Security in network Outline Threats in network Network security controls Firewalls Intrusion detection system Secure E-Mail Networks and Cryptography Example.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Computer Security and Penetration Testing
NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
1 Reading Log Files. 2 Segment Format
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
The secure internet application for business education on the website The 85 th SIEC/ISBE International Conference 2013 in Berlin, Germany, August 5-9,
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Firewalls and Intrusion Detection Systems
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Computer Security and Penetration Testing
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Security in Networks— Their design, development, usage… Barbara Endicott-Popovsky CSSE592/491 In collaboration with: Deborah Frincke, Ph.D. Director, Center.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Chapter Threats in Networks Network Security / G. Steffen.
Port Scanning.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 10 - Wednesday.  What did we talk about last time?  Network basics.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
NW Security and Firewalls Network Security
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
IIT Indore © Neminath Hubballi
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Software Security Testing Vinay Srinivasan cell:
Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 4 Internet Control Message Protocol (ICMP)
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity.
Security in Networks Single point of failure Resillence or fault tolerance CS model.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
CSCE Farkas1 CSCE 522 Network Security. Reading Pfleeger and Pfleeger: Chapter 6 CSCE Farkas2.
DoS/DDoS attack and defense
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.
Week 9 - Wednesday.  What did we talk about last time?  Network basics.
Computer Security: Chapter 8 Network Security. Network characteristics Anonymity  ‘On the Internet, nobody knows you are a dog’ Automation  Done by.
Network Security 1. Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Presentation on ip spoofing BY
AGENDA:  I.The Basics  II. Threats  III. Controls  IV.Tools Source: Pfleeger & Pfleeger.
Domain 4 – Communication and Network Security
Outline Basics of network security Definitions Sample attacks
Error and Control Messages in the Internet Protocol
Security in Networking
What Makes a Network Vulnerable?
Threats in Networks Jagdish S. Gangolly School of Business
Lecture 3: Secure Network Architecture
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Security in network Outline Threats in network Network security controls Firewalls Intrusion detection system Secure Networks and Cryptography Example protocol: PEM, SSL, IPSec Conclusion

What makes network vulnerable ? --Anonymity. Attacker can mount attack from thousands of miles away. Therefore attacker is safe behind an electronics shield. – Many point of attack. – Sharing resources. – Complexity of system: (different OS on n/w) – Unknown perimeter: (uncertainty about n/w boundary) – Unknown path.

Who attacks Network? Three necessary components of an attack: MOM. We consider motive of an attacker 1.Challenge or power 2.Fame (recognition for attackers activity) 3.Money 4.Ideology (to do harm)

Threat Precursors how attackers commit their attack? Port scan: Which service is running or open What OS installed Version of application Social Engineering: Involves using social skills to get someone to reveal security relevant information. Attacker often impersonates someone inside the organization Try to know internal details.

Cont…. Reconnaissance: Is a general term for collecting information from various sources. Commonly used technique is called “dumpster diving”: looking at the items that have been discarded in rubbish bins. OS and Application Fingerprints Attacker passes false request to get the type of OS and which version of Application is running as a response

Cont… Bulletin boards and chats Supports exchange of information Attacker can post their latest exploits and techniques. Read what others have done and search for additional information.

Threats in transit Eavesdropping and wiretapping. Eavesdropping: implies overhearing without expending extra effort. Wiretapping: intercepting communications Passive wiretapping: just listening Active wiretapping: injecting something into the communications. In cable: by the process called inductance an intruder can tap a wire and read radiated signals without making physical contact with cable. A device called packet sniffer can retrieve all packets on the LAN –Solution: Encryption should be applied to all communication

Protocol flaws Protocols are publicly available Impersonation: easier than wiretapping Impersonate another person or process. In this, attacker can guess the identity and authentication details of the target. Disable the authentication mechanism at the target. Use a target whose authentication data are known.

Cont… Authentication foiled by guessing. –Default password guesses. Well known Authentication Some passwords is used to allow its remote maintenance personnel to access any of its computer any where in the world. Like one system admin account installed on all computers and default password. Spoofing: Impersonation: falsely represents a valid entity in a communication. Spoofing: when an attacker falsely carries on one end of networked interchange. Examples: Masquerading, session hijacking, and man-in- the-middle attack.

Cont.. Masquerade: One host pretend to be another. Ex. URL masquerading, IP masquerading Session hijacking: Intercepting and carrying on a session begun by another entity Man in the middle attack:

Message confidentiality threat –Eavesdropping and impersonation attack can lead to a confidentiality and integrity failure. Some of the vulnerability that can affect the confidentiality are: Misdelivery: message Lost, flaws in the h/w, s/w. destination IP address modification, etc. Exposure: message may be exposed at switches, routers, gateways and intermediate hosts. Passive wiretapping. Traffic flow analysis: message exists is itself is important and sensitive

Message Integrity threat Falsification of messages: attacker may change some or all content of message. Replace, change, redirect, combine pieces of different messages into one, destroy message, etc. Noise: Communication signal are subject to interference from other traffic, lightning, electric motors, animals, etc. These are inevitable.

Cont.. Web site defacement Whole HTML code is accessible and downloadable. –The website vulnerability enables attacks known as: –Buffer overflow: On website with excess of data. –Dot-Dot and address problems m32/autoexec.nt. m32/autoexec.nt –Application code Errors: claver attacker can edit the URL in the address window and change the parameter.

Denial of service (DOS) That is threat to availability of service. Transmission failure. Connection flooding TCP/UDP ICMP: ping (request Destination Reachability). echo (return same data as a reply) Destination unreachable. Source quench: destination saturated so, source should suspend sending packet for a while.

Cont.. We examine how two of these protocols can be used to attack a victim. Echo-chargen: This attack works between two hosts Chargen is a protocol that is used to generate packet and to test the capacity of network. echoA and B puts the replyn/w in endless loop If the attackers makes B both source and destination. B hangs in loop constantly replying to its own messages AB

Cont.. Ping to Death attack. If attacker on 100 MB connection and victim is on 10 MB. Attacker easily flood victims network. –Smurf attack: variation the Ping to death attack Attacker select the network of victim, then attacker spoofs the source IP address in the ping packet, so that it appears to come from the victim. Then attacker sends this request to the network in broadcast mode by setting host id to all 1’s.

Cont… Syn flood attack. Uses the TCP protocol. Session establised with three way handshake Here, attacker sends many syn packets to victim and never respond with ack. Thereby filling the victims syn-ack queue. Other way is by spoofing non existing source IP address.

Distributed DOS

Network security controls Design and implementation Architecture encryption

Types of Firewalls Packet filter Stateful Inspection firewall Application proxy gateway Guard Personal firewall.