Overview of network security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Overview of Network Security PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on
  • Presentation posted in: General

Overview of Network Security. Budi Rahardjo [email protected] http://budi.insan.co.id Presented @ CISCO seminar 13 March 2002. ISP. Holes. System (OS) Network Applications (db). Internet. Web Site. Security Holes. Network sniffed, attacked. Network sniffed, attacked.

Download Presentation

Overview of Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Overview of network security

Overview of Network Security

Budi Rahardjo

[email protected]://budi.insan.co.id

Presented @ CISCO seminar

13 March 2002

net security - budi rahardjo


Security holes

ISP

Holes

  • System (OS)

  • Network

  • Applications (db)

Internet

Web Site

Security Holes

Networksniffed,attacked

Networksniffed, attacked

Networksniffed,attacked

Users

Trojan horse

  • Applications (database,Web server) hacked

  • OS hacked

Userid, Password,PIN, credit card #

www.bank.co.id

net security - budi rahardjo


Focus on this presentation

Focus on this presentation

Network

Security

net security - budi rahardjo


Sescurity aspect

Sescurity Aspect

  • Physical

  • Personnel

  • Technical, data, network

  • Policy and procedures

net security - budi rahardjo


Security services

Security Services

  • Confidentiality / Privacy

  • Integrity

  • Authentication

  • Availability

  • Non-repudiation

  • Access Control

net security - budi rahardjo


Types of network attack

Types of network attack

  • Interruption

    • DoS attack, network flooding

  • Interception

    • Sniffed (password)

  • Modification

    • Trojan horse

  • Fabrication

    • Spoofed packets

net security - budi rahardjo


Reality check

Reality Check

  • IP v.4 is not secure. Spoofing is easy

  • Tools (scripts) to exploit are available

  • More home users are connected 24 hours/day with DSL, cable modem

  • Need collaboration among network providers

    • Ingres filter @ border routers

net security - budi rahardjo


Interruption attack

Interruption Attack

  • Denial of Service (DoS) attack

    • Exhaust bandwidth, network flooding

    • Possible to spoofed originating address

    • Tools: ping broadcast, smurf, synk4, various flood utilities

  • Protection:

    • Little we can do if we are under attacked

    • Filter at router for outgoing packet, filter attack orginiating from our site

net security - budi rahardjo


More interruption attack

More interruption attack

  • Distributed Denial of Service (DDoS) attack

    • Flood your network with spoofed packets from many sources

    • Based on SubSeven trojan, “phone home” via IRC once installed on a machine. Attacker knows how many agents ready to attack.

    • Then, ready to exhaust your bandwidth

    • See Steve Gibson’s paper http://grc.com

net security - budi rahardjo


Interception attack

Interception Attack

  • Sniffer to capture password and other sensitive information

  • Tools: tcpdump, ngrep, linux sniffer, dsniff, trojan (BO, Netbus, Subseven)

  • Protection: segmentation, switched hub

net security - budi rahardjo


Modification attack

Modification Attack

  • Modify, change information/programs

  • Examples: Virus, Trojan, attached with email or web sites

  • Protection: anti virus, filter at mail server, integrity checker (eg. tripwire)

net security - budi rahardjo


Fabrication attack

Fabrication Attack

  • Spoofing address is easy

  • Examples:

    • Fake mails, spoofed packets

  • Tools: various packet construction kit

  • Protection: filter outgoing packets at router

net security - budi rahardjo


Protection

Protection

  • Firewall

    • Static vs Stateful Packet Filter

    • Circuit gateway, application level gateway

  • Intrusion Detection System (IDS)

    • Host vs Network based

  • Policy

    • Privacy issues, AUP, cyberlaw, best practice, what to do if your site is probed?

net security - budi rahardjo


Firewall static packet filter

Firewall – Static Packet Filter

  • Inspect packets based on rules

    • Source, destination address, port

  • Strength:

    • fast, can be implemented with Linux box

  • Weakness: can be fooled, changing order, fragmentation, little information (for logging), IP spoofing, does not inspect payload, difficult to configure (lots of rules), stateless

net security - budi rahardjo


Firewall stateful

Firewall - Stateful

  • Remembers the state of packets

  • Strength: better inspection, can be implemented with Linux box

  • Weaknesses: slower?/faster?, needs more resources, IP spoofing, does not inspect payload, still difficult to configure

net security - budi rahardjo


Instrusion detection system

Instrusion Detection System

  • Monitor system for anomaly

  • Monitor host or network? Hybrid

  • Difficult to monitor if stealth and slow

  • Tools example: snort

net security - budi rahardjo


Policy

Policy

  • The hardest thing to do is dealing with people

  • Policy, Standard Operating Procedure is overlooked

net security - budi rahardjo


More reading materials

More reading materials

  • My Books: Handbook Securityhttp://budi.insan.co.id

  • Security focus http://www.securityfocus.com

  • Securiteam http://www.securiteam.com

  • SANS: http://www.sans.org

  • and many more …

net security - budi rahardjo


  • Login