CORE Security Technologies

Slides:



Advertisements
Similar presentations
DMZ (De-Militarized Zone)
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.
Firewalls.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Department Of Computer Engineering
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Intranet, Extranet, Firewall. Intranet and Extranet.
Sales Kickoff - ARCserve
TCP/IP Vulnerabilities. Outline Security Vulnerabilities Denial of Service Worms Countermeasures: Firewalls/IDS.
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
COEN 252 Computer Forensics
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Internet and Intranet Fundamentals Class 9 Session A.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.
FORESEC Academy FORESEC Academy Security Essentials (III)
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Firewall Security.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
COEN 350 Network Defense in Depth Firewalls. Terms of the Trade Border Router First / last router under control of system administration. DMZ Demilitarized.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Security fundamentals Topic 10 Securing the network perimeter.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques.
IS3220 Information Technology Infrastructure Security
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Defining Network Infrastructure and Network Security Lesson 8.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
Firewalls.
Domain 4 – Communication and Network Security
Securing the Network Perimeter with ISA 2004
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
CompTIA Security+ Study Guide (SY0-401)
CompTIA Security+ Study Guide (SY0-501)
Firewalls (March 2, 2016) © Abdou Illia – Spring 2016.
Intrusion Detection & Prevention
Firewalls Purpose of a Firewall Characteristic of a firewall
Intrusion Prevention Systems
POOJA Programmer, CSE Department
Lecture 2: Overview of TCP/IP protocol
Lecture 3: Secure Network Architecture
Firewalls.
Intrusion Detection system
Introduction to Network Security
Intrusion-Detection Systems
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

CORE Security Technologies                                                                                                                                                                                                                                                                                                                      Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com

Common IS Threat Mitigation Strategies: An overview of common detection and protection technologies AGENDA Intro Securing the Perimeter Intrusion Detection Intrusion Prevention The New Perimeter Q & A

A risk management approach to security WHY MITIGATE? Modern networks are complex systems Each node has specific security characteristics Nodes interact with each other Subject to constant change (business driven) Security as an emergent characteristic Focus on risk 100% bulletproof is an utopian dream As countermeasures and protection mechanisms evolve, attacks evolve too

Friends in, Foes out. Defining and securing the network perimeter SECURING THE PERIMETER

Packet filters can control which packets are allowed to get through the firewall and which are not Rules based on individual packets Real fast Most popular routers incorporate this functionality Stateful packet filter Rules can refer to established sessions or flows Very fast Most modern firewalls are stateful SYN | port 80 SYN | ACK | ISN# 2222 ACK #2222 | port 80 | data ACK #bbbb| data

APPLICATION LAYER FIREWALLS Application layer firewalls provide a more granular control of networked applications and services APPLICATION LAYER FIREWALLS Police traffic at the application layer Pros Rules refer to specific services Can spot protocol deviations and abuses Very granular control on protocol specifics (deny FTP anonymous login, disable unused SMTP commands, block “ ‘ “ in HTTP form fields) Cons Resource intensive Tough to keep up with app-layer protocols BLOCKED! HTTP Response HTTP GET /null.printer HTTP GET /index.html HTTP GET /index.html HTTP Response

Dividing the network in different physical segments has many advantages NETWORK SEGMENTATION Assigning trust to network segments Pros Reduces “attack surface” at many levels Contains or limits successful intrusions Provides control and audit capabilities for internal traffic Cons Tough to configure and manage if the network is very dynamic Strict performance requirements

A classic segmentation example: the DMZ NETWORK SEGMENTATION (2)

Intrusion Detection Systems passively monitor the network’s operation for attacks and anomalies Monitor the network for security events Intrusion attempts Successful attacks Anomalies Forensics Network audit trail Internally deployed Detect anomalies within the perimeter Externally deployed Measure threat (?)

There are many different IDS technologies being developed today INTRUSION DETECTION STRATEGIES Signature based Watches for known attacks (signatures) Can detect some well defined anomalies Anomaly Watches for anomalies (not known attacks) Self learned (adapts to the network) / Programmed (follows defined rules) Host based Sensor sits in monitored host Network based Sensor sits on network Hybrids

Each one of these technologies has limitations INTRUSION DETECTION LIMITATIONS Signature based Can only detect known attacks (sometimes only specific attack incarnations) Must be constantly updated Anomaly Cannot easily absorb change Some attacks are hard to separate from legitimate traffic Host based Requires widespread deployment of sensor/agent (hard to manage / expensive) Introduces complexity into end-systems Network based Vulnerable to differences in TCP/IP implementations

Intrusion Prevention generates and active response to intrusion events Responds actively to security events Terminates network connections Communicates with the firewall / switch to disconnect / block attacker Terminates compromised process Pros Doesn’t require human attention (?) Can preemptively block known intrusion attempts Cons Doesn’t require human attention (!) Can block legitimate use Can be turned into a DoS (remember spoofing)

Several different intrusion prevention strategies at the host level are being developed HOST IPS Code injection protection / mitigation Non executable stack (Sun Solaris) Non writeable code segment, non executable everything else (OpenBSD, Linux w/GR Security, Windows XP sp2 w/AMD64) Address randomization (OpenBSD, GR Security) Containment Chroot jails (POSIX) System call policing, systrace (OpenBSD, NetBSD) Privilege separation (OpenBSD)

The concept of a network perimeter is coming to an end THE NEW PERIMETER Peer 2 Peer HTTP tunneling SSL Instant messaging Rich e-mail clients

Personal firewalls bring packet filtering to the workstation Polices traffic coming in and going out the workstations Adds the application dimension to the rules Dynamically configurable Starts to borrow capabilities from IPS

Q & A

Maximiliano Caceres | max@coresecurity.com http://www.coresecurity.com Thank You! Maximiliano Caceres | max@coresecurity.com http://www.coresecurity.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.