Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112 Tel: X

Network Security Class National Chung Cheng University 2 We Are in Dangerous Zone! Insider Outsider Insider Outsider Unstructured Structured Unstructured Structured CERT: Computer Emergency Response Team

Network Security Class National Chung Cheng University 3 Attack Motivations, Phases and Goals Revenge Political activism Financial gain Data manipulation System access Elevated privileges Deny of Service Collect Information Public data source Scanning and probing Collect Information Public data source Scanning and probing Actual Attack  Network Compromise  DoS/DDoS Attack Bandwidth consumption Host resource starvation Actual Attack  Network Compromise  DoS/DDoS Attack Bandwidth consumption Host resource starvation Analyze Information & Prepare Attacks Service in use Known OS/Application vulnerability Known network protocol security weakness Network topology Analyze Information & Prepare Attacks Service in use Known OS/Application vulnerability Known network protocol security weakness Network topology Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses Author: Ed Skoudis; Publisher: Prentice Hall; ISBN

Network Security Class National Chung Cheng University 4 Tools, Tools, Tools Reconnaissance Nslookup Whois ARIN Dig Target Web Site Others Network Scanning Telnet Nmap Hping2 Netcat ICMP: Ping and Traceroute Vulnerability Assessment Nessus SARA Penetration Tool “Penetration Studies – A Technical Overview” GSEC SANS GIAC Certification: Security Essentials Toolkit Author: Eric Cole et al. ISBN

Network Security Class National Chung Cheng University 5 Hacker v.s. Cracker Cracker ( 怪客 ): Someone who tries to break the security of, and gain access to, someone else's system without being invited to do so.  怪客注重於入侵、破壞與偷取資料，在網路上恣意的攻擊別人。  網路上流傳著不少 Crack 程式 ( 常被誤稱為 “ 駭客軟體 ”) ，都是被怪客 們惡意釋出，擾亂網路上的秩序。  大眾媒體所指的駭客其實就是指這些擁有高度知識的怪客。 Hacker ( 駭客 ): Someone with a strong interest in computers, who enjoys learning about them and experimenting with them.  不會故意毀壞他人主機中的資料。  駭客入侵電腦的目的，只為證實防護安全上的漏洞確實存在。且 在入侵之後，會寄出一封 給該網站擁有最高權限的管理者， 告知管理者該漏洞的所在。

Network Security Class National Chung Cheng University 6 Dollar Amount of Losses by Type in 2003 Source: CSI/FBI 2003 Computer Crime and Security Survey The total annual losses reported in the 2003 survey were $201,797,340.

Network Security Class National Chung Cheng University 7 Denial of Service (DoS) The prevention of authorized access to a system resource or the delaying of system operations and functions (by RFC2828).  IETF: The Internet Engineering Task Force  RFC: Request for Comments Modes of Attack  Consumption of Scarce Resources Network Connectivity Using Your Own Resources Against You Bandwidth Consumption Consumption of Other Resources  Destruction of Alteration of Configuration Information  Physical Destruction or Alteration of Network Components

Network Security Class National Chung Cheng University 8 Building Security Perimeter The boundary of the domain in which a security policy or security architecture applies (by RFC2828) Components  Firewall  Virtual Private Network (VPN)  Intrusion Detection System (IDS) Defense in depth  Multiple layers of protection to prevent and mitigate security accidents, a event that involves a security violation. Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPN's), Routers, and Intrusion Detection Systems Author: Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Kent Frederick, et al.; ISBN

Network Security Class National Chung Cheng University 9 Firewall An gateway that restricts data communication traffic to and from one of the connected networks (the one said to be "inside" the firewall) and thus protects that network's system resources against threats from the other network (the one that is said to be "outside" the firewall). Access Control List (ACL): A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resource. Outside Inside ACL

Network Security Class National Chung Cheng University 10 Intrusion Detection System (IDS) A security service that monitors and analyzes system events for the purpose of finding, and providing real- time or near real- time warning of, attempts to access system resources in an unauthorized manner. (RFC2828) Types of IDS:  Host-based: operate on information collected from within an individual computer system.  Network-based: listen on a network segment or switch and detect attacks by capturing and analyzing network packets.

Network Security Class National Chung Cheng University 11 Virtual Private Network (VPN) The VPN is a data network connection that makes use of the public communication infrastructure, but maintains privacy through the use of a tunneling protocol and security procedures. Net, Net and Net  Intranet: VPN facilitates secure communications between a company's internal departments and its branch offices.  Extranet: Extranet VPNs between a company and its strategic partners, customers and suppliers require an open, standards-based solution to ensure interoperability with the various solutions that the business partners might implement.  Internet: A global and public network connecting millions of computers.

Network Security Class National Chung Cheng University 12 Financial Losses by Type of Attack in 2002  Firewall  AAA  VPN  Anti-virus  Intrusion Detection $Million Source 2002 CSI/FBI Survey 100% security is impossible; Security can only mitigate, but not eliminate Authentication: "Are you who you say you are?" Authorization: "Can you do that?" Accounting: "What did you do?" RADIUS: Remote Authentication Dial-In User Service