Unit 4: Logistics1 Unit 4 Logistics Dr. Supakorn Kungpisdan.
NETE46301 NETE4630 Advanced Network Security and Implementation Supakorn Kungpisdan...
-
Upload
rhoda-hines -
Category
Documents
-
view
230 -
download
5
Transcript of NETE46301 NETE4630 Advanced Network Security and Implementation Supakorn Kungpisdan...
NETE46302
Course Descriptions
• Lecture: Sunday 12.30PM-3.30PM• Lab: Sunday 3.30PM-6.30PM
• Textbooks– M. Gregg et al., Hack the Stack: Using SNORT and
Ethereal to Master the 8 Layers of An Insecure Network, Syngress, 2006, ISBN 1-59749-109-8
• http://www.msit.mut.ac.th/
NETE46303
Course Information (cont’d)
• Evaluation– Quizzes 20%– Assignment 10%– Project 30%– Final exam 40%
NETE46304
Course Outline
1. Extending OSI to Network Security2. Securing Physical Layer3. Securing Data Link Layer4. Securing Network Layer5. Securing Transport Layer6. Securing Session Layer7. Securing Presentation Layer8. Presentation#19. Securing Application Layer10. Securing People Layer11. Cryptanalysis12. Advanced Cryptographic Protocols13. Advanced Topic#1: Mobile Payments14. Advanced topic#2: Access Controls and Authentication15. Presentation#2
NETE46305
Lab Works 30%
• Group projects• Check out the list of assigned security project
during the lab class• A number of progresses must be reported• Project demonstration periodically• Submit a report of the project assigned
NETE463010
People Layer
• Social Engineering Attacks• Dumpster Diving• Attacks usually takes on one of the following angles:
– Diffusion of Responsibility: I know the policy is not to give out passwords, but I will take responsibility for this
– Identification: We both work for the same company; this benefits everyone
– Chance for Ingratiation: This is a win-win situation. The company is going to reward you for helping me in this difficult situation
– Trust Relationships: Although I am new here, I am sure I have seen you in the break room
– Cooperation: Together we can get this done– Authority: I know what the policy is; I drafted those policies and
I have the right to change them
NETE463011
Application Layer
• Traditional network applications are vulnerable to several attacks:– FTP: sniffing cleartext passwords– Telnet: sniffing cleartext passwords– SMTP: spoofing and spamming– DNS: DNS poisoning– TFTP: lack of session management and
authentication– HTTP: stateless connection– SNMP: community strings are passed in cleartext and
default community strings are well-known
NETE463012
Session Layer
• Windows NT LanMan (NTLM) authentication system has a weak encryption (NTLM password can be cracked in less than 1 second)
• To create an NTLM password: 1. Password is stored in uppercase2. Pad the password to 14 characters3. Divided into seven character parts and hash them4. Concatenate two hash values and store as a LAN
Manager (LM) hash, which is stored in the SAM.• Session hijacking
NETE463013
Session Layer (cont.)
• NetBIOS allows applications of different systems to communicate through the LAN
• Hosts using NetBIOS systems identify themselves using a 15-character unique name.
• NetBIOS is used in conjunction with SMB, which allows for the remote access of shared directories and files.
• It also givers attackers the ability to enumerate systems and gather sue names and accounts, and share information
• Almost every script kiddie and junior league hacker has exploited the net use command
NETE463014
Transport Layer
• UDP is connectionless; it is vulnerable to DoS and easy to spoof
• TCP allows hackers to gather information about targets– From illegal flag settings, NULL and XMAS, to SYN
and RST, TCP helps attackers identify services and operating systems
NETE463015
Network Layer
• IPv4 has no security services built in• Vulnerable to various attacks:
– Source routing– DoS– Idle scan (or IPID scan)– Smurf Dos attack on ICMP protocol– Convert channel on ICMP protocol using Loki
• IPSec is now a component of IPv6
NETE463016
Data Link Layer
• Address Resolution Protocol (ARP) resolves logical to physical addresses
• Vulnerable to ARP Poisoning and passive sniffing
NETE463017
Physical Layer
• An open port in the conference room, or an unused office could be the foothold needed to breach the network or gain access to a server
• If someone gains physical access to an item, they can control it.
NETE463019
Countermeasure Found in Each Layer
• Virus Scanners• PGP• S/MIME• Privacy Enhanced Mail (PEM)• SSH• SET• Terminal Access Controller
Access Control System (TACACS)
• Kerberos• SSL and TLS• Windows Sockets (SOCKS)
• Secure RPC (S/RPC)• IPSec• PPTP• Challenge Handshake
Authentication Protocol (CHAP)
• Wired Equivalent Privacy (WEP)
• Wi-Fi Protected Access (WPA)• Packet Filters• NAT• Fiber Cable• Secure Coding
NETE463021
Physical Security
• Egyptians used locks more than 2,000 years ago. It the information is important, it was carved in stone or later written on paper
• The loss of information usually meant the loss of critical assets, because knowledge is power
• Even when information was not in transit, many levels of protection were typically used to protect it– including guards, walls, dogs, motes, and fences
NETE463022
Communications Security
• A means of communication security was found in the discovery of encryption– Skytale– ATBASH
• In the ninth century, Abu al-Kindi published “A Manuscript on Deciphering Cryptographic Messages”
• National Security Agency (NSA) became involved at the beginning of the twentieth century
• William Frederick Friedman, on of the best cryptologists of all time, helped break Japanese cryptographic schemes
NETE463023
Signal Security
• Coreless phone had no security. It is easy to intercept conversation
• Early cell phones were also easily intercepted• TEMPEST program, a US-led initiative designed
to develop shielding for equipment to make it less vulnerable to signal theft
• Spread Spectrum technology improves security and reliability– Direct-sequence Spread Spectrum (DSSS)– Frequency-hopping Spread Spectrum (FHSS)
NETE463024
Computer Security
• Computer Security is focused on secure computer operations
• A number of access control models:– Bell LaPadula model was designed to protect
confidentiality of information– Clark Wilson model was the first integrity
model• Separation of Duties: subjects must access data
through an application, and auditing is required
NETE463025
Computer Security (cont.)
• Trusted Computing System Evaluation Criteria (TCSEC) known as “Orange Book” defines confidentiality of computer systems according to the following scales:– A: Verified Protection: The highest security division– B: Mandatory Security: Has mandatory protection of
the TCB– C: Discretionary Protection: Provides discretionary
protection of the TCB– D: Minimal Protection: Failed to meet any of the
standards of A, B, or C; has to security controls
NETE463026
Network Security
• Need for network security was highlighted by the highly successful attacks e.g. Nimda, CodeRed, and SQL Slammer
• Such exploits highlight the need for better network security
• Several tools have been deployed to prevent such attacks
NETE463027
Information Security
• Only physical security, communication security, signal security, compute security, and network security are not enough to solve all security risks
• Only when combined together and examined from the point of information security can we start to build a complete picture.
NETE463028
Information Security (cont.)
• It also requires – senior management support, – good security policies, – risk managements, – employee training, – vulnerability testing, – patch management, – good code design, and so on
NETE463029
Vulnerability Testing
• Vulnerability Testing includes a systematic examination of an organization’s network, policies, and security controls
• The purpose is to – determine the adequacy of security measures, – identify security deficiencies, – provide data from which to predict the effectiveness
of potential security measures, – confirm the adequacy of such measures after
implementation
NETE463030
Security Testing
• Security Audits
• Vulnerability Scanning
• Ethical Hacks (Penetration Testing)
• Stolen Equipment Attack
• Physical Entry
• Signal Security Attack
• Social Engineering Attack
NETE463031
Security Testing (cont.)
• Open Source Security Testing Methodology Manual (OSSTMM) divides security reviews into six key points:– Physical Security– Internet Security– Information Security– Wireless Security– Communications Security– Social Engineering
NETE463032
Finding and Reporting Vulnerabilities
• During security testing, it is necessary to keep management know about it. Do not let them know at the completion of the testing
• Need to report findings before developing a final report• Focus on what is found and its potential impact, not on
its solutions• People don’t like to hear about problems• www.cert.org has developed a way to report
anonymously at www.cert.org/reporting/vulnerability_form.txt
NETE463033
Task
• Work in a group of ten students
• Spend 3 minutes on the following tasks:– 5 people draw a picture that represents an
organization network with best security implementation
– 5 people draw a picture that represents the current status of your organization’s network