Download Security in network

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
Document related concepts

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Internet protocol suite wikipedia , lookup

IEEE 1355 wikipedia , lookup

Computer network wikipedia , lookup

Network tap wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Airborne Networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Computer security wikipedia , lookup

Cross-site scripting wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wireless security wikipedia , lookup

Distributed firewall wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Security in network
• Outline
• Threats in network
• Network security controls
• Firewalls
• Intrusion detection system
• Secure E-Mail
• Networks and Cryptography
• Example protocol: PEM, SSL, IPSec
• Conclusion
What makes network
vulnerable ?
--Anonymity.
Attacker can mount attack from thousands of
miles
away. Therefore attacker is safe behind an
electronics shield.
– Many point of attack.
– Sharing resources.
– Complexity of system:
(different OS on n/w)
– Unknown perimeter:
(uncertainty about n/w boundary)
– Unknown path.
Who attacks Network?
•
•
Three necessary components of an
attack: MOM.
We consider motive of an attacker
1.
2.
3.
4.
Challenge or power
Fame (recognition for attackers activity)
Money
Ideology (to do harm)
Threat Precursors
how attackers commit their attack?
• Port scan:
• Which service is running or open
• What OS installed
• Version of application
• Social Engineering:
• Involves using social skills to get someone to
reveal security relevant information.
• Attacker often impersonates someone inside the
organization
• Try to know internal details.
Cont….
• Reconnaissance:
• Is a general term for collecting information from
various sources.
• Commonly used technique is called “dumpster
diving”: looking at the items that have been
discarded in rubbish bins.
• OS and Application Fingerprints
• Attacker passes false request to get the type of OS
and which version of Application is running as a
response
Cont…
• Bulletin boards and chats
• Supports exchange of information
• Attacker can post their latest exploits and
techniques.
• Read what others have done and search for
additional information.
Threats in transit
• Eavesdropping and wiretapping.
• Eavesdropping: implies overhearing without expending
extra effort.
• Wiretapping: intercepting communications
• Passive wiretapping: just listening
• Active wiretapping: injecting something into the
communications.
• In cable: by the process called inductance an intruder can
tap a wire and read radiated signals without making physical
contact with cable.
• A device called packet sniffer can retrieve all packets on the
LAN
– Solution: Encryption should be applied to all
communication
Protocol flaws
• Protocols are publicly available
• Impersonation:
• easier than wiretapping
• Impersonate another person or process.
• In this, attacker can guess the identity and
authentication details of the target.
• Disable the authentication mechanism at the
target.
• Use a target whose authentication data are known.
Cont…
• Authentication foiled by guessing.
– Default password guesses.
• Well known Authentication
• Some passwords is used to allow its remote maintenance
personnel to access any of its computer any where in the
world.
• Like one system admin account installed on all computers
and default password.
• Spoofing:
• Impersonation: falsely represents a valid entity in a
communication.
• Spoofing: when an attacker falsely carries on one end of
networked interchange.
• Examples: Masquerading, session hijacking, and man-inthe-middle attack.
Cont..
• Masquerade:
• One host pretend to be another.
• Ex. URL masquerading, IP masquerading
• Session hijacking:
• Intercepting and carrying on a session begun by
another entity
• Man in the middle attack:
Message confidentiality threat
– Eavesdropping and impersonation attack can
lead to a confidentiality and integrity failure.
• Some of the vulnerability that can affect
the confidentiality are:
• Misdelivery: message Lost, flaws in the h/w, s/w.
destination IP address modification, etc.
• Exposure: message may be exposed at switches,
routers, gateways and intermediate hosts. Passive
wiretapping.
• Traffic flow analysis: message exists is itself is
important and sensitive
Message Integrity threat
• Falsification of messages:
• attacker may change some or all content of
message.
• Replace, change, redirect, combine pieces of
different messages into one, destroy message, etc.
• Noise:
• Communication signal are subject to interference
from other traffic, lightning, electric motors,
animals, etc. These are inevitable.
Cont..
• Web site defacement
• Whole HTML code is accessible and downloadable.
– The website vulnerability enables attacks
known as:
– Buffer overflow: On website with excess of
data.
– Dot-Dot and address problems
• http://URL/null.htm?dotwebfile==/../../../..wint/syste
m32/autoexec.nt.
– Application code Errors: claver attacker can
edit the URL in the address window and
change the parameter.
Denial of service (DOS)
• That is threat to availability of service.
• Transmission failure.
• Connection flooding
•
•
•
•
•
TCP/UDP
ICMP: ping (request Destination Reachability).
echo (return same data as a reply)
Destination unreachable.
Source quench: destination saturated so, source
should suspend sending packet for a while.
Cont..
• We examine how two of these protocols can be
used to attack a victim.
• Echo-chargen:
• This attack works between two hosts
• Chargen is a protocol that is used to generate packet and to
test the capacity of network.
A
echo
reply
B
A and B puts the
n/w in endless loop
If the attackers makes B both source and destination.
B hangs in loop constantly replying to its own messages
Cont..
• Ping to Death attack.
• If attacker on 100 MB connection and victim is on
10 MB. Attacker easily flood victims network.
– Smurf attack: variation the Ping to death attack
• Attacker select the network of victim, then attacker
spoofs the source IP address in the ping packet,
so that it appears to come from the victim.
• Then attacker sends this request to the network in
broadcast mode by setting host id to all 1’s.
Cont…
• Syn flood attack.
• Uses the TCP protocol. Session establised with
three way handshake
• Here, attacker sends many syn packets to victim
and never respond with ack. Thereby filling the
victims syn-ack queue.
• Other way is by spoofing non existing source IP
address.
• Distributed DOS
Network security controls
• Design and implementation
• Architecture
• encryption
Types of Firewalls
•
•
•
•
•
Packet filter
Stateful Inspection firewall
Application proxy gateway
Guard
Personal firewall.
Related documents
Hands on Demonstration for Testing Security in Web Applications
Hands on Demonstration for Testing Security in Web Applications
Forms of Network Attacks
Forms of Network Attacks
Integrity - Andrew.cmu.edu
Integrity - Andrew.cmu.edu
Representatives from 196 nations made a historic pact Saturday
Representatives from 196 nations made a historic pact Saturday
BUNDLE PROTOCOL
BUNDLE PROTOCOL
20121101
20121101
ppt - College of Engineering | SIU
ppt - College of Engineering | SIU
Attacking 802.11 Networks
Attacking 802.11 Networks
CIS 450 – Network Security
CIS 450 – Network Security
Df-pn - Imai Laboratory
Df-pn - Imai Laboratory
Sniffing/Spoofing - Dr. Stephen C. Hayne
Sniffing/Spoofing - Dr. Stephen C. Hayne
Understanding Embedded Security
Understanding Embedded Security