System Health and Intrusion Monitoring Using a Hierarchy of Constraints
|
|
- Egbert Kennedy
- 8 years ago
- Views:
Transcription
1 System Health and Intrusion Monitoring Using a Hierarchy of Constraints Calvin Ko NAI Labs, Network Associates, Inc. Jeff Rowe University of California, Davis October 2001
2 Historical Behavior Attacks / Vulnerabilities Intended/Expected Behavior Abstract IDS Model Rules Detect Detect effect/manifestation actions by theof the attacker s attackersactions ID Engine Result Audit Data (e.g., Kernel Audit trails, Network packets, Syslog, ) RAID
3 System Health and Intrusion Monitoring (SHIM) Extend existing specification-based detection work Employ a hierarchy of constraints/specifications describe healthy/correct operation of a system capture static behavior, dynamic behavior, timedependent behavior of different components at different levels of abstraction detect manifestations of attacks or security errors regardless of the cause Utilize data at all levels network, host, OS kernel, application Reason about the specifications RAID
4 Top Level Threats addressed by SHIM Remote-to-Local, Remote-to-Root User-to-Root Insider exceeding his/her privileges misusing his/her privileges Trojan Horses Denial of Services Masqueraders & Probing Privileged processes setuid root programs, servers/daemons, administrator processes RAID
5 System-wide System Services Host Programs and Network Protocols Applications Constraint Model Access Data Integrity Operational Integrity Temporal/Interaction Resource Usage RAID
6 Security Policies, Design Principles Higher Level Constraints Constraint Development Functionality & System Semantics Hierarchical Constraint Model Attack / Vulnerability Models Configuration, historical behavior, & system policy Constraints RAID
7 Technical objective Approach and Rationale Roadmap Useful types of constraints Program constraints Protocol constraints High level constraints Ongoing and Future Work RAID
8 Useful Types of Constraints Policy on Users Files a user can access Resources a user is allowed to possess Protocol Specifications -- operational view Defines allowable transitions Defines allowable time in a given state Protocol Specifications -- message content Mappings delivered by DNS should accurately represent view of authoritative router IP addresses are not spoofed RAID
9 Useful Types of Constraints (cont.) Protocols -- Invariant and assumptions IP Routers approximate Kirchoff s law Packets are not sniffed by third-party Packet source must be a non-congested/non-dosed host Programs -- valid access constraints Programs access only certain objects Programs - Interaction constraints program interaction should not change the semantic Data Integrity e.g., passwords, other authentication information authorization information, process table RAID
10 Access Constraints for Programs Can Detect remote users gain local accesses local users gain additional privileges Trojan Horses Work well for many programs, e.g., passwd, lpr, lprm, lpq, fingerd, at, atq, Some program can potentially access many files, e.g., httpd, ftpd break the execution into pieces (or threadlets). Define the valid access for each threadlets. Threadlet defined by transition operations RAID
11 Component-Specific Constraints Privileged programs e.g., Ftp daemon Read files that are world readable Write files that are owned by the user Execute only /bin/ls, /bin/gzip, /bin/tar, /bin/compress Critical Data E.g., The password file in a Unix system should be in the correct form and each user should have a password. RAID
12 General Constraints A privileged process should discard all its privileges and capabilities before it gives control to a user. The temporary file for a program should be accessible only by the program execution and should be removed when the program exits An application should read only configuration files owned by the user that it is running as RAID
13 Constraints / Specifications Prototype SHIM Host Monitor SHIM Compiler SHIM Analyzer Modules Other sources SHIM Monitor Control SHIM Analyzer Module Linux or Solaris Kernel Agile Kernel Auditor RAID
14 Protocol Constraints Address Resolution Protocol (ARP) For mapping between the Ethernet layer and the IP layer Hosts on the network query all machines for their Ethernet-to- IP assignments before sending to a new IP address. Hosts typically keep a local list of mappings ( the ARP cache ) to avoid repetitive queries ARP Cache Poisoning Unsolicited Response Bogus Request Bogus Response Both a spurious Request and a spurious Response RAID
15 An ARP Specification ARP Request ARP Request ARP Response i reply_wait cached ARP cache timeout RAID
16 Unsolicited ARP Response ARP REPLY to victim blanc.cs.ucdavis.edu IS-AT 08:00:20:23:71:52 ARP reply will be accepted by a victim machine, even though it hasn t sent a request. Sending a arbitrary IP to Ethernet mapping will poison the victim s ARP cache. Sending an unsolicited response to the broadcast Ethernet address poisons the cache of all machines (Solaris, Windows, Linux). RAID
17 Bogus ARP Request ARP REQUEST WHO-HAS olympus.cs.ucdavis.edu TELL blanc.cs.ucdavis.edu at 08:00:20:23:71:52 ARP implementations cache entries based upon broadcast requests. Even if the host isn t involved in any resolution their cache will update with the information contained in third-party requests. Sending out an request with bogus sender information poisons everyone s cache. RAID
18 Unsolicited ARP Response An ARP Specification Malformed Request alarm ARP Request Bogus ARP Response ARP Request ARP Response i reply_wait cached ARP cache timeout RAID
19 ARP Monitor Implementation Built on the snort open-source IDS platform - Uses the snort preprocessor plug-in feature - No measurable difference in baseline IDS performance due to the low volume of ARP traffic. Single ARP correctness specification catches all five ARP vulnerabilities RAID
20 A DHCP Specification Dynamic Host Configuration Protocol (DHCP) provides centralized management of client workstation configuration parameters Distributed servers cooperatively allocate client parameters, even across sub-networks. DHCP typically configures IP address allocation Gateway router address DNS servers RAID
21 DHCP Messages From Server Message Use DHCPOFFER Server to client in response to DHCPDISCOVER with offer of configuration parameters. DHCPACK Server to client with configuration parameters, including committed network address. DHCPNAK Server to client indicating client's notion of network address is incorrect (e.g., client has moved to new subnet) or client's lease as expired From Clients Message Use DHCPDISCOVER Client broadcast to locate available servers. DHCPREQUEST Client message to servers either (a) requesting offered parameters from one server and implicitly declining offers from all others, (b) confirming correctness of previously allocated address after, e.g., system reboot, or (c) extending the lease on a particular network address. DHCPDECLINE Client to server indicating network address is already in use. DHCPRELEASE Client to server relinquishing network address and cancelling remaining lease. DHCPINFORM Client to server, asking only for local configuration parameters; client already has externally configured network address. RAID
22 DHCP Protocol Misuse DHCP built upon UDP making IP spoofing trivial. DHCP traffic is passed by routers and can traverse remote networks Denial-of-Service Fake client DHCPRELEASE causes server to assign same IP address to multiple clients. Multiple fake DHCPREQUEST messages consume all available IP addresses. Falsification of network services Fake DHCP server feeds clients false gateway router address for DOS or to intercept traffic. Fake DHCP server feeds clients a false DNS server and supplies it s own malicious mappings. RAID
23 Init-Reboot -/Send DHCPREQUEST Rebooting DHCPACK/Record lease, set T1, T2 DHCPNAK/Restart DHCPNAK/Discard Offer DHCP Protocol DHCPAK(not accepted)/send DHCPDECLINE Select Offer/Send DHCPREQUEST Init -/Send DHCPDISCOVER Selecting DHCPOFFER/Collect Offers DHCPNAK/Lease expired DHCPNAK/Halt Network DHCPOFFER/ Discard Requesting DHCPOFFER, DHCPACK, DHCPNAK /Discard DHCPACK/Record lease, set T1, T2 Bound DHCPACK/Record lease, set T1, T2 T1 Expires/Send DHCPREQUEST DHCPACK/Record lease, set T1, T2 Rebinding T2 Expires/ Broadcast DHCPREQUEST Renewing RAID
24 DHCP Protocol Monitor DHCP protocol monitor is implemented as a Snort IDS plug-in. Based upon the DHCP client state diagram Monitors for DHCPRELEASE messages Monitors for multiple server replies indicating the presence of a rogue DHCP server. RAID
25 High-Level Constraints Concerned with the system or a services May not be directly detectable, need to project down to lower-level constraints e.g., Only valid users can login from valid remote hosts. Combining host-based and protocol constraints RAID
26 rlogind allows only authorized attempt Projections Only authorized remote user can rlogin to a host Rlogin packet came from the true remote host Remote host not compromised DNS name not spoofed IP address not spoofed ARP address not spoofed RAID
27 Ongoing and Future Work Investigate constraints for other components Projections of constraints Verification of constraints Interaction constraints High level constraints RAID
HOST AUTO CONFIGURATION (BOOTP, DHCP)
Announcements HOST AUTO CONFIGURATION (BOOTP, DHCP) I. HW5 online today, due in week! Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 I. Auto configuration
More informationDynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes
Dynamic Host Configuration Protocol (DHCP) 1 1 Dynamic Assignment of IP addresses Dynamic assignment of IP addresses is desirable for several reasons: IP addresses are assigned on-demand Avoid manual IP
More informationSystem Health and Intrusion Monitoring Using a Hierarchy of Constraints
System Health and Intrusion Monitoring Using a Hierarchy of Constraints Calvin Ko 1, Paul Brutch 1, Jeff Rowe 2, Guy Tsafnat 1, and Karl Levitt 2 1 NAI Labs, Network Associates Inc., Santa Clara, CA {Calvin
More informationApplication Protocols for TCP/IP Administration
Application Protocols for TCP/IP Administration BootP, TFTP, DHCP Agenda BootP TFTP DHCP BootP, TFTP, DHCP, v4.4 2 Page 60-1 BootP (RFC 951, 1542, 2132) BootP was developed to replace RARP capabilities
More informationA DHCP Primer. Dario Laverde, dario@mediatracker.com. 2002 Dario Laverde
A DHCP Primer Dario Laverde, dario@mediatracker.com 2002 Dario Laverde Dynamic Host Configuration Protocol DHCP Client DHCP DHCP Server Dynamic Host Configuration consists of at least an IP address in
More informationEfficient Addressing. Outline. Addressing Subnetting Supernetting CS 640 1
Efficient Addressing Outline Addressing Subnetting Supernetting CS 640 1 IPV4 Global Addresses Properties IPv4 uses 32 bit address space globally unique hierarchical: network + host 7 24 Dot Notation 10.3.2.4
More informationHow To Write A Boot(Ing) Protocol On A Microsoft Ipnet (Net) (Netnet) On A Network (Ipnet) With A Network Address) (Ip Address) On An Ip Address (Ipaddress) On Your Ip
Boot(ing) protocols From (R)ARP to BSDP dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 12, 2008 dr. C. P. J. Koymans (UvA) Boot(ing) protocols September 12, 2008 1 / 25 ARP
More informationCh 6: Networking Services: NAT, DHCP, DNS, Multicasting
Ch 6: Networking Services: NAT, DHCP, DNS, Multicasting Magda El Zarki Prof. of CS Univ. of CA, Irvine Email: elzarki@uci.edu http: www.ics.uci.edu/~magda Overivew of NAT NAT: Network Address Translation
More informationCh 6: Networking Services: NAT, DHCP, DNS, Multicasting, NTP
Ch 6: Networking Services: NAT, DHCP, DNS, Multicasting, NTP Magda El Zarki Prof. of CS Univ. of CA, Irvine Email: elzarki@uci.edu http: www.ics.uci.edu/~magda Network Address Translation - NAT Private
More informationInvestigation of DHCP Packets using Wireshark
Investigation of DHCP Packets using Wireshark Mohsin khan Faculty of Telecommunication Engineering and Environment Birmingham City University England Saleh Alshomrani Faculty of Computing and IT King Abdulaziz
More informationCYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE
CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE Due to the encouraging feedback this series of articles has received, we decided to explore yet another type of cyber intrusionthe Man In The Middle (MITM)
More informationLab 5-5 Configuring the Cisco IOS DHCP Server
Lab 5-5 Configuring the Cisco IOS DHCP Server Learning Objectives Configure and verify the operation of the Cisco IOS DHCP server Configure an IP Helper address Review the EIGRP configuration Topology
More informationFirewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
More informationGaia Syslog Messages. Technical Reference Guide. 25 February 2014. Classification: [Protected]
Gaia s Technical Reference Guide 25 February 2014 Classification: [Protected] 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright
More informationMore Internet Support Protocols
Domain Name System (DNS) Ch 2.5 More Internet Support Protocols Problem statement: Average brain can easily remember 7 digits On average, IP addresses have 10.28 digits We need an easier way to remember
More informationScaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1
Scaling the Network: Subnetting and Other Protocols Networking CS 3470, Section 1 Today CIDR Subnetting Private IP addresses ICMP, IMAP, and DHCP Protocols 2 Packet Encapsulation ** Creative Commons: http://en.wikipedia.org/wiki/file:udp_encapsulation.svg
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationICS 351: Today's plan
ICS 351: Today's plan Quiz, on overall Internet function, linux and IOS commands, network monitoring, protocols IPv4 addresses: network part and host part address masks IP interface configuration IPv6
More informationComputer Networks CCNA Module 1
Chapter 1: Quiz 1 Q1: Which statement describes a network that supports QoS? The fewest possible devices are affected by a failure. The network should be able to expand to keep up with user demand. The
More informationPacket Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA
A Seminar report On Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org Preface I have made
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationNIS Security Weaknesses and Risk Analysis
A Unix Network Protocol Security Study: Network Information Service Introduction David K. Hess, David R. Safford and Udo W. Pooch Texas A&M University dhess@cs.tamu.edu This note is a study of the security
More informationLECTURE 4 NETWORK INFRASTRUCTURE
SYSTEM ADMINISTRATION MTAT.08.021 LECTURE 4 NETWORK INFRASTRUCTURE Prepared By: Amnir Hadachi and Artjom Lind University of Tartu, Institute of Computer Science amnir.hadachi@ut.ee / artjom.lind@ut.ee
More informationOwn your LAN with Arp Poison Routing
Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From
More informationAn Intrusion Detection System for Kaminsky DNS Cache poisoning
An Intrusion Detection System for Kaminsky DNS Cache poisoning Dhrubajyoti Pathak, Kaushik Baruah Departement of CSE, IIT Guwahati drbj153@alumni.iitg.ernet.in, b.kaushik@iitg.ernet.in Abstract : Domain
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationInternet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationCourse Title: Penetration Testing: Security Analysis
Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationPacket Sniffer Detection with AntiSniff
Ryan Spangler University of Wisconsin - Whitewater Department of Computer and Network Administration May 2003 Abstract Packet sniffing is a technique of monitoring every packet that crosses the network.
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationFirewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT
Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More information- Basic Router Security -
1 Enable Passwords - Basic Router Security - The enable password protects a router s Privileged mode. This password can be set or changed from Global Configuration mode: Router(config)# enable password
More informationLEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS
1 LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS Te-Shun Chou and Tijjani Mohammed Department of Technology Systems East Carolina University chout@ecu.edu Abstract
More informationProCurve Networking. Hardening ProCurve Switches. Technical White Paper
ProCurve Networking Hardening ProCurve Switches Technical White Paper Executive Summary and Purpose... 3 Insecure Protocols and Secure Alternatives... 3 Telnet vs. Secure Shell... 3 HTTP vs. HTTPS... 3
More informationWireless Security: Secure and Public Networks Kory Kirk
Wireless Security: Secure and Public Networks Kory Kirk Villanova University Computer Science kory.kirk@villanova.edu www.korykirk.com/ Abstract Due to the increasing amount of wireless access points that
More informationNetwork Security: From Firewalls to Internet Critters Some Issues for Discussion
Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:
More informationExploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews
Exploring Layer 2 Network Security in Virtualized Environments Ronny L. Bull & Jeanna N. Matthews Road Map Context for the Problem of Layer 2 Network Security in Virrtualized Environments Virtualization,
More informationMWR InfoSecurity Security Advisory. pfsense DHCP Script Injection Vulnerability. 25 th July 2008. Contents
Contents MWR InfoSecurity Security Advisory pfsense DHCP Script Injection Vulnerability 25 th July 2008 2008-07-25 Page 1 of 10 Contents Contents 1 Detailed Vulnerability Description... 5 1.1 Technical
More informationTCP/IP Security Problems. History that still teaches
TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home
More informationConfiguring DHCP. DHCP Server Overview
Configuring DHCP This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP). For a complete description of the DHCP commands listed in this chapter, refer to the DHCP s chapter
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationIn today s world the Internet has become a valuable resource for many people.
In today s world the Internet has become a valuable resource for many people. However with the benefits of being connected to the Internet there are certain risks that a user must take. In many cases people
More informationLesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division
Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationDHCP Server. Heng Sovannarith heng_sovannarith@yahoo.com
DHCP Server Heng Sovannarith heng_sovannarith@yahoo.com Introduction Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses and other network configuration information to computers
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationNetwork Security in Practice
Network Security in Practice Practices of Network Security ccess control: firewalls ttacks and counter measures Security protocol case studies Kai Shen 12/8/2014 CSC 257/457 - Fall 2014 1 12/8/2014 CSC
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationSecuring Wireless Networks from ARP Cache Poisoning
Securing Wireless Networks from ARP Cache Poisoning A Project Presented to The Faculty of the Department of Computer Science San Jose State University In partial Fulfillment of the Requirements for the
More informationHow To Protect Your Network From Attack From A Hacker On A University Server
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
More informationARP Poisoning (Man-in-the-Middle) Attack and Mitigation Techniques
Layer 2 Attacks and Mitigation Techniques for the Cisco Catalyst 6500 Series Switches Running Cisco IOS Software ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Techniques A CSSTG SE Residency
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationINTRUDER DETECTION MONITORING APPLICATION USING SNMP PROTOCOL
8-02 Intruder Detection Monitoring Application Using Snmp Protocol INRUDER DEECION MONIORING APPLICAION USING SNMP PROOCOL Vicky Hanggara 1, ransiscus Ati Halim 2, Arnold Aribowo 3 1,2,3 Computer System
More informationCSE 127: Computer Security. Network Security. Kirill Levchenko
CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationComputer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System
Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol
More informationPacket Sniffing on Layer 2 Switched Local Area Networks
Packet Sniffing on Layer 2 Switched Local Area Networks Ryan Spangler ryan@packetwatch.net Packetwatch Research http://www.packetwatch.net December 2003 Abstract Packet sniffing is a technique of monitoring
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationIntruPro TM IPS. Inline Intrusion Prevention. White Paper
IntruPro TM IPS Inline Intrusion Prevention White Paper White Paper Inline Intrusion Prevention Introduction Enterprises are increasingly looking at tools that detect network security breaches and alert
More informationDNS + DHCP. Michael Tsai 2015/04/27
DNS + DHCP Michael Tsai 2015/04/27 lubuntu.ova http://goo.gl/bax8b8 DNS + DHCP DNS: domain name < > IP address DHCP: gives you a IP + configuration when you joins a new network DHCP = Dynamic Host Configuration
More informationARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table
ARP and DNS Both protocols do conversions of a sort, but the distinct difference is ARP is needed for packet transfers and DNS is not needed but makes things much easier. ARP Address Resolution Protocol
More informationAttack Lab: Attacks on TCP/IP Protocols
Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationHow To Plan Out Your Own Version Of Hpl (Dhcp) On A Network With A Network (Dns) On Your Network (Dhpl) On An Ipad Or Ipad On A Pc Or Ipa On A Server On A
System i Networking Dynamic Host Configuration Protocol Version 5 Release 4 System i Networking Dynamic Host Configuration Protocol Version 5 Release 4 Note Before using this information and the product
More informationUsing the Domain Name System for System Break-ins
Using the Domain Name System for System Break-ins Steven M. Bellovin Presented by: Thomas Repantis trep@cs.ucr.edu CS255-Computer Security, Winter 2004 p.1/37 Overview Using DNS to spoof a host s name
More informationHow to protect your home/office network?
How to protect your home/office network? Using IPTables and Building a Firewall - Background, Motivation and Concepts Adir Abraham adir@vipe.technion.ac.il Do you think that you are alone, connected from
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationWhat is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services
Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and
More informationDeploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion
Deploying IP Anycast Core DNS Services for University of Minnesota Introduction and General discussion Agenda Deploying IPv4 anycast DNS What is ANYCAST Why is ANYCAST important? Monitoring and using ANYCAST
More informationChapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall
Figure 5-1: Border s Chapter 5 Revised March 2004 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Border 1. (Not Trusted) Attacker 1 1. Corporate Network (Trusted) 2 Figure
More information- The PIX OS Command-Line Interface -
1 PIX OS Versions - The PIX OS Command-Line Interface - The operating system for Cisco PIX/ASA firewalls is known as the PIX OS. Because the PIX product line was acquired and not originally developed by
More informationThis Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.
This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the
More informationInternetworking Microsoft TCP/IP on Microsoft Windows NT 4.0
Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0 Course length: 5 Days Course No. 688 - Five days - Instructor-led Introduction This course provides students with the knowledge and skills required
More informationCISCO IOS NETWORK SECURITY (IINS)
CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.
More informationDOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
More informationProtecting and controlling Virtual LANs by Linux router-firewall
Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationCSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required
CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required Current Catalog Description: Computer network architectures and their application to industry needs.
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationExploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews
Exploring Layer 2 Network Security in Virtualized Environments Ronny L. Bull & Jeanna N. Matthews Introduction Cloud Services Offer customers virtual server hosting in multi-tenant environments Virtual
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationSecurity: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More information... Lecture 10. Network Security I. Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg
Lecture 10 Network Security I Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg T-Mobile Chair of Mobile Business & Multilateral Security Goethe University Frankfurt a. M. Introduction
More information