ch11 bonus security
Post on 04-Apr-2018
217 Views
Preview:
TRANSCRIPT
-
7/29/2019 Ch11 Bonus Security
1/10
CISCO NETWORKING ACADEMY
Chabot College
ELEC 99.05
Internet Security Introduction
-
7/29/2019 Ch11 Bonus Security
2/10
CISCO NETWORKING ACADEMY
Internet Security
TCP/IP and the internet were designed by
professionals with a common culture and
cooperative goals. Today they are used by a wide range of
persons with varying and sometimes malicious
goals.
The technology of TCP/IP does not assure
user security.
There are many points at which TCP/IP
security can be compromised.
-
7/29/2019 Ch11 Bonus Security
3/10
CISCO NETWORKING ACADEMY
Internet Security
Security intrusions over the internet are
common.
The following slide shows 48 hours ofintrusion attempts against a DSL-connected
PC
Note that the probes come from all over
the world, including Romania.
Most of these attempts are from script
kiddies running a program on a PC to
grind through a range of IP addresses.
-
7/29/2019 Ch11 Bonus Security
4/10
CISCO NETWORKING ACADEMY
Probes Against DSL-Connected MachineissueName intruderIp intruderName parametersBack Orifice ping 193.231.209.31 ppp31.fx.ro type=PING(1)&pas
Back Orifice ping 193.226.61.246 ppp53.starnets.ro type=PING(1)&pas
Back Orifice ping 193.230.162.163 type=PING(1)&pas
Back Orifice ping 193.230.162.185 type=PING(1)&pas
Back Orifice ping 193.230.162.80 type=PING(1)&pas
Back Orifice ping 139.92.173.88 slip139-92-173-88.buk.ro.ibm.net type=PING(1)&pas
SubSeven port probe 64.218.67.36 DEFAULT port=27374&name
SubSeven port probe 63.197.207.4 B-VANNOY-98WS port=27374&name
SubSeven port probe 63.198.106.43 REYNALDO port=27374&nameSubSeven port probe 200.40.59.146 r200-40-59-146.adinet.com.uy port=27374&name
DNS port probe 207.42.254.34 pinnacle.pinnaclenetwork.COM port=53
DNS port probe 24.6.48.235 cc750365-a.chmbl1.ga.home.com port=53
FTP port probe 62.226.25.215 p3EE219D7.dip.t-dialin.net port=21
FTP port probe 64.161.213.21 MODERN-IMAGES port=21
NetBIOS port probe 63.206.117.39 TED port=139
NetBIOS port probe 63.198.183.96 MONICA & LOUIE port=139
NetBIOS port probe 63.198.103.101 adsl-63-198-103-101.dsl.snfc21.pacbell.net port=139
NetBIOS port probe 63.198.217.105 JAY'SROOM port=139PCAnywhere ping 63.198.176.9 adsl-63-198-176-9.dsl.snfc21.pacbell.net port=22
PCAnywhere ping 63.198.176.94 adsl-63-198-176-94.dsl.snfc21.pacbell.net port=5632
PCAnywhere ping 63.198.176.227 adsl-63-198-176-227.dsl.snfc21.pacbell.net port=5632
SOCKS port probe 63.22.60.176 2Cust48.tnt10.atl2.da.uu.net port=1080
TCP OS fingerprint 195.120.158.202 port=21&flags=3
TCP OS f ingerprint 208.62.23.150 port=9704&flags=3
TCP OS fingerprint 24.13.154.175 c186232-a.aurora1.co.home.com port=21&flags=3
UDP port probe 205.188.153.108 fes-d012.icq.aol.com port=1062
UDP port probe 205.188.153.106 fes-d010.icq.aol.com port=1058UDP port probe 205.188.153.105 fes-d009.icq.aol.com port=1654
-
7/29/2019 Ch11 Bonus Security
5/10
CISCO NETWORKING ACADEMY
Security Strategies
Use a NAT router to connect to DSL or
cable modem.
Use a software firewall for dial-up, DSL orcable modem.
(e.g. Zone Alarm, from www.zonelabs.com -
free)
Read Steve Gibsons excellent Shields-UPsite and follow his configuration advice.
(free)
http://www.zonelabs.com/http://www.zonelabs.com/ -
7/29/2019 Ch11 Bonus Security
6/10
CISCO NETWORKING ACADEMY
Shields UP
Key ideas from Shields UP:
As delivered, Windows is not secure when
connected to the internet. The key problems can be fixed by a free
reconfiguration.
Free software firewalls are recommended.
-
7/29/2019 Ch11 Bonus Security
7/10CISCO NETWORKING ACADEMY
Shields UP
Heres how windows protocol bindings are
delivered:
Layer 1&2
Layer 3
Higher Layers
-
7/29/2019 Ch11 Bonus Security
8/10CISCO NETWORKING ACADEMY
Shields UP
Binding these Microsoft network services to
TCP/IP creates security vulnerabilities!
Problem
Bindings
-
7/29/2019 Ch11 Bonus Security
9/10CISCO NETWORKING ACADEMY
Shields UP
Here are the bindings needed for access to
the internet:
-
7/29/2019 Ch11 Bonus Security
10/10CISCO NETWORKING ACADEMY
Shields UP
The excellent Shields Up site tells you how
to do it!
Bonus Credit Assignment - fix your home
PC!
http://www.grc.com
http://www.grc.com/http://www.grc.com/
top related