SlideShare a Scribd company logo

Network Security

Download as PPTX, PDF
Yasser Rabie
Yasser Rabie

Graduation Project prepared by E/ Yasser Rabie

EducationTechnology
1 of 44
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 1
Graduation Project Integrated Computer Network UNIFIED Supervisor: Dr. Mohammed Abd- Elnaby Prepared by: Yasser Rabie Mohammed
OUTLINE: • Project Overview • Project Task • Security and Threats • How can you achieve Network Security? • Network Security Elements • LAB 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 3
A. Project Overview Project Aim • Create an Integrated Computer Network which is satisfied with the most important requirements needed for any network. • The most important requirements of the Integrated Network: Network Administration System Administration Network VoIP Network Security Virtualization and Cloud Computing 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 4
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 5 B. Project Task
What is Network Security? National Security Telecommunications and Information Systems Security Committee (NSTISSC) Network security is the protection of information and systems and hardware that use, store, and transmit that information. Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources. C. Security and Threats 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 6
Rationale for Network Security Network security initiatives and network security specialists can be found in private and public, large and small companies and organizations. The need for network security and its growth are driven by many factors: 1. Internet connectivity is 24/7 and is worldwide 2. Increase in cyber crime 3. Impact on business and individuals 4. Legislation & liabilities 5. Proliferation of threats 6. Sophistication of threats 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 7
Goals of an Information Security Program • Confidentiality • Prevent the disclosure of sensitive information from unauthorized people, resources, and processes • Integrity • The protection of system information or processes from intentional or accidental modification • Availability • The assurance that systems and data are accessible by authorized users when needed 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 8
Types of Attacks Structured attack Come from hackers who are more highly motivated and technically competent. Unstructured attack Consists of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. External attacks Initiated by individuals or groups working outside of a company. They do not have authorized access to the computer systems or network. Internal attacks More common and dangerous. Internal attacks are initiated by someone who has authorized access to the network. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 9
Types of Attacks • Passive Attack • Listen to system passwords • Release of message content • Traffic analysis • Data capturing • Active Attack • Attempt to log into someone else’s account • Wire taps • Denial of services • Message modifications 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 10
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 11 • Packet Sniffing • Internet traffic consists of data “packets”, and these can be “sniffed” • Leads to other attacks such as password sniffing, cookie stealing session hijacking, information stealing • Man in the Middle attack • Insert a router in the path between client and server, and change the packets as they pass through • DNS hijacking • Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites • Denial-of-Service attacks • DoS doesn’t result in information theft or any kind of information loss, it can cost the target person a large amount of time and money. As it makes service is inoperable (buffer overflow) Types of Attacks 1- Network Attack
2-Web Attacks • Phishing • An evil website pretends to be a trusted website • Example: • You type, by mistake, “mibank.com” instead of “mybank.com” • mibank.com designs the site to look like mybank.com so the user types in their info as usual • BAD! Now an evil person has your info! • SQL Injection • Interesting Video showing an example • Cross Site Scripting • Writing a complex JavaScript program that steals data left by other sites that you have visited in same browsing session 1212 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 13 3- OS, applications and software attacks • Virus: Piece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate. Its targets Executable files and boot sectors. • Worm: Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). Via buffer overflow, file sharing, configuration errors and other vulnerabilities. • Backdoor: A backdoor is a program placed by a black-hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc. • Trojan: A Trojan is a software that seems useful or benign, but is actually hiding a malicious functionality
D. How can you achieve security? • Many techniques exist for ensuring computer and network security • Antivirus software • Secure networks • Firewalls • Cryptography • In addition, users have to practice “safe computing” • Not downloading from unsafe websites • Not opening attachments • Not trusting what you see on websites • Avoiding Scams 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 14
Securing Network Network Foundation Protection (NFP) NFP is a framework used to break the infrastructure down into smaller components, and then systematically focusing on how to secure each of those components. NFP is broken down into three basic planes (also called sections/areas): 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 15
• Router Security • Physical Security • Place router in a secured, locked room • Install an uninterruptible power supply • Operating System Security • Use the latest stable version that meets network requirements • Keep a copy of the O/S and configuration file as a backup • Router Hardening • Secure administrative control • Disable unused ports and interfaces • Disable unnecessary services 1- Management Plane 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 16
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 17 • Configuring the Router for use SSH instead of Telnet. • Configuring for Privilege Levels By default: User EXEC mode (privilege level 1) Privileged EXEC mode (privilege level 15) Sixteen privilege levels available Methods of providing privileged level access infrastructure access: • Privilege Levels • Role-Based CLI Access • Using Syslog Syslog servers: Known as log hosts, these systems accept and process log messages from syslog clients. • Auto Secure Command. Methods of Securing the Router
• AAA Access Security Accounting What did you spend it on? Authentication Who are you? Authorization which resources the user is allowed to access and which operations the user is allowed to perform? 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 18
Authentication – Password-Only • Uses a login and password combination on access lines • Easiest to implement, but most unsecure method • Vulnerable to brute-force attacks • Provides no accountability R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login Internet User Access Verification Password: cisco Password: cisco1 Password: cisco12 % Bad passwords Password-Only Method
Authentication – Local Database • Creates individual user account/password on each device • Provides accountability • User accounts must be configured locally on each device R1(config)# username Admin secret Str0ng5rPa55w0rd R1(config)# line vty 0 4 R1(config-line)# login local Internet User Access Verification Username: Admin Password: cisco1 % Login invalid Username: Admin Password: cisco12 % Login invalid Local Database Method
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 21 AAA Router (AAA Client) ) Remote Client 1 2 4 Cisco Secure ACS Server 3 Server-Based AAA Authentication
2- Control Plane 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 22
3- Data Plane 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 23
MAC Address Spoofing Attack MAC Address: AABBcc AABBcc 12AbDdSwitch Port 1 2 MAC Address: AABBcc Attacker Port 1 Port 2 MAC Address: 12AbDd I have associated Ports 1 and 2 with the MAC addresses of the devices attached. Traffic destined for each device will be forwarded directly. The switch keeps track of the endpoints by maintaining a MAC address table. In MAC spoofing, the attacker poses as another host—in this case, AABBcc • Layer 2 Security 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 24
MAC Address Table Overflow Attack The switch can forward frames between PC1 and PC2 without flooding because the MAC address table contains port-to-MAC-address mappings in the MAC address table for these PCs.
STP Manipulation Attack Root Bridge Priority = 8192 Root Bridge F F F F F B F B F F F F Attacker The attacking host broadcasts out STP configuration and topology change BPDUs. This is an attempt to force spanning tree recalculations. Solution: Use BPDU Guard 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 26
VLAN Hopping Attack 802.1Q ServerAttacker sees traffic destined for servers Server Trunk VLAN 20 VLAN 10 A VLAN hopping attack can be launched by spoofing DTP Messages from the attacking host to cause the switch to enter trunking mode. Solution: Use Port Security
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 28 Layer 3 Security • Access Control List (ACL) Applied as a Filters on Interfaces, can control which traffic is allowed and which is denied on the Data plane. Divided into: • Standard ACL 1- Numbered IP ACL 2- Named IP ACL • Extended ACL 1- Numbered IP 2- Named IP ACL
• Intrusion Prevention Systems (IPSs) 1. An attack is launched on a network that has a sensor deployed in IPS mode (inline mode). 2. The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a signature and the attack is stopped immediately. 3. The IPS sensor can also send an alarm to a management console for logging and other management purposes. 4. Traffic in violation of policy can be dropped by an IPS sensor. Sensor Management Console 1 2 3 Target 4 Bit Bucket E. Network Security Elements
• Intrusion Detection Systems (IDSs) 1. An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack. 2. The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to deny access to the source of the malicious traffic. 3. The IDS can also send an alarm to a management console for logging and other management purposes. Switch Management Console 1 2 3 Target Sensor
• Firewalls • A firewall is a system that enforces an access control policy between network. May be 1- Software. 2-Hardware • Common properties of firewalls: • Resistant to attacks • Is the only transit point between networks • Enforces the access control policy Visible IP Address Internal Network PC Servers Host 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 31
Types of Filtering Firewalls • Packet-filtering firewall—is typically a router that has the capability to filter on some of the contents of packets (examines Layer 3 and sometimes Layer 4 information) • Stateful firewall—keeps track of the state of a connection: whether the connection is in an initiation, data transfer, or termination state • Application gateway firewall (proxy firewall) —filters information at Layers 3, 4, 5, and 7. Firewall control and filtering done in software. • Address-translation firewall—expands the number of IP addresses available and hides network addressing design. • Host-based (server and personal) firewall—a PC or server with firewall software running on it. • Transparent firewall—filters IP traffic between a pair of bridged interfaces. • Hybrid firewalls—some combination of the above firewalls. For example, an application inspection firewall combines a stateful firewall with an application gateway firewall. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 32
Design with DMZ DMZ UntrustedTrusted Private-Public Policy Public-DMZ Policy DMZ-Private Policy Private-DMZ Policy Internet • Demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. Actions Pass – This action is analogous to permit in an ACL Drop – This action is analogous to deny in an ACL Inspect – This action configures Cisco IOS stateful packet inspection 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 33
• VPN • Virtual: Information within a private network is transported over a public network. • Private: The traffic is encrypted to keep the data confidential. VPN VPN Firewall CSA Regional branch with a VPN enabled Cisco ISR router SOHO with a Cisco DSL Router VPN Mobile Worker with a Cisco VPN Client Business Partner with a Cisco Router Corporate NetworkWAN Internet 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 34
What is Cisco ASA ? • ASA in Cisco ASA stands for Adaptive Security Appliance. • Cisco ASA is a security device that combines firewall, intrusion prevention, and virtual private network (VPN) capabilities. • ASA is valuable and flexible in that it can be used as a security solution for both small and large networks. • Cisco ASA can do the following and more: • Anti virus • Anti spam • IDS/IPS engine • VPN device • SSL device • Content inspection
• Cryptographic Systems • Simply – secret codes • Encryption • Converting data to unreadable codes to prevent anyone form accessing this information • Need a “key” to find the original data. Cryptographic Protocols Symmetric Encryption Asymmetric Encryption 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 36
Hashing Basics • Hashes are used for integrity assurance. • Hashes are based on one-way functions. • The hash function hashes arbitrary data into a fixed-length digest known as the hash value, message digest, digest, or fingerprint. Data of Arbitrary Length Fixed-Length Hash Value e883aa0b24c09f 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 37
Hashing in Action • Vulnerable to man-in-the-middle attacks • Hashing does not provide security to transmission. • Well-known hash functions • MD5 with 128-bit hashes • SHA-1 with 160-bit hashes Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars Pay to Alex Jones $1000.00 One Thousand and xx/100 Dollars 4ehIDx67NMop9 12ehqPx67NMoX Match = No changes No match = Alterations Internet I would like to cash this check.
F. LAB Used Tools:  VMware (Virtualization Program) GNS3 (Emulation Program) Cisco Configuration Professional (CCP-GUI Software) ASA Firewall Simulation 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 39
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 40 Zone- Based Firewall
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 41 Emulate ASA on GNS3
12 April 2014 42 Security related URLs • http://www.robertgraham.com/pubs/network-intrusion- detection.html • http://online.securityfocus.com/infocus/1527 • http://www.snort.org/ • http://www.cert.org/ • http://www.nmap.org/ • http://grc.com/dos/grcdos.htm • http://lcamtuf.coredump.cx/newtcp/ Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 43
12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 44

Recommended

Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)Ben Woelk, CISSP, CPTC
 
Cyber security for system design
Cyber security for system designCyber security for system design
Cyber security for system designTom Kaczmarek
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 

Recommended

Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)Digital Self Defense (RRLC version)
Digital Self Defense (RRLC version)Ben Woelk, CISSP, CPTC
 
Cyber security for system design
Cyber security for system designCyber security for system design
Cyber security for system designTom Kaczmarek
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksChapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksDr. Ahmed Al Zaidy
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedNCC Group
 
Urooj's Resume May16
Urooj's Resume May16Urooj's Resume May16
Urooj's Resume May16Urooj Pasha
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Computer Security
Computer SecurityComputer Security
Computer SecurityCristian Mihai
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...raymurphy9533
 
Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Anna Stirling
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacymalik1972
 
Web Hacking
Web HackingWeb Hacking
Web Hackingagung sundoro
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPace IT at Edmonds Community College
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introductionCeh v5 module 00 student introduction
Ceh v5 module 00 student introductionVi Tính Hoàng Nam
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
PACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security ConsiderationsPACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security ConsiderationsPace IT at Edmonds Community College
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 

More Related Content

What's hot

Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksChapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksDr. Ahmed Al Zaidy
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedNCC Group
 
Urooj's Resume May16
Urooj's Resume May16Urooj's Resume May16
Urooj's Resume May16Urooj Pasha
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...raymurphy9533
 
Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Anna Stirling
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacymalik1972
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introductionCeh v5 module 00 student introduction
Ceh v5 module 00 student introductionVi Tính Hoàng Nam
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 

What's hot (20)

Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksChapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removed
 
Urooj's Resume May16
Urooj's Resume May16Urooj's Resume May16
Urooj's Resume May16
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
 
Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...Applying the nist framework to transportation systems mod 1 nhi instructor de...
Applying the nist framework to transportation systems mod 1 nhi instructor de...
 
Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introductionCeh v5 module 00 student introduction
Ceh v5 module 00 student introduction
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
PACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security ConsiderationsPACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security Considerations
 

Similar to Network Security

Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla IsolationCybryx
 
Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)Miguel de la Cruz
 
VMI based malware detection in virtual environment
VMI based malware detection in virtual environmentVMI based malware detection in virtual environment
VMI based malware detection in virtual environmentAyush Gargya
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkPrasad Calyam
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsEMC
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 

Similar to Network Security (20)

Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
 
Cyber security
Cyber securityCyber security
Cyber security
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Security system in banks
Security system in banksSecurity system in banks
Security system in banks
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
TOPIC7.pptx
TOPIC7.pptxTOPIC7.pptx
TOPIC7.pptx
 
Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)
 
VMI based malware detection in virtual environment
VMI based malware detection in virtual environmentVMI based malware detection in virtual environment
VMI based malware detection in virtual environment
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CyberSecurity.pptx
CyberSecurity.pptxCyberSecurity.pptx
CyberSecurity.pptx
 
Web Security
Web SecurityWeb Security
Web Security
 
DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_Presentation
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker Talk
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analytics
 
Application security
Application securityApplication security
Application security
 
Network security
Network securityNetwork security
Network security
 
Akeel Alnwaiser Resume
Akeel Alnwaiser ResumeAkeel Alnwaiser Resume
Akeel Alnwaiser Resume
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
 

Recently uploaded

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 

Recently uploaded (20)

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 

Network Security

  • 1. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 1
  • 2. Graduation Project Integrated Computer Network UNIFIED Supervisor: Dr. Mohammed Abd- Elnaby Prepared by: Yasser Rabie Mohammed
  • 3. OUTLINE: • Project Overview • Project Task • Security and Threats • How can you achieve Network Security? • Network Security Elements • LAB 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 3
  • 4. A. Project Overview Project Aim • Create an Integrated Computer Network which is satisfied with the most important requirements needed for any network. • The most important requirements of the Integrated Network: Network Administration System Administration Network VoIP Network Security Virtualization and Cloud Computing 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 4
  • 5. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 5 B. Project Task
  • 6. What is Network Security? National Security Telecommunications and Information Systems Security Committee (NSTISSC) Network security is the protection of information and systems and hardware that use, store, and transmit that information. Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources. C. Security and Threats 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 6
  • 7. Rationale for Network Security Network security initiatives and network security specialists can be found in private and public, large and small companies and organizations. The need for network security and its growth are driven by many factors: 1. Internet connectivity is 24/7 and is worldwide 2. Increase in cyber crime 3. Impact on business and individuals 4. Legislation & liabilities 5. Proliferation of threats 6. Sophistication of threats 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 7
  • 8. Goals of an Information Security Program • Confidentiality • Prevent the disclosure of sensitive information from unauthorized people, resources, and processes • Integrity • The protection of system information or processes from intentional or accidental modification • Availability • The assurance that systems and data are accessible by authorized users when needed 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 8
  • 9. Types of Attacks Structured attack Come from hackers who are more highly motivated and technically competent. Unstructured attack Consists of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. External attacks Initiated by individuals or groups working outside of a company. They do not have authorized access to the computer systems or network. Internal attacks More common and dangerous. Internal attacks are initiated by someone who has authorized access to the network. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 9
  • 10. Types of Attacks • Passive Attack • Listen to system passwords • Release of message content • Traffic analysis • Data capturing • Active Attack • Attempt to log into someone else’s account • Wire taps • Denial of services • Message modifications 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 10
  • 11. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 11 • Packet Sniffing • Internet traffic consists of data “packets”, and these can be “sniffed” • Leads to other attacks such as password sniffing, cookie stealing session hijacking, information stealing • Man in the Middle attack • Insert a router in the path between client and server, and change the packets as they pass through • DNS hijacking • Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites • Denial-of-Service attacks • DoS doesn’t result in information theft or any kind of information loss, it can cost the target person a large amount of time and money. As it makes service is inoperable (buffer overflow) Types of Attacks 1- Network Attack
  • 12. 2-Web Attacks • Phishing • An evil website pretends to be a trusted website • Example: • You type, by mistake, “mibank.com” instead of “mybank.com” • mibank.com designs the site to look like mybank.com so the user types in their info as usual • BAD! Now an evil person has your info! • SQL Injection • Interesting Video showing an example • Cross Site Scripting • Writing a complex JavaScript program that steals data left by other sites that you have visited in same browsing session 1212 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie
  • 13. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 13 3- OS, applications and software attacks • Virus: Piece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate. Its targets Executable files and boot sectors. • Worm: Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). Via buffer overflow, file sharing, configuration errors and other vulnerabilities. • Backdoor: A backdoor is a program placed by a black-hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc. • Trojan: A Trojan is a software that seems useful or benign, but is actually hiding a malicious functionality
  • 14. D. How can you achieve security? • Many techniques exist for ensuring computer and network security • Antivirus software • Secure networks • Firewalls • Cryptography • In addition, users have to practice “safe computing” • Not downloading from unsafe websites • Not opening attachments • Not trusting what you see on websites • Avoiding Scams 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 14
  • 15. Securing Network Network Foundation Protection (NFP) NFP is a framework used to break the infrastructure down into smaller components, and then systematically focusing on how to secure each of those components. NFP is broken down into three basic planes (also called sections/areas): 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 15
  • 16. • Router Security • Physical Security • Place router in a secured, locked room • Install an uninterruptible power supply • Operating System Security • Use the latest stable version that meets network requirements • Keep a copy of the O/S and configuration file as a backup • Router Hardening • Secure administrative control • Disable unused ports and interfaces • Disable unnecessary services 1- Management Plane 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 16
  • 17. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 17 • Configuring the Router for use SSH instead of Telnet. • Configuring for Privilege Levels By default: User EXEC mode (privilege level 1) Privileged EXEC mode (privilege level 15) Sixteen privilege levels available Methods of providing privileged level access infrastructure access: • Privilege Levels • Role-Based CLI Access • Using Syslog Syslog servers: Known as log hosts, these systems accept and process log messages from syslog clients. • Auto Secure Command. Methods of Securing the Router
  • 18. • AAA Access Security Accounting What did you spend it on? Authentication Who are you? Authorization which resources the user is allowed to access and which operations the user is allowed to perform? 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 18
  • 19. Authentication – Password-Only • Uses a login and password combination on access lines • Easiest to implement, but most unsecure method • Vulnerable to brute-force attacks • Provides no accountability R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login Internet User Access Verification Password: cisco Password: cisco1 Password: cisco12 % Bad passwords Password-Only Method
  • 20. Authentication – Local Database • Creates individual user account/password on each device • Provides accountability • User accounts must be configured locally on each device R1(config)# username Admin secret Str0ng5rPa55w0rd R1(config)# line vty 0 4 R1(config-line)# login local Internet User Access Verification Username: Admin Password: cisco1 % Login invalid Username: Admin Password: cisco12 % Login invalid Local Database Method
  • 21. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 21 AAA Router (AAA Client) ) Remote Client 1 2 4 Cisco Secure ACS Server 3 Server-Based AAA Authentication
  • 22. 2- Control Plane 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 22
  • 23. 3- Data Plane 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 23
  • 24. MAC Address Spoofing Attack MAC Address: AABBcc AABBcc 12AbDdSwitch Port 1 2 MAC Address: AABBcc Attacker Port 1 Port 2 MAC Address: 12AbDd I have associated Ports 1 and 2 with the MAC addresses of the devices attached. Traffic destined for each device will be forwarded directly. The switch keeps track of the endpoints by maintaining a MAC address table. In MAC spoofing, the attacker poses as another host—in this case, AABBcc • Layer 2 Security 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 24
  • 25. MAC Address Table Overflow Attack The switch can forward frames between PC1 and PC2 without flooding because the MAC address table contains port-to-MAC-address mappings in the MAC address table for these PCs.
  • 26. STP Manipulation Attack Root Bridge Priority = 8192 Root Bridge F F F F F B F B F F F F Attacker The attacking host broadcasts out STP configuration and topology change BPDUs. This is an attempt to force spanning tree recalculations. Solution: Use BPDU Guard 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 26
  • 27. VLAN Hopping Attack 802.1Q ServerAttacker sees traffic destined for servers Server Trunk VLAN 20 VLAN 10 A VLAN hopping attack can be launched by spoofing DTP Messages from the attacking host to cause the switch to enter trunking mode. Solution: Use Port Security
  • 28. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 28 Layer 3 Security • Access Control List (ACL) Applied as a Filters on Interfaces, can control which traffic is allowed and which is denied on the Data plane. Divided into: • Standard ACL 1- Numbered IP ACL 2- Named IP ACL • Extended ACL 1- Numbered IP 2- Named IP ACL
  • 29. • Intrusion Prevention Systems (IPSs) 1. An attack is launched on a network that has a sensor deployed in IPS mode (inline mode). 2. The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a signature and the attack is stopped immediately. 3. The IPS sensor can also send an alarm to a management console for logging and other management purposes. 4. Traffic in violation of policy can be dropped by an IPS sensor. Sensor Management Console 1 2 3 Target 4 Bit Bucket E. Network Security Elements
  • 30. • Intrusion Detection Systems (IDSs) 1. An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack. 2. The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to deny access to the source of the malicious traffic. 3. The IDS can also send an alarm to a management console for logging and other management purposes. Switch Management Console 1 2 3 Target Sensor
  • 31. • Firewalls • A firewall is a system that enforces an access control policy between network. May be 1- Software. 2-Hardware • Common properties of firewalls: • Resistant to attacks • Is the only transit point between networks • Enforces the access control policy Visible IP Address Internal Network PC Servers Host 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 31
  • 32. Types of Filtering Firewalls • Packet-filtering firewall—is typically a router that has the capability to filter on some of the contents of packets (examines Layer 3 and sometimes Layer 4 information) • Stateful firewall—keeps track of the state of a connection: whether the connection is in an initiation, data transfer, or termination state • Application gateway firewall (proxy firewall) —filters information at Layers 3, 4, 5, and 7. Firewall control and filtering done in software. • Address-translation firewall—expands the number of IP addresses available and hides network addressing design. • Host-based (server and personal) firewall—a PC or server with firewall software running on it. • Transparent firewall—filters IP traffic between a pair of bridged interfaces. • Hybrid firewalls—some combination of the above firewalls. For example, an application inspection firewall combines a stateful firewall with an application gateway firewall. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 32
  • 33. Design with DMZ DMZ UntrustedTrusted Private-Public Policy Public-DMZ Policy DMZ-Private Policy Private-DMZ Policy Internet • Demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. Actions Pass – This action is analogous to permit in an ACL Drop – This action is analogous to deny in an ACL Inspect – This action configures Cisco IOS stateful packet inspection 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 33
  • 34. • VPN • Virtual: Information within a private network is transported over a public network. • Private: The traffic is encrypted to keep the data confidential. VPN VPN Firewall CSA Regional branch with a VPN enabled Cisco ISR router SOHO with a Cisco DSL Router VPN Mobile Worker with a Cisco VPN Client Business Partner with a Cisco Router Corporate NetworkWAN Internet 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 34
  • 35. What is Cisco ASA ? • ASA in Cisco ASA stands for Adaptive Security Appliance. • Cisco ASA is a security device that combines firewall, intrusion prevention, and virtual private network (VPN) capabilities. • ASA is valuable and flexible in that it can be used as a security solution for both small and large networks. • Cisco ASA can do the following and more: • Anti virus • Anti spam • IDS/IPS engine • VPN device • SSL device • Content inspection
  • 36. • Cryptographic Systems • Simply – secret codes • Encryption • Converting data to unreadable codes to prevent anyone form accessing this information • Need a “key” to find the original data. Cryptographic Protocols Symmetric Encryption Asymmetric Encryption 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 36
  • 37. Hashing Basics • Hashes are used for integrity assurance. • Hashes are based on one-way functions. • The hash function hashes arbitrary data into a fixed-length digest known as the hash value, message digest, digest, or fingerprint. Data of Arbitrary Length Fixed-Length Hash Value e883aa0b24c09f 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 37
  • 38. Hashing in Action • Vulnerable to man-in-the-middle attacks • Hashing does not provide security to transmission. • Well-known hash functions • MD5 with 128-bit hashes • SHA-1 with 160-bit hashes Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars Pay to Alex Jones $1000.00 One Thousand and xx/100 Dollars 4ehIDx67NMop9 12ehqPx67NMoX Match = No changes No match = Alterations Internet I would like to cash this check.
  • 39. F. LAB Used Tools:  VMware (Virtualization Program) GNS3 (Emulation Program) Cisco Configuration Professional (CCP-GUI Software) ASA Firewall Simulation 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 39
  • 40. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 40 Zone- Based Firewall
  • 41. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 41 Emulate ASA on GNS3
  • 42. 12 April 2014 42 Security related URLs • http://www.robertgraham.com/pubs/network-intrusion- detection.html • http://online.securityfocus.com/infocus/1527 • http://www.snort.org/ • http://www.cert.org/ • http://www.nmap.org/ • http://grc.com/dos/grcdos.htm • http://lcamtuf.coredump.cx/newtcp/ Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie
  • 43. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 43
  • 44. 12 April 2014 Menofia University- Faculty of Electronic Engineering Prepared By E/ Yasser Rabie 44