Upload
buinguyet
View
215
Download
0
Embed Size (px)
Citation preview
Concepts in Network Security
LTC Ronald Dodge, Ph.D.United States Military Academy
Virtual Machine
X86 hardware
Red H
at
Win 2K
Win 2K
3
SuSE
Trends in Network SecurityAttackers
Increasing sophistication Increasing communication/collaboration
DefendersIncreasing complexityIncreasing dependency Increasing attritionDecreasing budgetsPersistent ignorance/ increasing awareness/ more knowledgeable sysadmin
Network systemsIncreasing connectivityIncreasing complexityIncreasing functionalityIncreasing “computrons”Increased application security
ActivityIncreased state and non-state sponsorshipIncreased patchingIncreasing probes and “Recon by Fire”
Trends: Another Picture
High
Low
Intruder Knowledge
Attack Sophistication
self-replicating codepassword guessing
password crackingexploiting known vulnerabilities
burglariessession high jacking
burglaries
BOTnets
www attackssweepers
automated probesGUI interfaces
network diagnosticsbackdoors
disabling audits
cross site scripting
distributed attacksdenial of service
packet spoofing
1980 1985 1990 1995 2000
Security Trade-offs
Functionality
Perf
orm
ance
Security1
2
Also Convenience Usability
Assumes Fixed Cost
Overview
MotivationVirtual Information Assurance Network (VIAN) introductionViruses, Worms and Trojans – Oh My!
(And don’t forget about SPAM)
USMA VIANVirtual network design presents students with two internal networks separated by a firewall
Red – contains machines that are used to launch exploitsBlue – contains target machines (running installations of Windows and Linux systems)
A second firewall acts as a gateway to the host machineVirtual Machines can connect to “physical network” by bridging through the host interface
The VMware virtualization layer sites between the hardware and software and allows users to create virtual machines
that are the full equivalent of a standard x86 machine
Intel Architecture with VMware
How Does VMware Workstation Work?
USMA VIAN ConfigurationVMware license: Academic $130 eachOS licenses
Solaris: $20MSDNAA: Deeply discounted
Applications: Most all open sourceHardware
P4 1.8GhZ, 1 GB RAM (512), 60 GB HD
USMA VIAN Operating SystemsWindows 2003 (all versions) Windows XP Pro Windows XP home Windows 2000 Server Windows 2000 Pro Windows NT Windows 98
Debian 3EngardeFedoraGentooIPcopNetwosixSentinixSlackwareSmoothwallTrustixvexlinuxMandrakeRed Hat LinuxFree BSD OpenBSDSolaris 9
USMA VIAN ModulesAttacking the Connection with Man in the MiddleDefending with Firewalls: BasicDefending with Firewalls: In-depthDefending: Network intrusion detection using SNORTDefending: Host based intrusion detection with monitorsForensics: IntroForensics: Advanced 1 Forensics: Advanced 2Cryptography: IntroCryptography: Advanced 1Cryptography: Advanced 2Sys Admin: Routing with ZebraSys Admin: ADSys Admin: Exchange
Introduction to the VIAN environment and using virtual machinesIntroduction to the VIAN environment and network fundamentals Reconnaissance: SpywareReconnaissance: SPAM/phishing Reconnaissance: Social engineering Reconnaissance: Port scanningReconnaissance: OS finger printingReconnaissance: Network enumeration Reconnaissance: Vulnerability scanningAttacking with Trojan horses using e-mailAttacking with buffer overflowsAttacking with ViriiAttacking passwords
HACKER Pre-testCan you read this?
T1hs iz da h0m3p4g3 0f d4 m0St l33T w4r3z gR0uP th3r3 iz, LWE! W3 f0cUs oN bRiNgIngj0 dA l4t3eSt 0-dAy 313373 w4r3z év3rydAy. J0 c4n f1nd aLl0ur r3l3ases 0n ThIs l33t p4ge!! Ph34r 0ur sKiLlz!!
Example Malicious Program TypesViruses WormsTrojan horsesBackdoors Buffer overflowsApplication misuse
Hacking, Step-by-StepWell, this ain't exactly for beginners, but it'll have to do. What all hackers have to know is that there are 4 steps in hacking...
Step 1: Getting access to siteStep 2: Hacking r00tStep 3: Covering your tracesStep 4: Keeping that account
http://forbidden.net-security.org/txt/beginner.txt
ReconnaissancePassive recon
Web-based reconDNS recon
Active reconSocial engineering
Via e-mailVia telephoneVia casual conversationDumpster diving
ScanningFinger printing operating systems
ScanningScanning
A method for discovering exploitable communication channels. The idea is to probe as many listeners as possible, and keep track of the ones that are receptive or useful to your particular need
SuperScan – NMAP – NessusCORE Impact – Metasploit – WHAX 3.0 (a.k.a. WHOPPIX)
SniffingSniffing
A packet sniffer is a wire-tap devices that plugs into computer networks and eavesdrops on the network traffic. A “sniffing” program lets someone listen in on computer conversations
Ethereal FTP/SFTP Demo
ExploitationGain User Access to SystemElevate PrivilegesNetwork Based
Passive Sniffing Active SniffingWormsDenial Of Service
Operating System and Application BasedBuffer overflowsPasswords attacksVirusDenial of service
ConsolidationCover tracks
Delete/modify log filesHide filesTunnel communicationsUse covert channels
Demo: PWdumpIISlogcleanVNC
User SecurityE-mail security
E-mail worm / Trojan horse / back door Flip screenSub7Netbus
PhishingPassword security