Practical Network Security

04/07/23 Sudarsun S - Checktronix India Pvt Ltd

1

Practical Network Security

Sudarsun SChecktronix India Pvt LtdChennai [email protected]


2

Agenda

Security ThreatsFundamental loop hole of EthernetBasic Services offered by Secured SysTypes of IntrudersNetwork Security Administration Configuring Servers Applications Tools Cross Platform deployment


3

Agenda (cont..)

FirewallsIntrusion Detection Rules based Pattern Analysis

Usage patterns Feature vectors analysis

Role of Artificial Intelligence Statistical Analysis Knowledge based Systems Adaptive Security systems


4

Overview

What are we protecting?Private communication over Public channel.Who are we meaning Intruders?What is the cost of intrusion ?Protection Vs Recovery !?Insiders Vs Outsiders !?


5

Data Security

What are Security Attributes ?What’s Default Security Policy ?How does Windows give protection? The Security Tab Ownership / Full Control Access

How does Unix flavors give protection? chmod, chown, umask commands

chmod <1777> <filename> ex: chmod 600 myfile.txt chown user:group <filename> ex: chown sudar:dev

file umask <masknumber> ex: umask 077


6

Private Comm Over Public Channel

Internet: Public Communication MediaHow Privacy is achieved ?What are the security threats ? What happens when you send an email ? What happens when you pay your bills ? What happens when you transfer money? What happens when you purchase online?


7

Security Threats

Interruption Oops, Availability is gone!

Interception Some one is watching you!

Fabrication Whom are you talking to ?

Modification Am I getting the correct information ?


8

Design FlawPromiscuous Mode of operationEncryption only at or below App layer Will IPSec overcomes that ? Are SSL, TLS not enough ?


9

Services

ConfidentialityAuthenticityIntegrityNon-Repudiation


10

Confidentiality

Only B can discern the message from A

E DHost ASends

M

Bpub Bpri

Text = Bpub(M)

Host BRecvs

M


11

Authencity

Guarantees A as the Message Source

ED

Host ASends

M

Apri Apub

Host BRecvs

M

MM+Apri(M)

~

M

Apri(M)M


12

Steganography

How Steganography is different from cryptography? Are of concealing the existence of a

message

Strengths of SteganographyMultimedia stream, the Auspicious Carrier!


13

Some Apps

Authentication applications - KerberosEmail Security – PGPIP Security – Layer in IPWeb Security – SSL, TLSSSH Vs TelnetSSH TunnelsVirtual Private Networks


14

VPN

Created using Two-Way SSH Tunnels

ssh -l <user> -L <localport>:<remote-ip>:<remoteport> -g -p <ssh-port> <remote-ssh-ip-address>

ssh -l <user> -R <remoteport>:<local-ip>:<localport> -g -p <ssh-port> <remote-ssh-ip-address>


15

VPN Hardware


16

Cyber Café StuffDo you know know Temporary Internet Files folder ?Do you know about persistent cookies ?Do you know where your passwords are stored ?Do you know how your data is transferred when you click submit button?Do you know about VNC servers ?Can your emails, passwords, credit card details be intercepted ?Are you sure of all the Emails received ?


17

How to Safeguard?

Delete Temporary Internet FolderDelete cookiesDelete historyDon’t allow passwords to be savedDon’t give your credit card details on a non-https URL.Enable detailed headers in Emails.


18

SPAM Filters

What is SPAM, HAM ?How can we identify SPAM ?SpamassasinTechniques Bayes Classifier Rules based

SMTP Filter Open Relay, Blacklisted IP address, HELO

method, banner delays, reverse lookup tests.


19

Intruders

MasqueraderAn unauthorized user exploiting legitimate user’s account

MisfeasorA legitimate user violating the limitation on her or him authorization

Clandestine userIndividual seizing supervisor control to evade auditing


20

Intrusion Detection

Statistical Anomaly Detection Network monitors tcpdump, ethereal, netstat, iptraf

Auditors and Event Logs Windows Event Logs Linux SysLogs

Rules based Detection ipchains, iptables proxy, reverse proxy, firewalls


21

Viruses

Malicious ProgramsTrap doorsLogic bombTrojansViruses WormsAdware, Spyware


22

Firewalls

Need for a firewallAttacks

Ping of death Fragmentation Attack Denial of Service IP Spoofing Port scanning


23

Level of Control

Service Control Based on Port number

Direction Control Limits inbound and outbound traffic

User Control Restrict user level access to resources

Behavioral Control Content limitation on resource use


24

Types

Packet Filtering firewall Based on Packet filter rules

Application Level Gateway Limits the application superficially

Circuit level Gateway Man-in-the-Middle contruction


25

References

Public Key Cryptography: http://www.rsasecurity.com/rsalabs/pkcs/HMAC: http://www.cs.ucsd.edu/users/mihir/papers/hmac.htmlDigital Signatures: http://www.epic.org/crypto/dss/Bruce Schenider, Applied CryptographyWilliam Stallings, Cryptography and Network Security, Pearson EducationAll RFCs: http://www.ietf.org/rfc.htmlPGP: http://www.pgp.com/Comer D, Internetworking with TCP/IP Volume 1, Prentice Hall, 1995Cheng P et al, “A Security Architecture for the IP”, IBM Systems Journal, Number 1, 1998OpenSSL: http://www.openssl.org/SSL: http://wp.netscape.com/security/techbriefs/ssl.html?cp=scilnDenning P, Computers Under Attack: Intruders, Worms & Viruses. Reading MA: Addison-Wesley,1990Oppliger R “Internet Security: Firewalls and Beyond” Communication of the ACM, May 1997Bellovin S, Cheswick W. “Network Firewalls”, IEEE Communications Magazine, Sep 1994

Technology

Practical Network Security