Your SlideShare is downloading. ×
0
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Other Security Issues
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Other Security Issues

231

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
231
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Other Security Issues Multi-Layer Security Firewalls Total Security Intrusion Detection Trust
  • 2. Multi-Layer Security <ul><li>Security Can be Applied at Multiple Layers Simultaneously </li></ul><ul><ul><li>Application layer security for database, e-mail, etc. </li></ul></ul><ul><ul><li>Transport layer: SSL </li></ul></ul><ul><ul><li>Internet layer: IPsec (Chapter 9, Module F) </li></ul></ul><ul><ul><li>Data link layer: PPTP, L2TP (Module F) </li></ul></ul><ul><ul><li>Physical layer: locks </li></ul></ul>
  • 3. Multi-Layer Security <ul><li>Applying security at 2 or more layers is good </li></ul><ul><ul><li>If security is broken at one layer, the communication will still be secure </li></ul></ul><ul><li>However, </li></ul><ul><ul><li>Security slows down processing </li></ul></ul><ul><ul><li>Multi-Layer security slows down processing at each layer </li></ul></ul>
  • 4. Firewalls <ul><li>Firewall sits between the corporate network and the Internet </li></ul><ul><ul><li>Prevents unauthorized access from the Internet </li></ul></ul><ul><ul><li>Facilitates internal users’ access to the Internet </li></ul></ul>OK No Firewall Access only if Authenticated
  • 5. Firewalls <ul><li>Packet Filter Firewalls </li></ul><ul><ul><li>Examine each incoming IP packet </li></ul></ul><ul><ul><li>Examine IP and TCP header fields </li></ul></ul><ul><ul><li>If bad behavior is detected, reject the packet </li></ul></ul><ul><ul><li>No sense of previous communication: analyzes each packet in isolation </li></ul></ul>IP Firewall IP Packet
  • 6. Firewalls <ul><li>Application (Proxy) Firewalls </li></ul><ul><ul><li>Filter based on application behavior </li></ul></ul><ul><ul><li>Do not examine packets in isolation: use history </li></ul></ul><ul><ul><ul><li>In HTTP, for example, do not accept a response unless an HTTP request has just gone out to that site </li></ul></ul></ul>Application
  • 7. Firewalls <ul><li>Application (Proxy) Firewalls </li></ul><ul><ul><li>Hide internal internet addresses </li></ul></ul><ul><ul><li>Internal user sends an HTTP request </li></ul></ul><ul><ul><li>HTTP proxy program replaces user internet address with proxy server’s IP address, sends to the webserver </li></ul></ul>HTTP Request Request with Proxy Server’s IP Address
  • 8. Firewalls <ul><li>Application (Proxy) Firewalls </li></ul><ul><ul><li>Webserver sends response to proxy server, to proxy server IP address </li></ul></ul><ul><ul><li>HTTP proxy server sends the IP packet to the originating host </li></ul></ul><ul><ul><li>Overall, proxy program acts on behalf of the internal user </li></ul></ul>Response to Proxy Server’s IP Address HTTP Response
  • 9. Firewalls <ul><li>Why Hide Internal IP Addresses? </li></ul><ul><ul><li>The first step in an attack usually is to find potential victim hosts </li></ul></ul><ul><ul><li>Sniffer programs read IP packet streams for IP addresses of potential target hosts </li></ul></ul><ul><ul><li>With proxy server, sniffers will not learn IP addresses of internal hosts </li></ul></ul>False IP Address Host IP Address Sniffer
  • 10. Firewalls <ul><li>Application Firewalls </li></ul><ul><ul><li>Need a separate program (proxy) for each application </li></ul></ul><ul><ul><li>Not all applications have rules that allow filtering </li></ul></ul>
  • 11. Total Security <ul><li>Network Security is Only Part </li></ul><ul><li>Server Security </li></ul><ul><ul><li>Hackers can take down servers with denial-of-service attack </li></ul></ul><ul><ul><li>Hacker can log in as root user and take over the server </li></ul></ul><ul><ul><li>Steal data, lock out legitimate users, etc. </li></ul></ul>
  • 12. Total Security <ul><li>Server Security </li></ul><ul><ul><li>Occasionally, weakness are discovered in server operating systems </li></ul></ul><ul><ul><li>This knowledge is quickly disseminated </li></ul></ul><ul><ul><li>Known security weaknesses </li></ul></ul>
  • 13. Total Security <ul><li>Server Security </li></ul><ul><ul><li>Server operating system (SOS) vendors create patches </li></ul></ul><ul><ul><li>Many firms do not download patches </li></ul></ul><ul><ul><li>This makes them vulnerable to hackers, who quickly develop tools to probe for and then exploit known weaknesses </li></ul></ul>
  • 14. Total Security <ul><li>Client PC Security </li></ul><ul><ul><li>Known security weaknesses exist but patches are rarely downloaded </li></ul></ul><ul><ul><li>Users often have no passwords or weak passwords on their computer </li></ul></ul><ul><ul><li>Adversaries take over client PCs and can therefore take over control over SSL, other secure communication protocols </li></ul></ul>
  • 15. Total Security <ul><li>Application Software </li></ul><ul><ul><li>May contain viruses </li></ul></ul><ul><ul><ul><li>Must filter incoming messages </li></ul></ul></ul><ul><ul><li>Database and other applications can add their own security with passwords and other protections </li></ul></ul>
  • 16. Total Security <ul><li>Managing Users </li></ul><ul><ul><li>Often violate security procedures, making technical security worthless </li></ul></ul><ul><ul><li>Social engineering : attacker tricks user into violating security procedures </li></ul></ul>
  • 17. Intrusion Detection <ul><li>Intrusion detection software to detect and report intrusions as they are occurring </li></ul><ul><li>Needed </li></ul><ul><ul><li>Lets organization stop intruders so that intruders do not have unlimited time to probe for weaknesses </li></ul></ul><ul><ul><li>Helps organization assess security threats </li></ul></ul><ul><ul><li>Audit logs list where intruder has been: vital in legal prosecution </li></ul></ul>
  • 18. Trust <ul><li>System A may trust System B </li></ul><ul><ul><li>Not check closely for security problems </li></ul></ul><ul><ul><li>This reduces security processing costs </li></ul></ul><ul><ul><li>If trusted system is taken over, disaster </li></ul></ul><ul><ul><ul><li>Can exploit systems that trust it </li></ul></ul></ul>System A System B No Close Check Trust
  • 19. Trust <ul><li>If System A trusts System B and System B trusts System C, System A often trusts system C </li></ul><ul><ul><li>Extreme disaster if highly trusted system is taken over </li></ul></ul><ul><ul><ul><li>Can exploit many trusting systems </li></ul></ul></ul>A B C Trust Trust Trust

×