packets and protocols l.
Skip this Video
Loading SlideShow in 5 Seconds..
Packets and Protocols PowerPoint Presentation
Download Presentation
Packets and Protocols

Loading in 2 Seconds...

play fullscreen
1 / 43

Packets and Protocols - PowerPoint PPT Presentation

  • Uploaded on

Packets and Protocols. Security Devices and Practices.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Packets and Protocols' - kirti

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
packets and protocols

Packets and Protocols

Security Devices and Practices

Information security is an emerging discipline that combines the efforts of people, policy, education, training, awareness, procedures, and technology to improve the confidentiality, integrity, and availability of an organization’s information assets

Technical controls alone cannot ensure a secure IT environment, but they are usually an essential part of information security programs

Security Devices and Practices


Security Devices and Practices

  • Although technical controls can be an important part of an information security program, they must be combined with sound policy and education, training, and awareness efforts
  • Some of the most powerful and widely used technical security mechanisms include:
    • Access controls
    • Firewalls
    • Dial-up protection
    • Intrusion detection systems
    • Scanning and analysis tools
    • Encryption systems
Access control encompasses three processes:

Confirming the identity of the entity accessing a logical or physical area (authentication)

Determining which actions that entity can perform in that physical or logical area (authorization)

Logging their actions (accounting)

A successful access control approach—whether intended to control physical access or logical access—always consists of all three.

Security Devices and Practices

Mechanism types

Something you know

Something you have

Something you are

Something you produce

Strong authentication uses at least two different authentication mechanism types

Security Devices and Practices

Something you know:

This type of authentication mechanism verifies the user’s identity by means of a password, passphrase, or other unique code

A password is a private word or combination of characters that only the user should know

A passphrase is a plain-language phrase, typically longer than a password, from which a virtual password is derived

A good rule of thumb is to require that passwords be at least eight characters long and contain at least one number and one special character

Security Devices and Practices

Something you have

This authentication mechanism makes use of something (a card, key, or token) that the user or the system possesses

One example is a dumb card (such as an ATM card) with magnetic stripes

Another example is the smart card containing a processor

Another device often used is the cryptographic token, a processor in a card that has a display

Security Devices and Practices

Something you are:

This authentication mechanism takes advantage of something inherent in the user that is evaluated using biometrics

Most of the technologies that scan human characteristics convert these images to obtain some form of minutiae—unique points of reference that are digitized and stored in an encrypted format

Security Devices and Practices

Something you do:

This type of authentication makes use of something the user performs or produces

It includes technology related to signature recognition and voice recognition, for example

Security Devices and Practices

In general, authorization can be handled by:

Authorization for each authenticated user, in which the system performs an authentication process to verify the specific entity and then grants access to resources for only that entity

Authorization for members of a group, in which the system matches authenticated entities to a list of group memberships, and then grants access to resources based on the group’s access rights

Authorization across multiple systems, in which a central authentication and authorization system verifies entity identity and grants a set of credentials to the verified entity

Security Devices and Practices

To appropriately manage access controls, an organization must have in place a formal access control policy, which determines how access rights are granted to entities and groups

This policy must include provisions for periodically reviewing all access rights, granting access rights to new employees, changing access rights when job roles change, and revoking access rights as appropriate

Security Devices and Practices


In information security, a firewall is any device that prevents a specific type of information from moving between two networks, often the outside, known as the un-trusted network (e.g., the Internet), and the inside, known as the trusted network

The firewall may be a separate computer system, a service running on an existing router or server, or a separate network containing a number of supporting devices

Security Devices and Practices

Packet Filtering Routers

Most organizations with an Internet connection use some form of router between their internal networks and the external service provider

Many of these routers can be configured to block packets that the organization does not allow into the network

Such an architecture lacks auditing and strong authentication, and the complexity of the access control lists used to filter the packets can grow to a point that degrades network performance

Security Devices and Practices

When evaluating a firewall, ask the following questions:

What type of firewall technology offers the right balance between protection and cost for the needs of the organization?

What features are included in the base price? What features are available at extra cost? Are all cost factors known?

How easy is it to set up and configure the firewall? How accessible are the staff technicians who can competently configure the firewall?

Can the candidate firewall adapt to the growing network in the target organization?

Security Devices and Practices

Some of the best practices for firewall use are:

All traffic from the trusted network is allowed out

The firewall device is never accessible directly from the public network

Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall, but should be routed to a SMTP gateway

All Internet Control Message Protocol (ICMP) data should be denied

Telnet (terminal emulation) access to all internal servers from the public networks should be blocked

When Web services are offered outside the firewall, HTTP traffic should be handled by some form of proxy access or DMZ architecture

Security Devices and Practices

A host-based IDS works by configuring and classifying various categories of systems and data files

In many cases, IDSs provide only a few general levels of alert notification

Unless the IDS is very precisely configured, benign actions can generate a large volume of false alarms

Host-based IDSs can monitor multiple computers simultaneously

Security Devices and Practices

Network-based IDSs monitor network traffic and, when a predefined condition occurs, notify the appropriate administrator

The network-based IDS looks for patterns of network traffic

Network IDSs must match known and unknown attack strategies against their knowledge base to determine whether an attack has occurred

These systems yield many more false-positive readings than do host-based IDSs, because they are attempting to read the network activity pattern to determine what is normal and what is not

Security Devices and Practices

A signature-based IDS or knowledge-based IDS examines data traffic for something that matches the signatures, which comprise preconfigured, predetermined attack patterns

The problem with this approach is that the signatures must be continually updated, as new attack strategies emerge

A weakness of this method is the time frame over which attacks occur

If attackers are slow and methodical, they may slip undetected through the IDS, as their actions may not match a signature that includes factors based on duration of the events

Security Devices and Practices

The statistical anomaly-based IDS (stat IDS) or behavior-based IDS first collects data from normal traffic and establishes a baseline

It then periodically samples network activity, based on statistical methods, and compares the samples to the baseline

When the activity falls outside the baseline parameters (known as the clipping level), the IDS notifies the administrator

The advantage of this approach is that the system is able to detect new types of attacks, because it looks for abnormal activity of any type

Security Devices and Practices

Managing IDSs

Just as with any alarm system, if there is no response to an alert, then an alarm does no good

IDSs must be configured using technical knowledge and adequate business and security knowledge to differentiate between routine circumstances and low, moderate, or severe threats

A properly configured IDS can translate a security alert into different types of notification

A poorly configured IDS may yield only noise

Security Devices and Practices

RADIUS and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection

A Remote Authentication Dial-In User Service (RADIUS) system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server

Security Devices and Practices


Security Devices and Practices

When a remote access server (RAS) receives a request for a network connection from a dial-up client, it passes the request along with the user’s credentials to the RADIUS server; RADIUS then validates the credentials

The Terminal Access Controller Access Control System (TACACS) works similarly and is based on a client/server configuration

Scanning and analysis tools can find vulnerabilities in systems, holes in security components, and other unsecured aspects of the network

Conscientious administrators will have several informational Web sites bookmarked, and they frequently browse for new vulnerabilities, recent conquests, and favorite assault techniques

There is nothing wrong with security administrators using the tools used by attackers to examine their own defenses and search out areas of vulnerability

Security Devices and Practices

WPA is an industry standard, created by the Wi-Fi Alliance

Has some compatibility issues with older WAPs

Provides increased capabilities for authentication, encryption, and throughput

Security Devices and Practices

Vulnerability scanners, which are variants of port scanners, are capable of scanning networks for very detailed information

They identify exposed user names and groups, show open network shares, and expose configuration problems and other server vulnerabilities

Security Devices and Practices

A packet sniffer is a network tool that collects and analyzes packets on a network

It can be used to eavesdrop on network traffic

A packet sniffer must be connected directly to a local network from an internal location

Security Devices and Practices


Security Devices and Practices

  • To use a packet sniffer legally, you must:
    • Be on a network that the organization owns, not leases
    • Be under the direct authorization of the network’s owners
    • Have the knowledge and consent of the users
    • Have a justifiable business reason for doing so
Content Filters

Another type of utility that effectively protects the organization’s systems from misuse and unintentional denial-of-service conditions is the content filter

A content filter is a software program or a hardware/software appliance that allows administrators to restrict content that comes into a network

The most common application of a content filter is the restriction of access to Web sites with non–business-related material, such as pornography

Another application is the restriction of spam e-mail

Content filters ensure that employees are using network resources appropriately

Security Devices and Practices

Managing Scanning and Analysis Tools

It is vitally important that the security manager be able to see the organization’s systems and networks from the viewpoint of potential attackers

The security manager should develop a program using in-house resources, contractors, or an outsourced service provider to periodically scan his or her own systems and networks for vulnerabilities with the same tools that a typical hacker might use

Security Devices and Practices

Drawbacks to using scanners and analysis tools, content filters, etc:

These tools do not have human-level capabilities

Most tools function by pattern recognition, so they only handle known issues

Most tools are computer-based, so they are prone to errors, flaws, and vulnerabilities of their own

All of these tools are designed, configured, and operated by humans and are subject to human errors

Some governments, agencies, institutions, and universities have established policies or laws that protect the individual user’s right to access content

Tool usage and configuration must comply with an explicitly articulated policy, and the policy must provide for valid exceptions

Security Devices and Practices

E-Mail Security

Secure Multipurpose Internet Mail Extensions (S/MIME) builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication via digital signatures based on public key cryptosystems

Privacy Enhanced Mail (PEM) has been proposed by the Internet Engineering Task Force (IETF) as a standard that will function with public key cryptosystems

PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures

Security Devices and Practices


Security Devices and Practices

  • Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher, a 128-bit symmetric key block encryption algorithm with 64-bit blocks for message encoding
    • Like PEM, it uses RSA for symmetric key exchange and to support digital signatures
IP Security (IPSec) is the primary and now dominant cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group

IPSec combines several different cryptosystems:

Diffie-Hellman key exchange for deriving key material between peers on a public network

Public key cryptography for signing the Diffie-Hellman exchanges to guarantee the identity of the two parties

Bulk encryption algorithms, such as DES, for encrypting the data

Digital certificates signed by a certificate authority to act as digital ID cards

Security Devices and Practices


Security Devices and Practices

  • IPSec has two components:
    • The IP Security protocol itself, which specifies the information to be added to an IP packet and indicates how to encrypt packet data
    • The Internet Key Exchange, which uses asymmetric key exchange and negotiates the security associations
IPSec works in two modes of operation: transport and tunnel

In transport mode, only the IP data is encrypted—not the IP headers themselves; this allows intermediate nodes to read the source and destination addresses

In tunnel mode, the entire IP packet is encrypted and inserted as the payload in another IP packet

IPSec and other cryptographic extensions to TCP/IP are often used to support a virtual private network (VPN), a private, secure network operated over a public and insecure network

Security Devices and Practices

Securing the WEB

Secure Electronic Transactions (SET)

Developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud

Encrypts credit card transfers with DES for encryption and RSA for key exchange

Secure Sockets Layer (SSL)

Developed by Netscape in 1994 to provide security for e-commerce transactions

Mainly relies on RSA for key transfer and on IDEA, DES, or 3DES for encrypted symmetric key-based data transfer

Security Devices and Practices


Security Devices and Practices

  • Secure Hypertext Transfer Protocol (SHTTP)
    • Provides secure e-commerce transactions as well as encrypted Web pages for secure data transfer over the Web, using different algorithms
  • Secure Shell (SSH)
    • Provides security for remote access connections over public networks by using tunneling, authentication services between a client and a server
    • Used to secure replacement tools for terminal emulation, remote management, and file transfer applications
Securing Authentication

A final use of cryptosystems is to provide enhanced and secure authentication

One approach to this issue is provided by Kerberos, which uses symmetric key encryption to validate an individual user’s access to various network resources

It keeps a database containing the private keys of clients and servers that are in the authentication domain that it supervises

Security Devices and Practices