Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download CPSC 6126 Computer Security
Document related concepts
Wireless security wikipedia , lookup
Mobile security wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Unix security wikipedia , lookup
Denial-of-service attack wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Firewalls Firewall sits between the corporate network and the Internet • Prevents unauthorized access from the Internet • Facilitates internal users’ access to the Internet Firewall OK No Access only if Authenticated Firewalls Packet Filter Firewalls • Examine each incoming IP packet • Examine IP and TCP header fields • If bad behavior is detected, reject the packet • No sense of previous communication: analyzes each packet in isolation IP Firewall IP Packet Firewalls Application (Proxy) Firewalls • Filter based on application behavior • Do not examine packets in isolation: use history In HTTP, for example, do not accept a response unless an HTTP request has just gone out to that site Application Firewalls Application (Proxy) Firewalls • Hide internal internet addresses • Internal user sends an HTTP request • HTTP proxy program replaces user internet address with proxy server’s IP address, sends to the webserver HTTP Request Request with Proxy Server’s IP Address Firewalls Application (Proxy) Firewalls • Webserver sends response to proxy server, to proxy server IP address • HTTP proxy server sends the IP packet to the originating host • Overall, proxy program acts on behalf of the internal user HTTP Response Response to Proxy Server’s IP Address Firewalls Why Hide Internal IP Addresses? • The first step in an attack usually is to find potential victim hosts • Sniffer programs read IP packet streams for IP addresses of potential target hosts • With proxy server, sniffers will not learn IP addresses of internal hosts Sniffer Host IP Address False IP Address Firewalls Application Firewalls • Need a separate program (proxy) for each application • Not all applications have rules that allow filtering Intrusion Detection Intrusion detection software to detect and report intrusions as they are occurring • Lets organization stop intruders so that intruders do not have unlimited time to probe for weaknesses • Helps organization assess security threats • Audit logs list where intruder has been: vital in legal prosecution Intrusion Detection Signature-based IDS – performs simple pattern-matching and report situtations that match a pattern corresponding to a known attack type Heuristic IDS (anomaly based) – build model of acceptable behavior and flag exceptions to that model Intrusion Detection Network-based IDS – stand-alone device attached to the network to monitor traffic throughout network Host-based IDS – runs on a single workstation or client or host, to protect that one host Default-Deny Posture Perimeter Settings: block all protocols except Internal Settings: block all unnecessary traffic Security Configurations: harden servers & those expressly permitted [i.e. SMTP(25), DNS(53), HTTP(80), SSL(443),…] between internal network segments, remote & VPN connections workstations to run only necessary services and applications Segment Networks Patch Management
