630 likes | 763 Views
Guide to Network Defense and Countermeasures Second Edition. Chapter 1 Network Defense Fundamentals. Objectives. Explain the fundamentals of TCP/IP networking Describe the threats to network security Explain the goals of network security Describe a layered approach to network defense
E N D
Guide to Network Defense and CountermeasuresSecond Edition Chapter 1 Network Defense Fundamentals
Objectives • Explain the fundamentals of TCP/IP networking • Describe the threats to network security • Explain the goals of network security • Describe a layered approach to network defense • Explain how network security defenses affect your organization Guide to Network Defense and Countermeasures, Second Edition
TCP/IP Networking Review • Transmission Control Protocol/Internet Protocol (TCP/IP) • Suite of many protocols • Allows information to be transmitted from point to point on a network Guide to Network Defense and Countermeasures, Second Edition
The Open Systems Interconnect (OSI) Model Guide to Network Defense and Countermeasures, Second Edition
IP Addressing • Attackers can gain access to networks by determining IP addresses of computers • IP address components • Network address • Host address • Subnet mask • Try to hide IP addresses to prevent certain attacks • Network Address Translation (NAT) • Translate IP addresses into other IP addresses • Used to hide real IP addresses • Proxy servers are also used to hide IP addresses Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
Exploring IP Packet Structure • IP datagrams • Discrete chunk of information • TCP/IP messages are transmitted using multiple datagrams • Contain information about source and destination IP addresses and control settings • Divided into different sections • IP header structure • Part of an IP packet that computers used to communicate • IP header plays an important role in terms of network security and intrusion detection Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
Exploring IP Packet Structure (continued) • IP data • Firewalls, VPNs and proxy servers are used to protect data in a packet • IP fragmentation • Allows large packets to pass through routers • Routers divide packets into multiple fragments and send them along the network • Fragmentation creates security problems • Port numbers appear only in fragment 0 • Fragments 1 and higher pass through filters without being scrutinized Guide to Network Defense and Countermeasures, Second Edition
ICMP Messages • Internet Control Message Protocol (ICMP) • Assists TCP/IP networks with troubleshooting communication problems • Can tell if another host is alive • Firewalls and packet filters should be used to filter ICMP messages Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
TCP Headers • Provide hosts with additional flags • Flags are important from a security standpoint • Used to create packet-filtering rules • Flags • URG (urgent) • ACK (acknowledge) • PSH (push function) • RST (reset the connection) • SYN (synchronize sequence numbers) • FIN (finished) Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
UDP Headers • UDP provides a datagram transport service for IP • UDP is considered unreliable • Because it is connectionless • UDP is used for broadcasting messages • Attackers scan for open UDP services to exploit • UDP packets have their own headers Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
Domain Name Service (DNS) • DNS servers translate fully qualified domain names to IP addresses • DNS can be used to block unwanted communications • Administrators can block Web sites containing offensive content • DNS attacks • Buffer overflow • Zone transfer • Cache poisoning Guide to Network Defense and Countermeasures, Second Edition
Encryption • Concealing information to render it unreadable • Except to the intended recipients • Firewalls often encrypt data leaving the network and decrypt incoming packets • Encryption often makes use of digital certificates • Digital certificate • Electronic document containing encryption keys and a digital signature • Public Key Infrastructure • Makes possible distribution of certificates Guide to Network Defense and Countermeasures, Second Edition
Overview of Threats to Network Security • Security problems • Network intrusions • Loss of data • Loss of privacy • First step in defeating the enemy is to know your enemy Guide to Network Defense and Countermeasures, Second Edition
Types of Attackers • Knowing the types of attackers helps you anticipate • Motivation to break into systems • Status • Revenge • Financial gain • Industrial espionage Guide to Network Defense and Countermeasures, Second Edition
Types of Attackers (continued) • Crackers • Attempt to gain access to unauthorized resources • Circumventing passwords, firewalls, or other protective measures • Disgruntled employees • Access customer information, financial files, job records, or other sensitive information from inside an organization • When an employee is terminated, security measures should be taken immediately Guide to Network Defense and Countermeasures, Second Edition
Types of Attackers (continued) • Criminal and Industrial Spies • Steal and sell a company’s confidential information to its competitors • Script Kiddies and Packet Monkeys • Script kiddies • Young, immature computer programmers • Spread viruses and other malicious scripts • Use techniques to exploit known weakness • Packet monkeys • Block Web site activities using DDoS attacks Guide to Network Defense and Countermeasures, Second Edition
Types of Attackers (continued) • Terrorists • Attack computer systems for several reasons • Making a political statement • Achieving a political goal • Causing damage to critical systems • Disrupting a target’s financial stability Guide to Network Defense and Countermeasures, Second Edition
Malicious Code • Malware • Malicious code • Use system’s well known vulnerabilities to spread • Virus • Code that copies itself surreptitiously • Can be benign or harmful • Spread methods • Running executable code • Sharing disks or memory sticks • Opening e-mail attachments Guide to Network Defense and Countermeasures, Second Edition
Malicious Code (continued) • Worm • Creates files that copy themselves and consume disk space • Does not require user intervention to be launched • Some worms install back doors • A way of gaining unauthorized access to computer or other resources • Others can destroy data on hard disks • Trojan program • Harmful computer program that appears to be something useful • Can create a back door Guide to Network Defense and Countermeasures, Second Edition
Malicious Code (continued) • Macro viruses • Macro is a type of script that automates repetitive tasks in Microsoft Word or similar applications • Macros run a series of actions automatically • Macro viruses run actions that tend to be harmful Guide to Network Defense and Countermeasures, Second Edition
Other Threats to Network Security • It is not possible to prepare for every possible risk to your systems • Try to protect your environment for today’s threat • Be prepared for tomorrow’s threats Guide to Network Defense and Countermeasures, Second Edition
Social Engineering: The People Factor • Social engineers try to gain access to resources through people • Employees do not always observe accepted security practices • Employees are fooled by attackers into giving out passwords or other access codes Guide to Network Defense and Countermeasures, Second Edition
Common Attacks and Defenses Guide to Network Defense and Countermeasures, Second Edition
Common Attacks and Defenses (continued) Guide to Network Defense and Countermeasures, Second Edition
Common Attacks and Defenses (continued) Guide to Network Defense and Countermeasures, Second Edition
Internet Security Concerns • Socket • Port number combined with a computer’s IP address • Attacker software looks for open sockets • Open sockets are an invitation to be attacked • Sometimes sockets have exploitable vulnerabilities • E-mail and Communications • Home users regularly surf the Web, use e-mail and instant messaging programs • Personal firewalls keep viruses and Trojan programs from entering a system Guide to Network Defense and Countermeasures, Second Edition
Internet Security Concerns (continued) • Scripts • Executable code attached to e-mail messages or downloaded files that infiltrates a system • Difficult for firewalls and IDSs to block all scripts • Always-on Connectivity • Computers using always-on connections are easier to locate and attack • Remote users pose security problems to network administrators • Always-on connections effectively extend the boundaries of your corporate network Guide to Network Defense and Countermeasures, Second Edition
Goals of Network Security • Goals include • Confidentiality • Integrity • Availability Guide to Network Defense and Countermeasures, Second Edition
Providing Secure Connectivity • In the past, network security emphasized blocking attackers from accessing the corporate network • Now secure connectivity with trusted users and networks is the priority • Activities that require secure connectivity • Placing orders for merchandise online • Paying bills • Accessing account information • Looking up personnel records • Creating authentication information Guide to Network Defense and Countermeasures, Second Edition
Secure Remote Access • One of the biggest security challenges • VPN • Ideal and cost-effective solution • Uses a combination of encryption and authentication mechanisms Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
Ensuring Privacy • Databases with personal or financial information need to be protected • Legislation exists that protects private information • Education is an effective way to maintain the privacy of information • All employees must be educated about security dangers and security policies • Employees are most likely to detect security breaches • And to cause one accidentally • Employees can monitor activities of their co-workers Guide to Network Defense and Countermeasures, Second Edition
Providing Nonrepudiation • Nonrepudiation is important when organizations do business across a network • Rather than face-to-face • Encryption provides integrity, confidentiality, and authenticity of digital information • Encryption can also provide nonrepudiation • Nonrepudiation • Capability to prevent one participant from denying that it performed an action Guide to Network Defense and Countermeasures, Second Edition
Confidentiality, Integrity, and Availability: The CIA Triad • Confidentiality • Prevents intentional or unintentional disclosure of communications between sender and recipient • Integrity • Ensures the accuracy and consistency of information during all processing • Availability • Makes sure those who are authorized to access resources can do so in a reliable and timely manner Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition
Using Network Defense Technologies in Layers • No single security measure can ensure complete network protection • Assemble a group of methods • That work in a coordinated fashion • Defense in depth (DiD) • Layering approach to network security Guide to Network Defense and Countermeasures, Second Edition
Physical Security • Refers to measures taken to physically protect a computer or other network device • Physical security measures • Computer locks • Lock protected rooms for critical servers • Burglar alarms • Uninterruptible power supply (UPS) Guide to Network Defense and Countermeasures, Second Edition
Authentication and Password Security • Password security • Simple strategy • Select good passwords, keep them secure, and change them as needed • Use different passwords for different applications • Authentication methods • Something user knows • Something user has • Something user is • In large organizations, authentication is handled by centralized servers Guide to Network Defense and Countermeasures, Second Edition
Operating System Security • Protect operating systems by installing • Patches • Hot fixes • Service packs • OSs must be timely updated to protect from security flaws • Stop any unneeded services • Disable Guest accounts Guide to Network Defense and Countermeasures, Second Edition
Antivirus Protection • Virus scanning • Examines files or e-mail messages for indications that viruses are present • Viruses have suspicious file extensions • Antivirus software uses virus signatures to detect viruses in your systems • You should constantly update virus signatures • Firewalls and IDSs are not enough • You should install antivirus software in hosts and all network computers Guide to Network Defense and Countermeasures, Second Edition
Packet Filtering • Block or allow transmission of packets based on • Port number • IP addresses • Protocol information • Some types of packet filters • Routers • Most common packet filters • Operating systems • Built-in packet filtering utilities that come with some OSs • Software firewalls • Enterprise-level programs Guide to Network Defense and Countermeasures, Second Edition
Firewalls • Firewalls control organizations overall security policies • Permissive versus restrictive policies • Permissive • Allows all traffic through the gateway and then blocks services on case-by-case basis • Restrictive • Denies all traffic by default and then allows services on case-by-case basis Guide to Network Defense and Countermeasures, Second Edition
Guide to Network Defense and Countermeasures, Second Edition