Transcript 投影片 1
Network Security (I)
授課老師: 鄭伯炤
Office: Dept. of Communication Rm #112
Tel: X33512
Email: [email protected]
Information Networking Security and Assurance Lab
National Chung Cheng University
We Are in Dangerous Zone!
CERT: Computer Emergency Response Team
http://www.cert.org/
• Insider
• Outsider
• Unstructured
• Structured
Network
Information
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University http://www.andrew.cmu.edu/course/95-753/lectures/MooreTalkCERT-combined.pdf
2
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
3
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
4
Attack Motivations, Phases and Goals
Data manipulation
System access
Elevated privileges
Denial of Service
Analyze Information & Prepare Attacks
• Service in use
• Known OS/Application vulnerability
• Known network protocol security weakness
• Network topology
• Revenge
• Political activism
• Financial gain
Actual Attack
Network Compromise
DoS/DDoS Attack
• Bandwidth consumption
• Host resource starvation
Collect Information
• Public data source
• Scanning and probing
Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses
Author: Ed Skoudis; Publisher: Prentice Hall; ISBN 0130332739
Network Security
Information
Networking
Class Security and Assurance Lab
National Chung Cheng University
5
Tools, Tools, Tools
Network Scanning
Reconnaissance
•Telnet
•Nmap
•Hping2
•Netcat
•ICMP: Ping and Traceroute
•Nslookup
•Whois
•ARIN
•Dig
•Target Web Site
•Others
Penetration Tool
“Penetration Studies – A Technical Overview”
http://www.sans.org/rr/papers/index.php?id=267
Vulnerability Assessment
•Nessus
•SARA
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
GSEC SANS GIAC Certification: Security Essentials Toolkit
Author: Eric Cole et al. ISBN 0789727749
6
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
7
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
8
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
9
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
10
Firewall
An gateway that restricts data communication
traffic to and from one of the connected
networks (the one said to be "inside" the
firewall) and thus protects that network's
system resources against threats from the
other network (the one that is said to be
"outside" the firewall).
Access Control List (ACL): A mechanism that
implements access control for a system
resource by enumerating the identities of the
system entities that are permitted to access the
resource.
Outside
ACL
Inside
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf 11
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
Intrusion Detection System (IDS)
A security service that monitors and analyzes system
events for the purpose of finding, and providing realtime or near real- time warning of, attempts to access
system resources in an unauthorized manner.
(RFC2828)
Types of IDS:
Host-based: operate on information collected from
within an individual computer system.
Network-based: listen on a network segment or switch
and detect attacks by capturing and analyzing network
packets.
http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
12
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
13
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
14
IPSec vs. SSL
IPSec (Internet Protocol Security)
Tunnel between the two endpoints
Works on the Network Layer of the OSI Model- without an association
to any specific application.
When connected on an IPSec VPN the client computer is “virtually” a
full member of the corporate network- able to see and potentially
access the entire network
The majority of IPSec VPN solutions require third-party hardware and /
or software
SSL
A common protocol and most web browsers have SSL capabilities built
in.
More precise access control
Only work for web-based applications and possible to web-enable
applications
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
15
Financial Losses by Type of Attack in
2002
$Million
100% security is impossible;
Security can only mitigate, but
not eliminate
200
150
Firewall
AAA
VPN
Anti-virus
Intrusion Detection
100
50
0
Theft of proprietary Info
System Penetration by outsider
Financial Fraud
Virus
Sabotage of Network
Insider abuse of Net access
DoS
Laptop theft
Source 2002 CSI/FBI Survey
RADIUS: Remote Authentication Dial-In User Service
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
Authentication: "Are you who you say you are?"
Authorization: "Can you do that?"
Accounting: "What did you do?"
16
Network Compromise & Denial of
Service
Extranet
Poor Service Configuration:
e.g., DNS, Mail, FTP and Web
DDoS: Client Handler Agent Victim
e.g., Trinoo and Tribe Flood Network
Intranet
Internal System
33%
Application hole
Physical Access
Host Resource Starvation:
e.g., SYN flood
Internet
74%
12%
Remote Access
Bandwidth Consumption:
e.g., SMURF and Fraggle
Backdoors
Protocol Weakness: ARP, ICMP
Authentication:
Password Crackers
Out-of-Bounds Attack:
e.g., Ping of Death and IP fragment attack
Hackers Beware
Eric Cole; ISBN 0735710090
Information
Network
Security
Networking
Class Security and Assurance Lab
Author:
National Chung Cheng University
17
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
18
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
19
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
20
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
21
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
22
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
23
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
24
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
25
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
26
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
27
Risk Management
• Risk Management: is the process of assessing risk, taking steps to
reduce risk to an acceptable level and maintaining that level of risk.
Risk is the possibility of
something adverse happening.
VPN
Firewall
Risk Management
IDS
Risk Assessment
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
Risk Mitigation
28
Threat, Vulnerability and Asset
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
29
Risk Mitigation Action Points
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
30
Information
Network
Security
Networking
Class Security and Assurance Lab
National Chung Cheng University
31