Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Network Security © N. Ganesan, Ph.D.

Published byDouglas Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Network Security © N. Ganesan, Ph.D."— Presentation transcript:

1 Introduction to Network Security © N. Ganesan, Ph.D.

2 Acknowledgement

3 What is a Firewall?* A firewall, in general, isolates two networks from one another to enforce security A network in this case may consist of one or more computers The firewall inspects each individual “packet” of data as it arrives at either side of the firewall — inbound or outbound and determines whether the data packet should be allowed to pass or be blocked.

4 Types of Firewall Hardware based Software based

5 Hardware Firewalls CISCO Dlink Linksys

6 Software Firewalls Zone Alarm Pro

7 General Firewall Features Port Control, Network Address Translation, Application Monitoring (Program Control) and Packet Filtering. Additional features: Data encryption, hiding presence, reporting/logging, e-mail virus protection, pop-up ad blocking, cookie digestion, spy ware protection, laptop protection. Note that different features may be available in hardware and software firewalls

8 Do Firewalls Prevent Viruses and Trojans?* NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine. 95% of all viruses and Trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program. Firewalls can't prevent this - only a good anti- virus software program can.

9 Firewall Protection for Viruses and Trojans* However, once installed on your PC, many viruses and Trojans "call home" using the internet to the hacker that designed it. This lets the hacker activate the Trojan and he/she can now use your PC for his/her own purposes. A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system.

10 Some Hardware Firewall Features* Offers IP security and internet key exchange network encryption. Integrated firewall functions. Network address translation. Encrypted SNMP management traffic.

11 Some Software Firewalls Zone Alarm Microsoft Mcafee Norton

12 Basic Types Network Layer Application Layer

13 Network Layer Makes decision based on the source, destination addresses, and ports in individual IP packets. Based on routers. Has the ability to perform static and dynamic packet filtering and stateful inspection.

14 Static & Dynamic Filtering Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports. Offers little protection. Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.

15 Stateful inspection Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.

16 Application Layer They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network. Logging and access control are done through software components.

17 Proxy Services Application that mediates traffic between a protected network and the internet. Able to understand the application protocol being utilized and implement protocol specific security. App. Protocols include: FTP, HTTP, Telnet etc.

18 Port Scans When hackers remotely spy on your computers to see what software and services they have. Port scans are common but with a properly configured and maintained firewall you can restrict access.

19 DMZ Demilitarized zone Neither part of the internal network nor part of the Internet Never offer attackers more to work with than is absolutely necessary

20 Firewall Scenario Microsoft Internet Security and Acceleration (ISA) Server as a Dedicated Server

21 Network Configuration Single Computer Small Office Network –Less than 250 Clients –IP Network Protocol –Demand Dial Connectivity Larger Organization –Array of ISA Server Internet ISA Server Local Area Network

22 Opening Ports

23 Software Firewall Windows –Zone Alarm –Winroute –Trojan Trap - Trojan Horse Firewall Linux –Iptables Firewall Mac –Netbarrier

24 Implementing Firewall – An Example Using Winroute as a software router for a small LAN. Using Trojan Trap as protection against active code attack. Software installation. Firewall configuration. Test and scan.

25 Firewall software comparison

26 Winroute Routing using NAT(Network Address Translation) Packet filtering Port mapping Anti-spoofing VPN support DNS, DHCP Remote adminstration

27 Configuration and Rule Sets

28 Setup Winroute for LAN Winroute-PC should at least have 2 NICs Check that all IP addresses are pingable Validate NAT on the Winroute-PC Deactivate NAT on the NIC connected to internal LAN

29 Setup Winroute for LAN No gateway configured on your local interface of the Winroute-PC Configure forwarding options On each internal PC configure the default gateway On each internal PC configure the DNS server

30 Scan and Test http://scan.sygatetech.com/ http://www.csnc.ch/onlinetests/ http://grc.com/ http://hackerwhacker.com/

31 Trojan Trap Resources protection – restrict access to system resources by unknown application Application control Content filtering IP ports monitoring

32 Hardware Firewall What is it? What it does. An example. Firewall use. What it protects you from.

33 Hardware Firewall (Cont.) What is it?  It is just a software firewall running on a dedicated piece of hardware or specialized device.  Basically, it is a barrier to keep destructive forces away from your property.  You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.

34 Hardware Firewall (Cont.) What it does !  It is a hardware device that filters the information coming through the Internet connection into your private network or computer system.  An incoming packet of information is flagged by the filters, it is not allowed through.

35 Hardware Firewall (Cont.) An example !

36 Hardware Firewall (Cont.) Firewalls use:  Firewalls use one or more of three methods to control traffic flowing in and out of the network: –Packet filtering –Proxy service –State-full inspection

37 Hardware Firewall (Cont.) Packet filtering - Packets are analyzed against a set of filters. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. State-full inspection – It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.

38 Hardware Firewall (Cont.) What it protects you from: –Remote logins –Application backdoors –SMTP session hijacking –E-mail Addresses –Spam –Denial of service –E-mail bombs  E-mail sent 1000’s of times till mailbox is full  Macros  Viruses

39 Software Firewall What it is? –Also called Application Level Firewalls –It is firewall that operate at the Application Layer of the OSI –They filter packets at the network layer –It Operating between the Datalink Layer and the Network Layer –It monitor the communication type (TCP, UDP, ICMP, etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.

40 Software Firewall (Cont.) How does software firewall works ?

41 Software Firewall (Cont.) Benefit of using application firewalls: –allow direct connection between client and host – ability to report to intrusion detection software –equipped with a certain level of logic –Make intelligent decisions –configured to check for a known Vulnerability –large amount of logging

42 Software Firewall (Cont.) Benefit of application firewalls (Cont.)  easier to track when a potential vulnerability happens  protect against new vulnerabilities before they are found and exploited  ability to "understand" applications specific information structure  Incoming or outgoing packets cannot access services for which there is no proxy

43 Software Firewall (Cont.) Disadvantage of Firewall:  slow down network access dramatically  more susceptible to distributed denial of service (DDOS) attacks.  not transparent to end users  require manual configuration of each client computer

44 Top Picks Personal Firewalls Norton Personal Firewall ZoneAlarm Free/Plus/Pro

45 Conclusion

46 Web References firewall.com firewall-net.com firewallguide.com msdn.microsoft.com winroute.com tinysoftware.com sunsite.unc.edu

47 Benefits of Firewall-Summary Prevent intrusion Choke point for security audit Reduce attacks by hackers Hide network behind a single IP address Part of total network security policy

48 References http://http:// www.howstuffworks.comwww.howstuffworks.com http://www.microsoft.com http://www.securityfocus.com http://grace.com/us-firewalls.htm http://www.kerio.com/us/supp_kpf_manual. html http://www.broadbandreports.com/faq/secur ity/2.5.1http://www.broadbandreports.com/faq/secur ity/2.5.1. http://www.firewall-software.com

49 Hacking © N. Ganesan, Ph.D.

50 Port Scanning Using PortQry What is port scanning? Using PortQry (the Portqry.exe command-line utility)

51 What Is Port Scanning? Network applications use TCP/UDP ports Clients connect to applications using ports Port scanning is the process of checking whether a port is open

52 TCP and UDP in TCP/IP protocol architecture

53 Port Numbers The Well Known Ports are those from 0 through 1023. The Registered Ports are those from 1024 through 49151. The Dynamic and/or Private Ports are those from 49152 through 65535. http://www.iana.org/assignments/port-numbers ftp://ftp.isi.edu/in-notes/rfc1700.txt

54 Well-know TCP / UDP ports TCP Port NumberDescription 20FTP (Data Channel) 21FTP (Control Channel) 23Telnet 80HyperText Transfer Protocol (HTTP) used for the World Wide Web 139NetBIOS session service UDP Port NumberDescription 53Domain Name System (DNS) Name Queries 69Trivial File Transfer Protocol (TFTP) 137NetBIOS name service 138NetBIOS datagram service 161Simple Network Management Protocol (SNMP)

55 Port Scanning for TCP TCP ports use "three-way handshake" Successful handshake means port is listening TCP Reset packet means port is not listening No response means port is filtered

56 Port Scanning for UDP UDP ports do not use "three-way handshake" Send UDP packet to port and wait for response Most applications will not respond to zero- length packets Formatted packet is necessary to get a response Most port scanners do not scan UDP ports

57 What Is Port Scanning used for? Use port scanning to: Test connectivity Test security

58 Using PortQry PortQry is designed as an application layer port scanner It checks whether TCP and UDP ports are open, closed, or filtered It determines if UDP ports are open using packets formatted for well known services Portqry is available for download on the Microsoft Web site at: http://download.microsoft.com/download/win2000adserv/Utility/1.0 /NT5/EN-US/portqry.exe

59 PortQry Supports: LDAP RPC DNS SMTP POP3 IMAP4 FTP NetBIOS Name Service

60 Status of a TCP/IP port Listening –A process is listening on the port on the computer you choose. Portqry.exe received a response from the port. Not Listening –No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) "Destination Unreachable - Port Unreachable" message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set. Filtered –The port on the computer you chose is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times and UDP ports are queried once before a report indicates that the port is filtered.

61 PortQry Usage portqry -n server [-p protocol] [-e || -r || -o endpoint(s)] [-l logfile] [- s] [-q] Where: -n [server] IP address or name of server to query -p [protocol] TCP or UDP or BOTH (default is TCP) -e [endpoint] single port to query (valid range: 1-65535) -r [end point range] range of ports to query (start:end) -o [end point order] range of ports to query in an order (x,y,z) -l [logfile] name of log file to create -s 'slow link delay' waits longer for UDP replies from remote systems -q 'quiet' operation runs with no output returns 0 if port is listening returns 1 if port is not listening returns 2 if port is listening or filtered

62 portqry -n myserver -p UDP -e 389 Returns LDAP base query information UDP port 389 (unknown service): LISTENING or FILTERED Sending LDAP query to UDP port 389... LDAP query response: currentdate: 09/03/2001 05:42:40 (unadjusted GMT) subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com dsServiceName: CN=NTDS Settings,CN=RED-DC-11,CN=Servers,CN=NA-WA- RED,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com namingContexts: DC=redmond,DC=eu,DC=reskit,DC=com defaultNamingContext: DC=redmond,DC=eu,DC=reskit,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com configurationNamingContext: CN=Configuration,DC=eu,DC=reskit,DC=com rootDomainNamingContext: DC=eu,DC=reskit,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedLDAPVersion: 3 supportedLDAPPolicies: MaxPoolThreads highestCommittedUSN: 4259431 supportedSASLMechanisms: GSSAPI dnsHostName: myserver.eu.reskit.com ldapServiceName: eu.reskit.com:myserver$@eu.RESKIT.COM serverName: CN=MYSERVER,CN=Servers,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 isSynchronized: TRUE isGlobalCatalogReady: TRUE ======== End of LDAP query response ======== UDP port 389 is LISTENING

63 portqry -n myserver -p UDP -e 135 Dumps RPC EndPoint Mapper database UDP port 135 (epmap service): LISTENING or FILTERED Querying Endpoint Mapper Database... Server's response: UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076 ncacn_ip_tcp:169.254.12.191[4144] UUID: ecec0d70-a603-11d0-96b1-00a0c91ece30 NTDS Backup Interface ncacn_np:\\\\MYSERVER[\\PIPE\\lsass] UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface ncacn_ip_tcp:169.254.12.191[1030] UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface ncadg_ip_udp:169.254.12.191[1032] UUID: 12345678-1234-abcd-ef00-01234567cffb ncacn_np:\\\\MYSERVER[\\PIPE\\lsass] UUID: 12345678-1234-abcd-ef00-01234567cffb ncacn_np:\\\\MYSERVER[\\PIPE\\POLICYAGENT] Total endpoints found: 6 ==== End of RPC Endpoint Mapper query response ==== UDP port 135 is LISTENING

64 portqry -n myserver -p UDP -e 53 Verifies DNS query and response operation UDP port 53 (domain service): LISTENING or FILTERED Sending DNS query to UDP port 53... UDP port 53 (domain service): LISTENING

65 portqry -n MyMailServer -p TCP -e 25 Returns SMTP, POP3, IMAP4 status messages TCP port 25 (SMTP service): LISTENING Data returned from the port: 220 MyMailServer.eu.reskit.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Sun, 2 Sep 2001 23:24:30 -0700

66 portqry -n MyFtpServer -p TCP -e 21 Returns FTP status message and tests for anonymous account access 220 MyFtpServer Microsoft FTP Service (Version 5.0). 331 Anonymous access allowed, send identity (e- mail name) as password.

67 portqry -n myserver -p UDP -e 137 Verifies NetBIOS Name Service functionality and returns MAC address UDP port 137 (netbios-ns service): LISTENING or FILTERED Attempting NETBIOS adapter status query to UDP port 137... Server's response: MAC address 00c04f7946f0 UDP port: LISTENING

68 Query behavior configurable using local service file Located in %systemroot%/system32/drivers/etc/servic e Resolves service name using this file Decides what type of query to send to port using this file

69 References http://www.tlc.discovery.com/convergence/hacker s/hackers.htmlhttp://www.tlc.discovery.com/convergence/hacker s/hackers.html http://www.tuxedo.org/~esr/faqs/hacker- howto.htmlhttp://www.tuxedo.org/~esr/faqs/hacker- howto.html http://www.iss.net/security_center/advice/Underg round/Hacking/Methods/Technical/http://www.iss.net/security_center/advice/Underg round/Hacking/Methods/Technical/ http://www.infosecuritymag.com/articles/march01 /features4_battle_plans.shtmlhttp://www.infosecuritymag.com/articles/march01 /features4_battle_plans.shtml http://www.nmrc.org/faqs/www/wsec09.html Tim Rains Technical Lead Networking Teamhttp://www.microsoft.com/. Tim Rains Technical Lead Networking Teamhttp://www.microsoft.com/ Q310099, "Description of the Portqry.exe Command- Line Utility"Q310099

Download ppt "Introduction to Network Security © N. Ganesan, Ph.D."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Internet Hacking Presentation prepared by: Alex Epstein Asif Hussain Genci Seseri Group 2.

Internet Hacking Presentation prepared by: Alex Epstein Asif Hussain Genci Seseri Group 2.
Firewall Lalitha Jammalamadaka. Agenda 1. Introduction 2.Types of firewalls 3.How a software firewall works 4.Methods to control traffic 5.Making the.

Firewall Lalitha Jammalamadaka. Agenda 1. Introduction 2.Types of firewalls 3.How a software firewall works 4.Methods to control traffic 5.Making the.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Introduction to Network Security © N. Ganesan, Ph.D.

Introduction to Network Security © N. Ganesan, Ph.D.
Introduction to Network Security © N. Ganesan, Ph.D.

Introduction to Network Security © N. Ganesan, Ph.D.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Wi-Fi Structures.

Wi-Fi Structures.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Introduction to Firewalls © N. Ganesan, Ph.D.. Overview.

Introduction to Firewalls © N. Ganesan, Ph.D.. Overview.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.

Similar presentations

Ads by Google