Loading in 2 Seconds...
Loading in 2 Seconds...
Introduction to Network Security November 20 th , 2007. Presented by Aliza Bailey and Phil Ames. The Net is NOT the Web. The Internet: TCP/IP, the “road” if you will that other protocols run on
November 20th, 2007
Presented by Aliza Bailey and Phil Ames
The Internet: TCP/IP, the “road” if you will that other protocols run on
The Web: one of the “vehicles” that run on this road. Other vehicles would include email, chat programs, file transfer programs and protocols, etc.
Your Network Exploits
“A generic term for a number of different types of malicious code, can include spyware, worms, viruses, etc created with the intent of infiltrating a system without permission and causing destruction, also called “Computer Contaminants””
“A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active “
“A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.”
“Programs designed to log key strokes entered by a user on a machine. When used negatively, this information is transmitted to a remote location to collect the personal data”
“A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.”
“A collection of compromised, broadband-enabled PC’s hijacked during a worm/virus attack and infected with software that links them to a server where they receive “instructions” from a botnet controller. These are then used to participate in further virus/worm/spam assaults and Denial of Service attacks”
“An event or series of events that prevents a system or network from performing its intended function”
This can come from a botnet or a more direct attack. In the basic sense, more packets or data is sent to a victim than the victim can handle and the system crashes.
“The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with. Spam is any unwanted unsolicited message. Spam is usually sent via email”
Eliminate the “Does not apply to me” attitude with users
You can not defend what you do not understand.
Multiple layers are always better than one.
Keeping the bad guys from reaching your users
· Routers apply lists sequentially in the order in which you type them into the router.· Routers apply lists to packets sequentially, from top down, one line at a time.· Packets are processed only until a match is made and then they are acted upon based on the access list criteria contained in the access list statements.· Lists always end with an implicit deny. Routers discard any packets that do not match any of the access list statements.· Access lists must be applied to an interface as either inbound or outbound traffic filters.· Only one list per direction can be applied to an interface.
Example: Restricting network access only to one network
Permits any IP in the 184.108.40.206/28 network to go anywhere, denies all else
IP access list 99
10 permit ip 220.127.116.11 0.0.0.15 any
20 deny ip any any
ip address 18.104.22.168 255.255.255.240
ip access-group 100 in
no ip unreachables
Applied INBOUND to the VLAN interface. Inbound means traffic coming into that interface from machines internal to your network
Example: Restricting traffic even more with extended ACL’s
ip access-list extended School_Security
permit tcp 10.10.10.0 0.0.0.255 10.0.0.0 0.255.255.255 eq smtp
permit tcp 10.10.10.0 0.0.0.255 22.214.171.124 0.0.255.255 eq smtp
deny tcp any any eq smtp
deny udp any any eq snmp
permit tcp 10.10.10.0 0.0.0.255 any eq www
permit tcp 10.10.10.0 0.0.0.255 any eq 8888
deny ip any any
This ACL will allow SMTP access for the 10.10.10.0/24 network only to the two networks stated, deny all others. Next, access to WWW and TCP port 8888 is allowed, nothing else. This example works in direct conjunction with our HTTPS proxy