G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.

Slides:



Advertisements
Similar presentations
IPSec.
Advertisements

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Firewalls and Intrusion Detection Systems
Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Internet Protocol Security (IPSec)
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
FIREWALL Mạng máy tính nâng cao-V1.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Chapter 6: Packet Filtering
Chapter 13 – Network Security
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Security Data Transmission and Authentication Lesson 9.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
CompTIA Security+ Study Guide (SY0-401)
CSE 4905 IPsec.
Encryption and Network Security
IT443 – Network Security Administration Instructor: Bo Sheng
Domain 4 – Communication and Network Security
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
CompTIA Security+ Study Guide (SY0-401)
Virtual Private Networks (VPNs)
دیواره ی آتش.
Presentation transcript:

G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey

G53SEC Overview of Today’s Lecture: Threat Models Communication Models Protocol Design Principles IPSec SSL/TLS DNS Firewalls IDS Honeypots 2

G53SEC Introduction: Networks Data sent from one node to another Network protocols - transmission and its problems OSI security architecture Access Control – Firewalls Intrusion Detection Systems 3

G53SEC Threat Models: Passive attackers - eavesdropping / wiretapping / sniffing - Traffic Analysis Active attackers - Spoofing attacks (Phishing, ) e.g. messages come from false sender - Squatting attacks (Phishing) e.g. attacker claims to be at victim’s location 4

G53SEC Communication Models: In formal protocol analysis (Traditional perspective) - internet – cloud - messages can be seen/modified by anyone Not best model for all security issues In security analysis - Adversary can only read messages directly addressed to him/her - can spoof addresses 5

G53SEC Examples of Security Analysis: TCP SYN flooding - attacker initiates genuine connection but immediately breaks it - attacker never finishes 3 way handshake - victim is busy with the timeout - attacker initiates large number of SYN requests - victim reaches its half-open connection limit - Denial of service 6

G53SEC Protocol Design Principles: Open Systems Interconnection model Framework for layering network protocols 7 layers 7 OSI model Application Presentation Session Transport Network Link Physical

G53SEC Background on IP Security: IP connectionless and stateless provides a best-effort service no guaranteed delivery of packets no mechanism for maintaining order NO security protection (IPv4) In IPv6 – security architecture - IPsec 8

G53SEC IP Security: Optional in IPv4 and mandatory for IPv6 2 major security mechanisms - IP Authentication Header - IP Encapsulation Security Payload Does not contain mechanism to prevent traffic analysis 9

G53SEC IP Security – Authentication Header: Protects the integrity and authentication of IP packets Does not protect confidentiality 10

G53SEC IP Security – Authentication Header: - Protects the integrity and authentication of IP packets - Does not protect confidentiality IP Security – Encapsulating Security Payloads: Provides: - confidentiality - data origin authentication - some replay protection - limited traffic flow confidentiality Achieved by encryption of payload 11

G53SEC IP Security – Encapsulating Security Payloads: transport mode - a protocol frame is encapsulated - and encrypted - provides end-to-end protection of packets - end hosts need to be IPsec aware 12

G53SEC IP Security – Encapsulating Security Payloads: tunnel mode - entire datagram treated as new payload - can be thought of as IP within IP - can be performed at security gateways - host need not be IPsec aware - provides traffic flow confidentiality 13

G53SEC IP Security: IPsec services use encryption But are not tied to one particular key management protocol Considers possibility of future flaws Summary IPsec provides transparent security for everyone using IP, without changing interface of IP Provides host-to-host security but with an overhead 14

G53SEC Secure Socket Layer/ Transport Layer Security: SSL Sits between application layer and TCP Relies on properties guaranteed by TCP Stateful and connection oriented Contains handshake protocol where client and server agree on cipher suite This is then used for secure transmisison Most widely used Internet security protocol 15

G53SEC Domain Name System (Background): – Domain namewww.nottingham.ac.uk – IP address Translation of domain name to IP address – DNS Information maintained by DNS servers DNS lookup – name -> IP address DNS reverse lookup – IP address -> name 16

G53SEC Domain Name System – Security Issues: Attacker can corrupt DNS information thus can redirect users to fake sites or make sites seem unavailable – DoS attack This gets even worse when corruption is propagated between DNS servers Work on secure DNS service (DNSEC) underway 17

G53SEC Introduction to Firewalls: Cryptographic mechanisms – confidentiality and integrity Authentication protocols – verify sources of data Access control at network level – firewalls Firewall “A network device controlling traffic between two parts of a network” 18

G53SEC Firewalls: Generally installed between LAN and Internet or between different LANs or on individual hosts Should control traffic to and from a protected network But ALL traffic has to go through it in order for it to be effective e.g. issues with Wifi LANs and Mobile Ad Hoc Networks 19

G53SEC Firewalls: Defend a protected network against parties accessing services that should only be available internally Can also restrict access from inside to outside services (e.g. IRC, P2P) Virtual Private Network - A secure connection between two gateways Network Address Translation - hides internal machines with private addresses 20

G53SEC Firewalls: Packet filters: - Specify which packets are allowed or dropped - Rules based on source and destination IP address - and TCP and UDP port numbers - possible for both inbound and outbound - Can be implemented in a router examining packet headers 21

G53SEC Firewalls: -Packet filters - Issues: - Only crude rules enforced - Certain common protocols are difficult to handle - We can have blanket rules (e.g. block all port 21 traffic) - We cannot have dynamically defined rules -Stateful Packet filters: - Consider FTP example - Understand requests and replies - e.g. FTP client (connect to 21, receive from 20) - Can support policies for a wider range of protocols than simple packet filters iptables – a Linux implementation 22

G53SEC Firewalls: Application-Level Proxies: - Client - > Server - Client -> Proxy -> Server-> Proxy -> Client - Another instance of controlled invocation e.g. Mail proxy – filters s for spam, viruses, etc… - Proxy server – only entity seen by the outside world - Transparent to users 23

G53SEC Firewalls: Application-Level Proxies: - Typically run on a hardened PC - Provide close control over content - Offer high level of security Issues - Large overhead per connection - More expensive than packet filters - Configuration complex - A separate proxy server required for each service to be protected 24

G53SEC Firewalls: Policies: Permissive – allow everything except dangerous services - easy to make a mistake or forget something Restrictive – block everything except designated useful services - More secure but if blocked something that is needed – DoS 25

G53SEC Firewalls: Location of firewall important But there are inherent firewall issues No protection against insider threats Encrypted traffic cannot be examined 26

G53SEC Intrusion Detection Systems -- Background: Cryptographic mechanisms help, but… Impossible to prevent all attacks DoS attacks Insider Attacks Badly configured firewalls Already happening attacks not detectable -> Intrusion Detection Systems 27

G53SEC Intrusion Detection Systems: Consists of a number of sensors (network or host) Sensors collect various data Data is analysed Intrusion reported and possibly reactions triggered 28

G53SEC Intrusion Detection Systems: Misuse Detection - looks for attack signatures - signatures – patterns of network traffic - e.g. no. of failed login attempts - only as good as its database of attack signatures - new attacks -> signature needs to be created - IDS needs to update its database 29

G53SEC Intrusion Detection Systems: Anomaly Detection - Statistical / Behaviour-based detection - uses statistical techniques - first ‘normal’ behaviour is established as baseline - during operation if behaviour of monitored system deviates from baseline and exceeds a threshold -> -> alarm is issued 30

G53SEC Intrusion Detection Systems: Anomaly Detection - Possibility of detecting novel attacks - However only detects anomalies - Anomaly is not necessarily an attack - Attack is not necessarily anomalous - False positives (false alarm) - False negatives (attack detected as normal) 31

G53SEC Intrusion Detection Systems: Network based IDS - attack signatures of network traffic - e.g. SNORT, Firestorm Host Based IDS - attack signatures from system activity Most effective IDS systems to date combine the two. 32

G53SEC Vulnerability Assessment and Honeypots: Vulnerability Assessment - examines the security state of a network or a host - info on open ports, package version, etc.. Honeypots - a resource to track attackers and to learn and gather evidence about their activities - designed to mimic real systems - low and high interaction honeypots 33

G53SEC 34 Summary: Networking Protocols Firewalls Intrusion Detection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.