Lecture1-Basic of Network Security

download Lecture1-Basic of Network Security

of 31

description

Basic of Network Security

Transcript of Lecture1-Basic of Network Security

  • Network Threats And Attack Lab. *

  • Experiment List*

    S. No.Name of Experiments1.Study of various reconnaissance tools2.Study of packet sniffer tools3.Implement a code to simulate buffer overflow attack4.Download, install and use nmap for open port scan, tcp port scan, udp port scan and ping scan 5.Detect ARP spoofing using open source tool ARPWATCH6.Scan the network for vulnerabilities using NESSUS tool7.Create firewalls in Linux using iptables8.Install IDS (e.g. SNORT) and study the logs.9.Set up IPSEC under LINUX10.Mini project

  • *Network Security

  • *What is SecurityDictionary.com says:1. Freedom from risk or danger; safety.2. Freedom from doubt, anxiety, or fear; confidence.3. Something that gives or assures safety, as:1. A group or department of private guards: Call building security if a visitor acts suspicious.2. Measures adopted by a government to prevent espionage, sabotage, or attack.3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.etc.

  • *What is SecurityDictionary.com says:1. Freedom from risk or danger; safety.2. Freedom from doubt, anxiety, or fear; confidence.3. Something that gives or assures safety, as:1. A group or department of private guards: Call building security if a visitor acts suspicious.2. Measures adopted by a government to prevent espionage, sabotage, or attack.3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.etc.

  • *What is SecurityDictionary.com says:1. Freedom from risk or danger; safety.2. Freedom from doubt, anxiety, or fear; confidence.3. Something that gives or assures safety, as:1. A group or department of private guards: Call building security if a visitor acts suspicious.2. Measures adopted by a government to prevent espionage, sabotage, or attack.3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.etc.

  • *What is SecurityDictionary.com says:1. Freedom from risk or danger; safety.2. Freedom from doubt, anxiety, or fear; confidence.3. Something that gives or assures safety, as:1. A group or department of private guards: Call building security if a visitor acts suspicious.2. Measures adopted by a government to prevent espionage, sabotage, or attack.3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.etc.

  • *Why do we need security?Protect vital information while still allowing access to those who need itTrade secrets, medical records, etc.Provide authentication and access control for resourcesGuarantee availability of resources

  • *Who is vulnerable?Financial institutions and banksInternet service providersPharmaceutical companiesGovernment and defense agenciesContractors to various government agenciesMultinational corporationsANYONE ON THE NETWORK

  • Network ReconnaissanceNetwork Reconnaissance means obtaining information about the victimNetwork Reconnaissance, an "exploration or enumeration of network infrastructure including network addresses, available communication ports, and available services*

  • Vulnerability scannerA vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses.

    They can be run either as part of vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.*

  • Types Port scanner (e.g. Nmap)Network vulnerability scanner (e.g. Nessus)Web application security scanner (e.g w3af)Database security scanner Host based vulnerability scanner (Lynis)ERP security scanner (ERPScan)Single vulnerability tests*

  • *Common security attacks and their countermeasuresFinding a way into the networkFirewalls (iptables)Exploiting software bugs, buffer overflowsIntrusion Detection SystemsDenial of ServiceIngress filtering, IDS (snort)TCP hijackingIPSecPacket sniffingEncryption (SSH, SSL, HTTPS)Social problemsEducationSecure ShellSecure Socket Layer

  • *FirewallsBasic problem many network applications and protocols have security problems that are fixed over timeDifficult for users to keep up with changes and keep host secureSolutionAdministrators limit access to end hosts by using a firewallFirewall is kept up-to-date by administrators

  • *Firewalls

  • *Denial of ServicePurpose: Make a network service unusable, usually by overloading the server or networkMany different kinds of DoS attacksSYN floodingSmurfDistributed attacks

  • TCP handshaking*

  • *SYN flooding- Denial of ServiceThe attack involves having aclientrepeatedly send SYN (synchronization)packets to everyporton a server, using fakeIP addresses.

    The server responds to each attempt with a SYN/ACK (synchronization acknowledged)packetfrom each openport, and with a RST (reset) packet from each closed port.

    In a SYN flood, the ACK packet is never sent back by the hostile client. Instead, the client program sends repeated SYN requests to all the server's ports. A hostile client always knows a port is open when the server responds with a SYN/ACK packet.

  • SmurfA smurf attack is an exploitation of the Internet Protocol(IP) broadcast addressing to create a denial of service. The attacker uses a program called Smurf to cause the attacked part of a network to become inoperable.The smurf program builds a network packet that appears to originate from another address (this is known asspoofingan IP address). The packet contains an ICMP ping message that is addressed to an IP broadcast address.The echo responses to the ping message are sent back to the "victim" address. Enough pings and resultant echoes can flood the network making it unusable for real traffic.*

  • *Smurf-Denial of Service

  • Distributed DOSIn a typical DDoS attack, the attacker begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master, identifies and infects other vulnerable systems withmalware. Eventually, the attacker instructs the controlled machines to launch an attack against a specified target.A computer under the control of an intruder is known as azombie*

  • *TCP AttacksIf an attacker learns the associated TCP state for the connection, then the connection can be hijacked!Attacker can insert malicious data into the TCP stream, and the recipient will believe it came from the original sourceEx. Instead of downloading and running new program, you download a virus and execute it

  • *TCP AttacksSay hello to Alice, Bob and Mr. Big Ears

  • *TCP AttacksAlice and Bob have an established TCP connection

  • *TCP AttacksMr. Big Ears lies on the path between Alice and Bob on the networkHe can intercept all of their packets

  • *TCP AttacksFirst, Mr. Big Ears must drop all of Alices packets since they must not be delivered to Bob PacketsThe Void

  • *TCP AttacksThen, Mr. Big Ears sends his malicious packet with the next ISN(sniffed from the network)ISN, SRC=AliceInitial Sequence no.

  • *TCP AttacksHow do we prevent this?IPSecProvides source authentication, so Mr. Big Ears cannot pretend to be AliceEncrypts data before transport, so Mr. Big Ears cannot talk to Bob without knowing what the session key is

  • *Packet SniffingRecall how Ethernet works When someone wants to send a packet to some else They put the bits on the wire with the destination MAC address And remember that other hosts are listening on the wire to detect for collisions It couldnt get any easier to figure out what data is being transmitted over the network!

  • *Packet SniffingThis works for wireless too!In fact, it works for any broadcast-based medium

  • *Packet SniffingWhat kinds of data can we get?Asked another way, what kind of information would be most useful to a malicious user?Answer: Anything in plain textPasswords are the most popular

    *In other words, having systems in place beforehand which prevent attacks before they begin.*Related to the first definition, having peace of mind knowing that your systems are safe and protected.*This includes contingency plans for what to do when attackers strike, keeping up with the latest CERT advisories, hiring network security consultants to find insecurities in your network, etc.*Alice can send a RESET


Wireless Network Security CS/IT 818 Spring 2008setia/cs818/lectures/lecture1.pdf · Wireless Network Security CS/IT 818 Spring 2008 Sanjeev Setia ... Security Issues for Wireless

Wireless Network Security CS/IT 818 Spring 2008setia/cs818/lectures/lecture1.pdf · Wireless Network Security CS/IT 818 Spring 2008 Sanjeev Setia ... Security Issues for Wireless

Lecture1 PLC

Lecture1 PLC

Econ2450B,Lecture1: BasicsofWelfareEstimation · Econ2450B,Lecture1: BasicsofWelfareEstimation NathanielHendren HarvardandNBER Spring,2015 NathanielHendren (HarvardandNBER) Lecture1

Econ2450B,Lecture1: BasicsofWelfareEstimation · Econ2450B,Lecture1: BasicsofWelfareEstimation NathanielHendren HarvardandNBER Spring,2015 NathanielHendren (HarvardandNBER) Lecture1

Basic security & info

Basic security & info

Computer and Network Security - uCozramzi.ucoz.com/NetworkSecurity/lecture1.pdf · “Security” Most of computer science is concerned with achieving desired behavior Security is

Computer and Network Security - uCozramzi.ucoz.com/NetworkSecurity/lecture1.pdf · “Security” Most of computer science is concerned with achieving desired behavior Security is

CSN11111 Network Security Module Introduction40001507/CSN11111/Lecture1.pdf · CSN11111 – Network Security Module Introduction . ... CCNA Security Official Exam Certification Guide,

CSN11111 Network Security Module Introduction40001507/CSN11111/Lecture1.pdf · CSN11111 – Network Security Module Introduction . ... CCNA Security Official Exam Certification Guide,

Cisco Basic Security

Cisco Basic Security

Basic security(oracle)

Basic security(oracle)

Security Alg Basic

Security Alg Basic

Basic Economic Concepts-Lecture1

Basic Economic Concepts-Lecture1

Lecture1 Computer Security

Lecture1 Computer Security

BASIC SECURITY CONCEPTS What is security?

BASIC SECURITY CONCEPTS What is security?

Basic Concepts in Statistics - HKU Nursingnursing.hku.hk/biostats/tank/lecture1.pdf · 2018-12-06 · Basic Concepts in Statistics Daniel Y.T. Fong NURS8222 – Statistical Practice

Basic Concepts in Statistics - HKU Nursingnursing.hku.hk/biostats/tank/lecture1.pdf · 2018-12-06 · Basic Concepts in Statistics Daniel Y.T. Fong NURS8222 – Statistical Practice

Basic Security Computere

Basic Security Computere

Security of Wireless Networks - Inriaplanete.inrialpes.fr/~ccastel/COURS/OLD/Intro(Lecture1).pdf · Security of Wireless Networks Claude Castelluccia–INRIA –2008 Claude.castelluccia@inria.fr

Security of Wireless Networks - Inriaplanete.inrialpes.fr/~ccastel/COURS/OLD/Intro(Lecture1).pdf · Security of Wireless Networks Claude Castelluccia–INRIA –2008 [email protected]

Computer and Network Security - USFyliu21/Network Security/lecture1.pdfCourse Objectives •Understanding of basic issues, concepts, principles, and mechanisms in network security.

Computer and Network Security - USFyliu21/Network Security/lecture1.pdfCourse Objectives •Understanding of basic issues, concepts, principles, and mechanisms in network security.

Basic Financial Magt Lecture1

Basic Financial Magt Lecture1

Engineering Lecture1: Logic Circuits & Concepts about basic Electrical Engineering Devices by Christin Sander.

Engineering Lecture1: Logic Circuits & Concepts about basic Electrical Engineering Devices by Christin Sander.

Basic Security

Basic Security

Lecture1: Introduconto“ComputerVision”vision.stanford.edu/.../lectures/lecture1...cs131.pdf · Lecture 1 - !!! Fei-Fei Li! Lecture1: Introduconto“ComputerVision” Professor

Lecture1: Introduconto“ComputerVision”vision.stanford.edu/.../lectures/lecture1...cs131.pdf · Lecture 1 - !!! Fei-Fei Li! Lecture1: Introduconto“ComputerVision” Professor