Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information."— Presentation transcript:

1 IT Security Doug Brown Jeff Bollinger

2 What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information technology

3 Mistakes Computers don’t make mistakes; people do. People write programs. Each program that you run introduces another set of mistakes that the bad guys can use against you.

4 From the network Programs open ports Attackers probe these ports (Layer 4 - transport) to determine which programs are running, what version they are, and what they can attack

5 Firewalls (Layer 4 – Transport) What they do:

6 Why not stop there? A Firewall on your network is not a panacea You will probably have to allow some access to your network through the firewall If someone uses this access to hack a box on your network, then the firewall becomes inconsequential Firewalls are troublesome in some environments – like UNC

7 Break-ins Things the bad guys take advantage of Bad or weak passwords Poorly written programs Buffer Overflows Execution of code Detection of break-ins System logs IDS and/or Firewall logs Abnormal system behavior Complaint from another user

8 Intrusion Detection Normally a passive security tool Monitors network traffic in search of attacks Signature based Traffic pattern based Monitoring the IDS logs provide Evidence with which to respond to attacks Warnings to allow the stopping of attacks in progress Post-mortem information after attacks UNC is currently using Snort

9 An example from Snort Signature # Alerts# Sources # Destinations Detail link ida ISAPI Overflow 2274 1952 1583 Summary CUSTOM Port 65000 TCP traffic 2996 93 161 Summary WEB-MISC Invalid URL4387 111 637 Summary WEB-MISC 403 Forbidden45626281177Summary SMTP relaying denied507025144 Summary CUSTOM IRC file-sharing 7447 20 19Summary FTP EXPLOIT wu-ftpd overflow 779249596 Summary WEB-MISC Attempt to execute cmd8479246 1353Summary INFO Possible IRC Access 14784 127 76 Summary Incomplete Packet Fragments21201138140 Summary WEB-MISC http directory traversal2442614461643Summary

10 Intrusion Detection The downside of Intrusion Detection? False Positives!

11 Enter Intrusion Prevention Sits In-line and automatically drops bad traffic Layer 7 – Application Inspection With the right brand - No False Positives Security Zones (Attack Domains) contain infections

12 An example from Tipping Point Hit CountFilter 8988MS-RPC: DCOM 396Shell Command Exec 334IE CHM File Proc 202Code Red II Worm 83Nimda Attack

13 IE CHM File Processing This filter detects an attempt to exploit a vulnerability in Internet Explorer, specifically in IE's processing of compiled help (".chm") files. The flaw can be exploited by a malicious website to execute arbitrary code on a client system. Note that the vulnerability is being exploited in the wild to install malicious code named "Ibiza" on compromised systems.

14 Key Points People are behind the technology Security combats human error Goal of security is to ensure: Confidentiality - Integrity - Availability (of the data and systems)

15 Wireless Demo Wireless Implementations = Human Error

Download ppt "IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Packets and Protocols Chapter Seven Real World Packet Captures.

Packets and Protocols Chapter Seven Real World Packet Captures.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
UNITS meeting September 30, 2004 Network Security Roger Safian

UNITS meeting September 30, 2004 Network Security Roger Safian
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Network and Server Attacks and Penetration Chapter 12.

Network and Server Attacks and Penetration Chapter 12.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google