NetworkSecurityTechniques.ppt - Arizona State University by changcheng2

VIEWS: 27 PAGES: 33

									Network Security

  Techniques
                by
        Bruce Roy Millard
  Division of Computing Studies
     Arizona State University
     Bruce.Millard@asu.edu
       What is Network Security
•   Hardware – computers, routers, etc
•   Networks – ethernet, wireless
•   Communication
•   Intruders
•   Mitigation
          What is Network Security
                  Hardware
•   Workstation
•   Servers (and load balancers)
•   Printers (and other shared devices)
•   Routers/switches/hubs
•   Security devices (firewalls, IDS, etc)
          What is Network Security
                  Networks
•   Connectivity
•   Ethernet (cable, DSL, TP, 1Gbps & up)
•   Wireless (radio waves, 802.11?, satellite)
•   LAN, CAN, MAN, WAN, PAN
•   Internet
          What is Network Security
             Communication
•   E-mail
•   FTP
•   HTTP/HTML
•   Voice, video, teleconferencing
•   SSH/SCP
What is Network Security
      Intruders
          What is Network Security
                  Intruders
•   Eavesdroppers
•   Insertion
•   Hijacking
•   Spoofing
•   Denial of Service
•   Trojan horse software
•   Lurkers (viruses and worms)
          What is Network Security
                Mitigation
•   Prevent
•   Avoid
•   Detect
•   Assess
•   React
               Security Goals
•   Privacy
•   Integrity
•   Non-repudiation
•   Trust relationships – internal & external
•   Authentication
    supports authorization
       supports fine-grained access control
              Security Model
                  (Protection)
•   Assets - identify
•   Risks - characterize
•   Counter-measures - obtain
•   Policy – create where no laws exist
             Security Methods
•   Shields – firewalls, virus scanners
•   Selective shields - access control (VPN)
•   Protocols – IPsec, SSL/TLS
•   Intrusion Detection Systems
•   Training & awareness
•   Redundancy – backups, encryption,
                              hashes, digests
                 Prevention
                   (Attempts)
• Firewalls – have holes
• Virus Scanners – behind the times
• Physical Security
• Know Fundamentals – routing, IP, TCP, ARP,
                         DHCP, applications
• Encryption – PGP, SSH, SSL/TLS, Ipsec,
               stenography, public key, symetric key
• Patches – windowsupdate, up2date, yum
               Avoidance
• Firewalls & VPNs – Ipsec, SSL,
                            access control
• Host hardening – personal firewalls, ssh,
                                   iptables
• Proxy servers – squid (Web content cache)
• Honeynets/honeypots - redirection
                 Detection
               Feeds Avoidance

• Vulnerability Scanning – netstat, netview,
                           netmon, nmap, Nessus
• Network-based IDS – snort, kismet, ACID,
                       tcpdump, ethereal,
                       windump, netstumbler
• Host-based IDS – TCPwrappers, xinetd,
                    tripwire, logsentry,
                    portsentry
• Web security, Cisco logs+
                 Exploits
• Password cracking & WEP cracking
• Denial of Service
• OS typing – null session, xmas tree, . . .
• OS configuration – sadmin password, . . .
• Application holes – buffer overflow, NFS,
                      rpc, netbios, BIND,
                      sendmail, CGI,etc
• Dumpsec, pingwar, . . .
            URLs of Interest
•   http://www.sans.org
•   http://www.giac.org
•   http://www.isc2.org
•   http://www.cissp.com
        10 Domains of the CBK
•   Security Management Practices
•   Security Architecture and Models
•   Access Control Systems & Methodology
•   Application Development Security
•   Operations Security
•   Physical Security
•   Cryptography
•   Telecommunications, Network, & Internet Security
•   Business Continuity Planning
•   Law, Investigations, & Ethics
             NS Applications
•   netstat          •   windump
•   tcpview          •   nmap
•   netmon           •   ethereal
•   netstumbler      •   snortiquette
            www.sans.org/top20
                   (vulnerabilities)
•   Top Vulnerabilities to Windows Systems
•   W1 Web Servers & Services
•   W2 Workstation Service
•   W3 Windows Remote Access Services
•   W4 Microsoft SQL Server (MSSQL)
•   W5 Windows Authentication
•   W6 Web Browsers
•   W7 File-Sharing Applications
•   W8 LSAS Exposures
•   W9 Mail Client
• W10 Instant Messaging
            www.sans.org/top20
                   (vulnerabilities)
•   Top Vulnerabilities to UNIX Systems
•   U1 BIND Domain Name System
•   U2 Web Server
•   U3 Authentication
•   U4 Version Control Systems
•   U5 Mail Transport Service
•   U6 Simple Network Management Protocol (SNMP)
•   U7 Open Secure Sockets Layer (SSL)
•   U8 Misconfiguration of Enterprise Services NIS/NFS
•   U9 Databases
•   U10 Kernel

								
To top