This document discusses firewalls and network security. It begins by outlining common firewall topics and risks to networks like data theft and denial of service attacks. It then examines why firewalls are needed to secure networks and assets. The document outlines different types of firewalls like packet filters, proxy firewalls, and network address translation. It discusses strengths and weaknesses of each approach. Finally, it covers best practices for firewall deployment, configuration, auditing and trends in firewall technologies.
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
This presentation covers different attacks that can be leveraged against wireless networks using Enterprise (802.1x) authentication. Attendees will learn about and see demonstrations of these attacks, many of which can be used to reveal the credentials used to join the wireless network. The presentation concludes with recommendations on how to defend against these attacks.
Matt Neely (CISSP, CTGA, GCIH and GCWN) is the Profiling Team Manager at SecureState, a Cleveland Ohio based security consulting company. At SecureState, Matt and his team perform traditional penetration tests, physical penetration tests, web application security reviews and wireless security assessments. His research interests include the convergence of physical and logical security, cryptography and all things wireless. Matt is also a host on the Security Justice podcast.
There is no doubt that Intrusion Detection Systems should be incorporated into any security infrastructure, however today’s IDS implementations are far from perfect. Security Managers should continue to add layers to their defense strategy and not place too much reliance on this technology, as it’s not easy to create a system that can effectively flag an attack without crashing under the weight of its own logs, operate relatively maintenance free and respond appropriately to benign anomalous events without raising too many false alarms.
This session discusses some of the most common techniques aimed at evading IDS detection order to easily attack the infrastructure sitting behind those systems.
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
This presentation covers different attacks that can be leveraged against wireless networks using Enterprise (802.1x) authentication. Attendees will learn about and see demonstrations of these attacks, many of which can be used to reveal the credentials used to join the wireless network. The presentation concludes with recommendations on how to defend against these attacks.
Matt Neely (CISSP, CTGA, GCIH and GCWN) is the Profiling Team Manager at SecureState, a Cleveland Ohio based security consulting company. At SecureState, Matt and his team perform traditional penetration tests, physical penetration tests, web application security reviews and wireless security assessments. His research interests include the convergence of physical and logical security, cryptography and all things wireless. Matt is also a host on the Security Justice podcast.
There is no doubt that Intrusion Detection Systems should be incorporated into any security infrastructure, however today’s IDS implementations are far from perfect. Security Managers should continue to add layers to their defense strategy and not place too much reliance on this technology, as it’s not easy to create a system that can effectively flag an attack without crashing under the weight of its own logs, operate relatively maintenance free and respond appropriately to benign anomalous events without raising too many false alarms.
This session discusses some of the most common techniques aimed at evading IDS detection order to easily attack the infrastructure sitting behind those systems.
Network traffic analysis with cyber securityKAMALI PRIYA P
We are students from SRM University pursuing B.TECH in Computer Science Department. We took a small initiative to make a PPT about how network traffic can be analyzed through Cyber Security. We have also mentioned the known network analyzers and future scope for network traffic analysis with cyber security.
Implementing Cisco IOS Network Security (IINS). For a complete list of available network security training, visit the Security Training page.http://bit.ly/1Lgc2LW
Think network forensics is just for security? Not with today’s 10G (and tomorrow’s 40G/100G) traffic, not to mention new 802.11ac wireless networks with multi-gigabit data rates. Data is traversing these networks so quickly that detailed, real-time analysis is at best a challenge. Network forensics provides key real-time statistics while saving a complete, packet-level recording of all network activity. You don’t need to worry about capturing the problem – your network forensics solution already has, allowing you to go back in time and analyze any network, application, or security condition.
Secure your network - Segmentation and segregationMagnus Jansson
The defense in depth value of segmenting your network into different security zones is widely recognized and should be a part of every company’s security strategy. A properly segmented network will reduce the attack surface, limit an attacker’s potential to move laterally in the network, and strongly limiting the potential damage of a cyber-attack. However, segmenting your network is a major project and will change how you are managing your network.
APNIC's Internet Security Specialist Jamie Gillespie presents on APNIC's Vulnerability Reporting Program at the Bhutan Cybersecurity Week 2021, held online from 20 to 25 December 2021.
For a college class in Network Security Monitoring at CCSF.
Instructor: Sam Bowne
Course website: https://samsclass.info/50/50_F17.shtml
Based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Network traffic analysis with cyber securityKAMALI PRIYA P
We are students from SRM University pursuing B.TECH in Computer Science Department. We took a small initiative to make a PPT about how network traffic can be analyzed through Cyber Security. We have also mentioned the known network analyzers and future scope for network traffic analysis with cyber security.
Implementing Cisco IOS Network Security (IINS). For a complete list of available network security training, visit the Security Training page.http://bit.ly/1Lgc2LW
Think network forensics is just for security? Not with today’s 10G (and tomorrow’s 40G/100G) traffic, not to mention new 802.11ac wireless networks with multi-gigabit data rates. Data is traversing these networks so quickly that detailed, real-time analysis is at best a challenge. Network forensics provides key real-time statistics while saving a complete, packet-level recording of all network activity. You don’t need to worry about capturing the problem – your network forensics solution already has, allowing you to go back in time and analyze any network, application, or security condition.
Secure your network - Segmentation and segregationMagnus Jansson
The defense in depth value of segmenting your network into different security zones is widely recognized and should be a part of every company’s security strategy. A properly segmented network will reduce the attack surface, limit an attacker’s potential to move laterally in the network, and strongly limiting the potential damage of a cyber-attack. However, segmenting your network is a major project and will change how you are managing your network.
APNIC's Internet Security Specialist Jamie Gillespie presents on APNIC's Vulnerability Reporting Program at the Bhutan Cybersecurity Week 2021, held online from 20 to 25 December 2021.
For a college class in Network Security Monitoring at CCSF.
Instructor: Sam Bowne
Course website: https://samsclass.info/50/50_F17.shtml
Based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Utilización de las herramientas de búsqueda avanzadaAGROCALIDAD
Presentación en donde podras encontrar toda la información acerca del uso correcto de la busqueda avanzada en Google, asi como tambien el uso correcto de google académico y google books en busca de información.
Business Model Innovation by ExperimentationYoav Aviram
How to maximize learning and minimize risk
All new products start as a series of unvalidated assumptions. The most critical assumptions are usually implicit and relate to the purpose of the product and the value it is intended to deliver. The more key assumptions involved, the greater the risk. It is enough to have 7 key assumptions about which you are 90% certain for the combined odds of success to be below 50%.
Contrary to popular belief, when we know very little about a situation, it only takes a small amount of new data to realise significant insights.
Unfortunately, people often underestimate the value of information and misunderstand risk. As Product Owners we are often afraid to test our assumptions. We routinely pile on additional risk without a second thought.
Risk management is the bread and butter of the finance and insurance industries. Isn't it time we evolved?
In this fast paced and practical session we will explore answers to the following questions:
- What is risk and how do we quantify and manage it?
- How do we assess the value of information?
- How can experimentation reduce risk and where does it fit in the product development cycle?
- What makes a good experiment?
- How to run experiments in a cost effective manner?
- What are good metrics?
The presentation provides a topical overview of the areas to be looked at when conducting a Firewall, Router, or Switch configuration review. This presentation is based on a slide deck I prepared for an internal Learning & Growth session in March of 2014. More detailed material is available from the "References" slide.
This slide explains the design part as well as implementation part of the firewall. And also tells about the need of firewall and firewall capabilities.
THREATS are possible attacks.
It includes
The spread of computer viruses
Infiltration and theft of data from external hackers
Engineered network overloads triggered by malicious mass e-mailing
Misuse of computer resources and confidential information by employees
Unauthorized financial transactions and other kinds of computer fraud conducted in the company's name
Electronic inspection of corporate computer data by outside parties
Damage from failure, fire, or natural disasters
From Jisc's campus network engineering for data-intensive science workshop on 19 October 2016.
https://www.jisc.ac.uk/events/campus-network-engineering-for-data-intensive-science-workshop-19-oct-2016
A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. Packet filter is a hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol.
2. Firewall topics
• Why firewall?
• What is a firewall?
• What is the perfect firewall?
• What types of firewall are there?
• How do I defeat these firewalls?
• How should I deploy firewalls?
• What is good firewall architecture?
• Firewall trends.
3. What are the risks?
• Theft or disclosure of internal data
• Unauthorized access to internal hosts
• Interception or alteration of data
• Vandalism & denial of service
• Wasted employee time
• Bad publicity, public embarassment, and law suits
4. What needs to be secured?
• Crown jewels: patent work, source code,
market analysis; information assets
• Any way into your network
• Any way out of your network
• Information about your network
5. Why do I need a firewall?
• Peer pressure.
• One firewall is simpler to administer than
many hosts.
• It’s easier to be security conscientious with
a firewall.
6. What is a firewall?
• As many machines as it takes to:
– be the sole connection between inside and
outside.
– test all traffic against consistent rules.
– pass traffic that meets those rules.
– contain the effects of a compromised system.
7. Firewall components
• All of the machines in the firewall
– are immune to penetration or compromise.
– retain enough information to recreate their
actions.
8. The Perfect firewall
• Lets you do your business
• Works with existing security measures
• has the security “margin of error” that your
company needs.
9. The security continuum
• Ease of use vs. degree of security
• Cheap, secure, feature packed, easy to
administer? Choose three.
• Default deny or default accept
Easy to use Secure
10. Policy for the firewall
– Who gets to do what via the Internet?
– What Internet usage is not allowed?
– Who makes sure the policy works and is being
complied with?
– When can changes be made to policy/rules?
– What will be done with the logs?
– Will we cooperate with law enforcement?
11. What you firewall matters more
than which firewall you use.
• Internal security policy should show what
systems need to be guarded.
• How you deploy your firewall determines
what the firewall protects.
• The kind of firewall is how much insurance
you’re buying.
12. How to defeat firewalls
• Take over the firewall.
• Get packets through the firewall.
• Get the information without going through
the firewall.
13. A partial list of back doors.
• personal modems
• vendor modems
• partner networks
• home networks
• loose cannon experts
• employee hacking
• reusable passwords
• viruses
• “helpful” employees
• off-site backup &
hosting
14. Even perfect firewalls can’t fix:
• Tunneled traffic.
• Holes, e.g. telnet, opened in the firewall.
• WWW browser attacks / malicious Internet
servers.
15. Priorities in hacking through a
firewall
• Collect information.
• Look for weaknesses behind the firewall.
• Try to get packets through the firewall.
• Attack the firewall itself.
• Subvert connections through the firewall.
16. Information often leaked through
firewalls
• DNS host information
• network configuration
• e-mail header information
• intranet web pages on the Internet
18. Attacking the firewall
• Does this firewall pass packets when it’s
crashed?
• Is any software running on the firewall?
19. A fieldtrip through an IP packet
• Important fields are:
– source, destination, ports, TCP status
. . TOS . . .. . . SRC DEST opt SPORT DPORT
DATA
SEQ# ACK#
..ACK,URG,SYN ….
21. Packet filters
• How Packet filters work
– Read the header and filter by whether fields
match specific rules.
– SYN flags allow the router to tell if connection
is new or ongoing.
• Packet filters come in dumb, standard,
specialized, and stateful models
22. Standard packet filter
– allows connections as long as the ports are OK
– denies new inbound connections, using the
SYN flag
– Examples: Cisco & other routers, Karlbridge,
Unix hosts, steelhead.
23. Packet filter weaknesses
– It’s easy to botch the rules.
– Good logging is hard.
– Stealth scanning works well.
– Packet fragments, IP options, and source
routing work by default.
– Routers usually can’t do authentication of end
points.
24. Stateful packet filters
– SPFs track the last few minutes of network
activity. If a packet doesn’t fit in, they drop it.
– Stronger inspection engines can search for
information inside the packet’s data.
– SPFs have to collect and assemble packets in
order to have enough data.
– Examples: Firewall One, ON Technologies,
SeattleLabs, ipfilter
25. Weaknesses in SPF
– All the flaws of standard filtering can still
apply.
– Default setups are sometimes insecure.
– The packet that leaves the remote site is the
same packet that arrives at the client.
– Data inside an allowed connection can be
destructive.
– Traditionally SPFs have poor logging.
26. Proxy firewalls
• Proxy firewalls pass data between two
separate connections, one on each side of
the firewall.
– Proxies should not route packets between
interfaces.
• Types: circuit level proxy, application
proxy, store and forward proxy.
27. General proxy weaknesses
• The host is now involved, and accessible to
attack.
– The host must be hardened.
• State is being kept by the IP stack.
• Spoofing IP & DNS still works if
authentication isn’t used.
• Higher latency & lower throughput.
28. Circuit level proxy
– Client asks FW for document. FW connects to
remote site. FW transfers all information
between the two connections.
– Tends to have better logging than packet filters
– Data passed inside the circuit could be
dangerous.
– Examples: Socks, Cycom Labyrinth
29. Application proxy
– FW transfers only acceptable information
between the two connections.
– The proxy can understand the protocol and
filter the data within.
– Examples: TIS Gauntlet and FWTK, Raptor,
Secure Computing
30. Application proxy weaknesses
• Some proxies on an “application proxy”
firewall may not be application aware.
• Proxies have to be written securely.
31. Store and forward , or caching,
proxies
– Client asks firewall for document; the firewall
downloads the document, saves it to disk, and
provides the document to the client. The
firewall may cache the document.
– Can do data filtering.
– Examples: Microsoft, Netscape, CERN, Squid
proxies; SMTP mail
32. Weaknesses of store & forward
proxies
– Store and forward proxies tend to be big new
programs. Making them your primary
connection to the internet is dangerous.
– These applications don’t protect the underlying
operating system at all.
– Caching proxies can require more administrator
time and hardware.
33. Network Address Translation
(NAT)
– NAT changes the ip addresses in a packet, so
that the address of the client inside never shows
up on the internet.
– Examples: Cisco PIX, Linux Masquerading,
Firewall One, ipfilter
34. Types of NAT
• Many IPs inside to many static IPs outside
• Many IPs inside to many random IPs
outside
• Many IPs inside to one IP address outside
• Transparent diversion of connections
35. Weaknesses of NAT
• Source routing & other router holes
• Can be stupid about complex protocols
– ICMP, IP options, FTP, fragments
• Can give out a lot of information about your
network.
• May need a lot of horsepower
36. Intrusion detection
– Watches ethernet or router for trigger events,
then tries to interrupt connections. Logs
synopsis of all events.
– Can log suspicious sessions for playback
– Tend to be very good at recognizing attacks,
fair at anticipating them
– Products: Abirnet, ISS Real Secure,
SecureNetPro, Haystack Netstalker
37. Weaknesses of intrusion
detection
– Can only stop tcp connections
– Sometimes stops things too late
– Can trigger alarms too easily
– Doesn’t work on switched networks
38. Logging
• Pros:
– Very cheap
– Solves most behavioral problems
– Logfiles are crucial for legal recourse
• Cons:
– Very programmer or administrator intensive
– Doesn’t prevent damage
– needs a stable environment to be useful
39. Types of logging
• program logging
• syslog /NT event log
• sniffers
– Argus, Network General, HP Openview,
TCPdump
• router debug mode
– A very good tool for tracking across your
network
40. Commercial Logging
• Logging almost all commercial firewall
packages stinks
– No tripwires
– No pattern recognition
– No smart/expert distillation
– No way to change firewall behavior based on
log information
– No good way to integrate log files from
multiple machines
41. Firewall Tools
• All types of firewall are useful sometimes.
• The more compartments on the firewall, the
greater the odds of security.
• Belt & suspenders
42. Firewall topology
• Webserver placement
• RAS server placement
• Partner network placement
• Internal information protection (intranet
firewalling)
43. Firewall deployment checklist
• Have list of what needs to be protected.
• Have all of the networks configured for the
firewall
• All rules are in place
• Logging is on.
44. What steps are left?
• What is the firewall allowing access to?
– Internal machines receiving data had better be
secure.
– If these services can’t be secured, what do you
have to lose?
45. Last checks
• Day 0 Backups made?
• Are there any gaps between our stated
policy and the rules the firewall is
enforcing?
46. Auditing
• A firewall works when an audit finds no
deviations from policy.
• Scanning tools are good for auditing
conformance to policy, not so good for
auditing security.
47. Sample configurations
• Good configurations should:
– limit Denial of Service.
– minimize complexity for inside users.
– be auditable.
– allow outside to connect to specific resources.
49. The Multimedia Nightmare
• secure multimedia & database content to provided
to multiple Internet destinations.
• Web server is acting as authentication & security for
access to the Finance server.
Proxy
CACHE
Inside
50. Firewalls in multiple locations
– Identical proxies on both sides.
VPN over internal LAN
51. Low end, good security, for low
threat environments
• Packet filter, “Sacrificial Goat” web server,
Application Firewall, bastion host running logging
& Store & Forward proxies
Store &
Forward
Inside
52. High end firewalls
• ATM switching firewalls
• Round robin gateways
– Don’t work with transparent proxies
• High availability
53. Firewall Trends
– “Toaster” firewalls
– Call-outs / co-processing firewalls
– VPNs
– Dumb protocols
– LAN equipment & protocols showing up on the
Internet
– Over-hyped content filtering
54. More Firewall Trends
– blurring between packet filters & application
proxies
– more services running on the firewall
– High availability, fail-over and hot swap ability
– GUI’s
– Statistics for managers
55. Firewall trends & “religious”
issues.
• Underlying OS for firewalls
– Any firewall OS should have little in common
with the retail versions.
• Firewall certification
– Buy your own copy of ISS and “certify”
firewalls yourself.
56. Source vs. Shrink-wrap
• Low end shrinkwrap solutions
• The importance of source
– Can you afford 1.5 programmer/administrators?
– Are you willing to have a non-employee doing
your security? (Whose priorities win?)
57. Downside of firewalls
• single point of failure
• difficult to integrate into a mesh network
• highlights flaws in network architecture
• can focus politics on the firewall
administrator