network security major problems network security major problems why firewall? why firewall? problems...
TRANSCRIPT
Network Security Major ProblemsNetwork Security Major Problems Why Firewall?Why Firewall? Problems with FirewallsProblems with Firewalls What is an Intrusion Detector? What is an Intrusion Detector? Problems with Intrusion DetectorsProblems with Intrusion Detectors What is a Content Management Firewall?What is a Content Management Firewall? HACKTRAP FeaturesHACKTRAP Features Future TrendsFuture Trends DemoDemo
TopicsTopics
Network Security Major ProblemsNetwork Security Major Problems
Providing information confidentiality.Providing information confidentiality.
Providing data integrity.Providing data integrity.
Protecting network services Protecting network services availability.availability.
Why Firewall?Why Firewall?
Problems with FirewallsProblems with Firewalls
Checks packet headers ONLYChecks packet headers ONLY
Does NOT detect header intrusionsDoes NOT detect header intrusions
What is an Intrusion Detector?What is an Intrusion Detector?
A tool that detects intrusion A tool that detects intrusion attempts.attempts.
Alerts the network administrator with Alerts the network administrator with detected intrusions.detected intrusions.
Problems with Intrusion DetectorsProblems with Intrusion Detectors
Does NOT take permanent actionsDoes NOT take permanent actions
Does NOT block specific IPs and Does NOT block specific IPs and PORTsPORTs
Intrusion Detector
What is a Content Management What is a Content Management Firewall? Firewall?
A new approach of firewalls.A new approach of firewalls.
Combines the features of BOTH Firewalls Combines the features of BOTH Firewalls and Intrusion Detectors.and Intrusion Detectors.
Checks NOT ONLY packet’s header but Checks NOT ONLY packet’s header but contents as well.contents as well.
Blocks the source of the detected Blocks the source of the detected intrusions.intrusions.
HACKTRAPA content management firewall
IS OUR SOLUTION
HACKTRAP
HACKTRAP FeaturesHACKTRAP Features
Three Security LevelsThree Security Levels• FRA (FRA (Fast Response ActionFast Response Action) ) Firewall RulesFirewall Rules
• IDS (IDS (Intrusion Detection systemIntrusion Detection system) Alerts) Alerts
• ISS (Integrated security system) ISS (Integrated security system) feedback from IDS to FRAfeedback from IDS to FRA
External Network
External Network
Internal NetworkInternal Network
ISSISS
FRAFRA IDSIDS
1
2
3
1 3
HACKTRAP ModelHACKTRAP Model
Generate FRA
HACKTRAP FeaturesHACKTRAP Features
Dynamic Action GenerationDynamic Action Generation
FWRule
IDSPRule
IDMPRule
FRActions
• Administrator point of viewAdministrator point of view Add and Remove types of attacks.Add and Remove types of attacks. Different types of alerts : popup messages, Data Different types of alerts : popup messages, Data
base, XML format ,TCP dump format.base, XML format ,TCP dump format. Restrict and unrestrict hosts accessing firewall .Restrict and unrestrict hosts accessing firewall . Close and open different services (ports) for outside Close and open different services (ports) for outside
hosts. hosts.
• Developer point of viewDeveloper point of view Intrusions can be easily implementedIntrusions can be easily implemented
HACKTRAP FeaturesHACKTRAP Features
Future WorkFuture Work
Enhance for better performance.Enhance for better performance. Using iptables with the ipchains.Using iptables with the ipchains.
Using ACID to make a good analysis Using ACID to make a good analysis on the intrusion detection output to on the intrusion detection output to the data base and display neat the data base and display neat graphs representing it.graphs representing it.
Adding another output modules such Adding another output modules such as email & SMSas email & SMS..
InternetInternetLANLAN
Hacker
Web Server
Unix Server
InternetInternet
x y
yz
xy
Packet forwarding
And
NAT (Masquerading)
x y
x V
Z V
rule4
rule3
rule2rule1
Input
chain rule4
rule3
rule2
Forward
chain
rule4
rule3
rule2
Output
chainrouter
d
e
m
a
s
q
log host
Local process
DENY ACCEPT
ACCEPTACCEPT
+
preprocessor Attacks rules
Input chain
Forward chain
Output chain
Log file
Samba alert database Alert
file
DemoDemo
InternetInternetLANLAN
Hacker
Windows
Lunix
HACKTRAP