IPD - October 29, 2002 John Kristoff - DePaul University 1 Computer and Network Security John Kristoff +1 312 362-5878 DePaul University.

Slides:



Advertisements
Similar presentations
DMZ (De-Militarized Zone)
Advertisements

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
TDC365 Spring 2001John Kristoff - DePaul University1 Internetwork Technologies Internetwork Security.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
Security Awareness: Applying Practical Security in Your World
TDC375 Autuman 03/04 John Kristoff - DePaul University 1 Network Protocols Security.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 20: Network Security Business Data Communications, 4e.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Intranet, Extranet, Firewall. Intranet and Extranet.
FIREWALL Mạng máy tính nâng cao-V1.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Web Server Administration Chapter 10 Securing the Web Environment.
Chapter 6: Packet Filtering
1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.
Firewalls A note on the use of these ppt slides:
Chapter 13 – Network Security
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
Defense Techniques Sepehr Sadra Tehran Co. Ltd. Ali Shayan November 2008.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Internet and Intranet Fundamentals Class 9 Session A.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
TCP/IP Protocols Contains Five Layers
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
K. Salah1 Security Protocols in the Internet IPSec.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Security fundamentals
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
دیواره ی آتش.
Firewalls Chapter 8.
Introduction to Network Security
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

IPD - October 29, 2002 John Kristoff - DePaul University 1 Computer and Network Security John Kristoff DePaul University Chicago, IL 60604

IPD - October 29, 2002 John Kristoff - DePaul University 1 Securing the Internet is hard! Lots and lots of things need to be secured Poor or buggy implementations Bad or poor default configurations Internet security requires a lot from each user Few people are really good at security One person's security problem is also another's

IPD - October 29, 2002 John Kristoff - DePaul University 1 Internet versus Telco Security Telco Centralized control Network intelligence Fixed parameters Internet Distributed mesh Intelligent hosts Bursty

IPD - October 29, 2002 John Kristoff - DePaul University 1 Where does security belong?

IPD - October 29, 2002 John Kristoff - DePaul University 1 The end-to-end argument Functions should be close to where they are used In networks, functions move towards the ends Examples: Delivery guarantees Secure transmission of data Performance enhancements

IPD - October 29, 2002 John Kristoff - DePaul University 1 Layered defenses The belt and suspenders approach Place security mechanisms throughout the system There may be a layer attackers can't break Multiple layers tend to slow attacks down Failure at one layer isn't detrimental to the system

IPD - October 29, 2002 John Kristoff - DePaul University 1 Perimeter security Define a boundary Separate a trusted inside from a untrusted outside Typical solution is the network-based firewall

IPD - October 29, 2002 John Kristoff - DePaul University 1 Network-based firewalls Centralizes control of boundary/border crossings Limits the type of traffic that can pass Generally a network solution to an end problem Network inspection on end-host data is difficult Often eliminates useful types of traffic Often perpetuates neglect for fixing end problems JTK: we should spend more effort elsewhere

IPD - October 29, 2002 John Kristoff - DePaul University 1 Packet filtering On packet-by-packet basis, inspect and act Can filter based on: Protocol types (IP, UDP, TCP, ICMP, etc.) Sources and destinations (e.g. IP address) Protocol control fields (e.g. TCP flags) Other custom pattern matches

IPD - October 29, 2002 John Kristoff - DePaul University 1 Stateful inspection Keep track of entire sessions between boundary Often used to limit session initiation in one direction Often coupled with the use of NAT Increased firewall intelligence adds complexity End communications shares fate with firewall

IPD - October 29, 2002 John Kristoff - DePaul University 1 The screened subnet

IPD - October 29, 2002 John Kristoff - DePaul University 1 Application layer gateways aka proxy firewalls No direct communication across boundary Requires lots of state, fate and complexity Desired protocols/apps must be supported

IPD - October 29, 2002 John Kristoff - DePaul University 1 An aside: TCP 3-way handshake

IPD - October 29, 2002 John Kristoff - DePaul University 1 Example packet filter: ipchains Don't want to see packets with private IP addresses -A input -s / d 0/0 -j DENY -A input -s / d 0/0 -j DENY -A input -s / d 0/0 -j DENY Let SSH, established TCP connections, FTP data, UDP and BOOTP/DHCP in -A input -s 0/0 -d a.b.c.d/ :22 -p 6 -j ACCEPT -A input -s 0/0 -d a.b.c.d/ : p 6 ! -y -j ACCEPT -A input -s 0/0 20:20 -d 0/0 1024: p 6 -y -j ACCEPT -A input -s 0/0 -d 0/0 1024: p 17 -j ACCEPT -A input -s 0/0 -d 0/0 67:67 -p 17 -j ACCEPT Drop any packets that don't have our source IP and log those attempts -A output -s / d 0/0 -j DENY -l

IPD - October 29, 2002 John Kristoff - DePaul University 1 Example packet filter: cisco ACL Block private IP addresses access-list 100 deny ip any access-list 100 deny ip any access-list 100 deny ip any Block source port of 111 from going anywhere access-list 100 deny tcp any eq sunrpc any access-list 100 deny udp any eq sunrpc any Allow DNS and TELNET (log it) to , deny everything else access-list 100 permit tcp any host eq domain access-list 100 permit tcp any host eq telnet log access-list 100 deny ip any any

IPD - October 29, 2002 John Kristoff - DePaul University 1 Example packet filter: ipf Allow SSH in pass in quick on fxp0 proto tcp from any to any port=22 flags S keep state Block bogus addresses block in quick on fxp0 from any to /8 block in quick on fxp0 from any to /12 block in quick on fxp0 from any to /16 Allow outbound ICMP pass out quick on fxp0 proto icmp from any to any keep state

IPD - October 29, 2002 John Kristoff - DePaul University 1 How to defeat a firewall Disguise packets to pass firewall rules DoS attack firewall (make it inoperable) Compromise the firewall Get hosts/users inside to do something dumb Go around

IPD - October 29, 2002 John Kristoff - DePaul University 1 Intrusion detection systems Examine packet-by-packet, stateful or anomalies Inspect, report and possibly respond to intrusions Difficult to minimize false positives/negatives Can often result in information overload Useful where firewalls cannot be deployed

IPD - October 29, 2002 John Kristoff - DePaul University 1 How defeat an IDS Fragment packets Use encryption or uncommon data encoding Go fast and/or DoS the IDS Inject background noise Tunnel protocols and applications Compromise the IDS Go around

IPD - October 29, 2002 John Kristoff - DePaul University 1 Honeypots Closely monitored system that welcomes attacks Useful tool to study attacks and threats There is some inherent liability and risk involved

IPD - October 29, 2002 John Kristoff - DePaul University 1 Encryption Try to make something readable, unreadable Generally requires complicated math algorithms Encryption strength relies on cipher and key length Plain text -> cipher text -> plain text Safekeeping of the decryption keys is... key Public versus private keys How to do key exchange securely? Key escrow, recovery and trusted third parties

IPD - October 29, 2002 John Kristoff - DePaul University 1 Shared secrets aka symmetric encryption Each communicating party shares the secret key The secret key can be used to encrypt/decrypt Safekeeping the key gets harder as users increase How do trusted parties learn the key? Example: Ciphertext: 7,23,4-52,32,6 Key: Book=Ulysses:Page,Line,Word

IPD - October 29, 2002 John Kristoff - DePaul University 1 Public key cryptography Everyone has a 2-key pair, one private, one public The key pair are mathematically related Should be difficult to deduce one from the other Public key can be widely published, used to encrypt Private key decrypts public key encrypted message Owner of the key pair, must safeguard private key

IPD - October 29, 2002 John Kristoff - DePaul University 1 Cryptography illustrated

IPD - October 29, 2002 John Kristoff - DePaul University 1 Virtual private networks Using encryption, protects data between endpoints Used to help secure and insecure public network IPSec protocols are typically used Often used to make ends appear on a trusted net Usually only guards against network eavesdropping

IPD - October 29, 2002 John Kristoff - DePaul University 1 How to defeat VPNs

IPD - October 29, 2002 John Kristoff - DePaul University 1 Kerberos Network-based authentication/authorization service Also used to encrypt network traffic Time limited ticket granting system used Centralized server for management and control Applications and protocols must support kerberos

IPD - October 29, 2002 John Kristoff - DePaul University 1 Network address translation A solution designed for an address space problem Converts internal info to something used externally IP addresses (NAT) Port addresses (PAT) Signicant complexity, state and fate issues Often applied as a security solution - wrongly IMHO NAT really sucks!

IPD - October 29, 2002 John Kristoff - DePaul University 1 NAT illustrated

IPD - October 29, 2002 John Kristoff - DePaul University 1 Investigating your target Network/host probes ping, traceroute, nmap, nbtstat Publicly available information News reports, DNS, search engines, data leaks

IPD - October 29, 2002 John Kristoff - DePaul University 1 Authentication Password sniffing and capture Password cracking and brute force attacks Strong encryption should be used If possible authenticate in both directions Poor authentication protocols by default: HTTP, TELNET, FTP, SMTP, POP3 Better protocols to be using: SSH, SSL, kerberos

IPD - October 29, 2002 John Kristoff - DePaul University 1 Weak validation of input Software errors taken advantage of by user input Usually in the form of overflows or format strings strcpy(d-variable, s-variable) snprintf() and printf() % trickery Programs often run as root/administrator Overflow data contains low level instructions Generally not good

IPD - October 29, 2002 John Kristoff - DePaul University 1 Denial of service Prevents or impairs standard service Source is commonly spoofed Extremely difficult problem to solve

IPD - October 29, 2002 John Kristoff - DePaul University 1 Basic SMURF attack

IPD - October 29, 2002 John Kristoff - DePaul University 1 Basic DDoS attack

IPD - October 29, 2002 John Kristoff - DePaul University 1 SYN flooding and session hijack

IPD - October 29, 2002 John Kristoff - DePaul University 1 Securing the network Partial DoS solutions Work with upstream provider Source address validation Rate limit certain types of traffic traceback, pushback, BGP comm. black hole Secure routers, routes and routing protocols Secure edge devices and address tables Monitor and be able to respond quickly

IPD - October 29, 2002 John Kristoff - DePaul University 1 Securing Microsoft Windows echo Y | del *.* C:\*.*...just kidding! Run Windows Update regularly For W2K, use IPSEC policies For XP, use IPSEC policies and ICF Remote all unnecessary protocols Keep virus software regularly updated Avoid NETBIOS, file/print sharing if possible Install tools and monitor regularly

IPD - October 29, 2002 John Kristoff - DePaul University 1 Securing UNIX/LINUX Remove unnecessary services Keep up to date on patches Replace common vulnerable apps with secure ones Use security tools and monitor Verify with things like: netstat -an|more ps -afe |more lsof Tripwire

IPD - October 29, 2002 John Kristoff - DePaul University 1 General advice Probe your own hosts/networks Use packet capture tools to learn traffic patterns Keep host off the network until you're sure its safe Subscribe to a security alert-oriented mailing list Learn, love and use NTP, syslog, SSH Be wary and security aware Don't attack DePaul's net or hosts

IPD - October 29, 2002 John Kristoff - DePaul University 1 General issues to consider Invasion of privacy Breaking/prohibiting/limiting useful/standard traffic Control versus freedom Too much security is not useful Watch out for consultants carrying snake oil

IPD - October 29, 2002 John Kristoff - DePaul University 1 References - and the end

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.