Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security PENS-ITS Intro to Network Security Network Security Politeknik Elektronika Negeri Surabaya 2007.

Similar presentations


Presentation on theme: "Network Security PENS-ITS Intro to Network Security Network Security Politeknik Elektronika Negeri Surabaya 2007."— Presentation transcript:

1 Network Security PENS-ITS Intro to Network Security Network Security Politeknik Elektronika Negeri Surabaya 2007

2 Network Security PENS-ITS Introduction Penilaian –Tugas 25% –UAS40% –UTS30% –Kehadiran 5% Max terlambat 15 menit dari pelajaran dimulai –Di atas 15 menit diberi tugas dan dipresentasikan

3 Network Security PENS-ITS Overview

4 Network Security PENS-ITS INTERNET FIREWALL E- MAIL FILESERVER ROUTER - GTW Traffic Monitoring CACTI EEPISHOTSPOT PROXY LECTURER, EMPLOYEE STUDENTS Internal Server EEPIS-INFORMATION SYSTEM (EIS DMZ server HTTPS,SPAM (Spamassassin),Virus Scanner(ClamAV) PROXY(Squid) All access to Internet must through Proxy FIREWALL-IDS Linux bridge,iptables shorewall,snort, portsentry,acidlab CISCO Router Using acl,block malware from outside L3Switch Block malware on physical port from inside network All Server in DMZ Manage using SSH, Secure Webmin SQL Database(MySQL) Access only from localhost( ) EEPISHOTSPOT Access from wifi,signal only in EEPIS campus Authentication from Proxy Managable Switchs Block unwanted user from port, manage from WEB Network Services

5 Network Security PENS-ITS Why Secure a Network? External attacker A network security design protects assets from threats and vulnerabilities in an organized manner To design security, analyze risks to your assets and create responses Corporate Assets Internal attacker Incorrect permissions Virus

6 Network Security PENS-ITS Computer Security Principles Confidentiality –Protecting information from exposure and disclosure Integrity –Decrease possible problems caused by corruption of data Availability –Make information always available

7 Network Security PENS-ITS Exploits (1) What is an Exploit? –Crackers break into a computer network by exploiting weaknesses in operating system services. Types of attacks –Local –Remote

8 Network Security PENS-ITS SANS Security Threats SANS/FBI top 20 security threats –http://www.sans.org/top20/http://www.sans.org/top20/ Goals attackers try to achieve –Gain unauthorized access –Obtain administrative or root level –Destroy vital data –Deny legitimate users service –Individual selfish goals –Criminal intent

9 Network Security PENS-ITS Security Statistics: Attack Trends Computer Security Institute (http://www.gocsi.com)http://www.gocsi.com Growing Incident Frequency –Incidents reported to the Computer Emergency Response Team/Coordination Center –1997: 2,134 –1998: 3,474 (75% growth from previous year) –1999: 9,859 (164% growth) –2000: 21,756 (121% growth) –2001: 52,658 (142% growth) –Tomorrow?

10 Network Security PENS-ITS Attack Targets SecurityFocus –31 million Windows-specific attacks –22 million UNIX/LINUX attacks –7 million Cisco IOS attacks –All operating systems are attacked!

11 Network Security PENS-ITS Hackers Vs Crackers Ethical Hackers vs. Crackers –Hacker usually is a programmer constantly seeks further knowledge, freely share what they have discovered, and never intentionally damage data. –Cracker breaks into or otherwise violates system integrity with malicious intent. They destroy vital data or cause problems for their targets.

12 Network Security PENS-ITS Pengelompokan Attack

13 Network Security PENS-ITS Pengelompokan Attacks Attacks Physical Access Attacks -- Wiretapping/menyadap Server Hacking Vandalism/perusakan Dialog Attacks -- Eavesdropping (Mendengar yg tdk boleh) Impersonation (meniru) Message Alteration Merubah message Penetration Attacks (Usaha menembus) Social Engineering -- Opening Attachments Password Theft Information Theft Scanning (Probing) Break-in Denial of Service Malware -- Viruses Worms

14 Network Security PENS-ITS Social Engineering Definisi Social enginering –seni dan ilmu memaksa orang untuk memenuhi harapan anda ( Bernz ), –Suatu pemanfaatan trik-trik psikologis hacker luar pada seorang user legitimate dari sebuah sistem komputer (Palumbo) –Mendapatkan informasi yang diperlukan (misalnya sebuah password) dari seseorang daripada merusak sebuah sistem (Berg). Tujuan dasar social engineering sama seperti umumnya hacking: mendapatkan akses tidak resmi pada sistem atau informasi untuk melakukan penipuan, intrusi jaringan, mata- mata industrial, pencurian identitas, atau secara sederhana untuk mengganggu sistem atau jaringan. Target-target tipikal termasuk perusahaan telepon dan jasa-jasa pemberian jawaban, perusahaan dan lembaga keuangan dengan nama besar, badan-badan militer dan pemerintah dan rumah sakit.

15 Network Security PENS-ITS Bentuk Social Engineering Social Engineering dengan telepon –Seorang hacker akan menelpon dan meniru seseorang dalam suatu kedudukan berwenang atau yang relevan dan secara gradual menarik informasi dari user. Diving Dumpster –Sejumlah informasi yang sangat besar bisa dikumpulkan melalui company Dumpster. Social engineering on-line : –Internet adalah lahan subur bagi para teknisi sosiaal yang ingin mendapatkan password –Berpura-pura menjadi administrator jaringan, mengirimkan melalui jaringan dan meminta password seorang user. Persuasi –Sasaran utamanya adalah untuk meyakinkan orang untuk memberikan informasi yang sensitif Reverse social engineering –sabotase, iklan, dan assisting

16 Network Security PENS-ITS Penetration Attacks Steps Port scanner Network enumeration Gaining & keeping root / administrator access Using access and/or information gained Leaving backdoor Attack –Denial of Services (DoS) :Network flooding –Buffer overflows : Software error –Malware :Virus, worm, trojan horse –Brute force Covering his tracks

17 Network Security PENS-ITS Scanning (Probing) Attacks Probe Packets to , , etc. Internet Attacker Corporate Network Host No Host No Reply Reply from Results is reachable is not reachable …

18 Network Security PENS-ITS Network Scanning

19 Network Security PENS-ITS Denial-of-Service (DoS) Flooding Attack Message Flood Server Overloaded By Message Flood Attacker

20 Network Security PENS-ITS DoS By Example

21 Network Security PENS-ITS Dialog Attack Eavesdropping, biasa disebut dengan spoofing, cara penanganan dengan Encryption Impersonation dan message alteration ditangani dengan gabungan enkripsi dan autentikasi

22 Network Security PENS-ITS Eavesdropping on a Dialog Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and reads messages Hello

23 Network Security PENS-ITS Password Attack By Example

24 Network Security PENS-ITS Sniffing By Example

25 Network Security PENS-ITS KeyLogger

26 Network Security PENS-ITS Message Alteration Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and alters messages Balance = $1 Balance = $1 Balance = $1,000,000 Balance = $1,000,000

27 Network Security PENS-ITS

28 Network Security PENS-ITS Security form Attack

29 Network Security PENS-ITS Network Penetration Attacks and Firewalls Attack Packet Internet Attacker Hardened Client PC Hardened Server Internal Corporate Network Passed Packet Dropped Packet Internet Firewall Log File

30 Network Security PENS-ITS Intrusion Detection System 1. Suspicious Packet Internet Attacker Network Administrator Hardened Server Corporate Network 2. Suspicious Packet Passed 3. Log Packet 4. Alarm Intrusion Detection System Log File

31 Network Security PENS-ITS Encryption for Confidentiality Client PC Bob Server Alice Attacker (Eve) intercepts but cannot read “ ” Encrypted Message “ ” Original Message “Hello” Decrypted Message “Hello”

32 Network Security PENS-ITS Impersonation and Authentication Client PC Bob Server Alice Attacker (Eve) I’m Bob Prove it! (Authenticate Yourself)

33 Network Security PENS-ITS Secure Dialog System Client PC Bob Server Alice Secure Dialog Attacker cannot read messages, alter messages, or impersonate Automatically Handles Negation of Security Options Authentication Encryption Integrity

34 Network Security PENS-ITS Hardening Host Computers The Problem –Computers installed out of the box have known vulnerabilities Not just Windows computers –Hackers can take them over easily –They must be hardened—a complex process that involves many actions

35 Network Security PENS-ITS Hardening Host Computers Elements of Hardening –Physical security –Secure installation and configuration –Fix known vulnerabilities –Turn off unnecessary services (applications) –Harden all remaining applications (Chapter 9) –(more on next page)

36 Network Security PENS-ITS Hardening Host Computers Elements of Hardening (continued) –Manage users and groups –Manage access permissions For individual files and directories, assign access permissions specific users and groups –Back up the server regularly –Advanced protections

37 Network Security PENS-ITS Hardening Host Computers Security Baselines Guide the Hardening Effort –Specifications for how hardening should be done –Different for different operating systems –Different for different types of servers (webservers, mail servers, etc.) –Needed because it is easy to forget a step

38 Network Security PENS-ITS Installation and Patching Installation Offers Many Options, Some of Which Affect Security –For example, in Windows, the NTFS file system is better for security than FAT32 –Need a security baseline to guide option choices during installation

39 Network Security PENS-ITS Installation and Patching Known Vulnerabilities –Most programs have known vulnerabilities –Exploits are programs that take advantage of known vulnerabilities

40 Network Security PENS-ITS Installation and Patching Known Vulnerabilities –Vulnerability reporters send vulnerability reports to vendors –Vulnerability reporters often say that vendors take too long to fix vulnerabilities –Vendors say that vulnerability reporters do not give them enough time, report too much detail to the press

41 Network Security PENS-ITS Installation and Patching Fixes –Work-around: A series of actions to be taken; no new software –Patches: New software to be added to the operating system –Upgrades: Newer versions of programs usually fix older vulnerabilities.

42 Network Security PENS-ITS Installation and Patching Upgrades –Often, security vulnerabilities are fixed in new versions –If a version is too old, the vendor might stop offering fixes –It might be good to wait to upgrade until after the first round of bug and security fixes

43 Network Security PENS-ITS Turning Off Unnecessary Services Unnecessary Services –Operating system vendors used to install many services by default –This made them easier to use. When use changes, services do not have to be turned on. –Attackers have found flaws in many of these rare services

44 Network Security PENS-ITS Turning Off Unnecessary Services Unnecessary Services –Vendors now install fewer services by default— lock down mode –Turn to security baseline to see what services to turn on and off –Easier to install too few and add than to install too many and remove unwanted services

45 Network Security PENS-ITS Managing Users and Groups Introduction –Every user must have an account –There can also be groups Can assign security measures to groups These measures apply to the individual group members automatically Faster and easier than assigning security measures to individuals

46 Network Security PENS-ITS Managing Permissions Principle of Least Permissions: Give Users the Minimum Permissions Needed for Their Job –More feasible to add permissions selectively than to start with many, reduce for security

47 Network Security PENS-ITS Advanced Server Hardening Techniques Reading Event Logs –The importance of logging to diagnose problems Failed logins, changing permissions, starting programs, kernel messages, etc. Backup File Encryption File Integrity Checker


Download ppt "Network Security PENS-ITS Intro to Network Security Network Security Politeknik Elektronika Negeri Surabaya 2007."

Similar presentations


Ads by Google