1 Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel
2 Overview Security Type of attacks Firewalls Protocols Packet filter
3 Security Security means, protect information (during and after processing) against impairment and loss of confidentiality, integrity and availability. Given by: increasing of availability and storage strategies: Backup, Redundant Systems, Raid-Systems protection against unauthorized access: Firewalls, encryption algorithm, etc.
4 Security requirements Confidentiality protects confidential information against unintended access. Integrity guarantees that t the data are authentic ti and undamaged. Availability ensures that authorized persons are able to access data and communication services at every time.
5 CIA Triad
6 Threats Active attacks Intrusion of unauthorized persons Impairment and disturbance of networking Data modification Passive Attacks Password listening i Data listening Nt Network traffic analysis
7 Aggresssor Who is aggressive Competitors Hacker/Cracker k (Beginners, Professional) Professional Hacker (industrial espionage) Colleagues (approx. 70% of all attacks come from Colleagues) NSA
8 Examples By use of so called trojans, hackers got access to passwords of Microsoft employees. So the hackers were able to stole the newest source code release of a Microsoft operation system. Yahoo was a victim of a Denial-Of-Service Attack. The Website of yahoo was more than 3 hours not available. Sony Corp. said hackers may have gained access to personal information (like name, address, country, e- mail address, birthdate, etc.) on the 75 million users of its PlayStation Network.
9 Kind of attacks Password attack Data attack Malicious Code Scanner Spoofing DOS-Attack
10 Password attacks 3 Methods Guess on base of known or speculated user accounts (names). Brute force attack on a password file by use of special applications, i.e. Crack. Listening on connections in order to find out user names and their passwords.
11 Data attack by sniffers Data attack are done by use of so called sniffers. Sniffer respectively network monitoring i tools are applications which are originally used in order to monitor and analyse network traffic. Well known tool = WIRESHARK
12 Promiscous mode Usually a computer receives via its network interface card only these packages which are destined for itself. But it is possible to get access to all traffic. This could be done when the network interface card is running in a special mode, the promiscuous mode. Extremely dangerous: A sniffer is installed on a central machine which h is accessed by many clients
13 Malicious Code Malicious Code is unauthorized code (could be in a legal application) doing jobs which are unknown by the user and usually undesired. Examples: Viruses Trojan horses Worms
14 Scanner Scanner are security tools which are originally used in order to find out some weak points of a system. There are system scanner and network scanner. System scanner: scans its local host in order to find out security gaps or configuration problems. Network scanner: scans computer connected to a network. They check services and ports und deliver therefore information about possible security gaps.
15 Spoofing Spoofing is used in order to outwit authentication and identification mechanism which are basing on trustworthy addresses and/or hostnames. a distinction is drawn between: IP-Spoofing denotes the corruption of the sender-ip address. DNS-Spoofing means the corruption of entries in DNS-servers.
16 Dos-Attacks DOS = Denial of Service. Most common attack (simple and fast). Goal is to knock out the attacked system or at least to interfere the access for valid users. Not easy to intercept. Next step: DDOS = Distributed Denial of Service: Several machines start an attack at the same time. Example: TCP-SYN Flooding, PING, MAIL-Bombing
17 Firewall Basics A Firewall is a hurdle between to nets which must be cleared in order to allow communication from one net to the other. Each communication between the nets must be done over the firewall. Internet private, local net Firewall
18 Firewall definition A firewall consists of one or more hard- and software components. Afi firewall connects two networks in a way that t all traffic between the networks must pass the firewall. A Firewall implements a security strategy, which realises access restrictions and if required attack recording. A Firewall let only pass those data packages which fulfil the security strategy.
19 What a firewall can do Restriction of traffic between two networks. Access only to special machines or services. Network monitoring and recording => protocols. Manipulation of network traffic by use of special (i.e. traffic limitation, IP-Address replacement, etc.).
20 What a firewall can t do Closing security gaps directly. Correction of configuration or installation ti mistakes. Find out viruses or Trojans. Making a network totally secure.
21 Firewall-concepts Packet filter Filtering on network layer (IP-Addresses and Ports). Proxy-Gateways Circuit Level Gateway Filtering i on transport t layer. Application Level Gateway Filtering on application level (protocol dependent). Graphical Firewall All internet t applications running outside of the protected t network. Only graphical information are delivered
22 Proxy-Gateway y Proxy=lock keeper A Proxy firewall act as a server for the client and as a client for the server. HTTP Gateway FTP Gateway Internet private, local Net Firewall with application dependent Proxy-Services
23 Proxy Gateway Offers application specific services for clients. Control and observe functions for a specific application. Example: Avoid that a client uses ftp in order to transfer data in (via put command) to an external ftp-server. Access to special HTTP-Sites is forbidden In opposite to packet filters the connection is really interrupted. IP-Addresses of the internal net are invisible.
24 Protocols HTTP FTP SMTP Application DNS SNMP RIP Transport TCP UDP Internet t IP Phys. Network Ethernet Token-Ring ATM
25 IP It carries the transport protocols TCP and UDP. It builds IP-Packages out of the data which have to be transmitted. It adds additional information, the IP-Header. It contains source and destination address.
26 TCP TCP (Transmission Control Protocol) confirms every received data package. TCP repeats each data package until its receiving is confirmed. TCP is reliable 32 BIT
27 Port communication TCP/IP operates by IP-Addresses and Ports each IP-Adresse has 2 16 potential ports The ports below 1024 are standardized (standard ports), which are allocated to dedicated services, i.e.: 23 telnet 25 smtp 80 http 443 https
28 Packet filter Filtering of Data packages: Sender/Destination IP-Addresses Sender/ Destination -Ports (Services) Protocols (TCP,UDP, ICMP) Separate Filtering of incoming Packages (INPUT) und outgoing Packages (OUTPUT). Different rules for Input-Filter and Output-Filter. t List of rules are so called chains. A package is checked by one rule after the other until either one rule matches or the end of list is reached.
29 Packet filter (Policies) Every chain has a default setting for package treatment, the so called policies. The policies come into play after a data package were checked by all rules of a chain. If no rule matches the default policy applies. There are two different strategies: Deny every package. Only well defined kind of packages are allowed. (Better). Allow every package. Only well defined kind of packages are forbidden.
30 Packet filter (Reject, Drop) Packet filters have two different methods to handle a non accepted package. Rj Reject: The Package will be deleted d and an ICMP-Error message is delivered to the sender. Drop: The Package will be deleted. Drop is the better choice, because: less traffic, the package could be part of a attack, even an error message could be an useful information for an aggressor.
31 Filtering incoming packets Filtering according to Sender- IP There a some groups of IP-Addresses which could be generally dropped. For example: IP-Addresses of the own Subnet, etc. Filtering according to Destination-IP Only packages addressing the own network are accepted. Filtering according sender/destination Port We have to distinguish between requests of external clients to our own servers and incoming answers of external servers destined for local clients.
32 Stateful filtering Stateful Filtering means the capability to store the state and contextual information of a TCP connection. =>Dynamic packet filter analyse the state of an TCP- Connection. Connection request of client: SYN Acknowledgement of server: ACK-SYN Acknowledgement of client: ACK Further transfer (from both sides): ACK Packages (containing a ACK-Flag) from outside to inside are only accepted if a package from inside to outside (containing a SYN-Flag) was sent before.
33 Iptables Iptables (Packet filter under Linux) Three Chains: INPUT, OUTPUT, FORWARD. Routing decides if a package is delivered to the INPUT-Chain or to the FORWARD-Chain.
34 Input vs. Forward Chain Packages for the machine itself are checked at first by the INPUT-Chain. If the INPUT Chain accepts the packages it reaches the actual machine. Packets for foreign machines (in our local l protected net) are running through the FORWARD-Chain. If the packages is accepted it is delivered to the appropriated network interface.
35 Chains and routing Routing Drop Forward- Chain Input- Local Output- Chain Processes Chain Drop Drop
36 IP Tables some commands Delete rules iptables --flush Drop all packages iptables policy INPUT DROP iptables policy OUTPUT DROP iptables policy FORWARD DROP Reject incoming gpackages coming from the IP-Address of our own external interface iptables A input i eth0 s <myipadress> -j DROP
37 Our netlab firewall Server N incoming eth 0 eth 1 outgoing Switch N outgoing incoming Internet Firewall Client N
38 How can I protect my own PC Deactivate all services which are not required. Deinstall all programs which are not permanently used. Deinstall all programs with well known security gaps. (even when you need them). Inform yourself about security gaps and use updates. Install a virus scanner (Freeware: AntiVir). Install ore use your personal firewall
Overview Security Type of attacks Firewalls Protocols Packet filter Computer Net Lab/Praktikum Datenverarbeitung 2 1 Security Security means, protect information (during and after processing) against impairment
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
Firewall Tutorial KAIST Dept. of EECS NC Lab. Contents What is Firewalls? Why Firewalls? Types of Firewalls Limitations of firewalls and gateways Firewalls in Linux What is Firewalls? firewall isolates
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets
Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls
Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
Network Security Chapter 13 Internet Firewalls Network Security (WS 2002): 13 Internet Firewalls 1 Introduction to Network Firewalls (1)! In building construction, a firewall is designed to keep a fire
Red Hat Docs > Manuals > Red Hat Enterprise Linux Manuals > Red Hat Enterprise Linux 4: Security Guide Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication
How to protect your home/office network? Using IPTables and Building a Firewall - Background, Motivation and Concepts Adir Abraham firstname.lastname@example.org Do you think that you are alone, connected from
Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File
Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
Local Area Networks: Internetworking Chapter 81 Learning Objectives List the reasons for interconnecting multiple local area networks and interconnecting local area networks to wide area networks. Identify
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and
Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia
CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
Lecture 23: Firewalls Introduce several types of firewalls Discuss their advantages and disadvantages Compare their performances Demonstrate their applications C. Ding -- COMP581 -- L23 What is a Digital
Objectives Sniffing Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool. What is a packet sniffer? Sniffing is eavesdropping on the network and A packet sniffer
Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)
CSCI 7000-001 Firewalls and Packet Filtering November 1, 2001 Firewalls are the wrong approach. They don t solve the general problem, and they make it very difficult or impossible to do many things. On
Load Balance Router R258V Specification Hardware Interface WAN - 5 * 10/100M bps Ethernet LAN - 8 * 10/100M bps Switch Reset Switch LED Indicator Power - Push to load factory default value or back to latest
Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
NETWORK SECURITY Ch. 8: Defense Mechanism - Firewall Firewall A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds email@example.com What is Firewall? A firewall
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
Implementing Secure Converged Wide Area Networks (ISCW) 1 Mitigating Threats and Attacks with Access Lists Lesson 7 Module 5 Cisco Device Hardening 2 Module Introduction The open nature of the Internet
Network Security Chapter 13 Internet Firewalls Network Security (WS 07/08): 13 Internet Firewalls 1 Introduction to Network Firewalls (1) In building construction, a firewall is designed to keep a fire
SECURING INFORMATION SYSTEMS (November 9, 2015) BUS3500 - Abdou Illia - Fall 2015 1 LEARNING GOALS Understand security attacks preps Discuss the major threats to information systems. Discuss protection