The document discusses various topics related to practical network security including security threats, data security, private communication over public channels, security services, applications that provide security like VPNs and firewalls, types of intruders, intrusion detection, and references for further information. It addresses confidentiality, authenticity, integrity, and non-repudiation as security services and discusses tools like firewalls, intrusion detection, and spam filters that can help safeguard networks.

1. Practical Network Security Sudarsun S Checktronix India Pvt Ltd Chennai 600034 [email_address]

2. Agenda Security Threats Fundamental loop hole of Ethernet Basic Services offered by Secured Sys Types of Intruders Network Security Administration Configuring Servers Applications Tools Cross Platform deployment

3. Agenda (cont..) Firewalls Intrusion Detection Rules based Pattern Analysis Usage patterns Feature vectors analysis Role of Artificial Intelligence Statistical Analysis Knowledge based Systems Adaptive Security systems

4. Overview What are we protecting? Private communication over Public channel. Who are we meaning Intruders? What is the cost of intrusion ? Protection Vs Recovery !? Insiders Vs Outsiders !?

5. Data Security What are Security Attributes ? What’s Default Security Policy ? How does Windows give protection? The Security Tab Ownership / Full Control Access How does Unix flavors give protection? chmod, chown, umask commands chmod <1777> <filename> ex: chmod 600 myfile.txt chown user:group <filename> ex: chown sudar:dev file umask <masknumber> ex: umask 077

6. Private Comm Over Public Channel Internet: Public Communication Media How Privacy is achieved ? What are the security threats ? What happens when you send an email ? What happens when you pay your bills ? What happens when you transfer money? What happens when you purchase online?

7. Security Threats Interruption Oops, Availability is gone! Interception Some one is watching you! Fabrication Whom are you talking to ? Modification Am I getting the correct information ?

8. Design Flaw Promiscuous Mode of operation Encryption only at or below App layer Will IPSec overcomes that ? Are SSL, TLS not enough ?

9. Services Confidentiality Authenticity Integrity Non-Repudiation

10. Confidentiality Only B can discern the message from A E D Host A Sends M Bpub Bpri Text = Bpub(M) Host B Recvs M

11. Authencity Guarantees A as the Message Source E D Host A Sends M A pri A pub Host B Recvs M M M+A pri (M) ~ M A pri (M) M

12. Steganography How Steganography is different from cryptography? Are of concealing the existence of a message Strengths of Steganography Multimedia stream, the Auspicious Carrier!

13. Some Apps Authentication applications - Kerberos Email Security – PGP IP Security – Layer in IP Web Security – SSL, TLS SSH Vs Telnet SSH Tunnels Virtual Private Networks

14. VPN Created using Two-Way SSH Tunnels ssh -l <user> -L <localport>:<remote-ip>:<remoteport> -g -p <ssh-port> <remote-ssh-ip-address> ssh -l <user> -R <remoteport>:<local-ip>:<localport> -g -p <ssh-port> <remote-ssh-ip-address>

15. VPN Hardware

16. Cyber Café Stuff Do you know know Temporary Internet Files folder ? Do you know about persistent cookies ? Do you know where your passwords are stored ? Do you know how your data is transferred when you click submit button? Do you know about VNC servers ? Can your emails, passwords, credit card details be intercepted ? Are you sure of all the Emails received ?

17. How to Safeguard? Delete Temporary Internet Folder Delete cookies Delete history Don’t allow passwords to be saved Don’t give your credit card details on a non-https URL. Enable detailed headers in Emails.

18. SPAM Filters What is SPAM, HAM ? How can we identify SPAM ? Spamassasin Techniques Bayes Classifier Rules based SMTP Filter Open Relay, Blacklisted IP address, HELO method, banner delays, reverse lookup tests.

19. Intruders Masquerader An unauthorized user exploiting legitimate user’s account Misfeasor A legitimate user violating the limitation on her or him authorization Clandestine user Individual seizing supervisor control to evade auditing

20. Intrusion Detection Statistical Anomaly Detection Network monitors tcpdump, ethereal, netstat, iptraf Auditors and Event Logs Windows Event Logs Linux SysLogs Rules based Detection ipchains, iptables proxy, reverse proxy, firewalls

21. Viruses Malicious Programs Trap doors Logic bomb Trojans Viruses Worms Adware, Spyware

22. Firewalls Need for a firewall Attacks Ping of death Fragmentation Attack Denial of Service IP Spoofing Port scanning

23. Level of Control Service Control Based on Port number Direction Control Limits inbound and outbound traffic User Control Restrict user level access to resources Behavioral Control Content limitation on resource use

24. Types Packet Filtering firewall Based on Packet filter rules Application Level Gateway Limits the application superficially Circuit level Gateway Man-in-the-Middle contruction

25. References Public Key Cryptography: http://www.rsasecurity.com/rsalabs/pkcs/ HMAC: http://www.cs.ucsd.edu/users/mihir/papers/hmac.html Digital Signatures: http://www.epic.org/crypto/dss/ Bruce Schenider, Applied Cryptography William Stallings, Cryptography and Network Security, Pearson Education All RFCs: http://www.ietf.org/rfc.html PGP: http://www.pgp.com/ Comer D, Internetworking with TCP/IP Volume 1, Prentice Hall, 1995 Cheng P et al, “A Security Architecture for the IP”, IBM Systems Journal, Number 1, 1998 OpenSSL: http://www.openssl.org/ SSL: http://wp.netscape.com/security/techbriefs/ssl.html?cp=sciln Denning P, Computers Under Attack: Intruders, Worms & Viruses. Reading MA: Addison-Wesley,1990 Oppliger R “Internet Security: Firewalls and Beyond” Communication of the ACM, May 1997 Bellovin S, Cheswick W. “Network Firewalls”, IEEE Communications Magazine, Sep 1994