Network Defenses 21 JANUARY KAMI VANIEA 1

Similar documents
Network Defenses 21 JANUARY KAMI VANIEA 1

Network Defenses KAMI VANIEA 1

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Network Security. Thierry Sans

CSE 565 Computer Security Fall 2018

Chapter 8 roadmap. Network Security

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

CyberP3i Course Module Series

Configure Basic Firewall Settings on the RV34x Series Router

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Network Security: Firewall, VPN, IDS/IPS, SIEM

20-CS Cyber Defense Overview Fall, Network Basics

Indicate whether the statement is true or false.

SecBlade Firewall Cards Attack Protection Configuration Example

Unit 4: Firewalls (I)

Security Device Roles

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials

ICS 451: Today's plan

PROTECTING INFORMATION ASSETS NETWORK SECURITY

COMPUTER NETWORK SECURITY

KillTest ᦝ䬺 䬽䭶䭱䮱䮍䭪䎃䎃䎃ᦝ䬺 䬽䭼䯃䮚䮀 㗴 㓸 NZZV ]]] QORRZKYZ PV ٶ瀂䐘މ悹伥濴瀦濮瀃瀆ݕ 濴瀦

CSC 4900 Computer Networks: Security Protocols (2)

Computer Security: Cyber Essentials KAMI VANIEA 1

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Advanced Security and Mobile Networks

Network Security and Cryptography. 2 September Marking Scheme

Networking 101 By: Stefan Jagroop

Exam : SCNS_EN. Title : SCNS SCNS Tactical Perimeter Defense. Version : Demo

Firewalls, Tunnels, and Network Intrusion Detection

ch02 True/False Indicate whether the statement is true or false.

Application Firewalls

Understanding Cisco Cybersecurity Fundamentals

CSC Network Security

CNBK Communications and Networks Lab Book: Purpose of Hardware and Protocols Associated with Networking Computer Systems

Implementing Firewall Technologies

Advanced Security and Forensic Computing

Networking By: Vince

Configuring attack detection and prevention 1

Innovation and Cryptoventures. Technology 101. Lee Jacobs and Campbell R. Harvey. February 22, 2017

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

ASA Access Control. Section 3

Brief Notes on Networks

CS164 Final Exam Winter 2013

NETGEAR-FVX Relation. Fabrizio Celli;Fabio Papacchini;Andrea Gozzi

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

CNPE Communications and Networks Lab Book: Data Transmission Over Digital Networks

Chapter 9. Firewalls

ICS 351: Networking Protocols

Networks Fall This exam consists of 10 problems on the following 13 pages.

Configuring attack detection and prevention 1

Networking interview questions

The OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).

How to Make the Client IP Address Available to the Back-end Server

Chapter 7. Local Area Network Communications Protocols

SharkFest 17 Europe. #35 Sneaking in The Backdoor. Hacking the Non-Standard Layers. Phill Sherlock Shade. Merlion s Keep Consulting.

Computer and Network Security

networks List various types of networks and their

Switching on our smartphone and sending an to a friend living 5000 km from our home is something that we take for granted, but that involves a

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

Chapter 5: Networking and the Internet

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

How Breaches Really Happen

Chapter 15 Networks. Chapter Goals. Networking. Chapter Goals. Networking. Networking. Computer network. Node (host) Any device on a network

HP High-End Firewalls

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Table of Contents. Cisco How NAT Works

Monitoring the Device

Stateless Firewall Implementation

Why do we really want an ID/locator split anyway?

How to Configure a Remote Management Tunnel for an F-Series Firewall

ARP Inspection and the MAC Address Table for Transparent Firewall Mode

Lecture 2-ter. 2. A communication example Managing a HTTP v1.0 connection. Managing a HTTP request. transport session. Step 1 - opening transport

Protection of Communication Infrastructures

NETWORK SECURITY. Ch. 3: Network Attacks

Managing Latency in IPS Networks

ICS 351: Today's plan. OSPF BGP Routing in general routing protocol comparison encapsulation network dynamics

CS144 Review Session: Fall 2010 Behram Mistree

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Internet Platform Management. We have covered a wide array of Intel Active Management Technology. Chapter12

Cisco IOS Firewall Intrusion Detection System Commands

Incident Response Tools

TCP/IP protocol suite

5. Execute the attack and obtain unauthorized access to the system.

Wireless LANs (CO72047) Bill Buchanan, Reader, School of Computing.

Operating Systems CS 571

BIG-IP Local Traffic Management: Basics. Version 12.1

Information Systems Security

Port Scanning A Brief Introduction

Exam Questions JN0-633

What's the big deal about IPv6? A plain-english guidebook for non-technical managers

Layering in Networked computing. OSI Model TCP/IP Model Protocols at each layer

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Use of the TCP/IP Protocols and the OSI Model in Packet Tracer

Transcription:

Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1

Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary to have? By submitting, posting or displaying User Content on or through the Service, you grant Piazza a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such User Content. This license is limited to providing the Service. Your User Content will not be used for publicity, advertising or any public statements without your prior consent. -- Piazza Terms of Service 2

First, the news The silencing of KrebsOnSecurity opens a troubling chapter for the Internet http://arstechnica.co.uk/security/2016/09/why-the-silencingof-krebsonsecurity-opens-a-troubling-chapter-for-the-net/ KAMI VANIEA 3

Tutorials Tutorials start in week 3 Path is wrong The ITO currently has 13 tutorials for this course when they should have 5 tutorials and 5 labs. We are trying really hard to get this sorted by next week KAMI VANIEA 4

Courseworks There are three courseworks Deadlines are on the website The deadlines the ITO has are wrong, again we are working to get this resolved KAMI VANIEA 5

Today Open System Interconnect (OSI) model Firewalls Intrusion detection systems (IDS) Time allowing: Network Address Translation (NAT) KAMI VANIEA 6

Open Systems Interconnect model A good way to think about networking steps logically Not how software is actually built Image from: http://www.tech-faq.com/osi-model.html KAMI VANIEA 7

OSI in terms of debugging errors Can your browser open another website? Do you have a viewer that supports jpg (image format)? Can you ping the webserver you are trying to reach? Can you ping the gateway or DNS server? Do you have an IP address? Is the light on the modem on? Is the network cable plugged in? KAMI VANIEA 8

Sender: Apache server Data starts at the top of the OSI stack at level 7. Recipient: Firefox user 7 6 5 4 3 2 1 Application Network process to application Presentation Data representation and encryption Session Interhost communication Transport End-to-end connection and reliability Network Path determination and IP (Logical Addressing) Data Link MAC and LLC (Physical Addressing) Physical Media, signal, and binary transmission It progresses down the stack with each successive level adding or changing information. At level 1 it travels across the physical layer to the recipient computer. The recipient then processes the data up the stack. At level 7 an application processes the data. 7 6 5 4 3 2 1 Application Network process to application Presentation Data representation and encryption Session Interhost communication Transport End-to-end connection and reliability Network Path determination and IP (Logical Addressing) Data Link MAC and LLC (Physical Addressing) Physical Media, signal, and binary transmission KAMI VANIEA 9

Levels 7 and 6 involve the internal representation of the message Levels 5 and 4 involve setting up the connection Levels 3, 2, and 1 add header (H) and tail (T) information to each packet Information is added to the message as it travels down the OSI levels H1 H2 H2 H3 H3 H3 M M M M M M M T3 T3 T3 T2 T2 T1 7 6 5 4 3 2 1 Application Network process to application Presentation Data representation and encryption Session Interhost communication Transport End-to-end connection and reliability Network Path determination and IP (Logical Addressing) Data Link MAC and LLC (Physical Addressing) Physical Media, signal, and binary transmission KAMI VANIEA 10

Header data on a packet 1. Physical 2. Data link 3. Network 4. Transport 7. Application KAMI VANIEA 11

Frame header data on a packet 1. Physical 2. Data link 3. Network 4. Transport 7. Application Information needed to physically transport the packet KAMI VANIEA 12

IP header data on a packet 1. Physical 2. Data link 3. Network 4. Transport 7. Application Type of the next header Version 4 Source and destination IP addresses Internet Protocol (IP) information KAMI VANIEA 13

Levels 7 and 6 involve the internal representation of the message Levels 5 and 4 involve setting up the connection Levels 3, 2, and 1 add header (H) and tail (T) information to each packet Information is added to the message as it travels down the OSI levels H1 H2 H2 H3 H3 H3 M M M M M M M T3 T3 T3 T2 T2 T1 7 6 5 4 3 2 1 Application Network process to application Presentation Data representation and encryption Session Interhost communication Transport End-to-end connection and reliability Network Path determination and IP (Logical Addressing) Data Link MAC and LLC (Physical Addressing) Physical Media, signal, and binary transmission KAMI VANIEA 14

This is me visiting https://slashdot.org 6 packets were sent from my computer to the server 50 packets were sent from the server to my computer KAMI VANIEA 15

This is me visiting http://vaniea.com Note the lack of https Why does the text look garbled anyway? KAMI VANIEA 16

Firewalls KAMI VANIEA 17

Firewalls Firewalls divide the untrusted outside of a network from the more trusted interior of a network Often they run on dedicated devices Less possibilities for compromise no compilers, linkers, loaders, debuggers, programming libraries, or other tools an attacker might use to escalate their attack Easier to maintain few accounts Physically divide the inside from outside of a network KAMI VANIEA 18

User User Sample Network User Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases User Router Home PC Home Router Internet 3 rd party server

Questionable things come from the internet AND from the local network Firewall applies a set of rules Based on rules, it allows or denies the traffic Firewalls can also act a routers deciding where to send traffic Internet Email, web and application servers Boundary Firewall Trash Rule Type Source Address Destination Address Desktop PCs and laptops Destination Port Action 1 TCP * 192.168.1.* 22 Permit 2 UDP * 192.1681.* 69 Permit 3 TCP 192.168.1.* * 80 Permit 4 TCP * 192.168.1.18 80 Permit 5 UDP * 192.168.1.* * Deny KAMI VANIEA 20

Sender: Apache server Recipient: Firefox user 7 Application Network process to application 7 Application Network process to application 6 Presentation Data representation and encryption 6 Presentation Data representation and encryption 5 Session Interhost communication 5 Session Interhost communication 4 Transport End-to-end connection and reliability 4 Transport End-to-end connection and reliability 3 Network Path determination and IP (Logical Addressing) 3 Network Path determination and IP (Logical Addressing) 2 Data Link MAC and LLC (Physical Addressing) 2 Data Link MAC and LLC (Physical Addressing) 1 Physical Media, signal, and binary transmission 1 Physical Media, signal, and binary transmission KAMI VANIEA 21

7 6 5 Sender: Apache server Application Network process to application Presentation Data representation and encryption Session Interhost communication A firewall takes in network traffic and compares it to a set of rules. In order to do so it must first process several OSI levels to reach the data it needs. For example, to filter out all traffic from IP 216.34.181.45 the packet needs to be processed through level 3 where IP addresses can be read. 7 6 5 Recipient: Firefox user Application Network process to application Presentation Data representation and encryption Session Interhost communication 4 Transport End-to-end connection and reliability Firewall 4 Transport End-to-end connection and reliability 3 Network Path determination and IP (Logical Addressing) 3 Network Path determination and IP (Logical Addressing) 3 Network Path determination and IP (Logical Addressing) 2 Data Link MAC and LLC (Physical Addressing) 2 Data Link MAC and LLC (Physical Addressing) 2 Data Link MAC and LLC (Physical Addressing) 1 Physical Media, signal, and binary transmission 1 Physical Media, signal, and binary transmission 1 Physical Media, signal, and binary transmission

Firewall ruleset from a custom home router Taken from an ARSTechnica article Image: http://arstechnica.co.uk/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/ 23

There are many types of Firewalls Key differences include: How implemented Software slower, easier to deploy on personal computers Hardware faster, somewhat safer, harder to add in Number of OSI levels of processing required Packet size (level 1) MAC (level 2) and IP (level 3) filtering Port filtering (level 3) Deep packet (level 4+) Today we will talk about: Packet filtering gateway Stateful inspection firewall Application proxy Personal firewalls KAMI VANIEA 24

Packet filtering gateway or screening router Simplest compares information found in the headers to the policy rules Operate at OSI level 3 Source addresses and ports can be forged, which a packet filter cannot detect Design is simple, but tons of rules are needed, so it is challenging to maintain KAMI VANIEA 25

Stateful inspection firewall Maintains state from one packet to another Similar to a packet filtering gateway, but can remember recent events For example, if a outside host starts sending packets to many internal destination ports (aka a port scan) a stateful firewall would record the number of ports probed and once it is over the threshold specified in the policy it would block all further traffic KAMI VANIEA 26

Port scan An attacker is looking for applications listening on ports A single IP address (right) is contacting many ports (left) to see if any respond Image: http://chrislee.dhs.org/projects/visualfirewall.html 27

Firewall ruleset from a custom home router Taken from an ARSTechnica article Image: http://arstechnica.co.uk/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/ 28

Application proxy Simulates the (proper) effects of an application at OSI level 7 Effectively a protective Man In The Middle that screens information at an application layer (OSI 7) Allows an administrator to block certain application requests. For example: Block all web traffic containing certain words Remove all macros from Microsoft Word files in email Prevent anything that looks like a credit card number from leaving a database KAMI VANIEA 29

Personal firewalls Runs on the workstation that it protects (software) Provides basic protection, especially for home or mobile devices Malicious software can disable part or all of the firewall Any rootkit type software can disable the firewall KAMI VANIEA 30

Think-pair-share Imagine you want to put a firewall in front of the email server Why is deep packet inspection easier to do on email than on normal network traffic? As a malicious actor, how might I go around your email firewall? KAMI VANIEA 31

Intrusion Detection Systems (IDS) KAMI VANIEA 32

KAMI VANIEA 33

Firewalls are preventative, IDS detects a potential incident in progress At some point you have to let some traffic into and out of your network (otherwise users get upset) Most security incidents are caused by a user letting something into the network that is malicious, or by being an insider threat themselves These cannot be prevented or anticipated in advance The next step is to identify that something bad is happening quickly so you can address it KAMI VANIEA 34

Signature based Perform simple pattern matching and report situations that match the pattern Requires that admin anticipate attack patterns in advance Attacker may test attack on common signatures Impossible to detect a new type of attack High accuracy, low false positives KAMI VANIEA 36

Heuristic based Dynamically build a model of acceptable or normal behavior and flag anything that does not match Admin does not need to anticipate potential attacks System needs time to warm up to new behavior Can detect new types of attacks Higher false positives, lower accuracy KAMI VANIEA 37

Number of alarms is a big problem In the Target breach the IDS did correctly identify that there was an attack on the Target network There were too many alarms going off to investigate all of them in great depth Some cyberattack insurance policies state that if you know about an attack and do nothing they will not cover the attack. Having a noisy IDS can potentially be a liability KAMI VANIEA 38

Network Address Translation (NAT) KAMI VANIEA 39

IPv4 Version 4 of the Internet Protocol 192.168.2.6 There are less than 4.3 billion IPv4 addresses available We do not have enough addresses for every device on the planet Answer: Network Address Translation Internal IP different than external IP Border router maps between its own IP and the internal ones KAMI VANIEA 40

Questions KAMI VANIEA 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback