network security techniques
DESCRIPTION
Network Security Techniques. by Bruce Roy Millard Division of Computing Studies Arizona State University [email protected]. What is Network Security. Hardware – computers, routers, etc Networks – ethernet, wireless Communication Intruders Mitigation. - PowerPoint PPT PresentationTRANSCRIPT
Network Security
Techniquesby
Bruce Roy Millard
Division of Computing Studies
Arizona State University
What is Network Security
• Hardware – computers, routers, etc
• Networks – ethernet, wireless
• Communication
• Intruders
• Mitigation
What is Network Security
Hardware• Workstation
• Servers (and load balancers)
• Printers (and other shared devices)
• Routers/switches/hubs
• Security devices (firewalls, IDS, etc)
What is Network Security
Networks• Connectivity
• Ethernet (cable, DSL, TP, 1Gbps & up)
• Wireless (radio waves, 802.11?, satellite)
• LAN, CAN, MAN, WAN, PAN
• Internet
What is Network Security
Communication• E-mail
• FTP
• HTTP/HTML
• Voice, video, teleconferencing
• SSH/SCP
What is Network Security
Intruders
What is Network Security
Intruders• Eavesdroppers
• Insertion
• Hijacking
• Spoofing
• Denial of Service
• Trojan horse software
• Lurkers (viruses and worms)
What is Network Security
Mitigation
• Prevent
• Avoid
• Detect
• Assess
• React
Security Goals
• Privacy
• Integrity
• Non-repudiation
• Trust relationships – internal & external
• Authentication supports authorization supports fine-grained access control
Security Model(Protection)
• Assets - identify
• Risks - characterize
• Counter-measures - obtain
• Policy – create where no laws exist
Security Methods
• Shields – firewalls, virus scanners
• Selective shields - access control (VPN)
• Protocols – IPsec, SSL/TLS
• Intrusion Detection Systems
• Training & awareness
• Redundancy – backups, encryption, hashes, digests
Prevention(Attempts)
• Firewalls – have holes• Virus Scanners – behind the times• Physical Security• Know Fundamentals – routing, IP, TCP, ARP,
DHCP, applications• Encryption – PGP, SSH, SSL/TLS, Ipsec,
stenography, public key, symetric key• Patches – windowsupdate, up2date, yum
Avoidance
• Firewalls & VPNs – Ipsec, SSL, access control
• Host hardening – personal firewalls, ssh, iptables
• Proxy servers – squid (Web content cache)
• Honeynets/honeypots - redirection
DetectionFeeds Avoidance
• Vulnerability Scanning – netstat, netview, netmon, nmap, Nessus
• Network-based IDS – snort, kismet, ACID, tcpdump, ethereal, windump, netstumbler
• Host-based IDS – TCPwrappers, xinetd, tripwire, logsentry, portsentry
• Web security, Cisco logs+
Exploits
• Password cracking & WEP cracking• Denial of Service• OS typing – null session, xmas tree, . . .• OS configuration – sadmin password, . . .• Application holes – buffer overflow, NFS,
rpc, netbios, BIND, sendmail, CGI,etc
• Dumpsec, pingwar, . . .
URLs of Interest
• http://www.sans.org
• http://www.giac.org
• http://www.isc2.org
• http://www.cissp.com
10 Domains of the CBK
• Security Management Practices • Security Architecture and Models • Access Control Systems & Methodology • Application Development Security • Operations Security • Physical Security • Cryptography • Telecommunications, Network, & Internet Security • Business Continuity Planning • Law, Investigations, & Ethics
NS Applications
• netstat
• tcpview
• netmon
• netstumbler
• windump
• nmap
• ethereal
• snortiquette
www.sans.org/top20(vulnerabilities)
• Top Vulnerabilities to Windows Systems• W1 Web Servers & Services • W2 Workstation Service • W3 Windows Remote Access Services • W4 Microsoft SQL Server (MSSQL) • W5 Windows Authentication • W6 Web Browsers • W7 File-Sharing Applications • W8 LSAS Exposures • W9 Mail Client
• W10 Instant Messaging
www.sans.org/top20(vulnerabilities)
• Top Vulnerabilities to UNIX Systems• U1 BIND Domain Name System • U2 Web Server • U3 Authentication • U4 Version Control Systems • U5 Mail Transport Service • U6 Simple Network Management Protocol (SNMP) • U7 Open Secure Sockets Layer (SSL) • U8 Misconfiguration of Enterprise Services NIS/NFS • U9 Databases • U10 Kernel