Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nertwork Security.

Published byBeatrice Mosley Modified over 6 years ago

Similar presentations

Presentation on theme: "Nertwork Security."— Presentation transcript:

1 Nertwork Security

2 Security in the networks
Bank fraud Politics Stealing credit card numbers Commercial espionage Hacktivism Cracker “having fun” Changing grades Wars (Cyberwarfare) SHARE or PROTECT?

3 Goals of Security Confidentiality Integrity Availability
Only authorized entities have access to a system Integrity The information can be altered in an authorized and in acceptable manner Availability Services and data can be accessed by authorized users and processes when they need them

4 Goals of Security Confidentiality Integrity Availability SECURE

5 Balance is not easy Connectivity Performance Easy to use Manegeable Availability Authentication Authorization Accounting Confidentiality Integrity

6 Key elements

7 It is not all about hardware and software
“...no product or combination of products will create a secure organization by itself. Security is a process; there is no tool that you can 'set and forget'. All security products are only as secure as the people who configure and maintain them...” John Mallery (BKD, LLP) Security is a process not a product Bruce Schneier

8 These days are long gone

9 Vulnerable networks Anonymity Multiple points of attack Sharing
Sources and targets Sharing Many authorized users Many systems Complex systems Designed without security in mind (ie: Desktop) Confused perimeters No borders Multiple routes and unknown Internet Protocols

10 Technological weaknesses
Protocols TCP/IP 1981 Operating Systems Devices Wireless 802.11 Bluetooth

11 Configuration weaknesses
Unsafe user accounts Weak passwords Not properly configured Internet services Default configuration Bad configuration/administration of network devices

12 Processes and Policies weaknesses
Not well written and described policies Lack of continuity Access controls not applied Careless instalation of software and hardware Absence of a Distater Recovery Plan

13 Attack: Preliminary steps

14 Reconnaissance Militar and medical term Exploration to obtain information Before any attack Obtain as much information as possible of the victim Many ways to do this ….... ….. and not all are technical

15 Reconnaissance: Port scanning
Check which ports are open in a machine Services with network connection Other valuable information Operating System Application versions Nmap, netcat, scapy, etc

16 Reconnaissance: Social Engineering
Port scanning give an external view Social Engineering gives an internal point of view Passwords IP addresses Dates Acting skills Simpathy, pity, fear, etc.

17 Reconnaissance: Intelligence Gathering
“Dumpster diving” Network diagrams Code Server, routers configuration Eavesdropping Machines and people

18 Reconnaissance: Intelligence gathering
Forums People ask questions I have a X 2.3 server. How I configure the Web service? Documentation Manufacters make it available on line

19 Reconnaissance: Identification
Fingerprinting Operating Systems and applications Maker, version Operating System Each TCP/IP is different Standards specify the WHAT no the HOW Tools Nmap, nessus, netcat

20 Spoofing Situation in which one person, program or
Machine successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage

21 Quick TCP/IP Review (Internet)

22 Do you Identify these attacks? How do carry them out?
Denial Of Service (DOS) Ping of Death SYN Flood

23 Communication Internet

24 Communication Internet

25 TCP/IP Transmission Control Protocol/Internet Protocol
Several protocolos Stack, Suite Neurological system of the Internet Designed more than 30 years ago To understand vulnerabilities and attacks

26 OSI & TCP/IP models IP

27 TCP/IP addresses Procesos SCTP TCP UDP IP Acceso al medio

28 TCP/IP Addresses MAC (Layer 2) Identifies a machine in a local network
48 bit number C4:FA:55:6B:C2:76 IP (layer 3) Identifies a machine in the Internet 32 bit number Puerto (Layer 4) Identifies an application running in a machine 16 bit numbre

29 Communication in a local network
Forouzan TCP/IP

30 Communication in Internet
Forouzan TCP/IP

31 ARP (Address Resolution Protocol)‏
Forouzan TCP/IP

32 In the Net ….. Data Hello world! FCS Dest MAC Dest Port Source Dest IP

33 PDU (Protocol Data Unit)‏

34 IP (Internet Protocol)‏
Connectionless protocol Send independent packets Datagrams No guarantee of delivery “best effort” Each packet is routed independently of others Eventhough they belong to the same message

35 IP Header Forouzan TCP/IP

36 Fragmentation IP Datagram (maximum length = 65535 bytes)
Header Trailer Layer 2 data (Ethernet, wif, etc)

37 MTU (Maximum Transfer Unit)
Token Ring (16 Mbps) → bytes Token Ring (4 Mbps)) → bytes PPP → 296 bytes Ethernet → bytes → bytes

38 Fragmentation

39 Process to process communication
Internet

40 Operating System and TCP/IP Stack
Applications and Port Numbers Operating System and TCP/IP Stack App 1 Port 176 App 2 8176 App N 32675 Data Port # Data IP dest addr Port # Data

41 TCP Header Forouzan TCP/IP

42 TCP connection establishment
3 way handshake

43 TCP Connection Termination
Four way handshake

44 UDP (User Datagram Protocol)‏
Connectionless protocol Each segment is idependent Eventhough they can belong to the same message No guarantee of delivery No overhead due to timers and ACKs Faster than TCP Designed for applications where partial loss of data is not relevant

45 UDP Header Forouzan TCP/IP

46 Scope of IP and TCP Internet

Download ppt "Nertwork Security."

Similar presentations

CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Introduction To Networking

Introduction To Networking
1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:
CS 356 Systems Security Spring 2015 Dr. Indrajit Ray

CS 356 Systems Security Spring Dr. Indrajit Ray
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
G64INC Introduction to Network Communications Ho Sooi Hock Internet Protocol.

G64INC Introduction to Network Communications Ho Sooi Hock Internet Protocol.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.

1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Transport Layer Layer #4 (OSI-RM). Transport Layer Main function of OSI Transport layer: Accept data from the Application layer and prepare it for addressing.

Transport Layer Layer #4 (OSI-RM). Transport Layer Main function of OSI Transport layer: Accept data from the Application layer and prepare it for addressing.

Similar presentations

Ads by Google