New internet security


Published on

firewalls,type of attacks,cybercrimes,solution!

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

New internet security

  1. 1. Internet Security Overview of Internet security
  2. 2. Presentation Content <ul><li>Internet and its Evolution. </li></ul><ul><li>Security. </li></ul><ul><li>Security constraints & computer security. </li></ul><ul><li>Technology. </li></ul><ul><li>Attack Types </li></ul>
  3. 3. What is Internet? <ul><li>Often confused with the World Wide Web, the term Internet actually refers to the combined collection of academic, commercial, and government networks connected over international telecommunication backbones and routed using IP addressing. </li></ul>
  4. 4. How did the Internet develop? <ul><li>The internet as we know it today is actually a very wide area network(WAN) connecting networks and computer’s </li></ul><ul><li>around the world . </li></ul><ul><li>It makes it possible for the millions of users to connect via telephone lines, cable lines,and satellites. </li></ul>
  5. 5. Evolution of Internet <ul><li>Internet was born in late 1960’s the use defence department linked together mainframe computers to form communications network . </li></ul>
  6. 6. Objectives of Department <ul><li>Create a communication system that could survive a nuclear attack or natural disaster. </li></ul><ul><li>Provide a communication link to its users in remote locations. </li></ul>
  7. 7. ARPANet <ul><li>Early version of internet was known as ARPANet. </li></ul><ul><li>Backbone: </li></ul><ul><li>Is a term used to describe a structure that handles the major traffic in a networked system,much like the highway. </li></ul><ul><li>Network Backbone: </li></ul><ul><li>is a “cyberspace highway” made up of highspeed cables and switching stations. </li></ul>
  8. 8. Internetworking <ul><li>The process of linkin a collections of networks is called internetworking. </li></ul><ul><li>This term is where internet got its name. </li></ul><ul><li>The term internet was officially adopted in 1983. </li></ul><ul><li>More commonly referred as the net. </li></ul>
  9. 9. InternetSecurity <ul><li>What is security? </li></ul><ul><li>Why do we need security? </li></ul><ul><li>Common security attacks and countermeasures </li></ul><ul><ul><li>Firewalls & Intrusion Detection Systems </li></ul></ul><ul><ul><li>Denial of Service Attacks </li></ul></ul><ul><ul><li>TCP Attacks </li></ul></ul><ul><ul><li>Packet Sniffing </li></ul></ul><ul><ul><li>Social Problems </li></ul></ul>
  10. 10. Security Concepts and types of attacks
  11. 11. What is “Security” <ul><li>Meaning of “security”: </li></ul><ul><ul><li>1. Freedom from risk or danger; safety. </li></ul></ul><ul><ul><li>2. Freedom from doubt, anxiety, or fear; confidence. </li></ul></ul><ul><ul><li>3. Something that gives or assures safety, as: </li></ul></ul><ul><ul><ul><li>1. A group or department of private guards: Call building security if a visitor acts suspicious. </li></ul></ul></ul><ul><ul><ul><li>2. Measures adopted by a government to prevent espionage, sabotage, or attack. </li></ul></ul></ul><ul><ul><ul><li>3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. </li></ul></ul></ul>
  12. 12. contd. <ul><li>Freedom from risk or danger;safety: </li></ul><ul><li>In other words, having systems in place beforehand which prevent attacks before they begin. </li></ul><ul><li>Freedom from doubt,fear,anxiety;confidence :Knowing that your system are safe and protected. </li></ul><ul><li>Something that assures safety: </li></ul>
  13. 13. Cont. <ul><li>This includes contingency plans for what to do when attackers strike, keeping up with the latest CERT advisories , </li></ul><ul><li>hiring network security consultants to find insecurities in your network, etc. </li></ul>
  14. 14. Why do we need security? <ul><li>Protect vital information while still allowing access to those who need it </li></ul><ul><ul><li>Trade secrets, medical records, etc. </li></ul></ul><ul><li>Provide authentication and access control for resources </li></ul><ul><ul><li>Ex: AFS </li></ul></ul><ul><li>Guarantee availability of resources </li></ul><ul><ul><li>Ex: 5 9’s (99.999% reliability) </li></ul></ul>
  15. 15. Common security attacks and their countermeasures <ul><li>Exploiting software bugs, buffer overflows </li></ul><ul><li>Finding a way into the network </li></ul><ul><ul><li>Firewalls </li></ul></ul><ul><ul><li>Intrusion Detection Systems </li></ul></ul><ul><li>Denial of Service </li></ul><ul><ul><li>Ingress filtering, IDS </li></ul></ul><ul><li>TCP hijacking </li></ul><ul><ul><li>IPSec </li></ul></ul><ul><li>Packet sniffing </li></ul><ul><ul><li>Encryption (SSH, SSL, HTTPS) </li></ul></ul><ul><li>Social problems:education </li></ul>
  16. 16. Firewalls <ul><li>Basic problem – many network applications and protocols have security problems that are fixed over time </li></ul><ul><ul><li>Difficult for users to keep up with changes and keep host secure </li></ul></ul><ul><ul><li>Solution </li></ul></ul><ul><ul><ul><li>Administrators limit access to end hosts by using a firewall </li></ul></ul></ul><ul><ul><ul><li>Firewall is kept up-to-date by administrators </li></ul></ul></ul>
  17. 17. Firewalls Intranet DMZ Internet Firewall Firewall Web server, email server, web proxy, etc
  18. 18. Firewalls <ul><li>Used to filter packets based on a combination of features </li></ul><ul><ul><li>These are called packet filtering firewalls </li></ul></ul><ul><ul><ul><li>There are other types too, but they will not be discussed </li></ul></ul></ul><ul><ul><li>Ex. Drop packets with destination port of 23 (Telnet) </li></ul></ul><ul><ul><li>Can use any combination of IP/UDP/TCP header information </li></ul></ul><ul><ul><li>man ipfw on unix47 for much more detail </li></ul></ul><ul><li>But why don’t we just turn Telnet off? </li></ul>
  19. 19. Firewalls <ul><li>Here is what a computer with a default Windows XP install looks like: </li></ul><ul><ul><li>135/tcp open loc-srv </li></ul></ul><ul><ul><li>139/tcp open netbios-ssn </li></ul></ul><ul><ul><li>445/tcp open microsoft-ds </li></ul></ul><ul><ul><li>1025/tcp open NFS-or-IIS </li></ul></ul><ul><ul><li>3389/tcp open ms-term-serv </li></ul></ul><ul><ul><li>5000/tcp open UPnP </li></ul></ul><ul><li>Might need some of these services, or might not be able to control all the machines on the network </li></ul>
  20. 20. <ul><li>What does a firewall rule look like? </li></ul><ul><ul><li>Depends on the firewall used </li></ul></ul><ul><li>Example: ipfw </li></ul><ul><ul><li>/sbin/ipfw add deny tcp from to telnet </li></ul></ul><ul><li>Other examples: WinXP & Mac OS X have built in and third party firewalls </li></ul><ul><ul><li>Different graphical user interfaces </li></ul></ul><ul><ul><li>Varying amounts of complexity and power </li></ul></ul>Firewalls
  21. 21. Intrusion Detection <ul><li>Used to monitor for “suspicious activity” on a network </li></ul><ul><ul><li>Can protect against known software exploits, like buffer overflows </li></ul></ul><ul><li>Open Source IDS: Snort, </li></ul>
  22. 22. <ul><li>We can run a dictionary attack on the passwords </li></ul><ul><ul><li>The passwords in /etc/passwd are encrypted with the crypt(3) function (one-way hash) </li></ul></ul><ul><ul><li>Can take a dictionary of words, crypt() them all, and compare with the hashed passwords </li></ul></ul><ul><li>That’s why your passwords should be meaningless. </li></ul>Dictionary Attack
  23. 23. Denial of Service <ul><li>Purpose: Make a network service unusable, usually by overloading the server or network. </li></ul>
  24. 24. Denial of Service
  25. 25. Denial of Service <ul><li>Mini Case Study – CodeRed </li></ul><ul><ul><li>July 19, 2001: over 359,000 computers infected with Code-Red in less than 14 hours </li></ul></ul><ul><ul><li>Used a recently known buffer exploit in Microsoft IIS </li></ul></ul><ul><ul><li>Damages estimated in excess of $2.6 billion </li></ul></ul>
  26. 26. How can we protect ourselves? <ul><ul><li>Ingress filtering </li></ul></ul><ul><ul><ul><li>If the source IP of a packet comes in on an interface which does not have a route to that packet, then drop it </li></ul></ul></ul><ul><ul><ul><li>RFC 2267 has more information about this </li></ul></ul></ul><ul><ul><li>Stay on top of CERT advisories and the latest security patches </li></ul></ul><ul><ul><ul><li>A fix for the IIS buffer overflow was released sixteen days before CodeRed had been deployed! </li></ul></ul></ul>
  27. 27. Security Types of security constraints
  28. 28. Security Constraint <ul><li>Identification </li></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Access control </li></ul><ul><li>Data Integrity </li></ul><ul><li>Confidentiality </li></ul><ul><li>Non-Repudiation </li></ul>
  29. 29. Identification <ul><li>Something which uniquely identifies a user and is called UserID. </li></ul><ul><li>Sometime users can select their ID as long as it is given too another user. </li></ul><ul><li>UserID can be one or combination of the following: </li></ul><ul><ul><li>User Name </li></ul></ul><ul><ul><li>User Student Number </li></ul></ul><ul><ul><li>User SSN </li></ul></ul>
  30. 30. Authentication <ul><li>The process of verifying the identity of a user </li></ul><ul><li>Typically based on </li></ul><ul><ul><li>Something user knows </li></ul></ul><ul><ul><ul><li>Password </li></ul></ul></ul><ul><ul><li>Something user have </li></ul></ul><ul><ul><ul><li>Key, smart card, disk, or other device </li></ul></ul></ul><ul><ul><li>Something user is </li></ul></ul><ul><ul><ul><li>fingerprint, voice, or retinal scans </li></ul></ul></ul>
  31. 31. Authentication cont. <ul><li>Authentication procedure </li></ul><ul><ul><ul><li>One-Way Authentication </li></ul></ul></ul><ul><ul><li>Two-Party Authentication </li></ul></ul><ul><ul><ul><li>Two-Way Authentication </li></ul></ul></ul><ul><ul><li>Third-Party Authentication </li></ul></ul><ul><ul><ul><li>Kerberos </li></ul></ul></ul><ul><ul><ul><li>X.509 </li></ul></ul></ul><ul><ul><li>Single Sign ON </li></ul></ul><ul><ul><ul><li>User can access several network resources by logging on once to a security system. </li></ul></ul></ul>
  32. 32. Authorization <ul><li>The process of assigning access rights to authenticated users. </li></ul>
  33. 33. What do we need to protect ? <ul><li>Data </li></ul><ul><li>Resources </li></ul><ul><li>Reputation </li></ul><ul><li>Private Information </li></ul><ul><li>Monetary Transactions </li></ul>
  34. 34. What is computer Security? <ul><li>Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as &quot;intruders&quot;) from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done . </li></ul>
  35. 35. Why should I care about security? <ul><li>We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs.  Although you may not consider your communications &quot;top secret,&quot; you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements). </li></ul>
  36. 36. Who would want to break into my computer? <ul><li>Intruders (hackers) who want to gain control of your computer to launch attack on other pc’s. </li></ul><ul><li>Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target. </li></ul>
  37. 37. Contd. <ul><li>Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data . </li></ul>
  38. 38. How easy is it to break into computer? <ul><li>Some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. </li></ul><ul><li>eg: chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them. </li></ul>
  39. 39. Technology <ul><li>Technologies in Internet. </li></ul>
  40. 40. What is Broadband? <ul><li>&quot;Broadband&quot; is the general term used to refer to high-speed network connections.  </li></ul><ul><li>Internet connections via cable modem and Digital Subscriber Line (DSL) are frequently referred to as broadband Internet connections. </li></ul><ul><li>&quot;Bandwidth&quot; is the term used to describe the relative speed of a network connection </li></ul><ul><li>for example, most current dial-up modems can support a bandwidth of 56 kbps (thousand bits per second). </li></ul>
  41. 41. What is cable modem access? <ul><li>A cable modem allows a single computer (or network of computers) to connect to the Internet via the cable TV network. The cable modem usually has an Ethernet LAN (Local Area Network) connection to the computer, and is capable of speeds in excess of 5 Mbps. </li></ul>
  42. 42. What is DSL access? <ul><li>Digital Subscriber Line (DSL) Internet connectivity, unlike cable modem-based service, provides the user with dedicated bandwidth. However, the maximum bandwidth available to DSL users is usually lower than the maximum cable modem rate because of differences in their respective network technologies. Also, the &quot;dedicated bandwidth&quot; is only dedicated between your home and the DSL provider's central office -- the providers offer little or no guarantee of bandwidth all the way across the Internet. </li></ul>
  43. 43. How is broadband access different from the network I use at work? <ul><li>Corporate and government networks are typically protected by many layers of security, ranging from network firewalls to encryption. In addition, they usually have support staff who maintain the security and availability of these network connections. </li></ul><ul><li>Although your ISP is responsible for maintaining the services they provide to you, you probably won’t have dedicated staff on hand to manage and operate your home network. You are ultimately responsible for your own computers. As a result, it is up to you to take reasonable precautions to secure your computers from accidental or intentional misuse . </li></ul>
  44. 44. What is at risk? <ul><li>Confidentiality - information should be available only to those who rightfully have access to it </li></ul><ul><li>Integrity -- information should be modified only by those who are authorized to do so </li></ul><ul><li>Availability -- information should be accessible to those who need it when they need it </li></ul>
  45. 45. Types of Attacks Attacks and solution
  46. 46. Types <ul><li>Trojan Horse </li></ul><ul><li>Denial of Service </li></ul><ul><li>Unprotected windows share </li></ul><ul><li>Email borne viruses </li></ul><ul><li>Email spoofing </li></ul><ul><li>Cross site scripting </li></ul><ul><li>Packet sniffing </li></ul><ul><li>Hidden file extentions </li></ul>
  47. 47. Trojan Horse <ul><li>Trojan horse programs are a common way for intruders to trick you into installing &quot;back door&quot; programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus. </li></ul>
  48. 48. Denial of service <ul><li>Another form of attack is called a denial-of-service (DoS) attack. This type of attack causes your computer to crash or to become so busy processing data that you are unable to use it. In most cases, the latest patches will prevent the attack. </li></ul>
  49. 49. Unprotected Windows share <ul><li>Unprotected Windows networking shares can be exploited by intruders in an automated way to place tools on large numbers of Windows-based computers attached to the Internet. </li></ul><ul><li>Because site security on the Internet is interdependent, a compromised computer not only creates problems for the computer's owner, but it is also a threat to other sites on the Internet. </li></ul>
  50. 50. Email Borne Virus <ul><li>Viruses and other types of malicious code are often spread as attachments to email messages. Before opening any attachments, be sure you know the source of the attachment. </li></ul><ul><li>For eg.Melissa virus is spread via email may disable anti virus software and sites may experience denial of service. </li></ul>
  51. 51. Email Spoofing <ul><li>Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. </li></ul><ul><li>Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords). </li></ul><ul><li>Eg.fake admin telling you to change password. </li></ul>
  52. 52. Cross Site Scripting <ul><li>A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry & then malicious code is transferred to your browser. </li></ul><ul><li>You can expose your web browser to malicious scripts by links on web,emails, </li></ul><ul><li>online discussion where users can post text containing html tags. </li></ul>
  53. 53. Packet Sniffing <ul><li>A packet sniffer is a program that captures data from information packets as they travel over the network. It may be username,passwords etc </li></ul><ul><li>With perhas thousands of passwords captured,intruders can launch widespread attack. </li></ul><ul><li>Cable modem users are at higher risk of exposure to sniffers,since entire…… </li></ul>
  54. 54. Cont. <ul><li>Entire neighbourhood of cable modem users are effectively part of the same LAN. </li></ul><ul><li>Thus a sniffer on one pc can capture data transmitted by other pc. </li></ul>
  55. 55. Hidden File Extension <ul><li>Windows operating systems contain an option to &quot;Hide file extensions for known file types&quot;. It is enable by default. </li></ul><ul><li>Email born viruses are known to exploit </li></ul><ul><li>hidden file extension. </li></ul><ul><li>The first major attack that took advantage of a hidden file extension was the VBS/LoveLetter worm with enmail attachment “LOVE-LETTER-FOR-YOU.TXT.VBS”. </li></ul>
  56. 56. Cyber Crime Introduction and Overview
  57. 57. What is CyberCrime? <ul><li>Criminal acts that are performed with the aid of a computer. Crimes that fit this category are identity theft, mischievous hacking, theft, and more. </li></ul><ul><li>In Short </li></ul><ul><li>• Computer is a target. </li></ul><ul><li>• Computer is a tool of crime </li></ul><ul><li>• Computer is incidental to crime </li></ul>
  58. 58. Why learn about CyberCrime? <ul><li>Because nowdays everybody is using computers from teenagers to white collar terrorist. </li></ul><ul><li>Conventional Crimes like forgery,extortion </li></ul><ul><li>kidnapping etc are being committed with the help of computer. </li></ul><ul><li>Most important-monetary transactions moving on the internet. </li></ul>
  59. 59. Profile of Cyber Criminal <ul><li>Disgruntled Employees </li></ul><ul><li>Teenagers </li></ul><ul><li>Political Hacktivist </li></ul><ul><li>Professional Hackers </li></ul><ul><li>Business Rival </li></ul><ul><li>Ex-boyfriend,husband etc </li></ul>
  60. 60. VICTIMS <ul><li>Innocent people. </li></ul><ul><li>Unlucky people </li></ul><ul><li>OverSmart people </li></ul><ul><li>Unskilled and Inexperienced people. </li></ul>
  61. 61. Computer Crimes are vulnerable <ul><li>Because off :- </li></ul><ul><li>Anonymiity,, </li></ul><ul><li>Computer’’s storage capaciity,, </li></ul><ul><li>Weakness iin Operatiing System,, </li></ul><ul><li>Lack off Awareness off user </li></ul>
  62. 62. Types of Cyber Crimes <ul><li>Hacking </li></ul><ul><li>Virus Dissemination </li></ul><ul><li>Net Extortion </li></ul><ul><li>Phising </li></ul><ul><li>Threatening </li></ul><ul><li>Salami Attack </li></ul>
  63. 63. Hacking <ul><li>Hacking in simple terms means illegal intrusion into computers without permission of user. </li></ul>
  64. 64. Virus Dissemination <ul><li>Malicious software that attaches to other software . (virus,worms,trojan horse,time bomb,logic bomb,Rabbit and bacterium are malicious softwares ) </li></ul>
  65. 65. Net Extortion <ul><li>Copying the company’’s confidential data in order to extort said company for huge amount.. </li></ul>
  66. 66. Phishing <ul><li>It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means </li></ul>
  67. 67. Threatening <ul><li>The criminal sents the threatning emails or comes in contact in chat rooms with victim . </li></ul><ul><li>( Anyone disgruntled may do this with boss,friend,official ) </li></ul>
  68. 68. Salami Attack <ul><li>In this crime criminal make such insignificant changes in such manner that’d go unnoticed. </li></ul><ul><li>Criminals make such program that deducts Rs 2.50 from A/c of all customer and deposit the same in his A/c.In such case no customer will approach bank for such small amount but they gain a huge. </li></ul>