Skip this Video
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 27

Devices - PowerPoint PPT Presentation

  • Uploaded on

Devices. ISQS 6342 Spring 2004 Gurkan Ozfidan. Outline. Firewalls, Routers, Switches Wireless/Modems Remote Access Services (RAS) Telecom/Private Branch Exchange (PBX) Virtual Private Networks (VPN) Intrusion Detection Systems (IDS) Mobile Devices. What is Firewall?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Devices' - paul2

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


ISQS 6342

Spring 2004

Gurkan Ozfidan

  • Firewalls, Routers, Switches
  • Wireless/Modems
  • Remote Access Services (RAS)
  • Telecom/Private Branch Exchange (PBX)
  • Virtual Private Networks (VPN)
  • Intrusion Detection Systems (IDS)
  • Mobile Devices
what is firewall
What is Firewall?
  • Firewall is a barrier to keep destructive forces away from your property
  • Firewall is any hardware or software device that provides a means of securing a computer or network from unwanted intrusion
firewall security
Firewall Security

Drafting Security Policy;

  • What am I protecting?
  • Who am I protecting it from?
  • Who gets access to which resources?

Common areas of attack;

  • Web servers, mail servers, FTP services, databases

Available service means hole in your firewall;

  • DNS(23,23), FTP(20-21), ICQ(4000), HTTP(80), Telnet(23)

What Do Firewalls Protect Against?

  • DoS -not to steal information, but to disable a device
  • ping of death -create an IP packet that exceeds the maximum 65535 bytes
  • SYN flood - TCP connections requests faster than a machine can process
  • IP spoofing - break into systems, to hide the hacker\'s identity

How Do Firewalls Work?

  • Network address translation (NAT)
    • Basic firewalls usually use only one technique - NAT
  • Basic packet filtering
    • Most basic security function performed by firewall
  • Stateful packet inspection (SPI)
    • Basic packet filtering by adding a feature called “stateful packet inspection”
  • Access control lists (ACL)
    • Packet filtering is made possible through the use of access control list (ACL).

How Do Firewalls Work?

Network Address Translation;

  • Provides a type of firewall by hiding internal IP addresses
  • Enables a local-area network to use one set of IP addresses for internal network
  • Use second set of addresses for external traffic
  • A NAT box located where the LAN meets the Internet makes all necessary IP address translations

How Do Firewalls Work?

Basic Packet Filtering;

  • Decides whether to forward TCP/IP packets based on information
  • Packet filters screen information based on
    • Protocol type
    • IP address
    • TCP/UDP port
    • Source routing information
  • Packets that make it through the filters are sent to the requesting system

How Do Firewalls Work?

Stateful Packet Inspection;

  • Stateful packet filters can record session-specific information which ports are in use on the client and on the server
  • Three-way handshake;
    • Initiates a TCP connection
    • Begin passing packets once the connection made
    • Once session is ended no packet is allowed
  • Enhances security which side of the firewall a connection was initiated
  • Essential to blocking IP spoofing attacks

How Do Firewalls Work?

Access Control Lists;

  • Packet filtering is made possible through the use of ACLs
  • ACL is a list of rules either allowing or blocking inbound or outbound packets which the firewall comes into contact
  • Example of allowing access only to HTTP(port 80)

access-list 101 permit tcp any eq 80

access-list 101 deny ip any – r u

  • Network management device that sits between different network segments
  • Allows different networks to communicate with one another and the Internet to function

Message or file is broken up into packages about 1500 bytes long

  • Packages includes information on the sender\'s address, the receiver\'s address
  • Checksum value allows the receiving computer to be sure that packet arrived intact
  • Packet is sent via the best available route
  • Tracert ; traces the route that a packet takes to another computer
  • Device that filters and forwards packets between LAN segments
  • Network switches are capable of determining the source and destination of packet, and forwarding that packet appropriately
  • Switches conserve network bandwidth and offer generally better performance than hubs
  • Hub joins multiple computers (or other network devices) together to form a single network segment

Switches usually work at Layer 2 using MAC addresses.

  • Routers work at Layer 3, using addresses (IP, IPX or Appletalk, depending on protocols).
  • Hubs are simply a junction that joins all different nodes together.

The seven layers of the Open Systems Interconnection (OSI) Reference Model

wireless digital data into radio signals
Wireless - digital data into radio signals


  • Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard.
  • Designed to provide the same level of security as wired LAN
  • WEP aims to provide security by encrypting data over radio waves.
  • Do not have same physical structure as LAN, therefore are more vulnerable to tampering
wireless digital data into radio signals17
Wireless - digital data into radio signals


  • Wi-Fi Protected Access , designed to improve upon the security features of WEP
  • Includes two improvements over WEP
  • Improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm, ensures that the keys haven’t been tampered with
  • MAC address is simple to be sniffed out and stolen; Extensible Authentication Protocol EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network
modems mo dulator dem odulator
Modems - modulator-demodulator
  • Digital Subscriber Line (DSL) provides a direct connection between computer or network connected on the client side and the Internet.
  • Cable modems are connected to a shared segment that anyone else on that segment can potentially threaten your system.
  • DSL and cable modems users was the issuing of static IP addresses.
  • Static addresses provide a fixed target for hackers.
  • Dynamic Host Configuration Protocol (DHCP) to issue dynamic addresses.
  • Best solution is to implement a firewall.
remote access services ras
Remote Access Services (RAS)
  • Provides the ability for one computer to dial into another computer via modem.
  • Also offer a feature called callback, work only with fixed phone numbers.
  • It is behind any physical firewall.
  • Unless there is a gateway software or a firewall software running on the server hosting RAS, there is a potential for the network to be compromised.
telecom private branch exchange
Telecom/Private Branch Exchange
  • A traditional PBX is a computer-based telephone switch that may be thought of as a small, in-house, telephone company
  • A private telephone network used within an enterprise
  • Users of the PBX share a certain number of outside lines for making telephone calls external to the PBX
  • Failure to secure PBX can result in toll fraud, theft of information, denial of service
  • Securing a PBX should be part of a written security policy
virtual private networks
Virtual Private Networks
  • VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together
  • Security is enhanced by implementing Internet Protocol Security (IPSec)
  • IPSec provides better encryption algorithms and more comprehensive authentication – transport and tunneling
    • Transport; encryption of data in a packet
    • Tunneling; encryption of data including the address header information
  • IPSec eliminates packet sniffing and identity spoofing
  • Sending and receiving computers hold the keys to encrypt and decrypt the packets

A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field

intrusion detection systems
Intrusion Detection Systems
  • IDS offer the ability to analyze data in real time to detect, log, and stop misuse or attacks as they occur

Computer Based IDS;

    • To secure critical network servers or systems sensitive information
    • Agents are loaded on each on each protected computer
    • Analyze the disk space, RAM, CPU time, and applications
    • Collected information is compared to a set of rules to determine if a security breach has occurred
intrusion detection systems24
Intrusion Detection Systems

Network-based IDS;

  • Monitor activity on a specific network segment
  • Usually dedicated platforms with two components;
    • Sensor; which passively analyzes network traffic
    • Management system; displays alarm information from the sensor and allows security personnel to configure the sensors

Anomaly-based Detection;

  • Involves building statistical profiles of user activity and reacting to any activity that falls outside these profiles
  • Two major problems;
  • Users do not access their computers or the network in static, predictable ways
  • Not enough memory to contain the entire profile
intrusion detection systems25
Intrusion Detection Systems

Signature-based detection;

  • Similar to an antivirus program in its method of detecting potential attacks
  • Vendors produce a list of “signatures” to compare against activity
  • When match is found, IDS take some action
  • Customers depend on vendors to provide the latest signatures
  • Normal network activity can be constructed as malicious
  • Network application may send ICMP (supports packets containing errors) messages
mobile devices
Mobile Devices
  • Personal Digital Systems (PDAs)
  • Can open security holes for any computer with which these devices communicate
  • Virus or destructive code may be introduced during a sync operation between mobile and PC
  • Standard antivirus and firewall applications can’t protect PCs
  • Paul Campbell, et al. Security+. Thomson Course Technology, 2004.
  • Craig Zacker. The Complete Reference Networking. Mc Graw Hill, 2001.
  • George Coulouris, et al. Distributed Systems Concepts and Desing. Addison Wesley, 2001.
  • How Stuff Works. Retrieved from on February 16, 2004.
  • P2P Concepts. Retrieved from on February 17, 2004.
  • Wireless LAN Standards. Retrieved from on February 27, 2004.