co1-101 網路安全概論itcproject1.npust.edu.tw/isms/lecture/資安技術/網路安全... ·...
TRANSCRIPT
-
CO1CO1--101 101
-
Web Mail
DNS FTP
ADSL Modem
Internet
(DMZ)
Intranet Web File Server
DataBase Server
IDS
IDS
VPN
SSL
-
2
4
3
1
-
:NIMDAKLEZ
-
(Confidentiality)
(Integrity)
(Availability)
(Accountability)
(Authenticity)
(Reliability)
(Non-Repudiation)
-
()
-
- E-MailNewsWhois
- Ex. icst.org.tw
-
NmapOSService
CheopsOS
NessusHScan
-
WebDAVRPC
-
Legion, NetBIOS Audition Tool
Tools: pwdump2, L0phtCrack, John
-
Keylogger
POP3SMTPFTP
/
Winlogon
Password Dump
user
Rootkit
-
elusive
AttribNTFS file streaming
-
- DoS(Denial of Service)
-DDoS(Distributed Denial of Service)
2000(Yahoo, amazon, ebay, CNN, E-trade)
2001
-
CPU
(Distributed Denial of Service, DDoS)
-
DDoSDoS
DoS
DDoSDDoS
-
DoSDoSDDoSDDoS
DoS/DDoS
DoS/DDoSIP(IP)
()
-
(1/5)(1/5)
26Blaster()2003
18Sasser()2004
185Slammer2003
336Nimda()2001
worm
worm
-
2003Slammer
2003Blaster
2004MyDoom
MyDoom.A(NovargShimgapi )
30100
1/26361
(2/5)(2/5)
-
Denial of Service
(3/5)(3/5)
-
(Instant Message)peer-to-peer networking
MSNICQKuro
(4/5)(4/5)
-
(5/5)(5/5)
Wireless Local Network Area, WLAN(Open System Authentication)
WEPAd Hocdrive-by hacking
-
Note
-
criticalserioushighmediumlow
--NessusNessus(1/2)(1/2)
-
--NessusNessus(2/2)(2/2)
Vulnerability found on port microsoft-ds (445/tcp)The hotfix for the 'Malformed request to index server'problem has not been applied.
This vulnerability can allow an attacker to execute arbitrarycode on the remote host.
Solution : See http://www.microsoft.com/technet/security/bulletin/ms01-025.aspRisk factor : SeriousCVE : CVE-2001-0244
-
??
-
(Firewall)(Firewall)
(Packet Filter)
Source IP AddressDestination IP AddressSource TCP/UDP PortDestination TCP/UDP Port
-
(Proxy Server)
,
(Proxy Server)(Proxy Server)
-
IDSIDS(1/2)(1/2)
3
:
-
IDSIDS(2/2)(2/2):
(Anomaly Detection)
(Misuse Detection)(signatures)pattern
(Host)(Network)
-
IDS(kernel)
HostHost--Based DetectionBased Detection
-
promiscuous mode
Web Internet Server
DNS FTP
Internet
(DMZ)(DMZ)
Intranet Web File Server
(INTRANET)
DataBase Server
IDS
IDS
NetworkNetwork--Based DetectionBased Detection
-
/log ScriptSQL
Slammer SQL Service
TCP ResetTCP
(1/2)(1/2)
-
(2/2)(2/2)
IDS
-
(1/2)(1/2)
Signature-basedSignature
Drop packets
-
(2/2)(2/2)
-
IPSIPS(1/2)(1/2)IPS(Intrusion Prevention System)
deep packet inspectionOSI 4 7 TCP/IP
in-line modeIPS IPS
IDS sniff modeIDS
In-line mode
-
IPSIPS(2/2)(2/2)
real-time detectionIPS IDS
proactive prevention
wire-line speedIPS IPS
-
(VPN)(VPN)Internet(Virtual Private Network)
InternetInternet
-
VPNVPNVPNTunneling Encryption Authentication
-
Internet
ISP T1
ISP
ISP ADSLCableT1
ISP ADSLCable
VPN
(1/2)(1/2)
-
SSID(Service Set ID)
SSID(Access PointAP)
SSIDSSID
WEP(wired equivalent privacy)(MAC Address)
(2/2)(2/2)
-
(SSID) ANY
SSID
War Driving
War Chalking
-
ANY SSID
SSID
SSID SSID
-
(Cryptanalysis)
-
(Access Point)SSID
802.1X
-
(1/2)(1/2)
-
(2/2)(2/2)
SSLVPN