Linux Network Security



Similar documents
Chapter 8 Phase3: Gaining Access Using Network Attacks

CS5008: Internet Computing

BASIC ANALYSIS OF TCP/IP NETWORKS

information security and its Describe what drives the need for information security.

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

General Network Security

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

NETWORK SECURITY (W/LAB) Course Syllabus

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Chapter 8 Security Pt 2

Firewalls. Chien-Chung Shen

8 steps to protect your Cisco router

Firewalls and Intrusion Detection

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Lab VI Capturing and monitoring the network traffic

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Topics in Network Security

Firewall Firewall August, 2003

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network Defense Tools

Network Access Security. Lesson 10

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Course Title: Penetration Testing: Security Analysis

Protecting and controlling Virtual LANs by Linux router-firewall

Networking Test 4 Study Guide

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Intrusion Detection Systems (IDS)

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Firewalls. Chapter 3

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

CIT 380: Securing Computer Systems

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

CMPT 471 Networking II

Security Technology: Firewalls and VPNs

GregSowell.com. Mikrotik Basics

Proxy Server, Network Address Translator, Firewall. Proxy Server

TCP/IP Security Problems. History that still teaches

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0


An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

CCT vs. CCENT Skill Set Comparison

Security vulnerabilities in the Internet and possible solutions

Security Technology White Paper

A S B

Attack Lab: Attacks on TCP/IP Protocols

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

IDS / IPS. James E. Thiel S.W.A.T.

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Implementing Cisco IOS Network Security

Network Traffic Analysis

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Citrix NetScaler 10.5 Essentials for ACE Migration CNS208; 5 Days, Instructor-led

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

FIREWALLS & CBAC. philip.heimer@hh.se

Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15

IBM. Vulnerability scanning and best practices

Firewalls, Tunnels, and Network Intrusion Detection

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Network Security and Firewall 1

How To Understand A Firewall

Citrix NetScaler 10 Essentials and Networking

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

7. Firewall - Concept

Networking Basics and Network Security

My FreeScan Vulnerabilities Report

Introduction to Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Malicious Network Traffic Analysis

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Firewalls, IDS and IPS

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

The Trivial Cisco IP Phones Compromise

Computer Networks/DV2 Lab

Internet infrastructure. Prof. dr. ir. André Mariën

Firewall implementation and testing

Introduction to Network Security Lab 1 - Wireshark

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Linux Networking Basics

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

- Basic Router Security -

Ethernet. Ethernet. Network Devices

1. LAB SNIFFING LAB ID: 10

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Transcription:

Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols used in Linux, UNIX, and Windows are examined. After a detailed discussion of the TCP/IP suite component protocols and Ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test one of the most popular and powerful NIDS solutions available. Finally, students create a Linux based router / firewall solution, including advanced functionality such as NAT, policy routing, and traffic shaping. Prerequisites Since the tools used in class are compiled and run on a Linux system, Linux or UNIX system experience is helpful, but not necessary. A solid background in networking concepts will greatly aid in comprehension. This is an intense class that covers many topics. Audience This course is design for security professionals who would like to advance their knowledge in Linux Security essentials Duration 5 days

Course Content ETHERNET AND IP OPERATION OSI Network Model Application Layers Network Services Layers Moving Data Through The Stack Data Link Layer Format Ethernet Operation Hub and Switch Operation Ethernet Security Issues Detecting Promiscuous NICs Network Packet Capture tcpdump Ethereal IPv4 IP Addressing Differentiated Services IP Fragmentation Path MTU Discovery ARP ICMP ICMP Redirects Important ICMP Messages ICMP Security Issues Protecting Against ICMP Abuse Lab 1 - Basic Traffic Generation, Capture, and Analysis Capture and analyze ARP traffic with a variety of tools Capture and analyze ICMP echo, unreachable, and redirect messages Explore the differences between a variety of traffic capture utilities and their interfaces and options IP AND ARP VULNERABILITY ANALYSIS IP Security Issues IP Routing Routing Protocol Security Protecting Against IP Abuse ARP Security Issues Cache Poisoning with ARP Replies Cache Poisoning with ARP Requests ARP Cache Poisoning Defense

Lab 2 - Advanced Traffic Generation, and Capture Learn to use a variety of tools to generate traffic, including forged headers. Use ARP cache "poisoning" to capture traffic on a switched LAN Use various techniques to discover if a NIC is in promiscuous mode UDP/TCP PROTOCOL AND TELNET VULNERABILITY ANALYSIS User Datagram Protocol UDP Segment Format Transmission Control Protocol TCP Segment Format TCP Port Numbers TCP Sequence / Acknowledgment # s TCP Three-way Handshake TCP Window Size The TCP State Machine The TCP State Transitions TCP Connection Termination TCP SYN Attack TCP Sequence Guessing TCP Connection Hijacking Telnet Telnet Concepts - Options Telnet Concepts - Commands Telnet Security Concerns Lab 3 - Attacks on TCP Use forged packets to slow and kill TCP sessions. Monitor and hijack a telnet session FTP AND HTTP VULNERABILITY ANALYSIS FTP Modes Transfer Methods Security Concerns The Bounce Attack Minimizing Risk FTP - Port Stealing Brute-force Attacks Access Restriction Privacy HTTPv1.1 HTTP Protocol Parameters

HTTP Message HTTP Request/Method Definitions Response/Status Codes Proxies Authentication Security Concerns Personal Information Attacks On File and Path Names Header Spoofing Auth Credentials and Idle Clients Proxy Servers Lab 4 - Attacks on FTP and HTTP Use dsniff to capture FTP and HTTP passwords Bonus exercise: Use urlsnarf and webspy to monitor a web browser DNS PROTOCOL VULNERABILITY ANALYSIS DNS DNS Basic Concepts and Terms DNS Resolution DNS Zone Transfers DNS Spoofing DNS Cache Poisoning DNS Security Improvements Lab 5 - Attacks on DNS Use dnsspoof to forge DNS responses to redirect web traffic Use forged DNS responses to circumvent host based access security SSH AND HTTPS PROTOCOL VULNERABILITY ANALYSIS SSH Concepts Initial Connection Protocols SSH1 SSH2 Encryption Vulnerabilities SSH Vulnerabilities SSH1 Insertion Attack SSH Brute Force Attack SSH1 CRC Compensation Attack Bleichenbacher Oracle SSH1 Session Key Recovery Client Authentication Forwarding

Host Authentication Bypass X Session Forwarding HTTPS Protocol Analysis SSL Enabled Protocols SSL protocol SSL Layers The SSL Handshake SSL Vulnerabilities Intercepted Change Cipher Spec Intercepted Key Exchange Version Rollback Attack Lab 6 - HTTPS and SSH Perform a man-in-the-middle attack on secure web connections. Perform a man-in-the-middle attack on SSH v1 connections. Perform a timing and packet length attack on SSH v1 and SSH v2 connections. REMOTE OPERATING SYSTEM DETECTION OS Detection Banners Commands Less-direct Approaches TCP/IP Stack Fingerprinting Remote Fingerprinting Apps nmap Lab 7 - Using nmap Use the Nmap utility to perform general network sweep scans. Use Nmap to perform a wide variety of scans on a host. Use Nmap to perform TCP/IP fingerprinting for remote OS detection. ATTACKS AND BASIC ATTACK DETECTION Sources of Attack Denial-of-Service Attacks Methods of Intrusion Exploit Software Bugs Exploit System Confiuration Exploit Design Flaws Password cracking Typical Intrusion Scenario Intrusion Detection IDS Considerations Attack Detection Tools

Klaxon PortSentry PortSentry Design Snort Lab 8 - Basic Scan Detection Examine standard system logs and statistics for signs of attack Configure portsentry to log port scans from nmap Configure portsentry for active response to port scans INTRUSION DETECTION TECHNOLOGIES Intrusion Detection Systems Host Based IDS Network Based IDS Network Node IDS File Integrity Checkers Hybrid NIDS Honeypots Focused Monitors Snort Architecture Snort Detection Rules Snort Logs and Alerts Snort Rules Lab 9 - Exploring Snort Install snort Test Snort to see if it detects Nmap scans Use Snort to examine network traffic in decoded text format Use Snort to capture all network packets in tcpdump-style binary logs Use tethereal to analyze captured packets Setup Snort to log to SYSLOG ADVANCED SNORT CONFIGURATION Advanced snort Features snort Add-ons ACID Web Console The ACID Interface SnortCenter Management Lab 10 - Snort Tools Set up a new MySQL database for use with snort Configure snort to log to the new database Set up and test the ACID analysis tool Setup and configure SnortCenter

Install and configure the Linux SnortCenter Sensor Agent Observe how snort and ACID respond to attacks. SNORT RULES Snort Rules Format Snort Rules Options Writing Snort Rules Example Rules Lab 11 - Custom Snort Rules Capture packet from exploit that Snort does not currently detect Write a custom rule for snort to detect the exploit Verify exploit detection LINUX AND STATIC ROUTING Linux As a Router Linux Router Minimum Requirements Router Focused Distributions Router Specific Settings Lab 12 - Static Routing Configure your host to act as a router Configure and test automatic anti-spoofing protection Configure the system to implement the above automatically on reboot LINUX FIREWALLS Types of Firewalls Application Firewalls:TCP Wrappers Application Firewalls: Squid Packet Filter: ipchains Stateful Packet Filter: iptables Firewall Topology Recommended Firewall Rules Firewall Limitations iptables Concepts Using iptables Advanced iptables Actions iptables: A More Secure Approach Lab 13 IPtables Use iptables to filter traffic destined to your host Use iptables to log traffic destined to a specific port on your host

NETWORK AND PORT ADDRESS TRANSLATION Address Translation Configuring NAT and PAT NAT Limitations Security Using NAT and PAT Detecting NAT Lab 14 NAT Configure your station to perform SNAT Configure DNAT to forward connections back to a 'NAT'ed host Configure a 1 to 1 IP mapping for a 'NAT'ed host IP POLICY ROUTING Advanced Routing Replacing ifconfig with ip Replacing route and arp Policy Routing Linux Policy Routing Linux Policy Routing Rules Lab 15 - Policy Routing Mark packets based on protocol Route telnet packets via one interface Route ssh traffic via other interface Confirm routing using tcpdump on client machine

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information