View
4.964
Download
5
Embed Size (px)
DESCRIPTION
Introducing Network Security Issues and simple ways to fight back.
Citation preview
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
1
Practical Network Security
Sudarsun SChecktronix India Pvt LtdChennai [email protected]
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
2
Agenda
Security ThreatsFundamental loop hole of EthernetBasic Services offered by Secured SysTypes of IntrudersNetwork Security Administration Configuring Servers Applications Tools Cross Platform deployment
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
3
Agenda (cont..)
FirewallsIntrusion Detection Rules based Pattern Analysis
Usage patterns Feature vectors analysis
Role of Artificial Intelligence Statistical Analysis Knowledge based Systems Adaptive Security systems
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
4
Overview
What are we protecting?Private communication over Public channel.Who are we meaning Intruders?What is the cost of intrusion ?Protection Vs Recovery !?Insiders Vs Outsiders !?
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
5
Data Security
What are Security Attributes ?What’s Default Security Policy ?How does Windows give protection? The Security Tab Ownership / Full Control Access
How does Unix flavors give protection? chmod, chown, umask commands
chmod <1777> <filename> ex: chmod 600 myfile.txt chown user:group <filename> ex: chown sudar:dev
file umask <masknumber> ex: umask 077
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
6
Private Comm Over Public Channel
Internet: Public Communication MediaHow Privacy is achieved ?What are the security threats ? What happens when you send an email ? What happens when you pay your bills ? What happens when you transfer money? What happens when you purchase online?
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
7
Security Threats
Interruption Oops, Availability is gone!
Interception Some one is watching you!
Fabrication Whom are you talking to ?
Modification Am I getting the correct information ?
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
8
Design FlawPromiscuous Mode of operationEncryption only at or below App layer Will IPSec overcomes that ? Are SSL, TLS not enough ?
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
9
Services
ConfidentialityAuthenticityIntegrityNon-Repudiation
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
10
Confidentiality
Only B can discern the message from A
E DHost ASends
M
Bpub Bpri
Text = Bpub(M)
Host BRecvs
M
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
11
Authencity
Guarantees A as the Message Source
ED
Host ASends
M
Apri Apub
Host BRecvs
M
MM+Apri(M)
~
M
Apri(M)M
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
12
Steganography
How Steganography is different from cryptography? Are of concealing the existence of a
message
Strengths of SteganographyMultimedia stream, the Auspicious Carrier!
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
13
Some Apps
Authentication applications - KerberosEmail Security – PGPIP Security – Layer in IPWeb Security – SSL, TLSSSH Vs TelnetSSH TunnelsVirtual Private Networks
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
14
VPN
Created using Two-Way SSH Tunnels
ssh -l <user> -L <localport>:<remote-ip>:<remoteport> -g -p <ssh-port> <remote-ssh-ip-address>
ssh -l <user> -R <remoteport>:<local-ip>:<localport> -g -p <ssh-port> <remote-ssh-ip-address>
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
15
VPN Hardware
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
16
Cyber Café StuffDo you know know Temporary Internet Files folder ?Do you know about persistent cookies ?Do you know where your passwords are stored ?Do you know how your data is transferred when you click submit button?Do you know about VNC servers ?Can your emails, passwords, credit card details be intercepted ?Are you sure of all the Emails received ?
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
17
How to Safeguard?
Delete Temporary Internet FolderDelete cookiesDelete historyDon’t allow passwords to be savedDon’t give your credit card details on a non-https URL.Enable detailed headers in Emails.
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
18
SPAM Filters
What is SPAM, HAM ?How can we identify SPAM ?SpamassasinTechniques Bayes Classifier Rules based
SMTP Filter Open Relay, Blacklisted IP address, HELO
method, banner delays, reverse lookup tests.
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
19
Intruders
MasqueraderAn unauthorized user exploiting legitimate user’s account
MisfeasorA legitimate user violating the limitation on her or him authorization
Clandestine userIndividual seizing supervisor control to evade auditing
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
20
Intrusion Detection
Statistical Anomaly Detection Network monitors tcpdump, ethereal, netstat, iptraf
Auditors and Event Logs Windows Event Logs Linux SysLogs
Rules based Detection ipchains, iptables proxy, reverse proxy, firewalls
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
21
Viruses
Malicious ProgramsTrap doorsLogic bombTrojansViruses WormsAdware, Spyware
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
22
Firewalls
Need for a firewallAttacks
Ping of death Fragmentation Attack Denial of Service IP Spoofing Port scanning
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
23
Level of Control
Service Control Based on Port number
Direction Control Limits inbound and outbound traffic
User Control Restrict user level access to resources
Behavioral Control Content limitation on resource use
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
24
Types
Packet Filtering firewall Based on Packet filter rules
Application Level Gateway Limits the application superficially
Circuit level Gateway Man-in-the-Middle contruction
04/07/23 Sudarsun S - Checktronix India Pvt Ltd
25
References
Public Key Cryptography: http://www.rsasecurity.com/rsalabs/pkcs/HMAC: http://www.cs.ucsd.edu/users/mihir/papers/hmac.htmlDigital Signatures: http://www.epic.org/crypto/dss/Bruce Schenider, Applied CryptographyWilliam Stallings, Cryptography and Network Security, Pearson EducationAll RFCs: http://www.ietf.org/rfc.htmlPGP: http://www.pgp.com/Comer D, Internetworking with TCP/IP Volume 1, Prentice Hall, 1995Cheng P et al, “A Security Architecture for the IP”, IBM Systems Journal, Number 1, 1998OpenSSL: http://www.openssl.org/SSL: http://wp.netscape.com/security/techbriefs/ssl.html?cp=scilnDenning P, Computers Under Attack: Intruders, Worms & Viruses. Reading MA: Addison-Wesley,1990Oppliger R “Internet Security: Firewalls and Beyond” Communication of the ACM, May 1997Bellovin S, Cheswick W. “Network Firewalls”, IEEE Communications Magazine, Sep 1994