Introduction to Networks Sandy Bacik [email_address] Breakwater Security Associates
Agenda <ul><li>Complexity of network incidents </li></ul><ul><li>Firewalls </li></ul><ul><li>Encrypted tunnels </li></ul><...
Way Back When
Way Back When <ul><li>Not enough hard drive space to hide anything </li></ul><ul><li>No logs on the workstation </li></ul>...
Then...
Then... <ul><li>Not enough hard drive space to hide anything </li></ul><ul><li>No logs on the workstation </li></ul><ul><l...
Then...
Then... <ul><li>Now the hard drives could start storing information </li></ul><ul><li>Sometime there were logs on the work...
Early Today...
Early Today... <ul><li>Now the hard drives could start storing information </li></ul><ul><li>Sometime there were logs on t...
Today
Today <ul><li>Almost anything can be logged - somewhere </li></ul><ul><li>The logs are now decentralized </li></ul><ul><li...
Where to look for logs <ul><li>Corporate/Personal servers </li></ul><ul><li>Corporate/Home workstation </li></ul><ul><li>F...
Issues with log file tracking <ul><li>Time synchronizations from system to system </li></ul><ul><li>Time synchronizations ...
IP Addresses 192  .  168  .  124  .  123 http://www.cisco.com/univercd/cc/td/doc/product/software/ssr90/ptc_r_90/54084.htm
Domain Names .com .edu .gov .mil .net .org .int . xx
Domain Lookups <ul><li>www.iana.org/dev7/iana/ </li></ul><ul><li>www.internic.net </li></ul><ul><li>www.networksolutions.c...
Whois Sample
Whois  Sample
Whois Sample
Simple ways to track an IP address/host name <ul><li>ping -a <ipaddress> </li></ul><ul><li>ping <sitename> </li></ul><ul><...
Ping results
Ping results
Tracert results
What is a firewall? <ul><li>A set of hardware and software mechanisms that shield ‘internal’ trusted networks from ‘extern...
Firewall Design
What a firewall does not protect against <ul><li>Invalid configurations </li></ul><ul><li>Other entry points into the netw...
Purposes of encryption <ul><li>Protect sensitive information from disclosure </li></ul><ul><li>Identify the corruption or ...
What is a VPN? <ul><li>Virtual private network </li></ul><ul><li>An encrypted tunnel </li></ul><ul><li>A secure link betwe...
What’s a VPN for? <ul><li>Strong encryption for sensitive data transmission </li></ul><ul><li>Reliability of critical data...
VPN Design
How can we protect our home machine(s) <ul><li>Virus scanners </li></ul><ul><li>Logging and auditing </li></ul><ul><li>Fir...
ZoneAlarm Alerts
ZoneAlarm Lock
ZoneAlarm Security
ZoneAlarm Programs
ZoneAlarm Configure
ZoneAlarm STOP
Thank you
Upcoming SlideShare
Loading in …5
×

July132000

391
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
391
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • July132000

    1. 1. Introduction to Networks Sandy Bacik [email_address] Breakwater Security Associates
    2. 2. Agenda <ul><li>Complexity of network incidents </li></ul><ul><li>Firewalls </li></ul><ul><li>Encrypted tunnels </li></ul><ul><li>Zone Alarm </li></ul>
    3. 3. Way Back When
    4. 4. Way Back When <ul><li>Not enough hard drive space to hide anything </li></ul><ul><li>No logs on the workstation </li></ul><ul><li>All logs were centralized on the main frame </li></ul><ul><li>Easy phone logs for traces </li></ul>
    5. 5. Then...
    6. 6. Then... <ul><li>Not enough hard drive space to hide anything </li></ul><ul><li>No logs on the workstation </li></ul><ul><li>All logs were centralized on the main frame </li></ul><ul><li>Easy phone logs for traces </li></ul>
    7. 7. Then...
    8. 8. Then... <ul><li>Now the hard drives could start storing information </li></ul><ul><li>Sometime there were logs on the workstation </li></ul><ul><li>The logs are now decentralized, but for the most part remained with the network </li></ul><ul><li>Easy phone logs for traces </li></ul>
    9. 9. Early Today...
    10. 10. Early Today... <ul><li>Now the hard drives could start storing information </li></ul><ul><li>Sometime there were logs on the workstation </li></ul><ul><li>The logs are now decentralized </li></ul><ul><li>Easy phone logs for traces </li></ul><ul><li>Still no really good encrypted tunnels </li></ul>
    11. 11. Today
    12. 12. Today <ul><li>Almost anything can be logged - somewhere </li></ul><ul><li>The logs are now decentralized </li></ul><ul><li>Now follow packets, not phone logs </li></ul><ul><li>Encrypted tunnels - all bets are off </li></ul>
    13. 13. Where to look for logs <ul><li>Corporate/Personal servers </li></ul><ul><li>Corporate/Home workstation </li></ul><ul><li>Firewall </li></ul><ul><li>Internet Service Provider (ISP) and all their logs </li></ul><ul><li>Outside networks - anywhere in the world </li></ul>
    14. 14. Issues with log file tracking <ul><li>Time synchronizations from system to system </li></ul><ul><li>Time synchronizations from server to workstation </li></ul><ul><li>IP address spoofing </li></ul><ul><li>Understanding each systems log file information </li></ul>
    15. 15. IP Addresses 192 . 168 . 124 . 123 http://www.cisco.com/univercd/cc/td/doc/product/software/ssr90/ptc_r_90/54084.htm
    16. 16. Domain Names .com .edu .gov .mil .net .org .int . xx
    17. 17. Domain Lookups <ul><li>www.iana.org/dev7/iana/ </li></ul><ul><li>www.internic.net </li></ul><ul><li>www.networksolutions.com </li></ul><ul><li>www.arin.net </li></ul>
    18. 18. Whois Sample
    19. 19. Whois Sample
    20. 20. Whois Sample
    21. 21. Simple ways to track an IP address/host name <ul><li>ping -a <ipaddress> </li></ul><ul><li>ping <sitename> </li></ul><ul><li>tracert <ipaddress> </li></ul><ul><li>tracert <sitename> </li></ul>
    22. 22. Ping results
    23. 23. Ping results
    24. 24. Tracert results
    25. 25. What is a firewall? <ul><li>A set of hardware and software mechanisms that shield ‘internal’ trusted networks from ‘external’ untrusted networks such as the Internet or shield internal networks from other internal networks. </li></ul>
    26. 26. Firewall Design
    27. 27. What a firewall does not protect against <ul><li>Invalid configurations </li></ul><ul><li>Other entry points into the network </li></ul><ul><li>Dial-up access </li></ul><ul><li>Viruses </li></ul><ul><li>Single points of failure/throughput </li></ul><ul><li>Insiders </li></ul>
    28. 28. Purposes of encryption <ul><li>Protect sensitive information from disclosure </li></ul><ul><li>Identify the corruption or unauthorized change of information </li></ul><ul><li>Designed to make compromise too expensive or too time consuming </li></ul>
    29. 29. What is a VPN? <ul><li>Virtual private network </li></ul><ul><li>An encrypted tunnel </li></ul><ul><li>A secure link between entities using the Internet or a network as a backbone </li></ul>
    30. 30. What’s a VPN for? <ul><li>Strong encryption for sensitive data transmission </li></ul><ul><li>Reliability of critical data transmissions </li></ul><ul><li>Good authentication </li></ul><ul><li>Access and traffic control </li></ul>
    31. 31. VPN Design
    32. 32. How can we protect our home machine(s) <ul><li>Virus scanners </li></ul><ul><li>Logging and auditing </li></ul><ul><li>Firewalls </li></ul><ul><ul><li>http://www.zonelabs.com/default.htm </li></ul></ul>
    33. 33. ZoneAlarm Alerts
    34. 34. ZoneAlarm Lock
    35. 35. ZoneAlarm Security
    36. 36. ZoneAlarm Programs
    37. 37. ZoneAlarm Configure
    38. 38. ZoneAlarm STOP
    39. 39. Thank you

    ×