Practical Network Security

4,867 views

Published on

Introducing Network Security Issues and simple ways to fight back.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,867
On SlideShare
0
From Embeds
0
Number of Embeds
27
Actions
Shares
0
Downloads
195
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Practical Network Security

  1. 1. Practical Network Security Sudarsun S Checktronix India Pvt Ltd Chennai 600034 [email_address]
  2. 2. Agenda <ul><li>Security Threats </li></ul><ul><li>Fundamental loop hole of Ethernet </li></ul><ul><li>Basic Services offered by Secured Sys </li></ul><ul><li>Types of Intruders </li></ul><ul><li>Network Security Administration </li></ul><ul><ul><li>Configuring Servers </li></ul></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>Tools </li></ul></ul><ul><ul><li>Cross Platform deployment </li></ul></ul>
  3. 3. Agenda (cont..) <ul><li>Firewalls </li></ul><ul><li>Intrusion Detection </li></ul><ul><ul><li>Rules based </li></ul></ul><ul><ul><li>Pattern Analysis </li></ul></ul><ul><ul><ul><li>Usage patterns </li></ul></ul></ul><ul><ul><ul><li>Feature vectors analysis </li></ul></ul></ul><ul><li>Role of Artificial Intelligence </li></ul><ul><ul><li>Statistical Analysis </li></ul></ul><ul><ul><li>Knowledge based Systems </li></ul></ul><ul><ul><li>Adaptive Security systems </li></ul></ul>
  4. 4. Overview <ul><li>What are we protecting? </li></ul><ul><li>Private communication over Public channel. </li></ul><ul><li>Who are we meaning Intruders? </li></ul><ul><li>What is the cost of intrusion ? </li></ul><ul><li>Protection Vs Recovery !? </li></ul><ul><li>Insiders Vs Outsiders !? </li></ul>
  5. 5. Data Security <ul><li>What are Security Attributes ? </li></ul><ul><li>What’s Default Security Policy ? </li></ul><ul><li>How does Windows give protection? </li></ul><ul><ul><li>The Security Tab </li></ul></ul><ul><ul><li>Ownership / Full Control Access </li></ul></ul><ul><li>How does Unix flavors give protection? </li></ul><ul><ul><li>chmod, chown, umask commands </li></ul></ul><ul><ul><ul><li>chmod <1777> <filename> ex: chmod 600 myfile.txt </li></ul></ul></ul><ul><ul><ul><li>chown user:group <filename> ex: chown sudar:dev file </li></ul></ul></ul><ul><ul><ul><li>umask <masknumber> ex: umask 077 </li></ul></ul></ul>
  6. 6. Private Comm Over Public Channel <ul><li>Internet: Public Communication Media </li></ul><ul><li>How Privacy is achieved ? </li></ul><ul><li>What are the security threats ? </li></ul><ul><ul><li>What happens when you send an email ? </li></ul></ul><ul><ul><li>What happens when you pay your bills ? </li></ul></ul><ul><ul><li>What happens when you transfer money? </li></ul></ul><ul><ul><li>What happens when you purchase online? </li></ul></ul>
  7. 7. Security Threats <ul><li>Interruption </li></ul><ul><ul><li>Oops, Availability is gone! </li></ul></ul><ul><li>Interception </li></ul><ul><ul><li>Some one is watching you! </li></ul></ul><ul><li>Fabrication </li></ul><ul><ul><li>Whom are you talking to ? </li></ul></ul><ul><li>Modification </li></ul><ul><ul><li>Am I getting the correct information ? </li></ul></ul>
  8. 8. Design Flaw <ul><li>Promiscuous Mode of operation </li></ul><ul><li>Encryption only at or below App layer </li></ul><ul><ul><li>Will IPSec overcomes that ? </li></ul></ul><ul><ul><li>Are SSL, TLS not enough ? </li></ul></ul>
  9. 9. Services <ul><li>Confidentiality </li></ul><ul><li>Authenticity </li></ul><ul><li>Integrity </li></ul><ul><li>Non-Repudiation </li></ul>
  10. 10. Confidentiality <ul><li>Only B can discern the message from A </li></ul>E D Host A Sends M Bpub Bpri Text = Bpub(M) Host B Recvs M
  11. 11. Authencity <ul><li>Guarantees A as the Message Source </li></ul>E D Host A Sends M A pri A pub Host B Recvs M M M+A pri (M) ~ M A pri (M) M
  12. 12. Steganography <ul><li>How Steganography is different from cryptography? </li></ul><ul><ul><li>Are of concealing the existence of a message </li></ul></ul><ul><li>Strengths of Steganography </li></ul><ul><li>Multimedia stream, the Auspicious Carrier! </li></ul>
  13. 13. Some Apps <ul><li>Authentication applications - Kerberos </li></ul><ul><li>Email Security – PGP </li></ul><ul><li>IP Security – Layer in IP </li></ul><ul><li>Web Security – SSL, TLS </li></ul><ul><li>SSH Vs Telnet </li></ul><ul><li>SSH Tunnels </li></ul><ul><li>Virtual Private Networks </li></ul>
  14. 14. VPN <ul><li>Created using Two-Way SSH Tunnels </li></ul><ul><ul><li>ssh -l <user> -L <localport>:<remote-ip>:<remoteport> -g -p <ssh-port> <remote-ssh-ip-address> </li></ul></ul><ul><ul><li>ssh -l <user> -R <remoteport>:<local-ip>:<localport> -g -p <ssh-port> <remote-ssh-ip-address> </li></ul></ul>
  15. 15. VPN Hardware
  16. 16. Cyber Café Stuff <ul><li>Do you know know Temporary Internet Files folder ? </li></ul><ul><li>Do you know about persistent cookies ? </li></ul><ul><li>Do you know where your passwords are stored ? </li></ul><ul><li>Do you know how your data is transferred when you click submit button? </li></ul><ul><li>Do you know about VNC servers ? </li></ul><ul><li>Can your emails, passwords, credit card details be intercepted ? </li></ul><ul><li>Are you sure of all the Emails received ? </li></ul>
  17. 17. How to Safeguard? <ul><li>Delete Temporary Internet Folder </li></ul><ul><li>Delete cookies </li></ul><ul><li>Delete history </li></ul><ul><li>Don’t allow passwords to be saved </li></ul><ul><li>Don’t give your credit card details on a non-https URL. </li></ul><ul><li>Enable detailed headers in Emails. </li></ul>
  18. 18. SPAM Filters <ul><li>What is SPAM, HAM ? </li></ul><ul><li>How can we identify SPAM ? </li></ul><ul><li>Spamassasin </li></ul><ul><li>Techniques </li></ul><ul><ul><li>Bayes Classifier </li></ul></ul><ul><ul><li>Rules based </li></ul></ul><ul><li>SMTP Filter </li></ul><ul><ul><li>Open Relay, Blacklisted IP address, HELO method, banner delays, reverse lookup tests. </li></ul></ul>
  19. 19. Intruders <ul><li>Masquerader </li></ul><ul><li>An unauthorized user exploiting legitimate user’s account </li></ul><ul><li>Misfeasor </li></ul><ul><li>A legitimate user violating the limitation on her or him authorization </li></ul><ul><li>Clandestine user </li></ul><ul><li>Individual seizing supervisor control to evade auditing </li></ul>
  20. 20. Intrusion Detection <ul><li>Statistical Anomaly Detection </li></ul><ul><ul><li>Network monitors </li></ul></ul><ul><ul><li>tcpdump, ethereal, netstat, iptraf </li></ul></ul><ul><li>Auditors and Event Logs </li></ul><ul><ul><li>Windows Event Logs </li></ul></ul><ul><ul><li>Linux SysLogs </li></ul></ul><ul><li>Rules based Detection </li></ul><ul><ul><li>ipchains, iptables </li></ul></ul><ul><ul><li>proxy, reverse proxy, firewalls </li></ul></ul>
  21. 21. Viruses <ul><li>Malicious Programs </li></ul><ul><li>Trap doors </li></ul><ul><li>Logic bomb </li></ul><ul><li>Trojans </li></ul><ul><li>Viruses </li></ul><ul><li>Worms </li></ul><ul><li>Adware, Spyware </li></ul>
  22. 22. Firewalls <ul><li>Need for a firewall </li></ul><ul><li>Attacks </li></ul><ul><ul><ul><ul><li>Ping of death </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Fragmentation Attack </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Denial of Service </li></ul></ul></ul></ul><ul><ul><ul><ul><li>IP Spoofing </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Port scanning </li></ul></ul></ul></ul>
  23. 23. Level of Control <ul><li>Service Control </li></ul><ul><ul><ul><ul><li>Based on Port number </li></ul></ul></ul></ul><ul><li>Direction Control </li></ul><ul><ul><ul><ul><li>Limits inbound and outbound traffic </li></ul></ul></ul></ul><ul><li>User Control </li></ul><ul><ul><ul><ul><li>Restrict user level access to resources </li></ul></ul></ul></ul><ul><li>Behavioral Control </li></ul><ul><ul><ul><ul><li>Content limitation on resource use </li></ul></ul></ul></ul>
  24. 24. Types <ul><li>Packet Filtering firewall </li></ul><ul><ul><ul><ul><li>Based on Packet filter rules </li></ul></ul></ul></ul><ul><li>Application Level Gateway </li></ul><ul><ul><ul><ul><li>Limits the application superficially </li></ul></ul></ul></ul><ul><li>Circuit level Gateway </li></ul><ul><ul><ul><ul><li>Man-in-the-Middle contruction </li></ul></ul></ul></ul>
  25. 25. References <ul><li>Public Key Cryptography: http://www.rsasecurity.com/rsalabs/pkcs/ </li></ul><ul><li>HMAC: http://www.cs.ucsd.edu/users/mihir/papers/hmac.html </li></ul><ul><li>Digital Signatures: http://www.epic.org/crypto/dss/ </li></ul><ul><li>Bruce Schenider, Applied Cryptography </li></ul><ul><li>William Stallings, Cryptography and Network Security, Pearson Education </li></ul><ul><li>All RFCs: http://www.ietf.org/rfc.html </li></ul><ul><li>PGP: http://www.pgp.com/ </li></ul><ul><li>Comer D, Internetworking with TCP/IP Volume 1, Prentice Hall, 1995 </li></ul><ul><li>Cheng P et al, “A Security Architecture for the IP”, IBM Systems Journal, Number 1, 1998 </li></ul><ul><li>OpenSSL: http://www.openssl.org/ </li></ul><ul><li>SSL: http://wp.netscape.com/security/techbriefs/ssl.html?cp=sciln </li></ul><ul><li>Denning P, Computers Under Attack: Intruders, Worms & Viruses. Reading MA: Addison-Wesley,1990 </li></ul><ul><li>Oppliger R “Internet Security: Firewalls and Beyond” Communication of the ACM, May 1997 </li></ul><ul><li>Bellovin S, Cheswick W. “Network Firewalls”, IEEE Communications Magazine, Sep 1994 </li></ul>

×