Network Security Group Members Jason Vaughan Anna Libman Daliah Stephan James Doliente Alan Yuen.

Network Security

Group Members

Jason VaughanAnna Libman

Daliah StephanJames Doliente

Alan Yuen

Content

• Types of attackers• Attacks requiring protection• IT response to intrusions• Wireless network security• VPN• Hardware firewall• Software firewall

Types of attackers• Wizard Internet Hackers

– Highly capable attackers

• Amateurs • Criminals

– Theft of credit card numbers, trade secrets, and other sensitive information

– Sell the information or attempt extortion to prevent the release of the information

– Industrial and government espionage spies

• Employees

– Dangerous because of internal knowledge and access

• Information Warfare and Cyber terrorism

– Massive attack by a government or terrorist group against a country’s IT infrastructure

Attacks requiring protection• Hacking Servers - Attractive because of the data they store

• Hacking Clients - Attractive because of their data or as a way to attack other systems by using the hacked client as an attack platform

• Denial-of-Service (DoS) Attacks

– Make the system unavailable (crash it or make it run very slowly) by sending one message or a stream of messages. Loss of availability

• Scanning Attacks– Attacker sends messages to select victims and attack methods

– Examines data that responses reveal• IP addresses of potential victims• Host’s operating system, version number, etc.

• Malicious Content– Viruses - Infect files; propagate by executing infected program -

Payloads may be destructive

– Illegal content: pornography, sexual or racial harassment

– Spam (unsolicited commercial e-mail)

IT Response to Intrusion

• Inspect systems to determine damage

• Remove hostile or destructive code

• Reload necessary operating system software

• Restore configurations

• Restore and test operations

• Patch system to reduce vulnerability

• Inspect files to determine damage

• Restore files from backup if necessary

• Confirm with users that data is restored

Wireless network security

• Attackers can lurk outside your premises.• The range of an access point often

extends further than your own household.• A passer-by or neighbor could be within

connection range. • By default, security on 802.11 WLAN NICs

and access points is turned off, making external attacks possible.

Ways to Protect Wireless Network

• Disable SSID Broadcasting.

• Use (WEP) Encryption.

• Control Access by MAC & IP Addresses.

• Minimize the Range of your Access Point.

Disable SSID Broadcasting

• Access points send out a SSID that can be detected by wireless clients.

• SSID identifies the name of the network and essentially invites wireless cards within range to join the network.

• Unless the other person knows your network name, your wireless network is practically invisible when SSID broadcasting is disabled.

• When you disable broadcasting, you must configure each wireless client with the exact name of the network.

Disable SSID Broadcasting

Use (WEP) Encryption

• Most access points offer at least 64-bit WEP key encryption, and some offer 128-bit encryption.

• Wired Equivalent Privacy (WEP) can be penetrated by determined hackers.

• WEP will prevent casual "packet sniffers" from intercepting wireless data packets floating around on your network.

• WEP wraps data packets using obscure ciphering algorithms based on an electronic key, a series of alphanumerical or hexadecimal characters.

• The receiving system must have a matching key in order to decipher the data packet.

Use WEP Encryption

Control Access by MAC & IP Addresses

• Each network adapter has a MAC address that uniquely identifies that device on the network.

• Most access points allow you to limit which MAC addresses can access the network.

• If DHCP services are enabled, you may also restrict access based on IP addressing.

• You can limit the number of simultaneous DHCP clients to match the number of systems you use on your network.

• Configure each client manually with a static (permanent) IP address and allow access only for those particular addresses.

Control Access by MAC & IP Addresses

Minimize the range of your Access Point

• Place the access point in a central location. • Minimize coverage outside of your property.

• Optimal spot is normally near the center of your property and near ground level.

New Security Technology

• Wi-Fi Protected Access (WPA) – New wireless network security

protocol, IEEE 802.11i – Will boost security and allow for

easier configuration.– Overcomes limitations of WEP.

VPN

• Virtual Private Network:

Definition: a way to simulate a private network over a public network (Internet).

Allow creation of a secure, private network over a public network such as the Internet.

IPSec is the mostly used protocols for VPN. IPSec technology is based on modern

cryptographic technologies, making very strong data authentication and privacy guarantees possible.

VPN (Cont.)

• Advantages of VPN:

Lower cost Remote access Platform independent Can be used both as extranet and intranet

VPN (Cont.)

• Disadvantages of VPN:

Inconsistent remote access performance due to changes in Internet connectivity.

No entrance into the network if the Internet connection is broken.

VPN (Cont.)

SBC Network

Focal'sWAN

CISCOSYSTEMS

CISCOSYSTEMS

CISCOSYSTEMS

CISCOSYSTEMS

CISCOSYSTEMS

Gateway

Houston

Chicago

Atlanta

New YorkInternet

CorporateOffice

CISCOSYSTEMSInternet Router

Firewall 1

192.168.20.0

PBX

192.168.20.1

10.10.10.254

OTM ServerCall Accounting

Call PilotVoice Mail

30.18.20.0

192.194.1.1192.194.2.1192.194.4.1192.194.5.1

1.2

2.2

4.2

5.2

192.158.1.1

192.168.21.1

192.158.2.1192.168.22.1

192.158.4.1192.168.24.1

192.158.5.1192.168.25.1

29 20

200

??

RAS Microsoft NT

User

PRI23v 1D

VPN

Hardware Firewall

• What is it?• What it does.• An example.• Firewall use.• What it protects you from.

Hardware Firewall (Cont.)

• What is it?

It is just a software firewall running on a dedicated piece of hardware or specialized device.

Basically, it is a barrier to keep destructive forces away from your property.

You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.

Hardware Firewall (Cont.)

• What it does !

It is a hardware device that filters the information coming through the Internet connection into your private network or computer system.

An incoming packet of information is flagged by the filters, it is not allowed through.

Hardware Firewall (Cont.)

• An example !

Hardware Firewall (Cont.)

• Firewalls use:

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

– Packet filtering – Proxy service– State-full inspection

Hardware Firewall (Cont.)

• Packet filtering - Packets are analyzed against a set of filters.

• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

• State-full inspection – It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.

Hardware Firewall (Cont.)• What it protects you from:

– Remote logins– Application backdoors– SMTP session hijacking– E-mail Addresses– Spam– Denial of service– E-mail bombs E-mail sent 1000’s of times till mailbox is full Macros Viruses

Software Firewall• What it is?

– Also called Application Level Firewalls– It is firewall that operate at the Application

Layer of the OSI– They filter packets at the network layer – It Operating between the Datalink Layer and

the Network Layer – It monitor the communication type (TCP, UDP,

ICMP, etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.

Software Firewall (Cont.)• How does software firewall

works ?

Software Firewall (Cont.)

• Benefit of using application firewalls:

– allow direct connection between client and host– ability to report to intrusion detection software – equipped with a certain level of logic– Make intelligent decisions– configured to check for a known Vulnerability– large amount of logging

Software Firewall (Cont.)

• Benefit of application firewalls (Cont.)

easier to track when a potential vulnerability

happens protect against new vulnerabilities before they

are found and exploited ability to "understand" applications specific

information structure Incoming or outgoing packets cannot access

services for which there is no proxy

Software Firewall (Cont.)

• Disadvantage of Firewall:

slow down network access dramatically more susceptible to distributed denial of service

(DDOS) attacks. not transparent to end users require manual configuration of each client

computer

Top Picks Personal Firewalls

• Norton Personal Firewall • ZoneAlarm Free/Plus/Pro

Conclusion