Security has been a major concern in today`s computer networks
Download
Report
Transcript Security has been a major concern in today`s computer networks
Lab #2
NET332
By Asma AlOsaimi
"Security has been a major concern in today’s
computer networks.There has been various
exploits of attacks against companies, many of
the attacks cost companies their reputation
and cost them millions of pounds. Many attacks
are implemented using inside knowledge from
previous and even current employees."
Part#1: Network Fundamentals
Outline
LANs
LAN Routers / Gateways
Wireless Connection
Firewalls
NAT
Network Protocols
Protocol Analysis
4
cs490ns - cotter
Single Machine
Security Risk: Physical Security
5
Access to Machine (loss of equipment)
Hack Machine (loss of information)
cs490ns - cotter
Local Area Networks
Security Risk: Physical Security
Access to Machine (loss of equipment)
Access to Hub / Switch (loss/ leak of information)
Hack Machine (loss/ leak of information)
Hub / Switch
6
cs490ns - cotter
Local Area Networks
(Routers / Gateways)
Internet
Router /
Gateway
7
cs490ns - cotter
Local Area Networks
(Access Technologies)
56 Kbps Modem
DSL
Full Time, Broadband connection
Uses existing telecom facilities
Private link
Cable Modem
8
Establish a point-to-point connection to ISP
Use PPTP (etc.) to establish an internet connection
Private link
Full Time, Broadband connection
Shares existing cable TV facility with others
cs490ns - cotter
Wireless Connection
WAP +
Router
9
Internet
cs490ns - cotter
Firewalls
Provides a mechanism to control / monitor access to
the LAN
Firewall
10
Internet
cs490ns - cotter
Network Address Translation
Many networks configured with private IP addresses
(10.0.0.0, 172.16.0.0, 192.168.0.0)
Must convert to public address for Internet access.
To addresses that are routed.
May also have many hosts sharing limited network
addresses.
Addresses are not routed.
If only 1 network address, then service is called Port Address
Translation - PAT
NAT provides the translation services
11
cs490ns - cotter
Network Address Translation
12
cs490ns - cotter
Network Protocols
13
cs490ns - cotter
LAN Physical Layer Protocols
Ethernet
Wireless Networks
14
10base5
10base2
10baseT, 100baseT, 1000baseT
802.11a
802.11b
802.11g
Token Ring
etc.
cs490ns - cotter
WAN Physical Layer Protocols
Telecommunications
DS0, DS1, DS3
SONET
ISDN
etc.
Metro Area Protocols
15
Cellular Telephone
FDDI
WiMAX
cs490ns - cotter
Network Layer Protocols
Internet Protocol (IP)
Internet Control Message Protocol (ICMP)
Routes packets across the network
Manages packet fragmentation across network
Provides support for IP and TCP
Address Resolution Protocol (ARP)
16
Provides address resolution between network layer and data
link layer addresses.
cs490ns - cotter
Transport Layer Protocols
Transmission Control Protocol (TCP)
Provides reliable end-to-end packet transport
Provides packet flow control
User Datagram Protocol (UDP)
17
Provides simplified end-to-end packet transport
No control overhead
No packet fragmentation
cs490ns - cotter
Application Layer Protocols
Support specific network applications
18
FTP
HTTP( www)
SMTP, POP3,IMAP (E-MAIL)
cs490ns - cotter
Protocol Analysis
Packet Sniffers
19
WireShark (Ethereal)
Etherpeek
EtherDetect
Zx Sniffer
AnalogX PacketMon
Colasoft Capsa
AirMagnet Enterprise (Wireless monitoring)
etc.
cs490ns - cotter
Summary
LANs
LAN Routers / Gateways
Wireless Connection
Firewalls
NAT
Network Protocols
Protocol Analysis
20
cs490ns - cotter
Part#2:Introduction to security
Who is vulnerable?
Financial institutions and banks
Internet service providers
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK
22
15-441 Networks Fall 2002
Common security attacks and their
countermeasures
Finding a way into the network
Exploiting software bugs, buffer overflows
IPSec
Packet sniffing
IDS
TCP hijacking
Intrusion Detection Systems
Denial of Service
Firewalls
Encryption (SSH, SSL, HTTPS)
Social problems
23
Education
15-441 Networks Fall 2002
Common security attacks
What is a vulnerable system?
A vulnerability is a weakness in software, hardware that
enables the attacker to compromise the confidentiality,
integrity or availability of that system.
An attacker can use a vulnerability to compromise a
system.
For example a weakness in a protocol allows the attacker to
run arbitrary code.
If you understand the vulnerability, it will help you to
implement the appropriate security control
Part#3: CT1406 LAB
CT1406 Lab Setup
Metasploitable
(Ubuntu)
10.170.25.100
Back Track 5
10.170.25.202
Windows Server 2008
10.170.25.101
Windows PC
10.170.25.201
Pentest ?
A pentest is a method of evaluating and testing the
security of a system, network, or application by
performing actions that are meant to simulate the actions
of a malicious attacker.
Metasploit
Metasploit framework provides you with information on
security vulnerabilities which can be used to exploit a
system.
Penetration testers can also use this tool to launch
manual or automated scans.