Network security

NETWORK SECURITY
TEKNIS PELATIHAN KEAMANAN INFORMASI

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

AGENDA

NETWORK LAYER

INTERNET PROTOCOL

IPV 4

IPV 6

IPSEC

NETWORK PACKET INSPECTION


AGENDA

ATTACKING IP V4

PASSIVE

ACTIVE

COMMON TYPES OF ATTACK + HANDS ON

EAVESDROPPING

SNIFFER ATTACK


AGENDA

COMMON TYPES OF ATTACK

SPOOFING

TUNNELING

MAN-IN-THE-MIDDLE (MITM) ATTACK

DENIAL OF SERVICE ATTACK

DEFENCE


NETWORK LAYER

NO. 3 FROM OSI MODEL

PROVIDES THE FUNCTIONAL AND PROCEDURAL MEANS
OF TRANSFERING VARIABLE LENGTH DATA SEQUENCES
FROM SOURCE HOST TO A DESTINATION ON ONE
NETWORK TO ANOTHER, WHILE MAINTAINING THE QOS
REQUESTED BY TRANSPORT LAYER

FUCTION: PATH DETERMINATION AND LOGICAL
ADRESSING; DATA UNIT : PACKET/DATAGRAM

IP (IPV4, IPV6), ICMP, IPSEC, IGMP, IPX, APPLE TALK

[1]: WIKIPEDIA.ORG


OSI 7 LAYER

[1]: WIKIPEDIA.ORG


INTERNET PROTOCOL

RESPONSIBLE FOR ADDRESSING HOSTS AND ROUTING
DATAGRAM (PACKETS) FROM A SOURCE HOST TO
DESTINATION HOST ACCROSS ONE OR MORE IP
NETWORK.

[1]: WIKIPEDIA.ORG


IPV4

FOURTH REVISION IN THE DEVELOPMENT OF IP AND THE
FIRST VERSION OF THE PROTOCOL WIDELY DEPLOYED

CONNECTIONLESS, NOT GUARANTEE DELIVERY, NOT
ASSURING PROPER SEQUENCE OR AVOIDANCE OF
DUPLICATE DELIVERY,

32 BIT = 192.168.0.1

IPSEC IS OPTIONAL

[1]: WIKIPEDIA.ORG


IPV 6

SUCCESSOR OF IPV4 WITH MORE “BETTER”
IMPROVEMENTS

NEW PACKET HEADER

MULTICAST (MULTIPLE DESTINATION IN SINGLE
OPERATION)

STATELESS ADDRESS AUTO CONFIGURATION

LARGER ADDRESS SPACE 128 BIT = 2001:0db8:85a3:0000:0000:8a2e:0370:7334

IPSEC SUPPORT IS MANDATORY


IPSEC

PROTOCOL SUITE FOR SECURING INTERNET PROTOCOL
(IP) COMMUNICATIONS BY AUTHENTICATING AND
ENCRYPTINH EACH IP PACKET OF A COMMUNICATION
SESSION.

END-TO-END SECURITY SCHEME

PROTECT ANY APPLICATION TRAFFIC ACCROSS IP
NETWORK

AUTHENTICATION HEADER (AH), ENCAPSULATING
SECURITY PAYLOAD (ESP), SECURITY ASSOCIATIONS
(SA)


IPV4 V.S IPV6


NETWORK PACKET INSPECTION


HANDS ON
WIRESHARK PACKET INSPECTION


ATTACKING IPV4

SECURITY ISSUE LIES ON INTERNET PROTOCOL
(NETWORK LAYER), NO AUTH AND ENCRYPTION

IPSEC OPTIONAL

UPPER LAYER, CREATED WITHOUT SECURITY
CONSIDERATIONS,

TCP PROTOCOLS: FTP, TELNET, SMTP, POP3


ATTACKING IPV4

PASSIVE : NETWORK PACKET INFORMATION MIGHT BE
MONITORED;

ACTIVE: NETWORK PACKET INFORMATION IS ALTERED
IN INTENT TO MODIFY, CORRUPT, OR DESTROY TEH
DATA OR THE NETWORK.


EAVESDROPPING

THE MAJORITY OF NETWORK COMMUNICATIONS OCCUR
IN UNSECURED OR “CLEARTEXT” FORMAT

THE ABILITY TO MONITOR THE NETWORK
COMMUNICATION IS THE BIGGEST SECURITY PROBLEMS
THAT WE’VE FACED

HUB NETWORK DEVICE, ACCESS TO THE GATEWAY/
ROUTER DEVICE


SNIFFER ATTACK

SNIFFER IS AN APPLICATION OR DEVICE THAT CAN READ,
MONITOR, AND CAPTURE NETWORK PACKET.

IF PACKET NOT ENCRYPTED THE ATTACKER CAN VIEW
FULL DATA INSIDE THE PACKET

IF PACKET ENCRYPTED THE ATTACKER NEED TO
CREATE/USE/HAVE A VALID KEY

TUNNEL ONLY PACKET CAN ALSO BE BROKEN OPEN AND
READ


SNIFFER ATTACK

TCPDUMP

WIRESHARK (FORMERLY ETHEREAL)

ETTERCAP

CAIN AND ABEL

DSNIFF


HANDS ON
WIRESHARK RECOVERY


SPOOFING

SPOOF = MASQUEARADE[1]

IS A SITUATION IN WHICH A PROGRAM SUCCESSFULLY
MASQUARADES AS ANOTHER BY FALSIFYING DATA AND
THEREBY GAINING AN ILLEGITIMATE ADVANTAGE[2]

[1]: RFC4949
[2]: WIKIPEDIA.ORG


SPOOFING

IPSPOOFING, E.G: MODIFY SOURCE ADDRESS

A COMMON MISCONCEPTION: IP SPOOFING CAN BE USED
TO HIDE IP ADDRESS WHILE SURFING THE INTERNET,
CHATTING, ON-LINE, AND SO FORTH. THIS IS GENERALLY
NOT TRUE. FORGING THE SOURCES IP ADDRESS CAUSES
THE RESPONSES TO BE MISDIRECTED, MEANING CANNOT
CREATE NORMAL NETWORK CONNECTION.[1]

USUALLY COMBINE WITH NETWORK DOS/DDOS ATTACK

[1]: ISS.NET


HANDS ON
MAC SPOOFING
IFCONFIG (IFACE) HW ETHER (NEW MAC)


TUNNELING

TUNNEL IS A COMMUNICATION CHANNEL CREATED IN A
COMPUTER NETWORK BY ENCAPSULATING (I.E.,
LAYERING) A COMMUNICATION PROTOCOL’S DATA
PACKETS IN (I.E., ABOVE) A SECOND PROTOCOL THAT
NORMALLY WOULD BE CARRIED ABOVE, OR AT THE SAME
LAYER AS, THE FIRST ONE. [1]

HTTP, SSH, DNS, ICMP

SSH FOO@DOO -D PORT

[1]: RFC4949


HANDS ON
HTTP OVER SSH (SSH TUNNELING)


MAN-IN-THE-MIDDLE

A FORM OF ATTACK IN WHICH THE ATTACKER MAKES
INDEPENDENT CONNECTIONS WITH THE VICTIMS AND
RELAYS MESSAGES BETWEEN THEM, MAKING THEM
BELIEVE THAT THEY ARE TALKING DIRECTLY TO EACH
OTHER , WHEN IN FACT THE ENTIRE CONVERSATION
CONTROLLED BY THE ATTACKER.

ATTACKER IMPERSONATE EACH ENDPOINT TO THE
SATISFACTION OF THE OTHER


MAN-IN-THE-MIDDLE


HANDS ON
MAN-IN-THE-MIDDLE (MITM) USING CAIN ABEL


DENIAL OF SERVICE

THE PREVENTION OF AUTHORIZED ACCESS TO A SYSTEM
RESOURCE OR THE DELAYING OF SYSTEM OPERATIONS
AND FUNCTION. [1]

PING OF DEATH (ICMP FLOODING), SYNFLOOD

DISTRIBUTED DOS, BOT NET

[1]: RFC4949


DENIAL OF SERVICE

DOS ATTACKER MAY:

ATTEMPT TO FLOOD A NETWORK, THEREBY
PREVENTING LEGITIMATE NETWORK TRAFFIC

ATTEMPT TO DISRUPT CONNECTIONS BETWEEN TWO
MACHINES, THEREBY PREVENTING ACCESS TO
SERVICE

ATTEMPT TO PREVENT PARTICULAR INDIVIDUAL FROM
ACCESING A SERVICE

ATTEMPT TO DISRUPT SERVICE TO A SPECIFIC SYSTEM.


DENIAL OF SERVICE


HANDS ON
EXAMPLE DOS


DEFENCE

EDUCATE USER

USING IPSEC (IPV6)

IMPLEMENT BEST POLICY

CONFIGURING FIREWALL, IDS, IPS

REGULARLY AUDITS


DISCUSSION


Network security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Network security

Similar to Network security (20)

More from Ammar WK

More from Ammar WK (20)

Recently uploaded

Recently uploaded (20)

Network security