Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs



Similar documents
Computer Security DD2395

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Proxy Server, Network Address Translator, Firewall. Proxy Server

Chapter 9 Firewalls and Intrusion Prevention Systems

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Network Incident Report

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewall Design Principles Firewall Characteristics Types of Firewalls

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

What would you like to protect?

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Intranet, Extranet, Firewall

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

Internet Security Firewalls

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Firewalls CSCI 454/554

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Malicious Software. Ola Flygt Växjö University, Sweden Viruses and Related Threats

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Section 12 MUST BE COMPLETED BY: 4/22

Network Security: From Firewalls to Internet Critters Some Issues for Discussion

CS 356 Lecture 9 Malicious Code. Spring 2013

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Computer Security: Principles and Practice

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

Security A to Z the most important terms

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Computer Security DD2395

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

How To Protect A Network From Attack From A Hacker (Hbss)

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

24/7 Visibility into Advanced Malware on Networks and Endpoints

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Topics NS HS12 2 CINS/F1-01

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

CSCI 4250/6250 Fall 2015 Computer and Networks Security

1 Introduction. Agenda Item: Work Item:

Cisco RSA Announcement Update

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

ACS-3921/ Computer Security And Privacy. Lecture Note 5 October 7 th 2015 Chapter 5 Database and Cloud Security

1 Introduction. Agenda Item: Work Item:

Overview. Firewall Security. Perimeter Security Devices. Routers

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

Cryptography and network security

Network Security and the Small Business

Security Toolsets for ISP Defense

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

CMPT 471 Networking II

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Networking for Caribbean Development

Secure Your Mobile Workplace

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

HoneyBOT User Guide A Windows based honeypot solution

Host-based Intrusion Prevention System (HIPS)

Integrated Protection for Systems. João Batista Territory Manager

Top Ten Cyber Threats

Chapter 20. Firewalls

Fighting Advanced Threats

Top 5 Security Trends and Strategies for 2011/2012 Peter Sandkuijl Europe SE manager network security psandkuijl@checkpoint.com

WildFire. Preparing for Modern Network Attacks

WORMS HALMSTAD UNIVERSITY. Network Security. Network Design and Computer Management. Project Title:

Data Center Security in a World Without Perimeters

Common Cyber Threats. Common cyber threats include:

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Chapter 15. Firewalls, IDS and IPS

OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016

Firewalls, IDS and IPS

Description: Objective: Attending students will learn:

Secure Cloud-Ready Data Centers Juniper Networks

Firewalls Overview and Best Practices. White Paper

WHITE PAPER. Understanding How File Size Affects Malware Detection

Chapter 7. Firewalls

Module 4 Protection of Information Systems Infrastructure and Information Assets. Chapter 6: Network Security

Internet Security Firewalls

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

PC & Internet Security

Payment Card Industry (PCI) Data Security Standard

Malware. Björn Victor 1 Feb [Based on Stallings&Brown]

ΕΠΛ 674: Εργαστήριο 5 Firewalls

GFI White Paper PCI-DSS compliance and GFI Software products

Emerging Security Technological Threats

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

C. Universal Threat Management (UTM) C.1. Threats

Transcription:

Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science, Fall 2011

Intruders and Attacks External Internal masqueraders External intrusion common techniques Scan the network to find out IP addresses in use Operating systems Open ports (network services) Run exploits Get access to shell, preferably with suid Install rootkits, use the system as a node in a botnet, launch further attacks from here, Homework: CAPEC (Common Attack Pattern Enumeration and Classification) http://capec.mitre.org (Methods of Attack) 2

Firewalls Provide protection to a local network from network-based threats, while allowing access to the outside world General design principles Establish a controlled link between Internet and your network Provide a single choke point All traffic must pass through the FW Only authorised traffic, as defined by the local security policy, will pass through Common methodology Service control determine which Internet services can be accessed, inbound or outbound Direction control determine in which direction service traffic is allowed to flow User control determine who can access what Behaviour control determine how particular services are used 3

Firewalls Types of FW Packet-filtering routers Applies set of rules to packets, then discards or forwards them Rules generally based on matching protocol fields Advantages: High-speed, transparency to users, simplicity Disadvantages: Lack of authentication, vulnerable to some attacks (IP address spoofing, fragmentation, ) 4

Firewalls More complex (and secure) FW configurations: Screened host FW (single-homed bastion host) FW consists of 2 separate systems: PF router: only packets from and to the bastion host are allowed Bastion host: peforms authentication and proxy functions Attacker needs generally to penetrate both systems 5

Firewalls More complex (and secure) FW configurations: Screened host FW (dual-homed bastion host) Now traffic between Internet and the internal network has to physically flow through the bastion host 6

Firewalls More complex (and secure) FW configurations: Screened subnet FW Most secure than previous ones 2 PF routers are used to create an isolated subnetwork (DMZ Demilitarized Zone) External router advertises only DMZ, so internal network is invisible Internal router advertises only DMZ, so systems within private network cannot construct direct routes to Internet 7

Malware What is a malware? Code that run on your computer and make your system do something that an attacker wants it to do What is good for? Steal information Delete files Fraud (e.g., click fraud) Use system as a relay Malware zoo Virus Scareware Backdoor Adware Trojan horse Spyware (including keyloggers) Rootkit Botnets / zombies Worm Terminology quite fuzzy nowadays 8

Malware Virus Program that can infect other programs by modifying them to include a (possibly evolved) version of itself Some types: Polymorphic Uses an engine to mutate after each infection, while keeping the engine intact Metamorphic Changes (almost) completely after each infection Trojan Class of malware that appears to perform a desirable function but in fact performs undisclosed malicious actions that allow unathorised access to the victim s computer or data 9

Malware Rootkit Component that uses stealth to maintain a persistent presence on the system Worm Self-replicating computer program that uses a network to send copies of itself to other nodes without user intervention Slammer: infected most of vulnerable Internet in 10 minutes 10

Malware A problem growing beyond control Source: www.av-test.org 11

Malware Infection methods: Executables Interpreted files (including built-in scripting languages in applications such as Office, Acrobat, etc.) Kernel & services MBR Hypervisor Propagation methods: Exploitation of software vulnerabilities Shared folders Email Faked software (audio/video codecs, antivirus, p2p files, games, ) Bluetooth USB devices Social networks 12

Malware Detection Signatures Find a string that identifies the malware Scan files, memory, etc. Detection if match occurs Huge problem with poly/meta-morphism Doesn t scale well Heuristics Analyze program behaviour: files opened, network access, attempts to delete files or modify the boot sector, etc. Checksums Sandbox analysis Run executable in a VM Observe behaviour and extract file activity, network accesses, memory usage, etc. See also: http://cme.mitre.org http://maec.mitre.org 13

Malware Example of costs due to malware Morris worm (1988) $10 million in downtime and cleanup Internet down Slammer (2003) ATMs unavailable, phone network overloaded (no 911!), planes delayed, Cryptovirus Real costs of most malware remain unknown to the general public Some current trends Annual growing rate: 175% Smartphones are one the hottest targets Most current malware have characteristics of worms (autonomy, etc.) Advanced features: AV deactivation, jumping out of the sandbox, multiple infection vectors, Cyberwarfare: Stuxnet 14

Intrusion Detection Systems Where to look for signs of ongoing attacks? Host-based Network-based Application-based Detection techniques: Signatures Anomaly detection Network-wide (distributed) detection: Event correlation techniques Coordination and cooperation among different domains 20+ years of research, many experimental and commercial systems, lots of experience gained and Still many open questions Pressure towards autonomic response systems Sophisticated evasion techniques increasingly worrying 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information