Transcript What is Network Security?

What is Network Security?
Meghan Gunn
ITMG 360: Data
Communications and
Network Connections
December 8, 2006
Learning Objectives
• What is Network Security? Why is it Important?
• Process
• Motives
• Attackers
• Shape of Defenses
• Methods of Attack
Network Security …
• involves the protection of networks and their services from
unauthorized modification, destruction, or disclosure.
• provides a provision of assurance that the network
performs its critical functions correctly and there are no
harmful side effects
• is an effort to create a secure computing platform,
designed so that agents, including users or programs, can
only perform actions that have been allowed
• is not a technology; it involves people, people who utilize
available technologies either for destruction or to protect
from the destruction
Importance of Network Security
• We have an increasing reliance and dependence on
computer and telecommunications technology is slowing
making cyberspace a critical component of out national
security and social well-being
• The last half of the 1990s was a time of growth for the
Internet, as well as for networks within organizations.
• Capabilities that were mere entertainment in 1995 were
business critical systems in 1999, and this trend shows no sign
of slowing.
• With that growth comes an increase in crime, fraud, and
network abuse.
Network Security is a Process
1.
Learn everything you can about the threats that face you.
2.
Design as well as you can based on what you've learned before you implement anything.
3.
Think pathologically about the design & beef it up to be on the safe side.
4.
Implement it the way you designed it.
5.
Continuously recheck it to make sure that it hasn't changed.
6.
Practice running it to make sure that you understand it & can operate it correctly.
7.
Make it simple for people to do what you want them to do.
8.
Make it hard for people to do what you don’t want them to do.
9.
Make it easy for you to detect problems.
10.
Make it difficult to hide what you don’t want hidden.
Network Security is a Process
10. Test everything you can test.
11. Practice everything you can practice.
12. Improve anything you can improve.
13. Repeat this process endlessly, at all levels of detail.
Who must we protect our
Networks from?
1. Browsers, Campers, and Vandals
o Likelihood to Attack: high
o Number: exist in large numbers
o Motivation to Attack: low to medium
o Skill Level: low to high
2. Spies & Saboteurs
o Likelihood to Attack: varies
o Number: low in number
o Motivation to Attack: medium to high
o Skill Level: medium to high
3. Disgruntled (ex) Employees and Contractors
o Likelihood to Attack: medium to high
o Number: varies depending on organization
o Motivation to Attack: high
o Skill Level: medium to high
Motives to attack a Network
•hardware infrastructure and corresponding underlying protocols suffer
from weak points and sometimes gaping loopholes
•the spirit of individualism and adventurism has led to the rapid,
motivated growth of the internet and also motivated people to develop
exploits for the network’s vulnerable and weak points
•challenge, adventurism, or revenge
•personal vendettas
•jokes, hoaxes, or pranks
•incentive for terrorist groups and political and military espionage
Motive: Hacker Ethics
1. Hands On Imperative: Access to computers and hardware
should be complete and total
2. "Information Wants to Be Free"
- without restrictions (no censorship)
- without control (no ownership or authorship, no intellectual
property)
- without monetary value (no cost)
3. Mistrust Authority. Promote decentralization.
- anarchistic, individualistic, and libertarian nature
- distrust toward large institutions, including but not limited to
the State, corporations, and computer administrative
bureaucracies
4. No Bogus Criteria: Hackers should be judged by their hacking,
not by "bogus criteria" such as race, age, sex, or position.
5. "You can create truth and beauty on a computer." Hacking is
equated with artistry and creativity.
6. "Computers can change your life for the better."
Shape of Defense: 5 Layers
Organization designed with security in mind; therefore design and
of the
implementing a network where functionality,
Network
robustness, and security are of essentially equal
importance
Passive
Outer
Defenses
Active Inner
Defenses
includes the router configuration, computer
configuration, and finger response software
require your participation and allow you to take
action against attackers
Passive
monitoring
includes the collection of modification to networks
components that cause them to log an event has
occurred and the systems that receive that logging
message and interpret it
Active
monitoring
allows you to ask your defenses if this protection is
still working.
TCP/IP and UDP Protocols
IP-Spoofing
technique used to set up an attack on computer
networking communication elements by altering the IP
address of the source element in the data packets
replacing them with bogus addresses.
SYN Flooding
overwhelms the resources of the target element by
sending huge volumes of spoofed packets.
Scanning and
Probing
Attacks
allow the intruder to send large quantities of packets
from a single location. It typically utilizes a Trojan with
a distributed scanning engine that is configured to
scan carefully selected ports.
Session Attacks target sessions already in progress that intruders break
into.
Packet Sniffer
program on a network element that passively receives
all data link layer frames passing through the device’s
networks interface. A sniffed frame can have its
content, message, and header altered, modified,
even deleted and replaced such information.
Distributed Denial of Service
(DDoS) Attacks
•They are generally classified as a nuisance attack in the sense
that they simply interrupt the services of the system.
•System interruption can be as serious as destroying a computer
hard disk or as simple as using up all the system available
memory.
•include the Ping of Death, Smurfing, Teardrop Attack, and
Land.c Attack.
Attacks that target the
Network Operating System
•attacks on Windows NT and NT Registry Attacks are quite
common
•attacks on UNIX’s operating system are common due to
the fact that UNIX's source code has been publicly released
and its many flaws have been widely discussed and
exploited. Windows NT has many of the same flaws
•Many other proprietary operating system attacks including
those on Solaris/Linux and Windows 95, 98, 2000.
Penetrations Methods
• involves breaking into a system using known security
vulnerabilities to gain access to any cyberspace resource
• may allow an intruder to gain full access to all cyberspace
resources
• Viruses are frequently used, generally as e-mail
attachments, so that they can infect a computer either
through boot sector penetration, macros penetration, or as
parasites.
•memory resident
•error generating
•data and program destroyers
•computer time theft
•hardware destroyers (also known as killer viruses)
•Trojans
•logic or time bombs
•trapdoors
The Love Bug
• virus circulated in 2000
• spread around the world with a vengeance, traveling via
e-mail messages entitled “I Love You.”
• crippled government and business computer networks in
Asia, Europe, and the United States
• No immediate cure was known as experts were stunned
by the speed and wide reach of the virus
• spread at an amazing speed, as the first report was made
9 AM one day from Norway, and by 1 PM there were
reports from over 20 countries.
• special type of virus designed to spread from one
computer to another over any type of network
• its job was greatly simplified by the Internet and e-mail,
both of which allow the worm to strike countless computer
systems in just a few seconds.
Common Security Flaws
• BIND Weakness is due to the fact that there is a binding of a
system to the numeric IP address. It allows for ways to locate a
system on the Internet without having to know specific IP
addresses.
• CGI provides interactivity between web pages, however, many
servers come with sample CGI installed by default, which if not
removed can be penetrated by intruders.
• Remote Procedure Call features allow programs on one
computer to execute remote programs on a second
computer. This allows intruders to gain immediate root access on
the remote system.
• Sendmail Buffer Overflow involves overflowing buffers to allow for
root access.
• File and information sharing allows for uncontrolled and
improperly configured sharing of files and information over
networks exposing critical system files or giving full-file system
access.
• User passwords are the weakest system penetration points.
User Passwords: SDSC
At the San Diego Supercomputer Center (SDSC), they encourage
their employees to change their passwords on a regular basis. SDSC
is a national laboratory for computational science and engineering
that is leading the way in developing a national Cyberinfrastructure
that will provide the technological foundation for the next
generation of science and engineering advances. Consequently,
their employees have access to a number of supercomputers and
potentially a large amount of secure data. As a security measure
they regularly sends out e-mails asking all users to reset their
passwords, noting that it’s a good practice to change your
password frequently to prevent potential unauthorized use. The also
include tips to keep in mind when choosing a new password, such
as, choose a password length a minimum of 8 characters, not to use
a passwords that’s been used in the past or that is currently in use
elsewhere, and never share, write down, or e-mail your passwords.
Learning Objectives
• What is Network Security? Why is it Important?
• Process
• Motives
• Attackers
• Shape of Defenses
• Methods of Attack