Network Security

Techniquesby

Bruce Roy Millard

Division of Computing Studies

Arizona State University

Bruce.Millard@asu.edu

What is Network Security

• Hardware – computers, routers, etc

• Networks – ethernet, wireless

• Communication

• Intruders

• Mitigation

What is Network Security

Hardware• Workstation

• Servers (and load balancers)

• Printers (and other shared devices)

• Routers/switches/hubs

• Security devices (firewalls, IDS, etc)

What is Network Security

Networks• Connectivity

• Ethernet (cable, DSL, TP, 1Gbps & up)

• Wireless (radio waves, 802.11?, satellite)

• LAN, CAN, MAN, WAN, PAN

• Internet

What is Network Security

Communication• E-mail

• FTP

• HTTP/HTML

• Voice, video, teleconferencing

• SSH/SCP

What is Network Security

Intruders

What is Network Security

Intruders• Eavesdroppers

• Insertion

• Hijacking

• Spoofing

• Denial of Service

• Trojan horse software

• Lurkers (viruses and worms)

What is Network Security

Mitigation

• Prevent

• Avoid

• Detect

• Assess

• React

Security Goals

• Privacy

• Integrity

• Non-repudiation

• Trust relationships – internal & external

• Authentication supports authorization supports fine-grained access control

Security Model(Protection)

• Assets - identify

• Risks - characterize

• Counter-measures - obtain

• Policy – create where no laws exist

Security Methods

• Shields – firewalls, virus scanners

• Selective shields - access control (VPN)

• Protocols – IPsec, SSL/TLS

• Intrusion Detection Systems

• Training & awareness

• Redundancy – backups, encryption, hashes, digests

Prevention(Attempts)

• Firewalls – have holes• Virus Scanners – behind the times• Physical Security• Know Fundamentals – routing, IP, TCP, ARP,

DHCP, applications• Encryption – PGP, SSH, SSL/TLS, Ipsec,

stenography, public key, symetric key• Patches – windowsupdate, up2date, yum

Avoidance

• Firewalls & VPNs – Ipsec, SSL, access control

• Host hardening – personal firewalls, ssh, iptables

• Proxy servers – squid (Web content cache)

• Honeynets/honeypots - redirection

DetectionFeeds Avoidance

• Vulnerability Scanning – netstat, netview, netmon, nmap, Nessus

• Network-based IDS – snort, kismet, ACID, tcpdump, ethereal, windump, netstumbler

• Host-based IDS – TCPwrappers, xinetd, tripwire, logsentry, portsentry

• Web security, Cisco logs+

Exploits

• Password cracking & WEP cracking• Denial of Service• OS typing – null session, xmas tree, . . .• OS configuration – sadmin password, . . .• Application holes – buffer overflow, NFS,

rpc, netbios, BIND, sendmail, CGI,etc

• Dumpsec, pingwar, . . .

URLs of Interest

• http://www.sans.org

• http://www.giac.org

• http://www.isc2.org

• http://www.cissp.com

10 Domains of the CBK

• Security Management Practices • Security Architecture and Models • Access Control Systems & Methodology • Application Development Security • Operations Security • Physical Security • Cryptography • Telecommunications, Network, & Internet Security • Business Continuity Planning • Law, Investigations, & Ethics

NS Applications

• netstat

• tcpview

• netmon

• netstumbler

• windump

• nmap

• ethereal

• snortiquette

www.sans.org/top20(vulnerabilities)

• Top Vulnerabilities to Windows Systems• W1 Web Servers & Services • W2 Workstation Service • W3 Windows Remote Access Services • W4 Microsoft SQL Server (MSSQL) • W5 Windows Authentication • W6 Web Browsers • W7 File-Sharing Applications • W8 LSAS Exposures • W9 Mail Client

• W10 Instant Messaging

www.sans.org/top20(vulnerabilities)

• Top Vulnerabilities to UNIX Systems• U1 BIND Domain Name System • U2 Web Server • U3 Authentication • U4 Version Control Systems • U5 Mail Transport Service • U6 Simple Network Management Protocol (SNMP) • U7 Open Secure Sockets Layer (SSL) • U8 Misconfiguration of Enterprise Services NIS/NFS • U9 Databases • U10 Kernel