Transcript 投影片 1
Network Security (I) 授課老師: 鄭伯炤 Office: Dept. of Communication Rm #112 Tel: X33512 Email: [email protected] Information Networking Security and Assurance Lab National Chung Cheng University We Are in Dangerous Zone! CERT: Computer Emergency Response Team http://www.cert.org/ • Insider • Outsider • Unstructured • Structured Network Information Security Networking Class Security and Assurance Lab National Chung Cheng University http://www.andrew.cmu.edu/course/95-753/lectures/MooreTalkCERT-combined.pdf 2 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 3 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 4 Attack Motivations, Phases and Goals Data manipulation System access Elevated privileges Denial of Service Analyze Information & Prepare Attacks • Service in use • Known OS/Application vulnerability • Known network protocol security weakness • Network topology • Revenge • Political activism • Financial gain Actual Attack Network Compromise DoS/DDoS Attack • Bandwidth consumption • Host resource starvation Collect Information • Public data source • Scanning and probing Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses Author: Ed Skoudis; Publisher: Prentice Hall; ISBN 0130332739 Network Security Information Networking Class Security and Assurance Lab National Chung Cheng University 5 Tools, Tools, Tools Network Scanning Reconnaissance •Telnet •Nmap •Hping2 •Netcat •ICMP: Ping and Traceroute •Nslookup •Whois •ARIN •Dig •Target Web Site •Others Penetration Tool “Penetration Studies – A Technical Overview” http://www.sans.org/rr/papers/index.php?id=267 Vulnerability Assessment •Nessus •SARA Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University GSEC SANS GIAC Certification: Security Essentials Toolkit Author: Eric Cole et al. ISBN 0789727749 6 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 7 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 8 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 9 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 10 Firewall An gateway that restricts data communication traffic to and from one of the connected networks (the one said to be "inside" the firewall) and thus protects that network's system resources against threats from the other network (the one that is said to be "outside" the firewall). Access Control List (ACL): A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resource. Outside ACL Inside http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf 11 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University Intrusion Detection System (IDS) A security service that monitors and analyzes system events for the purpose of finding, and providing realtime or near real- time warning of, attempts to access system resources in an unauthorized manner. (RFC2828) Types of IDS: Host-based: operate on information collected from within an individual computer system. Network-based: listen on a network segment or switch and detect attacks by capturing and analyzing network packets. http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 12 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 13 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 14 IPSec vs. SSL IPSec (Internet Protocol Security) Tunnel between the two endpoints Works on the Network Layer of the OSI Model- without an association to any specific application. When connected on an IPSec VPN the client computer is “virtually” a full member of the corporate network- able to see and potentially access the entire network The majority of IPSec VPN solutions require third-party hardware and / or software SSL A common protocol and most web browsers have SSL capabilities built in. More precise access control Only work for web-based applications and possible to web-enable applications Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 15 Financial Losses by Type of Attack in 2002 $Million 100% security is impossible; Security can only mitigate, but not eliminate 200 150 Firewall AAA VPN Anti-virus Intrusion Detection 100 50 0 Theft of proprietary Info System Penetration by outsider Financial Fraud Virus Sabotage of Network Insider abuse of Net access DoS Laptop theft Source 2002 CSI/FBI Survey RADIUS: Remote Authentication Dial-In User Service Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University Authentication: "Are you who you say you are?" Authorization: "Can you do that?" Accounting: "What did you do?" 16 Network Compromise & Denial of Service Extranet Poor Service Configuration: e.g., DNS, Mail, FTP and Web DDoS: Client Handler Agent Victim e.g., Trinoo and Tribe Flood Network Intranet Internal System 33% Application hole Physical Access Host Resource Starvation: e.g., SYN flood Internet 74% 12% Remote Access Bandwidth Consumption: e.g., SMURF and Fraggle Backdoors Protocol Weakness: ARP, ICMP Authentication: Password Crackers Out-of-Bounds Attack: e.g., Ping of Death and IP fragment attack Hackers Beware Eric Cole; ISBN 0735710090 Information Network Security Networking Class Security and Assurance Lab Author: National Chung Cheng University 17 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 18 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 19 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 20 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 21 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 22 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 23 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 24 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 25 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 26 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 27 Risk Management • Risk Management: is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk. Risk is the possibility of something adverse happening. VPN Firewall Risk Management IDS Risk Assessment Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University Risk Mitigation 28 Threat, Vulnerability and Asset Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 29 Risk Mitigation Action Points Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 30 Information Network Security Networking Class Security and Assurance Lab National Chung Cheng University 31