Transcript Network Security (Daliah Stephan).

Network Security
Group Members
Jason Vaughan
Anna Libman
Daliah Stephan
James Doliente
Alan Yuen
Content
• Types of attackers
• Attacks requiring protection
• IT response to intrusions
• Wireless network security
• VPN
• Hardware firewall
• Software firewall
Types of attackers
• Wizard Internet Hackers
– Highly capable attackers
• Amateurs
• Criminals
– Theft of credit card numbers, trade secrets, and other sensitive
information
– Sell the information or attempt extortion to prevent the release of the
information
– Industrial and government espionage spies
• Employees
– Dangerous because of internal knowledge and access
• Information Warfare and Cyber terrorism
– Massive attack by a government or terrorist group against a country’s
IT infrastructure
Attacks requiring protection
• Hacking Servers - Attractive because of the data they store
• Hacking Clients - Attractive because of their data or as a way to attack
other systems by using the hacked client as an attack platform
• Denial-of-Service (DoS) Attacks
– Make the system unavailable (crash it or make it run very slowly) by sending
one message or a stream of messages. Loss of availability
• Scanning Attacks
– Attacker sends messages to select victims and attack methods
– Examines data that responses reveal
• IP addresses of potential victims
• Host’s operating system, version number, etc.
• Malicious Content
– Viruses - Infect files; propagate by executing infected program - Payloads may be
destructive
– Illegal content: pornography, sexual or racial harassment
– Spam (unsolicited commercial e-mail)
IT Response to Intrusion
• Inspect systems to determine damage
• Remove hostile or destructive code
• Reload necessary operating system software
• Restore configurations
• Restore and test operations
• Patch system to reduce vulnerability
• Inspect files to determine damage
• Restore files from backup if necessary
• Confirm with users that data is restored
Wireless network security
• Attackers can lurk outside your
premises.
• The range of an access point often
extends further than your own
household.
• A passer-by or neighbor could be
within connection range.
• By default, security on 802.11 WLAN
NICs and access points is turned off,
Ways to Protect Wireless Network
• Disable SSID Broadcasting.
• Use (WEP) Encryption.
• Control Access by MAC & IP Addresses.
• Minimize the Range of your Access Point.
Disable SSID Broadcasting
• Access points send out a SSID that can be detected by
wireless clients.
• SSID identifies the name of the network and
essentially invites wireless cards within range to join
the network.
• Unless the other person knows your network name,
your wireless network is practically invisible when
SSID broadcasting is disabled.
• When you disable broadcasting, you must configure
each wireless client with the exact name of the
Disable SSID Broadcasting
Use (WEP) Encryption
• Most access points offer at least 64-bit WEP key encryption, and
some offer 128-bit encryption.
• Wired Equivalent Privacy (WEP) can be penetrated by
determined hackers.
• WEP will prevent casual "packet sniffers" from intercepting
wireless data packets floating around on your network.
• WEP wraps data packets using obscure ciphering algorithms
based on an electronic key, a series of alphanumerical or
hexadecimal characters.
• The receiving system must have a matching key in order to
decipher the data packet.
Use WEP Encryption
Control Access by MAC & IP
Addresses
• Each network adapter has a MAC address that uniquely identifies
that device on the network.
• Most access points allow you to limit which MAC addresses can
access the network.
• If DHCP services are enabled, you may also restrict access based on
IP addressing.
• You can limit the number of simultaneous DHCP clients to match
the number of systems you use on your network.
• Configure each client manually with a static (permanent) IP address
and allow access only for those particular addresses.
Control Access by MAC & IP
Addresses
Minimize the range of your
Access
Point
• Place the access point in a central location.
• Minimize coverage outside of your property.
• Optimal spot is normally near the center of your
property and near ground level.
New Security Technology
• Wi-Fi Protected Access (WPA)
– New wireless network security protocol,
IEEE 802.11i
– Will boost security and allow for easier
configuration.
– Overcomes limitations of WEP.
VPN
• Virtual Private Network:
 Definition: a way to simulate a private network over a
public network (Internet).
 Allow creation of a secure, private network over a public
network such as the Internet.
 IPSec is the mostly used protocols for VPN.
 IPSec technology is based on modern cryptographic
technologies, making very strong data authentication
and privacy guarantees possible.
VPN (Cont.)
• Advantages of VPN:




Lower cost
Remote access
Platform independent
Can be used both as extranet and intranet
VPN (Cont.)
• Disadvantages of VPN:
 Inconsistent remote access performance due to changes
in Internet connectivity.
 No entrance into the network if the Internet connection
is broken.
VPN (Cont.)
192.194.1.1
192.194.2.1
192.194.4.1
192.194.5.1
Corporate
Office
Firewall 1
10.10.10.254
CISCOSYSTEMS
192.168.20.1
Gateway
PRI
23v 1D
1.2
Internet Router
CISCOSYSTEMS
CISCOSYSTEMS
Houston
192.158.1.1
192.168.21.1
2.2
CISCOSYSTEMS
Focal's
WAN
RAS Microsoft NT
Chicago
192.158.2.1
192.168.22.1
New York
192.158.4.1
192.168.24.1
4.2
Internet
CISCOSYSTEMS
30.18.20.0
5.2
User
VPN
200
CISCOSYSTEMS
29
SBC
Network
20
??
PBX OTM ServerCall Pilot
Call Accounting
192.168.20.0
Voice Mail
Atlanta
192.158.5.1
192.168.25.1
Hardware Firewall
•
•
•
•
•
What is it?
What it does.
An example.
Firewall use.
What it protects you from.
Hardware Firewall (Cont.)
•
What is it?

It is just a software firewall running on a dedicated
piece of hardware or specialized device.
Basically, it is a barrier to keep destructive forces
away from your property.
You can use a firewall to protect your home
network and family from offensive Web sites and
potential hackers.


Hardware Firewall (Cont.)
• What it does !
 It is a hardware device that filters the
information coming through the Internet
connection into your private network or
computer system.
 An incoming packet of information is flagged by
the filters, it is not allowed through.
Hardware Firewall (Cont.)
• An example !
Hardware Firewall (Cont.)
• Firewalls use:
 Firewalls use one or more of three methods to control
traffic flowing in and out of the network:
– Packet filtering
– Proxy service
– State-full inspection
Hardware Firewall (Cont.)
• Packet filtering - Packets are analyzed against a set of
filters.
• Proxy service - Information from the Internet is
retrieved by the firewall and then sent to the requesting
system and vice versa.
• State-full inspection – It compares certain key parts
of the packet to a database of trusted information.
Information traveling from inside to the outside is
monitored for specific defining characteristics, then
incoming information is compared to these
characteristics.
Hardware Firewall (Cont.)
• What it protects you from:
–
–
–
–
–
–
–



Remote logins
Application backdoors
SMTP session hijacking
E-mail Addresses
Spam
Denial of service
E-mail bombs
E-mail sent 1000’s of times till mailbox is full
Macros
Viruses
Software Firewall
• What it is?
– Also called Application Level Firewalls
– It is firewall that operate at the Application Layer of
the OSI
– They filter packets at the network layer
– It Operating between the Datalink Layer and the
Network Layer
– It monitor the communication type (TCP, UDP,
ICMP, etc.) as well as the origination of the packet,
destination port of the packet, and application
(program) the packet is coming from or headed to.
Software Firewall (Cont.)
• How does software firewall works ?
Software Firewall (Cont.)
• Benefit of using application firewalls:
–
–
–
–
–
–
allow direct connection between client and host
ability to report to intrusion detection software
equipped with a certain level of logic
Make intelligent decisions
configured to check for a known Vulnerability
large amount of logging
Software Firewall (Cont.)
• Benefit of application firewalls (Cont.)
 easier to track when a potential vulnerability happens
 protect against new vulnerabilities before they are found
and exploited
 ability to "understand" applications specific information
structure
 Incoming or outgoing packets cannot access services for
which there is no proxy
Software Firewall (Cont.)
• Disadvantage of Firewall:
 slow down network access dramatically
 more susceptible to distributed denial of service (DDOS)
attacks.
 not transparent to end users
 require manual configuration of each client computer
Top Picks Personal Firewalls
• Norton Personal Firewall
• ZoneAlarm Free/Plus/Pro
Conclusion