1. Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112 Tel: X33512 Email: bcheng@ccu.edu.tw

2. 2 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University http://www.andrew.cmu.edu/course/95-753/lectures/MooreTalkCERT-combined.pdf We Are in Dangerous Zone! Insider Outsider Insider Outsider Unstructured Structured Unstructured Structured CERT: Computer Emergency Response Team http://www.cert.org/

3. 3 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

4. 4 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

5. 5 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Attack Motivations, Phases and Goals Revenge Political activism Financial gain Data manipulation System access Elevated privileges Denial of Service Collect Information Public data source Scanning and probing Collect Information Public data source Scanning and probing Actual Attack  Network Compromise  DoS/DDoS Attack Bandwidth consumption Host resource starvation Actual Attack  Network Compromise  DoS/DDoS Attack Bandwidth consumption Host resource starvation Analyze Information & Prepare Attacks Service in use Known OS/Application vulnerability Known network protocol security weakness Network topology Analyze Information & Prepare Attacks Service in use Known OS/Application vulnerability Known network protocol security weakness Network topology Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses Author: Ed Skoudis; Publisher: Prentice Hall; ISBN 0130332739

6. 6 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Tools, Tools, Tools Reconnaissance Nslookup Whois ARIN Dig Target Web Site Others Network Scanning Telnet Nmap Hping2 Netcat ICMP: Ping and Traceroute Vulnerability Assessment Nessus SARA Penetration Tool http://www.sans.org/rr/papers/index.php?id=267 “Penetration Studies – A Technical Overview” GSEC SANS GIAC Certification: Security Essentials Toolkit Author: Eric Cole et al. ISBN 0789727749

7. 7 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

8. 8 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

9. 9 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

10. 10 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

11. 11 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Firewall An gateway that restricts data communication traffic to and from one of the connected networks (the one said to be "inside" the firewall) and thus protects that network's system resources against threats from the other network (the one that is said to be "outside" the firewall). Access Control List (ACL): A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resource. Outside Inside ACL http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf

12. 12 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Intrusion Detection System (IDS) A security service that monitors and analyzes system events for the purpose of finding, and providing real- time or near real- time warning of, attempts to access system resources in an unauthorized manner. (RFC2828) Types of IDS:  Host-based: operate on information collected from within an individual computer system.  Network-based: listen on a network segment or switch and detect attacks by capturing and analyzing network packets. http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf

13. 13 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

14. 14 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

15. 15 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University IPSec vs. SSL IPSec (Internet Protocol Security)  Tunnel between the two endpoints  Works on the Network Layer of the OSI Model- without an association to any specific application.  When connected on an IPSec VPN the client computer is “virtually” a full member of the corporate network- able to see and potentially access the entire network  The majority of IPSec VPN solutions require third-party hardware and / or software SSL  A common protocol and most web browsers have SSL capabilities built in.  More precise access control  Only work for web-based applications and possible to web-enable applications

16. 16 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Financial Losses by Type of Attack in 2002  Firewall  AAA  VPN  Anti-virus  Intrusion Detection $Million Source 2002 CSI/FBI Survey 100% security is impossible; Security can only mitigate, but not eliminate Authentication: "Are you who you say you are?" Authorization: "Can you do that?" Accounting: "What did you do?" RADIUS: Remote Authentication Dial-In User Service

17. 17 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Network Compromise & Denial of Service Internet Intranet Extranet 74% Authentication: Password Crackers Poor Service Configuration: e.g., DNS, Mail, FTP and Web Protocol Weakness: ARP, ICMP Application hole Backdoors Physical Access Remote Access 12% Internal System 33% Out-of-Bounds Attack: e.g., Ping of Death and IP fragment attack Host Resource Starvation: e.g., SYN flood DDoS: Client  Handler  Agent  Victim e.g., Trinoo and Tribe Flood Network Bandwidth Consumption: e.g., SMURF and Fraggle Hackers Beware Author: Eric Cole; ISBN 0735710090

18. 18 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

19. 19 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

20. 20 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

21. 21 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

22. 22 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

23. 23 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

24. 24 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

25. 25 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

26. 26 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

27. 27 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University

28. 28 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Risk Management Risk is the possibility of something adverse happening. Risk Management: is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk. VPN Firewall IDS Risk Management Risk AssessmentRisk Mitigation

29. 29 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Threat, Vulnerability and Asset

30. 30 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University Risk Mitigation Action Points

31. 31 Network Security Class National Chung Cheng University Information Networking Security and Assurance Lab National Chung Cheng University