Security Management. 08: Technical Safeguards. Mathias Fischer Summer term 2017
|
|
- Derrick Anthony
- 5 years ago
- Views:
Transcription
1 Mathias Fischer Summer term 2017 Security Management 08: Technical Safeguards (Acknowledgement: Parts of these slides have been prepared by Prof. Dr. Günter Schäfer) 1
2 Cyber Attacks - Numbers Source: Cyber-attacks on critical infrastructures in the US 2
3 Cyber Attacks - Targets 3 3
4 Time to Discovery of Attacks Time to Discovery Seconds Minutes Hours Days Months Years 2014 [Man2015] 205 median number of days that threat groups were present in victim s network before detection Longest Presence: 2982 days 31% victims discovered breach internally 69% victims notified by external entity 4
5 Security Process and Tools Firewalls SIEM and Intrusion Prevention Systems (IPS) Secure system design & classic IT-Security Prevention Intrusion Detection Systems (IDS) Netflow analyzer Honeypots Patching Recovery Security Management Detection Reaction Vulnerability Scanner 5
6 Introduction to Network Firewalls (1) In building construction, a firewall is designed to keep a fire from spreading from one part of the building to another A network firewall, however, can be better compared to a moat of a medieval castle: It restricts people to entering at one carefully controlled point It prevents attackers from getting close to other defenses It restricts people to leaving at one carefully controlled point Usually, a network firewall is installed at a point where the protected subnetwork is connected to a less trusted network: Example: Connection of a corporate local area network to the Internet Internet Firewall So, basically firewalls realize access control on the subnetwork level 6
7 What firewalls can do A firewall is a focus for security decisions A firewall can enforce a security policy, i.e. concerning access control A firewall can log Internet activity efficiently A firewall can limit exposure to security problems in one part of a network 7
8 What firewalls cannot do A firewall can t protect against malicious insiders A firewall can t protect against connections that don t go through it If, for example, there is a modem pool behind a firewall that provides PPP service to access a subnetwork, the firewall can not provide any protection against malicious traffic from dial-in users A firewall can t protect against completely new threats A firewall can t fully protect against viruses A firewall can t set itself up correctly ( cost of operation) 8
9 Two Fundamental Approaches Regarding Firewall Policy Default deny strategy: Everything that is not explicitly permitted is denied Examine the services the users of the protected network need Consider the security implications of these services and how the services can be safely provided Allow only those services that can be safely provided and for which there is a legitimate need Deny any other service Default permit strategy: Everything that is not explicitly forbidden is allowed Permit every service that is not considered dangerous Example: Network file system (NFS) and X-Windows is not permitted across the firewall Incoming ssh connections are only allowed to one specific host 9
10 What Internet Services & Protocols are to be Considered? Electronic mail: simple mail transfer protocol (SMTP) File exchange: file transfer protocol (FTP), network file system (NFS) Remote terminal access and command execution: telnet, rlogin, ssh Usenet news: network news transfer protocol (NNTP) World wide web: hypertext transfer protocol (HTTP) Information about people: finger Real-time conferencing services: CUseeMe, Netmeeting, Netscape conference, MBone tools,... Name services: domain name service (DNS) Network management: simple network management protocol (SNMP) Time service: network time protocol (NTP) Window systems: X-Windows Printing systems: line printing protocols (LPR/LPD) 10
11 Some Background on Internet Services, IP, TCP & UDP Internet services are usually realized with client and server programs and application protocols that are run by those programs The application protocol data units are most often transported in either segments of a TCP connection or UDP datagrams The TCP segments / UDP datagrams are transported in IP packets which themselves are transported in the PDUs of the data link technology used on the links between source and destination Examples: Ethernet, FDDI, ATM, etc. Addressing of application processes is realized by tuples: Source IP address, source port Destination IP address, destination port Application Protocol TCP A port is a two-byte number that identifies what application process the application PDU is coming from / going to IP UDP Access Protocol 11
12 Example: An IP Packet Carrying a TCP Segment IP Header TCP Header Ver. IHL TOS Length IP Identification Flags Fragment Offset TTL Protocol IP Checksum Source Address Destination Address IP Options (if any) Source Port Destination Port Sequence Number Request Number Offset Reserv. Control Window Checksum Urgent Pointer TCP Options (if any) Payload Payload (Including Application PDU Header) 12
13 Protocol Fields Important for Firewalls (1) Access Protocol Network Layer Protocol: IP Access Protocol Addresses: Ethernet MAC Address, E.164 Address, etc. These addresses either refers to the final source / destination or the addresses of intermediate nodes of this link IP Source address Destination address Flags, especially the indication of an IP fragment Protocol type: TCP, UDP, ICMP,... Options: Source routing: the sender explicitly specifies the route an IP packet will take as this is often used for attacks most firewalls discard these packets In general, IP options are rarely used 13
14 Protocol Fields Important for Firewalls (2) TCP: Source Port, Destination Port: Evaluation of source and destination ports allow to determine (with a limited degree of confidence) the sending / receiving application, as most Internet services use wellknown port numbers Control: ACK: this bit is set in every segment but the very first one transmitted in a TCP connection, it therefore helps to identify connection requests SYN: this bit is only set in the first two segments of a connection, so it can be used to identify connection confirmations RST: if set this bit indicates an ungraceful close of a connection, it can be used to shut peers up without returning helpful error messages Application Protocol: In some cases a firewall might even need to peek into application protocol header fields However, as this is application-dependent this class will not go into detail... 14
15 Firewall Terminology & Building Blocks for Firewalls (1) Firewall: A component or a set of components that restricts access between a protected network and the Internet or between other sets of networks Packet Filtering: Action a device takes to selectively control the flow of data to and from a network Packet filtering is an important technique to implement access control on the subnetworklevel for packet oriented networks, e.g. the Internet A synonym for packet filtering is screening Bastion Host: A computer that must be highly secured because it is more vulnerable to attacks than other hosts on a subnetwork A bastion host in a firewall is usually the main point of contact for user processes of hosts of internal networks with processes of external hosts Dual homed host: A general purpose computer with at least two network interfaces 15
16 Firewall Terminology & Building Blocks for Firewalls (2) Proxy: A program that deals with external servers on behalf of internal clients Proxies relay approved client requests to real servers and also relay the servers answers back to the clients If a proxy interprets and understands the commands of an application protocol it is called an application level proxy, if it just passes the PDUs between the client and the server it is called a circuit level proxy Network Address Translation (NAT): A procedure by which a router changes data in packets to modify the network addresses This allows to conceal the internal network addresses (even though NAT is not actually a security technique) Perimeter Network: A subnetwork added between an external and an internal network, in order to provide an additional layer of security A synonym for perimeter network is de-militarized zone (DMZ) 16
17 Firewall Architectures (1) The Simple Packet Filter Architecture Firewall Internet Packet Filtering Router Denied Traffic Permitted Traffic The most simple architecture just consists of a packet filtering router It can be either realized with: A standard workstation, e.g., Linux PC, with at least two network interfaces plus routing and filtering software A dedicated router device, which usually also offers filtering capabilities 17
18 Firewall Architectures (2) The Dual-Homed Host Architecture Firewall Internet Dual-Homed Bastion Host The dual-homed host provides: Proxy services to internal and / or external clients Potentially packet filtering capabilities if it is also acting as a router Properties of the dual-homed host: It has at least two network interfaces Drawback: As all permitted traffic passes through the bastion host, this might introduce a performance bottleneck 18
19 Firewall Architectures (3) The Screened Host Architecture Firewall Internet Bastion Host Packet filter: Allows permitted IP traffic to flow between screened host and Internet Blocks all direct traffic between other internal hosts and Internet Screened host provides proxy services: Despite partial protection by the packet filter the screened host acts as a bastion host 19
20 Firewall Architectures (4) The Screened Subnet Architecture Firewall Internet Bastion Host A perimeter network is created between two packet filters Inner packet filter serves for additional protection in case the bastion host is ever compromised: For example, this avoids a compromised bastion host to sniff on internal traffic Perimeter network is also a good place to host a publicly accessible information server, e.g., a www-server 20
21 Firewall Architectures (5) The Split Screened Subnet Architecture Firewall Internet Dual-Homed Bastion Host A dual-homed bastion host splits perimeter network in two distinct networks This provides defense in depth, as: Dual-homed bastion host provides finer control on the connections as his proxy services are able to interpret application protocols Bastion host is protected from external hosts by an outer packet filter Internal hosts are protected from bastion host by an inner packet filter 21
22 Packet Filtering (1) What can be done with packet filtering? Theoretically speaking everything, as all information exchanged in a communication relation is transported via packets In practice, however, the following observations serve as a guide: Operations that require quite detailed knowledge of higher layer protocols or prolonged tracking of past events are easier to realize in proxy systems Operations that are simple but need to be done fast and on individual packets are easier to do in packet filtering systems Basic packet filtering enables to control data transfer based on: Source IP Address Destination IP Address Transport protocol Source and destination application port Potentially, specific protocol flags (e.g. TCP s ACK- and SYN-flag) The network interface a packet has been received on 22
23 Packet Filtering (2) More elaborate packet filtering: Stateful or dynamic packet filtering: Example 1: Let incoming UDP packets through only if they are responses to outgoing UDP packets that have been observed Example 2: Accept TCP packets with SYN bit set only as part of TCP connection initiation Protocol checking: Example 1: Let in packets bound for the DNS port, but only if they are formatted like DNS packets Example 2: Do not allow HTTP transfers to these sites However, more elaborate packet filtering consumes more resources! Actions of a packet filter: Pass the packet Drop the packet Potentially, log the passed or dropped packet (entirely or parts of it) Potentially, pass an error message to the sender (may help attacker!) 23
24 Specifying Packet Filtering Rules As a packet filter protects one part of a network from another one, there is an implicit notion of the direction of traffic flow: Inbound: traffic is coming from an interface which is outside protected network and its destination can be reached on an interface which is connected to protected network Outbound: opposite of inbound For every packet filtering rule this direction is specified as either inbound, outbound, or either Source and destination address specifications can make use of wildcards, e.g *.* denotes all addresses starting with In our examples, we denote often simply denote addresses as internal or external when we want to leave exact network topology out of account For source and destination ports we sometimes write ranges, e.g. >1023 We assume filtering rules to be applied in the order of specification, that means the first rule that matches a packet is applied 24
25 An Example Packet Filtering Ruleset (1) Rule Direction Src. Addr. Dest. Addr. Protocol Src. Port Dest. Port ACK Action A Inbound External Internal TCP 25 Permit B Outbound Internal External TCP >1023 Permit C Outbound Internal External TCP 25 Permit D Inbound External Internal TCP >1023 Permit E Either Any Any Any Any Deny This first ruleset aims to specify, that incoming and outgoing should be only allowed traffic into and out of a protected network is relayed between two servers by transferring it to an SMTP-daemon on target server (server port 25, client port > 1023) Rule A allows incoming to enter the network and rule B allows acknowledgements to exit network Rules C and D are analogous for outgoing Rule E denies all other traffic 25
26 An Example Packet Filtering Ruleset (2) Consider, for example, a packet which wants to enter the protected subnet and has a forged IP source address from the internal network: As all allowed inbound packets must have external source and internal destination addresses (A, D) this packet is successfully blocked Same holds for outbound packets with external source addresses (B, C) Consider now telnet traffic: As a telnet server resides usually at port 23, and all allowed inbound traffic must be either to port 25 or to a port number > 1023, incoming packets to initiate an incoming telnet connection are successfully blocked Same holds for outgoing telnet connections However, the ruleset is flawed as, for example, it does not block the X11-protocol for remote operation of X-Windows applications: An X11-server usually listens at port 6000, clients use port numbers > 1023 Thus, an incoming X11-request is not blocked (B), neither is any answer (D) This is highly undesirable, as the X11-protocol offers many vulnerabilities to an attacker, like reading and manipulating the display and keystrokes 26
27 An Example Packet Filtering Ruleset (3) Rule Direction Src. Addr. Dest. Addr. Protocol Src. Port Dest. Port ACK Action A Inbound External Internal TCP > Permit B Outbound Internal External TCP 25 >1023 Permit C Outbound Internal External TCP > Permit D Inbound External Internal TCP 25 >1023 Permit E Either Any Any Any Any Any Deny Above flaw can be fixed by including source ports into ruleset specification: As now outbound traffic to ports >1023 is allowed only if the source port is 25 (B), traffic from internal X-clients or -servers (port >1023) will be blocked Same holds for inbound traffic to ports >1023 (D) However, it can not be assumed for sure, that an attacker will not use port 25 for his attacking X-client: In this case the above filter will let the traffic pass 27
28 An Example Packet Filtering Ruleset (4) Rule Direction Src. Addr. Dest. Addr. Protocol Src. Port Dest. Port ACK Action A Inbound External Internal TCP > Any Permit B Outbound Internal External TCP 25 >1023 Yes Permit C Outbound Internal External TCP > Any Permit D Inbound External Internal TCP 25 >1023 Yes Permit E Either Any Any Any Any Any Any Deny This problem can be addressed by also specifying TCP s ACK-bit in rules B and D: As the ACK-bit is required to be set in rule B, it is not possible to open a new TCP connection in the outbound direction to ports >1023, as TCP s connect-request is signaled with the ACK-bit not set Same holds for the inbound direction, as rule D requires the ACK bit to be set As a basic rule, any filtering rule that permits incoming TCP packets for outgoing connections should require ACK-bit be set 28
29 An Example Packet Filtering Ruleset (5) Rule Direction Src. Addr. Dest. Addr. Protocol Src. Port Dest. Port ACK Action A Inbound External Bastion TCP > Any Permit B Outbound Bastion External TCP 25 >1023 Yes Permit C Outbound Bastion External TCP > Any Permit D Inbound External Bastion TCP 25 >1023 Yes Permit E Either Any Any Any Any Any Any Deny If firewall comprises a bastion host, packet filtering rules should further restrict traffic flow ( screened host architecture): As in the modified rules above only traffic between the Internet and bastion host is allowed, external attackers can not attack SMTP on arbitrary internal hosts any longer In screened subnet firewall, two packet filtering routers are set up: one for traffic allowed between Internet and bastion host, and one for traffic allowed between bastion host and internal network 29
30 Bastion Hosts (1) A bastion host is defined as a host that is more exposed to the hosts of an external network than other hosts of network it protects A bastion host may serve for different purposes: Packet filtering Providing proxy services A combination of both Principles for building a bastion hosts are extensions of those for securing any mission critical host: Keep it simple Prepare for bastion host to be compromised: Internal hosts should not trust it any more than is absolutely required If possible, it should be connected in a way to the network so that it can not sniff on internal traffic Provide extensive logging for incident detection / analysis, if possible such that it can not be easily tampered with even when the host is compromised 30
31 Bastion Hosts (2) Further Guidelines Make the bastion host unattractive: Slower machines are less appealing targets and are less useful if compromised However, if the bastion host offers some resource consuming service, e.g. WWW-service, it may be wiser not to make it too slow The fewer tools are available on the bastion host, the less useful the machine is to an attacker Get a reliable hardware configuration (no leading / bleeding edge) The bastion host should be placed at a physically secure location Disable any user accounts on the bastion host Secure the system logs (by writing them directly to a printer or even better using the printer port to a dedicated PC which is not networked) Do regular backups of the system logs and the configuration (using a dedicated backup device) Monitor the machine closely (reboots, usage / load patterns, etc.) If possible, restore machine regularly from a prepared installation 31
32 Proxy Services Proxying provides access to a specific Internet service for a single host, while appearing to provide it for all hosts of a protected network Candidate services for proxying: FTP, Telnet, DNS, SMTP, HTTP Proxy servers usually run on (possibly dual-homed) bastion hosts The use of a proxy service usually leads to the following situation: User of a proxy service has the illusion of exchanging data with the actual server host Actual server has the illusion of exchanging data with the proxy host To instruct proxy service to which server it should connect to, one of the following approaches can be taken: Proxy-aware user procedures Proxy-aware client software Proxy-aware operating system Proxy-aware router 32
33 Goal of Intrusion Detection Systems Overall goal: Supervision of computer systems and communication infrastructures in order to detect intrusions and misuse Why detection of attackers? Full protection is usually not possible! Security measures too expensive or with too low flexibility, e.g., not possible to build every functionality in ASICs Wrong postulates about capabilities of attackers (NSA?) Unpatched systems for compliance reasons (medical systems etc.) What can be attained with intrusion detection? Detection of attacks and attackers Detection of system misuse (includes misuse by legitimate users) 33
34 Possibilities of Intrusion Detection Systems Using detection system only makes sense if there are consequences! Possible goals Limitation of damage if (automated) response mechanisms exist Gain of experience to recover from attack, improve preventive measures Deterrence of other potential attackers (if and only if police is able to arrest them!) Prevention Detection IDS is a fraction of this step! IDS + Firewalls = Intrusion Prevention Systems (IPS) PDRR Process Recovery Reaction 34
35 Schematic Overview of Intrusion Detection Reaction Alarm Events Audit Audit Log Analysis Response System IDS 35 35
36 Tasks of an Intrusion Detection System Audit: Recording of all security relevant events of a supervised system Preprocessing and management of recorded audit data Detection: Automatic analysis of audit data Principle Approaches: Misuse detection (signature analysis, also called knowledge-based intrusion detection) Anomaly detection Response: Reporting of detected attacks (alarms) Potentially also initiating countermeasures (reaction) 36
37 Classification of IDS (1) Scope Host-based: analysis of system events Network-based: analysis of exchanged information (IP packets) Hybrid: combined analysis of system events and network traffic Time of analysis Post mortem analysis Online analysis Detection mechanism Signature-based Anomaly-based 37
38 Types of IDS (1) - Host Intrusion Detection Systems (HIDS) Works on information available on a system, e.g., OS-Logs, application-logs, timestamps Can easily detect attacks by insiders, as modification of files, illegal access to files, installation of Trojans or rootkits Problems: has to be installed on every system produces lots of information often no real-time-analysis but predefined time intervals hard to manage a large number of systems 38
39 Types of IDS (2) - Network Intrusion Detection System (NIDS) Works on information provided by the network, mainly packets sniffed from network layer. Existing systems use combination of signature detection, protocol decoding, statistical anomaly analysis Can detect DoS with buffer overflow attacks, invalid packets, attacks on application layer, DDoS, spoofing attacks, port scans Often used on network hubs to monitor a segment of the network 39
40 Scope: IDS Placement Internet Monitors all incoming traffic High load High rate of false alarms Monitors all traffic to and from systems in the DMZ Reduced amount of Data Can only detect Intrusions on these Computers Monitors all traffic within the corporate LAN Possible detection of misuse by insiders Possible detection of intrusion via mobile machines (notebooks...) DMZ LAN 40
41 Recording Audit Data Recording audit data is an elementary security function: Recording security relevant events Collects the input of intrusion detection and response mechanisms Can be seen as the sensory apparatus for reactive defense Audit data delivers information on: who accessed when, where and how whose and which resource? Audit data requires integrity protection: Otherwise, an attacker could wipe out traces of intrusive behavior 41
42 Types of Audit Data Events recorded in a computer system: Opening of files Execution of programs Detected access violation Failed password verification etc. Events recorded in a network: Connection establishment and release Packets transferred from / to specific systems / ports Specific signaling events, e.g. ICMP network unreachable message, etc. Application specific events: Have to be programmed for a specific application Events are application specific and indicate security relevant activities 42
43 Requirements to Intrusion Detection Systems High accuracy (= low rate of false positives and false negatives, see also next slide) Easy to integrate into a system / network Easy to configure & maintain Autonomous and fault tolerant operation Low resource requirements Self protection, so that an IDS itself can not easily be deactivated by a deliberate attack (to conceal subsequent attacks) 43
44 Normal Detection Anomalous Detection Quality False alarm: Corresponds to an anomalous event that is inoffensive False Positive True Positive Successful detection of attacks Harmless event that was successfully labeled as normal True Negative Harmless False Negative Attacks that were not detected Event Nature Source: [ET04] 44
45 Signature Detection Basic idea: Some attack patterns can be described with sufficient detail specification of attack signatures Event audit analyzed if it contains known attack signatures Identifying attack signatures: Analyzing vulnerabilities Analyzing past attacks that have been recorded in audit Specifying attack signatures: Based on identified knowledge so-called rules describing attacks are specified Most IDS offer specification techniques for describing rules Drawbacks of signature-based detection: Requires prior knowledge of potential attacks Signature database requires continuous updating High rate of false negatives if signature database is not up to date 45
46 Signature Detection Example: Snort (1) Network IDS and intrusion prevention system Analysis of IP packets in real time Mainly signature based, each intrusion needs a predefined rule alert tcp $HOME_NET any -> any 9996 \ (msg:"sasser ftp script to transfer up.exe"; \ content:" 5F75702E "; depth:250; flags:a+; classtype: misc-activity; \ sid: ; rev:3) Three step processing of captured information (capturing is done by libpcap): Preprocessing (normalized and reassembled packets) Detection Engine works on the data and decides what action should be taken Action is taken (log, alert, pass) 46
47 Anomaly Detection (1) Basic idea detect behavior that differs significantly from normal use: Users have certain habits in their system usage: Duration of usage Login times Amount of file system usage Executed programs, accessed files, etc Assumption: normal user behavior can be described statistically Requires a learning phase / specification of normal behavior y Most approaches require labeled data Analysis: compares recorded events with reference profile of normal behavior N 1 N 2 O 1 O 2 Advantage: An attack scenario needs not to be defined a priori This approach can, in principle, detect unknown attacks 0 3 x 47
48 Anomaly Detection () Network abuse anomalies DoS flood attacks Port scans [Bar01] 48
49 Honeypots Definition: A security resource who's value lies in being probed, attacked or compromised We want to get compromised! Certainly not a standalone security mechanism. Why? FUN! No false-positives! Research: Malware analysis/reverse engineering Reducing available attack surface/early warning system 49
50 Honeypot Classification - Interaction Low interaction Passive honeypot that simulates network operations (usually at tcp/ip level) Do not modify network traffic in any way and do not interact with attacker No operating system for the attacker to interact with Analysis of spammers and as active countermeasure against worms Medium interaction Interaction with the attacker Simulate network operations and provide attackers with illusion of an OS Logging and analysis of more complex attacks High interaction Real systems (e.g., VMs) Attacker is provided with real OS to interact with 50
51 Honeynets and Honeytokens Honeynets Most advanced and complex honeypots Entire network of computers to be attacked Primary purpose: Capturing extensive information on (internal and external) threats Honeytokens Not a computer, but a digital entity, e.g., an Excel spreadsheet, database entry, login and password Any interaction with honeytoken indicates unauthorized or malicious activity 51
52 Honeypots Advantages Small data sets Collection of data only when someone or something is interacting with them Reduced false positives Any activity with honeypots is by definition unauthorized Catching false negatives Identification of new attacks as any activity with the honeypot is an anomaly Encryption Capturing of attack activity independent from malicious activity being encrypted as honeypot is a communication endpoint Highly Flexible Honeypots are extremely adaptable to a wide range of environments Minimal Resources Even on large networks only minimal resources required 52
53 Honeypots - Disadvantages Risk An attacker can use honeypot to attack other systems Risk varies with type of honeypot used Limited field of view Honeypots see or capture only what interacts with them They are not capturing activities between all other systems 53
54 Honeypots - Dionaea Low Interaction honeypot for collecting malware Protocol simulated: Basic protocol: SMB (port 445) Others: HTTP, HTTPS, FTP, TFTP, MSSQL and SIP (VOIP) Also support for IPv6 and TLS Photo by Noah Elhardt / CC BY Malware files: stored locally or/and sent to 3rd party entities (CWSandbox, Norman Sandbox, Anubis, VirusTotal) 54
55 Regulatory Requirements for Intrusion Detection Recording of personal data depends on configuration of IDS IDS placement at transition point to other network Less personal data Attacks from the outside: Personal data: IP addresses To map IP addresses to persons, the ISP/company/ needs to be contacted Quite often mapping not possible Attacks from the inside: Personal data collected only in cases IDS also monitors internal traffic Personal data: login names and IP addresses IDS to monitor internal network Detection of insider attacks and policy violations Designated purpose required for collecting personal data 55
56 German Laws (1) Bundesdatenschutzgesetz (BDSG) 14 (2): Das Speichern, Verändern oder Nutzen [...] ist [...] zulässig, wenn es zur Verfolgung von Straftaten oder Ordnungswidrigkeiten [...] erforderlich ist. Storing, changing, or using is allowed when it is required for prosecution and to punish minor violations of the law 14 (4), 31: Personenbezogene Daten, die ausschließlich [...] zur Sicherstellung eines ordnungsgemäßen Betriebs einer Datenverarbeitungsanlage genutzt werden, dürfen nur für diesen Zweck verwendet werden. Personal data that is used to maintain operation of IT systems can be used for this purpose Purpose of the deployment of an IDS is to maintain operation of IT systems, thus designated purpose on the basis of 14 (4), 31 required Telekommunikations-Datenschutzverordnung (TDSV) Regulates the protection of personal data during collection, processing, and usage by companies and employees that provide telecommunication services or that assist in their provisioning 56
57 German Laws (2) Data protection law for service providers Teledienstdatenschutzgesetz (TDDSG) Users need to be informed by service provider on kind, extent, and purpose of the collection of personal data Service provider can establish user profiles under certain conditions Betriebsverfassungsgesetz (BetrVG) Regulates collaboration between employer and work council ( Betriebsrat ) Work council has right to be informed and to object when monitoring systems like IDS are deployed ( 87) (Bundes) Personalvertretungsgesetz ((B)PersVG) Same as BetrVG but for public employees 57
58 Examples for Legal Requirements (Germany) Data protection officer, work councils have to be consulted and have to approve when introducing an IDS Work council, data protection officer, and IDS manager should define requirements for the IDS deployment: All employees are informed on IDS deployment and its purpose All employees that administrate the IDS or access data are subject of data protection law (BDSG) Personal data is only collected to maintain operation and to an extent that is necessary for detecting attacks and security violations as well as their backtracking Monitored information can only be transferred by IDS admin to third parties, e.g., to trace the origin of an attack, when respective supervisor agrees, or when data has to be transferred on the basis of a guideline Collected information has to be deleted at latest after two months, except data that is required for evidence Changes in IDS deployment and purpose require approval of work council 58
59 Summary Firewalls, IDS, Honeypots as reactive security tools to detect and mitigate attacks Firewalls Different architectures for deployment Packet filtering vs. deep packet inspection (usually via IDS) IDS Signature-based vs. anomaly-based IDS In combination with Firewalls: IPS Honeypots as purely passive monitoring component Nearly no false positives! Law Allows monitoring with purpose to maintain operation of IT Deletion deadlines, work council approval, information of employees 59
60 Additional References [Zwi00a] E. Zwicky, S. Cooper, B. Chapman. Building Internet Firewalls. Second Edition, O Reilly, [Sem96a] C. Semeria. Internet Firewalls and Security. 3Com Technical Paper, [Wack95a] [StaBro08] [Bar01] [Chan09] J. P. Wack, L.J. Carnahan. Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls. NIST Special Publication , William Stallings and Lawrie Brown. Computer Security: Principles and Practice. Prentice Hall Press, Upper Saddle River, NJ, USA, 2nd edition, P. Barford, D. Plonka, Characteristics of Network Traffic Flow Anomalies. Proceedings of ACM SIGCOMM Internet Measurement Workshop, October Chandola, Varun, Arindam Banerjee, and Vipin Kumar Anomaly Detection: A Survey. ACM Computing Surveys 41 (3) (July 1): doi: /
Protection of Communication Infrastructures
Protection of Communication Infrastructures Chapter 5 Internet Firewalls 1 Introduction to Network Firewalls (1) In building construction, a firewall is designed to keep a fire from spreading from one
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 9 Security Policies and Firewalls Overview Introduction: What does secure mean? Firewalls
More informationCS155 Firewalls. Simon Cooper CS155 - Firewalls 23 May of 30
CS155 Firewalls Simon Cooper CS155 - Firewalls 23 May 2002 1 of 30 Plug! Building Internet Firewalls 2nd Edition, O Reilly Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman 2 of 30 What
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationCS155 Firewalls. Why Firewalls? Why Firewalls? Bugs, Bugs, Bugs
CS155 - Firewalls Simon Cooper Why Firewalls? Need for the exchange of information; education, business, recreation, social and political Need to do something useful with your computer Drawbacks;
More informationNetwork Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Firewalls Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 2 Firewalls: Stateless packet filter Firewall Perimeter defence: Divide the world into the good/safe inside
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationInternet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu Cryptographic technologies Secure Sockets Layer IPSec Exo-structures Firewalls Virtual Private Networks ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA 2
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationFirewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A
Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 6 / 2 017 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationOverview of Firewalls. CSC 474 Network Security. Outline. Firewalls. Intrusion Detection System (IDS)
CSC 474 Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) 1 Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS Anomaly detection
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 11
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 11 Attack prevention, detection and response Acknowledgments This course is based
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationCSCI 454/554 Computer and Network Security. Topic 8.4 Firewalls and Intrusion Detection Systems (IDS)
CSCI 454/554 Computer and Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationChapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet
Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties
More informationOutline. Internet Security Mechanisms. Basic Terms. Example Attacks
Outline AIT 682: Network and Systems Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS Anomaly
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Instructor: Dr. Kun Sun Firewalls Filtering firewalls Proxy firewalls Outline Intrusion Detection System
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More information8/19/2010. Computer Forensics Network forensics. Data sources. Monitoring
Computer Forensics Network forensics Thomas Mundt thm@informatik.uni-rostock.de Data sources Assessment Monitoring Monitoring Software Logs and Log Analysis Incident Analysis External Assessment Hackers
More informationConfiguring IP Services
CHAPTER 8 Configuring IP Services This chapter describes how to configure optional IP services supported by the Cisco Optical Networking System (ONS) 15304. For a complete description of the commands in
More informationImplementing Firewall Technologies
Implementing Firewall Technologies Network firewalls separate protected from non-protected areas preventing unauthorized users from accessing protected network resources. Technologies used: ACLs Standard,
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationSingle Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking
1 Review of TCP/IP working Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path Frame Path Chapter 3 Client Host Trunk Link Server Host Panko, Corporate
More informationBroadcast Infrastructure Cybersecurity - Part 2
SBE Webinar Series - 2018 Broadcast Infrastructure Cybersecurity - Part 2 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services KAMU FM-TV Broadcast Infrastructure Cybersecurity
More information10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
More informationCHAPTER 8 FIREWALLS. Firewall Design Principles
CHAPTER 8 FIREWALLS Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationFirewalls, IDS and IPS. MIS5214 Midterm Study Support Materials
Firewalls, IDS and IPS MIS5214 Midterm Study Support Materials Agenda Firewalls Intrusion Detection Systems Intrusion Prevention Systems Firewalls are used to Implement Network Security Policy Firewalls
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationComputer Networks (Introduction to TCP/IP Protocols)
Network Security(CP33925) Computer Networks (Introduction to TCP/IP Protocols) 부산대학교공과대학정보컴퓨터공학부 Network Type Elements of Protocol OSI Reference Model OSI Layers What we ll learn today 2 Definition of
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationGlobal Information Assurance Certification Paper
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationSE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer
SE 4C03 Winter 2003 Final Examination Answer Key Instructor: William M. Farmer (1) [2 pts.] Both the source and destination IP addresses are used to route IP datagrams. Is this statement true or false?
More informationIntranets 4/4/17. IP numbers and Hosts. Dynamic Host Configuration Protocol. Dynamic Host Configuration Protocol. CSC362, Information Security
IP numbers and Hosts Intranets CSC362, Information Security i. IP numbers denote interfaces rather than entities ii. a single router can connect several different networks iii. a single interface can be
More informationSpring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention
Spring 2010 CS419 Computer Security Vinod Ganapathy Lecture 14 Chapters 6 and 9 Intrusion Detection and Prevention Firewalls and IPSes effective means of protecting LANs internet connectivity essential
More informationChapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.
Chapter Three test Name: Period: CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. 1. What protocol does IPv6 use for hardware address resolution? A. ARP
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2650 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationSecurity Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 9
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 9 Attacks and Attack Detection (Prevention, Detection and Response) Attacks and Attack
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 12
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 12 Announcements Project 2 is on the web. Due: March 15th Send groups to Jeff Vaughan (vaughan2@seas) by Thurs. Feb. 22nd. Plan for
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationManaging Latency in IPS Networks
Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings
More informationAgenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall
Agenda of today s lecture Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall Firewalls in General S-38.153 Security of Communication Protocols Antti Lehtonen 29.4.2003 firewalls
More informationINFS 766 Internet Security Protocols. Lecture 1 Firewalls. Prof. Ravi Sandhu INTERNET INSECURITY
INFS 766 Internet Security Protocols Lecture 1 Firewalls Prof. Ravi Sandhu INTERNET INSECURITY Internet insecurity spreads at Internet speed Morris worm of 1987 Password sniffing attacks in 1994 IP spoofing
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationChapter 7. Network Intrusion Detection and Analysis. SeoulTech UCS Lab (Daming Wu)
SeoulTech UCS Lab Chapter 7 Network Intrusion Detection and Analysis 2015. 11. 3 (Daming Wu) Email: wdm1517@gmail.com Copyright c 2015 by USC Lab All Rights Reserved. Table of Contents 7.1 Why Investigate
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationNetwork Security. Tadayoshi Kohno
CSE 484 (Winter 2011) Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationNetwork Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)
1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationCE Advanced Network Security
CE 817 - Advanced Network Security Lecture 3 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other
More informationBOR3307: Intro to Cybersecurity
Key Terms for lesson 4 are listed below: It is important that you maintain a copy of these key terms handy as you take this course and complete the readings. Working from a standard lexicon will keep you
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationNetwork Control, Con t
Network Control, Con t CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationConcept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.
223 Chapter 19 Inter mediate TCP The Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols was developed as part of the research that the Defense Advanced Research Projects Agency
More informationVG422R. User s Manual. Rev , 5
VG422R User s Manual Rev 1.0 2003, 5 CONGRATULATIONS ON YOUR PURCHASE OF VG422R... 1 THIS PACKAGE CONTAINS... 1 CONFIRM THAT YOU MEET INSTALLATION REQUIREMENTS... 1 1. INSTALLATION GUIDE... 2 1.1. HARDWARE
More informationThree interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More information