SlideShare a Scribd company logo

Security mechanisms and techniques overview

Download as PPT, PDF
B
BachaSirata

The document discusses various security mechanisms and techniques including firewalls, proxy servers, and intrusion detection systems (IDS). It provides details on how firewalls, proxy servers, and IDS work to enhance network security. Firewalls can be hardware-based or software-based and inspect packets to determine if they should be allowed through or blocked. Proxy servers act as intermediaries and filter or block traffic based on rules. IDS monitors network traffic and system activities to detect intrusions and security breaches.

Education
1 of 53
Security mechanisms and techniques Firewall , Proxy Server, IDS 1
Firewall  Is hardware, software, or a combination of both  used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer. 2
Hardware vs. Software Firewalls 3  Hardware Firewalls  Protect an entire network  Implemented on the router level  Software Firewalls  Protect a single computer
How does a software firewall work? 4  Inspects each individual “packet” of data as it arrives at either side of the firewall  Determines whether it should be allowed to pass through or if it should be blocked
Firewall Rules 5  Allow – traffic that flows automatically because it has been deemed  Block – traffic that is blocked because it has been deemed dangerous to your computer  Ask – asks the user whether or not the traffic is allowed to pass through
What Can a Firewall Do?  Focus for security decisions  Stop hackers from accessing your computer  Can enforce security policy  Protects your personal information  Limits your exposure  Blocks “pop up” ads and certain cookies  Can log Internet activity efficiently  Determines which programs can access the Internet  Can't protect you against malicious insiders  Can't protect you against connections that don't go through it  Can't protect against completely new threats 6
Firewall features  General Firewall Features  Port Control  Network Address Translation  Application Monitoring  Packet Filtering  Access control  Additional features  Data encryption  Authentication  Connection relay (hide internal network)  reporting/logging  e-mail virus protection  spy ware protection 7
What It Protects You From  Remote login  SMTP session hijacking  Operating system bugs  Spam  IP spoofing  Denial of Service  E-mail bombs  Source routing 8
Security Strategies Implemented  Default Deny  Prohibit all communication that is not expressly permitted  Default Permit  Permit all communication that is not explicitly prohibited  Least Privilege  reduces the authorization level at which various actions are performed  Defense in Depth  security approach whereby each system on the network is secured to the greatest possible degree  Choke Point  forces attackers to use a narrow channel to bypass the network 9
Example: Firewall Configuration 10  # ipchains -C forward -p tcp -s 172.16.1.0 1025 -d 44.136.8.2 80 -i eth0 accepted  # ipchains -C forward -p tcp -s 172.16.2.0 1025 -d 44.136.8.2 80 -i eth0 denied  # ipchains -C forward -p udp -s 172.16.1.0 1025 -d 44.136.8.2 80 -i eth0 denied  # ipchains -C forward -p tcp -s 172.16.1.0 1025 -d 44.136.8.2 23 -i eth0 denied source Destination Wrong Wrong Wrong
Firewall Filtering Rule  Egress Filtering  Restricting the flow of information from a private TCP/IP computer network to the Internet  Outbound traffic from external address  Drop  Ingress Filtering  Contrast with egress filtering, it ensure that incoming packets are actually from the networks from which they claim to originate  Inbound Traffic from internal address  Drop  Default Any Dst Port Any Deny Any Any Int Any Int In Ingress Deny Any Any Ext Any Ext Out Egress Any Deny Any Any Any Any Any Any Default Dst Addr Proto Ack Set? Action Src Port Src Addr Dir Rule 11
Types of Firewalls  Packet Filtering Firewalls  Proxy Server Firewalls or Application level Gateway  Circuit Level Gateway 12
Types of Firewalls ….  Two primary types of firewalls are:  Packet filtering firewall  Proxy-server firewall  Sometimes both are employed to protect a network  Firewalls can be designed to operate at any of the following three layers in the TCP/IP protocol stacks:  The application layer(eg: HTTP proxy)  The network and transport layer(eg: packet filtering)  The layer b/n the application layer and the transport layer (eg: SOCKS proxy) 13
Packet Filtering Firewalls/Routers  Packet Filtering router applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.  A filtering firewall works at the network level.  The router is typically configured to filter packets going in both directions (from and to the internal network).  Filtering rules are based on information contained in a network packet:  Source IP address: The IP address of the system that originated the IP packet (e.g., 192.178.1.1)  Destination IP address: The IP address of the system the IP packet is trying to reach (e.g., 192.168.1.2)  Source and destination port address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET 14
15 Packet Filtering Firewalls  Packet-filtering Router…  Many network routers have the ability to perform some firewall services.  Filtering firewalls can be thought of as a type of router
Application Level Gateway  Also called proxy server  Acts as a relay of application-level traffic  Proxy Services  Application that mediates traffic between a protected network and the internet  Able to understand the application protocol being utilized and implement protocol specific security  Protocols include: FTP, HTTP, Telnet etc 16
Application Level Gateway 17  Use an application specific gateway / proxy  Has full access to protocol  user requests service from proxy  proxy validates request as legal  then actions request and returns result to user  need separate proxies for each service
Circuit Level Gateway 18 They are used for TCP connections to observe handshaking between packets to ensure a requested session is legitimate.
Circuit Level Gateway  Normally, it would store the following information:  a unique session identifier,  the state of the connection (i.e., handshake established or closing),  sequencing information,  source or destination IP address, and  the physical network interface through which the packet arrives or departs.  The firewall then checks to see:  if the sending host has permission to send to the destination, and  the receiving host has permission to receive from the sender.  If the connection is acceptable, all packets are routed through the firewall with no more security tests. 19
Circuit Level Gateway  Doesn’t permit an end-to-end TCP connection.  The gateway sets up two TCP connections:  one between itself and a TCP user on an inner host and  one between itself and a TCP user on an outside host.  once created usually relays traffic without examining contents  SOCKS commonly used for this 20
Proxy Server 21
Proxy Server  Proxy Server is a computer program that acts as an intermediary between a web browser and a web server.  To give users rapid access to popular web destinations.  Internet Service Providers use proxy servers as “holding bins" to store frequently requested pages,  rather than going out and fetching them repeatedly from the Net (Eg, www.google.com.et)  Proxy server is also used to control and monitor outbound traffic. 22
23 Web caches (proxy server)  user sets browser: Web accesses via cache  browser sends all HTTP requests to cache  object in cache: cache returns object  else cache requests object from origin server, then returns object to client Goal: satisfy client request without involving origin server client Proxy server client origin server origin server
How Proxy Servers Work  Function as a software , forwarding data between internal and external hosts  Focus on the port each service uses  Screen all traffic into and out of each port  Decide whether to block or allow traffic based on rules  Add time to communications, but in return, they:  Conceal clients  Translate network addresses (NAT)  Filter content 24
25 Steps Involved in a Proxy Transaction 1. Internal host makes request to access a Web site 2. Request goes to proxy server, which examines header and data of the packet against rule base 3. Proxy server recreates packet in its entirety with a different source IP address 4. Proxy server sends packet to destination; packet appears to come from proxy server 5. Returned packet is sent to proxy server, which inspects it again and compares it against its rule base 6. Proxy server rebuilds returned packet and sends it to originating computer; packet appears to come from external host
How Proxy Servers Differ from Packet Filters  Scan entire data part of IP packets and create more detailed log file listings  Rebuild packet with new source IP information  covers internal users from outside users  Caches data 26
Goals of Proxy Servers  Conceal internal clients  Block URLs  Block and filter content  Protect e-mail proxy  Improve performance  Ensure security  Provide user authentication  Redirect URLs 27
Concealing Internal Clients  Network appears as a single machine  If external users cannot detect hosts on your internal network, they cannot initiate an attack against these hosts  Proxy server receives requests as though it were the destination server,  then completely regenerates a new request, which is sent to its destination 28
Concealing Internal Clients 29 Demilitarized zone • A DMZ is part of a network on which you place servers that must be accessible by sources both outside and inside your network. • However, the DMZ is not connected directly to either network, and it must always be accessed through the firewall. • By using a DMZ, you can create an additional step that makes it more difficult for an intruder to gain access to the internal network. A proxy server makes all communication come from a single gateway
Blocking URLs  An attempt to keep employees from visiting unsuitable Web sites  An unreliable practice;  users can use the IP address that corresponds to the URL 30 NetProxy lets you block URLs based on domain name
Blocking and Filtering Content  Can block and strip out Java applets or ActiveX controls  Can delete executable files attached to e-mail messages  Can filter out content based on rules that contain a variety of parameters (eg, time, IP address, port number) 31
E-Mail Proxy Protection  External e-mail users never interact directly with internal hosts 32 E-mail protection with a proxy SMTP server
Ensuring Security with Log Files  Log file  Text file set up to store information about access to networked resources  Can ensure effectiveness of firewall  Detect intrusions  Uncover weaknesses  Provide documentation 33 Select only the most critical services and events to log
Providing User Authentication  Enhances security  Most proxy servers can request users for username and password 34
Creating Filter Rules  Allow certain hosts to bypass the proxy  Filter out URLs  Enable internal users to send outbound requests only at certain times  Govern length of time a session can last 35
Proxy Server Configuration Considerations  Scalability issues  Add multiple proxy servers to the same network connection  Need to configure each piece of client software that will use the proxy server  Need to have a separate proxy service available for each network protocol (HTTP,TELNET,SMTP,…)  Need to create packet filter rules  Security vulnerabilities  Single point of failure  Buffer overflow 36
Working with Client Configurations 37 Each client on the network must be configured to access the proxy server
Working with Service Configurations 38 Each service needs to be configured to use a proxy server
Proxy Server-Based Firewalls  Firewalls based on proxy servers:  TIS  T.REX  Squid  SOCKS  WinGate  Symantec Enterprise Firewall  Microsoft Internet Security & Acceleration Server  Choice depends on your platform and the number of hosts and services you need to protect 39
Security Technique Intrusion Detection 40
41 Intrusion Detection  IDSs prepare for and deal with attacks by collecting information from a variety of system and network sources, then analyzing the symptoms of security problems  IDSs serve three essential security functions; monitor, detect and respond to unauthorized activity  IDS can also response automatically (in real- time) to a security breach event such as logging off a user, disabling a user account and launching of some scripts
Intrusion Detection…  Firewalls generally don’t detects internal attacks or attacks once the system is compromised  An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches  It detects both intrusions and misuse  Intrusion detection functions include  Monitoring and analyzing both user and system activities  Analyzing system configurations and vulnerabilities  Assessing system and file integrity  Ability to recognize patterns typical of attacks  Analysis of abnormal activity patterns  Tracking user policy violations 42
43 Intrusion Detection…  Uses “intrusion signatures”  Well known patterns of behavior  Ping sweeps, port scanning, web server indexing, OS fingerprinting, DoS attempts, etc.  Example  IRIX vulnerability in webdist.cgi  Can make a rule to drop packets containing the line  “/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd”  However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring
Components of Intrusion Detection System Audit Data Preprocessor Audit Records Activity Data Detection Models Detection Engine Alarms Decision Table Decision Engine Action/Report system activities are observable normal and intrusive activities have distinct evidence
Intrusion Detection Approaches  Modeling  Features: evidences extracted from audit data  Analysis approach: piecing the evidences together  Misuse detection (signature-based)  Anomaly detection (statistical-based)  Deployment: Network-based or Host-based  Network based: monitor network traffic  Host based: monitor computer processes
Signature based IDS  This IDS possess an attacked description that can be matched to sensed attack manifestations.  The question of what information is relevant to an IDS depends upon what it is trying to detect.  E.g DNS, FTP etc.
Signature based IDS (contd.)  ID system is programmed to interpret a certain series of packets, or a certain piece of data contained in those packets as an attack.  For example, an IDS that watches web servers might be programmed to look for the string “phf” as an indicator of a CGI program attack.  Most signature analysis systems are based off of simple pattern matching algorithms.  In most cases, the IDS simply looks for a sub string within a stream of data carried by network packets. When it finds this sub string (for example, the ``phf'' in ``GET /cgi-bin/phf?''), it identifies those network packets as vehicles of an attack.
Signature based IDS (contd.) Intrusion Patterns: Sequences of system calls, patterns of network traffic, etc. activities pattern matching intrusion Can’t detect new attacks E.g: if (traffic contains “x90+de[^rn]{30}”) then “attack detected” Advantage: Mostly accurate.
Drawbacks of Signature based IDS  They are unable to detect novel attacks.  Suffer from false alarms  Have to programmed again for every new pattern to be detected.
Anomaly based IDS  It detect both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.  The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation.  Anomaly detection systems consist of the training phase and testing phase  Most often uses artificial intelligence type techniques  The primary strength is its ability to recognize novel attacks.
Drawbacks of Anomaly detection IDS  Assumes that intrusions will be accompanied by manifestations that are sufficiently unusual so as to permit detection.  These generate many false alarms and hence compromise the effectiveness of the IDS.
Host-Based IDSs  Use OS auditing and monitoring/analysis mechanisms to find malware  Can execute full static and dynamic analysis of a program  Monitor shell commands and system calls executed by user applications and system programs  Has the most comprehensive program info for detection, thus accurate  Problems:  User dependent: install/update IDS on all user machines!  If attacker takes over machine, can tamper with IDS binaries and modify audit logs  Only local view of the attack
Network IDSs  Deploying sensors at strategic locations  For example, Packet sniffing via tcpdump at routers  Inspecting network traffic  Watch for violations of protocols and unusual connection patterns  Look into the packet payload for malicious code  Limitations  Cannot execute the payload or do any code analysis !  Record and process huge amount of traffic  May be easily defeated by encryption, but can be mitigated with encryption only at the gateway/proxy

Recommended

firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptgocokir267
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)Bhargu Bhargavi
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Firewall
FirewallFirewall
FirewallKenny2012
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptMohanLal141254
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdflamtran367679
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 

Recommended

firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptgocokir267
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)Bhargu Bhargavi
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Firewall
FirewallFirewall
FirewallKenny2012
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptMohanLal141254
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdflamtran367679
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Prabhdeep Kaur
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
Firewall
FirewallFirewall
Firewallthinkahead.net
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...FahmiOlayah
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network DefensesInformation Technology
 
Network security
Network securityNetwork security
Network securityPresentaionslive.blogspot.com
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Net Defender
Net DefenderNet Defender
Net Defenderkrishna maddikara
 
Netdefender
NetdefenderNetdefender
Netdefenderkrishna Maddikara
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
Firewalls
FirewallsFirewalls
Firewallshemantag
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Typescrisma baby mathew
 
Firewalls
FirewallsFirewalls
FirewallsDeevena Dayaal
 
Network security
Network security Network security
Network securityVikas Jagtap
 
Firewall
FirewallFirewall
FirewallYdel Capales
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 

More Related Content

Similar to Security mechanisms and techniques overview

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Prabhdeep Kaur
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...FahmiOlayah
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 

Similar to Security mechanisms and techniques overview (20)

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Server
 
Firewall
FirewallFirewall
Firewall
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network Defenses
 
Network security
Network securityNetwork security
Network security
 
Firewall
FirewallFirewall
Firewall
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Net Defender
Net DefenderNet Defender
Net Defender
 
Netdefender
NetdefenderNetdefender
Netdefender
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network security
Network security Network security
Network security
 
Firewall
FirewallFirewall
Firewall
 

Recently uploaded

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 

Security mechanisms and techniques overview

  • 1. Security mechanisms and techniques Firewall , Proxy Server, IDS 1
  • 2. Firewall  Is hardware, software, or a combination of both  used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer. 2
  • 3. Hardware vs. Software Firewalls 3  Hardware Firewalls  Protect an entire network  Implemented on the router level  Software Firewalls  Protect a single computer
  • 4. How does a software firewall work? 4  Inspects each individual “packet” of data as it arrives at either side of the firewall  Determines whether it should be allowed to pass through or if it should be blocked
  • 5. Firewall Rules 5  Allow – traffic that flows automatically because it has been deemed  Block – traffic that is blocked because it has been deemed dangerous to your computer  Ask – asks the user whether or not the traffic is allowed to pass through
  • 6. What Can a Firewall Do?  Focus for security decisions  Stop hackers from accessing your computer  Can enforce security policy  Protects your personal information  Limits your exposure  Blocks “pop up” ads and certain cookies  Can log Internet activity efficiently  Determines which programs can access the Internet  Can't protect you against malicious insiders  Can't protect you against connections that don't go through it  Can't protect against completely new threats 6
  • 7. Firewall features  General Firewall Features  Port Control  Network Address Translation  Application Monitoring  Packet Filtering  Access control  Additional features  Data encryption  Authentication  Connection relay (hide internal network)  reporting/logging  e-mail virus protection  spy ware protection 7
  • 8. What It Protects You From  Remote login  SMTP session hijacking  Operating system bugs  Spam  IP spoofing  Denial of Service  E-mail bombs  Source routing 8
  • 9. Security Strategies Implemented  Default Deny  Prohibit all communication that is not expressly permitted  Default Permit  Permit all communication that is not explicitly prohibited  Least Privilege  reduces the authorization level at which various actions are performed  Defense in Depth  security approach whereby each system on the network is secured to the greatest possible degree  Choke Point  forces attackers to use a narrow channel to bypass the network 9
  • 10. Example: Firewall Configuration 10  # ipchains -C forward -p tcp -s 172.16.1.0 1025 -d 44.136.8.2 80 -i eth0 accepted  # ipchains -C forward -p tcp -s 172.16.2.0 1025 -d 44.136.8.2 80 -i eth0 denied  # ipchains -C forward -p udp -s 172.16.1.0 1025 -d 44.136.8.2 80 -i eth0 denied  # ipchains -C forward -p tcp -s 172.16.1.0 1025 -d 44.136.8.2 23 -i eth0 denied source Destination Wrong Wrong Wrong
  • 11. Firewall Filtering Rule  Egress Filtering  Restricting the flow of information from a private TCP/IP computer network to the Internet  Outbound traffic from external address  Drop  Ingress Filtering  Contrast with egress filtering, it ensure that incoming packets are actually from the networks from which they claim to originate  Inbound Traffic from internal address  Drop  Default Any Dst Port Any Deny Any Any Int Any Int In Ingress Deny Any Any Ext Any Ext Out Egress Any Deny Any Any Any Any Any Any Default Dst Addr Proto Ack Set? Action Src Port Src Addr Dir Rule 11
  • 12. Types of Firewalls  Packet Filtering Firewalls  Proxy Server Firewalls or Application level Gateway  Circuit Level Gateway 12
  • 13. Types of Firewalls ….  Two primary types of firewalls are:  Packet filtering firewall  Proxy-server firewall  Sometimes both are employed to protect a network  Firewalls can be designed to operate at any of the following three layers in the TCP/IP protocol stacks:  The application layer(eg: HTTP proxy)  The network and transport layer(eg: packet filtering)  The layer b/n the application layer and the transport layer (eg: SOCKS proxy) 13
  • 14. Packet Filtering Firewalls/Routers  Packet Filtering router applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.  A filtering firewall works at the network level.  The router is typically configured to filter packets going in both directions (from and to the internal network).  Filtering rules are based on information contained in a network packet:  Source IP address: The IP address of the system that originated the IP packet (e.g., 192.178.1.1)  Destination IP address: The IP address of the system the IP packet is trying to reach (e.g., 192.168.1.2)  Source and destination port address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET 14
  • 15. 15 Packet Filtering Firewalls  Packet-filtering Router…  Many network routers have the ability to perform some firewall services.  Filtering firewalls can be thought of as a type of router
  • 16. Application Level Gateway  Also called proxy server  Acts as a relay of application-level traffic  Proxy Services  Application that mediates traffic between a protected network and the internet  Able to understand the application protocol being utilized and implement protocol specific security  Protocols include: FTP, HTTP, Telnet etc 16
  • 17. Application Level Gateway 17  Use an application specific gateway / proxy  Has full access to protocol  user requests service from proxy  proxy validates request as legal  then actions request and returns result to user  need separate proxies for each service
  • 18. Circuit Level Gateway 18 They are used for TCP connections to observe handshaking between packets to ensure a requested session is legitimate.
  • 19. Circuit Level Gateway  Normally, it would store the following information:  a unique session identifier,  the state of the connection (i.e., handshake established or closing),  sequencing information,  source or destination IP address, and  the physical network interface through which the packet arrives or departs.  The firewall then checks to see:  if the sending host has permission to send to the destination, and  the receiving host has permission to receive from the sender.  If the connection is acceptable, all packets are routed through the firewall with no more security tests. 19
  • 20. Circuit Level Gateway  Doesn’t permit an end-to-end TCP connection.  The gateway sets up two TCP connections:  one between itself and a TCP user on an inner host and  one between itself and a TCP user on an outside host.  once created usually relays traffic without examining contents  SOCKS commonly used for this 20
  • 22. Proxy Server  Proxy Server is a computer program that acts as an intermediary between a web browser and a web server.  To give users rapid access to popular web destinations.  Internet Service Providers use proxy servers as “holding bins" to store frequently requested pages,  rather than going out and fetching them repeatedly from the Net (Eg, www.google.com.et)  Proxy server is also used to control and monitor outbound traffic. 22
  • 23. 23 Web caches (proxy server)  user sets browser: Web accesses via cache  browser sends all HTTP requests to cache  object in cache: cache returns object  else cache requests object from origin server, then returns object to client Goal: satisfy client request without involving origin server client Proxy server client origin server origin server
  • 24. How Proxy Servers Work  Function as a software , forwarding data between internal and external hosts  Focus on the port each service uses  Screen all traffic into and out of each port  Decide whether to block or allow traffic based on rules  Add time to communications, but in return, they:  Conceal clients  Translate network addresses (NAT)  Filter content 24
  • 25. 25 Steps Involved in a Proxy Transaction 1. Internal host makes request to access a Web site 2. Request goes to proxy server, which examines header and data of the packet against rule base 3. Proxy server recreates packet in its entirety with a different source IP address 4. Proxy server sends packet to destination; packet appears to come from proxy server 5. Returned packet is sent to proxy server, which inspects it again and compares it against its rule base 6. Proxy server rebuilds returned packet and sends it to originating computer; packet appears to come from external host
  • 26. How Proxy Servers Differ from Packet Filters  Scan entire data part of IP packets and create more detailed log file listings  Rebuild packet with new source IP information  covers internal users from outside users  Caches data 26
  • 27. Goals of Proxy Servers  Conceal internal clients  Block URLs  Block and filter content  Protect e-mail proxy  Improve performance  Ensure security  Provide user authentication  Redirect URLs 27
  • 28. Concealing Internal Clients  Network appears as a single machine  If external users cannot detect hosts on your internal network, they cannot initiate an attack against these hosts  Proxy server receives requests as though it were the destination server,  then completely regenerates a new request, which is sent to its destination 28
  • 29. Concealing Internal Clients 29 Demilitarized zone • A DMZ is part of a network on which you place servers that must be accessible by sources both outside and inside your network. • However, the DMZ is not connected directly to either network, and it must always be accessed through the firewall. • By using a DMZ, you can create an additional step that makes it more difficult for an intruder to gain access to the internal network. A proxy server makes all communication come from a single gateway
  • 30. Blocking URLs  An attempt to keep employees from visiting unsuitable Web sites  An unreliable practice;  users can use the IP address that corresponds to the URL 30 NetProxy lets you block URLs based on domain name
  • 31. Blocking and Filtering Content  Can block and strip out Java applets or ActiveX controls  Can delete executable files attached to e-mail messages  Can filter out content based on rules that contain a variety of parameters (eg, time, IP address, port number) 31
  • 32. E-Mail Proxy Protection  External e-mail users never interact directly with internal hosts 32 E-mail protection with a proxy SMTP server
  • 33. Ensuring Security with Log Files  Log file  Text file set up to store information about access to networked resources  Can ensure effectiveness of firewall  Detect intrusions  Uncover weaknesses  Provide documentation 33 Select only the most critical services and events to log
  • 34. Providing User Authentication  Enhances security  Most proxy servers can request users for username and password 34
  • 35. Creating Filter Rules  Allow certain hosts to bypass the proxy  Filter out URLs  Enable internal users to send outbound requests only at certain times  Govern length of time a session can last 35
  • 36. Proxy Server Configuration Considerations  Scalability issues  Add multiple proxy servers to the same network connection  Need to configure each piece of client software that will use the proxy server  Need to have a separate proxy service available for each network protocol (HTTP,TELNET,SMTP,…)  Need to create packet filter rules  Security vulnerabilities  Single point of failure  Buffer overflow 36
  • 37. Working with Client Configurations 37 Each client on the network must be configured to access the proxy server
  • 38. Working with Service Configurations 38 Each service needs to be configured to use a proxy server
  • 39. Proxy Server-Based Firewalls  Firewalls based on proxy servers:  TIS  T.REX  Squid  SOCKS  WinGate  Symantec Enterprise Firewall  Microsoft Internet Security & Acceleration Server  Choice depends on your platform and the number of hosts and services you need to protect 39
  • 41. 41 Intrusion Detection  IDSs prepare for and deal with attacks by collecting information from a variety of system and network sources, then analyzing the symptoms of security problems  IDSs serve three essential security functions; monitor, detect and respond to unauthorized activity  IDS can also response automatically (in real- time) to a security breach event such as logging off a user, disabling a user account and launching of some scripts
  • 42. Intrusion Detection…  Firewalls generally don’t detects internal attacks or attacks once the system is compromised  An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches  It detects both intrusions and misuse  Intrusion detection functions include  Monitoring and analyzing both user and system activities  Analyzing system configurations and vulnerabilities  Assessing system and file integrity  Ability to recognize patterns typical of attacks  Analysis of abnormal activity patterns  Tracking user policy violations 42
  • 43. 43 Intrusion Detection…  Uses “intrusion signatures”  Well known patterns of behavior  Ping sweeps, port scanning, web server indexing, OS fingerprinting, DoS attempts, etc.  Example  IRIX vulnerability in webdist.cgi  Can make a rule to drop packets containing the line  “/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd”  However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring
  • 44. Components of Intrusion Detection System Audit Data Preprocessor Audit Records Activity Data Detection Models Detection Engine Alarms Decision Table Decision Engine Action/Report system activities are observable normal and intrusive activities have distinct evidence
  • 45. Intrusion Detection Approaches  Modeling  Features: evidences extracted from audit data  Analysis approach: piecing the evidences together  Misuse detection (signature-based)  Anomaly detection (statistical-based)  Deployment: Network-based or Host-based  Network based: monitor network traffic  Host based: monitor computer processes
  • 46. Signature based IDS  This IDS possess an attacked description that can be matched to sensed attack manifestations.  The question of what information is relevant to an IDS depends upon what it is trying to detect.  E.g DNS, FTP etc.
  • 47. Signature based IDS (contd.)  ID system is programmed to interpret a certain series of packets, or a certain piece of data contained in those packets as an attack.  For example, an IDS that watches web servers might be programmed to look for the string “phf” as an indicator of a CGI program attack.  Most signature analysis systems are based off of simple pattern matching algorithms.  In most cases, the IDS simply looks for a sub string within a stream of data carried by network packets. When it finds this sub string (for example, the ``phf'' in ``GET /cgi-bin/phf?''), it identifies those network packets as vehicles of an attack.
  • 48. Signature based IDS (contd.) Intrusion Patterns: Sequences of system calls, patterns of network traffic, etc. activities pattern matching intrusion Can’t detect new attacks E.g: if (traffic contains “x90+de[^rn]{30}”) then “attack detected” Advantage: Mostly accurate.
  • 49. Drawbacks of Signature based IDS  They are unable to detect novel attacks.  Suffer from false alarms  Have to programmed again for every new pattern to be detected.
  • 50. Anomaly based IDS  It detect both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.  The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation.  Anomaly detection systems consist of the training phase and testing phase  Most often uses artificial intelligence type techniques  The primary strength is its ability to recognize novel attacks.
  • 51. Drawbacks of Anomaly detection IDS  Assumes that intrusions will be accompanied by manifestations that are sufficiently unusual so as to permit detection.  These generate many false alarms and hence compromise the effectiveness of the IDS.
  • 52. Host-Based IDSs  Use OS auditing and monitoring/analysis mechanisms to find malware  Can execute full static and dynamic analysis of a program  Monitor shell commands and system calls executed by user applications and system programs  Has the most comprehensive program info for detection, thus accurate  Problems:  User dependent: install/update IDS on all user machines!  If attacker takes over machine, can tamper with IDS binaries and modify audit logs  Only local view of the attack
  • 53. Network IDSs  Deploying sensors at strategic locations  For example, Packet sniffing via tcpdump at routers  Inspecting network traffic  Watch for violations of protocols and unusual connection patterns  Look into the packet payload for malicious code  Limitations  Cannot execute the payload or do any code analysis !  Record and process huge amount of traffic  May be easily defeated by encryption, but can be mitigated with encryption only at the gateway/proxy