Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security fundamentals Topic 6 Securing the network infrastructure.

Published byEvan Moody Modified over 8 years ago

Similar presentations

Presentation on theme: "Security fundamentals Topic 6 Securing the network infrastructure."— Presentation transcript:

1 Security fundamentals Topic 6 Securing the network infrastructure

2 Agenda Security at the TCP/IP layers Security at the physical layer Securing network devices

3 Network layer attacks MAC address spoofing – Attackers can create packets with the MAC address of a different computer and impersonate that computer Denial of Service (DoS) – Overloads a single system so that it cannot provide the service it is configured to provide – Sends frames designed to use up all the resources of the target device ARP cache poisoning – Incorrect or spoofed entries are added to the ARP cache – messages are sent to incorrect destinations

4 Internet layer attacks IP address spoofing – Source addresses of IP packets are spoofed to impersonate another computer Man-in-the-middle attack – Attacker intercepts and reads or modifies packet contents without the knowledge of the source or destination computers Denial of Service – Attacker overloads the TCP/IP stack with a large number of invalid packets which prevents processing of legitimate packets – Attacker changes entries in routing tables to prevent delivery of packets Incorrect reassembly of fragmented datagrams – Offset field used to reassemble fragments is changed so that they can’t be reassembled correctly – datagram could pass through a firewall when it shouldn’t Avoiding detection by fragmenting datagrams – An attacker might fragment a packet to hide patterns (such as virus signatures) to avoid detection Corrupting packets – Information in IP header fields is modified

5 Transport layer attacks Manipulation of UDP or TCP ports – Attacker can format packets so they appear to come from a port allowed by the firewall Denial of service – SYN flood attack to leave sessions half open until router cannot accept anymore connections Session hijacking – After the connection is established, attacker predicts TCP sequence numbers and takes over the connection with his own segments

6 Application layer attacks Specific to the application layer protocol Common attacks exploit: – Email protocols – Web protocols – DNS

7 Network cabling security Coaxial cables – Cutting or destroying cables – Noise from EMI or RFI – Removing a terminator Eavesdropping traffic by tapping into coaxial cable at any point on network Mitigation – Protect the Cable: bury it, inside walls, tamperproof containers – Document the cable infrastructure – Investigate all outages – Inspect your cables regularly – Investigate undocumented hosts and connections

8 Network cabling security Twisted pair – Cutting or destroying cables – Noise from EMI or RFI, STP mitigates the impact of EMI and RFI Mitigation – Protect the cables – Protect the switches and patch panels – Document the cable infrastructure – Investigate all outages – Inspect your cables and infrastructure regularly – Investigate undocumented hosts and connections Eavesdropping – Using a protocol analyser or packet sniffer (requires physical connection) – Splicing into a cable – Listening to electromagnetic signals from the signals passing through the wire

9 Network cabling security Fiber optic cables – Bend or snap the cable – Any damage will disrupt the signal Eavesdropping – Virtually impossible – requires cutting cable and polishing ends and connecting a device Mitigation – Protect the cables – Protect the switches and patch panels – Document the cable infrastructure – Investigate all outages – Inspect your cables and infrastructure regularly – Investigate undocumented hosts and connections

10 Device security Compromising switches and bridges – If an attacker has physical access, he can disable a switch – Attach a computer to a span port which receives all switch traffic – Transmit frames with spoofed MAC address to corrupt the MAC address table – Flood the switch with frames to disrupt operations Gaining administrative access – Port mirroring: map the input and output of one or more ports to a single port to eavesdrop on communications – Change the MAC address table to redirect traffic ARP cache poisoning – Attacker can overwrite entries in the ARP cache allowing attacker to eavesdrop or hijack a session

11 Securing switches and bridges Physical security – Limit physical access, use security personnel and monitoring (cameras) Protecting admin functions with passwords – Set complex passwords and change routinely – Restrict access to few staff – Manually enter ARP mappings on critical devices: servers, switches and bridges – Keep up to date with patches – Document configurations so you know what is normal and authorised Monitoring for security breaches – Monitor devices for unauthorised connections – ARPWATCH to monitor traffic and keep MAC-to-IP address mappings

12 Securing routers Compromising routers – Susceptible to ARP cache poisoning – Routing tables can be changed either administratively or with incorrect routing updates – RIP spoofing – updating routing tables with bogus updates – ACLs can be changed if admin access is compromised – Insecure protocols, services could be enabled

13 Securing routers Keep routers in secure locations: locked server rooms and wiring closets Secure all physical connections to network segments Use security personnel and monitoring (cameras) Set complex passwords and change regularly Keep up to date with latest patches Restrict staff with access and locations access can come from Set ACLs to prevent inappropriate connections Set passwords for routing updates Disable insecure protocols and services Document and regularly review the network

14 Securing telecommunications Compromised by – Free long distance calls by changing billing records – Compromise or shut down the organisation’s voice mail system – Reroute incoming, transferred or outgoing calls – Gain access to voice mail boxes of employees

15 Securing PBX systems Vulnerabilities – Insecure or default passwords are used – Older PBX systems don’t implement latest security technology – Lack of knowledge and security procedures: social engineering – Remote management connections could be compromised – Unused floors and offices may have active connections Protecting PBX – Physically securing PBX equipment – Control access to PBX wiring room and switching equipment – Document – Routinely check unauthorised connections – Secure offsite transfers with passwords (for updates) – System exclusion lists to limit long distance calling – Shut down services not required during off days and hours – Educate users – Enforce PBX password change and audit policy – Secure maintenance ports, limit entry ports, log all system access

16 Securing modems Compromising modems Can be used to circumvent firewall security Can be used to provide direct access to internal computers War dialling to discover computers with modems attached Mitigation Remove all unnecessary modems If modem is required for outgoing calls make sure it is configured not to accept incoming calls Software/security updates for computers with modems Monitor security bulletins Isolate computers with modems to limit the damage Monitor computers with modems to ensure they have not been compromised

17 Lesson summary What some TCP/IP layer attacks are, and security practices What some physical layer attacks are, and security practices Practices for securing network cabling and network devices and threats associated

Download ppt "Security fundamentals Topic 6 Securing the network infrastructure."

Similar presentations

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Network Security Philadelphia UniversityAhmad Al-Ghoul 2010-20111 Module 10 Network Infrastructure Security  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 10 Network Infrastructure Security  MModified by :Ahmad Al Ghoul  PPhiladelphia.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
ITIS 6167/8167: Network and Information Security Weichao Wang.

ITIS 6167/8167: Network and Information Security Weichao Wang.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
COMPUTER NETWORKS.

COMPUTER NETWORKS.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Network Security Philadelphia UniversityAhmad Al-Ghoul 2010-20111 Module 9 TCP/IP Layers and Vulnerabilities  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 9 TCP/IP Layers and Vulnerabilities  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Similar presentations

Ads by Google