1 / 43

Unit 5 Periphery Security

Unit 5 Periphery Security. Chapter Outline. 1 IDS. 2 Firewalls. 3 Trusted System. 4 Access Control. For access control refer Elements of Information Securtity Unit 1 Slide. 1 Intrusion.

tnieves
Télécharger la présentation

Unit 5 Periphery Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unit 5 Periphery Security

  2. Chapter Outline 1 IDS 2 Firewalls 3 Trusted System 4 Access Control For access control refer Elements of Information Securtity Unit 1 Slide

  3. 1 Intrusion • Attacker always try to intrude into privacy of network, by trying to break the security of the system & gain the access. • Access right • User-> 1. Legitimate/Internal 2.illegitimate/External • Action performed or behavior of user. • Network sniffers • A general term for programs or devices that are able to examine traffic on a LAN segment. • Snort

  4. Topics Discussed in the Section • Types Of Intruders • Audit Records • Classification Of Intrusion Detection • Distributed Intrusion Detection • Honeypots

  5. Types Of Intruders • Masquerader->illegitimate User-> Authorization Attack • Misfeasor-> • Legitimate User->has access->Misuse privilege. • Legitimate User->No access->but access them. • Clandestine User->May be internal or external->access the supervisor privilege->avoid auditing info being captured/record

  6. Audit Record/Log • Important detection tool • Capture & record information about the actions of users. • Traces of illegitimate user actions can be found. • Appropriate actions can be taken for prevention in future.

  7. Audit Records Classification

  8. Continue… • Native:- Multiuser OS, Built-in Acc S/W, collect All user actions. • Detection Specific:- collects information specific only to intrusion detection. • Advantage • More focused approach • Disadvantage • May gives duplicate information.

  9. Fields in an Audit Record • Subject:-Terminal user, Process, etc. • Action:- login,RWX,Print,I/O.etc. • Object:-Disk file, DB record, App Prog,etc. • Exception Condition:- if any generated. • Resource Usage:- CPU time, disk space, no. of record & files RWX or Printed. • Timestamp:- Date & Time of access the same.

  10. Intrusion Detection • Possible • Loss is directly ∞ quick detection of intruder. • If detected in early stages then we can act. • This info will strengthen DB for Prevention. • Act as deterrent to intruders.

  11. Classification Of Intrusion Detection

  12. Statistical Anomaly Detection:- • behavior of users over time is captured as statistical data & processed. rules are applied to test whether the user behavior was legitimate or not. • Threshold Detection:- define for all the users group & frequency of various events is measured against the thresholds. • Profile based:-profiles for individual users are created & they are matched against the collected statistics to see if any irregular patterns emerge.

  13. Rule Based • A set of rules is applied to see if a given behavior is suspicious enough to be classified as an attempt to intrude. • Anomaly Detection:- usage pattern are collected to analyze deviation from these usage pattern, with help of certain rules. • Penetration Identification:-expert system that looks for illegitimate behavior.

  14. Distributed Intrusion Detection • record audit information in different formats, this need to be uniformly processed. • Few nodes used to gather & analyze audit information & provision to share with all nodes should be their.

  15. Honey-pots a trap… • Divert attention from critical information. • Collect information about intruder’s action. • Encourage for Detecting behavior of intruder & act accordingly. • Real looking (but fabricated) data used • Sensors & loggers used to alarm • Legitimate user don’t know about this. • Equipped with sensors & loggers,alarm

  16. 2 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others.

  17. Topics Discussed in the Section • Packet-Filter Firewall (screening router) • Proxy Firewall (Application Gateway) • Firewall Configurations

  18. Threats from inside and outside a corporate network

  19. Figure Firewall

  20. Characteristics of good Firewall Implementation • Entry & Exit point must be firewall. • Authorized traffic as per security policy. • Robustness to sustain attack.

  21. Packet Filter Operation

  22. Figure Packet-filter firewall TCP/UDP

  23. Advantage & Disadvantage • Advantage • Simplicity • Fast • Disadvantage • Difficulties in setting up rules correctly. • Lack Of authentication.

  24. Attacks • IP Address Spoof • Source Routing Attacks • Tiny Fragment Attack : Ethernet, Token ring, X.25, Frame Relay, ATM. Maximum frame size (MTU)

  25. Defeating the IP address spoofing attack

  26. Dynamic Or Stateful Packet Filter • An Advance Type • Allows examination of packets based on current states of the n/w. • It maintain a list of currently open connections & outgoing packets in order to deal with this rule.

  27. Dynamic packet filter technology

  28. Note A proxy firewall filters at the application layer.

  29. Application/Circuit gateway operation

  30. Figure Proxy firewall (Bastion Host)

  31. Advantage & Disadvantage • Advantage • More Secure due to authentication. • Disadvantage • Overhead in terms of managing two connection & the traffic going between them.

  32. 3.Firewall Configurations

  33. 3.1. Screened host firewall, Single-homed bastion

  34. Advantage & Disadvantage • Advantage • Increases the Security by performing checks at both levels. • Provides Flexibility to n/w Admin to define security Policies. • Disadvantage • Security compromised due to attack on Proxy firewall.

  35. 3.2.Screened host firewall, Dual-homed bastion

  36. Advantage & Disadvantage • Advantage • No direct connection from internal host to proxy firewall. • More secure than first configuration • Disadvantage • Little bit slow due too this.

  37. 3.3. Screened subnet firewall 3 levels of security

  38. Demilitarized Zone (DMZ) Networks

  39. Advantage & Disadvantage • Advantage • Access to any service on the DMZ can be restricted. E.g: Allowing 80,443 • All other traffic can be filtered E.g: block 23. • Internal Private Network (IPN) is not directly connected too DNZ. • IPN is safe & out of reach of an attacker.

  40. Limitation Of Firewall 1.Insider’s intrusion: 2.Direct Internet traffic: bypass 3.Virus attacks: Firewall can’t scan packet/file.

  41. 3 Trusted System • A System that you have no choice but to trust. • The security of system depends on the success of the system. • If the trusted system fails, then it will compromise the security of the entire system. • Therefore, there should be minimum number of trusted components in a system. • Trusted system should provide security , integrity , reliability & privacy

  42. Trusted System in Policy Analysis • Some conditional prediction about the behavior of users or elements within the system has been determined prior to authorising access to resources within the system. • The probability of threat or risk analysis is calculated, which is used to access trust for taking the decision before authorisation.

  43. To insure the behaviour within the system, the deviation analysis is used.

More Related