Network Security CS 192



Similar documents
CIT 380: Securing Computer Systems

Looking for Trouble: ICMP and IP Statistics to Watch

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Network and Services Discovery

Chapter 8 Network Security

Chapter 8 Security Pt 2

Outline. Outline. Outline

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Host Fingerprinting and Firewalking With hping

Attack and Defense Techniques

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Firewalls. Network Security. Firewalls Defined. Firewalls

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Content Distribution Networks (CDN)

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

Lecture 5: Network Attacks I. Course Admin

Host Discovery with nmap

NETWORK SECURITY WITH OPENSOURCE FIREWALL

CS5008: Internet Computing

Computer forensics

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

CS 356 Lecture 16 Denial of Service. Spring 2013

Development of a Network Intrusion Detection System

Firewalls Netasq. Security Management by NETASQ

Remote Network Analysis

Firewall Tutorial. KAIST Dept. of EECS NC Lab.

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services

Firewalls. Chapter 3

Networks University of Stirling CSCU9B1 Essential Skills for the Information Age. Content

Strategies to Protect Against Distributed Denial of Service (DD


CSCE 465 Computer & Network Security

Network Security CS 192

A S B

Introduction to Firewalls Open Source Security Tools for Information Technology Professionals

Denial Of Service. Types of attacks

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

CMPT 471 Networking II

Stop that Big Hack Attack Protecting Your Network from Hackers.

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

8 steps to protect your Cisco router

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Linux Network Security

Firewalls 1 / 43. Firewalls

COSC4377. Chapter 8 roadmap

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Attacks and Defense. Phase 1: Reconnaissance

SonicOS 5.9 One Touch Configuration Guide

allow all such packets? While outgoing communications request information from a

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

There s nothing like a Firewall. Olivier Paul, GET/INT MONAM 07, Toulouse, France

ACHILLES CERTIFICATION. SIS Module SLS 1508

Secure Software Programming and Vulnerability Analysis

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Divide and Conquer Real World Distributed Port Scanning

Learn Ethical Hacking, Become a Pentester

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Guideline for setting up a functional VPN

How To Understand A Network Attack

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Seminar Computer Security

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Overview. Firewall Security. Perimeter Security Devices. Routers

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

IP Filter/Firewall Setup

FIREWALL AND NAT Lecture 7a

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Introduction to Network Security Lab 2 - NMap

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Ignoring the Great Firewall of China

BT Business Broadband

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Chapter 4 Firewall Protection and Content Filtering

Introduction. Nmap from an Ethical Hacker's View Part 1. By Kirby Tucker

Security vulnerabilities in the Internet and possible solutions

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Network/Internet Forensic and Intrusion Log Analysis

Network Security in Practice

Firewall Design Principles Firewall Characteristics Types of Firewalls

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

Payment Card Industry (PCI) Executive Report. Pukka Software

Frequent Denial of Service Attacks

Transcription:

Network Security CS 192 Network Scanning (Idlescan) Department of Computer Science George Washington University Jonathan Stanton 1

Today s topics Discussion of new DNS flaws Network Scanning (Idlescan) OS-Fingerprinting Jonathan Stanton 2

Additional Resources Reference: Idlescan http://www.insecure.org/nmap/idlescan.html DNS IDN: http://www.shmoo.com/idn/ OS Fingerprinting http://www.insecure.org/nmap/nmap-fingerprinting-article.html Jonathan Stanton 3

DNS IDN Vulnerability Internationalized Domain Names 1990 s talked about 2002 detailed proposals 2002 The Homograph Attack by Evgeniy Gabrilovich and Alex Gontmakher. Communications of the ACM, 45(2):128, February 2002 2002-2005 IDN services built into browsers. 2005 (Jan/Feb) Advisory and proof of concept. Basic problem: Multiple languages and character sets have characters that look identical but are different (a in roman alphabet and a in cyrillic) Internationalized domain names (in native alphabets) also have roman equivelent form for backwards compatibility. Jonathan Stanton 4

DNS IDN What solutions can be proposed? CAs? (SSL certificate issuers) Stronger checking? Refuse obviously bad registrations? Browsers? Do not show roman names? Highlight non-roman characters in domain names? Give warning dialog box when domain name with mixed characters is loaded (roman and non-roman)? Jonathan Stanton 5

Network Scanning Purpose is to gather information about a network remotely. Types of information: Hosts that are on Ports/services that are running on those hosts Version of services running Type of operating system running (including version and firmware for network hardware) Jonathan Stanton 6

Types of Host Scans Most common is a Ping Send ICMP echo request packet Receive ICMP echo reply packet if host is up Receive ICMP host not reachable packet if host is not routable/reachable Receive nothing if host down Also can do DNS query (forward or reverse) to find hosts. Traceroute can find router hosts and gateways Jonathan Stanton 7

Types of Service Scans Direct scans: (Attacker - Target) Standard/Vanilla/Open Scan (TCP Connect) Stealth Null, Syn, XMAS, Fin, Indirect Scans: Idlescan DNS registries Jonathan Stanton 8

Idle Scan Indirect scan where attacker never sends packets to target which appear to come from attackers IP address. Builds on key TCP/IP properties: TCP responds to SYN with SYN ACK TCP responds with RST packet to unsolicited SYN ACK TCP ignores unsolicited RST packets. IP ID field increases with every packet sent (including RST packets) Jonathan Stanton 9

Idlescan Jonathan Stanton 10

Benefits: Idle scan Stealth: No packets appear to be sent by attacker Bypass Firewalls and router rules: Since packets appear to be from 3rd party host, that host can be chosen to bypass rules. It can be already inside the firewall It can be a trusted host outside (Exec s home machine) Jonathan Stanton 11

Defenses: Idle Scan Defenses Filter to deny bogus source IP addresses at network border (internal addresses, reserved, localhost) Use stateful firewall rules. Run OS s with unpredictable IPID sequences (prevents them from becoming zombies) Egress filtering of spoofed addresses prevents you from being the source of attacks. OS: Use per-connection IPID sequences. Use randomized IPID sequences (tricky to get right). Jonathan Stanton 12

Traffic Analysis: Sniffing Host IDS Network IDS Host Analysis Detecting Scans Log file analysis Service IDS (watch for rare commands that reveal information) Honeynets monitor only networks that are not actually used by the organization but look real so attackers will probe and attack them. Jonathan Stanton 13

Firewall Preventing Scans Some types of ICMP can be blocked TCP connection monitoring Blocking ports not used Host service deception: Hosts can pretend to have services they don t really use. Knock codes required to open ports Jonathan Stanton 14

Information Slide Homework exercise 2 assigned today. Due next Tuesday. Lecture slides, course updates, and assignments can be obtained at the course web page http://www.seas.gwu.edu/~jstanton/courses/cs192 Jonathan Stanton 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information