chapter 1 overview of network security 2
DESCRIPTION
networkTRANSCRIPT
![Page 1: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/1.jpg)
1© 2005 Cisco Systems, Inc. All rights reserved.
Overview of Network Security
![Page 2: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/2.jpg)
2© 2005 Cisco Systems, Inc. All rights reserved.
Learning Objectives
• Introduction to Network Security
• Introduction to Vulnerabilities, Threats, and Attacks
• Attack Examples
• Vulnerability Analysis
![Page 3: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/3.jpg)
3© 2005 Cisco Systems, Inc. All rights reserved.
The Closed Network
![Page 4: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/4.jpg)
4© 2005 Cisco Systems, Inc. All rights reserved.
The Network Today
![Page 5: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/5.jpg)
5© 2005 Cisco Systems, Inc. All rights reserved.
Network Security Models
![Page 6: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/6.jpg)
6© 2005 Cisco Systems, Inc. All rights reserved.
Trends that Affect Security
• Increase of network attacks
• Increased sophistication of attacks
• Increased dependence on the network
• Lack of trained personnel
• Lack of awareness
• Lack of security policies
• Wireless access
• Legislation
• Litigation
![Page 7: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/7.jpg)
7© 2005 Cisco Systems, Inc. All rights reserved.
Legal and Governmental Policy Issues
Organizations that operate vulnerable networks will face increasing and substantial liability.
US Federal legislation mandating security includes the following:
GLB financial services legislation
Government Information Security Reform Act
HIPAA
CIPA
![Page 8: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/8.jpg)
8© 2005 Cisco Systems, Inc. All rights reserved.
Attacks, Services and Mechanisms
• Security Attack: Any action that compromises the security of information.
• Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
• Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
![Page 9: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/9.jpg)
9© 2005 Cisco Systems, Inc. All rights reserved.
Security Attacks
![Page 10: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/10.jpg)
10© 2005 Cisco Systems, Inc. All rights reserved.
Security Attacks
• Interruption: This is an attack on availability
• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is an attack on authenticity
![Page 11: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/11.jpg)
11© 2005 Cisco Systems, Inc. All rights reserved.
Security Goals
Integrity
Confidentiality
Avaliability
![Page 12: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/12.jpg)
12© 2005 Cisco Systems, Inc. All rights reserved.
![Page 13: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/13.jpg)
13© 2005 Cisco Systems, Inc. All rights reserved.
Security Services
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
Denial of Service Attacks
Virus that deletes files
![Page 14: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/14.jpg)
14© 2005 Cisco Systems, Inc. All rights reserved.
Henric Johnson 14
![Page 15: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/15.jpg)
15© 2005 Cisco Systems, Inc. All rights reserved.
![Page 16: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/16.jpg)
16© 2005 Cisco Systems, Inc. All rights reserved.
Methods of Defense
• Encryption
• Software Controls (access limitations in a data base, in operating system protect each user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of passwords)
• Physical Controls
![Page 17: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/17.jpg)
17© 2005 Cisco Systems, Inc. All rights reserved.
Internet standards and RFCs
• The Internet society
Internet Architecture Board (IAB)
Internet Engineering Task Force (IETF)
Internet Engineering Steering Group (IESG)
![Page 18: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/18.jpg)
18© 2005 Cisco Systems, Inc. All rights reserved.
Internet RFC Publication Process
![Page 19: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/19.jpg)
19© 2005 Cisco Systems, Inc. All rights reserved.
Network Vulnerabilities
• Technology
• Configuration
• Policy
![Page 20: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/20.jpg)
20© 2005 Cisco Systems, Inc. All rights reserved.
Threat Capabilities—More Dangerous and Easier to Use
![Page 21: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/21.jpg)
21© 2005 Cisco Systems, Inc. All rights reserved.
Network Threats
• There are four general categories of security threats to the network:
Unstructured threats
Structured threats
External threats
Internal threats
Internet
Internal
exploitation Dial-in
exploitation
Compromised
host
![Page 22: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/22.jpg)
22© 2005 Cisco Systems, Inc. All rights reserved.
Four Classes of Network Attacks
Reconnaissance attacks
Access attacks
Denial of service attacks
Worms, viruses, and Trojan horses
![Page 23: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/23.jpg)
23© 2005 Cisco Systems, Inc. All rights reserved.
Specific Attack Types
• All of the following can be used to compromise your system:
Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms
![Page 24: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/24.jpg)
24© 2005 Cisco Systems, Inc. All rights reserved.
Reconnaissance Attacks
• Network reconnaissance refers to the overall act of learning information about a target network by using publicly available information and applications.
![Page 25: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/25.jpg)
25© 2005 Cisco Systems, Inc. All rights reserved.
Reconnaissance Attack Example
Sample domain name query
• Sample IP address query
![Page 26: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/26.jpg)
26© 2005 Cisco Systems, Inc. All rights reserved.
Reconnaissance Attack Mitigation
Network reconnaissance cannot be prevented entirely.
IDSs at the network and host levels can usually notify an administrator when a reconnaissance gathering attack (for example, ping sweeps and port scans) is under way.
![Page 27: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/27.jpg)
27© 2005 Cisco Systems, Inc. All rights reserved.
Packet Sniffers
• A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets. The following are the packet sniffer features:
Packet sniffers exploit information passed in clear text. Protocols that pass information in the clear include the following:
•Telnet
•FTP
•SNMP
•POP
Packet sniffers must be on the same collision domain.
Host A Host BRouter A Router B
![Page 28: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/28.jpg)
28© 2005 Cisco Systems, Inc. All rights reserved.
Packet Sniffer Mitigation
• The following techniques and tools can be used to mitigate sniffers:
Authentication—Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers.
Switched infrastructure—Deploy a switched infrastructure to counter the use of packet sniffers in your environment.
Antisniffer tools—Use these tools to employ software and hardware designed to detect the use of sniffers on a network.
Cryptography—The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant.
Host A Host BRouter A Router B
![Page 29: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/29.jpg)
29© 2005 Cisco Systems, Inc. All rights reserved.
IP Spoofing
IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer.
Two general techniques are used during IP spoofing:
A hacker uses an IP address that is within the range of trusted IP addresses.
A hacker uses an authorized external IP address that is trusted.
Uses for IP spoofing include the following:
IP spoofing is usually limited to the injection of malicious data or commands into an existing stream of data.
A hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can.
![Page 30: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/30.jpg)
30© 2005 Cisco Systems, Inc. All rights reserved.
IP Spoofing Mitigation
• The threat of IP spoofing can be reduced, but not eliminated, through the following measures:
Access control—The most common method for preventing IP spoofing is to properly configure access control.
RFC 2827 filtering—You can prevent users of your network from spoofing other networks (and be a good Internet citizen at the same time) by preventing any outbound traffic on your network that does not have a source address in your organization's own IP range.
Additional authentication that does not use IP-based authentication—Examples of this include the following:
Cryptographic (recommended)
Strong, two-factor, one-time passwords
![Page 31: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/31.jpg)
31© 2005 Cisco Systems, Inc. All rights reserved.
DoS Attacks
![Page 32: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/32.jpg)
32© 2005 Cisco Systems, Inc. All rights reserved.
DDoS Attack Example
![Page 33: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/33.jpg)
33© 2005 Cisco Systems, Inc. All rights reserved.
DoS Attack Mitigation
• The threat of DoS attacks can be reduced through the following three methods:
Antispoof features—Proper configuration of antispoof features on your routers and firewalls
Anti-DoS features—Proper configuration of anti-DoS features on routers and firewalls
Traffic rate limiting—Implement traffic rate limiting with the networks ISP
![Page 34: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/34.jpg)
34© 2005 Cisco Systems, Inc. All rights reserved.
Password Attacks
• Hackers can implement password attacks using several different methods:
Brute-force attacks
Dictionary Attacks
Trojan horse programs
IP spoofing
Packet sniffers
![Page 35: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/35.jpg)
35© 2005 Cisco Systems, Inc. All rights reserved.
Password Attack Example
• L0phtCrack can take the hashes of passwords and generate the clear text passwords from them. Passwords are computed using two different methods:
Dictionary cracking
Brute force computation
![Page 36: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/36.jpg)
36© 2005 Cisco Systems, Inc. All rights reserved.
Password Attacks Mitigation
• The following are mitigation techniques:
Do not allow users to use the same password on multiple systems.
Disable accounts after a certain number of unsuccessful login attempts.
Do not use plain text passwords. OTP or a cryptographic password is recommended.
Use “strong” passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters.
![Page 37: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/37.jpg)
37© 2005 Cisco Systems, Inc. All rights reserved.
Man-in-the-Middle Attacks
A man-in-the-middle attack requires that the hacker have access to network packets that come across a network.
A man-in-the-middle attack is implemented using the following:
Network packet sniffers
Routing and transport protocols
Possible man-in-the-middle attack uses include the following:
Theft of information
Hijacking of an ongoing session
Traffic analysis
DoS
Corruption of transmitted data
Introduction of new information into network sessions
Host A Host B
Router A Router B
Data in clear text
![Page 38: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/38.jpg)
38© 2005 Cisco Systems, Inc. All rights reserved.
Man-in-the-Middle Mitigation
• Man-in-the-middle attacks can be effectively mitigated only through the use of cryptography (encryption).
Host A Host B
Router A ISP Router B
A man-in-the-middle attack can only see cipher text
IPSec tunnel
![Page 39: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/39.jpg)
39© 2005 Cisco Systems, Inc. All rights reserved.
Application Layer Attacks
• Application layer attacks have the following characteristics:
Exploit well known weaknesses, such as protocols, that are intrinsic to an application or system (for example, sendmail, HTTP, and FTP)
Often use ports that are allowed through a firewall (for example, TCP port 80 used in an attack against a web server behind a firewall)
Can never be completely eliminated, because new vulnerabilities are always being discovered
![Page 40: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/40.jpg)
40© 2005 Cisco Systems, Inc. All rights reserved.
Application Layer Attacks Mitigation
• Some measures you can take to reduce your risks are as follows:
Read operating system and network log files, or have them analyzed by log analysis applications.
Subscribe to mailing lists that publicize vulnerabilities.
Keep your operating system and applications current with the latest patches.
IDSs can scan for known attacks, monitor and log attacks, and in some cases, prevent attacks.
![Page 41: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/41.jpg)
41© 2005 Cisco Systems, Inc. All rights reserved.
Trust Exploitation
![Page 42: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/42.jpg)
42© 2005 Cisco Systems, Inc. All rights reserved.
Trust Exploitation Mitigation
Systems on the outside of a firewall should never be absolutely trusted by systems on the inside of a firewall.
Such trust should be limited to specific protocols and should be validated by something other than an IP address where possible.
SystemA
User = psmith; Pat Smith
SystemB
compromised
by a hacker
User = psmith; Pat
Smith
Hacker
User = psmith; Pat Smithson
Hacker
blocked
![Page 43: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/43.jpg)
43© 2005 Cisco Systems, Inc. All rights reserved.
Port Redirection
![Page 44: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/44.jpg)
44© 2005 Cisco Systems, Inc. All rights reserved.
Unauthorized Access
Unauthorized access includes any unauthorized attempt to access a private resource:
Not a specific type of attack
Refers to most attacks executed in networks today
Initiated on both the outside and inside of a network
The following are mitigation techniques for unauthorized access attacks:
Eliminate the ability of a hacker to gain access to a system
Prevent simple unauthorized access attacks, which is the primary function of a firewall
![Page 45: Chapter 1 Overview of Network Security 2](https://reader033.vdocument.in/reader033/viewer/2022052701/563dbb2b550346aa9aaad7bc/html5/thumbnails/45.jpg)
45© 2005 Cisco Systems, Inc. All rights reserved.
Virus and Trojan Horses
Viruses refer to malicious software that are attached to another program to execute a particular unwanted function on a user’s workstation. End-user workstations are the primary targets.
A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. A Trojan horse is mitigated by antivirus software at the user level and possibly the network level.