Network Security Concepts



Similar documents
Cryptography and Network Security: Overview

COSC 472 Network Security

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network Security: A Practical Approach. Jan L. Harrington

Overview of computer and communications security

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Chap. 1: Introduction

Network Security: Introduction

Network Security Concepts: Review

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

CYBERTRON NETWORK SOLUTIONS

Strategies to Protect Against Distributed Denial of Service (DD

Threat Events: Software Attacks (cont.)

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

A Systems Engineering Approach to Developing Cyber Security Professionals

CS5008: Internet Computing

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Introduction to Security

Security Goals Services

IY2760/CS3760: Part 6. IY2760: Part 6

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Security. Definitions

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

information security and its Describe what drives the need for information security.

Cryptography and Network Security

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Data Security Incident Response Plan. [Insert Organization Name]

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CompTIA Security+ (Exam SY0-410)

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Network Security and Firewall 1

How To Classify A Dnet Attack

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Computer Networks & Computer Security

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Hackers: Detection and Prevention

COB 302 Management Information System (Lesson 8)

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

Codes of Connection for Devices Connected to Newcastle University ICT Network

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Web App Security Audit Services

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

FORBIDDEN - Ethical Hacking Workshop Duration

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Security aspects of e-tailing. Chapter 7

CRYPTUS DIPLOMA IN IT SECURITY

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Secure Software Programming and Vulnerability Analysis

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Intrusion Detection Systems

Firewalls and Intrusion Detection

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Certified Ethical Hacker (CEH)

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Information Security Basic Concepts

Content Teaching Academy at James Madison University

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

CSE 571S: Network Security CSE571S

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Top Ten Cyber Threats

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Introduction to Computer Security

Exam 1 - CSIS 3755 Information Assurance

Denial of Service (DoS)

IBM Protocol Analysis Module

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

AASTMT Acceptable Use Policy

Ethical Hacking Course Layout

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

CSC 474 Information Systems Security

CSCI 4541/6541: NETWORK SECURITY


PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Firewalls & Intrusion Detection

SCP - Strategic Infrastructure Security

Defending Against Data Beaches: Internal Controls for Cybersecurity

Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks

Transcription:

Network Security Concepts Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse571-07/ 2-1

Overview 1. Security Components and Threats 2. Security Policy and Issues 3. Types of Malware and Attacks 4. Security Mechanisms 5. Network Security Audit 6. The Orange Book 7. Legal Issues 2-2

Security Components! Confidentiality: Need access control, Cryptography, Existence of data! Integrity: No change, content, source, prevention mechanisms, detection mechanisms! Availability: Denial of service attacks,! Confidentiality, Integrity and Availability (CIA) 2-3

Threats! Disclosure, alteration, and denial (DAD)! Disclosure or unauthorized access: snooping, passive wiretapping,! Deception or acceptance of false data: active wiretapping (data modified), man-in-the-middle attack, Masquerading or spoofing (impersonation), repudiation of origin (denying sending), denial of receipt! Disruption or prevention of correct operation! Usurpation or unauthorized control of some part of a system: Delay, Infinite delay Denial of service 2-4

! Statement of what is and what is not allowed Security Policy! Security Mechanism: Method, tool or procedure for enforcing a security policy 2-5

Elements of Network Security Policy 1. Purchasing guidelines: Required security features 2. Privacy Policy: files, emails, keystrokes 3. Access Policy: Connecting to external systems, installing new software 4. Accountability Policy: Responsibilities of users/staff/management. Audit capability. 5. Authentication Policy: password policy 6. Availability statement: redundancy and recovery issues 7. Maintenance Policy: Remote maintenance? How? 8. Violations Reporting Policy: What and to whom? 9. Supporting Information: Contact information, handling outside queries, laws,... Ref: RFC 2196 2-6

Security Issues! Goals: Prevention, Detection, Recovery! Assurance: Assurance requires detailed specs of desired/ undesired behavior, analysis of design of hardware/software, and arguments or proofs that the implementation, operating procedures, and maintenance procedures work.! Operational Issues: Benefits of protection vs. cost of designing/implementing/using the mechanisms! Risk Analysis: Likelihood of potential threats! Laws: No export of cryptography from USA until 2000. Sys Admins can't read user's file without permission.! Customs: DNA samples for authentication, SSN as passwords! Organizational Priorities: Security not important until an incident! People Problems: Insider attacks 2-7

Steps in Cracking a Network! Information Gathering: Public sources/tools.! Port Scanning: Find open TCP ports.! Network Enumeration: Map the network. Servers and workstations. Routers, switches, firewalls.! Gaining Access: Keeping root/administrator access! Modifying: Using access and modifying information! Leaving a backdoor: To return at a later date.! Covering tracks 2-8

Hacker Categories! Hacker - Cleaver programmer! Cracker - Illegal hacker! Script Kiddies - Starting hacker. May not target a specific system. Rely on tools written by others.! White Hat Hackers - Good guys. Very knowledgeable. Hired to find a vulnerability in a network. Write own software.! Black Hat Hackers - Bad guys. Desire to cause harm to a specific system. Write own software.! Cyber terrorists - Motivated by political, religious, or philosophical agenda. 2-9

Types of Malware! Viruses: Code that attaches itself to programs, disks, or memory to propagate itself.! Worms: Installs copies of itself on other machines on a network, e.g., by finding user names and passwords! Trojan horses: Pretend to be a utility. Convince users to install on PC.! Spyware: Collect personal information! Hoax: Use emotion to propagate, e.g., child's last wish.! Trap Door: Undocumented entry point for debugging purposes! Logic Bomb: Instructions that trigger on some event in the future! Zombie: Malicious instructions that can be triggered remotely. The attacks seem to come from other victims. 2-10

History of Security Attacks 2-11

Brief History of Malware 2-12

! Boot sector virus! Macro virus! Email malware Types of Virus! Web site malware (JavaScripts) 2-13

Types of Attacks! Denial of Service (DoS): Flooding with traffic/requests! Buffer Overflows: Error in system programs. Allows hacker to insert his code in to a program.! Malware! Brute Force: Try all passwords.! Port Scanning: Disable unnecessary services and close ports! Network Mapping 2-14

Root Kits! Hide by placing themselves between calls to system routines and lower layers of operating system.! When a program makes a system call, the root kit intercepts the call and either passes it to the system, handles the call itself, or drops the call.! Allow hacker to enter a system at any time! See rootkit.com 2-15

Buffer Overflows! Return address are saved on the top of stack.! Parameters are then saved on the stack.! Writing data on stack causes stack overflow.! Return the program control to a code segment written by the hacker. 2-16

Distributed DoS Attacks! Tribe Flood Network (TFN) clients are installed on compromised hosts.! All clients start a simultaneous DoS attack on a victim on a trigger from the attacker.! Trinoo attack works similarly. Use UDP packets. Trinoo client report to Trinoo master when the system comes up.! Stacheldraht uses handlers on compromised hosts to receive encrypted commands from the attacker. 2-17

Social Engineering! Reverse social engineering: User is persuaded to ask Hacker for help.! Phone calls: " Call from tech support to update the system. " High-level VP calling in emergency. " Requires employee training.! Electronic Social Engineering (Phishing): " EBay transactions, PayPal Accounts, Bank Account, Nigerian 419 scams (Section 419 of Nigerian criminal code), Lottery. " Anti-phishing workgroup (antiphishing.org) found that 5% of the recipients respond compared to 1% for spam. 2-18

! Encipherment! Digital Signature! Access Control! Data Integrity Security Mechanisms! Authentication Exchange! Traffic Padding! Routing Control! Notarization 2-19

Honey Pots! Trap set for a potential system cracker! All the services are simulated! Honey pot raises alert allowing administrator to investigate! See www.specter.com 2-20

Network Security Audit 1. Pre-Audit Contact: Study security policy 2. Initial Meeting: Discuss scopes and objectives of audit 3. Risk Assessment: Find vulnerabilities. 4. Physical security Audit: locked doors, etc. 5. Network Configuration Audit: What devices are on the network? 6. Penetration testing: attempts to crack the security 7. Backup recovery audit: Simulates a disaster to check recovery procedures 8. Employee audit: Passive monitoring of employee activities to verify policy enforcement 9. Reporting: Preparation of Audit Report and presentation to the management. 2-21

The Orange Book! National Computer Security Center defines computer systems ratings! D - Minimal protection! C1 - Discretionary security Protection (prevent unprivileged programs from overwriting critical memory, authenticate users)! C2 - Controlled Access Protection (per user access control, clearing of allocated memory, auditing)! B1 - Labeled Security Protection (Sensitivity labels for all users, processes, files)! B2 - Structured protection (trusted path to users, security kernel)! B3 - Security Domains (ACLs, active audit, secure crashing)! A1 - Verified Design 2-22

The Orange Book (Cont)! Originally published in 1983.! Single non-us standard called ITSEC in 1990.! Single worldwide Common Criteria in 1994.! Version 2.1 of Common Criteria in 1999. 2-23

Legal Issues! Children's Online privacy protection act of 1998: " Can ask only first name and age if under 13. " Need parents permission for last name, home address, email address, telephone number, social security number,...! Gramm-Leach-Bliley Financial Modernization Act of 1999 (GLB): Financial institutions can share nonpublic personal information unless you "opt-out. Need to safeguard all such information on the network.! Health Insurance Portability and Accountability Act of 1996 (HIPPAA): Requires consent of a patient's legal representative before confidential information can be released. 2-24

Summary! CIA: Confidentiality, Integrity, and Availability DAD: Disclosure, Acceptance, Disruption! Security Policy: Complete, clear, and enforced! Malware: Virus, Worm, Spyware, Hoax, Root kits,! Attacks: DoS, DDoS, Buffer overflows,! Protection: Audit, Laws, Honey pots 2-25

References 1. Jan L. Harrington, Network Security, Morgan Kaufmann, 2005, ISBN:0123116333 2. Gert De Laet and Gert Schauwers, Network Security Fundamentals, Cisco Press, 2005, ISBN:1587051672 3. Eric Maiwald, Fundamentals of Network Security, McGraw-Hill, 2004, ISBN:0072230932 4. William Stallings, Cryptography and Network Security: Principles and Practices, 4 th edition, Prentice Hall, 2006, ISBN:0131873164 5. Charlie Kaufman, et al, Network Security:Private Communication in a public world, 2 nd edition, Prentice Hall, 2002, ISBN:0130460192 2-26

Security URLs! Center for Education and Research in Information Assurance and Security, http://www.cerias.purdue.edu/about/history/coast/archive/! IETF Security area, sec.ietf.org! Computer and Network Security Reference Index, http://www.vtcif.telstra.com.au/info/security.html! The Cryptography FAQ, http://www.faqs.org/faqs/cryptography-faq/! Tom Dunigan's Security page, http://www.csm.ornl.gov/%7edunigan/security.html! IEEE Technical Committee on Security and Privacy, http://www.ieee-security.org/index.html! Computer Security Resource Center, http://csrc.nist.gov/ 2-27

Security URLs (Cont)! Security Focus, http://www.securityfocus.com/! SANS Institute, http://sans.org/! Data Protection resource Directory, http://www.dataprotectionhq.com/cryptographyanddat asecurity/! Helger Lipmaa's Cryptology Pointers, http://www.adastral.ucl.ac.uk/%7ehelger/crypto/! Network Security Directory, http://www.networksecuritysite.info/ 2-28

Security Related Usenet Groups! sci.crypt.research! sci.crypt! sci.crypt.random-numbers! alt.security! comp.security.misc! comp.security.firewalls! comp.security.anounce! comp.risks! comp.virus 2-29

Lab Homework 2 1. Read about the following tools a. Ethereal, network protocol analyzer, www.ethereal.com b. Superscan4, network port scanner (like nmap), http://www.lock-mypc.com/superscan4.html c. Network Surveyor, network mapping, http://www.solarwindssoftware.com/lansurveyor.aspx 2. Use superscan4 to scan one to three hosts on your local net (or 128.252.166.77, 128.252.160.213, 128.252.160.222) to find their open ports. Select scan type connect in the Host and Service discovery panel. 3. Use network surveyor to show the map of all hosts on your local net (or between 128.252.166.77 through 128.252.166.85) 4. Start Ethereal to capture all traffic. Open www.google.com in a web browser. Stop Ethereal. List all packets seen and interpret them. 2-30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information