Intro to Network Security_1

8/7/2019 Intro to Network Security_1

1/33


2/33

2

What is Internet Security?

Network security addresses the

vulnerabilities to which your

organization is exposed as aconsequence of being connected

to a network.


3/33

3

Topics ofDiscussionI. Whos vulnerable?

II. Whos attacking?

III. What are the kinds of attacks?

IV. How do we protect ourselves?

V. What do you do when youve

been hacked?VI. References and Q&A


4/33

4

Whos vulner

able?

Everyone in your organization who uses

computers or networks in the process of

doing their job. Everyone in your organization who is

affected by the information stored in

computers.

Everyone in your organization.

Outsiders who rely on your organization

your customers, the public.


5/33

5

Whos vulner

able?

Both Servers and End-Users are

subject to attack.

Web servers, E-mail servers, Fileservers, Communications servers,

Network devices

End-users receiving e-mail, visiting

web sites, downloading files,participating in online services


6/33

6

Whos vulner

able?

20-year-old man arrested for

breaking into two computers of

NASAs Jet Propulsion Laboratory. Hacking started in 1998

One computer was used to host

chat room devoted to hacking

Thousands of usernames and

passwords were stolenReuters News, July 12, 2000


7/33

7

Whos

attacking?

Attacks from the Outside

Outside means originating from

anyone/anyplace outside of yourLAN/intranet, an unknown source.

Sometimes the damage is done

without intent....

Sometimes the damage is done onpurpose.


8/33

8

What are the kinds of

attacks? Trojans, Worms and Backdoors

Trojans are programs that appear to

perform a desirable and necessaryfunction that perform functionsunknown to (and probably unwantedby) the user.

Worms are memory resident viruses.

Unlike a virus, which seeds itself inthe computer's hard disk or filesystem, a worm will only maintain afunctional copy of itself in activememory.


9/33

9

What are the kinds of

attacks? Password Crackers

Some actually try to decrypt....

Most simply try brute force orintelligent brute force

Dictionary words, days of year,

initials

Social Engineering

This is MIS, I need to fix your

e-mail box, whats your password?


10/33

10

How dowe protect

ourselves? One product cannot provide full

protection

The computer networkingenvironment consists of too many

different subsystems for one

product to provide full protection


11/33

11

How dowe protect

ourselves? Ethernet protocol

IP protocol

TCP protocol

Routing protocols

Operating Systems

Presentation protocols - HTML, DHTML,XHTML, XML

Remote Program execution protocols -VBS, ASP, DCOM, CORBA, JavaScript,Java Applets, Jini

Applications - MS Outlook, NetscapeCommunicator, server SW (MS IIS, etc.)


12/33

12

How dowe protect

ourselves? Anti-virus software

Personal Anti-virus SW on your

machine Make sure it is set to scan all

executables, compressed files,

e-mail, e-mail attachments, web

pages Keep your virus information files up

to date!!!


13/33

13

How dowe protect

ourselves? Web based protection filters

Web Server protection

Protects web server from hacking(e.g. AppShield (Sanctum Inc.))

Web Access Control

Restricts web sites to which you

can connect. Can protect you bynot allowing you to go to malicious

web sites (e.g. WebSENSE)


14/33

14

How dowe protect

ourselves? More on Web Site/Application

hacking

Some examples....


15/33

15

How dowe protect

ourselves? Hidden Manipulation

Parameter Tampering

Cookie Poisoning Stealth Commanding

Forceful Browsing

Backdoors and Debug

Options

Configuration Subversion

Buffer Overflow

Vendor assisted hackingthrough 3rd-party software

vulnerabilities


16/33

2/14/01 Fujitsu Systems Business of America 16

Example: Medical Records

AccessParameter Tampering - SQL

Query via CGI Parameters


17/33


18/33


19/33


Example: Money Theft

Utilizing Debug Options


20/33


21/33


22/33


23/33


Example: Shutting Down a Site

Buffer overflow


24/33


25/33


26/33


27/33


28/33


29/33

29

How dowe protect

ourselves? VPN technologies

Access Control

Who can talk to us through the network?

Authentification

How do we know you're who you say youare?

Integrity

How can we guarantee that what wereceive is what you sent?

Confidentiality

How can we guarantee that no one elsecan read this information?


30/33

30

How dowe protect

ourselves? Intrusion Detection Systems

Suspicious Pattern Detection

Looks for known patterns of types of trafficthat are common to electronically "casingthe joint"

Bit Pattern Signature Detection

Looks for known signatures of attacks

Anomaly Detection - the AI approach

Monitors network for a period of time toestablish a statistical norm for traffic onthe network. Generates alarms whenabnormal traffic occurs


31/33

31

What do you dowhen

youve been hacked? Too big of a topic to go into here.... but

its a vital part of network security.

What can you do to ensure thecompromise has been abated?

How do you identify whats been

changed?

What did you lose?

What can you recover?


32/33

32

References

Hacking Exposed, Network SecuritySecrets and Solutions, Joel Scambray,Stuart McClure, and George Kurtz,Osborne/McGraw-Hill

Mastering Network Security, ChrisBrenton, Sybex Network Press

Maximum Security, A Hacker's Guideto Protecting Your Internet Site and

Network, Anonymous, SAMS

Secrets and Lies, Digital Security In ANetworked World, Bruce Schneier, JohnWiley and Sons


33/33

33

References

Reputable sites

www.hackingexposed.com

www.securityfocus.com

Questionable sites

www.because-we-can.com

www.digicrime.com www.insecure.org

Intro to Network Security_1

Documents