19-06-2014, 04:41 PM
Network Security
1378308928-NetworkSecurity.ppt (Size: 1.32 MB / Downloads: 285)
Objectives
The student should be able to:
Define attacks: script kiddy, social engineering, logic bomb, Trojan horse, phishing, pharming, war driving, war dialing, man-in-the-middle attack, SQL injection, virus, worm, root kit, dictionary attack, brute force attack, DOS, DDOS, botnet, spoofing, packet reply.
Describe defenses: defense in depth, bastion host, content filter, packet filter, stateful inspection, circuit-level firewall, application-level firewall, de-militarized zone, multi-homed firewall, IDS, IPS, NIDS, HIDS, signature-based IDS, statistical-based IDS, neural network, VPN, network access server (RADIUS/TACACS), honeypot, honeynet, hash, secret key encryption, public key encryption, digital signature, PKI, vulnerability assessment
Identify techniques (what they do): SHA1/SHA2, MD2/MD4/MD5, DES, AES, RSA, ECC.
Describe and define security goals: confidentiality, authenticity, integrity, non-repudiation
Define service’s & server’s data in the correct sensitivity class and roles with access
Define services that can enter and leave a network
Draw network Diagram with proper zones and security equipment
The Problem of Network Security
The Internet allows an attacker to attack from anywhere in the world from their home desk.
They just need to find one vulnerability: a security analyst need to close every vulnerability
Hacking NetworksPhase 1: Reconnaissance
Physical Break-In
Dumpster Diving
Google, Newsgroups, Web sites
Social Engineering
Phishing: fake email
Pharming: fake web pages
WhoIs Database & arin.net
Domain Name Server Interrogations
Hacking NetworksPhase 2: Scanning
War Driving: Can I find a wireless network?
War Dialing: Can I find a modem to connect to?
Network Mapping: What IP addresses exist, and what ports are open on them?
Vulnerability-Scanning Tools: What versions of software are implemented on devices?
Passive Attacks
Eavesdropping: Listen to packets from other parties = Sniffing
Traffic Analysis: Learn about network from observing traffic patterns
Footprinting: Test to determine software installed on system = Network Mapping
Hacking Networks:Phase 3: Gaining Access
Network Attacks:
Sniffing (Eavesdropping)
IP Address Spoofing
Session Hijacking
System Attacks:
Buffer Overflow
Password Cracking
SQL Injection
Web Protocol Abuse
Denial of Service
Trap Door
Virus, Worm, Trojan horse,
Some Active Attacks
Denial of Service: Message did not make it; or service could not run
Masquerading or Spoofing: The actual sender is not the claimed sender
Message Modification: The message was modified in transmission
Packet Replay: A past packet is transmitted again in order to gain access or otherwise cause damage
Bastion Host
Computer fortified against attackers
Applications turned off
Operating system patched
Security configuration tightened
Filters
Route Filter: Verifies sources and destination of IP addresses
Packet Filter: Scans headers of packets and discards if ruleset failed (e.g., Firewall or router)
Content Filter: Scans contents of packets and discards if ruleset failed (e.g., Intrusion Prevention System or firewall)
Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS)
Network IDS=NIDS
Examines packets for attacks
Can find worms, viruses, org-defined attacks
Warns administrator of attack
IPS=Packets are routed through IPS
Host IDS=HIDS
Examines actions or resources for attacks
Recognize unusual or inappropriate behavior
E.g., Detect modification or deletion of special files
Honeypot & Honeynet
Honeypot: A system with a special software application which appears easy to break into
Honeynet: A network which appears easy to break into
Purpose: Catch attackers
All traffic going to honeypot/net is suspicious
If successfully penetrated, can launch further attacks
Must be carefully monitored
Data Privacy
Confidentiality: Unauthorized parties cannot access information (->Secret Key Encryption
Authenticity: Ensuring that the actual sender is the claimed sender. (->Public Key Encryption)
Integrity: Ensuring that the message was not modified in transmission. (->Hashing)
Nonrepudiation: Ensuring that sender cannot deny sending a message at a later time. (->Digital Signature)
Remote Access Security
Virtual Private Network (VPN) often implemented with IPSec
Can authenticate and encrypt data through Internet (red line)
Easy to use and inexpensive
Difficult to troubleshoot, less reliable than dedicated lines
Susceptible to malicious software and unauthorized actions
Often router or firewall is the VPN endpoint
Digital Signature
Electronic Signature
Uses public key algorithm
Verifies integrity of data
Verifies identity of sender: non-repudiation
Network Access Server
NAS: Network Access Server
Handles user authentication, access control and accounting
Calls back to pre-stored number based on user ID
Prone to hackers, DOS, misconfigured or insecure devices
RADIUS: Remote Access Dial-in User Service
TACACS: Terminal Access Control Access
Web Page Security
SQL Filtering: Filtering of web input for SQL Injection
Encryption/Authentication: Ensuring Confidentiality, Integrity, Authenticity, Non-repudiation
Web Protocol Protection: Protection of State
Vulnerability Assessment
Scan servers, work stations, and control devices for vulnerabilities
Open services, patching, configuration weaknesses
Testing controls for effectiveness
Adherence to policy & standards
Penetration testing
Summary of Network Controls
Network Security Techniques
Encryption: Public and Private key, Wireless WPA2
Virtual Private Network (VPN): Secure communications tunnel
Secure Hashing
Digital Signature
Bastion Host Configuration
Certificate Authority: PKI
Network Protection Devices
Firewall: Packet, Stateful, Circuit, Application-Level
Proxy server
Demilitarized Zone (DMZ)
Intrusion Detection System
Intrusion Prevention System
Network access server (RADIUS or TACACS)
Honeypot, honeynet
Secure Protocols
SSL: Secure web
SSH: Secure telnet/rlogin or file transfer
S/MIME: Secure email
Secure Information Mgmt: Log mgmt