Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security and its Impact on Network Continuity.

Published byLeon Gregory Marshall Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security and its Impact on Network Continuity."— Presentation transcript:

1 Network Security and its Impact on Network Continuity

2 What you don't know can hurt you! What is “Network Security”? "Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and consistent and continuous monitoring and measurement of its effectiveness (or lack) combined together." Source: http://en.wikipedia.org/wiki/Network_securityhttp://en.wikipedia.org/wiki/Network_security Information Security is related to, but not identical with, Network Security

3 Impact of non-secure network infrastructure on an organization Loss of Services  Website/Server Down  Loss of Sales  Loss of Time Loss of Data  Proprietary Information  Sensitive Information  Customer Information Loss of Reputation  Adverse publicity  Loss of Customers  Known as an easy mark on hacker forums

4 Threats External  Hackers Enter network using simple or advanced techniques Use “sociological hacking” techniques Have a lot of time and good, free tools  NMAP  MetaSploit  MilW0rm  Netcat “Phishing” “Pharming”--Much more dangerous than Phishing  Malware Malicious code on websites Malicious email attachments

5 A Simple Hack Hacker scans random network with NMAP  Bad luck! It happens to be yours  Hacker discovers Website has sensitive information stored on it  Hacker uses sensitive information, e.g. user names, passwords to begin cracking network  Hacker gains access to network after a few weeks of “brute force” attacks  Hacker finds unpatched Windows XP machine and plants malware on it  Hacker finds backup password file in c:\windows\repair\sam and cracks local admin password  Hacker tries access to another machine with local admin password, which is usually the same across an organization  A lot of information can be gathered, including server names and addresses, access to email etc.  You are p0wned!

6 More Advanced Techniques Hacker scans network and finds services available over the Internet  Only HTTP (TCP Port 80) on one server is open to the Internet with only established connections permitted out (Stateful Inspection)  Hacker uses crafted module with MetaSploit from information gleaned from Milw0rm to compromise server and install “Netcat”  Hacker redirects traffic over permitted port using Netcat listening on HTTP, bypassing outbound firewall rules  See above  You are p0wned!

7 Anatomy of a Pharming Attack

8 Malware Trojans  Usually downloaded by user  Do not self replicate  Send information from compromised host and also listen for connections Worms  Can be downloaded or can self replicate  Usually attack major services, such as HTTP and SQL  Can reside in memory, i.e. no file is resident on hard disk

9 Threats Internal Threats  Disgruntled Employees Can be very dangerous if technically savvy Usually steal or remove information—sabotage with “logic bomb”  No outbound traffic filtering Web filtering Email filtering Instant Messaging P2P (Person to Person)  Unauthorized Wireless Access Points  Credential Sharing  Unpatched or Misconfigured machines

10 There is some Hope! A well designed network can mitigate many types of risks and threats  Controls and Monitors  Policies and Procedures May include audits and Penetration Tests Some network designs are legally mandated:  HIPPA http://www.cms.hhs.gov/HIPAAGenInfo/http://www.cms.hhs.gov/HIPAAGenInfo/ Health Insurance Industry  Sarbanes-Oxley (SARBOX) Financial Industry Some are Industry Standards  PCI https://www.pcisecuritystandards.org/ Credit Card Industry  NIST http://www.nist.gov/index.html

11 Controls and Monitoring Controls can allow or disallow traffic or access. Controls require little or no intervention. Controls can be dangerous, configure with care! Examples  Firewalls allow or block traffic according to configured Access Control List (ACL) Firewalls typically block traffic from the Internet into a private network  Application Firewalls look inside network information sent and determine if packet is permitted or not, and then take configured action. WebSense will block all Nazi sites  Antvirus Software can remove existing malware and/or stop malware from changing the configuration of the machine  Intrusion Prevention Systems look for known “evil” packets and block them  Log Monitoring can show when an event occurred, and show trends over time, e.g. SPLUNK

12 Policies and Procedures Policies require intervention to work Effective Policies and Procedures need to be known by required users and backed up by management Policies and Procedures can have legal ramifications A Procedure implements a policy Examples  “Least Privilege”  Web Usage Policies  Disaster Recovery Procedures  User creation, change and deletion procedures

13 Basic Secure Network Design Firewall traffic between different Security Zones  All machines in one zone have one network access policy  To traverse a zone, information must pass through ACL Separate network for Internet facing servers such as web and database servers with ACLs controlling access to internal network Typical “office” machines do not have direct access to sensitive servers unless required Monitor traffic  Unauthorized or “odd” information is flagged for review A packet with 10,000 As is probably a buffer overflow attempt Investigate repeated “denies” on an ACL from a particular host

14 Basic Secure Network Design IPS events should be reviewed  Trend analysis—over time engineers become familiar with what “normal” traffic is  Can correlate information from multiple sensors to discover coordinated attacks  IPS needs to be tuned, and automatically denying traffic can be dangerous, use with care!

15 Basic Secure Network Design Host based protection for Servers and Workstations  Active Directory Policies Hardens machines against e.g. Denial of Service (DOS)  “Labrea” hosts  Windows Firewall Can turn off NetBios, LDAP etc via policy  Antivirus Also useful for alarms and backtracking outbreaks  Host Based IPS Also useful for alarms and backtracking outbreaks  Knowledgeable users!!!!!!

16 Testing Security-Assessment Network Security Assessment  Find Every Host  Find vulnerabilities  Test fail over scenarios  Review Logs and Event Handling  Check compliance with stated policy, e.g. password expiration

17 Testing Security-Penetration Test Exploit discovered vulnerabilities, no “false positives” Can find cracks in security design, e.g. non encrypted admin passwords to access patch server which are not normally monitored, can find flaws in web applications Also tests incident response Can be “Black Box”, “White Box” or “Grey Box”  Black Box-target is unaware and no information is supplied to pen tester  White Box-Pen tester and target cooperate  Grey Box-Some information is shared between pen tester and target

18 Q&A Questions?

Download ppt "Network Security and its Impact on Network Continuity."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google