Overview of network security
1 / 18

Overview of Network Security - PowerPoint PPT Presentation

  • Uploaded on

Overview of Network Security. Budi Rahardjo [email protected] http://budi.insan.co.id Presented @ CISCO seminar 13 March 2002. ISP. Holes. System (OS) Network Applications (db). Internet. Web Site. Security Holes. Network sniffed, attacked. Network sniffed, attacked.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Overview of Network Security' - diane

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Overview of network security

Overview of Network Security

Budi Rahardjo

[email protected]://budi.insan.co.id

Presented @ CISCO seminar

13 March 2002

net security - budi rahardjo

Security holes



  • System (OS)

  • Network

  • Applications (db)


Web Site

Security Holes


Networksniffed, attacked



Trojan horse

  • Applications (database,Web server) hacked

  • OS hacked

Userid, Password,PIN, credit card #


net security - budi rahardjo

Focus on this presentation
Focus on this presentation



net security - budi rahardjo

Sescurity aspect
Sescurity Aspect

  • Physical

  • Personnel

  • Technical, data, network

  • Policy and procedures

net security - budi rahardjo

Security services
Security Services

  • Confidentiality / Privacy

  • Integrity

  • Authentication

  • Availability

  • Non-repudiation

  • Access Control

net security - budi rahardjo

Types of network attack
Types of network attack

  • Interruption

    • DoS attack, network flooding

  • Interception

    • Sniffed (password)

  • Modification

    • Trojan horse

  • Fabrication

    • Spoofed packets

net security - budi rahardjo

Reality check
Reality Check

  • IP v.4 is not secure. Spoofing is easy

  • Tools (scripts) to exploit are available

  • More home users are connected 24 hours/day with DSL, cable modem

  • Need collaboration among network providers

    • Ingres filter @ border routers

net security - budi rahardjo

Interruption attack
Interruption Attack

  • Denial of Service (DoS) attack

    • Exhaust bandwidth, network flooding

    • Possible to spoofed originating address

    • Tools: ping broadcast, smurf, synk4, various flood utilities

  • Protection:

    • Little we can do if we are under attacked

    • Filter at router for outgoing packet, filter attack orginiating from our site

net security - budi rahardjo

More interruption attack
More interruption attack

  • Distributed Denial of Service (DDoS) attack

    • Flood your network with spoofed packets from many sources

    • Based on SubSeven trojan, “phone home” via IRC once installed on a machine. Attacker knows how many agents ready to attack.

    • Then, ready to exhaust your bandwidth

    • See Steve Gibson’s paper http://grc.com

net security - budi rahardjo

Interception attack
Interception Attack

  • Sniffer to capture password and other sensitive information

  • Tools: tcpdump, ngrep, linux sniffer, dsniff, trojan (BO, Netbus, Subseven)

  • Protection: segmentation, switched hub

net security - budi rahardjo

Modification attack
Modification Attack

  • Modify, change information/programs

  • Examples: Virus, Trojan, attached with email or web sites

  • Protection: anti virus, filter at mail server, integrity checker (eg. tripwire)

net security - budi rahardjo

Fabrication attack
Fabrication Attack

  • Spoofing address is easy

  • Examples:

    • Fake mails, spoofed packets

  • Tools: various packet construction kit

  • Protection: filter outgoing packets at router

net security - budi rahardjo


  • Firewall

    • Static vs Stateful Packet Filter

    • Circuit gateway, application level gateway

  • Intrusion Detection System (IDS)

    • Host vs Network based

  • Policy

    • Privacy issues, AUP, cyberlaw, best practice, what to do if your site is probed?

net security - budi rahardjo

Firewall static packet filter
Firewall – Static Packet Filter

  • Inspect packets based on rules

    • Source, destination address, port

  • Strength:

    • fast, can be implemented with Linux box

  • Weakness: can be fooled, changing order, fragmentation, little information (for logging), IP spoofing, does not inspect payload, difficult to configure (lots of rules), stateless

net security - budi rahardjo

Firewall stateful
Firewall - Stateful

  • Remembers the state of packets

  • Strength: better inspection, can be implemented with Linux box

  • Weaknesses: slower?/faster?, needs more resources, IP spoofing, does not inspect payload, still difficult to configure

net security - budi rahardjo

Instrusion detection system
Instrusion Detection System

  • Monitor system for anomaly

  • Monitor host or network? Hybrid

  • Difficult to monitor if stealth and slow

  • Tools example: snort

net security - budi rahardjo


  • The hardest thing to do is dealing with people

  • Policy, Standard Operating Procedure is overlooked

net security - budi rahardjo

More reading materials
More reading materials

  • My Books: Handbook Securityhttp://budi.insan.co.id

  • Security focus http://www.securityfocus.com

  • Securiteam http://www.securiteam.com

  • SANS: http://www.sans.org

  • and many more …

net security - budi rahardjo