Practical Network Security: Experiences with ntop Luca Deri Stefano Suin.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Computer Security and Penetration Testing
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Guide to Network Defense and Countermeasures Second Edition
1 Reading Log Files. 2 Segment Format
IP Network Scanning.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer Security and Penetration Testing
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
Penetration Testing Security Analysis and Advanced Tools: Snort.
E0: Unix System Administration AfNOG 2006 Nairobi, Kenya Security introduction Brian Candler Presented by Hervey Allen.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Network Packet Generator Midway presentation Supervisor: Mony Orbach Presenting: Eugeney Ryzhyk, Igor Brevdo.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
DoS Seminar 2 Spoofed Packet Attacks and Detection Methods By Prateek Arora.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network Security Lecture 6 Presented by: Dr. Munam Ali Shah.
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
1 Guide to Network Defense and Countermeasures Chapter 9.
Linux Networking and Security
Chapter 2 Scanning Last modified Determining If The System Is Alive.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Network Security: Lab#5 Port Scanners and Intrusion Detection System
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
Snort - Lightweight Intrusion Detection for Networks YOUNG Wo Sang Program Committee, PISA
Retina Network Security Scanner
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
DoS/DDoS attack and defense
Intrusion Detection System
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Quiz 2 -> Exam Topics Fall Chapter 10a - Firewalls Simple Firewall - drops packets based on IP, port Stateful - Keeps track of connections, set.
Scanning.
or call for office visit,
Network and Port Scanning Chien-Chung Shen
An Introduction To Gateway Intrusion Detection Systems Hogwash GIDS Jed Haile Nitro Data Systems.
Intrusion Detection Systems: Snort & Tripwire Becky Newell-Nicosia June 4, 2004 COEN 150.
Top 5 Open Source Firewall Software for Linux User
or call for office visit, or call Kathy Cheek,
Managing Secure Network Systems
(see also Q1 and Q2 Topics)
or call for office visit,
Domain 4 – Communication and Network Security
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Security introduction
Intrusion Detection Systems (IDS)
Security.
Operating System Concepts
Class 3: Embedded TCP/IP Concepts
Presentation transcript:

Practical Network Security: Experiences with ntop Luca Deri Stefano Suin

Terena 2000Practical Network Security2 Daily Network Security Problems Frequent security violations. Need to detect unauthorized services installed by users. Who is generating suspicious traffic? Identification of misconfigured and faulty hosts.

Terena 2000Practical Network Security3 What Do We Need ? Traffic measurement. Traffic characterisation and monitoring. Detection of network security violations. Network optimisation and planning.

Terena 2000Practical Network Security4 What’s available on the Internet? Tcpdump, NeTraMet and RMON should be used by experts and are really not suitable for security problems. NFR and Snort are good, but they control only what is specified (Misuse Detection IDS).

Terena 2000Practical Network Security5 Requirements: Security Ability to automatically (i.e. no configuration) detect common network problems. Track ongoing attacks and identify potential security holes. Rule language for advanced intrusion detection.

Terena 2000Practical Network Security6 Welcome to ntop

Terena 2000Practical Network Security7 ntop Architecture

Terena 2000Practical Network Security8 Ntop Security Features TCP/IP Stack Verification. Application Misuse. Intruders Detection.

Terena 2000Practical Network Security9 TCP/IP Stack Verification [1/2] Invalid packets (ping of death, WinNuke). Stealth Scanning. Improper TCP Three Way Handshaking (e.g. queso/nmap OS Detection). Synflood.

Terena 2000Practical Network Security10 TCP/IP Stack Verification [2/2] Overlapping Fragments. Peak of RST Packets. Unexpected SYN/ACK (sequence guessing) and SYN/FIN (portscan) packets. Smurfing (ICMP to broadcast address).

Terena 2000Practical Network Security11 Application Misuse Buffer Overflow. Unauthorised Application Usage (e.g. Napster, ICQ). Misconfigured Applications (e.g. peak of DNS, NTP requests).

Terena 2000Practical Network Security12 Intruders Detection Trojan Horses (e.g. BO2K). Spoofing (more MAC addresses match the same IP address). Spy Detection (neped). Network discovery (via ICMP, ARP).

Terena 2000Practical Network Security13 Ntop IDS Rules icmp route-advertisement ICMP_REDIRECT !gateway/any action alarm tcp root-ftp any/ftp any/any contains "230 User root logged in." action alarm udp new-port-open any/any any/!usedport action alarm

Terena 2000Practical Network Security14 Ntop Availability Home Page: Platforms: Win32 and Unix. License: Gnu Public License (GPL).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.