Devices ISQS 6342 Spring 2004 Gurkan Ozfidan
Outline • Firewalls, Routers, Switches • Wireless/Modems • Remote Access Services (RAS) • Telecom/Private Branch Exchange (PBX) • Virtual Private Networks (VPN) • Intrusion Detection Systems (IDS) • Mobile Devices
What is Firewall? • Firewall is a barrier to keep destructive forces away from your property • Firewall is any hardware or software device that provides a means of securing a computer or network from unwanted intrusion
Firewall Security Drafting Security Policy; • What am I protecting? • Who am I protecting it from? • Who gets access to which resources? Common areas of attack; • Web servers, mail servers, FTP services, databases Available service means hole in your firewall; • DNS(23,23), FTP(20-21), ICQ(4000), HTTP(80), Telnet(23) What Do Firewalls Protect Against? • DoS -not to steal information, but to disable a device • ping of death -create an IP packet that exceeds the maximum 65535 bytes • SYN flood - TCP connections requests faster than a machine can process • IP spoofing - break into systems, to hide the hacker's identity
How Do Firewalls Work? • Network address translation (NAT) • Basic firewalls usually use only one technique - NAT • Basic packet filtering • Most basic security function performed by firewall • Stateful packet inspection (SPI) • Basic packet filtering by adding a feature called “stateful packet inspection” • Access control lists (ACL) • Packet filtering is made possible through the use of access control list (ACL).
How Do Firewalls Work? Network Address Translation; • Provides a type of firewall by hiding internal IP addresses • Enables a local-area network to use one set of IP addresses for internal network • Use second set of addresses for external traffic • A NAT box located where the LAN meets the Internet makes all necessary IP address translations
How Do Firewalls Work? Basic Packet Filtering; • Decides whether to forward TCP/IP packets based on information • Packet filters screen information based on • Protocol type • IP address • TCP/UDP port • Source routing information • Packets that make it through the filters are sent to the requesting system
How Do Firewalls Work? Stateful Packet Inspection; • Stateful packet filters can record session-specific information which ports are in use on the client and on the server • Three-way handshake; • Initiates a TCP connection • Begin passing packets once the connection made • Once session is ended no packet is allowed • Enhances security which side of the firewall a connection was initiated • Essential to blocking IP spoofing attacks
How Do Firewalls Work? Access Control Lists; • Packet filtering is made possible through the use of ACLs • ACL is a list of rules either allowing or blocking inbound or outbound packets which the firewall comes into contact • Example of allowing access only to HTTP(port 80) access-list 101 permit tcp any 184.108.40.206 0.0.0.0 eq 80 access-list 101 deny ip any 220.127.116.11 0.0.0.0 – r u
Routers • Network management device that sits between different network segments • Allows different networks to communicate with one another and the Internet to function
Message or file is broken up into packages about 1500 bytes long • Packages includes information on the sender's address, the receiver's address • Checksum value allows the receiving computer to be sure that packet arrived intact • Packet is sent via the best available route • Tracert ; traces the route that a packet takes to another computer
Switches • Device that filters and forwards packets between LAN segments • Network switches are capable of determining the source and destination of packet, and forwarding that packet appropriately • Switches conserve network bandwidth and offer generally better performance than hubs • Hub joins multiple computers (or other network devices) together to form a single network segment
Switches usually work at Layer 2 using MAC addresses. • Routers work at Layer 3, using addresses (IP, IPX or Appletalk, depending on protocols). • Hubs are simply a junction that joins all different nodes together. The seven layers of the Open Systems Interconnection (OSI) Reference Model
Wireless - digital data into radio signals WEP; • Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. • Designed to provide the same level of security as wired LAN • WEP aims to provide security by encrypting data over radio waves. • Do not have same physical structure as LAN, therefore are more vulnerable to tampering
Wireless - digital data into radio signals WPA; • Wi-Fi Protected Access , designed to improve upon the security features of WEP • Includes two improvements over WEP • Improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm, ensures that the keys haven’t been tampered with • MAC address is simple to be sniffed out and stolen; Extensible Authentication Protocol EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network
Modems - modulator-demodulator • Digital Subscriber Line (DSL) provides a direct connection between computer or network connected on the client side and the Internet. • Cable modems are connected to a shared segment that anyone else on that segment can potentially threaten your system. • DSL and cable modems users was the issuing of static IP addresses. • Static addresses provide a fixed target for hackers. • Dynamic Host Configuration Protocol (DHCP) to issue dynamic addresses. • Best solution is to implement a firewall.
Remote Access Services (RAS) • Provides the ability for one computer to dial into another computer via modem. • Also offer a feature called callback, work only with fixed phone numbers. • It is behind any physical firewall. • Unless there is a gateway software or a firewall software running on the server hosting RAS, there is a potential for the network to be compromised.
Telecom/Private Branch Exchange • A traditional PBX is a computer-based telephone switch that may be thought of as a small, in-house, telephone company • A private telephone network used within an enterprise • Users of the PBX share a certain number of outside lines for making telephone calls external to the PBX • Failure to secure PBX can result in toll fraud, theft of information, denial of service • Securing a PBX should be part of a written security policy
Virtual Private Networks • VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together • Security is enhanced by implementing Internet Protocol Security (IPSec) • IPSec provides better encryption algorithms and more comprehensive authentication – transport and tunneling • Transport; encryption of data in a packet • Tunneling; encryption of data including the address header information • IPSec eliminates packet sniffing and identity spoofing • Sending and receiving computers hold the keys to encrypt and decrypt the packets
A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field
Intrusion Detection Systems • IDS offer the ability to analyze data in real time to detect, log, and stop misuse or attacks as they occur Computer Based IDS; • To secure critical network servers or systems sensitive information • Agents are loaded on each on each protected computer • Analyze the disk space, RAM, CPU time, and applications • Collected information is compared to a set of rules to determine if a security breach has occurred
Intrusion Detection Systems Network-based IDS; • Monitor activity on a specific network segment • Usually dedicated platforms with two components; • Sensor; which passively analyzes network traffic • Management system; displays alarm information from the sensor and allows security personnel to configure the sensors Anomaly-based Detection; • Involves building statistical profiles of user activity and reacting to any activity that falls outside these profiles • Two major problems; • Users do not access their computers or the network in static, predictable ways • Not enough memory to contain the entire profile
Intrusion Detection Systems Signature-based detection; • Similar to an antivirus program in its method of detecting potential attacks • Vendors produce a list of “signatures” to compare against activity • When match is found, IDS take some action • Customers depend on vendors to provide the latest signatures • Normal network activity can be constructed as malicious • Network application may send ICMP (supports packets containing errors) messages
Mobile Devices • Personal Digital Systems (PDAs) • Can open security holes for any computer with which these devices communicate • Virus or destructive code may be introduced during a sync operation between mobile and PC • Standard antivirus and firewall applications can’t protect PCs
References • Paul Campbell, et al. Security+. Thomson Course Technology, 2004. • Craig Zacker. The Complete Reference Networking. Mc Graw Hill, 2001. • George Coulouris, et al. Distributed Systems Concepts and Desing. Addison Wesley, 2001. • How Stuff Works. Retrieved from www.howstuffworks.com on February 16, 2004. • P2P Concepts. Retrieved from http://yucca.cs.ttu.edu:8080/cs5331/p2p/index.html on February 17, 2004. • Wireless LAN Standards. Retrieved from http://www.webopedia.com/quick_ref/WLANStandards.asp on February 27, 2004.