12. Where to Find the Right Information

  13. Where to Find the Right Information • What are some incident response centers? • Where can you find vendor-specific security information? • What are some of the good security web sites? • What are some good security books? • What are some good security mailing lists?

  14. Good security web sites? • ftp://ciac.llnl.gov/pub/ciac/sectools/unix/ • ftp://ftp.cerias.purdue.edu • ftp://ftp.cert.org/pub/tools/ • ftp://ftp.win.tue.nl/pub/security/ • ftp://ftp.funet.fi/pub/unix/security/

  15. Pitfalls and Vulnerabilities

  16. Pitfalls and Vulnerabilities • What are some of the frequently targeted system binaries and directories? • What are some common Internet attack methods in use today? • What are some common problems with security perimeter implementations?

  17. /bin/login /usr/etc/in.telnetd /usr/etc/in.ftpd /usr/etc/in.tftpd /usr/ucb/netstat /bin/ps /bin/ls /usr/sbin/ifconfig /bin/df /usr/lib/libc.a /usr/ucb/cc /.rhosts /etc/hosts.equiv /bin/.rhosts /etc/passwd /etc/group /var/yp/* (nis maps) root environment files (.login, .cshrc, .profile, .forward) targeted system binaries & directories?

  18. Common Internet attack? • Exploitation vulnerabilities in vendor programs. • Exploitation of cgi-bin vulnerabilities. • Email bombing, spamming & relaying. • Exploitation anon-FTP & web servers. • Exploitation of named/BIND vulnerabilities. • Exploitation of MTA & mail readers. • Denial of Services (DoS) attacks. • Sending hostile code & attack programs as mail attachments.

  19. Security perimeter implementations? • Further security checks & controls are needed on internal network. • Members can request analog lines at workspace & bypassing the security perimeter. • Some network services (e.g., ftp, tftp, http, sendmail) destined for internal hosts are passed through the security perimeter control points unscreened.

  20. Security perimeter implementations? • The firewall hosts or routers accept connections from multiple hosts on the internal network and from hosts on the DMZ network • Access lists are often configured incorrectly, allowing unknown and dangerous services to pass through freely.

  21. Security perimeter implementations? • Logging of connections through the security perimeter is either insufficient or not reviewed on a regular basis. • People frequently implement encrypted tunnels through their security perimeter without fully considering the security of the endpoints of the tunnel.

More Related