Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Security


Published on

OLFU-CCS September 22 2009
Computer Network Seminar
Network Security
Percival P. Papina Jr.

  • Network Security Through Data Analysis: Building Situational Awareness ---
    Are you sure you want to  Yes  No
    Your message goes here
  • The Network Security Test Lab: A Step-by-Step Guide ---
    Are you sure you want to  Yes  No
    Your message goes here
  • Network Security For Dummies ---
    Are you sure you want to  Yes  No
    Your message goes here
  • thanku
    Are you sure you want to  Yes  No
    Your message goes here
  • thanku so much
    Are you sure you want to  Yes  No
    Your message goes here

Network Security

  1. 1. Tuesday, September 22, 2009 [email_address]
  2. 2. <ul><li>Why is Network Security Important? </li></ul><ul><li>Common Security Threats </li></ul><ul><li>Types of Network Attack </li></ul><ul><li>General Mitigation Techniques </li></ul>Tuesday, September 22, 2009 [email_address]
  3. 3. <ul><li>Computer networks have grown in both size and importance in a very short time. </li></ul><ul><li>If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. </li></ul><ul><li>To make the situation even more challenging, the types of potential threats to network security are always evolving. </li></ul>Tuesday, September 22, 2009 [email_address]
  4. 4. <ul><li>It refers to any activities designed to protect your network. </li></ul><ul><li>Specifically, these activities protect the usability, reliability, integrity, and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network. </li></ul>Tuesday, September 22, 2009 [email_address]
  5. 5. <ul><li>Over the years, network attack tools and methods have evolved. As shown in the figure, in 1985 an attacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks. </li></ul><ul><li>As time went on, and attackers' methods and tools improved, attackers no longer required the same level of sophisticated knowledge. This has effectively lowered the entry-level requirements for attackers. People who previously would not have participated in computer crime are now able to do so. </li></ul>Tuesday, September 22, 2009 [email_address]
  6. 6. Tuesday, September 22, 2009 [email_address]
  7. 7. <ul><li>Threat - an action or event that might compromise security. It represents a potential risk to a computer or system. </li></ul><ul><li>Vulnerability - the existence of a weakness in a design or configuration that can lead to an exploitation or some other unwanted and unexpected event that can compromise the security of a system. </li></ul><ul><li>Target of Evaluation - this is the system that needs to be tested, or evaluated to see if it has vulnerabilities. </li></ul><ul><li>Attack - An actual assault on a system. </li></ul><ul><li>Exploit - A way to compromise the security of a system, usually a proof of concept about a vulnerability. </li></ul>Tuesday, September 22, 2009 [email_address]
  8. 8. <ul><li>Hacker – A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. </li></ul><ul><li>Cracker – A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent. </li></ul>Tuesday, September 22, 2009 [email_address]
  9. 9. <ul><li>White hat – an individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. </li></ul><ul><li>Black hat – Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. </li></ul><ul><li>Gray hat – individual who works both offensively and defensively at various time </li></ul>Tuesday, September 22, 2009 [email_address]
  10. 10. <ul><li>Phreaker – An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. </li></ul><ul><li>Spammer – An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. </li></ul><ul><li>Phisher – Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information. </li></ul>Tuesday, September 22, 2009 [email_address]
  11. 11. <ul><li>Integrity : guaranteeing that the data are those that they are believed to be. </li></ul><ul><li>Confidentiality : ensuring that only authorised individuals have access to the resources being exchanged. </li></ul><ul><li>Availability : guaranteeing the information system's proper operation. </li></ul><ul><li>Authentication : ensuring that only authorized individuals have access to the resources. </li></ul>Tuesday, September 22, 2009 [email_address]
  12. 12. <ul><li>Reconnaissance </li></ul><ul><ul><li>Which can be Active or Passive in nature </li></ul></ul><ul><li>Host or Target Scanning </li></ul><ul><ul><li>Live system detection </li></ul></ul><ul><ul><li>Port Scanning </li></ul></ul><ul><li>Gaining access </li></ul><ul><ul><li>Operating system level/ application level </li></ul></ul><ul><ul><li>Network level </li></ul></ul><ul><ul><li>Denial of service if otherwise unsuccessful </li></ul></ul><ul><li>Then Maintaining access </li></ul><ul><ul><li>By using backdoor or Trojan programs </li></ul></ul><ul><li>Finally, covering their attacks </li></ul>Tuesday, September 22, 2009 [email_address]
  13. 13. <ul><li>Why is Network Security Important? </li></ul><ul><li>Common Security Threats </li></ul><ul><li>Types of Network Attack </li></ul><ul><li>General Mitigation Techniques </li></ul>Tuesday, September 22, 2009 [email_address]
  14. 14. <ul><li>Vulnerabilities </li></ul><ul><li>Treats to Physical Infrastructure </li></ul><ul><li>Threats to Networks </li></ul><ul><li>Social Engineering </li></ul>Tuesday, September 22, 2009 [email_address]
  15. 15. <ul><li>Vulnerability is the degree of weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices. </li></ul><ul><li>There are three primary vulnerabilities or weaknesses: </li></ul><ul><ul><li>Technological weaknesses </li></ul></ul><ul><ul><li>Configuration weaknesses </li></ul></ul><ul><ul><li>Security policy weaknesses </li></ul></ul>Tuesday, September 22, 2009 [email_address]
  16. 16. <ul><li>Technology weakness – Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol, operating system, and network equipment weaknesses. </li></ul><ul><li>Configuration weakness – Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate. </li></ul><ul><li>Policy weakness – Security risks to the network exist if users do not follow the security policy. Some common security policy weaknesses and how those weaknesses are exploited are listed in the figure. </li></ul>Tuesday, September 22, 2009 [email_address]
  17. 17. <ul><li>When you think of network security, or even computer security, you may imagine attackers exploiting software vulnerabilities. A less glamorous, but no less important, class of threat is the physical security of devices. An attacker can deny the use of network resources if those resources can be physically compromised. </li></ul>Tuesday, September 22, 2009 [email_address]
  18. 18. <ul><li>Unstructured Threats –consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers. </li></ul><ul><li>Structured Threats –these people know system vulnerabilities and use sophisticated hacking techniques to penetrate unsuspecting businesses. </li></ul><ul><li>External threats can arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers. </li></ul><ul><li>Internal threats occur when someone has authorized access to the network with either an account or physical access. </li></ul>Tuesday, September 22, 2009 [email_address]
  19. 19. <ul><li>The easiest hack involves no computer skill at all. If an intruder can trick a member of an organization into giving over valuable information, such as the location of files or passwords, the process of hacking is made much easier. </li></ul>Tuesday, September 22, 2009 [email_address] Kevin Mitnick
  20. 20. <ul><li>Why is Network Security Important? </li></ul><ul><li>Common Security Threats </li></ul><ul><li>Types of Network Attack </li></ul><ul><li>General Mitigation Techniques </li></ul>Tuesday, September 22, 2009 [email_address]
  21. 21. <ul><li>Reconnaissance </li></ul><ul><li>Access </li></ul><ul><li>Denial of Service </li></ul><ul><li>Virus – worms, trojan and other malicious software </li></ul>Tuesday, September 22, 2009 [email_address]
  22. 22. <ul><li>Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. </li></ul><ul><li>Access - System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. </li></ul><ul><li>Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. </li></ul><ul><li>Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses. </li></ul>Tuesday, September 22, 2009 [email_address]
  23. 23. <ul><li>Reconnaissance attacks can consist of the following: </li></ul><ul><ul><li>Internet information queries </li></ul></ul><ul><ul><li>Ping sweeps </li></ul></ul><ul><ul><li>Port scans </li></ul></ul><ul><ul><li>Packet sniffers </li></ul></ul><ul><li>Network snooping and packet sniffing are common terms for eavesdropping. </li></ul><ul><li>Two common uses of eavesdropping are as follows: </li></ul><ul><ul><li>Information gathering –Network intruders can identify usernames, passwords, or information carried in a packet. </li></ul></ul><ul><ul><li>Information theft –The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access. Examples include breaking into or eavesdropping on financial institutions and obtaining credit card numbers . </li></ul></ul>Tuesday, September 22, 2009 [email_address]
  24. 24. <ul><li>Using switched networks instead of hubs so that traffic is not forwarded to all endpoints or network hosts. </li></ul><ul><li>Using encryption that meets the data security needs of the organization without imposing an excessive burden on system resources or users. </li></ul><ul><li>Implementing and enforcing a policy directive that forbids the use of protocols with known susceptibilities to eavesdropping. For example, SNMP version 3 can encrypt community strings, so a company could forbid using SNMP version 1, but permit SNMP version 3. </li></ul>Tuesday, September 22, 2009 [email_address]
  25. 25. <ul><li>Password attacks can be implemented using a packet sniffer to yield user accounts and passwords that are transmitted as clear text. Password attacks usually refer to repeated attempts to log in to a shared resource, such as a server or router, to identify a user account, password, or both. These repeated attempts are called dictionary attacks or brute-force attacks . </li></ul><ul><li>Trust exploitation attack is to compromise a trusted host. If a host in a network of a company is protected by a firewall (inside host), but is accessible to a trusted host outside the firewall (outside host), the inside host can be attacked through the trusted outside host. </li></ul><ul><li>TRUST EXPLOITATION ATTACK </li></ul>Tuesday, September 22, 2009 [email_address] Password attacks
  26. 26. <ul><li>A man-in-the-middle (MITM) attack is carried out by attackers that manage to position themselves between two legitimate hosts. The attacker may allow the normal transactions between hosts to occur, and only periodically manipulate the conversation between the two. </li></ul>Tuesday, September 22, 2009 [email_address]
  27. 27. <ul><li>Other sorts of MITM attacks are potentially even more harmful. If attackers manage to get into a strategic position, they can steal information, hijack an ongoing session to gain access to private network resources, conduct DoS attacks, corrupt transmitted data, or introduce new information into network sessions. </li></ul><ul><li>WAN MITM attack mitigation is achieved by using VPN tunnels , which allow the attacker to see only the encrypted, undecipherable text. </li></ul><ul><li>LAN MITM attacks use such tools as ettercap and ARP poisoning. Most LAN MITM attack mitigation can usually be mitigated by configuring port security on LAN switches. </li></ul>Tuesday, September 22, 2009 [email_address]
  28. 28. <ul><li>DoS attacks prevent authorized people from using a service by using up system resources. Such as : </li></ul><ul><ul><li>Ping of death - A ping is normally 64 or 84 bytes, while a ping of death could be up to 65,536 bytes. </li></ul></ul><ul><ul><li>SYN Flood –A SYN flood attack exploits the TCP three-way handshake. It involves sending multiple SYN requests (1,000+) to a targeted server. </li></ul></ul><ul><ul><li>Distributed DoS ( DDoS ) attacks are designed to saturate network links with illegitimate data. This data can overwhelm an Internet link, causing legitimate traffic to be dropped. </li></ul></ul><ul><ul><li>The Smurf attack –uses spoofed broadcast ping messages to flood a target system. I </li></ul></ul>Tuesday, September 22, 2009 [email_address]
  29. 29. Tuesday, September 22, 2009 [email_address]
  30. 30. <ul><li>DoS and DDoS attacks can be mitigated by implementing special anti-spoof and anti-DoS access control lists . </li></ul><ul><li>ISPs can also implement traffic rate, limiting the amount of nonessential traffic that crosses network segments. </li></ul><ul><li>A common example is to limit the amount of ICMP traffic that is allowed into a network, because this traffic is used only for diagnostic purposes. </li></ul>Tuesday, September 22, 2009 [email_address]
  31. 31. <ul><li>The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks. </li></ul><ul><ul><li>A worm executes code and installs copies of itself in the memory of the infected computer, which can, in turn, infect other hosts. </li></ul></ul><ul><ul><li>A virus ( Vital Information Resources Under-Siege ) is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation. </li></ul></ul><ul><ul><li>A Trojan horse is different from a worm or virus only in that the entire application was written to look like something else, when in fact it is an attack tool. </li></ul></ul>Tuesday, September 22, 2009 [email_address]
  32. 32. <ul><li>The following are the recommended steps for worm attack mitigation: </li></ul><ul><ul><li>Containment –Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network. </li></ul></ul><ul><ul><li>Inoculation – Start patching all systems and, if possible, scanning for vulnerable systems. </li></ul></ul><ul><ul><li>Quarantine –Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network. </li></ul></ul><ul><ul><li>Treatment –Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system. </li></ul></ul>Tuesday, September 22, 2009 [email_address]
  33. 33. <ul><li>Why is Network Security Important? </li></ul><ul><li>Common Security Threats </li></ul><ul><li>Types of Network Attack </li></ul><ul><li>General Mitigation Techniques </li></ul>Tuesday, September 22, 2009 [email_address]
  34. 34. <ul><li>Host and Server Based Security </li></ul><ul><li>Intrusion Detection and Prevention r Based Security Common Security </li></ul><ul><li>Appliances and Applications </li></ul>Tuesday, September 22, 2009 [email_address]
  35. 35. <ul><li>There are some simple steps that should be taken that apply to most operating systems: </li></ul><ul><ul><li>Default usernames and passwords should be changed immediately. </li></ul></ul><ul><ul><li>Access to system resources should be restricted to only the individuals that are authorized to use those resources. </li></ul></ul><ul><ul><li>Any unnecessary services and applications should be turned off and uninstalled, when possible. </li></ul></ul><ul><li>Install host antivirus software to protect against known viruses. </li></ul><ul><li>Install Personal Firewall to prevent attacks on PCs. </li></ul><ul><li>Install Operating System Patches </li></ul>Tuesday, September 22, 2009 [email_address]
  36. 36. <ul><li>Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console. </li></ul><ul><li>Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following active defense mechanisms in addition to detection: </li></ul><ul><ul><li>Prevention –Stops the detected attack from executing. </li></ul></ul><ul><ul><li>Reaction –Immunizes the system from future attacks from a malicious source. </li></ul></ul><ul><li>Host-based intrusion prevention system (HIPS), actually stops the attack, prevents damage, and blocks the propagation of worms and viruses. HIPS software must be installed on each host, either the server or desktop, to monitor activity performed on and against the host. </li></ul>Tuesday, September 22, 2009 [email_address]
  37. 37. <ul><li>Threat control –Regulates network access, isolates infected systems, prevents intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are: </li></ul><ul><ul><li>Cisco ASA 5500 Series Adaptive Security Appliances </li></ul></ul><ul><ul><li>Integrated Services Routers (ISR) </li></ul></ul><ul><ul><li>Network Admission Control </li></ul></ul><ul><ul><li>Cisco Security Agent for Desktops </li></ul></ul><ul><ul><li>Cisco Intrusion Prevention Systems </li></ul></ul><ul><li>The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. </li></ul><ul><li>Cisco Security Agent software provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. CSA defends these systems against targeted attacks, spyware, rootkits, and day-zero attacks. </li></ul>Tuesday, September 22, 2009 [email_address]
  38. 38. Tuesday, September 22, 2009 [email_address]
  39. 39. Tuesday, September 22, 2009 [email_address]