Security Type of attacks Firewalls Protocols Packet filter

Similar documents

Overview. Packet filter

ΕΠΛ 674: Εργαστήριο 5 Firewalls

CS5008: Internet Computing

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Firewall Firewall August, 2003

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Networking Basics and Network Security

Firewalls (IPTABLES)

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Firewalls. Chapter 3

CMPT 471 Networking II

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

General Network Security

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

From Network Security To Content Filtering

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Lab Objectives & Turn In

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Firewalls, IDS and IPS

Cisco Configuring Commonly Used IP ACLs

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Network Security. Internet Firewalls. Chapter 13. Network Security (WS 2002): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

1. Firewall Configuration

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

10 Configuring Packet Filtering and Routing Rules

Cryptography and network security

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Chapter 7. Firewalls

How To Understand A Firewall

How to protect your home/office network?

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

12. Firewalls Content

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

CIT 480: Securing Computer Systems. Firewalls

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Basics of Internet Security

Linux MDS Firewall Supplement

PROFESSIONAL SECURITY SYSTEMS

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

Linux Network Security

Lecture 23: Firewalls

Chapter 8 Security Pt 2

CIT 480: Securing Computer Systems. Firewalls

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

CSCI Firewalls and Packet Filtering

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Multi-Homing Dual WAN Firewall Router

Chapter 8 Network Security

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls

Network Defense Tools

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

CSE543 - Computer and Network Security Module: Firewalls

Networking for Caribbean Development

Network Security and Firewall 1

Firewalls, Tunnels, and Network Intrusion Detection

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

CS Computer and Network Security: Firewalls

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Implementing Secure Converged Wide Area Networks (ISCW)

Firewalls Netasq. Security Management by NETASQ

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

CSC574 - Computer and Network Security Module: Firewalls

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Norton Personal Firewall for Macintosh

co Characterizing and Tracing Packet Floods Using Cisco R

Security Technology: Firewalls and VPNs

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Security Technology White Paper

Protecting and controlling Virtual LANs by Linux router-firewall

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

CS Computer and Network Security: Firewalls

Network Incident Report

My FreeScan Vulnerabilities Report

Network Security: Introduction

SECURING INFORMATION SYSTEMS

Overview. Firewall Security. Perimeter Security Devices. Routers

EXPLORER. TFT Filter CONFIGURATION

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

CIS 433/533 - Computer and Network Security Firewalls

- Basic Router Security -

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Transcription:

Overview Security Type of attacks Firewalls Protocols Packet filter Computer Net Lab/Praktikum Datenverarbeitung 2 1

Security Security means, protect information (during and after processing) against impairment and loss of confidentiality, integrity and availability. Given by: increasing of availability and storage strategies: Backup, Redundant Systems, Raid-Systems protection against unauthorized access: Firewalls, encryption algorithm, etc. Computer Net Lab/Praktikum Datenverarbeitung 2 2

Security requirements Availability ensures that authorized persons are able to access data and communication services at every time. Integrity guarantees that the data are authentic and undamaged. Privacy protects confidential information against unintended access. Computer Net Lab/Praktikum Datenverarbeitung 2 3

Threats Active attacks Intrusion of unauthorized persons Impairment and disturbance of networking Data modification Passive Attacks Password listening Data listening Network traffic analysis Computer Net Lab/Praktikum Datenverarbeitung 2 4

Aggressor Who is aggressive Competitors Hacker/Cracker (Beginners, Professional) Professional Hacker (industrial espionage) Colleagues (approx. 70% of all attacks come from Colleagues) Computer Net Lab/Praktikum Datenverarbeitung 2 5

Examples Februay2001 Hacker stole around 80.000 DIN-A-4 Pages with privacy information like credit card numbers, passwords, etc. from the server of the World Economic Forum. October 2000 by use of so called trojans hackers got access to passwords of Microsoft employees. So the hackers were able to stole the newest source code release of a Microsoft operation system. February 2000 Yahoo was a victim of a Denial-Of-Service Attack. The Website of yahoo was more than 3 hours not available. Computer Net Lab/Praktikum Datenverarbeitung 2 6

Kind of attacks Password attack Data attack Malicious Code Scanner Spoofing FTP, MAIL, Telnet DOS-Attack Computer Net Lab/Praktikum Datenverarbeitung 2 7

Password attack 3 Methods Guess on base of known or speculated user accounts (names). Brute force attack on a password file by use of special applications, i.e. Crack. Listening on connections in order to find out user names and their passwords. Computer Net Lab/Praktikum Datenverarbeitung 2 8

Data attack Data attack are done by use of so called sniffers. Sniffer respectively network monitoring tools are applications which are originally used in order to monitor and analyse network traffic. Usually a computer receives via its network interface card only these packages which are destined for itself. But it is possible to get access to all traffic. This could be done when the network interface card is running in a special mode, the promiscuous mode. Extremely dangerous: A sniffer is installed on a server Computer Net Lab/Praktikum Datenverarbeitung 2 9

Malicious Code Malicious Code is unauthorized code (could be in a legal application) doing jobs which are unknown by the user and usually undesired. Examples: Viruses Trojan horses Worms Computer Net Lab/Praktikum Datenverarbeitung 2 10

Scanner Scanner are security tools which are originally used in order to find out some weak points of a system. There are system scanner and network scanner. System scanner: scans its local host in order to find out security gaps or configuration problems. Network scanner: scans computer connected to a network. They check services and ports und deliver therefore information about possible security gaps. Computer Net Lab/Praktikum Datenverarbeitung 2 11

Spoofing Spoofing is used in order to outwit authentification and identification mechanism which are basing on trustworthy addresses and/or hostnames. a distinction is drawn between : IP-Spoofing denotes the corruption of the sender-ip address. DNS-Spoofing means the corruption of entries in DNS-servers. Computer Net Lab/Praktikum Datenverarbeitung 2 12

FTP, Mail, Telnet FTP: Mail: Authentification by use of user name and password. No encryption of data and password. Sending of big mails affects the mail servers availability (Mail bombing). Sending of mails with wrong sender information. Telnet: No password encryption. No data encryption. Computer Net Lab/Praktikum Datenverarbeitung 2 13

DOS-Attacks DOS = Denial of Service. Most common attack (simple and fast). Goal is to knock out the attacked system or at least to interfere the access for valid users. Not easy to intercept. Next step: DDOS = Distributed Denial of Service Several machines start an attack at the same time. Example: TCP-SYN Flooding, PING Computer Net Lab/Praktikum Datenverarbeitung 2 14

Firewall Basics A Firewall is a hurdle between to nets which must be cleared in order to allow communication from one net to the other. Each communication between the nets must be done over the firewall. Internet private, local net Firewall Computer Net Lab/Praktikum Datenverarbeitung 2 15

Definition Firewall A firewall consists of one or more hard- and software components. A firewall connects two networks in a way that all traffic between the networks must pass the firewall. A Firewall implements a security strategy, which realises access restrictions and if required attack recording. A Firewall let only pass those data packages which fulfil the security strategy. Computer Net Lab/Praktikum Datenverarbeitung 2 16

What a Firewall can do Restriction of traffic between two networks. Access only to special machines or services. Network monitoring and recording => protocols. Manipulation of network traffic by use of special (i.e. traffic limitation, IP-Address replacement, etc.). Computer Net Lab/Praktikum Datenverarbeitung 2 17

What a Firewall can t do Closing security gaps directly. Correction of configuration or installation mistakes. Find out viruses or Trojans. Making a network totally secure. Computer Net Lab/Praktikum Datenverarbeitung 2 18

Firewall-Concepts Packet filter Filtering on network layer (IP-Addresses and Ports). Proxy-Gateways Circuit Level Gateway Filtering on transport layer. Application Level Gateway Filtering on application level (protocol dependent). Graphical Firewall All internet applications running outside of the protected network. Only graphical information are delivered. Computer Net Lab/Praktikum Datenverarbeitung 2 19

Proxy-Gateway Proxy=lock keeper A Proxy firewall act as a server for the client and as a client for the server. HTTP Gateway FTP Gateway Internet private, local Net Firewall with application dependent Proxy-Services Computer Net Lab/Praktikum Datenverarbeitung 2 20

Proxy-Gateway Offers application specific services for clients. Control and observe functions for a specific application Example: Avoid that a client uses ftp in order to transfer data in (via put command) to an external ftp-server. Access forbidden for special HTTP-Sites In opposite to packet filters the connection is really interrupted. IP-Addresses of the internal net are invisible. Computer Net Lab/Praktikum Datenverarbeitung 2 21

Protocols HTTP FTP SMTP Application DNS SNMP RIP Transport TCP UDP Internet IP Phys. Network Ethernet Token-Ring ATM Computer Net Lab/Praktikum Datenverarbeitung 2 22

IP It carries the transport protocols TCP and UDP. It builds IP-Packages out of the data which have to be transmitted. It adds additional information, the IP-Header. It contains source and destination address. Computer Net Lab/Praktikum Datenverarbeitung 2 23

TCP TCP (Transmission Control Protocol) confirms every received data package. TCP repeats each data package until its receiving is confirmed. TCP is reliable, that means the transmission is guaranteed. 32 BIT Computer Net Lab/Praktikum Datenverarbeitung 2 24

Port Communication Communication via TCP/IP operates by IP-Addresses and Ports. Each IP-Address has 2 16 potential ports. The ports below 1024 are standardized (standard ports), which are allocated to dedicated services, i.e.: 23 telnet 25 smtp 80 http 134.91.100.1 443 https 23 25 80....... 30000. Computer Net Lab/Praktikum Datenverarbeitung 2 25

Packet filter Filtering of Data packages: Sender/Destination IP-Addresses Sender/ Destination -Ports (Services) Protocols (TCP,UDP, ICMP) Separate Filtering of incoming Packages (INPUT) und outgoing Packages (OUTPUT). Different rules for Input-Filter and Output-Filter. List of rules are so called chains. A package is checked by one rule after the other until either one rule matches or the end of list is reached. Computer Net Lab/Praktikum Datenverarbeitung 2 26

Packet filter (Chains) network interface incoming packet IINPUT-CHAIN rule 1 matches no rule 2 matches no rule 3 matches rule 3 matches no rule 2 matches no rule 1 matches OUTPUT-CHAIN outgoing packet Computer Net Lab/Praktikum Datenverarbeitung 2 27

Packet filter (Policies) Every chain has a default setting for package treatment, the so called policies. The policies come into play after a data package were checked by all rules of a chain. If no rule matches the default policy applies. There are two different strategies: Deny every package. Only well defined kind of packages are allowed. (Better). Allow every package. Only well defined kind of packages are forbidden. Computer Net Lab/Praktikum Datenverarbeitung 2 28

Packet filter (Reject vs. Drop) Packet filters have two different methods to handle a non accepted package. Reject: The Package will be deleted and an ICMP-Error message is delivered to the sender. Drop: The Package will be deleted. Drop is the better choice, because: less traffic, the package could be part of a attack, even an error message could be an useful information for an aggressor. Computer Net Lab/Praktikum Datenverarbeitung 2 29

Filtering of incoming packages Filtering according to Sender- IP There a some groups of IP-Addresses which could be generally dropped. For example: IP-Addresses of the own Subnet, etc. Filtering according to Destination-IP Only packages addressing the own network are accepted. Filtering according sender/destination Port We have to distinguish between requests of external clients to our own servers and incoming answers of external servers destined for local clients. Computer Net Lab/Praktikum Datenverarbeitung 2 30

Filtering of outgoing packages Filtering according Sender IP Only packages with correct IP-Addresses of our own network are allowed to pass. Filtering according Destination IP Depends on requested services, i.e.: request to an external mail server. Filtering according Sender-Ports Client-Requests to external resources are usually done by ports above 1024. Local servers use well defined ports (below 1024) when they send an answer to external clients. Filtering according Destination-Ports All destination ports of external clients (accessing local servers) are above 1024. Internal clients will use well defined ports below 1024 for access to external servers. Computer Net Lab/Praktikum Datenverarbeitung 2 31

Stateful Filtering Stateful Filtering means the capability to store the state and contextual information of a TCP network connection. =>Dynamic packet filter analyse the state of an TCP-Connection. Connection request of client: SYN Acknowledgement of server: ACK-SYN Acknowledgement of client: ACK Further transfer (from both sides): ACK Packages (containing a ACK-Flag) from outside to inside are only accepted if a package from inside to outside (containing a SYN-Flag) was sent before. Computer Net Lab/Praktikum Datenverarbeitung 2 32

Iptables (1) Iptables (Packet filter under Linux) Three Chains: INPUT, OUTPUT, FORWARD. Routing decides if a package is delivered to the INPUT-Chain or to the FORWARD-Chain. Packages for the machine itself are checked at first by the INPUT-Chain. If the INPUT Chain accepts the packages it reaches the actual machine. Packets for foreign machines (in out local protected net) are running through the FORWARD-Chain. If the packages is accepted it is delivered to the appropriated network interface. Computer Net Lab/Praktikum Datenverarbeitung 2 33

IPTables (2) Routing Forward- Chain Drop Input- Chain Lokale Prozesse Output- Chain Drop Drop Computer Net Lab/Praktikum Datenverarbeitung 2 34

IPTables (some commands) Delete rules iptables --flush Drop all packages iptables policy INPUT DROP iptables policy OUTPUT DROP iptables policy FORWARD DROP Reject incoming packages coming from the IP-Address of our own external interface iptables A input i eth0 s <myipadress> -j DROP Computer Net Lab/Praktikum Datenverarbeitung 2 35

Firewall example Computer Net Lab/Praktikum Datenverarbeitung 2 36

How can I protect my own PC Deactivate all services which are not required. Deinstall all programs which are not permanently used. Deinstall all programs with well known security gaps. (even when you need them). Inform yourself about security gaps and use updates. Install a virus scanner (Freeware: AntiVir). Install a personal firewall (Freeware:ZoneAlarm). Computer Net Lab/Praktikum Datenverarbeitung 2 37