Network security.pdf

Full Transcript

Network Security

1
 Contents
o Introduction to Network Security
o Introduction to Vulnerabilities, Threats, and Attacks
o Attack Examples
o Vulnerability Analysis

2
Introduction to Network Security

3
 The Closed Network
Security has one purpose: to protect assets.

o This meant building strong walls to stop enemy and
establishing small, well-guarded doors to provide secure
access for friends.

o This strategy worked well for the centralized, like world of
mainframe computer and closed network.

o Typically consists of a network designed and implemented
in a corporate environment and provides connectivity only
to known parties and sites without connecting to public
network.

4
o
Network Today
With the advent of personal computers, LANs and
the wide-open world of the Internet, the networks
of today are more open

o As e-business and Internet application continue to
grow, the key to network security lies in defining
the balance between a closed and open network and
differentiating the good guys from the bad guys.

o With the increased number of LANs and personal
computers, the Internet began to create untold
numbers of security risks.

5
 Identifying Potential Risks to Network
o A risk Security
analysis identify the risks to the network, network resources
and data that helps to maintain a workable balance between security and required network
access.
o The key is to identify what needs to be secured and at what cost.

Three important steps:
Asset Identification
Needs to identify the individual components that make up the network
need to create an asset inventory.

Vulnerability Assessment
Assess the vulnerabilities of identified network components in term of their weaknesses in the
technology, configuration, or security policy.

Threat Identification
Potential threats to the network need to be identified, and the related vulnerabilities need to be
addressed to minimize the risk of the threat. 6
 Network Security Models
With all security designs, some trade-off occurs
between user productivity and security measures

The goal of any security design is to provide
maximum security with minimum impact on user
access and productivity

Three general types of security models are:
o Open (e.g. router and switch)
o Restrictive
o Closed (e.g. firewall)

7
 Open Access
o The easiest model to implement – “Permit everything that is not explicitly
denied”

o Few security measures are implemented in this design.

o This model assumes that the protected assets are minimal, users are trusted and
threats are minimal.

o LANs that are not connected to the Internet or public WANs are more likely to
implement this type of model.

o When security breaches occur, they are likely to result in great damage and loss.

o Network administrators are usually not held responsible for network breaches8 or
abuse.
 Restrictive Access
o More difficult to implement due to many security measures are implemented
in this
o design.

o This model assumes that the protected assets are substantial, some users are
not trustworthy and that threats are likely.

o LANs that are connected to the Internet or public WANs are more likely to
implement this type of model.

o Ease of use for user diminishes as security tightens

9
 Closed Access
o Most difficult to implement because all available security measures are
implemented in this design

o unpopular model.

o This model assumes that the protected assets are premium, all user are not
trustworthy and that threats are frequent.

o User access is difficult and cumbersome.

o In the event of a security breach or network outage, network administrators
might be held more accountable for problems
10
 Trends that Affect Security
o Increase of network attacks

o Increased sophistication of attacks

o Increased dependence on the network

o Lack of trained personnel

o Lack of awareness

o Lack of security policies

o Wireless access
11
o Legislation
 Vulnerabilities, Threats and Attacks
Vulnerability – A weakness that is inherent in every network and device – e.g.
router, switches, desktops, servers, and even security devices themselves.

Threats – The people eager, willing and qualified to take advantage of each
security weakness and they continually search for new exploits and weaknesses

Attacks – The threats use a variety of tools, scripts, and programs to launch
attacks against networks and network devices.

12
 Network Vulnerabilities
o Technology weaknesses
o Configuration weaknesses
o Policy weaknesses

13
 Technology weaknesses
o TCP/IP protocol – HTTP, FTP and ICMP are inherently insecure. SNMP,
SMTP and SYN floods are related to the inherently insecure upon which TCP
was designed.

o Operating System – UNIX, LINUX, Macintosh, Windows NT, 9x, 2K, XP
and OS/2 operating systems all have security problem that must be addressed.

o Network Equipment – Router, Firewalls and Switches have security
weaknesses. These weaknesses include password protection, lack of
authentication, routing protocol and firewall holes.

14
 Configuration weaknesses
o Unsecured user accounts – user account information might be transmitted insecurely
across the network, exposing usernames and password to snoopers.

o System accounts with easily guessed password – result of poorly selected and easily
guessed user password.

o Misconfigured Internet services – a common problem is to turn on JavaScript in web
browsers, enabling attack by way of hostile JavaScript.

o Unsecured default settings within products – many products have default settings
that enable security holes.

o Misconfigured network equipment – for example, misconfigured access lists or
routing protocols can open up large security holes 15
 Policy weaknesses
o Lack of written security policy – cannot be consistently applied or enforced.

o Politics – difficult to implement a consistent security policy.

o Lack of continuity – poorly chosen, easily cracked or default password can allow unauthorized
access to the network

o Logical access controls not applied – inadequate monitoring and auditing allow attacks and
unauthorized use to continue, wasting company resources.

o Software and hardware installation and changes do not follow policy – unauthorized changes
to the network topology or installation of unapproved applications create security holes.

o ! Disaster recovery plan nonexistent – the lack of a disaster recovery plan allows chaos, panic
and is confusion to occur when someone attacks the enterprise

16
 Network Threats
There are four general categories of security threats to the
network:
o Unstructured threats
o Structured threats
o External threats
o Internal threats

17
 Unstructured threats
o Consist of mostly inexperienced individuals using easily available hacking tools
such as shell scripts and password crackers.

Structured threats
o Threats come from hackers who are more highly motivated and technically
o competent.

o Often involved with the major fraud and theft cases reported to law enforcement
o agencies

18
 External threats
o Can arise from individuals or organizations working outside of a
company.

o They work their way into a network mainly from the Internet or dialup
access
o servers
Internal threats
o Occur when someone has authorized access to the network with either an account
on a server or physical access to the network.

o Internal access and misuse account for 60 percent to 80 percent of reported
incidents.

19
 Common terms of attacker
Hacker/Cracker – an individual who attempt to gain unauthorized access to network
resources with malicious intent.

Phreaker – an individual who manipulates the phone network to cause it to perform a
function that is normally not allowed.

Spammer – an individual who sends large numbers of unsolicited e-mail massages.

Phisher – an attempt to trick others into providing sensitive information, such as credit card
numbers or passwords.

White hat – individuals who use their abilities to find vulnerabilities in systems or networks
and then report these vulnerabilities to the owners of the system so that they can be fixed.

Black hat – is another term for individual who use their knowledge of computer system to
20
break into systems or networks that they are not authorized to use.
 Four Classes of Network Attacks
o Reconnaissance attacks
o Access attacks
o Denial of service attacks
o Worms, viruses, and Trojan horses

21
 Reconnaissance Attacks
o Network reconnaissance refers to the overall act of learning
information about a target network by using publicly available
information and applications.

o It is also known as information gathering and in most cases it
precedes an actual access or denial-of-service (DoS) attack.

Examples:

Packet sniffers
Port scans
Ping sweeps
Internet information queries
22
 Reconnaissance Attack Mitigation
o Network reconnaissance cannot be prevented
entirely.

o IDSs at the network and host levels can usually
notify an administrator when a reconnaissance
gathering attack (for example, ping sweeps and
port scans) is under way.

23
 Packet Sniffers
A packet sniffer is a software application that uses a network adapter card in promiscuous
mode to capture all network packets.

The following are the packet sniffer features:
o Packet sniffers exploit information passed in clear text. Protocols that pass information in
the clear include the following:
Telnet
FTP
SNMP
POP
o Packet sniffers must be on the same collision domain.

24
 Packet Sniffer Mitigation
The following techniques and tools can be used to mitigate sniffers:
Authentication—Using strong authentication, such as one-time passwords, is a first option
for defense against packet sniffers.

Switched infrastructure—Deploy a switched infrastructure to counter the use of packet
sniffers in your environment.

Antisniffer tools—Use these tools to employ software and hardware designed to detect the
use of sniffers on a network.

Cryptography—The most effective method for countering packet sniffers does not prevent
or detect packet sniffers, but rather renders them irrelevant.

25
 Access Attack
Access attacks exploit known vulnerabilities in authentication services, FTP services and web
services to gain entry to web accounts, confidential databases and other sensitive information.

Access attacks can consist of the following:
Password attacks
Trust exploitation
Port redirection
Man-in-the-middle attacks
Social engineering
Phishing

26
 Password Attacks Mitigation
The following are mitigation techniques:

Do not allow users to use the same password on multiple systems.

Disable accounts after a certain number of unsuccessful login attempts.

Do not use plain text passwords. OTP or a cryptographic password is recommended.

Use “strong” passwords. Strong passwords are at least eight characters long and
contain uppercase letters, lowercase letters, numbers, and special characters.

27
Trust Exploitation

28
 Trust Exploitation Mitigation
o Systems on the outside of a firewall should
never be absolutely trusted by systems on
the inside of a firewall.

o Such trust should be limited to specific
protocols and should be validated by
something other than an IP address where
possible.

29
Port Redirection

30
 Man-in-the-Middle Attacks
A man-in-the-middle attack requires that the hacker have access to network packets that come
across a network.

A man-in-the-middle attack is implemented using the following:
Network packet sniffers
Routing and transport protocols

Possible man-in-the-middle attack uses include the following:
Theft of information
Hijacking of an ongoing session
Traffic analysis
DoS
Corruption of transmitted data
Introduction of new information into network sessions

31
 Man-in-the-Middle Mitigation
o Man-in-the-middle attacks can be effectively mitigated only through the use of
cryptography (encryption).

32