Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Published byGervase McDonald Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can."— Presentation transcript:

1 Information Systems CS-507 Lecture 40

2 Availability of tools and techniques on the Internet or as commercially available software that an intruder can download easily. For example, To scan ports, an intruder can easily obtain network scanners Various password cracking programs are available free or at a minimal cost. Factors Encouraging Internet Attacks

3 No matter how perfect a system is made by removing all possible vulnerabilities, there are still chances that weaknesses exist and the system can be intruded at any given time. Inadequate security over firewalls and operating systems may allow intruders to view internal addresses and use network services indiscriminately. Factors Encouraging Internet Attacks

4 Firewall Security Systems Intrusion Detection Systems Encryption Internet Security Controls

5 Every time a corporation connects its internal computer network to the Internet if faces potential danger. Because of the Internet’s openness, every corporate network connected to it is vulnerable to attack. Companies should build firewalls as one means of perimeter security for their networks. Firewall Security Systems

6 Firewall Firewalls are defined as a device installed at the point where network connections enter a site; they apply rules to control the type of networking traffic flowing in and out. The purpose is to protect the Web server by controlling all traffic between the Internet and the Web server.

7 To be effective, firewalls should allow individual on the corporate network to access the Internet and at the same time, stop hackers or others on the Internet from gaining access to the corporate network to cause damage. Firewall Security Systems

8 Deny-all philosophy -- which means that access to a given recourses will be denied unless a user can provide a specific business reason or need for access to the information resource. Accept All Philosophy -- under which everyone is allowed access unless someone can provide a reason for denying access.

9 System reports may also be generated to see who attempted to attack to system and tried to enter the firewall from remote locations.

10 Firewalls are hardware and software combinations that are built using routers, servers and variety of software. They should control the most vulnerable point between a corporate network and the Internet, and they can be as simple or complex as the corporate security policy demands. General Features of Firewall

11 Block access to an organization sites on the Internet Limit traffic on an organization’s public services segment to relevant addresses. Prevent certain users from accessing certain servers or services. Monitor communications between an internal and an external network Monitor and record all communications between an internal and the outside world to investigate network penetrations or detect internal subversion. Encrypt packets of data that are sent between different physical locations within an organization by creating a VPN over the Internet.

12 Encrypt packets that are sent between different physical locations within an organization by creating a VPN over the Internet. The capabilities of some firewalls can be extended so that they can also provide for protection against viruses and attacks directed to exploit known operating system vulnerabilities. Remote Location server protected by fire walls and IDS further complemented by IPS (Intrusion Prevention system) – Defining Specific ranges of IP addresses that may access the location with defined rights. General Features of Firewall

13 An IDS works in conjunction with routers and firewalls by monitoring network usage anomalies. It protects a company’s information systems resources from external as well as internal misuse. Intrusion Detection Systems (IDS)

14 An IDS is located in between firewall and corporate network and works in compliment with the firewall. However it can also be installed before the fire wall. IDS helps to detect both on-site unauthorized access through network based IDS, and remote unauthorized access through the use of host based IDS IDS is more concerned with recording and detecting intrusions. For blocking intrusions, an other system called Intrusion Prevention System (IPS) is used which takes input from IDS. Intrusion Detection Systems (IDS)

15 Components of an IDS An IDS comprise of following components: Sensors that are responsible for collecting data. The data can be in the form of network packets, log files, system call, traces, etc. Analyzers that receive input from sensors and determine intrusive activity An administrative console – it contains intrusion definitions applied by the analyzers. A user interface

16 Categories of IDS Host-based IDS’s Network-based IDS’s

17 Host-based IDS The host based IDS reside on a particular computer and provide protection for a specific computer system. They are not only equipped with system monitoring facilities but also include other modules of a typical IDS, for example the response module.

18 Systems that monitor incoming connection attempts. These examine host-based incoming and outgoing network connections. These are particularly related to the unauthorized connection attempts to various protocols used for network communication such as –TCP (Transmission Control Protocol) or –UDP (User Datagram Protocol) ports and can also detect incoming portscans. Systems that examine network traffic that attempts to access the host. These systems protect the host by intercepting suspicious packets and scanning them to discourage intrusion. –Network Traffic – data travel in the form of packets on network –Packet – a specific amount of data sent at a time

19 The network-based type of IDS (NIDS) produces data about local network usage. The NIDS reassemble and analyze all network packets that reach the network interface card. Network Based IDS

20 Example— Network based IDS While monitoring traffic, The NIDS’s capture all packets that they see on the network segment without analyzing them and just focusing on creating network traffic statistics.

21 Honeynets Honeynet (s) – does not allow the intruder to access actual data but leaves the intruder in a controlled environment which is constantly monitored. Monitoring provides information regarding the approach of the intruder.

22 An IDS comprises on the following: Sensors that are responsible for collecting data. The data can be in the form of network packets, log files, system call traces, etc. Analyzers that receive input from sensors and determines intrusive activity. An administration console A user interface. Components of IDS

23 The features available in an IDS includes: Intrusion Detections Gathering evidence on intrusive activity Automated response (i.e. termination of connection, alarm messaging) Security policy Interface with system tools Security policy management Features of IDS

24 An IDS can not help with the following weaknesses : Incorrectness or scope limitation in the manner threats are defined Application-level vulnerabilities Backdoors into application Weakness in identification and authentication schemes Limitations of IDS

25 Encryption Encryption – the process of converting data into codes (cryptograms) Encryption Original Data Ciphertext / Encrypted data

26 This is reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and its authenticity.

27 Web Server Logs The major purpose of enhancing web security is to protect web server from attacks through the use of internet. While doing that Logging is the principal component of secure administration of a Web server. Logging the appropriate data and then monitoring and analyzing those logs are critical activities. Review of Web server logs is effective, particularly for encrypted traffic, where network monitoring is far less effective.

28 Review of logs is a mundane activity that many Web administrators have a difficult time fitting into their hectic schedules. This is unfortunate as log files are often the best and/or only record of suspicious behavior. Failure to enable the mechanisms to record this information and use them to initiate alert mechanisms will greatly weaken or eliminate the ability to detect and assess intrusion attempts.

29 Web Server Logs (Contd.) Similar problems can result if necessary procedures and tools are not in place to process and analyze the log files. System and network logs can alert the Web administrator that a suspicious event has occurred and requires further investigation. Web server software can provide additional log data relevant to Web-specific events.

30 If the Web administrator does not take advantage of these capabilities, Web- relevant log data may not be visible or may require a significant effort to access.

Download ppt "Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can."

Similar presentations

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Chapter 12 Network Security.

Chapter 12 Network Security.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google