Design and implement of common network security scanning system
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

Design and Implement of Common Network Security Scanning system PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on
  • Presentation posted in: General

Design and Implement of Common Network Security Scanning system. By Abhishek Kamalayagari. OUTLINE. WHAT THE PAPER IS ABOUT??? INTRODUCTION SCANNING METHODS COMMON NETWORK SECURITY SCANNING SYSTEM CONCLUSION REFERENCES. WHAT THE PAPER IS ABOUT?.

Download Presentation

Design and Implement of Common Network Security Scanning system

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Design and implement of common network security scanning system

Design and Implement of Common Network Security Scanningsystem

By

Abhishek Kamalayagari


Outline

OUTLINE

WHAT THE PAPER IS ABOUT???

INTRODUCTION

SCANNING METHODS

COMMON NETWORK SECURITY SCANNING SYSTEM

CONCLUSION

REFERENCES


What the paper is about

WHAT THE PAPER IS ABOUT?

Emphasizes network security scanning system’s role in providing network security.

Its positive and negative sides.

Talks about some popular scanning methods.

To get high performance, a network security scanning system based on libnet and libcap is provided.


Intrtoduction

INTRTODUCTION

  • Network security, an important issue today

  • There are tools such as IDS , firewall , Network security scanning system to take care of security.

  • Network security scanning has two sides

    • +ve side: protecting system(admin , auditors…)

    • -ve side: destroying system( attackers)

  • Weaknesses may be introduced because of error configuration or bad programming.

  • Intruder would like to know all the information about the target host.

  • Simplest security scan: ping scan


Introduction scanning methods

Introduction—scanning methods

Port scanning: most popular, tells which machines are up ,ports open on each machine, services running on each host and some information about the OS.

Vulnerability scanning: tells which machines are vulnerable to “known vulnerabilities”.

Remote operation detection : weaknesses and vulnerabilities of a system linked to underlying OS especially in networking environment.


Scanning methods software examples

Scanning methods—software examples

  • Nmap—port scanning, remote OS detection.

  • Uses raw IP packets to determine what:

    • Hosts available on network

    • Services offered(application name,version)

    • OS running on them

    • Firewalls/packet filters in use

    • Dozens of other characteristics..

  • Designed to rapidly scan large networks , works fine against single hosts

  • It is portable.

  • Has both traditional and GUI versions.

  • Supports wide range of protocols: tcp,udp,icmp etc….


Design and implement of common network security scanning system

Cont…

Nessus: vulnerability scanning, remote OS detection, it is based on plug-in.

Goal is to determine potential vulnerabilities on the tested systems

has two parts: a) server—performs scanning

b) client– manage server and gives results to the user.

Server: nessusd ( nessus daemon)

Client: nessus.

It’s vulnerability data is compatible with CVE.

Uses NASL to write plug-ins.


Known vulnerabilities

Known vulnerabilities

CVE—Common Vulnerabilities and Exposures.

Managed by MITRE corp.

It is a list or dictionary of publicly known information security vulnerabilities and exposures.

It has CVE identifiers that are unique.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.


Scanning in detail

Scanning in detail

Port scanning:aim is to find some open ports in the remote host.

TCP and UDP make up TCP/IP protocol suite.

There are 65535 ports in total for applications and protocols.

Send protocol packet to the remote host,get the response packet, result identifies the status of remote host.


Design and implement of common network security scanning system

Cont…

SEND

RECEIVE

SYN

FIN

SYN+ACK open

RST close.


Design and implement of common network security scanning system

Cont…

Port scanning has three ways:

a)open scanning: needs whole network connection

b)half scanning: doesn’t finish whole connection ex:SYN

c) Stealth scanning: uses techniques for slowing the scan

Open is fast ,produces more log,but can be easily detected,stealth can avoid IDS,firewall but sometimes gives error result.


Design and implement of common network security scanning system

Cont…

Remote OS detection is important because different OS has different Kernel and implementation styles

Even after you know the vulnerability,knowing OS could help in exploiting it.

Intruder can use OS specific hacking tools to crack the target.

Example tools: tool Ring means Remote identification next generation designed to identify remote OS with minimal target disturbance.

Xprobe, another tool, uses matrix based fingerprinting approach.


Design and implement of common network security scanning system

Cont…

Scan a specified set of ports on remote host and tries to detect the service offered at each port for its known vulnerabilities which can lead some threats to the system.

Result is a security assessment of whole system,attacks possible.

Vulnerabilities are two types:by programmer,by administrator.

Scanners are 2 types: host scanner,network scanner.


Common network security scanning system

COMMON NETWORK SECURITY SCANNING SYSTEM

Ssytem architecture: has 9 modules.

There are 3 security scanning modules in this system. If needed more scanning modules can be added.

Needs 2 important function:

a)Send packet

b)Get packet

Realized by libnet and libcap.

Scanning system need strong log analysis module.

System can be placed in front of and behind firewall.


Libnet

Libnet

Written by Mike D.Schiffman, libnet is a c library.

It can create and send packet for many different protocols and protocol block

It can create two types of packet

a)Based on link layer—needs to create link layer protocol block by itself

b)Based on raw socket—create protocol from the IP protocol layer

Three steps:

Libnet_init()

Build protocol block

Libnet_build_write()


Packet construction

Packet construction…

tcp = libnet_build_tcp(

src_prt, /* source port */

dst_prt, /* destination port

*/

0x01010101, /* sequence number

*/

0x02020202, /* acknowledgement

num */

TH_SYN, /* control flags */

32767, /* window size */

0, /* checksum */

0, /* urgent pointer */

LIBNET_TCP_H + payload_s, /* TCP packet size

*/

payload, /* payload */

payload_s, /* payload size */

l, /* context */

0); /* ptag */


Libcap

Libcap

It is a packet capture library.

Designed by van Jacobson,craig Leres and Steven McCanne.

Uses BPF mechanism to get the special packets quickly.

BPF contains 2 components:

a)Filter and b)kernel.

Kernel buffer has two buffers:

Store buffer and hold buffer.


Design and implement of common network security scanning system

Cont…

Filter expression includes 3 qualifiers:

a)type: host,net and port

b)Direction : network path containing src,dst

c)protocol: expresses the protocol used in the packet.

Ex:IP,ARP,RARP….

Complex filter rules can be build using ‘and’ , ‘or’…


Design and implement of common network security scanning system

Cont…

Pcap_findalldevs()

Pcap_open_live()

Pcap_compile()

Pcap_setfilter()

Pcap_loop()

System can analyze the packet to get more useful information.

Pcap_close()


Conclusion

CONCLUSION

A common network scanning system is designed and implemented, which can help administrator to asses the security weaknesses and identify the risks and refine the security policy.

It can find vulnerability before the hacker intrude the system by intrusions like trojans,DOS attack,buffer overflow etc…

It is based on libnet and libcap which can make it more transparent.


References

REFERENCES

Wentao Liu, Design and Implement of Common Network Security scanning system,

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5223272&isnumber=5222865

http://www.nmap.org

http://netsecurity.about.com/cs/hackertools/a/aa030404.htm


Thank you

THANK YOU!!


  • Login