Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies."— Presentation transcript:

1

2

3 2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies

4 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 333 Security Threats: Pervasive in the Network Internet Information Theft Virus Attacks Destructive ILOVEYOU Computer Virus Strikes Worldwide —— CNN Data Interception Unprotected Assets AOL Boosts Email Security After Attack — C/NET Denial of Service Unauthorized Entry Several Web Sites Attacked Following Assault on Yahoo! —— New York Times

5 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 444 Code Red Propagation July 19, Midnight—159 Hosts Infected

6 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 555 Code Red Propagation (Cont.) July 19, 11:40 am—4,920 Hosts Infected

7 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 666 Code Red Propagation (Cont.) July 20, Midnight—341,015 Hosts Infected

8 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 777 Threat Capabilities: More Dangerous & Easier To Use Sophistication of Hacker Tools Packet Forging/ Spoofing 19901980 Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Hijacking Sessions Sweepers Sniffers Stealth Diagnostics Technical Knowledge Required High Low 2000 DDOS

9 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 888 Patch Vulnerabilities and Update Virus Scanning Software Patch ALL vulnerable systems! Remote sites Dial-up users VPN connections Update Virus Scanning software for NIMDA Patching Cisco products running Microsoft IIS: http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml Patching Microsoft IIS itself: http://www.microsoft.com/technet/security

10 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 999 SECURE MONITOR and RESPOND TEST MANAGE and IMPROVE A Continual, Multistage Process Focused on Incremental Improvement Security Philosophy: The Security Wheel

11 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 10 To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall SAFE “Campus Internet” Module

12 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 11 To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall SAFE “Campus Internet” Module PIX Firewall Family: Range of solutions – from teleworkers through large Enterprise/SP High performance Very secure Easy to deploy and maintain Cost-effective failover Stateful Packet Filtering Basic Layer 7 Filtering Host DoS Mitigation

13 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 12 To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall Broad Layer 4–7 Analysis Focused Layer 4–7 Analysis SAFE “Campus Internet” Module Cisco Network IDS Sensors: Network appliance and switch-based solutions Provide network “video camera and burglar alarm” Protect against attacks and misuse High performance Very secure

14 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 13 To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall Host IDS for local attack mitigation SAFE “Campus Internet” Module Cisco IDS Host Sensors: Protect critical systems against viruses and worms Intercept and inspect all system commands Secure the OS and validate service requests Alert on suspicious activity Most robust solution Easy to deploy and manage

15 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 14 To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall Spoof Mitigation DDoS Rate-Limiting Basic Filtering SAFE “Campus Internet” Module Cisco IOS Routers: Incorporate many robust security features  Authentication/PKI  ACLs / Filtering  Rate-limiting  Firewall & IDS  IPsec VPN Provide significant first line of defense

16 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 15 To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall Inspect Outbound Traffic for unauthorized URLs SMTP Content Inspection SAFE “Campus Internet” Module Cisco AVVID Partners: Provide complementary security solutions  Authentication/PKI  Content Filtering/AV  Personal Firewall  Wireless/VPN Client  Security Management  Security Services

17 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 16 To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall Inspect Outbound Traffic for unauthorized URLs Stateful Packet Filtering Basic Layer 7 Filtering Host DoS Mitigation Spoof Mitigation DDoS Rate-Limiting Basic Filtering Broad Layer 4–7 Analysis SMTP Content Inspection Host IDS for local attack mitigation Focused Layer 4–7 Analysis SAFE “Campus Internet” Module

18 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 17 IdentitySecure Connectivity Perimeter Security Monitoring Security Management Network Security Components Internet Authentication Firewalls VPN Intrusion Detection Scanning Policy

19 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 18 EDGE Options

20 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 19 Campus Network Issues (Security) Firewall Intrusion Detection VPN HIDS

21 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 20 Campus Network Issues Firewall Intrusion Detection VPN Transparent Cache (Content Engine) H.323 GK Intelligent Switched LAN Infrastructure

22 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 21 New Cisco VPN 3000 Concentrator Series

23 22 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Internet Worms Code Red and NIMDA Overview

24 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 23 Anatomy of a Worm 3. Payload 2. Propagation Mechanism 1. The Enabling Vulnerability

25 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 24 1. The Enabling Vulnerability 1 Internet IIS Using the Index Server buffer overflow attack, the worm attempts to install itself on IIS Web servers

26 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 25 2. Worm Propagation GO 2 IIS After gaining access to the servers, the worm replicates itself and selects new targets for infection

27 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 26 3. The Payload 3 STEAL DEFACE BACK DOOR ROOTKIT After infection, the attacker can possess administrator-level access to the server!

28 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 27 Code Red: How It Works Conceals itself in HTTP Packets. Firewalls alone cannot safeguard against the virus The worm exploits vulnerabilities found in Microsoft’s Internet Information Server (IIS) v4&5 via a buffer overflow attack It then exploits arbitrary code and installs a copy of itself into the infected computer’s memory—which then infects other hosts Multiple versions: CRv1, CRv2, Code Red II Results: DDoS attack, network latency, backdoor installation, drive mapping

29 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 28 NIMDA: How It Works Hybrid of Worm and Virus—can attack and infect in multiple ways, creating a DoS situation Only infects computers running a Microsoft operating system and Microsoft's e-mail, web browser or web server applications Spread via the following mechanisms: Infects e-mail without user launching the infected attachment Places copies of itself in network shared files, and when previewing these files with Internet Explorer the worm’s executable is loaded Modifies all Web content files—any user browsing the Web site may accidentally download the worm Results: DDoS attack, network latency

30 29 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Protecting Your Network Against Internet Worms Using SAFE

31 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 30 1. Intrusion Detection on Critical Hosts Host-Based Intrusion Detection (HIDS) Analyzes HTTP traffic and determines if attack is underway Analyzes HTTP server to detect abnormal operations Protects OS against buffer overflow and binary modifications Secures IIS by disabling indexing service Sends alarm when exploitation is intercepted Install HIDS on critical servers!

32 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 31 2. Intrusion Detection in the Network Network Based Intrusion Detection (NIDS) Attack detection triggers NIDS to send alarm and/or either shun or reset connection Shunning not recommended for Code Red v1 or v2 since attack is contained in single packet NIDS can stop Code-Red II since multiple packets are used NIDS will alarm on NIMDA and identify compromised hosts 4210 IDS 4230 IDS C6000 IDSM

33 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 32 3. Access Control with Firewalls Stateful firewalling Filter to allow only inbound connections to web server Disallow outbound connections from web server to limit self-propagation Limit inbound connections to server to block excessive connection attempts and DoS situation PIX 506 PIX 515 PIX 525 PIX 535 PIX 501

34 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 33 3a. Access Control with Router Filtering Ingress filtering Block access to hosts/services that should not be publicly available Egress filtering Block outbound access of devices designed for internal use only to limit propagation access-list out deny ip any 192.168.254.0 255.255.255.0 access-list out deny ip any 192.168.253.0 255.255.255.0 access-list out permit icmp any any echo-reply access-list out permit tcp any host 172.16.225.52 eq www access-list out permit tcp any host 172.16.225.52 eq ftp access-list out permit tcp any host 172.16.225.50 eq smtp access-list out permit udp any host 172.16.225.51 eq domains access-list in deny ip any 192.168.254.0 255.255.255.0 access-list in deny ip any 192.168.253.0 255.255.255.0 access-list in permit icmp any any echo access-list in permit udp host 10.1.11.50 host 172.16.225.51 eq domain access-list in permit tcp 10.0.0.0 255.0.0.0 host 172.16.225.52 eq www access-list in permit tcp host 10.1.11.51 host 172.16.225.50 eq smtp access-list in permit tcp host 10.1.11.51 host 172.16.225.50 eq 389 access-list in permit tcp 10.0.0.0 255.0.0.0 host 172.16.225.52 eq ftp access-list in deny ip any 172.16.225.0 255.255.255.0 access-list in permit ip 10.0.0.0 255.0.0.0 any access-list in permit esp host 10.1.20.57 host 172.16.224.23 access-list in permit esp host 10.1.20.57 host 172.16.224.24 access-list in permit udp host 10.1.20.57 host 172.16.224.23 eq isakmp access-list in permit udp host 10.1.20.57 host 172.16.224.24 eq isakmp

35 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 34 4. Private VLANs Hosts on given segment can only communicate with default gateway— NOT other hosts on network Compromised web server could not infect others Promiscuous Port Community ‘A’ Community ‘B’ Isolated Ports x x x x Community VLAN Isolated VLAN Primary VLAN Community VLAN

36 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 35 PVLANs & a DMZ

37 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 36 What is VPN/Security Mgmt Solution(VMS)? Integral part of SAFE blueprint Flagship solution for VPN & Security Management One stop for configuring, monitoring, and troubleshooting: VPN Firewall Network-based IDS Host-based IDS For Detailed Information: www.cisco.com/go/enm

38 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 37 Summary Threats will continue to become more advanced and aggressive, but… Organizations need to adopt a comprehensive approach to security—there is no silver bullet Function of design, people, and processes Requires defense-in-depth Cisco can help you secure your network! SAFE security blueprint Market-leading products, services, and partners

39 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. 38 Sample Cisco Configurations Host IDS CachingVPN DS-1 1.5Mbps fDS-3 20Mbps DS-3 45Mbps Intrusion Detection OC-3 155Mbps PIX515 CE50730154210 PIX525 PIX535 CE560 CE590 3030 4210 4230 Notes: List Pricing Shown – Discounts & Trade-ins Apply – Router Required, Other Elements Optional Firewall Console & Agents MGMT VMS 2.0

40 39Updated_01-02-01 © 2001, Cisco Systems, Inc.

Download ppt "2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies."

Similar presentations

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Data Center Security Overview Dr. Natheer Khasawneh Ziad BashaBsheh.

Data Center Security Overview Dr. Natheer Khasawneh Ziad BashaBsheh.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Cisco IOS Firewall ( CBAC-Context Based Access Control)

Cisco IOS Firewall ( CBAC-Context Based Access Control)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
111 vbieri_cisco_router_security © 2001, Cisco Systems, Inc. All rights reserved. Cisco SAFE A Security Blueprint for Enterprise Networks Özay UYANIK.

111 vbieri_cisco_router_security © 2001, Cisco Systems, Inc. All rights reserved. Cisco SAFE A Security Blueprint for Enterprise Networks Özay UYANIK.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google