Downloaded 21 times
More Related Content
Network Security
- 1.
- 2. ďĄ Introduction ďĄ What is security? ďĄ Whydo we need security? ďĄ Common security attacks and countermeasures ď§ Firewalls ď§ Intrusion Detection Systems ď§ Denial of Service Attacks ďĄ Conclusion 2
- 3. ďĄ The term Securityrefers to a range from data protection to protect from unauthorized access.For each company is different, you might find some existing models, but it will always fit your case. ďĄ New threats emerge every month, quickly followed by new protection methods ,so it's a never ending task. 3
- 4. ď§ Freedom fromrisk or danger; safety. ď§ Freedom from doubt, anxiety, or fear; confidence. ď§ Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. 4
- 5. ďĄ Protect vital informationwhile still allowing access to those who need it ď§ Trade secrets, medical records, etc. ďĄ Provide authentication and access control for resources ď§ Ex: AFS ďĄ Guarantee availability of resources 5
- 6. ďĄ Finding a wayinto the network ď§ Firewalls ďĄ Exploiting software bugs, buffer overflows ď§ Intrusion Detection Systems ďĄ Denial of Service ď§ Ingress filtering, IDS ďĄ Packet sniffing ď§ Encryption (SSH, SSL, HTTPS) 6
- 7. ďĄ Basic problem âmany network applications and protocols have security problems that are fixed over time ď§ Difficult for users to keep up with changes and keep host secure ď§ Solution ⪠Administrators limit access to end hosts by using a firewall ⪠Firewall is kept up-to-date by administrators 7
- 8. ďĄ A firewall islike a castle with a drawbridge ď§ Only one point of access into the network ď§ This can be good or bad ďĄ Can be hardware or software ď§ Ex. Some routers come with firewall functionality 8
- 9. ďĄ Used to monitorfor âsuspicious activityâ on a network ď§ Can protect against known software exploits, like buffer overflows ďĄ Uses âintrusion signaturesâ ď§ Well known patterns of behavior ⪠Ping sweeps, port scanning, web server indexing, OS fingerprinting, DoS attempts, etc. ďĄ However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring 9
- 10. ďĄ Purpose: Make anetwork service unusable, usually by overloading the server or network ďĄ Many different kinds of DoS attacks ď§ SYN flooding ď§ SMURF 10
- 11. SYN flooding attack ďĄ SendSYN packets with bogus source address ď§ Why? ďĄ Server responds with SYN ACK and keeps state about TCP half-open connection ď§ Eventually, server memory is exhausted with this state ďĄ Solution: use âSYN cookiesâ ď§ In response to a SYN, create a special âcookieâ for the connection, and forget everything else ď§ Then, can recreate the forgotten information when the ACK comes in from a legitimate connection 11
- 12. Smurf attack ďĄ In aSmurf attack, the attacker sends ping requests directed to a broadcast address, with the source address of the IP datagram set to the address of the target system under attack (spoofed source address). ďĄ All systems within the broadcast domain will answer back to the target address, thus flooding the target system with ICMP traffic and causing network congestion => little or no bandwidth left for legitimate users. 12
- 13. ďĄ Security is avery difficult topic. Everyone has a different idea of what ``security'' is, and what levels of risk are acceptable. ďĄ The key for building a secure network is to define what security means to your organization . Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. ďĄ Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices. 13
- 14.