Your SlideShare is downloading. ×
Network security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Network security

1,225
views

Published on


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,225
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
150
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Hardware firewalls are important because they provide a strong degree of protection from most forms of attack coming from the outside world. compared to a set of predefined and/or user-created rules that determine whether the packet is to be forwarded or dropped . Consider this scenario: What would happen if you received an e-mail message or visited a website that contained a concealed program? Let's say this program was designed to install itself on your machine and then surreptitiously communicate with someone via the Internet — a distributed denial of service ( DDoS ) attack zombie or a keystroke logger, for example? And trust me, this is by no means an unlikely scenario. http://www.smallbusinesscomputing.com/webmaster/article.php/3103431
  • Discovery Network sniffer: Documents the discovery of the target IP address and any other useful information, such as protocols being used on the target network Traceroute: Attempts to locate the target device and all intermediate routers, switches, and system Penetration Synflood attack: Used to see whether the firewall can overcome a repeated open connection request and also log the attack Garbage attack: Used to see whether the firewall can overcome random data packets on random ports UDP Ping: Used to see whether the firewall can overcome a large UDP ping packet sent to it TCP Ping: Used to see whether the firewall can overcome a large TCP ping packet sent to it Ping of death:Used to see whether the firewall can overcome a single over-sized packet sent to it
  • Set of rules that have filters
  • Transcript

    • 1. Trish Miller Network Security
    • 2.
      • Types of Attacks
      • Attacks on the OSI & TCP/IP Model
      • Attack Methods
      • Prevention
      • Switch Vulnerabilities and Hacking
      • Cisco Routers
      • Interesting links
      Objectives Trish Miller
    • 3.
      • Physical Access Attacks
        • Wiretapping
        • Server Hacking
        • Vandalism
      • Dialog Attacks
        • Eavesdropping
        • Impersonation
        • Message Alteration
      Types of Attacks Trish Miller
    • 4.
      • Social Engineering
        • Opening Attachments
        • Password Theft
        • Information Theft
      Types of Attacks (Cont.)
      • Penetration Attacks
        • Scanning (Probing)
        • Break-in
        • Denial of Service
        • Malware
          • Viruses
          • Worms
      Trish Miller
    • 5. Risk Analysis of the Attack
      • What is the cost if the attack succeeds?
      • What is the probability of occurrence?
      • What is the severity of the threat?
      • What is the countermeasure cost?
      • What is the value to protect the system
      • Determine if the countermeasure should be implemented.
      • Finally determine its priority.
      Trish Miller
    • 6. OSI & TCP/IP Related Attacks Trish Miller
    • 7.
      • Session
        • Password theft
        • Unauthorized Access with Root permission
      • Transport & Network:
        • Forged TCP/IP addresses
        • DoS Attacks
      OSI Model Related Attacks
      • Application layer:
        • Attacks on web
        • Attacks are typically virus
      • Presentation:
        • Cracking of encrypted transmissions by short encryption key
      Trish Miller
    • 8.
      • Data Link & Physical
        • Network Sniffers
        • Wire Taps
        • Trojan Horses
        • Malicious code
      OSI Model Related Attacks Trish Miller
    • 9. Attacks Related to TCP Packet
      • Port Number
        • Applications are identified by their Port numbers
        • Well-known ports (0-1023)
          • HTTP=80, Telnet=23, FTP=21 for supervision, 20 for data transfer, SMTP=25
        • Allows applications to be accessed by the root user
      Trish Miller
    • 10.
      • IP address spoofing
        • Change the source IP address
        • To conceal identity of the attacker
        • To have the victim think the packet comes from a trusted host
        • LAND attack
      Attacks Related to TCP Packet Trish Miller
    • 11. Attacks Related to TCP Packet
      • Port Number
        • Registered ports (1024-49152) for any application
        • Not all operating systems uses these port ranges, although all use well-known ports
      Trish Miller
    • 12. Attack Methods Trish Miller
    • 13.
      • Host Scanning
      • Network Scanning
      • Port Scanning
      • Fingerprinting
      Attack Methods Trish Miller
    • 14.
      • Host Scanning
        • Ping range of IP addresses or use alternative scanning messages
        • Identifies victims
        • Types of Host scanning
          • Ping Scanning
          • TCP SYN/ACK attacks
      Attack Methods (Cont.) Trish Miller
    • 15.
      • Network Scanning
        • Discovery of the network infrastructure (switches, routers, subnets, etc.)
        • Tracert and applications similar identifies all routers along the route to a destination host
      Attack Methods (Cont.) Trish Miller
    • 16.
      • Port Scanning
        • Once a host is identified, scan all ports to find out if it is a server and what type it is
        • Two types:
          • Server Port Scanning
            • TCP
            • UDP
          • Client Port Scanning
            • NetBIOS
            • Ports 135 – 139 used for NetBIOS ports used for file and print services.
            • GRC.com a free website that scan your pc for open ports.
      Attack Methods (Cont.) Trish Miller
    • 17.
      • Fingerprinting
        • Discovers the host operating system and applications as well as the version
          • Active (sends)
          • Passive (listen)
        • Nmap does all major scanning methods
      Attack Methods (Cont.) Trish Miller
    • 18.
      • Denial-of-Service (DoS) Attacks
        • Attacks on availability
        • SYN flooding attacks overload a host or network with connection attempts
        • Stopping DoS attacks is very hard.
      Attack Methods (Cont.) Trish Miller
    • 19.
      • The Break-In
        • Password guessing
        • Take advantage of unpatched vulnerabilities
        • Session hijacking
      Attack Methods (Cont.) Trish Miller
    • 20.
      • Download rootkit via TFTP
      • Delete audit log files
      • Create backdoor account or Trojan backdoor programs
      After the Compromise Trish Miller
    • 21.
      • Weaken security
      • Access to steal information, do damage
      • Install malicious software (RAT, DoS zombie, spam relay, etc.)
      After the Compromise (Cont.) Trish Miller
    • 22. Prevention Trish Miller
    • 23. Preventions
      • Stealth Scanning
      • Access Control
      • Firewalls
      • Proxy Servers
      • IPsec
      • Security Policies
      • DMZ
      • Host Security
      Trish Miller
    • 24.
      • Noisiness of Attacks
      • Exposure of the Attacker’s IP Address
      • Reduce the rate of Attack below the IDS Threshold
      • Scan Selective Ports
      Stealth Scanning Trish Miller
    • 25.
      • The goal of access control is to prevent attackers from gaining access, and stops them if they do.
      • The best way to accomplish this is by:
        • Determine who needs access to the resources located on the server.
        • Decide the access permissions for each resource.
        • Implement specific access control policies for each resource.
        • Record mission critical resources.
        • Harden the server against attacks.
        • Disable invalid accounts and establish policies
      Access Control Trish Miller
    • 26. Firewalls
      • Firewalls are designed to protect you from outside attempts to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party.
      Trish Miller
    • 27. Firewalls (Cont.)
      • Hardware
        • Provides a strong degree of protection from the outside world.
        • Can be effective with little or no setup
        • Can protect multiple systems
      • Software
        • Better suite to protect against Trojans and worms.
        • Allows you to configure the ports you wish to monitor. It gives you more fine control.
        • Protects a single system.
      Trish Miller
    • 28. Firewalls
      • Can Prevent
        • Discovery
          • Network
          • Traceroute
        • Penetration
          • Synflood
          • Garbage
          • UDP Ping
          • TCP Ping
          • Ping of Death
      Trish Miller
    • 29. Proxy
      • A proxy server is a buffer between your network and the outside world.
      • Use an anonymous Proxy to prevent attacks.
      Trish Miller
    • 30. IPSec
      • Provides various security services for traffic at the IP layer
      • These security services include
        • Authentication
        • Integrity
        • Confidentiality
      Trish Miller
    • 31. IPsec overview - how IPsec helps Trish Miller Problem How IPsec helps Details Unauthorized system access Authentication, tamperproofing Defense in depth by isolating trusted from untrusted systems Targeted attacks of high-value servers Authentication, tamperproofing Locking down servers with IPsec. Examples: HR servers, Outlook ® Web Access (OWA), DC replication Eavesdropping Authentication, confidentiality Defense in depth against password or information gathering by untrusted systems Government guideline compliance Authentication, confidentiality Example: “All communications between financial servers must be encrypted.”
    • 32. DMZ Image Trish Miller
    • 33.
      • Hardening Servers
      • Cisco IOS
      • Upgrades and Patches
      • Unnecessary Services
      • Network Monitoring tools
      Host Security Trish Miller
    • 34. Switch Vulnerabilities and Hacking Trish Miller
    • 35.
      • Used to locate IP address, version, and model.
      • Mass amounts of packets being sent can fake a crash
      • Used to troubleshoot network, but should be disabled.
      CDP Protocol Trish Miller
    • 36.
      • Give users data by poisoning ARP cache of end node.
      • MAC address used to determine destination. Device driver does not check.
      • User can forge ARP datagram for man in the middle attack.
      ARP Poisoning Trish Miller
    • 37.
      • SNMP manages the network.
      • Authentication is weak. Public and Private community keys are clear text.
      • Uses UDP protocol which is prone to spoofing.
      • Enable SNMPv3 without backwards compatibility.
      SNMP Trish Miller
    • 38.
      • Standard STP takes 30-45 seconds to deal with a failure or Root bridge change.
      • Purpose: Spanning Tree Attack reviews the traffic on the backbone.
      Spanning Tree Attacks Trish Miller
    • 39.
      • Only devices affected by the failure notice the change
      • The attacker can create DoS condition on the network by sending BPDUs from the attacker.
      Spanning Tree Attacks Trish Miller
    • 40.
      • STEP 1: MAC flood the access switch
      • STEP 2: Advertise as a priority zero bridge.
      Trish Miller Spanning Tree Attacks (Cont.)
    • 41. Spanning Tree Attacks (Cont.)
      • STEP 3: The attacker becomes the Root bridge!
        • Spanning Tree recalculates.
        • The backbone from the original network is now the backbone from the attacking host to the other switches on the network.
      Trish Miller Spanning Tree Attacks (Cont.)
    • 42.
      • Disabling STP can introduce another attack.
      • BPDU Guard
        • Disables ports using portfast upon detection of a BPDU message on the port.
        • Enabled on any ports running portfast
      STP Attack Prevention Trish Miller
    • 43.
      • Root Guard
        • Prevents any ports that can become the root bridge due to their BPDU
      STP Attack Prevention Trish Miller
    • 44.
      • Cisco Content Switching Modules
      • Cisco Content Switching Module with SSL
      CSM and CSM-S Trish Miller
    • 45.
      • Cisco Secure Desktop
        • 3 major vulnerabilities
          • Maintains information after an Internet browsing session. This occurs after an SSL VPN session ends.
          • Evades the system via the system policies preventing logoff, this will allow a VPN connection to be activated.
          • Allow local users to elevate their privileges.
      Trish Miller CDM
    • 46.
      • Prevention
        • Cisco has software to address the vulnerabilities.
        • There are workarounds available to mitigate the effects of some of these vulnerabilities.
      Trish Miller
    • 47. Cisco Routers Trish Miller
    • 48.
      • Two potential issues with Cisco Routers
        • Problems with certain IOS software
        • SNMP
      Cisco Routers Trish Miller
    • 49.
      • Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4
        • Problem with the software
        • Confidential information can be leaked out
        • Software updates on the CISCO site can fix this problem
      Trish Miller
    • 50. Trish Miller
      • Virtual Private Networks
      Virtual connection 1 Virtual Connection 2
    • 51. Trish Miller
      • Virtual Private Networks
      Information leak Error Connection
    • 52.
      • Cisco uBR10012 series devices automatically enable SNMP read/write access
      • Since there are no access restrictions on this community string , attackers can exploit this to gain complete control of the device
      Trish Miller
    • 53. Trish Miller CISCO Router Attacking Computer By sending an SNMP set request with a spoofed source IP address the attacker will be able to get the Victim router to send him its configuration file.
    • 54. Trish Miller CISCO Router Attacking Computer With this information, the remote computer will be able to have complete control over this router
    • 55.
      • Fixes- Software updates available on the CICSO site that will fix the Read/Write problem
      Trish Miller
    • 56. Links
      • http://sectools.org/tools2.html
      • http://insecure.org/sploits/l0phtcrack.lanman.problems.html
      • http://www.grc.com/intro.htm
      • http://www.riskythinking.com
      • http://www.hidemyass.com/
      Trish Miller
    • 57. References
      • http://www.bmighty.com/network/showArticle.jhtml;jsessionid=2YYDWJHHX3FL2QSNDLPSKHSCJUNN2JVN?articleID=202401432&pgno=2
      • http://www.juniper.net/security/auto/vulnerabilities/vuln19998.html
      • http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
      • http://www.askapache.com/security/hacking-vlan-switched-networks.html
      • http://marc.info/?l=bugtraq&m=116300682804339&w=2
      • http://www.secureroot.com/security/advisories/9809702147.html
      Trish Miller
    • 58. Trish Miller Trish Miller Trish Miller