network security threats and security design


Presentation Description

No description available.


By: balajig2 (133 month(s) ago)

Good one

Presentation Transcript

Network security threats and security design : 

Network security threats and security design Sankalchand patel college of engg. Prepared by: Dhyey Chandani V-CE-30 Guided by: Mr.R.G.Patel

Security Introduction : 

Security Introduction Network Security Threats and Security Design

Trends Affecting Security : 

Trends Affecting Security Increase of Network Attacks Increased Sophistication of Attacks Increased Dependence on the Network Lack of trained personnel Lack of awareness Lack of Security Policies Wireless Access Legislation Litigation

Goals of Network Security : 

Goals of Network Security Availability Confidentiality Integrity

Key Elements of Network Security : 

Key Elements of Network Security

Vulnerabilities and Threats : 

Vulnerabilities and Threats

Network Security Vulnerabilities : 

Network Security Vulnerabilities A security vulnerability is a flaw in a product that makes it infeasible – even when using the product properly. To prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust. Technology Configuration Policy

Three Classes Network Attacks : 

Three Classes Network Attacks Reconnaissance attacks Access attacks Denial of service attacks

Specific Attack Types : 

Specific Attack Types All of the following can be used to compromise your system: Packet sniffers IP weaknesses Password attacks DoS or DDoS Man-in-the-middle attacks Application layer attacks Trust exploitation Port redirection Virus Trojan horse Operator error Worms

Network Reconnaissance : 

Network Reconnaissance Network reconnaissance refers to the overall act of learning information about a target network by using publicly available information and applications.

Network Reconnaissance Mitigation : 

Network Reconnaissance Mitigation Network reconnaissance cannot be prevented entirely. IDSs at the network and host levels can usually notify an administrator when a reconnaissance gathering attack (for example, ping sweeps and port scans) is under way.

Packet Sniffers : 

Packet Sniffers A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets. The following are the packet sniffer features: Packet sniffers exploit information passed in clear text. Protocols that pass information in the clear include the following: Telnet FTP SNMP POP Packet sniffers must be on the same collision domain. Host A Host B Router A Router B

Packet Sniffer Mitigation : 

Packet Sniffer Mitigation The following techniques and tools can be used to mitigate sniffers: Authentication—Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers. Switched infrastructure—Deploy a switched infrastructure to counter the use of packet sniffers in your environment. Antisniffer tools—Use these tools to employ software and hardware designed to detect the use of sniffers on a network. Cryptography—The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant. Host A Host B Router A Router B

IP Spoofing : 

IP Spoofing IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. Two general techniques are used during IP spoofing: A hacker uses an IP address that is within the range of trusted IP addresses. A hacker uses an authorized external IP address that is trusted. Uses for IP spoofing include the following: IP spoofing is usually limited to the injection of malicious data or commands into an existing stream of data. A hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can.

DoS : 


DDoS Example : 

DDoS Example

DoS Mitigation : 

DoS Mitigation The threat of DoS attacks can be reduced through the following three methods: Antispoof features—Proper configuration of antispoof features on your routers and firewalls Anti-DoS features—Proper configuration of anti-DoS features on routers and firewalls Traffic rate limiting—Implement traffic rate limiting with the networks ISP

Password Attacks : 

Password Attacks Hackers can implement password attacks using several different methods: Brute-force attacks Dictionary Attacks Trojan horse programs IP spoofing Packet sniffers

Password Attack Example : 

Password Attack Example L0phtCrack can take the hashes of passwords and generate the clear text passwords from them. Passwords are computed using two different methods: Dictionary cracking Brute force computation

Password Attacks Mitigation : 

Password Attacks Mitigation The following are mitigation techniques: Do not allow users to use the same password on multiple systems. Disable accounts after a certain number of unsuccessful login attempts. Do not use plain text passwords. Cryptographic password is recommended. Use “strong” passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters.

Man-in-the-Middle Attacks : 

Man-in-the-Middle Attacks A man-in-the-middle attack requires that the hacker have access to network packets that come across a network. A man-in-the-middle attack is implemented using the following: Network packet sniffers Routing and transport protocols Possible man-in-the-middle attack uses include the following: Theft of information Hijacking of an ongoing session Traffic analysis DoS Corruption of transmitted data Introduction of new information into network sessions Host A Host B Router A Router B Data in clear text

Man-in-the-Middle Mitigation : 

Man-in-the-Middle Mitigation Man-in-the-middle attacks can be effectively mitigated only through the use of cryptography (encryption). Host A Host B Router A ISP Router B A man-in-the-middle attack can only see cipher text IPSec tunnel

Application Layer Attacks : 

Application Layer Attacks Application layer attacks have the following characteristics: Exploit well known weaknesses, such as protocols, that are intrinsic to an application or system (for example, sendmail, HTTP, and FTP) Often use ports that are allowed through a firewall (for example, TCP port 80 used in an attack against a web server behind a firewall) Can never be completely eliminated, because new vulnerabilities are always being discovered

Application Layer Attacks Mitigation : 

Application Layer Attacks Mitigation Some measures you can take to reduce your risks are as follows: Read operating system and network log files, or have them analyzed by log analysis applications. Subscribe to mailing lists that publicize vulnerabilities. Keep your operating system and applications current with the latest patches. IDSs can scan for known attacks, monitor and log attacks, and in some cases, prevent attacks.

Trust Exploitation : 

Trust Exploitation

Trust Exploitation Mitigation : 

Trust Exploitation Mitigation Systems on the outside of a firewall should never be absolutely trusted by systems on the inside of a firewall. Such trust should be limited to specific protocols and should be validated by something other than an IP address where possible. SystemA User = psmith; Pat Smith SystemB compromised by a hacker User = psmith; Pat Smith Hacker User = psmith; Pat Smithson Hacker blocked

Unauthorized Access : 

Unauthorized Access Unauthorized access includes any unauthorized attempt to access a private resource: Not a specific type of attack Refers to most attacks executed in networks today Initiated on both the outside and inside of a network The following are mitigation techniques for unauthorized access attacks: Eliminate the ability of a hacker to gain access to a system Prevent simple unauthorized access attacks, which is the primary function of a firewall

Virus and Trojan Horses : 

Virus and Trojan Horses Viruses refer to malicious software that are attached to another program to execute a particular unwanted function on a user’s workstation. End-user workstations are the primary targets. A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. A Trojan horse is mitigated by antivirus software at the user level and possibly the network level.

Vulnerabilities Exist at all OSI Layers : 

Vulnerabilities Exist at all OSI Layers

Security Compliance : 

Security Compliance Security legislation requires that companies protect data Protect customer records and privacy. Encrypt data and ensure that the network is secure. Legislation affecting security EU Data Protection Directive 95/46/EC CFAA - Computer Fraud and Abuse Act HIPAA - Health Insurance Portability and Accountability Act NORPDA - Notification of Risk to Personal Data Act GLBA - The Gramm-Leach-Bliley Act .

Security Threats : 

Security Threats Vulnerabilities are exploited to gain access or bring a system down. Reconnaissance Get information about the target Gaining System Access Get access to the target Denial of Service (DoS) Make the target unusable

Network Security is a Process : 

Network Security is a Process Network security is a continuous process built around a security policy: Step 1: Secure Step 2: Monitor Step 3: Test Step 4: Improve Secure Monitor Test Improve SecurityPolicy

Security Policy : 

Security Policy Security Policy defines and sets a Good Foundation Definition Define data and assets to be covered by the security policy Identity How do you identify the hosts and applications affected by this policy ? Trust Under what conditions is communication allowed between hosts ? Enforceability How will the policies implementation be verified ? Risk Assessment What is the impact of a policy violation and how to detect them ? Incident Response What actions are required upon a violation of a security policy ?

Network Security Lifecycle : 

Network Security Lifecycle A Security System Is One Part of a System Lifecycle Business needs Risk analysis Security policy Industry best practices Security operations

Network Security Lifecycle (Cont.) : 

Network Security Lifecycle (Cont.) Lifecycle of network security Plan Design Implement Operate Optimize CorporateSecurityPolicy

Planning and Designing Network Security : 

Planning and Designing Network Security Ten steps to design a security system. Review security policy documents Who is involved in the policy creation ? Is senior management fully committed ? Can the staff manage the technology required ? Analyze the current network against the security policy Is required redesign possible while maintaining core functionality ? Is the network operations team comfortable with the changes ?

Planning and Designing Network Security (Cont.) : 

Planning and Designing Network Security (Cont.) Select technologies and evaluate product capabilities Hardware and Software selection Consider cost/benefit Scalability / Investment protection Design a rough draft of the security system Talk to involved parties (NETOPS, SECOPS) Base the design on a „real-world“ scenario Consider the financial impact

Planning and Designing Network Security (Cont.) : 

Planning and Designing Network Security (Cont.) Test key components Verify the expected behavior Verify the performance figures Confirm assumptions and expectations Evaluate and revise design/policy Include the findings of step 5 Adapt design/policy if required

Planning and Designing Network Security (Cont.) : 

Planning and Designing Network Security (Cont.) Finalize design Design is finalized Security design and migration plan should be signed off by all involved parties Implement security system Choose an area of the network which needs immediate action Choose a self-contained area to verify the affects

Planning and Designing Network Security (Cont.) : 

Planning and Designing Network Security (Cont.) Roll out to other areas Start with areas of greatest interest Start with areas of lowest risk Design/Policy validation Evaluate design for policy conformance Evaluate design for threat mitigation

Summary : 

Summary Security has to be implemented because of legislation, to prevent unauthorized access and to defend against attacks. Reconnaissance defines the network discovery process to find systems, services and applications in the network. There are various methods gaining access to a system, like using cracked/sniffered passwords, social engineering or using a buffer overflow. Denial of services tries to bring down a system by resource overloading, data crash or by using buffer overflows. The security network lifecycle consists of plan, design, implement, operate and optimize. To design a secure network and implement it, you can follow a 10 step procedure.

External links: : 

External links:

Slide 43:

Thank you……!!!!!! : 

Thank you……!!!!!!

authorStream Live Help