ch11 bonus security

7/29/2019 Ch11 Bonus Security

1/10

CISCO NETWORKING ACADEMY

Chabot College

ELEC 99.05

Internet Security Introduction


2/10


Internet Security

TCP/IP and the internet were designed by

professionals with a common culture and

cooperative goals. Today they are used by a wide range of

persons with varying and sometimes malicious

goals.

The technology of TCP/IP does not assure

user security.

There are many points at which TCP/IP

security can be compromised.


3/10


Internet Security

Security intrusions over the internet are

common.

The following slide shows 48 hours ofintrusion attempts against a DSL-connected

PC

Note that the probes come from all over

the world, including Romania.

Most of these attempts are from script

kiddies running a program on a PC to

grind through a range of IP addresses.


4/10


Probes Against DSL-Connected MachineissueName intruderIp intruderName parametersBack Orifice ping 193.231.209.31 ppp31.fx.ro type=PING(1)&pas

Back Orifice ping 193.226.61.246 ppp53.starnets.ro type=PING(1)&pas

Back Orifice ping 193.230.162.163 type=PING(1)&pas



Back Orifice ping 139.92.173.88 slip139-92-173-88.buk.ro.ibm.net type=PING(1)&pas

SubSeven port probe 64.218.67.36 DEFAULT port=27374&name

SubSeven port probe 63.197.207.4 B-VANNOY-98WS port=27374&name

SubSeven port probe 63.198.106.43 REYNALDO port=27374&nameSubSeven port probe 200.40.59.146 r200-40-59-146.adinet.com.uy port=27374&name

DNS port probe 207.42.254.34 pinnacle.pinnaclenetwork.COM port=53

DNS port probe 24.6.48.235 cc750365-a.chmbl1.ga.home.com port=53

FTP port probe 62.226.25.215 p3EE219D7.dip.t-dialin.net port=21

FTP port probe 64.161.213.21 MODERN-IMAGES port=21

NetBIOS port probe 63.206.117.39 TED port=139

NetBIOS port probe 63.198.183.96 MONICA & LOUIE port=139

NetBIOS port probe 63.198.103.101 adsl-63-198-103-101.dsl.snfc21.pacbell.net port=139

NetBIOS port probe 63.198.217.105 JAY'SROOM port=139PCAnywhere ping 63.198.176.9 adsl-63-198-176-9.dsl.snfc21.pacbell.net port=22

PCAnywhere ping 63.198.176.94 adsl-63-198-176-94.dsl.snfc21.pacbell.net port=5632

PCAnywhere ping 63.198.176.227 adsl-63-198-176-227.dsl.snfc21.pacbell.net port=5632

SOCKS port probe 63.22.60.176 2Cust48.tnt10.atl2.da.uu.net port=1080

TCP OS fingerprint 195.120.158.202 port=21&flags=3

TCP OS f ingerprint 208.62.23.150 port=9704&flags=3

TCP OS fingerprint 24.13.154.175 c186232-a.aurora1.co.home.com port=21&flags=3

UDP port probe 205.188.153.108 fes-d012.icq.aol.com port=1062

UDP port probe 205.188.153.106 fes-d010.icq.aol.com port=1058UDP port probe 205.188.153.105 fes-d009.icq.aol.com port=1654


5/10


Security Strategies

Use a NAT router to connect to DSL or

cable modem.

Use a software firewall for dial-up, DSL orcable modem.

(e.g. Zone Alarm, from www.zonelabs.com -

free)

Read Steve Gibsons excellent Shields-UPsite and follow his configuration advice.

(free)
http://www.zonelabs.com/http://www.zonelabs.com/


6/10


Shields UP

Key ideas from Shields UP:

As delivered, Windows is not secure when

connected to the internet. The key problems can be fixed by a free

reconfiguration.

Free software firewalls are recommended.


7/10CISCO NETWORKING ACADEMY

Shields UP

Heres how windows protocol bindings are

delivered:

Layer 1&2

Layer 3

Higher Layers



Shields UP

Binding these Microsoft network services to

TCP/IP creates security vulnerabilities!

Problem

Bindings



Shields UP

Here are the bindings needed for access to

the internet:



Shields UP

The excellent Shields Up site tells you how

to do it!

Bonus Credit Assignment - fix your home

PC!

http://www.grc.com
http://www.grc.com/http://www.grc.com/

ch11 bonus security

Documents