AHMAD MUAMMAR !(C)2011 | @Y3DIPS NETWORK SECURITY TEKNIS PELATIHAN KEAMANAN INFORMASI AHMAD MUAMMAR !(C)2011 | @Y3DIPS
May 18, 2015
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
NETWORK SECURITYTEKNIS PELATIHAN KEAMANAN INFORMASI
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AGENDA
NETWORK LAYER
INTERNET PROTOCOL
IPV 4
IPV 6
IPSEC
NETWORK PACKET INSPECTION
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AGENDA
ATTACKING IP V4
PASSIVE
ACTIVE
COMMON TYPES OF ATTACK + HANDS ON
EAVESDROPPING
SNIFFER ATTACK
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AGENDA
COMMON TYPES OF ATTACK
SPOOFING
TUNNELING
MAN-IN-THE-MIDDLE (MITM) ATTACK
DENIAL OF SERVICE ATTACK
DEFENCE
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
NETWORK LAYER
NO. 3 FROM OSI MODEL
PROVIDES THE FUNCTIONAL AND PROCEDURAL MEANS OF TRANSFERING VARIABLE LENGTH DATA SEQUENCES FROM SOURCE HOST TO A DESTINATION ON ONE NETWORK TO ANOTHER, WHILE MAINTAINING THE QOS REQUESTED BY TRANSPORT LAYER
FUCTION: PATH DETERMINATION AND LOGICAL ADRESSING; DATA UNIT : PACKET/DATAGRAM
IP (IPV4, IPV6), ICMP, IPSEC, IGMP, IPX, APPLE TALK
[1]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
OSI 7 LAYER
[1]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
INTERNET PROTOCOL
RESPONSIBLE FOR ADDRESSING HOSTS AND ROUTING DATAGRAM (PACKETS) FROM A SOURCE HOST TO DESTINATION HOST ACCROSS ONE OR MORE IP NETWORK.
[1]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
IPV4
FOURTH REVISION IN THE DEVELOPMENT OF IP AND THE FIRST VERSION OF THE PROTOCOL WIDELY DEPLOYED
CONNECTIONLESS, NOT GUARANTEE DELIVERY, NOT ASSURING PROPER SEQUENCE OR AVOIDANCE OF DUPLICATE DELIVERY,
32 BIT = 192.168.0.1
IPSEC IS OPTIONAL
[1]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
IPV 6
SUCCESSOR OF IPV4 WITH MORE “BETTER” IMPROVEMENTS
NEW PACKET HEADER
MULTICAST (MULTIPLE DESTINATION IN SINGLE OPERATION)
STATELESS ADDRESS AUTO CONFIGURATION
LARGER ADDRESS SPACE 128 BIT = 2001:0db8:85a3:0000:0000:8a2e:0370:7334
IPSEC SUPPORT IS MANDATORY
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
IPSEC
PROTOCOL SUITE FOR SECURING INTERNET PROTOCOL (IP) COMMUNICATIONS BY AUTHENTICATING AND ENCRYPTINH EACH IP PACKET OF A COMMUNICATION SESSION.
END-TO-END SECURITY SCHEME
PROTECT ANY APPLICATION TRAFFIC ACCROSS IP NETWORK
AUTHENTICATION HEADER (AH), ENCAPSULATING SECURITY PAYLOAD (ESP), SECURITY ASSOCIATIONS (SA)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
IPV4 V.S IPV6
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
NETWORK PACKET INSPECTION
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
HANDS ONWIRESHARK PACKET INSPECTION
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
ATTACKING IPV4
SECURITY ISSUE LIES ON INTERNET PROTOCOL (NETWORK LAYER), NO AUTH AND ENCRYPTION
IPSEC OPTIONAL
UPPER LAYER, CREATED WITHOUT SECURITY CONSIDERATIONS,
TCP PROTOCOLS: FTP, TELNET, SMTP, POP3
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
ATTACKING IPV4
PASSIVE : NETWORK PACKET INFORMATION MIGHT BE MONITORED;
ACTIVE: NETWORK PACKET INFORMATION IS ALTERED IN INTENT TO MODIFY, CORRUPT, OR DESTROY TEH DATA OR THE NETWORK.
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
EAVESDROPPING
THE MAJORITY OF NETWORK COMMUNICATIONS OCCUR IN UNSECURED OR “CLEARTEXT” FORMAT
THE ABILITY TO MONITOR THE NETWORK COMMUNICATION IS THE BIGGEST SECURITY PROBLEMS THAT WE’VE FACED
HUB NETWORK DEVICE, ACCESS TO THE GATEWAY/ROUTER DEVICE
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
SNIFFER ATTACK
SNIFFER IS AN APPLICATION OR DEVICE THAT CAN READ, MONITOR, AND CAPTURE NETWORK PACKET.
IF PACKET NOT ENCRYPTED THE ATTACKER CAN VIEW FULL DATA INSIDE THE PACKET
IF PACKET ENCRYPTED THE ATTACKER NEED TO CREATE/USE/HAVE A VALID KEY
TUNNEL ONLY PACKET CAN ALSO BE BROKEN OPEN AND READ
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
SNIFFER ATTACK
TCPDUMP
WIRESHARK (FORMERLY ETHEREAL)
ETTERCAP
CAIN AND ABEL
DSNIFF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
HANDS ONWIRESHARK RECOVERY
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
SPOOFING
SPOOF = MASQUEARADE[1]
IS A SITUATION IN WHICH A PROGRAM SUCCESSFULLY MASQUARADES AS ANOTHER BY FALSIFYING DATA AND THEREBY GAINING AN ILLEGITIMATE ADVANTAGE[2]
[1]: RFC4949[2]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
IPSPOOFING, E.G: MODIFY SOURCE ADDRESS
A COMMON MISCONCEPTION: IP SPOOFING CAN BE USED TO HIDE IP ADDRESS WHILE SURFING THE INTERNET, CHATTING, ON-LINE, AND SO FORTH. THIS IS GENERALLY NOT TRUE. FORGING THE SOURCES IP ADDRESS CAUSES THE RESPONSES TO BE MISDIRECTED, MEANING CANNOT CREATE NORMAL NETWORK CONNECTION.[1]
USUALLY COMBINE WITH NETWORK DOS/DDOS ATTACK
SPOOFING
[1]: ISS.NET
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
HANDS ONMAC SPOOFING
IFCONFIG (IFACE) HW ETHER (NEW MAC)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
TUNNELING
TUNNEL IS A COMMUNICATION CHANNEL CREATED IN A COMPUTER NETWORK BY ENCAPSULATING (I.E., LAYERING) A COMMUNICATION PROTOCOL’S DATA PACKETS IN (I.E., ABOVE) A SECOND PROTOCOL THAT NORMALLY WOULD BE CARRIED ABOVE, OR AT THE SAME LAYER AS, THE FIRST ONE. [1]
HTTP, SSH, DNS, ICMP
SSH FOO@DOO -D PORT
[1]: RFC4949
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
HANDS ONHTTP OVER SSH (SSH TUNNELING)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
MAN-IN-THE-MIDDLE
A FORM OF ATTACK IN WHICH THE ATTACKER MAKES INDEPENDENT CONNECTIONS WITH THE VICTIMS AND RELAYS MESSAGES BETWEEN THEM, MAKING THEM BELIEVE THAT THEY ARE TALKING DIRECTLY TO EACH OTHER , WHEN IN FACT THE ENTIRE CONVERSATION CONTROLLED BY THE ATTACKER.
ATTACKER IMPERSONATE EACH ENDPOINT TO THE SATISFACTION OF THE OTHER
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
MAN-IN-THE-MIDDLE
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
HANDS ONMAN-IN-THE-MIDDLE (MITM) USING CAIN ABEL
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
DENIAL OF SERVICE
THE PREVENTION OF AUTHORIZED ACCESS TO A SYSTEM RESOURCE OR THE DELAYING OF SYSTEM OPERATIONS AND FUNCTION. [1]
PING OF DEATH (ICMP FLOODING), SYNFLOOD
DISTRIBUTED DOS, BOT NET
[1]: RFC4949
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
DENIAL OF SERVICE
DOS ATTACKER MAY:
ATTEMPT TO FLOOD A NETWORK, THEREBY PREVENTING LEGITIMATE NETWORK TRAFFIC
ATTEMPT TO DISRUPT CONNECTIONS BETWEEN TWO MACHINES, THEREBY PREVENTING ACCESS TO SERVICE
ATTEMPT TO PREVENT PARTICULAR INDIVIDUAL FROM ACCESING A SERVICE
ATTEMPT TO DISRUPT SERVICE TO A SPECIFIC SYSTEM.
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
DENIAL OF SERVICE
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
HANDS ONEXAMPLE DOS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
DEFENCE
EDUCATE USER
USING IPSEC (IPV6)
IMPLEMENT BEST POLICY
CONFIGURING FIREWALL, IDS, IPS
REGULARLY AUDITS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
DISCUSSION
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
NETWORK SECURITYTEKNIS PELATIHAN KEAMANAN INFORMASI
AHMAD MUAMMAR !(C)2011 | @Y3DIPS