PROTECTION THROUGH NETWORK
SECURITY
Justin David G. Pineda, C|EH
Pamanatasan ng Lungsod ng Pasig
February 26, 2015
TOPICS FOR TODAY:
The information security discipline
Network security components
Network security attacks
Careers in network security
IN THE NEWS…
1. THE INFORMATION SECURITY DISCIPLINE
WHAT IS THE DIFFERENCE BETWEEN IT
SECURITY AND INFOSEC?
IT SECURITY
Hardware
Firewalls
Software
Anti-virus
Encryption
INFOSEC
I.T. Security
Physical Security
Personnel Security
Risk Management
Business Continuity
Laws & Regulations
WHAT IS INFORMATION SECURITY?
WHAT IS INFORMATION SECURITY?
(ISAAC & ISAAC, 2003)
Confidentiality – Protection from unauthorized disclosure.
Integrity – Protection of resources from modification.
Availability – Protection from Denial of Service (DoS)
EXAMPLE SITUATIONS
• Use of dogs and gates
• DBA modifies DB contents
• Use of biometrics,
username & password
• Blackout
SECURITY SERVICE AND MECHANISMS
Security Service – how objectives are manifested.
Security Mechanisms – solutions we can implement in the enterprise. Inconvenient Truth:
1.You cannot protect everything from everyone.
2.There are not enough resources and money in the world to totally mitigate all risks.
3.Focus on protecting the most important information first, that which must be protected, and that with the highest risk.
SERVICE & MECHANISM EXAMPLE
Goal: I want to focus on physical security
Security Services: (1)Personnel security; (2)
Access control
Security Mechanisms: (1) Security clearance,
training, rules of behavior; (2) Biometrics,
proximity card, mantraps;
OPERATIONAL MODEL OF SECURITY
(CONKLIN ET AL, 2011)
For many years, the focus was on prevention.
Protection = Prevention
For example: Use of Firewall or Gates
OPERATIONAL MODEL (CONT’D)
But what are the realities of a network
environment?
How about Zero-day attacks?
How about DDoS on port 80?
DEFENSE-IN-DEPTH
2. NETWORK SECURITY COMPONENTS
NETWORK VS. HOST SECURITY
Host Security
Refers to a single device
Network Security
Refers to group of devices connected to a network
3-WAY HANDSHAKE
Photo Credit: http://en.wikipedia.org/wiki/SYN_flood
FIREWALL
Preventive tool
Enforces a security policy (What should be
allowed? What should not be allowed?)
Usually placed at the start of the local area
network (LAN).
Uses Access Control List (ACL) and enforces an
Implicit Deny rule.
Photo Credit: https://dessoiii.wordpress.com
FIREWALL TOPOLOGY
Photo Credit: https://technet.microsoft.com
TYPES OF FIREWALLS
Packet Filtering Firewall
Checks the following information: source and
destination IP address, source and destination port
address, protocols.
Example: If somebody will access the school’s web
server, what port should I allow in the firewall?
LIMITATION
SYN FLOOD
Photo Credit: http://en.wikipedia.org/wiki/SYN_flood
TYPES OF FIREWALLS
Packet Inspection Firewall
Also known as the Stateful firewall
Checks for the session state of the connection
Maintains a state table
HOW IT WORKS
Photo Credit: http://rumyittips.com/what-is-stateful-packet-inspection-firewall/
TYPES OF FIREWALLS
Application Firewall
Also known as the Proxy firewall.
Checks data up to the Application Level.
Photo Credit: http://cookbook.fortinet.com/web-rating-overrides/
WHICH FIREWALL SHOULD BE USED IN YOUR
NETWORK?
INTRUSION DETECTION SYSTEM (IDS)
Detective Control
Usually placed after the firewall
Checks traffic based on signatures
Checks for anomalous traffic
Open source type: Snort
IDS TOPOLOGY
Photo Credit: http://www.digitalundercurrents.com/
IDS ENGINES
Signature-based Engine
Checks for known malicious traffic that won’t be
checked by the firewall.
Photo Credit: http://hackertarget.com/xss-tutorial/
IDS ENGINES
Anomaly-based Engine
Checks for abnormal traffic and unusual behavior
and patterns.
Photo Credit: http://www.stationx.net/firewall-test-agent/
HONEYPOT
Intentionally vulnerable network for hackers to
mislead them into thinking they have gain
unauthorized access into the company network.
HONEYPOTS
Photo Credit: http://www.isaserver.org/articlestutorials/articles/2004multidmzp1.html
USUAL CORPORATE NETWORK TOPOLOGY
Photo Credit: http://imgarcade.com/1/dmz-network-topology/
3. COMMON NETWORK ATTACKS
IF NETWORK SECURITY SOLUTIONS ARE
IMPLEMENTED, ARE WE TOTALLY SECURED?
ZERO-DAY ATTACKS
Attacks that are not known.
HOW DOES A VULNERABILITY GET DISCOVERED
AND FIXED?
IN THE HEADLINES…
SOCIAL ENGINEERING
Humans are the weakest link in the security
chain.
90% success rate in achieving hacking goals.
Uses cognitive biases and psychological
triggers.
Photo credit: http://www.thewindowsclub.com/social-engineering-techniques
EAVESDROPPING
Being able to sniff packets that might contain
critical or sensitive information.
Best Solution: Encryption
DENIAL-OF-SERVICE ATTACKS
Distributed Denial of Service (DDoS) is more
dangerous.
Photo credit: http://ahmedccna.blogspot.com/2012/03/certified-ethical-hacking.html
4. CAREERS IN NETWORK SECURITY
SUGGESTED INITIATIVES FOR SCHOOLS
Include INFOSEC as a subject in CS/IT courses.
INFOSEC is a combination of critical thinking,
software development, server administration,
network engineering etc.
Partner with ISSA and create a student chapter
to be updated with current IT trends and
demands.
JISSA FEATURES
http://issaph.org/jissa/?view=featured
INFOSEC STATUS IN THE PH
Relatively young in the PH
High demand for security professionals
Supply is relatively low compared to other IT
roles.
Security Operations/Information Risk Manager
is starting to become an independent
department.
CS/IT FACTS
CS/IT doesn’t have a board exam.
You need certifications to prove your expertise.
(getting a driver’s license)
You need to practice what you learned.
Certifications are internationally recognized.
Certifications will help you professionally.
Goal: Specialist to Management
SECURITY OR FREEDOM?
PRIVACY ISSUES
Are we being watched?
LAST… MORE REGULATIONS
Explore the cybercrimes
Create meaningful laws that
would “really” benefit the public.
Public, specifically Filipinos,
must be protected when
transacting online.
Q&A