SlideShare a Scribd company logo

Cyber security tutorial2

Download as PPTX, PDF
sweta dargad
sweta dargad

Tutorial 2 - Network Defense Tools

Education
1 of 41
CYBER SECURITY-TUTORIAL2 FROM: SWETA DARGAD ASSISTANT PROFESSOR NTC
NETWORK DEFENCE TOOLS • 1. Explain what is a computer network . • 2. Explain what is a firewall. • 3. List types of firewalls and explain in breif. • 4. Difference between Packet Filter and Firewall • 5. Write difference between stateless and statefull firewall. • 6. Explain what is NAT. • 7. What is port forwarding. • 8. Difference between windows firewall and linux firewall • 9. What is Intrution detection system
WHAT IS A COMPUTER NETWORK A computer network is a group of computer systems and other computing hardware devices that are linked together through communication channels to facilitate communication and resource-sharing among a wide range of users. 1. Local Area Networks (LAN) 2. Personal Area Networks (PAN) 3. Home Area Networks (HAN) 4. Wide Area Networks (WAN) 5. Campus Networks 6. Metropolitan Area Networks (MAN) 7. Enterprise Private Networks 8. Internetworks 9. Backbone Networks (BBN) 10. Global Area Networks (GAN) 11. The Internet
NETWORKS ARE USED TO 1. Facilitate communication via email, video conferencing, instant messaging, etc. 2. Enable multiple users to share a single hardware device like a printer or scanner 3. Enable file sharing across the network 4. Allow for the sharing of software or operating programs on remote systems 5. Make information easier to access and maintain among network users
WHAT IS A FIREWALL A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behavior  Itself immune to penetration  Provides perimeter defence
FIREWALL
TYPES OF FIREWALLS  Packet filtering  Application gateways/Proxy Firewalls:  Circuit gateways/ Network layer Firewalls  Unified threat management
FIREWALLS – PACKET FILTERS
FIREWALLS – PACKET FILTERS  Simplest of components  Uses transport-layer information only  IP Source Address, Destination Address  Protocol/Next Header (TCP, UDP, ICMP, etc)  TCP or UDP source & destination ports  TCP Flags (SYN, ACK, FIN, RST, PSH, etc)  ICMP message type  Examples  DNS uses port 53  No incoming port 53 packets except known trusted servers
USAGE OF PACKET FILTERS • Filtering with incoming or outgoing interfaces • E.g., Ingress filtering of spoofed IP addresses • Egress filtering • Permits or denies certain services • Requires intimate knowledge of TCP and UDP port utilization on a number of operating systems
Every ruleset is followed by an implicit rule reading like this. Example 1: Suppose we want to allow inbound mail (SMTP, port 25) but only to our gateway machine. Also suppose that mail from some particular site SPIGOT is to be blocked.
Solution 1: Example 2: Now suppose that we want to implement the policy “any inside host can send mail to the outside”.
Solution 2: This solution allows calls to come from any port on an inside machine, and will direct them to port 25 on the outside. Simple enough… So why is it wrong?
 The ACK signifies that the packet is part of an ongoing conversation  Packets without the ACK are connection establishment messages, which we are only permitting from internal hosts
SECURITY & PERFORMANCE OF PACKET FILTERS  IP address spoofing  Fake source address to be trusted  Add filters on router to block  Tiny fragment attacks  Split TCP header info over several tiny packets  Either discard or reassemble before check  Degradation depends on number of rules applied at any point  Order rules so that most common traffic is dealt with first  Correctness is more important than speed
FIREWALLS – STATEFUL PACKET FILTERS  Traditional packet filters do not examine higher layer context  ie matching return packets with outgoing flow  Stateful packet filters address this need  They examine each IP packet in context  Keep track of client-server sessions  Check each packet validly belongs to one  Hence are better able to detect bogus packets out of context
STATEFUL FILTERING
PROXY FIREWALLS • A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. A proxy firewall may also be called an application firewall or gateway firewall.
FIREWALL GATEWAYS  Firewall runs set of proxy programs  Proxies filter incoming, outgoing packets  All incoming traffic directed to firewall  All outgoing traffic appears to come from firewall  Policy embedded in proxy programs  Two kinds of proxies  Application-level gateways/proxies  Tailored to http, ftp, smtp, etc.  Circuit-level gateways/proxies  Working on TCP level
FIREWALLS - APPLICATION LEVEL GATEWAY (OR PROXY)
APPLICATION-LEVEL FILTERING  Has full access to protocol  user requests service from proxy  proxy validates request as legal.  then actions request and returns result to user  Need separate proxies for each service  E.g., SMTP (E-Mail)  NNTP (Net news)  DNS (Domain Name System)  NTP (Network Time Protocol)  custom services generally not supported
APP-LEVEL FIREWALL ARCHITECTURE Daemon spawns proxy when communication detected … Network Connection Telnet daemon SMTP daemon FTP daemon Telnet proxy FTP proxy SMTP proxy
ENFORCE POLICY FOR SPECIFIC PROTOCOLS • E.g., Virus scanning for SMTP • Need to understand MIME, encoding, Zip archives
NETWORK LAYER FIREWALLS In Figure 1, a network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly-defended and secured strong-point that (hopefully) can resist attacks.
In figure 2, a network layer firewall called a ``screened subnet firewall'' is represented. In a screened subnet firewall, access to and from a whole network is controlled by means of a router operating at a network layer. It is similar to a screened host, except that it is, effectively, a network of screened hosts.
APPLICATION LAYER FIREWALLS  Application layer firewalls are hosts that run proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them.  Since proxy applications are simply software running on the firewall, it is a good place to do logging and access control.  Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other after having passed through an application that effectively masks the origin of the initiating connection.
DUAL-HOME GATEWAY In figure 3, an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it.
FIREWALLS AREN’T PERFECT? • Useless against attacks from the inside • Evildoer exists on inside • Malicious code is executed on an internal machine • Organizations with greater insider threat • Banks and Military • Protection must exist at each layer • Assess risks of threats at every layer • Cannot protect against transfer of all virus infected programs or files • because of huge range of O/S & file types
UNIFIED THREAT MANAGEMENT Unified Threat Management (UTM) is an all-in-one network security solution. UTM provides multiple security features (firewalling, intrusion prevention, anti-virus, etc.) without the complexity that comes with managing multiple security vendors.
PACKET FILTER  packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols.  The process is used in conjunction with packet mangling and Network Address Translation (NAT).  Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. FIREWALL  packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols.  The process is used in conjunction with packet mangling and Network Address Translation (NAT).  Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion.
NETWORK ADDRESS TRANSLATION • RFC-1631 • A short term solution to the problem of the depletion of IP addresses • Long term solution is IP v6 (or whatever is finally agreed on) • CIDR (Classless InterDomain Routing ) is a possible short term solution • NAT is another • NAT is a way to conserve IP addresses • Hide a number of hosts behind a single IP address • Use: • 10.0.0.0-10.255.255.255, • 172.16.0.0-172.32.255.255 or • 192.168.0.0-192.168.255.255 for local networks
Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address. NAT is necessary when the number of IP addresses assigned to you by your Internet Service Provider is less than the total number of computers that you wish to provide Internet access for.
PORT FORWARDING port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. 1. Local port forwarding 2. Remote port forwarding 3. Dynamic port forwarding
HACKING THROUGH NAT  Static Translation  offers no protection of internal hosts  Internal Host Seduction  internals go to the hacker  e-mail attachments – Trojan Horse virus’  peer-to-peer connections  hacker run porn and gambling sites  solution = application level proxies  State Table Timeout Problem  hacker could hijack a stale connection before it is timed out  very low probability but smart hacker could do it  Source Routing through NAT  if the hacker knows an internal address they can source route a packet to that host  solution is to not allow source routed packets through the firewall
TYPES OF FIREWALLS 1. Network layer firewalls: Network layer firewalls generally make their decisions based on the source address, destination address and ports in individual IP packets 2. Application layer firewalls: Application layer firewalls are hosts that run proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them. 3. Proxy firewalls Proxy firewalls offer more security than other types of firewalls, but at the expense of speed and functionality, as they can limit which applications the network supports. 4. Unified threat management A new category of network security products -- called unified threat management (UTM) -- promises integration, convenience and protection from pretty much every threat out there
INTRUTION DETECTION SYSTEM An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. 1. Anomaly Detection 2. Signature Based Detection
ALERTS • Burglar Alert/Alarm: A signal suggesting that a system has been or is being attacked. • Detection Rate: The detection rate is defined as the number of intrusion instances detected by the system (True Positive) divided by the total number of intrusion instances present in the test set. • False Alarm Rate: defined as the number of 'normal' patterns classified as attacks (False Positive) divided by the total number of 'normal' patterns. • ALERT TYPE:- • True Positive: : Attack - Alert • False Positive: : No attack - Alert • False Negative: : Attack - No Alert • True Negative: : No attack - No Alert
Cyber security tutorial2
Cyber security tutorial2

Recommended

Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall
FirewallFirewall
FirewallManikyala Rao
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
Firewalls
FirewallsFirewalls
FirewallsSonali Parab
 
Firewalls
FirewallsFirewalls
FirewallsIsrael Marcus
 

Recommended

Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall
FirewallFirewall
FirewallManikyala Rao
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
Firewalls
FirewallsFirewalls
FirewallsSonali Parab
 
Firewalls
FirewallsFirewalls
FirewallsIsrael Marcus
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
What is firewall
What is firewallWhat is firewall
What is firewallHarshana Jayarathna
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Firewalls
FirewallsFirewalls
FirewallsJyoti Akhter
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewallMhmud Khraibene
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configurationSoban Ahmad
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
Firewalls
FirewallsFirewalls
FirewallsAkhil Sharma
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)Bhargu Bhargavi
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 

More Related Content

What's hot

Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configurationSoban Ahmad
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 

What's hot (20)

Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewall
FirewallFirewall
Firewall
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configuration
 
Firewalls
FirewallsFirewalls
Firewalls
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 

Similar to Cyber security tutorial2

firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxVivekTripathi684438
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptRevanth71
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 

Similar to Cyber security tutorial2 (20)

Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
Firewall Firewall
Firewall
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Firewalls
FirewallsFirewalls
Firewalls
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Firewall
FirewallFirewall
Firewall
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
Firewalls
FirewallsFirewalls
Firewalls
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
 
Firewalls
FirewallsFirewalls
Firewalls
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network Defenses
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 

More from sweta dargad

RRD Tool and Network Monitoring
RRD Tool and Network MonitoringRRD Tool and Network Monitoring
RRD Tool and Network Monitoringsweta dargad
 
Architecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring SystemArchitecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring Systemsweta dargad
 
Snmp based network monitoring system
Snmp based network monitoring systemSnmp based network monitoring system
Snmp based network monitoring systemsweta dargad
 
Applications of RFID technology
Applications of RFID technologyApplications of RFID technology
Applications of RFID technologysweta dargad
 
Classifying Cybercrimes
Classifying CybercrimesClassifying Cybercrimes
Classifying Cybercrimessweta dargad
 
Open source nms’s
Open source nms’sOpen source nms’s
Open source nms’ssweta dargad
 

More from sweta dargad (10)

Sock Puppet.pptx
Sock Puppet.pptxSock Puppet.pptx
Sock Puppet.pptx
 
Stacks
StacksStacks
Stacks
 
RRD Tool and Network Monitoring
RRD Tool and Network MonitoringRRD Tool and Network Monitoring
RRD Tool and Network Monitoring
 
Architecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring SystemArchitecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring System
 
Snmp based network monitoring system
Snmp based network monitoring systemSnmp based network monitoring system
Snmp based network monitoring system
 
Applications of RFID technology
Applications of RFID technologyApplications of RFID technology
Applications of RFID technology
 
Classifying Cybercrimes
Classifying CybercrimesClassifying Cybercrimes
Classifying Cybercrimes
 
All about snmp
All about snmpAll about snmp
All about snmp
 
Open source nms’s
Open source nms’sOpen source nms’s
Open source nms’s
 
Cacti
CactiCacti
Cacti
 

Recently uploaded

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayMakMakNepo
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxsqpmdrvczh
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 

Recently uploaded (20)

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up Friday
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 

Cyber security tutorial2

  • 1. CYBER SECURITY-TUTORIAL2 FROM: SWETA DARGAD ASSISTANT PROFESSOR NTC
  • 2. NETWORK DEFENCE TOOLS • 1. Explain what is a computer network . • 2. Explain what is a firewall. • 3. List types of firewalls and explain in breif. • 4. Difference between Packet Filter and Firewall • 5. Write difference between stateless and statefull firewall. • 6. Explain what is NAT. • 7. What is port forwarding. • 8. Difference between windows firewall and linux firewall • 9. What is Intrution detection system
  • 3. WHAT IS A COMPUTER NETWORK A computer network is a group of computer systems and other computing hardware devices that are linked together through communication channels to facilitate communication and resource-sharing among a wide range of users. 1. Local Area Networks (LAN) 2. Personal Area Networks (PAN) 3. Home Area Networks (HAN) 4. Wide Area Networks (WAN) 5. Campus Networks 6. Metropolitan Area Networks (MAN) 7. Enterprise Private Networks 8. Internetworks 9. Backbone Networks (BBN) 10. Global Area Networks (GAN) 11. The Internet
  • 4.
  • 5. NETWORKS ARE USED TO 1. Facilitate communication via email, video conferencing, instant messaging, etc. 2. Enable multiple users to share a single hardware device like a printer or scanner 3. Enable file sharing across the network 4. Allow for the sharing of software or operating programs on remote systems 5. Make information easier to access and maintain among network users
  • 6. WHAT IS A FIREWALL A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behavior  Itself immune to penetration  Provides perimeter defence
  • 8. TYPES OF FIREWALLS  Packet filtering  Application gateways/Proxy Firewalls:  Circuit gateways/ Network layer Firewalls  Unified threat management
  • 10. FIREWALLS – PACKET FILTERS  Simplest of components  Uses transport-layer information only  IP Source Address, Destination Address  Protocol/Next Header (TCP, UDP, ICMP, etc)  TCP or UDP source & destination ports  TCP Flags (SYN, ACK, FIN, RST, PSH, etc)  ICMP message type  Examples  DNS uses port 53  No incoming port 53 packets except known trusted servers
  • 11. USAGE OF PACKET FILTERS • Filtering with incoming or outgoing interfaces • E.g., Ingress filtering of spoofed IP addresses • Egress filtering • Permits or denies certain services • Requires intimate knowledge of TCP and UDP port utilization on a number of operating systems
  • 12. Every ruleset is followed by an implicit rule reading like this. Example 1: Suppose we want to allow inbound mail (SMTP, port 25) but only to our gateway machine. Also suppose that mail from some particular site SPIGOT is to be blocked.
  • 13. Solution 1: Example 2: Now suppose that we want to implement the policy “any inside host can send mail to the outside”.
  • 14. Solution 2: This solution allows calls to come from any port on an inside machine, and will direct them to port 25 on the outside. Simple enough… So why is it wrong?
  • 15.  The ACK signifies that the packet is part of an ongoing conversation  Packets without the ACK are connection establishment messages, which we are only permitting from internal hosts
  • 16. SECURITY & PERFORMANCE OF PACKET FILTERS  IP address spoofing  Fake source address to be trusted  Add filters on router to block  Tiny fragment attacks  Split TCP header info over several tiny packets  Either discard or reassemble before check  Degradation depends on number of rules applied at any point  Order rules so that most common traffic is dealt with first  Correctness is more important than speed
  • 17. FIREWALLS – STATEFUL PACKET FILTERS  Traditional packet filters do not examine higher layer context  ie matching return packets with outgoing flow  Stateful packet filters address this need  They examine each IP packet in context  Keep track of client-server sessions  Check each packet validly belongs to one  Hence are better able to detect bogus packets out of context
  • 19. PROXY FIREWALLS • A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. A proxy firewall may also be called an application firewall or gateway firewall.
  • 20. FIREWALL GATEWAYS  Firewall runs set of proxy programs  Proxies filter incoming, outgoing packets  All incoming traffic directed to firewall  All outgoing traffic appears to come from firewall  Policy embedded in proxy programs  Two kinds of proxies  Application-level gateways/proxies  Tailored to http, ftp, smtp, etc.  Circuit-level gateways/proxies  Working on TCP level
  • 21. FIREWALLS - APPLICATION LEVEL GATEWAY (OR PROXY)
  • 22. APPLICATION-LEVEL FILTERING  Has full access to protocol  user requests service from proxy  proxy validates request as legal.  then actions request and returns result to user  Need separate proxies for each service  E.g., SMTP (E-Mail)  NNTP (Net news)  DNS (Domain Name System)  NTP (Network Time Protocol)  custom services generally not supported
  • 23. APP-LEVEL FIREWALL ARCHITECTURE Daemon spawns proxy when communication detected … Network Connection Telnet daemon SMTP daemon FTP daemon Telnet proxy FTP proxy SMTP proxy
  • 24. ENFORCE POLICY FOR SPECIFIC PROTOCOLS • E.g., Virus scanning for SMTP • Need to understand MIME, encoding, Zip archives
  • 25. NETWORK LAYER FIREWALLS In Figure 1, a network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly-defended and secured strong-point that (hopefully) can resist attacks.
  • 26. In figure 2, a network layer firewall called a ``screened subnet firewall'' is represented. In a screened subnet firewall, access to and from a whole network is controlled by means of a router operating at a network layer. It is similar to a screened host, except that it is, effectively, a network of screened hosts.
  • 27. APPLICATION LAYER FIREWALLS  Application layer firewalls are hosts that run proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them.  Since proxy applications are simply software running on the firewall, it is a good place to do logging and access control.  Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other after having passed through an application that effectively masks the origin of the initiating connection.
  • 28. DUAL-HOME GATEWAY In figure 3, an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it.
  • 29. FIREWALLS AREN’T PERFECT? • Useless against attacks from the inside • Evildoer exists on inside • Malicious code is executed on an internal machine • Organizations with greater insider threat • Banks and Military • Protection must exist at each layer • Assess risks of threats at every layer • Cannot protect against transfer of all virus infected programs or files • because of huge range of O/S & file types
  • 30. UNIFIED THREAT MANAGEMENT Unified Threat Management (UTM) is an all-in-one network security solution. UTM provides multiple security features (firewalling, intrusion prevention, anti-virus, etc.) without the complexity that comes with managing multiple security vendors.
  • 31. PACKET FILTER  packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols.  The process is used in conjunction with packet mangling and Network Address Translation (NAT).  Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. FIREWALL  packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols.  The process is used in conjunction with packet mangling and Network Address Translation (NAT).  Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion.
  • 32. NETWORK ADDRESS TRANSLATION • RFC-1631 • A short term solution to the problem of the depletion of IP addresses • Long term solution is IP v6 (or whatever is finally agreed on) • CIDR (Classless InterDomain Routing ) is a possible short term solution • NAT is another • NAT is a way to conserve IP addresses • Hide a number of hosts behind a single IP address • Use: • 10.0.0.0-10.255.255.255, • 172.16.0.0-172.32.255.255 or • 192.168.0.0-192.168.255.255 for local networks
  • 33. Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address. NAT is necessary when the number of IP addresses assigned to you by your Internet Service Provider is less than the total number of computers that you wish to provide Internet access for.
  • 34. PORT FORWARDING port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. 1. Local port forwarding 2. Remote port forwarding 3. Dynamic port forwarding
  • 35.
  • 36. HACKING THROUGH NAT  Static Translation  offers no protection of internal hosts  Internal Host Seduction  internals go to the hacker  e-mail attachments – Trojan Horse virus’  peer-to-peer connections  hacker run porn and gambling sites  solution = application level proxies  State Table Timeout Problem  hacker could hijack a stale connection before it is timed out  very low probability but smart hacker could do it  Source Routing through NAT  if the hacker knows an internal address they can source route a packet to that host  solution is to not allow source routed packets through the firewall
  • 37. TYPES OF FIREWALLS 1. Network layer firewalls: Network layer firewalls generally make their decisions based on the source address, destination address and ports in individual IP packets 2. Application layer firewalls: Application layer firewalls are hosts that run proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them. 3. Proxy firewalls Proxy firewalls offer more security than other types of firewalls, but at the expense of speed and functionality, as they can limit which applications the network supports. 4. Unified threat management A new category of network security products -- called unified threat management (UTM) -- promises integration, convenience and protection from pretty much every threat out there
  • 38. INTRUTION DETECTION SYSTEM An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. 1. Anomaly Detection 2. Signature Based Detection
  • 39. ALERTS • Burglar Alert/Alarm: A signal suggesting that a system has been or is being attacked. • Detection Rate: The detection rate is defined as the number of intrusion instances detected by the system (True Positive) divided by the total number of intrusion instances present in the test set. • False Alarm Rate: defined as the number of 'normal' patterns classified as attacks (False Positive) divided by the total number of 'normal' patterns. • ALERT TYPE:- • True Positive: : Attack - Alert • False Positive: : No attack - Alert • False Negative: : Attack - No Alert • True Negative: : No attack - No Alert