Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guide to TCP/IP Fourth Edition

Published byMyra Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "Guide to TCP/IP Fourth Edition"— Presentation transcript:

1 Guide to TCP/IP Fourth Edition
Chapter 12: Securing TCP/IP Environments

2 Objectives Explain basic concepts and principles for maintaining computer and network security Explain the anatomy of an IP attack Recognize common points of attacks inherent in TCP/IP architecture Maintain IP security problems Discuss the importance of honeypots and honeynets for network security © 2013 Course Technology/Cengage Learning. All Rights Reserved.

3 Understanding Network Security Basics
Hacker Someone who uses computer and communications knowledge to exploit information or the functionality of a device Cracker Person who attempts to break into a system for malicious purposes Protecting a system or network means Closing the door against outside attack Protecting your systems, data, and applications from any sources of damage or harm © 2013 Course Technology/Cengage Learning. All Rights Reserved.

4 Understanding Network Security Basics (cont’d.)
Physical security Synonymous with “controlling physical access” Should be carefully monitored Personnel security Important to formulate a security policy for your organization System and network security includes Analyzing the current software environment Identifying and eliminating potential points of exposure © 2013 Course Technology/Cengage Learning. All Rights Reserved.

5 Principles of IP Security
Key principles Avoid unnecessary exposure Block all unused ports Prevent internal address “spoofing” Filter out unwanted addresses Exclude access by default, include access by exception Restrict outside access to “compromisable” hosts Protect all clients and servers from obvious attack Do unto yourself before others do unto you © 2013 Course Technology/Cengage Learning. All Rights Reserved.

6 Typical TCP/IP Attacks, Exploits, and Break-Ins
Basic fundamental protocols Offer no built-in security controls Successful attacks against TCP/IP networks and services rely on two powerful weapons Profiling or footprinting tools A working knowledge of known weaknesses or implementation problems © 2013 Course Technology/Cengage Learning. All Rights Reserved.

7 Key Terminology An attack An exploit A break-in
Some kind of attempt to obtain access to information An exploit Documents a vulnerability A break-in Successful attempt to compromise a system’s security © 2013 Course Technology/Cengage Learning. All Rights Reserved.

8 Key Weaknesses in TCP/IP
Ways in which TCP/IP can be attacked Bad guys can: Attempt to impersonate valid users Attempt to take over existing communications sessions Attempt to snoop inside packets moving across the Internet Utilize a technique known as IP spoofing Perform a denial of service, or DoS, attack © 2013 Course Technology/Cengage Learning. All Rights Reserved.

9 Flexibility versus Security
Designers of TCP/IP and most other protocols Try to make their protocols as flexible as possible Interaction between these protocols and IP Compromised most often Question to answer Is the security of your data worth the effort to prevent the attack? In most cases, that answer is “Yes!” © 2013 Course Technology/Cengage Learning. All Rights Reserved.

10 Common Types of IP-Related Attacks
DoS attacks Man-in-the-middle (MITM) attacks IP service attacks IP service implementation vulnerabilities Insecure IP protocols and services © 2013 Course Technology/Cengage Learning. All Rights Reserved.

11 Which IP Services Are Most Vulnerable?
Remote logon service Includes Telnet remote terminal emulation service, as well as the Berkeley remote utilities Remote control programs Can pose security threats Services that permit anonymous access Makes anonymous Web and FTP conspicuous targets © 2013 Course Technology/Cengage Learning. All Rights Reserved.

12 Holes, Back Doors, and Other Illicit Points of Entry
Weak spot or known place of attack on any common operating system, application, or service Back door Undocumented and illicit point of entry into an operating system or application Vulnerability Weakness that can be accidentally triggered or intentionally exploited © 2013 Course Technology/Cengage Learning. All Rights Reserved.

13 Phases of IP Attacks IP attacks typically follow a set pattern
Reconnaissance or discovery process Attacker focuses on the attack itself Stealthy attacker may cover its tracks by deleting log files, or terminating any active direct connections © 2013 Course Technology/Cengage Learning. All Rights Reserved.

14 Reconnaissance and Discovery Phases
PING sweep Can identify active hosts on an IP network Port probe Detect UDP- and TCP-based services running on a host Purpose of reconnaissance To find out what you have and what is vulnerable © 2013 Course Technology/Cengage Learning. All Rights Reserved.

15 Attack The attack May encompass a brute force attack process that overwhelms a victim © 2013 Course Technology/Cengage Learning. All Rights Reserved.

16 Cover-Up In an effort to escape detection Computer forensics
Many attackers delete log files that could indicate an attack occurred Computer forensics May be necessary to identify traces from an attacker winding his or her way through a system © 2013 Course Technology/Cengage Learning. All Rights Reserved.

17 Common Attacks and Entry Points in More Detail
TCP/IP By its very nature, a trusting protocol stack Designers, implementers, and product developers Have tried to secure the protocol and plug holes or vulnerabilities whenever possible © 2013 Course Technology/Cengage Learning. All Rights Reserved.

18 Viruses, Worms, and Trojan Horse Programs
Malicious code (malware) Can disrupt operations or corrupt data Viruses, worms (mobile code), and Trojan horses Three such types of malicious code © 2013 Course Technology/Cengage Learning. All Rights Reserved.

19 Adware and Spyware Adware Spyware
Displays all kinds of unsolicited and unwanted advertising, often of an unsavory nature Spyware Unsolicited and unwanted software Stealthily takes up unauthorized and uninvited residence on a computer © 2013 Course Technology/Cengage Learning. All Rights Reserved.

20 Denial of Service Attacks
Designed to interrupt or completely disrupt operations of a network device or communications DoS-related attacks include: SYN Flood Broadcast amplification Buffer overflow © 2013 Course Technology/Cengage Learning. All Rights Reserved.

21 Distributed Denial of Service Attacks
DoS attacks launched from numerous devices DDoS attacks consist of four main elements Attacker Handler Agent Victim © 2013 Course Technology/Cengage Learning. All Rights Reserved.

22 © 2013 Course Technology/Cengage Learning. All Rights Reserved.

23 Buffer Overflows/Overruns
Exploit a weakness in many programs that expect to receive a fixed amount of input In some cases, extra data can be used to execute commands on the computer With the same privileges as the program it overruns © 2013 Course Technology/Cengage Learning. All Rights Reserved.

24 Spoofing Borrowing identity information to hide or deflect interest in attack activities NetBIOS attacks Attacker sends spoofed NetBIOS Name Release or NetBIOS Name Conflict messages to a victim machine © 2013 Course Technology/Cengage Learning. All Rights Reserved.

25 TCP Session Hijacking Purpose of an attack Once a session is hijacked
To masquerade as an authorized user to gain access to a system Once a session is hijacked The attacker can send packets to the server to execute commands, change passwords, or worse © 2013 Course Technology/Cengage Learning. All Rights Reserved.

26 Network Sniffing One method of passive network attack
Based on network “sniffing,” or eavesdropping, using a protocol analyzer or other sniffing software Network analyzers available to eavesdrop on networks include: tcpdump (UNIX) OmniPeek (Windows) Network Monitor (Windows) Wireshark © 2013 Course Technology/Cengage Learning. All Rights Reserved.

27 Network Sniffing (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.

28 Network Sniffing (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.

29 Maintaining IP Security
Sections cover some of the elements that must be included as part of routine security maintenance © 2013 Course Technology/Cengage Learning. All Rights Reserved.

30 Applying Security Patches and Fixes
Microsoft security bulletins May be accessed or searched at: Essential to know about security patches and fixes and to install them Security Update Process Evaluate the vulnerability Retrieve the patch or update Test the patch or update Deploy the patch or update © 2013 Course Technology/Cengage Learning. All Rights Reserved.

31 Knowing Which Ports to Block
Many exploits and attacks are based on common vulnerabilities © 2013 Course Technology/Cengage Learning. All Rights Reserved.

32 Using IP Security (IPSec)
RFC 2401 says the goals of IPSec are to provide the following kinds of security Access control Connectionless integrity Data origin authentication Protection against replays Confidentiality Limited traffic flow confidentiality © 2013 Course Technology/Cengage Learning. All Rights Reserved.

33 Protecting the Perimeter of the Network
Important devices and services used to protect the perimeter of networks Bastion host Boundary (or border) router Demilitarized zone (DMZ) Firewall Network address translation Proxy server Screening host Screening router © 2013 Course Technology/Cengage Learning. All Rights Reserved.

34 Major Firewall Elements
Firewalls usually incorporate four major elements: Screening router functions Proxy service functions “Stateful inspection” of packet sequences and services Virtual Private Network services © 2013 Course Technology/Cengage Learning. All Rights Reserved.

35 Basics of Proxy Servers
Can perform “reverse proxying” Exposes a service inside a network to outside users, as if it resides on the proxy server itself Caching An important proxy behavior Cache Potentially valuable location for a system attack © 2013 Course Technology/Cengage Learning. All Rights Reserved.

36 Implementing Firewalls
Link an internal network to the Internet without managing the boundary between them Blatantly irresponsible to do so © 2013 Course Technology/Cengage Learning. All Rights Reserved.

37 Step-by-Step Firewall Planning and Implementing
Useful steps when planning and implementing firewalls and proxy servers Plan Establish requirements Install Configure Test Attack Tune Implement Monitor and maintain © 2013 Course Technology/Cengage Learning. All Rights Reserved.

38 Roles of IDS and IPS in IP Security
Intrusion detection systems Make it easier to automate recognizing and responding to potential attacks Increasingly, firewalls include hooks Allows them to interact with IDSs, or include their own built-in IDS capabilities IPSs make access control decisions on the basis of application content © 2013 Course Technology/Cengage Learning. All Rights Reserved.

39 Honeypots and Honeynets
Computer system deliberately set up to entice and trap attackers Honeynet Broadens honeypot concept from a single system to what looks like a network of such systems © 2013 Course Technology/Cengage Learning. All Rights Reserved.

40 Summary An attack An attempt to compromise the privacy and integrity of an organization’s information assets In its original form, TCP/IP implemented an optimistic security model Basic principles of IP security Include avoiding unnecessary exposure by blocking all unused ports Necessary to protect systems and networks from malicious code Such as viruses, worms, and Trojan horses © 2013 Course Technology/Cengage Learning. All Rights Reserved.

41 Summary (cont’d.) Would-be attackers
Usually engage in a well-understood sequence of activities, called reconnaissance and discovery Maintaining system and network security involves constant activity Must keep up with security news and information Keeping operating systems secure in the face of new vulnerabilities A necessary and ongoing process A honeypot is a computer system deliberately set up to entice and trap attackers © 2013 Course Technology/Cengage Learning. All Rights Reserved.

Download ppt "Guide to TCP/IP Fourth Edition"

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Similar presentations

Ads by Google