Security in network

Download Report

Transcript Security in network

Security in network
• Outline
• Threats in network
• Network security controls
• Firewalls
• Intrusion detection system
• Secure E-Mail
• Networks and Cryptography
• Example protocol: PEM, SSL, IPSec
• Conclusion
What makes network
vulnerable ?
--Anonymity.
Attacker can mount attack from thousands of
miles
away. Therefore attacker is safe behind an
electronics shield.
– Many point of attack.
– Sharing resources.
– Complexity of system:
(different OS on n/w)
– Unknown perimeter:
(uncertainty about n/w boundary)
– Unknown path.
Who attacks Network?
•
•
Three necessary components of an
attack: MOM.
We consider motive of an attacker
1.
2.
3.
4.
Challenge or power
Fame (recognition for attackers activity)
Money
Ideology (to do harm)
Threat Precursors
how attackers commit their attack?
• Port scan:
• Which service is running or open
• What OS installed
• Version of application
• Social Engineering:
• Involves using social skills to get someone to
reveal security relevant information.
• Attacker often impersonates someone inside the
organization
• Try to know internal details.
Cont….
• Reconnaissance:
• Is a general term for collecting information from
various sources.
• Commonly used technique is called “dumpster
diving”: looking at the items that have been
discarded in rubbish bins.
• OS and Application Fingerprints
• Attacker passes false request to get the type of OS
and which version of Application is running as a
response
Cont…
• Bulletin boards and chats
• Supports exchange of information
• Attacker can post their latest exploits and
techniques.
• Read what others have done and search for
additional information.
Threats in transit
• Eavesdropping and wiretapping.
• Eavesdropping: implies overhearing without expending
extra effort.
• Wiretapping: intercepting communications
• Passive wiretapping: just listening
• Active wiretapping: injecting something into the
communications.
• In cable: by the process called inductance an intruder can
tap a wire and read radiated signals without making physical
contact with cable.
• A device called packet sniffer can retrieve all packets on the
LAN
– Solution: Encryption should be applied to all
communication
Protocol flaws
• Protocols are publicly available
• Impersonation:
• easier than wiretapping
• Impersonate another person or process.
• In this, attacker can guess the identity and
authentication details of the target.
• Disable the authentication mechanism at the
target.
• Use a target whose authentication data are known.
Cont…
• Authentication foiled by guessing.
– Default password guesses.
• Well known Authentication
• Some passwords is used to allow its remote maintenance
personnel to access any of its computer any where in the
world.
• Like one system admin account installed on all computers
and default password.
• Spoofing:
• Impersonation: falsely represents a valid entity in a
communication.
• Spoofing: when an attacker falsely carries on one end of
networked interchange.
• Examples: Masquerading, session hijacking, and man-inthe-middle attack.
Cont..
• Masquerade:
• One host pretend to be another.
• Ex. URL masquerading, IP masquerading
• Session hijacking:
• Intercepting and carrying on a session begun by
another entity
• Man in the middle attack:
Message confidentiality threat
– Eavesdropping and impersonation attack can
lead to a confidentiality and integrity failure.
• Some of the vulnerability that can affect
the confidentiality are:
• Misdelivery: message Lost, flaws in the h/w, s/w.
destination IP address modification, etc.
• Exposure: message may be exposed at switches,
routers, gateways and intermediate hosts. Passive
wiretapping.
• Traffic flow analysis: message exists is itself is
important and sensitive
Message Integrity threat
• Falsification of messages:
• attacker may change some or all content of
message.
• Replace, change, redirect, combine pieces of
different messages into one, destroy message, etc.
• Noise:
• Communication signal are subject to interference
from other traffic, lightning, electric motors,
animals, etc. These are inevitable.
Cont..
• Web site defacement
• Whole HTML code is accessible and downloadable.
– The website vulnerability enables attacks
known as:
– Buffer overflow: On website with excess of
data.
– Dot-Dot and address problems
• http://URL/null.htm?dotwebfile==/../../../..wint/syste
m32/autoexec.nt.
– Application code Errors: claver attacker can
edit the URL in the address window and
change the parameter.
Denial of service (DOS)
• That is threat to availability of service.
• Transmission failure.
• Connection flooding
•
•
•
•
•
TCP/UDP
ICMP: ping (request Destination Reachability).
echo (return same data as a reply)
Destination unreachable.
Source quench: destination saturated so, source
should suspend sending packet for a while.
Cont..
• We examine how two of these protocols can be
used to attack a victim.
• Echo-chargen:
• This attack works between two hosts
• Chargen is a protocol that is used to generate packet and to
test the capacity of network.
A
echo
reply
B
A and B puts the
n/w in endless loop
If the attackers makes B both source and destination.
B hangs in loop constantly replying to its own messages
Cont..
• Ping to Death attack.
• If attacker on 100 MB connection and victim is on
10 MB. Attacker easily flood victims network.
– Smurf attack: variation the Ping to death attack
• Attacker select the network of victim, then attacker
spoofs the source IP address in the ping packet,
so that it appears to come from the victim.
• Then attacker sends this request to the network in
broadcast mode by setting host id to all 1’s.
Cont…
• Syn flood attack.
• Uses the TCP protocol. Session establised with
three way handshake
• Here, attacker sends many syn packets to victim
and never respond with ack. Thereby filling the
victims syn-ack queue.
• Other way is by spoofing non existing source IP
address.
• Distributed DOS
Network security controls
• Design and implementation
• Architecture
• encryption
Types of Firewalls
•
•
•
•
•
Packet filter
Stateful Inspection firewall
Application proxy gateway
Guard
Personal firewall.