Transcript Devices - Dr John's Site

Devices
ISQS 6342
Spring 2004
Gurkan Ozfidan
Outline







Firewalls, Routers, Switches
Wireless/Modems
Remote Access Services (RAS)
Telecom/Private Branch Exchange
(PBX)
Virtual Private Networks (VPN)
Intrusion Detection Systems (IDS)
Mobile Devices
What is Firewall?


Firewall is a barrier to keep destructive forces
away from your property
Firewall is any hardware or software device
that provides a means of securing a computer
or network from unwanted intrusion
Firewall Security
Drafting Security Policy;
• What am I protecting?
• Who am I protecting it from?
• Who gets access to which resources?
Common areas of attack;
• Web servers, mail servers, FTP services, databases
Available service means hole in your firewall;
• DNS(23,23), FTP(20-21), ICQ(4000), HTTP(80), Telnet(23)
What Do Firewalls Protect Against?
• DoS -not to steal information, but to disable a device
• ping of death -create an IP packet that exceeds the maximum 65535 bytes
• SYN flood -
TCP connections requests faster than a machine can process
• IP spoofing -
break into systems, to hide the hacker's identity
How Do Firewalls Work?

Network address translation (NAT)
• Basic firewalls usually use only one technique - NAT

Basic packet filtering
• Most basic security function performed by firewall

Stateful packet inspection (SPI)
• Basic packet filtering by adding a feature called “stateful
packet inspection”

Access control lists (ACL)
• Packet filtering is made possible through the use of
access control list (ACL).
How Do Firewalls Work?
Network Address Translation;
 Provides a type of firewall by hiding
internal IP addresses
 Enables a local-area network to use one
set of IP addresses for internal network
 Use second set of addresses for external
traffic
 A NAT box located where the LAN meets
the Internet makes all necessary IP
address translations
How Do Firewalls Work?
Basic Packet Filtering;
 Decides whether to forward TCP/IP
packets based on information
 Packet filters screen information based on
• Protocol type
• IP address
• TCP/UDP port
• Source routing information
 Packets that make it through the filters
are sent to the requesting system
How Do Firewalls Work?
Stateful Packet Inspection;
 Stateful packet filters can record sessionspecific information which ports are in use
on the client and on the server
 Three-way handshake;
• Initiates a TCP connection
• Begin passing packets once the connection made
• Once session is ended no packet is allowed


Enhances security which side of the
firewall a connection was initiated
Essential to blocking IP spoofing attacks
How Do Firewalls Work?
Access Control Lists;
 Packet filtering is made possible through
the use of ACLs
 ACL is a list of rules either allowing or
blocking inbound or outbound packets
which the firewall comes into contact
 Example of allowing access only to
HTTP(port 80)
access-list 101 permit tcp any 111.222.111.222 0.0.0.0 eq 80
access-list 101 deny ip any 111.222.111.222 0.0.0.0 – r u
Routers


Network management device that sits
between different network segments
Allows different networks to communicate with
one another and the Internet to function
•Message or file is broken up into packages about 1500 bytes long
•Packages includes information on the sender's address, the
receiver's address
•Checksum value allows the receiving computer to be sure that
packet arrived intact
•Packet is sent via the best available route
Tracert ; traces the route that a packet takes to another computer
Switches




Device that filters and forwards packets
between LAN segments
Network switches are capable of
determining the source and destination of
packet, and forwarding that packet
appropriately
Switches conserve network bandwidth and
offer generally better performance than
hubs
Hub joins multiple computers (or other
network devices) together to form a single
network segment
• Switches usually work at Layer 2
using MAC addresses.
• Routers work at Layer 3, using
addresses (IP, IPX or Appletalk,
depending on protocols).
• Hubs are simply a junction that
joins all different nodes together.
The seven layers of the Open
Systems Interconnection (OSI)
Reference Model
Click on the menu terms to learn more about how transparent
Wireless - digital data into radio signals
WEP;
 Wired Equivalent Privacy, a security protocol for wireless
local area networks (WLANs) defined in the 802.11b
standard.

Designed to provide the same level of security as wired LAN

WEP aims to provide security by encrypting data over radio
waves.

Do not have same physical structure as LAN, therefore are
more vulnerable to tampering
Wireless - digital data into radio
signals
WPA;
 Wi-Fi Protected Access , designed to improve upon the
security features of WEP

Includes two improvements over WEP
1. Improved data encryption through the temporal key
integrity protocol (TKIP). TKIP scrambles the keys using
a hashing algorithm, ensures that the keys haven’t been
tampered with
2. MAC address is simple to be sniffed out and stolen;
Extensible Authentication Protocol EAP is built on a more
secure public-key encryption system to ensure that only
authorized network users can access the network
Modems - modulator-demodulator


Digital Subscriber Line (DSL) provides a direct connection
between computer or network connected on the client side
and the Internet.
Cable modems are connected to a shared segment that
anyone else on that segment can potentially threaten your
system.
• DSL and cable modems users was the issuing of static IP
addresses.
• Static addresses provide a fixed target for hackers.
• Dynamic Host Configuration Protocol (DHCP) to issue
dynamic addresses.
• Best solution is to implement a firewall.
Remote Access Services (RAS)




Provides the ability for one computer to dial into another
computer via modem.
Also offer a feature called callback, work only with fixed
phone numbers.
It is behind any physical firewall.
Unless there is a gateway software or a firewall software
running on the server hosting RAS, there is a potential for
the network to be compromised.
Telecom/Private Branch Exchange





A traditional PBX is a computer-based
telephone switch that may be thought of as a
small, in-house, telephone company
A private telephone network used within an
enterprise
Users of the PBX share a certain number of
outside lines for making telephone calls
external to the PBX
Failure to secure PBX can result in toll fraud,
theft of information, denial of service
Securing a PBX should be part of a written
security policy
Virtual Private Networks





VPN is a private network that uses a public network
(usually the Internet) to connect remote sites or users
together
Security is enhanced by implementing Internet Protocol
Security (IPSec)
IPSec provides better encryption algorithms and more
comprehensive authentication – transport and tunneling
• Transport; encryption of data in a packet
• Tunneling; encryption of data including the address
header information
IPSec eliminates packet sniffing and identity spoofing
Sending and receiving computers hold the keys to encrypt
and decrypt the packets
A typical VPN might have a main LAN at the corporate
headquarters of a company, other LANs at remote offices or
facilities and individual users connecting from out in the field
Intrusion Detection Systems

IDS offer the ability to analyze data in real time to detect,
log, and stop misuse or attacks as they occur
Computer Based IDS;
• To secure critical network servers or systems sensitive
information
• Agents are loaded on each on each protected computer
• Analyze the disk space, RAM, CPU time, and applications
• Collected information is compared to a set of rules to
determine if a security breach has occurred
Intrusion Detection Systems
Network-based IDS;
• Monitor activity on a specific network segment
• Usually dedicated platforms with two components;
 Sensor; which passively analyzes network traffic
 Management system; displays alarm information
from the sensor and allows security personnel to
configure the sensors
Anomaly-based Detection;
• Involves building statistical profiles of user activity and
reacting to any activity that falls outside these profiles
• Two major problems;
• Users do not access their computers or the network in
static, predictable ways
• Not enough memory to contain the entire profile
Intrusion Detection Systems
Signature-based detection;
• Similar to an antivirus program in its method
of detecting potential attacks
• Vendors produce a list of “signatures” to
compare against activity
• When match is found, IDS take some action
• Customers depend on vendors to provide the
latest signatures
• Normal network activity can be constructed as
malicious
• Network application may send ICMP (supports
packets containing errors) messages
Mobile Devices




Personal Digital Systems (PDAs)
Can open security holes for any
computer with which these devices
communicate
Virus or destructive code may be
introduced during a sync operation
between mobile and PC
Standard antivirus and firewall
applications can’t protect PCs
References






Paul Campbell, et al. Security+. Thomson
Course Technology, 2004.
Craig Zacker. The Complete Reference
Networking. Mc Graw Hill, 2001.
George Coulouris, et al. Distributed Systems
Concepts and Desing. Addison Wesley, 2001.
How Stuff Works. Retrieved from
www.howstuffworks.com on February 16, 2004.
P2P Concepts. Retrieved from
http://yucca.cs.ttu.edu:8080/cs5331/p2p/index.h
tml on February 17, 2004.
Wireless LAN Standards. Retrieved from
http://www.webopedia.com/quick_ref/WLANStan
dards.asp on February 27, 2004.