Presentation is loading. Please wait.

Presentation is loading. Please wait.

CORE Security Technologies

Published byCatherine Lévesque Modified over 5 years ago

Similar presentations

Presentation on theme: "CORE Security Technologies"— Presentation transcript:

1 CORE Security Technologies
                                                                                                                                                                                                                                                                                                                     Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies

2 Common IS Threat Mitigation Strategies: An overview of common detection and protection technologies
AGENDA Intro Securing the Perimeter Intrusion Detection Intrusion Prevention The New Perimeter Q & A

3 A risk management approach to security
WHY MITIGATE? Modern networks are complex systems Each node has specific security characteristics Nodes interact with each other Subject to constant change (business driven) Security as an emergent characteristic Focus on risk 100% bulletproof is an utopian dream As countermeasures and protection mechanisms evolve, attacks evolve too

4 Friends in, Foes out. Defining and securing the network perimeter
SECURING THE PERIMETER

5 Packet filters can control which packets are allowed to get through the firewall and which are not
Rules based on individual packets Real fast Most popular routers incorporate this functionality Stateful packet filter Rules can refer to established sessions or flows Very fast Most modern firewalls are stateful SYN | port 80 SYN | ACK | ISN# 2222 ACK #2222 | port 80 | data ACK #bbbb| data

6 APPLICATION LAYER FIREWALLS
Application layer firewalls provide a more granular control of networked applications and services APPLICATION LAYER FIREWALLS Police traffic at the application layer Pros Rules refer to specific services Can spot protocol deviations and abuses Very granular control on protocol specifics (deny FTP anonymous login, disable unused SMTP commands, block “ ‘ “ in HTTP form fields) Cons Resource intensive Tough to keep up with app-layer protocols BLOCKED! HTTP Response HTTP GET /null.printer HTTP GET /index.html HTTP GET /index.html HTTP Response

7 Dividing the network in different physical segments has many advantages
NETWORK SEGMENTATION Assigning trust to network segments Pros Reduces “attack surface” at many levels Contains or limits successful intrusions Provides control and audit capabilities for internal traffic Cons Tough to configure and manage if the network is very dynamic Strict performance requirements

8 A classic segmentation example: the DMZ
NETWORK SEGMENTATION (2)

9 Intrusion Detection Systems passively monitor the network’s operation for attacks and anomalies
Monitor the network for security events Intrusion attempts Successful attacks Anomalies Forensics Network audit trail Internally deployed Detect anomalies within the perimeter Externally deployed Measure threat (?)

10 There are many different IDS technologies being developed today
INTRUSION DETECTION STRATEGIES Signature based Watches for known attacks (signatures) Can detect some well defined anomalies Anomaly Watches for anomalies (not known attacks) Self learned (adapts to the network) / Programmed (follows defined rules) Host based Sensor sits in monitored host Network based Sensor sits on network Hybrids

11 Each one of these technologies has limitations
INTRUSION DETECTION LIMITATIONS Signature based Can only detect known attacks (sometimes only specific attack incarnations) Must be constantly updated Anomaly Cannot easily absorb change Some attacks are hard to separate from legitimate traffic Host based Requires widespread deployment of sensor/agent (hard to manage / expensive) Introduces complexity into end-systems Network based Vulnerable to differences in TCP/IP implementations

12 Intrusion Prevention generates and active response to intrusion events
Responds actively to security events Terminates network connections Communicates with the firewall / switch to disconnect / block attacker Terminates compromised process Pros Doesn’t require human attention (?) Can preemptively block known intrusion attempts Cons Doesn’t require human attention (!) Can block legitimate use Can be turned into a DoS (remember spoofing)

13 Several different intrusion prevention strategies at the host level are being developed
HOST IPS Code injection protection / mitigation Non executable stack (Sun Solaris) Non writeable code segment, non executable everything else (OpenBSD, Linux w/GR Security, Windows XP sp2 w/AMD64) Address randomization (OpenBSD, GR Security) Containment Chroot jails (POSIX) System call policing, systrace (OpenBSD, NetBSD) Privilege separation (OpenBSD)

14 The concept of a network perimeter is coming to an end
THE NEW PERIMETER Peer 2 Peer HTTP tunneling SSL Instant messaging Rich clients

15 Personal firewalls bring packet filtering to the workstation
Polices traffic coming in and going out the workstations Adds the application dimension to the rules Dynamically configurable Starts to borrow capabilities from IPS

16 Q & A

17 Maximiliano Caceres | max@coresecurity.com http://www.coresecurity.com
Thank You! Maximiliano Caceres |

Download ppt "CORE Security Technologies"

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls.

Firewalls.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls CS591 Topics in Internet Security November 15 1999 Steve Miskovitz, Steve Peckham, Kan Hayashi.

Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Department Of Computer Engineering

Department Of Computer Engineering
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Sales Kickoff - ARCserve

Sales Kickoff - ARCserve

Similar presentations

Ads by Google