1. Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University Bruce.Millard@asu.edu

2. What is Network Security Hardware – computers, routers, etc Networks – ethernet, wireless Communication Intruders Mitigation

3. What is Network Security Hardware Workstation Servers (and load balancers) Printers (and other shared devices) Routers/switches/hubs Security devices (firewalls, IDS, etc)

4. What is Network Security Networks Connectivity Ethernet (cable, DSL, TP, 1Gbps & up) Wireless (radio waves, 802.11?, satellite) LAN, CAN, MAN, WAN, PAN Internet

5. What is Network Security Communication E-mail FTP HTTP/HTML Voice, video, teleconferencing SSH/SCP

6. What is Network Security Intruders

7. Eavesdroppers Insertion Hijacking Spoofing Denial of Service Trojan horse software Lurkers (viruses and worms)

8. What is Network Security Mitigation Prevent Avoid Detect Assess React

9. Security Goals Privacy Integrity Non-repudiation Trust relationships – internal & external Authentication supports authorization supports fine-grained access control

10. Security Model (Protection) Assets - identify Risks - characterize Counter-measures - obtain Policy – create where no laws exist

11. Security Methods Shields – firewalls, virus scanners Selective shields - access control (VPN) Protocols – IPsec, SSL/TLS Intrusion Detection Systems Training & awareness Redundancy – backups, encryption, hashes, digests

12. Prevention (Attempts) Firewalls – have holes Virus Scanners – behind the times Physical Security Know Fundamentals – routing, IP, TCP, ARP, DHCP, applications Encryption – PGP, SSH, SSL/TLS, Ipsec, stenography, public key, symetric key Patches – windowsupdate, up2date, yum

13. Avoidance Firewalls & VPNs – Ipsec, SSL, access control Host hardening – personal firewalls, ssh, iptables Proxy servers – squid (Web content cache) Honeynets/honeypots - redirection

14. Detection Feeds Avoidance Vulnerability Scanning – netstat, netview, netmon, nmap, Nessus Network-based IDS – snort, kismet, ACID, tcpdump, ethereal, windump, netstumbler Host-based IDS – TCPwrappers, xinetd, tripwire, logsentry, portsentry Web security, Cisco logs+

15. Exploits Password cracking & WEP cracking Denial of Service OS typing – null session, xmas tree,... OS configuration – sadmin password,... Application holes – buffer overflow, NFS, rpc, netbios, BIND, sendmail, CGI,etc Dumpsec, pingwar,...

16. URLs of Interest http://www.sans.org http://www.giac.org http://www.isc2.org http://www.cissp.com

17. 10 Domains of the CBK Security Management Practices Security Architecture and Models Access Control Systems & Methodology Application Development Security Operations Security Physical Security Cryptography Telecommunications, Network, & Internet Security Business Continuity Planning Law, Investigations, & Ethics

18. NS Applications netstat tcpview netmon netstumbler windump nmap ethereal snortiquette

19. www.sans.org/top20 www.sans.org/top20 (vulnerabilities) Top Vulnerabilities to Windows Systems W1 Web Servers & Services W2 Workstation Service W3 Windows Remote Access Services W4 Microsoft SQL Server (MSSQL) W5 Windows Authentication W6 Web Browsers W7 File-Sharing Applications W8 LSAS Exposures W9 Mail Client W10 Instant Messaging

20. www.sans.org/top20 www.sans.org/top20 (vulnerabilities) Top Vulnerabilities to UNIX Systems U1 BIND Domain Name System U2 Web Server U3 Authentication U4 Version Control Systems U5 Mail Transport Service U6 Simple Network Management Protocol (SNMP) U7 Open Secure Sockets Layer (SSL) U8 Misconfiguration of Enterprise Services NIS/NFS U9 Databases U10 Kernel