1 / 31

Chapter 6

Chapter 6. Network Security Threats. Objectives. In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and IP protocols and their weaknesses Identify other protocols within the TCP/IP Protocol suite and their weaknesses

romeo
Download Presentation

Chapter 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 Network Security Threats

  2. Objectives In this chapter, you will: • Learn how to defend against packet sniffers • Understand the TCP, UDP, and IP protocols and their weaknesses • Identify other protocols within the TCP/IP Protocol suite and their weaknesses • Understand the threats to wireless networks

  3. Packet Sniffers • Capture network traffic • Can view unencrypted traffic • Can be installed on compromised systems as software utility • Can only capture network traffic passed on the same network segment

  4. Packet Sniffers • Security solutions • Restrict physical access to network inputs • Protect systems to ensure sniffers cannot be installed • Use switches instead of hubs • Use encryption

  5. TCP/IP Revisited – TCP Communication Processes

  6. TCP/IP Revisited – TCP Communication Processes

  7. TCP/IP Revisited – TCP Communication Processes • Immediate termination (without handshake) • TCP reset • RST message

  8. Attacks on TCP, UDP, and IP – Spoofing

  9. Attacks on TCP, UDP, and IP – Spoofing • Security solutions • Secure proxies • Ingress filtering • Apply latest patches to systems and network devices

  10. Attacks on TCP, UDP, and IP – Teardrop

  11. Attacks on TCP, UDP, and IP – Teardrop • Security solutions • Apply the latest patches to systems and network devices

  12. Attacks on TCP, UDP, and IP – DoS Attacks • SYN flood • Uses SYN packets to initiate connections • Source addresses spoofed as another address • Land • Uses SYN packets to initiate connections • Source addresses spoofed as specific target system

  13. Attacks on TCP, UDP, and IP – DoS Attacks • Fraggle • UDP echo requests • Source addresses spoofed as specific target system • FIN flood • Uses SYN packets to initiate connections • Source addresses spoofed as another address

  14. Attacks on TCP, UDP, and IP – DoS Attacks

  15. Attacks on TCP, UDP, and IP – DoS Attacks • Security solution • Configure network devices to drop SYN connections after a certain amount of time • Configure network devices to drop FIN connections after a certain amount of time • Disable UDP echo • Disable unnecessary services

  16. TCP/IP Protocol Suite

  17. TCP/IP Protocol Suite

  18. TCP/IP Protocol Suite

  19. TCP/IP Protocol Suite

  20. TCP/IP Protocol Suite – Security Solutions • HTTP • Apply security patches • Check scripts and other input on Web applications • Use SSL encryption • SMTP and POP3 • Apply security patches • Disable open mail relays

  21. TCP/IP Protocol Suite – Security Solutions • FTP communication processes

  22. TCP/IP Protocol Suite – Security Solutions • FTP communication processes

  23. TCP/IP Protocol Suite – Security Solutions • FTP and TFTP • Apply security patches • Use SCP instead • Disallow anonymous FTP or heavily restrict access to anonymous users • Disable TFTP on all systems

  24. TCP/IP Protocol Suite – Security Solutions • Telnet • Apply security patches • Use SSH instead • Restrict commands available to Telnet users • Disable Telnet on critical systems

  25. TCP/IP Protocol Suite – Security Solutions • DNS • Apply security patches • Block incoming DNS traffic • NetBT • Apply security patches • Disable NetBT on any systems facing the Internet

  26. TCP/IP Protocol Suite – Security Solutions • SNMP • Apply security patches • Upgrade to v3 • Change SNMP community strings • LDAP • Apply security patches • Disable LDAP on Internet-facing systems

  27. TCP/IP Protocol Suite – Security Solutions • Finger • Disable • NNTP • Apply security patches • ICMP • Disable incoming ICMP • Disable broadcasts

  28. TCP/IP Protocol Suite – Security Solutions • ARP and RARP • Use static ARP tables • Encryption options • IPSec • Tunnel • Transport • PPTP – is a modification of PPP (Point-to-Point Protocol) • L2TP – is a combination of PPTP and Cisco Systems’ Layer 2 Forwarding Protocol

  29. Wireless Networks • Wireless access point (WAP) – provides both the transmitter and receiver for wireless network communications • Wireless Encryption Protocol (WEP) – is a Data Link layer protocol that was developed to add encryption to the 802.11b wireless network standard • Security solutions • VPN server • MAC authentication

  30. Summary • Sniffers can listen to network traffic sent over a network. In the wrong hands, a sniffer can capture user IDs, passwords, or other sensitive information. • TCP has several handshake processes that establish, reset, and close network communications. • The TCP/IP protocol suite is the most popular set of network protocols in use today. The popularity of the suite is due, in large part, to its scalability, universality, and interoperability.

  31. Summary • The foundation of the TCP/IP protocol suite comprises the TCP, UDP, and IP protocols. Many other protocols are included: HTTP, HTTPS, SMTP, POP3, FTP, TFTP, Telnet, DNS, NetBT, LDAP, Finger, NNTP, ICMP, ARP, and RARP. • All protocols have a variety of weaknesses, so it is important to develop security solutions that protect data while in transit over networks. • Wireless networks are becoming more popular in the IT environment but have some inherent vulnerabilities. These weaknesses should be addressed in order to securely transmit data and protect wired networks.

More Related