Network Security and its Impact on Network Continuity.

Slides:

Advertisements

Similar presentations

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

FIREWALLS Chapter 11.

Crime and Security in the Networked Economy Part 4.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Network Security Testing Techniques Presented By:- Sachin Vador.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lecture 11 Reliability and Security in IT infrastructure.

Web server security Dr Jim Briggs WEBP security1.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Internet safety By Lydia Snowden.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

APA of Isfahan University of Technology In the name of God.

Securing Information Systems

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Cyber crime & Security Prepared by : Rughani Zarana.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Information Systems Security Operations Security Domain #9.

Security at NCAR David Mitchell February 20th, 2007.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

IS Network and Telecommunications Risks Chapter Six.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Small Business Security Keith Slagle April 24, 2007.

Topic 5: Basic Security.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Role Of Network IDS in Network Perimeter Defense.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Unit 2 Personal Cyber Security and Social Engineering Part 2.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Chapter 40 Internet Security.

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

Chapter 7: Identifying Advanced Attacks

CompTIA Security+ SY0-401 Real Exam Question Answer

Instructor Materials Chapter 7 Network Security

Secure Software Confidentiality Integrity Data Security Authentication

Teaching Computing to GCSE

Information Security Session October 24, 2005

Intrusion Detection system

WJEC GCSE Computer Science

Test 3 review FTP & Cybersecurity

Mohammad Alauthman Computer Security Mohammad Alauthman

6. Application Software Security

Presentation transcript:

Network Security and its Impact on Network Continuity

What you don't know can hurt you! What is “Network Security”? "Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and consistent and continuous monitoring and measurement of its effectiveness (or lack) combined together." Source: Information Security is related to, but not identical with, Network Security

Impact of non-secure network infrastructure on an organization Loss of Services  Website/Server Down  Loss of Sales  Loss of Time Loss of Data  Proprietary Information  Sensitive Information  Customer Information Loss of Reputation  Adverse publicity  Loss of Customers  Known as an easy mark on hacker forums

Threats External  Hackers Enter network using simple or advanced techniques Use “sociological hacking” techniques Have a lot of time and good, free tools  NMAP  MetaSploit  MilW0rm  Netcat “Phishing” “Pharming”--Much more dangerous than Phishing  Malware Malicious code on websites Malicious attachments

A Simple Hack Hacker scans random network with NMAP  Bad luck! It happens to be yours  Hacker discovers Website has sensitive information stored on it  Hacker uses sensitive information, e.g. user names, passwords to begin cracking network  Hacker gains access to network after a few weeks of “brute force” attacks  Hacker finds unpatched Windows XP machine and plants malware on it  Hacker finds backup password file in c:\windows\repair\sam and cracks local admin password  Hacker tries access to another machine with local admin password, which is usually the same across an organization  A lot of information can be gathered, including server names and addresses, access to etc.  You are p0wned!

More Advanced Techniques Hacker scans network and finds services available over the Internet  Only HTTP (TCP Port 80) on one server is open to the Internet with only established connections permitted out (Stateful Inspection)  Hacker uses crafted module with MetaSploit from information gleaned from Milw0rm to compromise server and install “Netcat”  Hacker redirects traffic over permitted port using Netcat listening on HTTP, bypassing outbound firewall rules  See above  You are p0wned!

Anatomy of a Pharming Attack

Malware Trojans  Usually downloaded by user  Do not self replicate  Send information from compromised host and also listen for connections Worms  Can be downloaded or can self replicate  Usually attack major services, such as HTTP and SQL  Can reside in memory, i.e. no file is resident on hard disk

Threats Internal Threats  Disgruntled Employees Can be very dangerous if technically savvy Usually steal or remove information—sabotage with “logic bomb”  No outbound traffic filtering Web filtering filtering Instant Messaging P2P (Person to Person)  Unauthorized Wireless Access Points  Credential Sharing  Unpatched or Misconfigured machines

There is some Hope! A well designed network can mitigate many types of risks and threats  Controls and Monitors  Policies and Procedures May include audits and Penetration Tests Some network designs are legally mandated:  HIPPA Health Insurance Industry  Sarbanes-Oxley (SARBOX) Financial Industry Some are Industry Standards  PCI Credit Card Industry  NIST

Controls and Monitoring Controls can allow or disallow traffic or access. Controls require little or no intervention. Controls can be dangerous, configure with care! Examples  Firewalls allow or block traffic according to configured Access Control List (ACL) Firewalls typically block traffic from the Internet into a private network  Application Firewalls look inside network information sent and determine if packet is permitted or not, and then take configured action. WebSense will block all Nazi sites  Antvirus Software can remove existing malware and/or stop malware from changing the configuration of the machine  Intrusion Prevention Systems look for known “evil” packets and block them  Log Monitoring can show when an event occurred, and show trends over time, e.g. SPLUNK

Policies and Procedures Policies require intervention to work Effective Policies and Procedures need to be known by required users and backed up by management Policies and Procedures can have legal ramifications A Procedure implements a policy Examples  “Least Privilege”  Web Usage Policies  Disaster Recovery Procedures  User creation, change and deletion procedures

Basic Secure Network Design Firewall traffic between different Security Zones  All machines in one zone have one network access policy  To traverse a zone, information must pass through ACL Separate network for Internet facing servers such as web and database servers with ACLs controlling access to internal network Typical “office” machines do not have direct access to sensitive servers unless required Monitor traffic  Unauthorized or “odd” information is flagged for review A packet with 10,000 As is probably a buffer overflow attempt Investigate repeated “denies” on an ACL from a particular host

Basic Secure Network Design IPS events should be reviewed  Trend analysis—over time engineers become familiar with what “normal” traffic is  Can correlate information from multiple sensors to discover coordinated attacks  IPS needs to be tuned, and automatically denying traffic can be dangerous, use with care!

Basic Secure Network Design Host based protection for Servers and Workstations  Active Directory Policies Hardens machines against e.g. Denial of Service (DOS)  “Labrea” hosts  Windows Firewall Can turn off NetBios, LDAP etc via policy  Antivirus Also useful for alarms and backtracking outbreaks  Host Based IPS Also useful for alarms and backtracking outbreaks  Knowledgeable users!!!!!!

Testing Security-Assessment Network Security Assessment  Find Every Host  Find vulnerabilities  Test fail over scenarios  Review Logs and Event Handling  Check compliance with stated policy, e.g. password expiration

Testing Security-Penetration Test Exploit discovered vulnerabilities, no “false positives” Can find cracks in security design, e.g. non encrypted admin passwords to access patch server which are not normally monitored, can find flaws in web applications Also tests incident response Can be “Black Box”, “White Box” or “Grey Box”  Black Box-target is unaware and no information is supplied to pen tester  White Box-Pen tester and target cooperate  Grey Box-Some information is shared between pen tester and target

Q&A Questions?