Practical Network Security

33 %
67 %
Information about Practical Network Security

Published on October 30, 2007

Author: sudarsun

Source: slideshare.net

Description

Introducing Network Security Issues and simple ways to fight back.

Practical Network Security Sudarsun S Checktronix India Pvt Ltd Chennai 600034 [email_address]

Agenda Security Threats Fundamental loop hole of Ethernet Basic Services offered by Secured Sys Types of Intruders Network Security Administration Configuring Servers Applications Tools Cross Platform deployment

Security Threats

Fundamental loop hole of Ethernet

Basic Services offered by Secured Sys

Types of Intruders

Network Security Administration

Configuring Servers

Applications

Tools

Cross Platform deployment

Agenda (cont..) Firewalls Intrusion Detection Rules based Pattern Analysis Usage patterns Feature vectors analysis Role of Artificial Intelligence Statistical Analysis Knowledge based Systems Adaptive Security systems

Firewalls

Intrusion Detection

Rules based

Pattern Analysis

Usage patterns

Feature vectors analysis

Role of Artificial Intelligence

Statistical Analysis

Knowledge based Systems

Adaptive Security systems

Overview What are we protecting? Private communication over Public channel. Who are we meaning Intruders? What is the cost of intrusion ? Protection Vs Recovery !? Insiders Vs Outsiders !?

What are we protecting?

Private communication over Public channel.

Who are we meaning Intruders?

What is the cost of intrusion ?

Protection Vs Recovery !?

Insiders Vs Outsiders !?

Data Security What are Security Attributes ? What’s Default Security Policy ? How does Windows give protection? The Security Tab Ownership / Full Control Access How does Unix flavors give protection? chmod, chown, umask commands chmod <1777> <filename> ex: chmod 600 myfile.txt chown user:group <filename> ex: chown sudar:dev file umask <masknumber> ex: umask 077

What are Security Attributes ?

What’s Default Security Policy ?

How does Windows give protection?

The Security Tab

Ownership / Full Control Access

How does Unix flavors give protection?

chmod, chown, umask commands

chmod <1777> <filename> ex: chmod 600 myfile.txt

chown user:group <filename> ex: chown sudar:dev file

umask <masknumber> ex: umask 077

Private Comm Over Public Channel Internet: Public Communication Media How Privacy is achieved ? What are the security threats ? What happens when you send an email ? What happens when you pay your bills ? What happens when you transfer money? What happens when you purchase online?

Internet: Public Communication Media

How Privacy is achieved ?

What are the security threats ?

What happens when you send an email ?

What happens when you pay your bills ?

What happens when you transfer money?

What happens when you purchase online?

Security Threats Interruption Oops, Availability is gone! Interception Some one is watching you! Fabrication Whom are you talking to ? Modification Am I getting the correct information ?

Interruption

Oops, Availability is gone!

Interception

Some one is watching you!

Fabrication

Whom are you talking to ?

Modification

Am I getting the correct information ?

Design Flaw Promiscuous Mode of operation Encryption only at or below App layer Will IPSec overcomes that ? Are SSL, TLS not enough ?

Promiscuous Mode of operation

Encryption only at or below App layer

Will IPSec overcomes that ?

Are SSL, TLS not enough ?

Services Confidentiality Authenticity Integrity Non-Repudiation

Confidentiality

Authenticity

Integrity

Non-Repudiation

Confidentiality Only B can discern the message from A E D Host A Sends M Bpub Bpri Text = Bpub(M) Host B Recvs M

Only B can discern the message from A

Authencity Guarantees A as the Message Source E D Host A Sends M A pri A pub Host B Recvs M M M+A pri (M) ~ M A pri (M) M

Guarantees A as the Message Source

Steganography How Steganography is different from cryptography? Are of concealing the existence of a message Strengths of Steganography Multimedia stream, the Auspicious Carrier!

How Steganography is different from cryptography?

Are of concealing the existence of a message

Strengths of Steganography

Multimedia stream, the Auspicious Carrier!

Some Apps Authentication applications - Kerberos Email Security – PGP IP Security – Layer in IP Web Security – SSL, TLS SSH Vs Telnet SSH Tunnels Virtual Private Networks

Authentication applications - Kerberos

Email Security – PGP

IP Security – Layer in IP

Web Security – SSL, TLS

SSH Vs Telnet

SSH Tunnels

Virtual Private Networks

VPN Created using Two-Way SSH Tunnels ssh -l <user> -L <localport>:<remote-ip>:<remoteport> -g -p <ssh-port> <remote-ssh-ip-address> ssh -l <user> -R <remoteport>:<local-ip>:<localport> -g -p <ssh-port> <remote-ssh-ip-address>

Created using Two-Way SSH Tunnels

ssh -l <user> -L <localport>:<remote-ip>:<remoteport> -g -p <ssh-port> <remote-ssh-ip-address>

ssh -l <user> -R <remoteport>:<local-ip>:<localport> -g -p <ssh-port> <remote-ssh-ip-address>

VPN Hardware

Cyber Café Stuff Do you know know Temporary Internet Files folder ? Do you know about persistent cookies ? Do you know where your passwords are stored ? Do you know how your data is transferred when you click submit button? Do you know about VNC servers ? Can your emails, passwords, credit card details be intercepted ? Are you sure of all the Emails received ?

Do you know know Temporary Internet Files folder ?

Do you know about persistent cookies ?

Do you know where your passwords are stored ?

Do you know how your data is transferred when you click submit button?

Do you know about VNC servers ?

Can your emails, passwords, credit card details be intercepted ?

Are you sure of all the Emails received ?

How to Safeguard? Delete Temporary Internet Folder Delete cookies Delete history Don’t allow passwords to be saved Don’t give your credit card details on a non-https URL. Enable detailed headers in Emails.

Delete Temporary Internet Folder

Delete cookies

Delete history

Don’t allow passwords to be saved

Don’t give your credit card details on a non-https URL.

Enable detailed headers in Emails.

SPAM Filters What is SPAM, HAM ? How can we identify SPAM ? Spamassasin Techniques Bayes Classifier Rules based SMTP Filter Open Relay, Blacklisted IP address, HELO method, banner delays, reverse lookup tests.

What is SPAM, HAM ?

How can we identify SPAM ?

Spamassasin

Techniques

Bayes Classifier

Rules based

SMTP Filter

Open Relay, Blacklisted IP address, HELO method, banner delays, reverse lookup tests.

Intruders Masquerader An unauthorized user exploiting legitimate user’s account Misfeasor A legitimate user violating the limitation on her or him authorization Clandestine user Individual seizing supervisor control to evade auditing

Masquerader

An unauthorized user exploiting legitimate user’s account

Misfeasor

A legitimate user violating the limitation on her or him authorization

Clandestine user

Individual seizing supervisor control to evade auditing

Intrusion Detection Statistical Anomaly Detection Network monitors tcpdump, ethereal, netstat, iptraf Auditors and Event Logs Windows Event Logs Linux SysLogs Rules based Detection ipchains, iptables proxy, reverse proxy, firewalls

Statistical Anomaly Detection

Network monitors

tcpdump, ethereal, netstat, iptraf

Auditors and Event Logs

Windows Event Logs

Linux SysLogs

Rules based Detection

ipchains, iptables

proxy, reverse proxy, firewalls

Viruses Malicious Programs Trap doors Logic bomb Trojans Viruses Worms Adware, Spyware

Malicious Programs

Trap doors

Logic bomb

Trojans

Viruses

Worms

Adware, Spyware

Firewalls Need for a firewall Attacks Ping of death Fragmentation Attack Denial of Service IP Spoofing Port scanning

Need for a firewall

Attacks

Ping of death

Fragmentation Attack

Denial of Service

IP Spoofing

Port scanning

Level of Control Service Control Based on Port number Direction Control Limits inbound and outbound traffic User Control Restrict user level access to resources Behavioral Control Content limitation on resource use

Service Control

Based on Port number

Direction Control

Limits inbound and outbound traffic

User Control

Restrict user level access to resources

Behavioral Control

Content limitation on resource use

Types Packet Filtering firewall Based on Packet filter rules Application Level Gateway Limits the application superficially Circuit level Gateway Man-in-the-Middle contruction

Packet Filtering firewall

Based on Packet filter rules

Application Level Gateway

Limits the application superficially

Circuit level Gateway

Man-in-the-Middle contruction

References Public Key Cryptography: http://www.rsasecurity.com/rsalabs/pkcs/ HMAC: http://www.cs.ucsd.edu/users/mihir/papers/hmac.html Digital Signatures: http://www.epic.org/crypto/dss/ Bruce Schenider, Applied Cryptography William Stallings, Cryptography and Network Security, Pearson Education All RFCs: http://www.ietf.org/rfc.html PGP: http://www.pgp.com/ Comer D, Internetworking with TCP/IP Volume 1, Prentice Hall, 1995 Cheng P et al, “A Security Architecture for the IP”, IBM Systems Journal, Number 1, 1998 OpenSSL: http://www.openssl.org/ SSL: http://wp.netscape.com/security/techbriefs/ssl.html?cp=sciln Denning P, Computers Under Attack: Intruders, Worms & Viruses. Reading MA: Addison-Wesley,1990 Oppliger R “Internet Security: Firewalls and Beyond” Communication of the ACM, May 1997 Bellovin S, Cheswick W. “Network Firewalls”, IEEE Communications Magazine, Sep 1994

Public Key Cryptography: http://www.rsasecurity.com/rsalabs/pkcs/

HMAC: http://www.cs.ucsd.edu/users/mihir/papers/hmac.html

Digital Signatures: http://www.epic.org/crypto/dss/

Bruce Schenider, Applied Cryptography

William Stallings, Cryptography and Network Security, Pearson Education

All RFCs: http://www.ietf.org/rfc.html

PGP: http://www.pgp.com/

Comer D, Internetworking with TCP/IP Volume 1, Prentice Hall, 1995

Cheng P et al, “A Security Architecture for the IP”, IBM Systems Journal, Number 1, 1998

OpenSSL: http://www.openssl.org/

SSL: http://wp.netscape.com/security/techbriefs/ssl.html?cp=sciln

Denning P, Computers Under Attack: Intruders, Worms & Viruses. Reading MA: Addison-Wesley,1990

Oppliger R “Internet Security: Firewalls and Beyond” Communication of the ACM, May 1997

Bellovin S, Cheswick W. “Network Firewalls”, IEEE Communications Magazine, Sep 1994

 

Add a comment

Related presentations

Related pages

Welcome to Practical Networks | Managed IT Services for ...

... outlines the commitment Practical Networks makes to your ... and remote services provide a level of security and flexibility that were previously cost ...
Read more

IPSec: A Practical Approach: Network Security: Amazon.de ...

Lukman Sharif - IPSec: A Practical Approach: Network Security jetzt kaufen. ISBN: 9783838395968, Fremdsprachige Bücher - Netzwerke, Protokolle & APIs
Read more

Network Security: A Practical Approach (The Morgan ...

Buy Network Security: A Practical Approach (The Morgan Kaufmann Series in Networking) on Amazon.com FREE SHIPPING on qualified orders
Read more

Practical Computer Network Security - amazon.com

Practical Computer Network Security [Mike Hendry] on Amazon.com. *FREE* shipping on qualifying offers. A practical guide, based on real-world experience of ...
Read more

Practical Network Security: Experiences with ntop

1 Practical Network Security: Experiences with ntop Luca Deri 1 2 and Stefano Suin2 1Finsiel S.p.A., Via Matteucci 34/b, 56124 Pisa. Email l.deri@finsiel.it
Read more

Practical Network Security | LinkedIn

Practical Network Security is a Computer and Network Security company located in 95 James Way # 120, Southampton, Pennsylvania, United States.
Read more

Practical Network Security: Basic Tools & Techniques ...

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter Hack Reloaded, Ed Skoudis, 2005 ...
Read more

Network Security - ScienceDirect

Network Security is a comprehensive resource written for anyone who plans or implements network security measures, including managers and practitioners.
Read more

Practice of Network Security Monitoring | No Starch Press

Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich July 2013, 376 pp. ISBN: 978-1-59327-509-9.
Read more