68-520 Intrusion Detection, Response, & Recovery. Matthew A. Kwiatkowski [email protected] Protecting the OSI Model. Determine your assets before coming up with defenses!. OSI Continued. 7. Application Layer
An Image/Link below is provided (as is) to download presentation
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
As we have seen in previous slides, security services that must be provided are numerous and diverse.
Similarly to the “real-world” bank, our web servers, our networks can have many vulnerabilities and these vulnerabilities can be located in many layers of the architecture.
We need to practice a “security in-depth” approach.
Security consideration and services must be present in each and every level of components.
When analyzing the quality of your security infrastructure, always assume that 1 full security layer/functionality will entirely fail.
Are you still secured? What are your areas of vulnerabilities?
How long would it take for you to detect the failure?
Vulnerabilities and security services involve all 7 layers of the OSI model.
Security also is greatly dependant on the OSI’s “Layer 8”.
The balance between the threat to a system and the security services deployed is very Asymmetric: You need to defend each and every aspects to be successful – An attacker often needs to mitigate one aspect to be successful.
Let’s look at an example of an e-Commerce site and try to discuss what can go wrong and where.
To prevent attacks, an enterprise need to build a complete and comprehensive security architecture using tools, methods and techniques that individually target some threats and work in an integrated fashion to provide a complete enterprise framework for secure computing.
One missing “piece” or aspect may endanger the whole infrastructure. Example: if you do not have virus protection, can an intruder bypass your firewalls?
The goal of this class will be to present the aspects that most impact network security within that framework.
Example of these tools and methods are presented in next slides.
IP Address Spoofing: Put false IP addresses in outgoing attack packets
Attacker is blind to replies can’t be used during information collection but DoS
Solution: may be impossible to detect spoofed addresses but with the help of the ISP the hacker could be tracked during the attack. It is easier though for the source ISP to detect invalid spoofed addresses.
VPN is another solution
Chain of victims
Use of Reflectors
Any Combination of these
SAD Thing is that EDU are taken advantage of every second of the day
Too limited resources, too many machines, not enough configuration management control.