Download Title: First Slide in a Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
Document related concepts
no text concepts found
Transcript 
CNIT 221 Security 1 ver.2
Module 1
City College of San Francisco
Spring 2006
©
Cisco Systems,
Systems, Inc.
Inc. All
All rights
rights reserved.
reserved.
© 2004,
2005 Cisco
1
1
Network Security 1
Module 1 – Overview of
Network Security
© 2005 Cisco Systems, Inc. All rights reserved.
2
Learning Objectives
1.1 Introduction to Network Security
1.2 Introduction to Vulnerabilities, Threats,
and Attacks
1.3 Attack Examples
1.4 Vulnerability Analysis
© 2005 Cisco Systems, Inc. All rights reserved.
3
Module 1 – Overview of Network
Security
1.1 Introduction to Network Security
© 2005 Cisco Systems, Inc. All rights reserved.
4
The Closed Network
© 2005 Cisco Systems, Inc. All rights reserved.
5
The Network Today
© 2005 Cisco Systems, Inc. All rights reserved.
6
Network Security Models
© 2005 Cisco Systems, Inc. All rights reserved.
7
Trends that Affect Security
• Increase of network attacks
• Increased sophistication of attacks
• Increased dependence on the network
• Lack of trained personnel
• Lack of awareness
• Lack of security policies
• Wireless access
• Legislation
• Litigation
© 2005 Cisco Systems, Inc. All rights reserved.
8
Legal and Governmental
Policy Issues
Organizations that operate vulnerable
networks will face increasing and
substantial liability.
US Federal legislation mandating security
includes the following:
• GLB financial
services legislation
• Government Information Security
Reform Act
• HIPAA
• CIPA
© 2005 Cisco Systems, Inc. All rights reserved.
9
Module 1 – Overview of Network
Security
1.2 Introduction to Vulnerabilities,
Threats, and Attacks
© 2005 Cisco Systems, Inc. All rights reserved.
10
Network Vulnerabilities
• Technology
• Configuration
• Policy
© 2005 Cisco Systems, Inc. All rights reserved.
11
Threat Capabilities—More
Dangerous and Easier to Use
© 2005 Cisco Systems, Inc. All rights reserved.
12
Module 1 – Overview of Network
Security
1.3 Attack Examples
© 2005 Cisco Systems, Inc. All rights reserved.
13
Network Threats
• There are four general categories of security
threats to the network:
Unstructured threats
Structured threats
External threats
Internet
Internal threats
Dial-in
exploitation
Internal
exploitation
Compromised
host
© 2005 Cisco Systems, Inc. All rights reserved.
14
Four Classes of Network Attacks
Reconnaissance attacks
Access attacks
Denial of service attacks
Worms, viruses, and Trojan horses
© 2005 Cisco Systems, Inc. All rights reserved.
15
Specific Attack Types
• All of the following can be used to compromise your system:
Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms
© 2005 Cisco Systems, Inc. All rights reserved.
16
Reconnaissance Attacks
Network reconnaissance refers to
the overall act of learning
information about a target network
by using publicly available
information and applications.
© 2005 Cisco Systems, Inc. All rights reserved.
17
Packet Sniffers
Host A
Router A
Router B
Host B
• A packet sniffer is a software application that uses a network
adapter card in promiscuous mode to capture all network
packets. The following are the packet sniffer features:
Packet sniffers exploit information passed in clear text. Protocols
that pass information in the clear include the following:
•Telnet
•FTP
•SNMP
•POP
Packet sniffers must be on the same collision domain.
© 2005 Cisco Systems, Inc. All rights reserved.
18
Packet Sniffer Mitigation
Host A
Router A
Router B
Host B
• The following techniques and tools can be used to
mitigate sniffers:
Authentication—Using strong authentication, such as one-time
passwords, is a first option for defense against packet sniffers.
Switched infrastructure—Deploy a switched infrastructure to counter
the use of packet sniffers in your environment.
Antisniffer tools—Use these tools to employ software and hardware
designed to detect the use of sniffers on a network.
Cryptography—The most effective method for countering packet
sniffers does not prevent or detect packet sniffers, but rather renders
them irrelevant.
© 2005 Cisco Systems, Inc. All rights reserved.
19
IP Spoofing
– IP spoofing occurs when a hacker inside or outside a
network impersonates the conversations of a trusted
computer.
– Two general techniques are used during IP spoofing:
•
A hacker uses an IP address that is within the range
of trusted IP addresses.
•
A hacker uses an authorized external IP address that
is trusted.
– Uses for IP spoofing include the following:
•
IP spoofing is usually limited to the injection of
malicious data or commands into an existing stream
of data.
•
A hacker changes the routing tables to point to the spoofed
IP address, then the hacker can receive all the network
packets that are addressed to the spoofed address and
reply just as any trusted user can.
© 2005 Cisco Systems, Inc. All rights reserved.
20
IP Spoofing Mitigation
• The threat of IP spoofing can be reduced, but not eliminated,
through the following measures:
Access control—The most common method for preventing IP
spoofing is to properly configure access control.
RFC 2827 filtering—You can prevent users of your network from
spoofing other networks (and be a good Internet citizen at the same
time) by preventing any outbound traffic on your network that does
not have a source address in your organization's own IP range.
Additional authentication that does not use IP-based authentication—
Examples of this include the following:
Cryptographic (recommended)
Strong, two-factor, one-time passwords
© 2005 Cisco Systems, Inc. All rights reserved.
21
DoS Attacks
© 2005 Cisco Systems, Inc. All rights reserved.
22
DDoS Attack Example
© 2005 Cisco Systems, Inc. All rights reserved.
23
Password Attacks
• Hackers can implement
password attacks using
several different
methods:
Brute-force attacks
Dictionary Attacks
Trojan horse programs
IP spoofing
Packet sniffers
© 2005 Cisco Systems, Inc. All rights reserved.
24
Password Attack Example
• L0phtCrack can take the
hashes of passwords and
generate the clear text
passwords from them.
Passwords are computed
using two different methods:
Dictionary cracking
Brute force computation
© 2005 Cisco Systems, Inc. All rights reserved.
25
Password Attacks Mitigation
• The following are mitigation techniques:
Do not allow users to use the same password on multiple
systems.
Disable accounts after a certain number of unsuccessful login
attempts.
Do not use plain text passwords. OTP or a cryptographic
password is recommended.
Use “strong” passwords. Strong passwords are at least eight
characters long and contain uppercase letters, lowercase letters,
numbers, and special characters.
© 2005 Cisco Systems, Inc. All rights reserved.
26
Man-in-the-Middle Attacks
Host A
Host B
Data in clear text
Router A
Router B
A man-in-the-middle attack requires that the hacker have access
to network packets that come across a network.
A man-in-the-middle attack is implemented using the following:
Network packet sniffers
Routing and transport protocols
Possible man-in-the-middle attack uses include the following:
Theft of information
Hijacking of an ongoing session
Traffic analysis
DoS
Corruption of transmitted data
Introduction of new information into network sessions
© 2005 Cisco Systems, Inc. All rights reserved.
27
Man-in-the-Middle Mitigation
A man-in-the-middle attack
can only see cipher text
IPSec tunnel
Host A
Host B
Router A
ISP
Router B
• Man-in-the-middle attacks can be effectively mitigated
only through the use of cryptography (encryption).
© 2005 Cisco Systems, Inc. All rights reserved.
28
Application Layer Attacks
• Application layer attacks have the following
characteristics:
Exploit well known weaknesses, such as protocols, that are
intrinsic to an application or system (for example, sendmail,
HTTP, and FTP)
Often use ports that are allowed through a firewall (for example,
TCP port 80 used in an attack against a web server behind a
firewall)
Can never be completely eliminated, because new vulnerabilities
are always being discovered
© 2005 Cisco Systems, Inc. All rights reserved.
29
Application Layer Attacks Mitigation
• Some measures you can take to reduce your risks
are as follows:
Read operating system and network log files, or have them
analyzed by log analysis applications.
Subscribe to mailing lists that publicize vulnerabilities.
Keep your operating system and applications current with the
latest patches.
IDSs can scan for known attacks, monitor and log attacks, and in
some cases, prevent attacks.
© 2005 Cisco Systems, Inc. All rights reserved.
30
Trust Exploitation
© 2005 Cisco Systems, Inc. All rights reserved.
31
Trust Exploitation Mitigation
Systems on the outside of
a firewall should never be
absolutely trusted by
systems on the inside of a
firewall.
SystemA
User = psmith; Pat Smith
Hacker
blocked
SystemB
compromised
by a hacker
User = psmith; Pat
Smith
Such trust should be
limited to specific
protocols and should be
validated by something
other than an IP address
where possible.
Hacker
User = psmith; Pat Smithson
© 2005 Cisco Systems, Inc. All rights reserved.
32
Port Redirection
© 2005 Cisco Systems, Inc. All rights reserved.
33
Unauthorized Access
Unauthorized access includes any unauthorized attempt to access a private resource:
Not a specific type of attack
Refers to most attacks executed in networks today
Initiated on both the outside and inside of a network
The following are mitigation techniques for unauthorized access attacks:
Eliminate the ability of a hacker to gain access to a system
Prevent simple unauthorized access attacks, which is the primary function of a firewall
© 2005 Cisco Systems, Inc. All rights reserved.
34
Virus and Trojan Horses
Viruses refer to malicious software that are attached to another
program to execute a particular unwanted function on a user’s
workstation. End-user workstations are the primary targets.
A Trojan horse is different only in that the entire application was
written to look like something else, when in fact it is an attack
tool. A Trojan horse is mitigated by antivirus software at the user
level and possibly the network level.
© 2005 Cisco Systems, Inc. All rights reserved.
35
Module 1 – Overview of Network
Security
1.4 Vulnerability Analysis
© 2005 Cisco Systems, Inc. All rights reserved.
36
Auto Secure
To secure the management and forwarding planes of the router,
use the auto secure command in privileged EXEC mode.
auto secure [management | forwarding] [no-interact]
Syntax Description
• management (Optional) Only the management plane will be
secured.
• forwarding (Optional) Only the forwarding plane will be
secured.
• no-interact (Optional) The user will not be prompted for any
interactive configurations. If this keyword is not enabled, the
command will show the user the noninteractive configuration
and the interactive configurations thereafter.
© 2005 Cisco Systems, Inc. All rights reserved.
37
©
Cisco Systems,
Systems, Inc.
Inc. All
All rights
rights reserved.
reserved.
© 2005,
2005 Cisco
38
38
Related documents
If your staff need to upgrade or re
If your staff need to upgrade or re
JOB DESCRIPTION NETWORK ADMINISTRATOR
JOB DESCRIPTION NETWORK ADMINISTRATOR
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Cisco PWR-C45-1000AC= power supply unit (PWR
Cisco PWR-C45-1000AC= power supply unit (PWR
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Course Overview
Course Overview
Ch10b
Ch10b
Alexander-Ereweles-CV
Alexander-Ereweles-CV
Learning Services
Learning Services
Rex Spell - rabidcat.org
Rex Spell - rabidcat.org
No Slide Title
No Slide Title
O L G A F O S T... Inside Sales Account Manager
O L G A F O S T... Inside Sales Account Manager