CO1-101 網路安全概論itcproject1.npust.edu.tw/ISMS/Lecture/資安技術/網路安全... · 網路安全概論 ‧網路安全 ... 設定不夠嚴謹，致使網路設備被入侵；作業系統

CO1CO1--101 101

Web Mail

DNS FTP

ADSL Modem

Internet

(DMZ)

Intranet Web File Server

DataBase Server

IDS

IDS

VPN

SSL

2

4

3

1

:NIMDAKLEZ

(Confidentiality)

(Integrity)

(Availability)

(Accountability)

(Authenticity)

(Reliability)

(Non-Repudiation)

()

- E-MailNewsWhois

- Ex. icst.org.tw

NmapOSService

CheopsOS

NessusHScan

WebDAVRPC

Legion, NetBIOS Audition Tool

Tools: pwdump2, L0phtCrack, John

Keylogger

POP3SMTPFTP

/

Winlogon

Password Dump

user

Rootkit

elusive

AttribNTFS file streaming

- DoS(Denial of Service)

-DDoS(Distributed Denial of Service)

2000(Yahoo, amazon, ebay, CNN, E-trade)

2001

CPU

(Distributed Denial of Service, DDoS)

DDoSDoS

DoS

DDoSDDoS

DoSDoSDDoSDDoS

DoS/DDoS

DoS/DDoSIP(IP)

()

(1/5)(1/5)

26Blaster()2003

18Sasser()2004

185Slammer2003

336Nimda()2001

worm

worm

2003Slammer

2003Blaster

2004MyDoom

MyDoom.A(NovargShimgapi )

30100

1/26361

(2/5)(2/5)

Denial of Service

(3/5)(3/5)

(Instant Message)peer-to-peer networking

MSNICQKuro

(4/5)(4/5)

(5/5)(5/5)

Wireless Local Network Area, WLAN(Open System Authentication)

WEPAd Hocdrive-by hacking

Note

criticalserioushighmediumlow

--NessusNessus(1/2)(1/2)

--NessusNessus(2/2)(2/2)

Vulnerability found on port microsoft-ds (445/tcp)The hotfix for the 'Malformed request to index server'problem has not been applied.

This vulnerability can allow an attacker to execute arbitrarycode on the remote host.

Solution : See http://www.microsoft.com/technet/security/bulletin/ms01-025.aspRisk factor : SeriousCVE : CVE-2001-0244

??

(Firewall)(Firewall)

(Packet Filter)

Source IP AddressDestination IP AddressSource TCP/UDP PortDestination TCP/UDP Port

(Proxy Server)

,

(Proxy Server)(Proxy Server)

IDSIDS(1/2)(1/2)

3

:

IDSIDS(2/2)(2/2):

(Anomaly Detection)

(Misuse Detection)(signatures)pattern

(Host)(Network)

IDS(kernel)

HostHost--Based DetectionBased Detection

promiscuous mode

Web Internet Server

DNS FTP

Internet

(DMZ)(DMZ)

Intranet Web File Server

(INTRANET)

DataBase Server

IDS

IDS

NetworkNetwork--Based DetectionBased Detection

/log ScriptSQL

Slammer SQL Service

TCP ResetTCP

(1/2)(1/2)

(2/2)(2/2)

IDS

(1/2)(1/2)

Signature-basedSignature

Drop packets

(2/2)(2/2)

IPSIPS(1/2)(1/2)IPS(Intrusion Prevention System)

deep packet inspectionOSI 4 7 TCP/IP

in-line modeIPS IPS

IDS sniff modeIDS

In-line mode

IPSIPS(2/2)(2/2)

real-time detectionIPS IDS

proactive prevention

wire-line speedIPS IPS

(VPN)(VPN)Internet(Virtual Private Network)

InternetInternet

VPNVPNVPNTunneling Encryption Authentication

Internet

ISP T1

ISP

ISP ADSLCableT1

ISP ADSLCable

VPN

(1/2)(1/2)

SSID(Service Set ID)

SSID(Access PointAP)

SSIDSSID

WEP(wired equivalent privacy)(MAC Address)

(2/2)(2/2)

(SSID) ANY

SSID

War Driving

War Chalking

ANY SSID

SSID

SSID SSID

(Cryptanalysis)

(Access Point)SSID

802.1X

(1/2)(1/2)

(2/2)(2/2)

SSLVPN