Network security

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

NETWORK SECURITYTEKNIS PELATIHAN KEAMANAN INFORMASI



AGENDA

NETWORK LAYER

INTERNET PROTOCOL

IPV 4

IPV 6

IPSEC

NETWORK PACKET INSPECTION


AGENDA

ATTACKING IP V4

PASSIVE

ACTIVE

COMMON TYPES OF ATTACK + HANDS ON

EAVESDROPPING

SNIFFER ATTACK


AGENDA

COMMON TYPES OF ATTACK

SPOOFING

TUNNELING

MAN-IN-THE-MIDDLE (MITM) ATTACK

DENIAL OF SERVICE ATTACK

DEFENCE


NETWORK LAYER

NO. 3 FROM OSI MODEL

PROVIDES THE FUNCTIONAL AND PROCEDURAL MEANS OF TRANSFERING VARIABLE LENGTH DATA SEQUENCES FROM SOURCE HOST TO A DESTINATION ON ONE NETWORK TO ANOTHER, WHILE MAINTAINING THE QOS REQUESTED BY TRANSPORT LAYER

FUCTION: PATH DETERMINATION AND LOGICAL ADRESSING; DATA UNIT : PACKET/DATAGRAM

IP (IPV4, IPV6), ICMP, IPSEC, IGMP, IPX, APPLE TALK

[1]: WIKIPEDIA.ORG


OSI 7 LAYER

[1]: WIKIPEDIA.ORG


INTERNET PROTOCOL

RESPONSIBLE FOR ADDRESSING HOSTS AND ROUTING DATAGRAM (PACKETS) FROM A SOURCE HOST TO DESTINATION HOST ACCROSS ONE OR MORE IP NETWORK.

[1]: WIKIPEDIA.ORG


IPV4

FOURTH REVISION IN THE DEVELOPMENT OF IP AND THE FIRST VERSION OF THE PROTOCOL WIDELY DEPLOYED

CONNECTIONLESS, NOT GUARANTEE DELIVERY, NOT ASSURING PROPER SEQUENCE OR AVOIDANCE OF DUPLICATE DELIVERY,

32 BIT = 192.168.0.1

IPSEC IS OPTIONAL

[1]: WIKIPEDIA.ORG


IPV 6

SUCCESSOR OF IPV4 WITH MORE “BETTER” IMPROVEMENTS

NEW PACKET HEADER

MULTICAST (MULTIPLE DESTINATION IN SINGLE OPERATION)

STATELESS ADDRESS AUTO CONFIGURATION

LARGER ADDRESS SPACE 128 BIT = 2001:0db8:85a3:0000:0000:8a2e:0370:7334

IPSEC SUPPORT IS MANDATORY


IPSEC

PROTOCOL SUITE FOR SECURING INTERNET PROTOCOL (IP) COMMUNICATIONS BY AUTHENTICATING AND ENCRYPTINH EACH IP PACKET OF A COMMUNICATION SESSION.

END-TO-END SECURITY SCHEME

PROTECT ANY APPLICATION TRAFFIC ACCROSS IP NETWORK

AUTHENTICATION HEADER (AH), ENCAPSULATING SECURITY PAYLOAD (ESP), SECURITY ASSOCIATIONS (SA)


IPV4 V.S IPV6


NETWORK PACKET INSPECTION


HANDS ONWIRESHARK PACKET INSPECTION



ATTACKING IPV4

SECURITY ISSUE LIES ON INTERNET PROTOCOL (NETWORK LAYER), NO AUTH AND ENCRYPTION

IPSEC OPTIONAL

UPPER LAYER, CREATED WITHOUT SECURITY CONSIDERATIONS,

TCP PROTOCOLS: FTP, TELNET, SMTP, POP3


ATTACKING IPV4

PASSIVE : NETWORK PACKET INFORMATION MIGHT BE MONITORED;

ACTIVE: NETWORK PACKET INFORMATION IS ALTERED IN INTENT TO MODIFY, CORRUPT, OR DESTROY TEH DATA OR THE NETWORK.


EAVESDROPPING

THE MAJORITY OF NETWORK COMMUNICATIONS OCCUR IN UNSECURED OR “CLEARTEXT” FORMAT

THE ABILITY TO MONITOR THE NETWORK COMMUNICATION IS THE BIGGEST SECURITY PROBLEMS THAT WE’VE FACED

HUB NETWORK DEVICE, ACCESS TO THE GATEWAY/ROUTER DEVICE


SNIFFER ATTACK

SNIFFER IS AN APPLICATION OR DEVICE THAT CAN READ, MONITOR, AND CAPTURE NETWORK PACKET.

IF PACKET NOT ENCRYPTED THE ATTACKER CAN VIEW FULL DATA INSIDE THE PACKET

IF PACKET ENCRYPTED THE ATTACKER NEED TO CREATE/USE/HAVE A VALID KEY

TUNNEL ONLY PACKET CAN ALSO BE BROKEN OPEN AND READ


SNIFFER ATTACK

TCPDUMP

WIRESHARK (FORMERLY ETHEREAL)

ETTERCAP

CAIN AND ABEL

DSNIFF


HANDS ONWIRESHARK RECOVERY



SPOOFING

SPOOF = MASQUEARADE[1]

IS A SITUATION IN WHICH A PROGRAM SUCCESSFULLY MASQUARADES AS ANOTHER BY FALSIFYING DATA AND THEREBY GAINING AN ILLEGITIMATE ADVANTAGE[2]

[1]: RFC4949[2]: WIKIPEDIA.ORG


IPSPOOFING, E.G: MODIFY SOURCE ADDRESS

A COMMON MISCONCEPTION: IP SPOOFING CAN BE USED TO HIDE IP ADDRESS WHILE SURFING THE INTERNET, CHATTING, ON-LINE, AND SO FORTH. THIS IS GENERALLY NOT TRUE. FORGING THE SOURCES IP ADDRESS CAUSES THE RESPONSES TO BE MISDIRECTED, MEANING CANNOT CREATE NORMAL NETWORK CONNECTION.[1]

USUALLY COMBINE WITH NETWORK DOS/DDOS ATTACK

SPOOFING

[1]: ISS.NET


HANDS ONMAC SPOOFING

IFCONFIG (IFACE) HW ETHER (NEW MAC)



TUNNELING

TUNNEL IS A COMMUNICATION CHANNEL CREATED IN A COMPUTER NETWORK BY ENCAPSULATING (I.E., LAYERING) A COMMUNICATION PROTOCOL’S DATA PACKETS IN (I.E., ABOVE) A SECOND PROTOCOL THAT NORMALLY WOULD BE CARRIED ABOVE, OR AT THE SAME LAYER AS, THE FIRST ONE. [1]

HTTP, SSH, DNS, ICMP

SSH FOO@DOO -D PORT

[1]: RFC4949


HANDS ONHTTP OVER SSH (SSH TUNNELING)



MAN-IN-THE-MIDDLE

A FORM OF ATTACK IN WHICH THE ATTACKER MAKES INDEPENDENT CONNECTIONS WITH THE VICTIMS AND RELAYS MESSAGES BETWEEN THEM, MAKING THEM BELIEVE THAT THEY ARE TALKING DIRECTLY TO EACH OTHER , WHEN IN FACT THE ENTIRE CONVERSATION CONTROLLED BY THE ATTACKER.

ATTACKER IMPERSONATE EACH ENDPOINT TO THE SATISFACTION OF THE OTHER


MAN-IN-THE-MIDDLE


HANDS ONMAN-IN-THE-MIDDLE (MITM) USING CAIN ABEL



DENIAL OF SERVICE

THE PREVENTION OF AUTHORIZED ACCESS TO A SYSTEM RESOURCE OR THE DELAYING OF SYSTEM OPERATIONS AND FUNCTION. [1]

PING OF DEATH (ICMP FLOODING), SYNFLOOD

DISTRIBUTED DOS, BOT NET

[1]: RFC4949


DENIAL OF SERVICE

DOS ATTACKER MAY:

ATTEMPT TO FLOOD A NETWORK, THEREBY PREVENTING LEGITIMATE NETWORK TRAFFIC

ATTEMPT TO DISRUPT CONNECTIONS BETWEEN TWO MACHINES, THEREBY PREVENTING ACCESS TO SERVICE

ATTEMPT TO PREVENT PARTICULAR INDIVIDUAL FROM ACCESING A SERVICE

ATTEMPT TO DISRUPT SERVICE TO A SPECIFIC SYSTEM.


DENIAL OF SERVICE


HANDS ONEXAMPLE DOS



DEFENCE

EDUCATE USER

USING IPSEC (IPV6)

IMPLEMENT BEST POLICY

CONFIGURING FIREWALL, IDS, IPS

REGULARLY AUDITS


DISCUSSION



NETWORK SECURITYTEKNIS PELATIHAN KEAMANAN INFORMASI


Network security

Technology

middle ahmad muammar

orgahmad muammar

pop3 ahmad muammar

rfc4949 ahmad muammar

abeldsniffahmad muammar

otherahmad muammar

mandatoryahmad muammar

open andread ahmad muammar