1 / 72

Basic Network Security

Basic Network Security. Lesson 9. Objectives. Objectives. Network Security Considerations. Security policies should address: Security threats your organization has to combat What you can do to combat a security threat What you should do after a security violation has taken place.

kellerl
Télécharger la présentation

Basic Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic Network Security Lesson 9

  2. Objectives

  3. Objectives

  4. Network Security Considerations • Security policies should address: • Security threats your organization has to combat • What you can do to combat a security threat • What you should do after a security violation has taken place

  5. Social Engineering • Tricking or manipulating a person into revealing important information

  6. Phishing • Using various means to trick people into revealing passwords, account numbers, social security numbers, and various other sensitive pieces of information • Common phishing scenarios • Foreign/unknown entities offering large transfers of money • E-mail requests to update banking information

  7. Phishing (Continued) • Countering threats • Verification of identifying picture • Verification of identifying question(s) • Development of other methods

  8. Stealing Passwords • Hackers find stealing passwords easier than breaking into a computer system • Many passwords are obvious phrases specific to users • Methods used to steal passwords • Phishing/asking user about family, pets, friends, and so on • Printed document hidden nearby computer

  9. Stealing Passwords (Continued) • Protecting passwords • Do not write password on paper • Create passwords that are easy to remember but difficult to crack • Check the strength of the password • Do not discuss password development techniques

  10. Identity Theft • The act of presenting yourself as someone you are not in order to steal in one way or another from the person you are presenting yourself to be • Common techniques • Stealing pin and/or bank account number and illegitimately representing self as owner • Elaborate phishing schemes

  11. Identity Theft (Continued) • Ways to protect information • Closely monitor financial activities • Pay third-party to monitor financial activities • Vigorously investigate and resolve any unusual transactions

  12. Dumpster Diving • The act of going through someone's garbage looking for personal information that can be used for identity theft • Information sources • Preapproved credit card applications • Company intellectual property

  13. Malicious Software • A broad category that includes any software that is used against a company or person • Intent behind the malicious software varies • A harmless prank • A deliberate attempt to cause extreme harm • To capture information from a victim; used for identity theft or targeted marketing

  14. Spyware • Software that is slipped onto a computer for the purpose of gaining private information about the target computer or how the computer is used • Can be slipped onto computers: • Via web browsers • By tricking people into installing it along with software they intended to install • Through e-mail

  15. Viruses • A type of malicious software that modifies the code of existing programs in an attempt to cause harm, reproduce itself, and/or to escape detection • A macro virus attaches to documents produced by common software applications • Anti-virus software greatly reduces occurrences • Software updates limit damage with built-in warnings

  16. Worms • Complete stand-alone programs that are smuggled onto a computer via some legitimate-seeming method and designed to carry out specific instructions that are detrimental to the computer or its user without the user's knowledge • Identification of worms • Ways smuggled in • Options to avoid

  17. Trojans • Malicious programs that actively masquerade as legitimate programs that belong on your computer • Designed to sneak onto a target system and run without interference • Used to create botnet systems

  18. Threats from Attackers • Social engineering • Denial of Service (DoS) and Distributed Denial of Service (DDoS) threats • Smurf attacks • Buffer overflow • Man-in-the-middle attacks • Packet sniffing • FTP bounce

  19. Social Engineering • Social engineering is single biggest threat from attacked network • Effective network protection gained through training • To identify and understand • To thwart attackers • To report observed or suspected activity

  20. Denial of Service • Denial of Service (DoS) and Distributed Denial of Service (DDoS) • DoS threats attempt to deny computer services in some way or another • DDoS attacks are launched from multiple locations against one or multiple targets all at once • Zombie network or botnet

  21. Forming a Zombie Network or Botnet

  22. Distributed Denial of Service (DDoS) Attack Using a Zombie Network or Botnet

  23. Smurf Attacks • A DoS attack in which the target server or network is flooded with Internet Control Message Protocol (ICMP) replies • Causes overloading of inbound network lines • Named after Smurf Trojan; similar to a Fraggle attack • No longer common

  24. Buffer Overflows • Buffer is a section of memory that has been set aside to use for actions related to a program • Buffer overflow (overrun) occurs when too much data in one section causes it to take space in adjacent memory locations • Overflow attacks vary with operating systems • Different attacks produce different results

  25. Man-in-the-Middle (MITM) Attacks • A person positions him- or herself between two other people and eavesdrops on them • MITM attacks also known as • Bucket-brigade, fire-brigade, monkey-in-the middle, session and TCP hijacking • Attacks used to intercept • HTTP and HTTPS communications • E-mail communications • Encryption key exchanges

  26. Mallory Perpetrating a Nan-in-the-Middle Attack Against Bob

  27. Packet Sniffing • The practice of capturing packets as they go by on the network and then opening them to see what is in them • Is used to • Spoof addresses • Determine network protocols • View contents of captured packets

  28. FTP Bounce • An exploit against the FTP protocol in which the attacker uses the PORT command to indirectly gain access to ports that are opened on the computer they are attempting to attack • Ports may be reassigned for another purpose • Attack minimizes scan being detected • nmap program can utilize FTP bounce

  29. Wireless Threats • War driving • Warchalking • WEP cracking • WPA cracking • Rogue access points • Evil twin

  30. War Driving • The practice of driving around in a car in an area or neighborhood looking for open wireless networks that can be used by the driver for their own purposes • Warchalking (variation on war driving) • Symbols placed on outdoor surfaces indicating availability and type of wireless access points

  31. Commonly Used Warchalking Symbols

  32. WEP Cracking • Breaking or decoding an encryption scheme used for passwords, wireless network access, or any other encrypted object • Easiest scheme to crack • Downloadable tools available

  33. WPA Cracking • Same as WEP cracking except encryption protocol targeted is WPA • Has both encryption and authentication functions • Downloadable tools available

  34. Rogue Access Points • Unauthorized access points added to a wireless network • May be malicious or benign • Often used in many man-in-the-middle attacks • Determining legitimate access points • Evil twin

  35. Rogue Access Point

  36. Countering Basic Security Threats

  37. Device Security • Physical security • Restricting local and remote access • Local access via LAN • Remote access via WAN • Secure versus unsecure access methods • What you know • What you have • What you are

  38. Device Security (Continued) • Protocols • Predefined standardized sets of rules used to communicate on a network • Secure protocols • Predefined standardized sets of rules used to secure communications on a network • Security strives for: • Confidentiality, integrity, authentication

  39. Device Security (Continued) • Examples of secure protocols • Secure Shell (SSH) • Hypertext Transfer Protocol Secure (HTTPS) • Simple Network Management Protocol Version 3 (SNMPV3) • Secure File Transfer Protocol (SFTP) • Secure Copy Protocol (SCP)

  40. Device Security (Continued) • Examples of unsecure protocols • Telnet • Hypertext Transfer Protocol (HTTP) • File Transfer Protocol (FTP) • Remote Shell (RSH) • Fibre Channel Protocol (FCP) • Simple Network Management Protocol Versions 1 and 2 (SNMPV1/2)

  41. Passwords • Are used to verify that the person attempting to access a system is the person they claim to be • Should be complex enough to not be easily guessed • Should be renewed and changed periodically • Should not use the same password for everything

  42. Encryption • The process by which a mathematical algorithm is run on a set of data to make it unreadable to someone who does not know the mathematical algorithm used to encode it • Private key encryption • Public key encryption • Network security through confidentiality and integrity

  43. Private Key Encryption

  44. Public Key Encryption

  45. Certificates • Are certifications that a public key is valid • Also called public key certificates or digital certificates • Identify owner of public key (holder) • Contain actual public key • Identify issuer of public key and digital certificate (certificate authority) • Public Key Infrastructure (PKI) • Temporal Key Integrity Protocol (TKIP)

  46. Authentication • The process of verifying a user or computer to be who or what they claim to be • Includes: • Multi-factor authentication • Two-factor authentication • Single sign-on • More

  47. Public Key Infrastructure (PKI) • A set of people, policies, software, and equipment needed to handle digital certificates for various applications • End user is person that wishes to use PKI • Registration authority (RA) verifies that a specific public key belongs to a specific end user • Certificate authority (CA) issues digital certificate to end user, sends information about certificate to a validation authority (VA) • VA verifies certificate when requested by e-commerce site or other online service

  48. How PKI Works

  49. Kerberos • An authentication protocol that authenticates clients over an unsecured network, most commonly LANs • Most commonly used by Windows-based client/server networks • Composed of an authentication service (AS), a ticket granting service (TGS), and a network services (NS)

  50. How Kerberos Works in a Windows Environment

More Related