1 / 37

Overview

Overview. Security Type of attacks Firewalls Protocols Packet filter. Security. Security means, protect information (during and after processing) against impairment and loss of confidentiality, integrity and availability. Given by:

ann-medina
Download Presentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview • Security • Type of attacks • Firewalls • Protocols • Packet filter Computer Net Lab/Praktikum Datenverarbeitung 2

  2. Security • Security means, protect information (during and after processing) against impairment and loss of confidentiality, integrity and availability.Given by: • increasing of availability and storage strategies:Backup, Redundant Systems, Raid-Systems • protection against unauthorized access:Firewalls, encryption algorithm, etc. Computer Net Lab/Praktikum Datenverarbeitung 2

  3. Security requirements • Availabilityensures that authorized persons are able to access data and communication services at every time. • Integrityguarantees that the data are authentic and undamaged. • Privacyprotects confidential information against unintended access. Computer Net Lab/Praktikum Datenverarbeitung 2

  4. Threats • Active attacks • Intrusion of unauthorized persons • Impairment and disturbance of networking • Data modification • Passive Attacks • Password listening • Data listening • Network traffic analysis Computer Net Lab/Praktikum Datenverarbeitung 2

  5. Aggressor Who is aggressive • Competitors • Hacker/Cracker (Beginners, Professional) • Professional Hacker (industrial espionage) • Colleagues(approx. 70% of all attacks come from Colleagues) Computer Net Lab/Praktikum Datenverarbeitung 2

  6. Examples • Februay2001 Hacker stole around 80.000 DIN-A-4 Pages with privacy information like credit card numbers, passwords, etc. from the server of the World Economic Forum. • October 2000by use of so called trojans, hackers got access to passwords of Microsoft employees. So the hackers were able to stole the newest source code release of a Microsoft operation system. • February 2000Yahoo was a victim of a Denial-Of-Service Attack. The Website of yahoo was more than 3 hours not available. Computer Net Lab/Praktikum Datenverarbeitung 2

  7. Kind of attacks • Password attack • Data attack • Malicious Code • Scanner • Spoofing • FTP, MAIL, Telnet • DOS-Attack Computer Net Lab/Praktikum Datenverarbeitung 2

  8. Password attack • 3 Methods • Guess on base of known or speculated user accounts (names). • Brute force attack on a password file by use of special applications, i.e. Crack. • Listening on connections in order to find out user names and their passwords. Computer Net Lab/Praktikum Datenverarbeitung 2

  9. Data attack • Data attack are done by use of so called sniffers. • Sniffer respectively network monitoring tools are applications which are originally used in order to monitor and analyse network traffic. • Usually a computer receives via its network interface card only these packages which are destined for itself. • But it is possible to get access to all traffic. This could be done when the network interface card is running in a special mode, the promiscuous mode. Extremely dangerous: A sniffer is installed on a server Computer Net Lab/Praktikum Datenverarbeitung 2

  10. Malicious Code • Malicious Code is unauthorized code (could be in a legal application) doing jobs which are unknown by the user and usually undesired. • Examples: • Viruses • Trojan horses • Worms Computer Net Lab/Praktikum Datenverarbeitung 2

  11. Scanner • Scanner are security tools which are originally used in order to find out some weak points of a system. There are system scanner and network scanner. • System scanner:scans its local host in order to find out security gaps or configuration problems. • Network scanner:scans computer connected to a network. They check services and ports und deliver therefore information about possible security gaps. Computer Net Lab/Praktikum Datenverarbeitung 2

  12. Spoofing • Spoofing is used in order to outwit authentification and identification mechanism which are basing on trustworthy addresses and/or hostnames. • a distinction is drawn between: • IP-Spoofingdenotes the corruption of the sender-IP address. • DNS-Spoofingmeans the corruption of entries in DNS-servers. Computer Net Lab/Praktikum Datenverarbeitung 2

  13. FTP, Mail, Telnet • FTP: • Authentification by use of user name and password. • No encryption of data and password. • Mail: • Sending of big mails affects the mail servers availability (Mail bombing). • Sending of mails with wrong sender information. • Telnet: • No password encryption. • No data encryption. Computer Net Lab/Praktikum Datenverarbeitung 2

  14. DOS-Attacks • DOS = Denial of Service. • Most common attack (simple and fast). • Goal is to knock out the attacked system or at least to interfere the access for valid users. • Not easy to intercept. • Next step: DDOS = Distributed Denial of ServiceSeveral machines start an attack at the same time.Example: TCP-SYN Flooding, PING Computer Net Lab/Praktikum Datenverarbeitung 2

  15. Internet private, local net Firewall Firewall Basics • A Firewall is a hurdle between to nets which must be cleared in order to allow communication from one net to the other. Each communication between the nets must be done over the firewall. Computer Net Lab/Praktikum Datenverarbeitung 2

  16. Definition Firewall • A firewall consists of one or more hard- and software components. • A firewall connects two networks in a way that all traffic between the networks must pass the firewall. • A Firewall implements a security strategy, which realises access restrictions and if required attack recording. • A Firewall let only pass those data packages which fulfil the security strategy. Computer Net Lab/Praktikum Datenverarbeitung 2

  17. What a Firewall can do • Restriction of traffic between two networks. • Access only to special machines or services. • Network monitoring and recording => protocols. • Manipulation of network traffic by use of special (i.e. traffic limitation, IP-Address replacement, etc.). Computer Net Lab/Praktikum Datenverarbeitung 2

  18. What a Firewall can‘t do • Closing security gaps directly. • Correction of configuration or installation mistakes. • Find out viruses or Trojans. • Making a network totally secure. Computer Net Lab/Praktikum Datenverarbeitung 2

  19. Firewall-Concepts • Packet filterFiltering on network layer (IP-Addresses and Ports). • Proxy-Gateways • Circuit Level GatewayFiltering on transport layer. • Application Level GatewayFiltering on application level (protocol dependent). • Graphical FirewallAll internet applications running outside of the protected network. Only graphical information are delivered. Computer Net Lab/Praktikum Datenverarbeitung 2

  20. Internet HTTP Gateway FTP Gateway private, local Net Firewall with application dependent Proxy-Services Proxy-Gateway • Proxy=lock keeper • A Proxy firewall act as a server for the client and as a client for the server. Computer Net Lab/Praktikum Datenverarbeitung 2

  21. Proxy-Gateway • Offers application specific services for clients. • Control and observe functions for a specific application • Example: • Avoid that a client uses ftp in order to transfer data in (via „put“ command) to an external ftp-server. • Access forbidden for special HTTP-Sites • In opposite to packet filters the connection is really interrupted. • IP-Addresses of the internal net are invisible. Computer Net Lab/Praktikum Datenverarbeitung 2

  22. Protocols HTTP FTP SMTP DNS SNMP RIP Application TCP UDP Transport IP Internet Ethernet Token-Ring ATM Phys. Network Computer Net Lab/Praktikum Datenverarbeitung 2

  23. IP • It carries the transport protocols TCP and UDP. • It builds IP-Packages out of the data which have to be transmitted. • It adds additional information, the IP-Header. It contains source and destination address. Computer Net Lab/Praktikum Datenverarbeitung 2

  24. TCP • TCP (Transmission Control Protocol) confirms every received data package. • TCP repeats each data package until its receiving is confirmed. • TCP is reliable, that means the transmission is guaranteed. Computer Net Lab/Praktikum Datenverarbeitung 2

  25. Port Communication • Communication via TCP/IP operates by IP-Addresses and Ports. • Each IP-Address has 216 potential ports. • The ports below 1024 are standardized (standard ports), which are allocated to dedicated services, i.e.:23 telnet25 smtp80 http443 https 134.91.100.1 . . . . . . . . 23 25 80 30000 Computer Net Lab/Praktikum Datenverarbeitung 2

  26. Packet filter • Filtering of Data packages: • Sender/Destination IP-Addresses • Sender/ Destination -Ports (Services) • Protocols (TCP,UDP, ICMP) • Separate Filtering of incoming Packages (INPUT) und outgoing Packages (OUTPUT). • Different rules for Input-Filter and Output-Filter. • List of rules are so called chains. • A package is checked by one rule after the other until either one rule matches or the end of list is reached. Computer Net Lab/Praktikum Datenverarbeitung 2

  27. network interface incoming packet rule 3 matches IINPUT-CHAIN no rule 1 matches rule 2 matches no no rule 2 matches rule 1 matches no OUTPUT-CHAIN rule 3 matches outgoing packet Packet filter (Chains) Computer Net Lab/Praktikum Datenverarbeitung 2

  28. Packet filter (Policies) • Every chain has a default setting for package treatment, the so called policies. The policies come into play after a data package were checked by all rules of a chain. • If no rule matches the default policy applies. • There are two different strategies: • Deny every package. Only well defined kind of packages are allowed. (Better). • Allow every package. Only well defined kind of packages are forbidden. Computer Net Lab/Praktikum Datenverarbeitung 2

  29. Packet filter (Reject vs. Drop) • Packet filters have two different methods to handle a non accepted package. • Reject: The Package will be deleted and an ICMP-Error message is delivered to the sender. • Drop: The Package will be deleted. • Drop is the better choice, because: • less traffic, • the package could be part of a attack, • even an error message could be an useful information for an aggressor. Computer Net Lab/Praktikum Datenverarbeitung 2

  30. Filtering of incoming packages • Filtering according to Sender- IPThere a some groups of IP-Addresses which could be generally dropped. For example: IP-Addresses of the own Subnet, etc. • Filtering according to Destination-IPOnly packages addressing the own network are accepted. • Filtering according sender/destination PortWe have to distinguish between requests of external clients to our own servers and incoming answers of external servers destined for local clients. Computer Net Lab/Praktikum Datenverarbeitung 2

  31. Filtering of outgoing packages • Filtering according Sender IPOnly packages with correct IP-Addresses of our own network are allowed to pass. • Filtering according Destination IPDepends on requested services, i.e.: request to an external mail server. • Filtering according Sender-PortsClient-Requests to external resources are usually done by ports above 1024. Local servers use well defined ports (below 1024) when they send an answer to external clients. • Filtering according Destination-PortsAll destination ports of external clients (accessing local servers) are above 1024. Internal clients will use well defined ports below 1024 for access to external servers. Computer Net Lab/Praktikum Datenverarbeitung 2

  32. Stateful Filtering • Stateful Filtering means the capability to store the state and contextual information of a TCP network connection. =>Dynamic packet filter analyse the state of an TCP-Connection.Connection request of client: SYNAcknowledgement of server: ACK-SYNAcknowledgement of client: ACKFurther transfer (from both sides): ACK • Packages (containing a ACK-Flag) from outside to inside are only accepted if a package from inside to outside (containing a SYN-Flag) was sent before. Computer Net Lab/Praktikum Datenverarbeitung 2

  33. Iptables (1) • Iptables (Packet filter under Linux) • Three Chains: INPUT, OUTPUT, FORWARD. • Routing decides if a package is delivered to the INPUT-Chain or to the FORWARD-Chain. • Packages for the machine itself are checked at first by the INPUT-Chain. If the INPUT Chain accepts the packages it reaches the actual machine. • Packets for foreign machines (in out local protected net) are running through the FORWARD-Chain. If the packages is accepted it is delivered to the appropriated network interface. Computer Net Lab/Praktikum Datenverarbeitung 2

  34. Forward- Chain Routing Drop Input- Chain Local Processes Output- Chain Drop Drop IPTables (2) Computer Net Lab/Praktikum Datenverarbeitung 2

  35. IPTables (some commands) • Delete rulesiptables --flush • Drop all packages iptables –policy INPUT DROPiptables –policy OUTPUT DROPiptables –policy FORWARD DROP • Reject incoming packages coming from the IP-Address of our own external interfaceiptables – A input –i eth0 –s <myipadress> -j DROP Computer Net Lab/Praktikum Datenverarbeitung 2

  36. Firewall example Computer Net Lab/Praktikum Datenverarbeitung 2

  37. How can I protect my own PC • Deactivate all services which are not required. • Deinstall all programs which are not permanently used. • Deinstall all programs with well known security gaps. (even when you need them). • Inform yourself about security gaps and use updates. • Install a virus scanner (Freeware: AntiVir). • Install a personal firewall (Freeware:ZoneAlarm). Computer Net Lab/Praktikum Datenverarbeitung 2

More Related