Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Network Security

Published byPhillip Stone Modified over 4 years ago

Similar presentations

Presentation on theme: "Introduction to Network Security"— Presentation transcript:

1 Introduction to Network Security
9/12/2015

2 What is “Security” Dictionary.com says:
1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: A group or department of private guards: Call building security if a visitor acts suspicious. Measures adopted by a government to prevent espionage, sabotage, or attack. …etc. Week1 /2016

3 Why do we need security? Protect vital information while still allowing access to those who need it Trade secrets, medical records, etc. Provide authentication and access control for resources Guarantee availability of resources Ex: 5 9’s (99.999% reliability) 9/12/2015

4 What are the risks? Theft or disclosure of internal data
Unauthorized access to internal hosts Interception or alteration of data Vandalism & denial of service Wasted employee time Bad publicity, public embarrassment, and law suits 9/12/2015

5 Who is vulnerable? Financial institutions and banks
Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies ANYONE ON THE NETWORK 9/12/2015

6 The Ingredients of an Attack
Motive + Means + Opportunity = ATTACK! 9/12/2015 v1.1

7 Security Concepts Confidentiality – Preserving authorized restrictions on information access. Integrity – Guarding against improper information modification or destruction. Availability – Ensure timely and reliable access to and use of information. Authenticity – The property of being genuine and able to be verified trusted. Accountability – The requirement for actions of an entity to be traced. We can define three levels of impact on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality, integrity, or availability). These levels are defined in FIPS PUB 199: • Low: The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals. • Moderate: The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss might (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries. • High: The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss might (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries. 9/12/2015

8 Threats Definition of threats (by NSA)
“The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security.” 9/12/2015

9 Attacks Definition of attacks (by NSA) “An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. The act of trying to bypass security controls on a system. An attack may be active, resulting in the alteration of data, or passive, resulting in the release of data.” In other words, the actual attempt to impact infrastructure assets or operations, and it is carried out by a threat agent. 9/12/2015

10 Threats and Attacks Both threats and attacks can be categorized as active or passive depending on whether the realization (the attack) of the threat requires changing the system or network. Examples of passive attacks – eavesdropping and traffic analysis (sniffering) Examples of active attacks – DoS attacks 9/12/2015

11 Passive Attack - Interception
9/12/2015

12 Passive Attack: Traffic Analysis
Observe traffic pattern 9/12/2015 12

13 Active Attack: Interruption
Block delivery of message 9/12/2015 13

14 Active Attack: Fabrication
Fabricate message 9/12/2015 14

15 Active Attack: Replay 9/12/2015

16 Active Attack: Modification
Modify message 9/12/2015 16

17 Threats in a Network Service disruption and annoyance – brings down network elements (remotely or locally), spam, etc. Eavesdropping and traffic analysis – attempts to collect sensitive information (user credential, vital information, etc.) to prepare for an attack. Masquerading and impersonation – ability to impersonate a user, device or service to gain access to a network, service, network element or information (used to commit frauds, unauthorized access or even service disruption) 9/12/2015

18 Security Services (1) A service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. Authentication Peer entity authentication Data-origin authentication Access Control Data Confidentiality – protection of data from unauthorized disclosure. Connection-oriented confidentiality Connectionless confidentiality Selective-field confidentiality Traffic-flow confidentiality 9/12/2015

19 Security Services (2) Data Integrity Nonrepudiation
Connection integrity with recovery Connection integrity without recovery Selective-field connection integrity Connectionless integrity Selective-field connectionless integrity Nonrepudiation Nonrepudiation, origin Nonrepudiation, destination 9/12/2015

20 Security Mechanisms (1)
Divided into two categories; Specific security mechanisms (protocol-layer specific) Encipherment Digital Signature Access Control Data Integrity Authentication Exchange Traffic Padding Routing Control Notarization - use of a trusted third party to assure certain properties of a data exchange 9/12/2015

21 Security Mechanisms (2)
Pervasive security mechanisms Trusted functionality Security label Event detection – e.g., network monitoring Security audit trail – e.g., network logging Security recovery – e.g., DC/DR, backup 9/12/2015

22 9/12/2015

23 Model for Network Security
9/12/2015

24 Network Access Security Model
9/12/2015

25 Introduction to Protection Mechanisms
9/12/2015

26 Common security attacks and their countermeasures
Finding a way into the network (network infrastructure breach) Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems (IDS) Denial of Service IDS TCP hijacking and Packet Sniffing IPSec, Encryption (SSH, SSL, HTTPS) Viruses, worms, trojan horses Patch update, virus scanning program etc. Social problems Education 9/12/2015

27 Common security attacks and their countermeasures
Finding a way into the network (network infrastructure breach) Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems (IDS) Denial of Service IDS TCP hijacking and Packet Sniffing IPSec, Encryption (SSH, SSL, HTTPS) Viruses, worms, trojan horses Patch update, virus scanning program etc. Social problems Education 9/12/2015

28 Network Breach - Firewall
What is "Firewall"? As many machines as it takes to: be the sole connection between inside and outside. test all traffic against consistent rules. pass traffic that meets those rules. contain the effects of a compromised system. 9/12/2015

29 Firewall 9/12/2015

30 Policy for the Firewall
Who gets to do what via the Internet? What Internet usage is not allowed? Who makes sure the policy works and is being complied with? When can changes be made to policy/rules? What will be done with the logs? Will we cooperate with law enforcement? 9/12/2015

31 Firewall Placement Options
At the traditional corporate network perimeter (where the data center meets the WAN and Internet) Between departments, to segregate access according to policy among user groups Between corporate LAN switch ports and Web, application, and database server farms in the data center Where the wired LAN meets the wireless LAN (between Ethernet LAN switches and wireless LAN controllers) At the WAN edge of the branch office In laptops, smartphones, and other intelligent mobile devices that store corporate data (in the form of personal firewall software) in the case of telecommuters and mobile workers 9/12/2015

32 Firewall Placement Options
9/12/2015

33 Common security attacks and their countermeasures
Finding a way into the network (network infrastructure breach) Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems (IDS) Denial of Service IDS TCP hijacking and Packet Sniffing IPSec, Encryption (SSH, SSL, HTTPS) Social problems Education Viruses, worms, trojan horses Patch update, virus scanning program etc. 9/12/2015

34 What are DoS Attacks? The name “denial of service” is based on the idea that an overloaded victim cannot provide services to its valid clients The standard DoS attack consists of an attacker and a victim In this example, an attacker is sending an incomplete fragment set to the victim Examples of DoS attacks SYN flood – three-way TCP handshake to overload the device Smurf attack – ICMP echo request to broadcast address 9/12/2015

35 Distributed DoS Distributed Denial of Service (DDoS) attacks are basically denial of service attacks that are launched from numerous devices DDoS attacks consist of four main elements: Attacker Handler Agent Victim 9/12/2015

36 DoS Countermeasure Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent. Different ways of classifying an IDS IDS based on anomaly detection signature based misuse host based network based 9/12/2015

37 Anomaly-based IDS This IDS models the normal usage of the network as a noise characterization. Anything distinct from the noise is assumed to be an intrusion activity. E.g., flooding a host with lots of packet. The primary strength is its ability to recognize novel attacks. Drawbacks Assumes that intrusions will be accompanied by manifestations that are sufficiently unusual so as to permit detection. These generate many false alarms and hence compromise the effectiveness of the IDS. 9/12/2015

38 Signature-based IDS This IDS possess an attacked description that can be matched to sensed attack manifestations. The question of what information is relevant to an IDS depends upon what it is trying to detect. E.g., DNS, FTP etc. IDS system is programmed to interpret a certain series of packets, or a certain piece of data contained in those packets, as an attack. For example, an IDS that watches web servers might be programmed to look for the string “phf” as an indicator of a CGI program attack. Most signature analysis systems are based off of simple pattern matching algorithms 9/12/2015

39 Drawbacks of Signature-based IDS
They are unable to detect novel attacks. Suffer from false alarms Have to programmed again for every new pattern to be detected. 9/12/2015

40 Host/Applications-based IDS
The host operating system or the application logs in the audit information. These audit information includes events like the use of identification and authentication mechanisms (logins etc.) , file opens and program executions, admin activities etc. This audit is then analyzed to detect trails of intrusion. Drawbacks The kind of information needed to be logged in is a matter of experience. Unselective logging of messages may greatly increase the audit and analysis burdens. Selective logging runs the risk that attack manifestations could be missed. 9/12/2015

41 Network-based IDS This IDS looks for attack signatures in network traffic via a promiscuous interface. A filter is usually applied to determine which traffic will be discarded or passed on to an attack recognition module. This helps to filter out known un-malicious traffic. Strengths Cost of ownership reduced Packet analysis Real time detection and response Malicious intent detection Operating system independence 9/12/2015

42 Common security attacks and their countermeasures
Finding a way into the network (network infrastructure breach) Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems (IDS) Denial of Service IDS TCP hijacking and Packet Sniffing IPSec, Encryption (SSH, SSL, HTTPS) Viruses, worms, trojan horses Patch update, virus scanning program etc. Social problems Education 9/12/2015

43 What is Session Hijacking?
TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. Also referred to as Man-in-the-middle Attack. This technique involves using a packet sniffer to intercept the communication between client and the server. Packet sniffer comes in two categories: Active sniffers Passive sniffers. 9/12/2015

44 Passive Sniffers Passive sniffers monitors and sniffs packet from a network having same collision Domain i.e. network with a hub, as all packets are broadcasted on each port of hub. 9/12/2015

45 Active Sniffers One way of doing so is to change the default gateway of the client’s machine so that it will route its packets via the hijacker’s machine. This can be done by ARP spoofing (i.e. by sending malicious ARP packets mapping its MAC address to the default gateways address so as to update the ARP cache on the client , to redirect the traffic to hijacker). 9/12/2015

46 ARP Spoofing 9/12/2015

47 Hijacking and Sniffing Countermeasures
IPSec is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. SSH (Secure Shell) is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network SSL (Secure Socket Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client. HTTPS (or HTTP over SSL) is a protocol for secure communication over a computer network which is widely used on the Internet. 9/12/2015

48 IPSec 9/12/2015

49 SSH 9/12/2015

50 SSL and HTTPS 9/12/2015

51 Common security attacks and their countermeasures
Finding a way into the network (network infrastructure breach) Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems (IDS) Denial of Service IDS TCP hijacking and Packet Sniffing IPSec, Encryption (SSH, SSL, HTTPS) Viruses, worms, trojan horses Patch update, virus scanning program etc. Social problems Education 9/12/2015

52 Anti-virus Best Practices
Up-to-date operating system should be ensured. A good anti-virus product should be chosen for the organization. A centralized server based antivirus system is suggested for an organization with a computer network. For standalone PC’s the antivirus software loaded into PC should be automatically enabled for checking viruses. For a networked environment there must be a central server to check for viruses’ in all the machines automatically. The following schedule is suggested for a full scan of the PC’s.  Servers: Daily  Workstations: Daily  Schedule the operation when there is least human interaction with the work stations.  The antivirus software should auto-update virus signatures automatically from the service providers, as and when an update of signature or virus engine is available. 9/12/2015

53 Anti-virus Best Practices
External media (ex. Floppy, CD’s) is one of the most potent medium for transmission of viruses’, hence it must not be used in the network except for a few pre determined PC’s. Unneeded services should be turned off and removed. By default many operating systems install auxiliary services that are not critical e.g. an FTP, telnet or a web server. These services are avenues to attack. Enforce a password policy. Complex password makes it difficult to crack password files on compromised systems/computers. This helps to prevent damage when a computer is compromised. The mail server is one of the easiest routes for virus attack through attachments. Mail server should be configured to block or remove that contains attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif, and .scr files. To prevent spamming to mails in the organization, mails only authenticated by users in the organizations should be allowed. All employees must be made aware of the potential threat of viruses and the various mechanisms through which they propagate. 9/12/2015

54 Common security attacks and their countermeasures
Finding a way into the network (network infrastructure breach) Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems (IDS) Denial of Service IDS TCP hijacking and Packet Sniffing IPSec, Encryption (SSH, SSL, HTTPS) Viruses, worms, trojan horses Patch update, virus scanning program etc. Social problems Education 9/12/2015

55 Social Problem People can be just as dangerous as unprotected computer systems People can be lied to, manipulated, bribed, threatened, harmed, tortured, etc. to give up valuable information Most humans will breakdown once they are at the “harmed” stage, unless they have been specially trained Think government here… Fun Example: Someone calls you in the middle of the night “Have you been calling Egypt for the last six hours?” “No” “Well, we have a call that’s actually active right now, it’s on your calling card and it’s to Egypt and as a matter of fact, you’ve got about $2000 worth of charges on your card and … read off your AT&T card number and PIN and then I’ll get rid of the charge for you” 9/12/2015

56 Social Problems There aren’t always solutions to all of these problems
Humans will continue to be tricked into giving out information they shouldn’t Educating them may help a little here, but, depending on how bad you want the information, there are a lot of bad things you can do to get it So, the best that can be done is to implement a wide variety of solutions and more closely monitor who has access to what network resources and information But, this solution is still not perfect

Download ppt "Introduction to Network Security"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.

Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Department Of Computer Engineering

Department Of Computer Engineering
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus - 2007.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Cryptography and Network Security

Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
1 Network Security 2 nd Lec. BSIT 4C - Finals. The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness.

1 Network Security 2 nd Lec. BSIT 4C - Finals. The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

Similar presentations

Ads by Google