Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Network Security Reasons to attack • Steal information • Modify information • Deny service (DoS) Targets • • • • • DB Servers Traffic Workstations Bandwidth Types of attack • Snooping: listening to data • Corrupting: modifying data • Spoofing: generate traffic that will be perceived as legitimate traffic • Denial of service DoS methods • Ping of death: offset in packet causes buffer overflow => memory corruption • Tear drop: misfragmented packet => OS crashes trying to reconstruct • Land: SYN w/ identical src and dest => loop • SYN attack/flood: massive number of SYNs IP Sec • Encryption + authentication • Authentication header (AH): authenticates non-variable part of frame (MD5 hash) • Encapsulation Security Payload (ESP): Encrypts payload (DES) Modes of operation: Tunnel • • • • GW to GW GWs need to be IPSEC enabled ESP encrypts initial frame AH authenticates non variable parts Modes of operation: Transport • • • • Host to host Hosts need to IPSEC enabled ESP encrypts payload AH authenticates non-variable part Encapsulation Security Associations • One-way connections => a communications requires 2 SA • Negotiation managed by IKE (Internet Key Exchange) => Dynamic and secure establishment of SA • IKE authenticates each peer in an IPSec transaction, negotiates security policy, and handles the exchange of session keys. Firewalls • Inside devices are not directly accessible from the outside • Filters traffic based on defined RULES (rules can apply to addresses, ports, protocols, etc… ) • Can be either software or hardware • Can not protect from everything DMZ • DeMilitarized zone • Private area that can be accessed from the outside (FTP or Web servers for example) • Different or no rules Firewall with DMZ + NAT