search
Login | Signup | Support
  • 0
  • ×

    Add as FriendComputer and Network Security

    by: ankit

    Current Rating : Rate It :

    1842

    Views

    Download
     
    1 : 1 Network Security Group Members: Mohammed Aatif 51 Suhail Ahmad 68 Ankit Thosani 69
    2 : 2 Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion Detection Systems Denial of Service Attacks TCP Attacks Packet Sniffing Social Problems
    3 : 3 What is “Security” Dictionary.com says: 1. Freedom from risk or danger. 2. Freedom from doubt, anxiety, or fear. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.
    4 : 4 What is “Security” Dictionary.com says: 1. Freedom from risk or danger. 2. Freedom from doubt, anxiety, or fear. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.
    5 : 5 What is “Security” Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault. …etc.
    6 : 6 Why do we need security? Protect vital information while still allowing access to those who need it Trade secrets, medical records, etc. Provide authentication and access control for resources Ex: AFS (Andrew File system) Guarantee availability of resources Ex: 5 9’s (99.999% reliability)
    7 : 7 Who is vulnerable? Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK
    8 : 8 Common security attacks and their countermeasures Finding a way into the network Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems Denial of Service Ingress filtering, IDS TCP hijacking IPSec Packet sniffing Encryption (SSH, SSL, HTTPS) Social problems Education
    9 : 9 Firewalls Basic problem – many network applications and protocols have security problems that are fixed over time Difficult for users to keep up with changes and keep host secure Solution Administrators limit access to end hosts by using a firewall Firewall is kept up-to-date by administrators
    10 : 10 Firewalls
    11 : 11 Intrusion Detection Used to monitor for “suspicious activity” on a network Can protect against known software exploits, like buffer overflows Open Source IDS: Snort, www.snort.org However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring
    12 : 12 Minor Detour… Say we got the /etc/passwd file from the IRIX server What can we do with it?
    13 : 13 Dictionary Attack We can run a dictionary attack on the passwords The passwords are encrypted with the crypt() function (one-way hash) Can take a dictionary of words, crypt() them all, and compare with the hashed passwords This is why your passwords should be meaningless random junk! For example, “sdfo839f” is a good password Password should be strong and random chosen.
    14 : 14 Denial of Service Purpose: Make a network service unusable, usually by overloading the server or network Many different kinds of DoS attacks SYN flooding SMURF Distributed attacks Mini Case Study: Code-Red
    15 : DOS attack is design to bring n/w to its knees by flooding with useless address. Symptoms Slow network performance Unavailable of particular website Dramatic increase in number of spam email received Inability to access site 15 Denial of Service
    16 : 16 Denial of Service SYN flooding attack Send SYN packets with bogus source address Server responds with SYN ACK and keeps state about TCP half-open connection Eventually, server memory is exhausted with this state Solution: use “SYN cookies” In response to a SYN, create a special “cookie” for the connection, and forget everything else Then, can recreate the forgotten information when the ACK comes in from a legitimate connection
    17 : 17 Denial of Service SMURF Source IP address of a broadcast ping is forged Large number of machines respond back to victim, overloading it Bandwidth is quickly used up,preventing legitimate packets from getting their destinstion.
    18 : 18 Denial of Service
    19 : 19 Denial of Service Distributed Denial of Service Occures when multiple flood the bandwidth of targated system Same techniques as regular DoS, but on a much larger scale
    20 : DOS attack Ping flood It relies on ICMP echo command. Sending large no.of ping packet to overload victim computer Ping Death It is based on sending a malformed ping packet which may lead to a system crash 20
    21 : 21 Denial of Service Mini Case Study – CodeRed July 19, 2001: over 359,000 computers infected with Code-Red in less than 14 hours Used a recently known buffer exploit in Microsoft IIS Damages estimated in excess of $2.6 billion
    22 : 22 Denial of Service Why is this under the Denial of Service category? CodeRed launched a DDOS attack against www1.whitehouse.gov from the 20th to the 28th of every month! Spent the rest of its time infecting other hosts
    23 : Effects of DOS Consumption of computational resources,like disk space Disruption of configuration information,as routing info. Disruption state information Disruption of physical network component Obstruction of communication media between intended user and victim so they can not longer communicate adqutely. 23
    24 : 24 Denial of Service How can we protect ourselves? Ingress filtering If the source IP of a packet comes in on an interface which does not have a route to that packet, then drop it Stay on top of CERT advisories and the latest security patches A fix for the IIS buffer overflow was released sixteen days before CodeRed had been deployed!
    25 : 25 TCP Attacks Recall how IP works… End hosts create IP packets and routers process them purely based on destination address alone Problem: End hosts may lie about other fields which do not affect delivery Source address – host may trick destination into believing that the packet is from a trusted source Especially applications which use IP addresses as a simple authentication method Solution – use better authentication methods
    26 : 26 TCP Attacks TCP connections have associated state Starting sequence numbers, port numbers Problem – what if an attacker learns these values? Port numbers are sometimes well known to begin with (ex. HTTP uses port 80) Sequence numbers are sometimes chosen in very predictable ways
    27 : 27 TCP Attacks If an attacker learns the associated TCP state for the connection, then the connection can be hijacked! Attacker can insert malicious data into the TCP stream, and the recipient will believe it came from the original source Ex. Instead of downloading and running new program, you download a virus and execute it
    28 : 28 TCP Attacks Say hello to Alice, Mr. Big Ears and Bob. Alice Bob Mr. Big Ears
    29 : 29 TCP Attacks Alice and Bob have an established TCP connection
    30 : 30 TCP Attacks Mr. Big Ears lies on the path between Alice and Bob on the network He can intercept all of their packets
    31 : 31 TCP Attacks First, Mr. Big Ears must drop all of Alice’s packets since they must not be delivered to Bob. Packets The Void
    32 : 32 TCP Attacks Then, Mr. Big Ears sends his malicious packet with the next ISN (sniffed from the network) ISN, SRC=Alice
    :

    Presentation Tags

    Copyright © 2019 www.slideworld.com. All rights reserved.