Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro to Network Security

Similar presentations


Presentation on theme: "Intro to Network Security"— Presentation transcript:

1 Intro to Network Security
Politeknik Elektronika Negeri Surabaya 2007 PENS-ITS

2 Introduction Penilaian Max terlambat 15 menit dari pelajaran dimulai
Tugas 25% UAS 40% UTS 30% Kehadiran 5% Max terlambat 15 menit dari pelajaran dimulai Di atas 15 menit diberi tugas dan dipresentasikan PENS-ITS

3 Overview PENS-ITS

4 Network Services DMZ INTERNET PENS-ITS ROUTER GTW FIREWALL EIS
CISCO Router Using acl , block malware from outside INTERNET NOC MULTILAYER SWITCH ROUTER All Server in DMZ GTW Manage using SSH , - Secure Webmin FIREWALL FIREWALL - IDS PROXY ( Squid ) Linux bridge , iptables All access to Internet must through Proxy shorewall , snort , Managable Switchs DMZ portsentry , acidlab Block unwanted user from port , manage from WEB SQL Database ( MySQL ) Access only from localhost ( 127 . . . 1 ) EIS WWW DOMAIN L 3 Switch Block malware on physical port from inside LECTURER network EMPLOYEE E - MAIL , PROXY Traffic Monitoring CACTI Http :// noc . eepis - its . edu E - Mail server HTTPS , SPAM EEPISHOTSPOT ( Spamassassin ) , Virus Access from wifi , signal Scanner ( ClamAV ) only in EEPIS campus Authentication from Proxy FILESERVER STUDENTS Internal Server EEPIS - INFORMATION SYSTEM PENS-ITS ( EIS http :// eis . eepis - its . edu ) EEPISHOTSPOT Http :// fileserver . eepis - its . edu

5 Incorrect permissions
Why Secure a Network? Internal attacker External attacker Corporate Assets Incorrect permissions Virus A network security design protects assets from threats and vulnerabilities in an organized manner To design security, analyze risks to your assets and create responses PENS-ITS

6 Computer Security Principles
Confidentiality Protecting information from exposure and disclosure Integrity Decrease possible problems caused by corruption of data Availability Make information always available PENS-ITS

7 Exploits (1) What is an Exploit? Types of attacks
Crackers break into a computer network by exploiting weaknesses in operating system services. Types of attacks Local Remote PENS-ITS

8 SANS Security Threats SANS/FBI top 20 security threats
Goals attackers try to achieve Gain unauthorized access Obtain administrative or root level Destroy vital data Deny legitimate users service Individual selfish goals Criminal intent PENS-ITS

9 Security Statistics: Attack Trends
Computer Security Institute (http://www.gocsi.com) Growing Incident Frequency Incidents reported to the Computer Emergency Response Team/Coordination Center 1997: 2,134 1998: 3,474 (75% growth from previous year) 1999: 9,859 (164% growth) 2000: 21,756 (121% growth) 2001: 52,658 (142% growth) Tomorrow? PENS-ITS

10 Attack Targets SecurityFocus 31 million Windows-specific attacks
22 million UNIX/LINUX attacks 7 million Cisco IOS attacks All operating systems are attacked! PENS-ITS

11 Hackers Vs Crackers Ethical Hackers vs. Crackers
Hacker usually is a programmer constantly seeks further knowledge, freely share what they have discovered, and never intentionally damage data. Cracker breaks into or otherwise violates system integrity with malicious intent. They destroy vital data or cause problems for their targets. PENS-ITS

12 Pengelompokan Attack PENS-ITS

13 Pengelompokan Attacks
Physical Access Attacks -- Wiretapping/menyadap Server Hacking Vandalism/perusakan Social Engineering -- Opening Attachments Password Theft Information Theft Dialog Attacks -- Eavesdropping (Mendengar yg tdk boleh) Impersonation (meniru) Message Alteration Merubah message Penetration Attacks (Usaha menembus) Malware -- Viruses Worms Denial of Service Break-in Scanning (Probing) PENS-ITS

14 Social Engineering Definisi Social enginering
seni dan ilmu memaksa orang untuk memenuhi harapan anda ( Bernz ), Suatu pemanfaatan trik-trik psikologis hacker luar pada seorang user legitimate dari sebuah sistem komputer (Palumbo) Mendapatkan informasi yang diperlukan (misalnya sebuah password) dari seseorang daripada merusak sebuah sistem (Berg). Tujuan dasar social engineering sama seperti umumnya hacking: mendapatkan akses tidak resmi pada sistem atau informasi untuk melakukan penipuan, intrusi jaringan, mata-mata industrial, pencurian identitas, atau secara sederhana untuk mengganggu sistem atau jaringan. Target-target tipikal termasuk perusahaan telepon dan jasa-jasa pemberian jawaban, perusahaan dan lembaga keuangan dengan nama besar, badan-badan militer dan pemerintah dan rumah sakit. PENS-ITS

15 Bentuk Social Engineering
Social Engineering dengan telepon Seorang hacker akan menelpon dan meniru seseorang dalam suatu kedudukan berwenang atau yang relevan dan secara gradual menarik informasi dari user. Diving Dumpster Sejumlah informasi yang sangat besar bisa dikumpulkan melalui company Dumpster. Social engineering on-line : Internet adalah lahan subur bagi para teknisi sosiaal yang ingin mendapatkan password Berpura-pura menjadi administrator jaringan, mengirimkan melalui jaringan dan meminta password seorang user. Persuasi Sasaran utamanya adalah untuk meyakinkan orang untuk memberikan informasi yang sensitif Reverse social engineering sabotase, iklan, dan assisting PENS-ITS

16 Penetration Attacks Steps
Port scanner Network enumeration Gaining & keeping root / administrator access Using access and/or information gained Leaving backdoor Attack Denial of Services (DoS) :Network flooding Buffer overflows : Software error Malware :Virus, worm, trojan horse Brute force Covering his tracks PENS-ITS

17 Scanning (Probing) Attacks
Reply from Probe Packets to , , etc. Host Internet Attacker No Host Results is reachable is not reachable No Reply Corporate Network PENS-ITS

18 Network Scanning PENS-ITS

19 Denial-of-Service (DoS) Flooding Attack
Message Flood Server Overloaded By Message Flood Attacker PENS-ITS

20 DoS By Example PENS-ITS

21 Dialog Attack Eavesdropping, biasa disebut dengan spoofing, cara penanganan dengan Encryption Impersonation dan message alteration ditangani dengan gabungan enkripsi dan autentikasi PENS-ITS

22 Eavesdropping on a Dialog
Hello Client PC Bob Server Alice Hello Attacker (Eve) intercepts and reads messages PENS-ITS

23 Password Attack By Example
PENS-ITS

24 Sniffing By Example PENS-ITS

25 KeyLogger PENS-ITS

26 Attacker (Eve) intercepts
Message Alteration Dialog Client PC Bob Balance = $1,000,000 Balance = $1 Server Alice Balance = $1 Balance = $1,000,000 Attacker (Eve) intercepts and alters messages PENS-ITS

27 PENS-ITS

28 Security form Attack PENS-ITS

29 Network Penetration Attacks and Firewalls
Passed Packet Attack Packet Internet Firewall Hardened Client PC Internet Attacker Hardened Server Dropped Packet Internal Corporate Network Log File PENS-ITS

30 Intrusion Detection System
1. Suspicious Packet 4. Alarm Intrusion Detection System Network Administrator 2. Suspicious Packet Passed Internet Attacker Hardened Server 3. Log Packet Log File Corporate Network PENS-ITS

31 Encryption for Confidentiality
Encrypted Message “ ” Client PC Bob Server Alice “ ” Attacker (Eve) intercepts but cannot read Original Message “Hello” Decrypted Message “Hello” PENS-ITS

32 Impersonation and Authentication
I’m Bob Client PC Bob Prove it! (Authenticate Yourself) Attacker (Eve) Server Alice PENS-ITS

33 Secure Dialog System Secure Dialog Client PC Bob Automatically Handles
Negation of Security Options Authentication Encryption Integrity Server Alice Attacker cannot read messages, alter messages, or impersonate PENS-ITS

34 Hardening Host Computers
The Problem Computers installed out of the box have known vulnerabilities Not just Windows computers Hackers can take them over easily They must be hardened—a complex process that involves many actions PENS-ITS

35 Hardening Host Computers
Elements of Hardening Physical security Secure installation and configuration Fix known vulnerabilities Turn off unnecessary services (applications) Harden all remaining applications (Chapter 9) (more on next page) PENS-ITS

36 Hardening Host Computers
Elements of Hardening (continued) Manage users and groups Manage access permissions For individual files and directories, assign access permissions specific users and groups Back up the server regularly Advanced protections PENS-ITS

37 Hardening Host Computers
Security Baselines Guide the Hardening Effort Specifications for how hardening should be done Different for different operating systems Different for different types of servers (webservers, mail servers, etc.) Needed because it is easy to forget a step PENS-ITS

38 Installation and Patching
Installation Offers Many Options, Some of Which Affect Security For example, in Windows, the NTFS file system is better for security than FAT32 Need a security baseline to guide option choices during installation PENS-ITS

39 Installation and Patching
Known Vulnerabilities Most programs have known vulnerabilities Exploits are programs that take advantage of known vulnerabilities PENS-ITS

40 Installation and Patching
Known Vulnerabilities Vulnerability reporters send vulnerability reports to vendors Vulnerability reporters often say that vendors take too long to fix vulnerabilities Vendors say that vulnerability reporters do not give them enough time, report too much detail to the press PENS-ITS

41 Installation and Patching
Fixes Work-around: A series of actions to be taken; no new software Patches: New software to be added to the operating system Upgrades: Newer versions of programs usually fix older vulnerabilities. PENS-ITS

42 Installation and Patching
Upgrades Often, security vulnerabilities are fixed in new versions If a version is too old, the vendor might stop offering fixes It might be good to wait to upgrade until after the first round of bug and security fixes PENS-ITS

43 Turning Off Unnecessary Services
Operating system vendors used to install many services by default This made them easier to use. When use changes, services do not have to be turned on. Attackers have found flaws in many of these rare services PENS-ITS

44 Turning Off Unnecessary Services
Vendors now install fewer services by default— lock down mode Turn to security baseline to see what services to turn on and off Easier to install too few and add than to install too many and remove unwanted services PENS-ITS

45 Managing Users and Groups
Introduction Every user must have an account There can also be groups Can assign security measures to groups These measures apply to the individual group members automatically Faster and easier than assigning security measures to individuals PENS-ITS

46 Managing Permissions Principle of Least Permissions: Give Users the Minimum Permissions Needed for Their Job More feasible to add permissions selectively than to start with many, reduce for security PENS-ITS

47 Advanced Server Hardening Techniques
Reading Event Logs The importance of logging to diagnose problems Failed logins, changing permissions, starting programs, kernel messages, etc. Backup File Encryption File Integrity Checker PENS-ITS


Download ppt "Intro to Network Security"

Similar presentations


Ads by Google