Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

Similar documents
Chapter 8 roadmap. Network Security

Stateless Firewall Implementation

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

Introduction to Firewalls using IPTables

Internet Security: Firewall

20-CS Cyber Defense Overview Fall, Network Basics

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Ethical Hacking and Prevention

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

CSC 4900 Computer Networks: Security Protocols (2)

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

INFS 766 Internet Security Protocols. Lecture 1 Firewalls. Prof. Ravi Sandhu INTERNET INSECURITY

Unit 4: Firewalls (I)

SE 4C03 Winter 2005 Network Firewalls

CSC Network Security

Computer Security and Privacy

Introduction p. 1 The Need for Security p. 2 Public Network Threats p. 2 Private Network Threats p. 4 The Role of Routers p. 5 Other Security Devices

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

The Protocols that run the Internet

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

VG422R. User s Manual. Rev , 5

Implementing Firewall Technologies

Hands-On Ethical Hacking and Network Defense

8/19/2010. Computer Forensics Network forensics. Data sources. Monitoring

Chapter 11: Networks

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Systems and Network Security (NETW-1002)

Overview of TCP/IP Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers.

4. The transport layer

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Definition of firewall

ch02 True/False Indicate whether the statement is true or false.

Firewalls, Tunnels, and Network Intrusion Detection

10 Defense Mechanisms

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

CIT 380: Securing Computer Systems. Network Security Concepts

CSE 565 Computer Security Fall 2018

Application Firewalls

CHAPTER 8 FIREWALLS. Firewall Design Principles

Indicate whether the statement is true or false.

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

The DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls

Why Firewalls? Firewall Characteristics

ECE 435 Network Engineering Lecture 23

Computer Security Spring Firewalls. Aggelos Kiayias University of Connecticut

Protection of Communication Infrastructures

Smeal College of Business - Central Firewall Rules and Policies

Networks and Communications MS216 - Course Outline -

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Lab 1: Packet Sniffing and Wireshark

Introduction.

Networking Security SPRING 2018: GANG WANG

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare

Internet Security Firewalls

Hands-On TCP/IP Networking

Computer and Network Security

Software Engineering 4C03 Answer Key

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

Computer Networks Security: intro. CS Computer Systems Security

CSC 574 Computer and Network Security. TCP/IP Security

A Study on Intrusion Detection Techniques in a TCP/IP Environment

TCP/IP THE TCP/IP ARCHITECTURE

Chapter 11: It s a Network. Introduction to Networking

Configuring Commonly Used IP ACLs

Broadcast Infrastructure Cybersecurity - Part 2

Transport Layer. The transport layer is responsible for the delivery of a message from one process to another. RSManiaol

Computer Network Vulnerabilities

Lab - Using Wireshark to Examine TCP and UDP Captures

Chapter 4. Network Security. Part I

Venusense UTM Introduction

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Networking interview questions

CS61C Machine Structures Lecture 37 Networks. No Machine is an Island!

Network Security. Thierry Sans

HP High-End Firewalls

CSE 565 Computer Security Fall 2018

Security System and COntrol 1

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

Computer and Network Security

SECURING INFORMATION SYSTEMS

Avaya Port Matrix: Avaya Diagnostic Server 3.0

Define information security Define security as process, not point product.

Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic

Transcription:

Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1

Security Security means, protect information (during and after processing) against impairment and loss of confidentiality, integrity and availability. Given by: increasing of availability and storage strategies: Backup, Redundant Systems, Raid-Systems protection against unauthorized access: Firewalls, encryption algorithm, etc. Security requirements Confidentiality protects confidential information against unintended access. Integrity guarantees that the data are authentic and undamaged. Availability ensures that authorized persons are able to access data and communication services at every time. 2

CIA Triad Threats Active attacks Intrusion of unauthorized persons Impairment and disturbance of networking Data modification Passive Attacks Password listening Data listening Network traffic analysis 3

Aggresssor Who is aggressive Competitors Hacker/Cracker (Beginners, Professional) Professional Hacker (industrial espionage) Colleagues (approx. 70% of all attacks come from Colleagues) NSA Examples By use of so called trojans, hackers got access to passwords of Microsoft employees. So the hackers were able to stole the newest source code release of a Microsoft operation system. Yahoo was a victim of a Denial-Of-Service Attack. The Website of yahoo was more than 3 hours not available. Sony Corp. said hackers may have gained access to personal information (like name, address, country, e- mail address, birthdate, etc.) on the 75 million users of its PlayStation Network. 4

Kind of attacks Password attack Data attack Malicious Code Scanner Spoofing DOS-Attack Password attacks 3 Methods Guess on base of known or speculated user accounts (names). Brute force attack on a password file by use of special applications, i.e. Crack. Listening on connections in order to find out user names and their passwords. 5

Data attack by sniffers Data attack are done by use of so called sniffers. Sniffer respectively network monitoring tools are applications which are originally used in order to monitor and analyse network traffic. Well known tool = WIRESHARK Promiscous mode Usually a computer receives via its network interface card only these packages which are destined for itself. But it is possible to get access to all traffic. This could be done when the network interface card is running in a special mode, the promiscuous mode. Extremely dangerous: A sniffer is installed on a central machine which is accessed by many clients 6

Malicious Code Malicious Code is unauthorized code (could be in a legal application) doing jobs which are unknown by the user and usually undesired. Examples: Viruses Trojan horses Worms Scanner Scanner are security tools which are originally used in order to find out some weak points of a system. There are system scanner and network scanner. System scanner: scans its local host in order to find out security gaps or configuration problems. Network scanner: scans computer connected to a network. They check services and ports und deliver therefore information about possible security gaps. 7

Spoofing Spoofing is used in order to outwit authentication and identification mechanism which are basing on trustworthy addresses and/or hostnames. a distinction is drawn between: IP-Spoofing denotes the corruption of the sender-ip address. DNS-Spoofing means the corruption of entries in DNS-servers. Dos-Attacks DOS = Denial of Service. Most common attack (simple and fast). Goal is to knock out the attacked system or at least to interfere the access for valid users. Not easy to intercept. Next step: DDOS = Distributed Denial of Service: Several machines start an attack at the same time. Example: TCP-SYN Flooding, PING, MAIL-Bombing 8

Firewall Basics A Firewall is a hurdle between to nets which must be cleared in order to allow communication from one net to the other. Each communication between the nets must be done over the firewall. Internet private, local net Firewall Firewall definition A firewall consists of one or more hard- and software components. A firewall connects two networks in a way that all traffic between the networks must pass the firewall. A Firewall implements a security strategy, which realises access restrictions and if required attack recording. A Firewall let only pass those data packages which fulfil the security strategy. 9

What a firewall can do Restriction of traffic between two networks. Access only to special machines or services. Network monitoring and recording => protocols. Manipulation of network traffic by use of special (i.e. traffic limitation, IP-Address replacement, etc.). What a firewall can t do Closing security gaps directly. Correction of configuration or installation mistakes. Find out viruses or Trojans. Making a network totally secure. 10

Firewall-concepts Packet filter Filtering on network layer (IP-Addresses and Ports). Proxy-Gateways Circuit Level Gateway Filtering on transport layer. Application Level Gateway Filtering on application level (protocol dependent). Graphical Firewall All internet applications running outside of the protected network. Only graphical information are delivered Proxy-Gateway Proxy=lock keeper A Proxy firewall act as a server for the client and as a client for the server. HTTP Gateway FTP Gateway Internet private, local Net Firewall with application dependent Proxy-Services 11

Proxy Gateway Offers application specific services for clients. Control and observe functions for a specific application. Example: Avoid that a client uses ftp in order to transfer data in (via put command) to an external ftp-server. Access to special HTTP-Sites is forbidden In opposite to packet filters the connection is really interrupted. IP-Addresses of the internal net are invisible. Protocols Application HTTP FTP SMTP DNS SNMP RIP Transport TCP UDP Internet IP Phys. Network Ethernet Token-Ring ATM 12

IP It carries the transport protocols TCP and UDP. It builds IP-Packages out of the data which have to be transmitted. It adds additional information, the IP-Header. It contains source and destination address. TCP TCP (Transmission Control Protocol) confirms every received data package. TCP repeats each data package until its receiving is confirmed. TCP is reliable 32 BIT 13

Port communication TCP/IP operates by IP-Addresses and Ports each IP-Adresse has 2 16 potential ports The ports below 1024 are standardized (standard ports), which are allocated to dedicated services, i.e.: 23 telnet 25 smtp 80 http 443 https 23 25 80 443....... 30000. Packet filter Filtering of Data packages: Sender/Destination IP-Addresses Sender/ Destination -Ports (Services) Protocols (TCP,UDP, ICMP) Separate Filtering of incoming Packages (INPUT) und outgoing Packages (OUTPUT). Different rules for Input-Filter and Output-Filter. List of rules are so called chains. A package is checked by one rule after the other until either one rule matches or the end of list is reached. 14

Packet filter (Policies) Every chain has a default setting for package treatment, the so called policies. The policies come into play after a data package were checked by all rules of a chain. If no rule matches the default policy applies. There are two different strategies: Deny every package. Only well defined kind of packages are allowed. (Better). Allow every package. Only well defined kind of packages are forbidden. Packet filter (Reject, Drop) Packet filters have two different methods to handle a non accepted package. Reject: The Package will be deleted and an ICMP-Error message is delivered to the sender. Drop: The Package will be deleted. Drop is the better choice, because: less traffic, the package could be part of a attack, even an error message could be an useful information for an aggressor. 15

Filtering incoming packets Filtering according to Sender- IP There a some groups of IP-Addresses which could be generally dropped. For example: IP-Addresses of the own Subnet, etc. Filtering according to Destination-IP Only packages addressing the own network are accepted. Filtering according sender/destination Port We have to distinguish between requests of external clients to our own servers and incoming answers of external servers destined for local clients. Stateful filtering Stateful Filtering means the capability to store the state and contextual information of a TCP connection. =>Dynamic packet filter analyse the state of an TCP- Connection. Connection request of client: SYN Acknowledgement of server: ACK-SYN Acknowledgement of client: ACK Further transfer (from both sides): ACK Packages (containing a ACK-Flag) from outside to inside are only accepted if a package from inside to outside (containing a SYN-Flag) was sent before. 16

Iptables Iptables (Packet filter under Linux) Three Chains: INPUT, OUTPUT, FORWARD. Routing decides if a package is delivered to the INPUT-Chain or to the FORWARD-Chain. Input vs. Forward Chain Packages for the machine itself are checked at first by the INPUT-Chain. If the INPUT Chain accepts the packages it reaches the actual machine. Packets for foreign machines (in our local protected net) are running through the FORWARD-Chain. If the packages is accepted it is delivered to the appropriated network interface. 17

Chains and routing Routing Forward- Chain Drop Input- Chain Local Processes Output- Chain Drop Drop IP Tables some commands Delete rules iptables --flush Drop all packages iptables policy INPUT DROP iptables policy OUTPUT DROP iptables policy FORWARD DROP Reject incoming packages coming from the IP-Address of our own external interface iptables A input i eth0 s <myipadress> -j DROP 18

Our netlab firewall Server N incoming eth 0 eth 1 outgoing Switch N outgoing incoming Internet Firewall Client N How can I protect my own PC Deactivate all services which are not required. Deinstall all programs which are not permanently used. Deinstall all programs with well known security gaps. (even when you need them). Inform yourself about security gaps and use updates. Install a virus scanner (Freeware: AntiVir). Install ore use your personal firewall 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback