1 / 87

Network Security

Network Security. What is network security?. Network security is preventing attackers from achieving objectives through unauthorized access or unauthorized use of computers and networks. www.cert.org. Basic Security Measures.

yen-doyle
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security

  2. What is network security? • Network security is preventing attackers from achieving objectives through unauthorized access or unauthorized use of computers and networks. www.cert.org

  3. Basic Security Measures The basic security measures for computer systems fall into eight categories: External security Operational security Surveillance Passwords/authentication Auditing Access rights Standard system attacks Viruses/worms

  4. External Security Protection from environmental damage such as floods, earthquakes, and heat. Physical security such as locking rooms, locking down computers, keyboards, and other devices. Electrical protection from power surges. Noise protection from placing computers away from devices that generate electromagnetic interference.

  5. Personnel security • Most security violations have one common characteristic: • They are caused by people! • Training, Auditing, Least Privilege, ...

  6. Operational Security Deciding who has access to what. Limiting time of day access. Limiting day of week access. Limiting access from a location, such as not allowing a user to use a remote login during certain periods or any time.

  7. Sample dialog box from a network operating system for the setting the time of day restrictions

  8. Surveillance Proper placement of security cameras can deter theft and vandalism. Cameras can also provide a record of activities. Intrusion detection is a field of study in which specialists try to prevent intrusion and try to determine if a computer system has been violated.

  9. Passwords and ID Systems • Passwords are the most common form of security and the most abused. • Simple rules help support safe passwords, including: • Change your password often. • Pick a good, random password (minimum 8 characters, mixed symbols). • Don’t share passwords or write them down. • Don’t select names and familiar objects as passwords. • Most common password?

  10. List of common passwords !@#$%   !@#$%^   !@#$%^&   !@#$%^&*   000000   00000000   0007   007   007007   0246   0249   1022   10sne1   111111   121212   1225   123   123123   1234   12345   123456   1234567   12345678   1234qwer   123abc   123go   1313   131313   13579   14430   1701d   1928   1951   1a2b3c   1p2o3i   1q2w3e   1qw23e   1sanjose   2112   21122112   2222   2welcome   3   369   4   4444   4runner   5   5252   54321  5555   5683   654321   666666   6969   696969   777   7777   80486   8675309   888888   90210   911   92072   99999999   @#$%^&   a   a12345   a1b2c3   a1b2c3d4   aaa   aaaaaa   aaron   abby   abc   abc123   abcd   abcd1234   abcde   abcdef   abcdefg   abigail   about   absolut   academia   access   action   active   acura   adam   adams   adg   adidas   admin   adrian   advil   aeh   aerobics   after   again   aggies   aikman   airhead   airplane   alan   alaska   albany   albatross   albert   alex   alex1   alexande   alexander   alexandr   alexis   alfred   algebra   aliases   alice   alicia   aliens   alison   all   allen   allison   allo   alpha   alpha1   alphabet   alpine   always   alyssa   ama   amanda   amanda1   amber   amelie   america   america7   amiga   amorphous   amour   amy   an   analog   anchor   and   anderson   andre   andrea   andrew   andromache   andy   angel   angela   angela1   angels   angie   angus   animal   animals   ann   anna   anne   annie   answer   anthony   anthropogenic   antonio   anvils   any   anything   apache   apollo   apollo13   apple   apple1   apples   april   archie   arctic   are   aria   ariadne   ariane   ariel   arizona   around   arrow   arthur   artist   as   asdf  asdfg   asdfgh   asdfghjk   asdfjkl   asdfjkl;   ashley   ask   aspen   ass   asshole   asterix   at   ate   ath   athena   atmosphere   attila   august   austin  

  11. Authentication • Authentication is the process of reliably verifying the identity of someone (or something) by means of: • A secret (password [one-time], ...) • An object (smart card, ...) • Physical characteristics (fingerprint, retina, ...) • Trust • Do not mistake authentication for authorization!

  12. Controlling a user password with Novell Netware

  13. Passwords and ID Systems - Authentication? • Many new forms of “passwords” are emerging: • Fingerprints • Face prints • Retina scans and iris scans • Voice prints • Ear prints • Remember what this method of authentication is called? Biometrics.

  14. Auditing Creating a computer or paper audit can help detect wrongdoing. Auditing can also be used as a deterrent. Many network operating systems allow the administrator to audit most types of transactions. Many types of criminals have been caught because of computer-based audits.

  15. Windows NT Event Viewer example

  16. Access Rights Two basic questions to access right: who and how? Who do you give access right to? No one, group of users, entire set of users? How does a user or group of users have access? Read, write, delete, print, copy, execute? Most network operating systems have a powerful system for assigning access rights.

  17. Novell Netware assigning access rights to a resource

  18. Viruses Many different types of viruses, such as parasitic, boot sector, stealth, polymorphic, and macro. A Trojan Horse virus is a destructive piece of code that hides inside a harmless looking piece of code. Sending an e-mail with a destructive attachment is a form of a Trojan Horse virus.

  19. Virus Detection and Scanning Signature-based scanners look for particular virus patterns or signatures and alert the user. Terminate-and-stay-resident programs run in the background constantly watching for viruses and their actions. Multi-level generic scanning is a combination of antivirus techniques including intelligent checksum analysis and expert system analysis. http://www.symantec.com/avcenter/

  20. http://www.symantec.com/avcenter/

  21. What is the difference between a computer virus and a computer worm? • Viruses are computer programs that are designed to spread themselves from one file to another on a single computer. A virus might rapidly infect every application file on an individual computer, or slowly infect the documents on that computer, but it does not intentionally try to spread itself from that computer to other computers. In most cases, that's where humans come in. We send e-mail document attachments, trade programs on diskettes, or copy files to file servers. When the next unsuspecting user receives the infected file or disk, they spread the virus to their computer, and so on. • Worms, on the other hand, are insidious because they rely less (or not at all) upon human behavior in order to spread themselves from one computer to others. • The computer worm is a program that is designed to copy itself from one computer to another over a network (e.g. by using e-mail). The worm spreads itself to many computers over a network, and doesn't wait for a human being to help. This means that computer worms spread much more rapidly than computer viruses.

  22. HOAXES

  23. Standard System Attacks Denial of service attacks, or distributed denial of service attacks, bombard a computer site with so many messages that the site is incapable of answering valid request. In e-mail bombing, a user sends an excessive amount of unwanted e-mail to someone. Smurfing is a nasty technique in which a program attacks a network by exploiting IP broadcast addressing operations. Ping storm is a condition in which the Internet Ping program is used to send a flood of packets to a server.

  24. Standard System Attacks Spoofing is when a user creates a packet that appears to be something else or from someone else. Trojan Horse is a malicious piece of code hidden inside a seemingly harmless piece of code. Stealing, guessing, and intercepting passwords is also a tried and true form of attack.

  25. Web Spoofing • Web Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine, and observe all information entered into forms by the victim. Web Spoofing works on both of the major browsers and is not prevented by "secure" connections. The attacker can observe and modify all web pages and form submissions, even when the browser's "secure connection" indicator is lit. The user sees no indication that anything is wrong. • The attack is initiated when the victim visits a malicious Web page, or receives a malicious email message (if the victim uses an HTML-enabled email reader).

  26. Smurfing to cripple a web server

  27. Smurfing • Smurfing is the attacking of a network by exploiting Internet Protocol (IP) broadcast addressing and certain other aspects of Internet operation. Smurfing uses a program called Smurf and similar programs to cause the attacked part of a network to become inoperable. The exploit of smurfing, as it has come to be known, takes advantage of certain known characteristics of the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP). The ICMP is used by network nodes and their administrators to exchange information about the state of the network. ICMP can be used to ping other nodes to see if they are operational. An operational node returns an echo message in response to a ping message. A smurf program builds a network packet that appears to originate from another address (this is known as spoofing an IP address). The packet contains an ICMP ping message that is addressed to an IP broadcast address, meaning all IP addresses in a given network. The echo responses to the ping message are sent back to the "victim" address. Enough pings and resultant echoes can flood the network making it unusable for real traffic. • One way to defeat smurfing is to disable IP broadcast addressing at each network router since it is seldom used. This is one of several suggestions provided by the CERT Coordination Center.

  28. What is SSH? • SSH (Secure Shell) is a full replacement for rsh, rlogin, rcp, telnet, rexec, and ftp • Automatic authentication (?) of users, no passwords are sent in clear text • Secure remote login, file copying, and tunneling X11 and TCP connections (POP, IMAP, SMTP, HTTP)

  29. www.cert.org

  30. What is a firewall? • Used to control the flow of traffic (both inflows and outflows, but primarily inflows) between networks • The connected networks can be internal or a combination of internal and external networks

  31. Firewalls A system or combination of systems that supports an access control policy between two networks. A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system. Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications such as ftp, telnet, etc.)

  32. Transmission Control Protocol/ Internet Protocol - TCP/IP • A conglomeration of underlying protocols designed to enable communications between computers across networks

  33. 4 Basic Layers of TCP/IP • Physical/Network Layer - Accepts and transmits network packets over the physical network. Physical networking protocols, such as Ethernet, and logical protocols, such as Address Resolution Protocol (ARP), are run at this layer. • IP Layer - Responsible for routing packets across the network. Routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), are run at this layer.

  34. 4 Basic Layers of TCP/IP (cont.) • Transport Layer - Manages the virtual session between two computers for TCP for providing end-to-end communication. • Application Layer - Manages the networking applications and formats data for transmission.

  35. Open Systems Interconnect (OSI) • Developed by the International Organization for Standardization • A seven layer model that further divides the layers from the TCP/IP model

  36. APPLICATION HTTP the desired program LAYER TRANSPORT TCP provides the LAYER or connection UDP NETWORK IP locates the destination LAYER IP address & routes message LINK Ethernet physical devices LAYER Application-based filtering- firewall Packet-filtering- routers TCP/IP

  37. TCP/IP MODEL OSI MODEL APPLICATION APPLICATION PRESENTATION SESSION TRANSPORT TRANSPORT INTERNET (IP) NETWORK NETWORK INTERFACE DATA LINK PHYSICAL

  38. Characteristics of Good Firewalls • All traffic from inside the corporate network to outside the network, and vice-versa, must pass through it; • Only authorized traffic, as defined by the security policy, is allowed to pass through it; and the system itself is immune to penetration.

  39. A firewall as it stops certain internet and external transactions

  40. Firewalls – 2 types A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers. A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server. Proxy servers are more advanced but make external accesses slower.

  41. Firewall Filtering • Firewall features that are standard on routers. • Separate input and output filters on: • Source and destination address • Protocol (TCP/IP, IPX, UDP, ICMP, RIP, OSPF, BGP) • Protocol service (Web, e-mail, FTP) • Established sessions • Packet logging • Extended Frame Relay filtering (variable-length packet switching data transmission) www.lucent.com

  42. Static Firewalls • Pre-configured rulebases are used for traffic passing decisions • Default permit - the firewall allows all traffic except that which is explicitly blocked by the firewall rulebase • Default deny - the firewall denies all traffic except that which is explicitly allowed by the firewall rulebase

  43. Dynamic Firewalls • Also uses rulebases, but the denial and permission of any service can be established for a given time period • Stateful inspection is also a dynamic configuration • A stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. Because of this, filtering decisions are based not only on administrator-defined rules (as in static packet filtering) but also on context that has been established by prior packets that have passed through the firewall.

  44. Components of Firewalls • Chokes - limit the flow of packets between networks. Read packets and determine, based on the rules, if the traffic should pass • Gates - act as a control point for external connections. They control the external connections.

  45. TELNET FTP SMTP SMTP HTTP TELNET FTP FTP SMTP HTTP SMTP FTP FTP SMTP TELNET PACKETS Rejected Packets SMTP HTTP SMTP CHOKE DEFAULT DENY GATE Application Level Filtering Rule - Deny everything except Telnet & FTP Corporate Internal Network FTP FTP TELNET

  46. Firewall Functions • Packet Filtering • Network Address Translation • Application-level Proxies • Stateful Inspection • Virtual Private Networks • Real-time Monitoring

  47. Proxy Server sitting outside the protection of the corporate network

  48. Last time • Security issues • Firewalls This time • Business over the internet • Cryptography

  49. So you want to do businessover the internet • What do you have to worry about?

More Related