group e network security

8/9/2019 Group E Network Security

1/34

Network Security

Presenting : GROUP E

01 Manoj04 Sheetal06 Nitin15 James30 Pramod39 Yogesh


2/34

Real Time Cases

Network Attacks through Facebook, Twitter Tripled in 2009

Sophos, An IT Security firm surveyed around 500 firms and investigations found that, as

more organizations allow employees to use social media like Facebook and Twitter at work,

cyber crime attacks on these networks have exploded. Reports of malware and spam rose

70 percent on social networks in the last 12 months, the security survey reveals

Sophos finds 57 percent of users report they have been spammed via social networking sites

and 36 percent reveal they have been sent malware via social networking sites.


3/34

Virginia State Prescription Monitoring Program Records - Hackers stole 8.3 million

records, erased the originals and created an encrypted backup of VPMP's database. The

records were patient records and 35 million drug prescriptions for their patients. For a

twist, the hackers defaced the VPMP's website with a ransom note demanding $10million bucks which they never got it

Phishing attacks on banking sites - The report shows that only a very few bank

customers actually click on a phishing email, in fact it is only 0.000564%. Of these

people that do click though 45% of them provide their personal credentials to the fake

phishing site. Although the click rate is super low the scale of users involved makes this

a significant loss to banks. Bank looses between 2.4 and 9.4 million dollars (per million

online bank users) to phishing fraud annually!

Real Time Cases


4/34

What is Security

Freedom from risk or danger; safety.

Freedom from doubt, anxiety, or fear; confidence.

Something that gives or assures safety


5/34

Why do we need security?

Protect vital information while still allowing access to those who need it

Ex. Trade secrets, medical records, etc.

Provide authentication and access control for resources

Ex: AFS

Guarantee availability of resources

Ex: (99.999% reliability)


6/34

Security Objectives

Identification

Authentication

Authorization

Access Control

Data Integrity

Availability

Confidentiality

Non-repudiation


7/34

Security Objectives

Identification

Unique identification : UserID

UserID can be one or combination of UserName or SSN etc

Availability

Legal users should be able to access

To ensure maximum network uptime

Authentication

The process of verifying the identity of a user.

Linked with security question / information

Something which user knows or belongs to.

1. One Factor Authenticationpassword which is something you know

2. Two Factor Authentication

something you to use a security token or 'dongle', an ATM card, or your mobile phone

3. Three Factor Authentication

A fingerprint or retinal scan.


8/34

Security Objectives

Client

UserID & Password

ServerID &

Password

Authenticated

Authenticated

Server

One-way Authentication

Two-way Authentication

Two-Party Authentications


9/34

Security Objectives

Authe

ntic

ated

Clie

ntID,Pass

word Serv

erID,Passw

ord

Authenticated

Exchange Keys

Exchange DataClient Server

Security Server

Third-Party Authentications


10/34

Security Objectives

Authorization

The process of assigning access right to user

Access Control - The process of enforcing access right and is based on following threeentities

Subject -is entity that can access an object

Object -is entity to which access can be controlled

Access Right -defines the ways in which a subject can access an object.

Data Integrity

Assurance that the data that arrives is the same as when it was sent.

SSL VPNs and IPSec VPNs have been popular technologies to provide secure access.

Confidentiality

Assurance that sensitive information is not visible to an eavesdropper. This is usually

achieved using encryption.

Non-repudiation

Assurance that any transaction that takes place can subsequently be proved to have takenplace. Both the sender and the receiver agree that the exchange took place.


11/34

Network Security

Definition

It provides protection at the boundaries of an organization by keeping out

intruders or hackers. Information security, focuses on protecting data

resources from malware attack or simple mistakes by people within an

organization.


12/34

Todays Network


13/34

Network Security Model


14/34

Reasons for Security Attacks

Competition

Thrill

Revenge (former employee)

Terrorism

Financial gain

Political

Religion

Reputation and ego of the hacker

Intellectual Property theft, Trade Secrets

Commercial or personal

Bored youth...(Time pass)


15/34

Network Attacks

Occurs due to violation of IT security policy, acceptable use policy or of standard procedures.1. Malware attacks

virus

worms

Trojan horses

2. Denial of Service ( DOS )

as a side-effect of malware attack

as a deliberate, intelligent attack

3. Intruders, intelligent agent attacks

insiders

outsiders

ex-insiders

4. Email

advertising - SPAM

scams: phishing, stock market

malware-carrying: Trojans

5. Operational incidents

system failures: crashes, environmental failure

operator error


16/34

Network Attacks

DOS (Denial-of-Service)

Attacks are most difficult to address. These are the nastiest, very easy to launch but difficultto track. Attacker's send more requests to the machine than it can't handle. The attacker'sprogram simply makes a connection on some service port. If the host is able to answer 20requests per second, and the attacker is sending 50 per second so that the host will beunable to service all of the attacker's requests.

Employee accessing files at strange times or unauthorized stuff.

Unauthorized Access

Unknown and untrusted person trying to access your network or system. Goal is to gainaccess to resource that your machine should not provide to the attacker. It is a very high-level attack. Through this intruders unethically gains administrator privileges and executscommands Illicitly and making configuration changes on a host.

Network intrusionThe attackers or hackers gain access to a network by probing and sniffing out weak spots inthe hardware and software configuration, or by cracking passwords using brute force.

Another method is IP spoofing where an intruder sends messages to the target computerusing the IP address of a trusted host computer, so that the data appears to be coming fromthat trusted host.


17/34

Network Attacks

Viruses, Worms and Trojan HorsesViruses and worms are malicious programs or pieces of software code that are usuallydisseminated via e-mail or Internet packets.When a virus gets into an unsuspectingcomputer, it often replicates itself and uses the e-mail system to send out copies of the virusto other recipients in the e-mail address list.

Some viruses destroy data while worms simply replicate themselves over and over, thususing up system memory.

Trojan Horses is a common method of intrusion to send e-mail with seemingly harmless

applications as attachments. These applications or applets or software programs get into thenetwork server and hide there.

Social Engineering

It is a non-technical kind of intrusion relying heavily on human interaction which ofteninvolves tricking other people into breaking normal security procedures, the attacker usessocial skills and human interaction to obtain information about an organization or theircomputer systems. It occurs due to natural human tendency to trust. This is exactly whatmakes us vulnerable.


18/34

Defense In Depth

Firewall

Chokepoint device

Barrier between two networks

Set Rule for traffic allow /deny

Decides what to allow and what not

It separates organization's intranet and the Internet.

Authentication

Involves username and a passwordRemote Authentication Dial-in User Service (RADIUS)

Strong passwords recommended


19/34

Defense In Depth

Proxy ServerThis is the process of having one host act in behalfof another.

Fetches documents from the Internet.

No direct connection to internet

All hosts on the intranet can access internet viaproxy

Demilitarized Zone (DMZ).

DMZ is a critical part of a firewall.

It is a network between intranet and internet.

It connects the untrusted network to thetrusted.

Someone who breaks into your network fromthe Internet.


20/34

Defense In Depth

Intrusion Detection System (IDS)

Burglar alarm system for network

Detect, alert malicious event

NIDS Monitor network traffic for suspicious activity

HIDS- Monitor individual host

Alerts in the form of email/ pager/ Reporting to centralized

database.Drawback Notify after occurrence.


21/34

Defense In Depth

Intrusion prevention system (IPS)It helps to detect and prevent malwareattack.

Defend without Administrators directinvolvement

NIPS Device sit on network and preventintrusions.

HIPS- Software run on Host.


22/34

Defense In Depth

Virtual Private Networks (VPN)

Private network uses a public network (Internet) to

connect remote sites or roaming users together

Replaces dedicated physical connection or lease

lines

Provides ability for two offices to communicate

To connect several offices together VPN is the bestway

All transmitted data is encrypted to prevent

malicious programs, and people, from accessing your

personal information, or communications.

Intended for business partners, outsourcing,

roaming users


23/34

Defense In Depth

Router

Does packet filtering and manages network traffic.

Access Control List does selection about the packet that comes to it or go out. They

check origination address, destination address, destination service port, and so on

Crypto-Capable Routers are more secure and does session encryption between specified

routers.


24/34

Defense In Depth

Host Hardening

Requirements evaluation to see what the server is for and to assess the risks involved

Balancing security between ultimate security and usability

Disabling unused services and user accounts

Public facing or Internet enabled servers such as e-mail, web or DNS servers

Security Patching

Most desktop or server security incidents are centered on flaws in OS.

Vendors release patches to cover these security holes

Up-to-date security-related patches can reduce risk


25/34

Wireless Network Security

Common for organizations and individuals.

The ability to enter a network while mobile

has great benefits.

Wireless networking has many security issues

and relatively easy to break.

Enterprises define effective wireless security

policies that guard against unauthorized access

to important resources.

Wireless Intrusion Prevention Systems are

commonly used to enforce wireless security

policies.


26/34


MAC ID filtering

Most wireless access points contain some type of MAC ID filtering that allows the

administrator to only permit access to computers that have wireless functionalities that

contain certain MAC Ids. Cracking utilities such as SMAC are widely available, and some

computer hardware also gives the option in the BIOS to select any desired MAC ID for its

built in network capability.

Wired Equivalent Privacy

WEP stands forWired Equivalent Privacy. This encryption standard was the original

encryption standard for wireless. This standard was intended to make wireless networks as

secure as wired networks. Unfortunately, this never happened as flaws were quickly

discovered and exploited. There are several open source utilities like aircrack-ng, weplab,

WEPCrack, or airsnort that can be used by crackers to break in by examining packets and

looking for patterns in the encryption.WEP comes in different key sizes. The common key

lengths are currently 128- and 256-bit. The longer the better as it will increase the difficulty

for crackers.

However, this type of encryption is now being considered outdated and seriously flawed


27/34


Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a software/firmware improvement overWEP. All regular

WLAN-equipment that worked withWEP are able to be simply upgraded and no new

equipment needs to be bought.WPA is a trimmed-down version of the 802.11i security

standard that was developed by theWi-Fi Alliance to replaceWEP.

WPA Enterprise provides RADIUS based authentication using 802.1x.

Static IP addressing

Disabling IP Address assignment function of the network's DHCP server, with the IP

addresses of the various network devices then set by hand, will also make it more difficult

for a casual or unsophisticated intruder to log onto the network.

Smart cards, USB tokens, and software tokensThis is a very strong form of security.When combined with some server software, the

hardware or software card or token will use its internal identity code combined with a user

entered PIN to create a powerful algorithm that will very frequently generate a new

encryption code. This is a very secure way to conduct wireless transmissions.


28/34

Vulnerability Assessment

Port Scanning

Scanner analyzes the ports on a network and determines if they are:

Open: actively listening and accepting connections

Closed: port is not accepting connections

Filtered : no response from the scanned system.

Tool: nMap(Windows/Linux)

Protocol analyzer

Also known as Packet Sniffer

Logs network traffic

Analyzes packets

Attempts to decrypt packets

Tool:WireShark(Windows/Linux)


29/34


Vulnerability Scanner

Software designed to:

Map all network devices

Scan network/system

Find Vulnerabilities

Give suggestions on how to make secureDoubled Edge Sword

Tool:Nessus

Password Cracking

Software that employs various algorithms in an attempt to discover passwords.

Keyloggers, Cross-Scripting, Dictionary Tables, Rainbow tables.

Tool:Hydra (Online), Rainbow Crack (Offline)


30/34


Penetration Testing

Method of evaluating the security of a computer system or network by simulating an

attack from a malicious source.

Ethical Hacker is hired to perform

Security AuditExploit vulnerabilities

Help secure the week points.

Tool: Back Track 4


31/34

ISO/IEC 27033

ISO/IEC 27033 - Network security StandardGoal : To provide an overview of network security and related definitions. It defines and

describes the concepts associated with, and provides management guidance on, network

security.

provides guidance on how to identify and analyse network security risks and the definitionof network security requirements based on that analysis,

provides an overview of the controls that support network technical security

architectures and related technical controls, as well as those non-technical controls and

technical controls that are applicable not just to networks,

introduces how to achieve good quality network technical security architectures, and the

risk, design and control aspects associated with typical network scenarios and networktechnology areas (which are dealt with in detail in subsequent parts of ISO/IEC 27033),

briefly addresses the issues associated with implementing and operating network security

controls, and the on-going monitoring and reviewing of their implementation.


32/34

Avoid Threats

Ensure your company has a strong information security policy.Conduct in-depth information security training.

Be suspicious of unsolicited email messages phone calls, or visits from individuals askingabout employees or other internal information. If dealing with an unknown person claimingto be from a legitimate organization verify their identity directly with the company.

Install and maintain firewalls, anti-virus software, anti-spyware software, and email filters.

Pay attention to the URL of a web site. Malicious web sites generally look identical to alegitimate site, but the URL may use a variation in spelling or a different domain.

Have strong firewall and proxy to keep unwanted people out.

Antivirus software package and Internet Security Software package.

Strong passwords authentication

Exercise physical security precautions to employees.

Network analyzer or network monitor

Implement physical security managementRestricted zones.

Security fencing at company's perimeter.

The key is to prevent re-occurrence


33/34

Conclusion

The only truly secure computer, is a dead

computer. Ransel Yoho III, Network Security

Architect

Education of users & administrators first line of defense

Use software to test network vulnerability regularly

Although new security methods will be developed, remember that nonetwork will ever be completely un-hackable.


34/34

Thank You !

group e network security

Documents