NETWORK.SECURITY.2013

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Network Security:

Network Security Neha chauhan M.Tech CS

A Brief History of the World:

A Brief History of the World

Overview:

Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion Detection Systems Denial of Service Attacks TCP Attacks Packet Sniffing Social Problems

What is “Security”:

What is “Security” Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.

What is “Security”:

What is “Security” Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.

What is “Security”:

What is “Security” Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.

What is “Security”:

What is “Security” Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.

Why do we need security?:

Why do we need security? Protect vital information while still allowing access to those who need it Trade secrets, medical records, etc. Provide authentication and access control for resources Ex: AFS Guarantee availability of resources Ex: 5 9’s (99.999% reliability)

Who is vulnerable?:

Who is vulnerable? Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK

Common security attacks and their countermeasures:

Common security attacks and their countermeasures Finding a way into the network Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems Denial of Service Ingress filtering, IDS TCP hijacking IPSec Packet sniffing Encryption (SSH, SSL, HTTPS) Social problems Education

Firewalls:

Firewalls Basic problem – many network applications and protocols have security problems that are fixed over time Difficult for users to keep up with changes and keep host secure Solution Administrators limit access to end hosts by using a firewall Firewall is kept up-to-date by administrators

Firewalls:

Firewalls A firewall is like a castle with a drawbridge Only one point of access into the network Can be hardware or software Ex. Some routers come with firewall functionality ipfw , ipchains , pf on Unix systems, Windows XP and Mac OS X have built in firewalls

Firewalls:

Firewalls Intranet DMZ Internet Firewall Firewall Web server, email server, web proxy, etc

Firewalls:

Firewalls Used to filter packets based on a combination of features These are called packet filtering firewalls

Intrusion Detection:

Intrusion Detection Used to monitor for “suspicious activity” on a network Can protect against known software exploits, like buffer overflows

Intrusion Detection:

Intrusion Detection Uses “intrusion signatures” Well known patterns of behavior Ping sweeps, port scanning, web server indexing, OS fingerprinting, DoS attempts, etc. However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring

Dictionary Attack:

Dictionary Attack We can run a dictionary attack on the passwords The passwords in /etc/passwd are encrypted with the crypt(3) function (one-way hash) Can take a dictionary of words, crypt() them all, and compare with the hashed passwords This is why your passwords should be meaningless random junk! For example, “sdfo839f” is a good password That is not my andrew password Please don’t try it either

Denial of Service:

Denial of Service Purpose: Make a network service unusable, usually by overloading the server or network Many different kinds of DoS attacks SYN flooding SMURF Distributed attacks

Denial of Service:

Denial of Service SYN flooding attack Send SYN packets with bogus source address Server responds with SYN Attack and keeps state about TCP half-open connection Eventually, server memory is exhausted with this state

Denial of Service:

Denial of Service SMURF Source IP address of a broadcast ping is forged Large number of machines respond back to victim, overloading it

Denial of Service:

Denial of Service

Denial of Service:

Denial of Service How can we protect ourselves? Ingress filtering If the source IP of a packet comes in on an interface which does not have a route to that packet, then drop it.

TCP Attacks:

TCP Attacks TCP connections have associated state Starting sequence numbers, port numbers Problem – what if an attacker learns these values? Port numbers are sometimes well known to begin with (ex. HTTP uses port 80) Sequence numbers are sometimes chosen in very predictable ways

TCP Attacks:

TCP Attacks If an attacker learns the associated TCP state for the connection, then the connection can be hacked ! Attacker can insert malicious data into the TCP stream, and the recipient will believe it came from the original source Ex. Instead of downloading and running new program, you download a virus and execute it

TCP Attacks:

TCP Attacks Say hello to Alice, Bob and Mr. Big Ears

TCP Attacks:

TCP Attacks Alice and Bob have an established TCP connection

TCP Attacks:

TCP Attacks Mr. Big Ears lies on the path between Alice and Bob on the network He can intercept all of their packets

TCP Attacks:

TCP Attacks First, Mr. Big Ears must drop all of Alice’s packets since they must not be delivered to Bob (why?) Packets The Void

TCP Attacks:

TCP Attacks Then, Mr. Big Ears sends his malicious packet with the next ISN (sniffed from the network) ISN, SRC=Alice

TCP Attacks:

TCP Attacks Why are these types of TCP attacks so dangerous? Web server Malicious user Trusting web client

TCP Attacks:

TCP Attacks How do we prevent this? IPSec Provides source authentication, so Mr. Big Ears cannot pretend to be Alice Encrypts data before transport, so Mr. Big Ears cannot talk to Bob without knowing what the session key is

Packet Sniffing:

Packet Sniffing Recall how Ethernet works … When someone wants to send a packet to some else … They put the bits on the wire with the destination MAC address … And remember that other hosts are listening on the wire to detect for collisions … It couldn’t get any easier to figure out what data is being transmitted over the network!

Conclusions:

Conclusions The Internet works only because we implicitly trust one another It is very easy to exploit this trust The same holds true for software It is important to stay on top of the latest security advisories to know how to patch any security holes

Security related URLs:

Security related URLs http://www.robertgraham.com/pubs/network-intrusion-detection.html http://online.securityfocus.com/infocus/1527 http://www.snort.org/ http://www.cert.org/ http://www.nmap.org/ http://grc.com/dos/grcdos.htm http://lcamtuf.coredump.cx/newtcp/

PowerPoint Presentation:

THANKYOU 35

authorStream Live Help