Introduction to Network Security - PowerPoint PPT Presentation

1 / 56
About This Presentation
Title:

Introduction to Network Security

Description:

Fujitsu Systems Business of America. 2. What is Network Security? ... Anna Kournikova Virus ( 'Here you have, ;o)' ) of last week ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 57
Provided by: lilinot
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Network Security


1
Introduction to Network Security
  • Charles Hill
  • Director, Hawaii Operations
  • E-mail chill_at_fsba.com
  • Phone (808) 524-7786

2
What is Network Security?
  • Network security addresses the vulnerabilities to
    which your organization is exposed as a
    consequence of being connected to a network.

3
Topics of Discussion
  • Whos vulnerable?
  • Whos attacking?
  • What are the kinds of attacks?
  • How do we protect ourselves?
  • What do you do when youve been hacked?
  • References and QA

4
Whos vulnerable?
  • Everyone in your organization who uses computers
    or networks in the process of doing their job.
  • Everyone in your organization who is affected by
    the information stored in computers.
  • Everyone in your organization.
  • Outsiders who rely on your organization your
    customers, the public.

5
Whos vulnerable?
  • Both Servers and End-Users are subject to attack.
  • Web servers, E-mail servers, File servers,
    Communications servers, Network devices
  • End-users receiving e-mail, visiting web sites,
    downloading files, participating in online
    services

6
Whos vulnerable?
  • You are exposed to network security threats by
  • using e-mail (e.g. viruses, worms)
  • using web-browsers (e.g. malicious applets and
    scripts)
  • simply being connected to the network (protocol
    hacks, breaking and entering)

7
Whos vulnerable?
  • From 2000 CSI/FBI Computer Crime and Security
    Survey of 643 US Organizations
  • 90 of respondents detected computer security
    breaches w/in last 12 months
  • 74 acknowledged financial losses due to computer
    breaches

8
Whos vulnerable?
  • 70 reported a variety of serious computer
    security breaches other than viruses, laptop
    theft, or net abuse
  • Quantified financial losses from 273 respondents
    totaled 265,589,940

9
Whos vulnerable?
  • 20-year-old man arrested for breaking into two
    computers of NASAs Jet Propulsion Laboratory.
  • Hacking started in 1998
  • One computer was used to host chat room devoted
    to hacking
  • Thousands of usernames and passwords were stolen
  • Reuters News, July 12, 2000

10
Whos vulnerable?
  • Hacker boosted stock price by posting fake merger
    press release
  • A hacker boosted the stock of Aastrom Biosciences
    by 6.5 by posting a fake press release on the
    company's Web site announcing a merger with
    California biopharmaceutical company Geron.
  • Reuters News, Feb. 17, 2000

11
Whos vulnerable?
  • Thousands of Safeway customers received emails
    that appeared to come from the company, saying
    Safeway would raise its prices by 25 percent. The
    emails also said, If you wanted to shop
    elsewhere, you could.
  • Safeway shut down U.K. site after hacker attack
    on August 12, 2000
  • Bloomberg News, Aug. 14, 2000

12
Whos vulnerable?
  • April 1998, Masters of Downloading cracked the
    DISN and stole software used to control vital
    military GPS satellites used to pinpoint missile
    strikes, guide troops and assess ground
    conditions

13
Whos vulnerable?
  • ILOVEYOU Virus
  • MELISSA Virus
  • Anna Kournikova Virus ( Here you have, o) ) of
    last week
  • Denial of Service attack against Microsoft two
    weeks ago
  • Home users with network connections dialup or
    dedicated

14
Whos attacking?
  • Attacks from within
  • Within means originating from inside the
    LAN/intranet, a trusted source

15
Whos attacking?
  • Case studies have shown that a vast majority of
    attacks originate from within an organization.
    In fact, some studies state that as much as 70
    of all attacks from someone within an
    organization or from someone with inside
    information (such as an ex-employee).
  • Chris Brenton, Mastering Network Security, c.
    1999, SYBEX Network Press, p.6.

16
Whos attacking?
  • Sometimes the damage is done without intent
  • People making mistakes
  • Only give root privileges to people who know what
    they are doing
  • People experimenting with things theyve heard
    about
  • I was just testing this downloaded script....

17
Whos attacking?
  • Sometimes the damage is done on purpose
  • Malicious attacks from disgruntled people (e.g.
    ex-employees)
  • Snoop attacks from nosey co-workers
  • Acts of vandalism
  • Espionage

18
Whos attacking?
  • Attacks from the Outside
  • Outside means originating from anyone/anyplace
    outside of your LAN/intranet, an unknown source.
  • Sometimes the damage is done without intent....
  • Sometimes the damage is done on purpose.

19
Whos attacking?
  • What do they hope to gain?
  • bragging rights, simply to say I did it!
  • theft of information
  • theft of service
  • theft of real assets/money
  • defacement/vandalism
  • destruction of data
  • corruption of data

20
Whos attacking?
  • What do they hope to gain, continued
  • corruption of operational systems controlled by
    computers (phone system, TV systems, etc.)
  • denial of service
  • plant bots which can be remotely activated and
    controlled to accomplish any of the attacks
    listed above using your machine as the host

21
What are the kinds of attacks?
  • Denial of Service (DoS) attacks
  • DoS attacks have one goal to knock your service
    off the net.
  • Crash your host
  • Flood your host
  • Flood the network connecting to your host

22
What are the kinds of attacks?
  • Viruses
  • A computer virus attaches itself to files on the
    target machine
  • Master Boot Sector/Boot Sector viruses
  • File viruses, Macro viruses
  • Stealth viruses, Polymorphic viruses
  • Hoax Viruses
  • http//www.mcafee.com/anti-virus
  • http//www.symantec.com/avcenter

23
What are the kinds of attacks?
  • Trojans, Worms and Backdoors
  • Trojans are programs that appear to perform a
    desirable and necessary function that perform
    functions unknown to (and probably unwanted by)
    the user.
  • Worms are memory resident viruses. Unlike a
    virus, which seeds itself in the computer's hard
    disk or file system, a worm will only maintain a
    functional copy of itself in active memory.

24
What are the kinds of attacks?
  • Worms frequently sleep until some event
    triggers their activity - send password file to
    hacker, send copy of registry to hacker.
  • Worms and Trojans are frequently methods by which
    Backdoors are enabled on a system.
  • Backdoors allow hidden access and control of a
    system (e.g. Back Orifice, BO2K, SubSeven).

25
What are the kinds of attacks?
  • Scanners
  • Programs that automatically detect security
    weaknesses in remote or local hosts.
  • Tells the hacker
  • What services are currently running
  • What users own those services
  • Whether anonymous logins are supported
  • Whether certain network services require
    authentification

26
What are the kinds of attacks?
  • Password Crackers
  • Some actually try to decrypt....
  • Most simply try brute force or intelligent
    brute force
  • Dictionary words, days of year, initials
  • Social Engineering
  • This is MIS, I need to fix your e-mail box,
    whats your password?

27
What are the kinds of attacks?
  • Sniffers
  • Devices that capture network packets
  • Extremely difficult to detect because they are
    passive

28
How do we protect ourselves?
  • One product cannot provide full protection
  • The computer networking environment consists of
    too many different subsystems for one product to
    provide full protection

29
How do we protect ourselves?
  • Ethernet protocol
  • IP protocol
  • TCP protocol
  • Routing protocols
  • Operating Systems
  • Presentation protocols - HTML, DHTML, XHTML, XML
  • Remote Program execution protocols - VBS, ASP,
    DCOM, CORBA, JavaScript, Java Applets, Jini
  • Applications - MS Outlook, Netscape Communicator,
    server SW (MS IIS, etc.)

30
How do we protect ourselves?
  • Anti-virus software
  • Personal Anti-virus SW on your machine
  • Make sure it is set to scan all executables,
    compressed files, e-mail, e-mail attachments,
    web pages
  • Keep your virus information files up to date!!!

31
How do we protect ourselves?
  • Firewalls
  • A combination of hardware and software resources
    positioned between the local (trusted) network
    and an untrusted network. The firewall ensures
    that all communication between an organization's
    network and the Internet connection conforms to
    the organization's security policy. Firewalls
    track and control communications, deciding
    whether to pass, reject, encrypt, or log
    communications.
  • Checkpoint Firewall-1 Administration
    Guide

32
How do we protect ourselves?
  • Types of Firewalls
  • Static Packet Filtering - a.k.a. Access Control
    Lists
  • Dynamic Packet Filtering - a.k.a. Stateful
    Inspection
  • Proxy - a.k.a. Application Gateway
  • Non-Transparent
  • Transparent

33
How do we protect ourselves?
34
How do we protect ourselves?
  • Todays firewalls are multi-purpose network
    security platforms. Well... the best firewalls
    are multi-purpose network security platforms
    (Checkpoint Firewall-1)
  • CVP (Content Vector Protocol)
  • UFP (URL Filter Protocol)
  • Bandwidth Management
  • VPN (Virtual Private Networking)
  • Intrusion Detection (MAD)

35
How do we protect ourselves?
  • E-mail Server filters
  • Provide anti-virus protection for e-mail passing
    through the server
  • Integrate directly with the E-mail Server
    software - MS Exchange, Lotus Notes, Netscape,
    ccMail, etc.
  • Example products McAfee GroupShield, Trend Micro
    ScanMail

36
How do we protect ourselves?
  • Web based protection filters
  • Web Server protection
  • Protects web server from hacking (e.g. AppShield
    (Sanctum Inc.))
  • Web Access Control
  • Restricts web sites to which you can connect.
    Can protect you by not allowing you to go to
    malicious web sites (e.g. WebSENSE)

37
How do we protect ourselves?
  • More on Web Site/Application hackingSome
    examples....

38
How do we protect ourselves?
  • Hidden Manipulation
  • Parameter Tampering
  • Cookie Poisoning
  • Stealth Commanding
  • Forceful Browsing
  • BackDoors and Debug Options
  • Configuration Subversion
  • Buffer Overflow
  • Vendor assisted hacking through 3rd-party
    software vulnerabilities

39
Example Medical Records Access
  • Parameter Tampering - SQL Query via CGI Parameters

40
(No Transcript)
41
(No Transcript)
42
Example Money Theft
  • Utilizing Debug Options

43
(No Transcript)
44
(No Transcript)
45
(No Transcript)
46
Example Shutting Down a Site
  • Buffer overflow

47
(No Transcript)
48
(No Transcript)
49
(No Transcript)
50
(No Transcript)
51
(No Transcript)
52
How do we protect ourselves?
  • VPN technologies
  • Access Control
  • Who can talk to us through the network?
  • Authentication
  • How do we know you're who you say you are?
  • Integrity
  • How can we guarantee that what we receive is what
    you sent?
  • Confidentiality
  • How can we guarantee that no one else can read
    this information?

53
How do we protect ourselves?
  • Intrusion Detection Systems
  • Suspicious Pattern Detection
  • Looks for known patterns of types of traffic that
    are common to electronically "casing the joint"
  • Bit Pattern Signature Detection
  • Looks for known signatures of attacks
  • Anomaly Detection - the AI approach
  • Monitors network for a period of time to
    establish a statistical norm for traffic on the
    network. Generates alarms when abnormal traffic
    occurs

54
What do you do when youve been hacked?
  • Too big of a topic to go into here.... but its a
    vital part of network security.
  • What can you do to ensure the compromise has been
    abated?
  • How do you identify whats been changed?
  • What did you lose?
  • What can you recover?

55
References
  • Hacking Exposed, Network Security Secrets and
    Solutions, Joel Scambray, Stuart McClure, and
    George Kurtz, Osborne/McGraw-Hill
  • Mastering Network Security, Chris Brenton, Sybex
    Network Press
  • Maximum Security, A Hacker's Guide to Protecting
    Your Internet Site and Network, Anonymous, SAMS
  • Secrets and Lies, Digital Security In A Networked
    World, Bruce Schneier, John Wiley and Sons

56
References
  • Reputable sites
  • www.hackingexposed.com
  • www.securityfocus.com
  • Questionable sites
  • www.because-we-can.com
  • www.digicrime.com
  • www.insecure.org
Write a Comment
User Comments (0)
About PowerShow.com