Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Introduction to Network Security - Fakulti Sains Komputer dan

VIEWS: 24 PAGES: 22

									Network Security
BIT3323
Chapter 1(a) – Introduction to Network
                Security - CIA




                                    1
   Pn. Isredza Rahmi Binti A.Hamid
   07-4538036
   A210-03
   azdersi@yahoo.com / rahmi@uthm.edu.my
   http://fatekma.uthm.edu.my/isredza
   Syllabus.
   Books.



                                            2
MINGGU                              TAJUK                                CATATAN
  1      PENGENALAN KEPADA KESELAMATAN RANGKAIAN
         Asas Keselamatan Maklumat - CIA, DAD, Elemen-elemen dan
         mekanisma keselamatan, Serangan dan Ancaman
         Keselamatan
 2-3     SERANGAN : MALWARE                                               Kuiz 1
         KANDUNGAN MERBAHAYA: KELEMAHAN SEBELAH
         PELANGGAN
         Penghidupan Perisian Bahaya, Malware, Virus, Trojan Horse,
         Buffer Overflow Attack, Spyware, Adware, Rootkit, Kod Bahaya
         Berasaskan Web
  4      SERANGAN : DENIAL OF SERVICE (DoS)
         TCP SYN flood attack, Smurf IP attack, UDP flood attack, ICMP
         flood attack, Ping of Death, Teardrop attack, Land attack,
         Echo/chargen attack, Distributed DoS (DdoS), MyDoom,
         Slammer, Spam
 5-6     RECONNAISSANCE                                                   Kuiz 2
         Serangan fasa 1 : Reconnaisance, Social Engineering, Physical
         break-in, using Google, Whois, ARIN, DNS, Web-based recon
         tools
  7      SCANNING                                                         Ujian 1
         Serangan fasa 2 : Scanning, War driving, War dialing, Network
         mapping, Determining open ports, Vulnerability scanning , IPS              3
 8      Cuti Di antara Semester
 9      GAINING ACCESS
        Serangan fasa 3 : Gaining Access, (1) USING OS and Application
        : Buffer overflow exploits, Password attacks, Web application
        attacks, Exploiting browser flaws (2) USING Network Attack :
        Sniffing, IP address spoofing, Session hijacking, Netcat (3)
        USING DoS : Stopping services (locally/remotely) , Exhausting
        resources (locally/remotely).
10-11   MAINTAINING ACCESS                                                   Kuiz 3
        Serangan fasa 4 : Gaining Access, Trojan Horse, Backdoor,
        Rootkit, , Antivirus.
12-13   COVER TRACKS
        Serangan fasa 5 : Cover Tracks, hiding evidence by altering
        event logs, defense against log and accounting file attack, hiding
        evidence on the network.
14-15   MEMPERKUATKAN KESELAMATAN SISTEM RANGKAIAN                           Ujian 2
        MASA DEPAN
        Mengesahkan komponen-komponen keselamatan,
        Menyusupmasuk Keselamatan, Patching, Mengesahkan
        Perisian, Komponen-komponen Java, Komponen-komponen
        ActiveX, Penetration Testing.
16-17   – Minggu ulangkaji.
18      – Peperiksaan akhir semester.                                                  4
Books




        http://www.cl.cam.
        ac.uk/~rja14/book.
        html




                     5
Contents
   Why do we need security
   Information Security fundamental principle – CIA.
   Hackers principles – DAD
   Type of attacks
   Type of hackers
   Script Kiddies
   Phreaking
   Auditing
   Security paradigm
   Security approach
   Level of security
   Summary
                                                        6
Why do we need security?
1.   There is a lot of information in the computer
2.   These information are stored in text files or databases
3.   E.g. medical records, school records, sales records
4.   Security is needed to safeguard against unauthorized
     users



                     How packets travel



                                                               7
Information Security
fundamental principle - CIA
                     CONFIDENTIALITY
                     Make sure that the data is
                      sent to the right person



                                       You can attack the CIA either
                                       using Physical or Logical method




 INTEGRITY                                        AVAILABILITY
  Data cannot be                                  Services are always
    altered by                                        available to
 unauthorized user                                 authorized users
                                                                        8
 How would you attack?
                  Confidentiality              Integrity              Availability
Physical      Attacker could disguise      Attacker can          Attacker could
               as a consultant and           be an insider          bomb a server
               access any confidential       who can abuse          room.
               files.                        his authority to      Attacker could
              Attacker can get              change data in         break into a
               information using             important files        server room.
               “Social Engineering”          or databases.
               tactics by simply by
               making phone calls or
               using email.
Logical       Sniff data on the            Alter the             Attacker initiate
               network using software        content of             Denial of Service
               such as Ethereal,             packets by             (DoS).
               Ethercap.                     using “Man-in-
                                             the-middle”
                                             attack.                                 9
Hackers principles - DAD
                                  Disclosure
                           Disclosure is to used against
                                  confidentiality.




        Alter                                                 Destruction
Alter is to used against                                   Destruction is to used
         integrity.                                         against availability
                                                                                    10
Type of attacks (MID)
   Can be categorized in 3 broad categories:
      MALWARE
         software that is used to carry out malicious
          activities
      INTRUSION
         attack a machine or network

      DENIAL OF SERVICE (DoS)
         intentionally disrupt or halt services




                                                         11
Type of hackers
   White Hat
      Ethical hackers.
      Normally paid by the owner to find fault.
   Black Hat
      Crackers.
      Intention to attack for personal gain.
   Gray Hat
      Gray-hat hackers attack a new product or technology
       on their own initiative to determine if the product has
       any new security loopholes.
      To further their own education or to satisfy their own
       curiosity                                               12
Hackers
   Hackers                      Contribution
                  Develop the first Linux kernel. All distros of
Linus Benedict
                  Linux is using this kernel e.g. Red Hat, SuSe,
    Torvalds
                  Mandriva (old name is Mandrake), CentOS.
Richard Mathew    The founder of Free Software Foundation
 Stallman (RMS)   (FSF). RMS initiates a project called
                  He is a high-school drop-out and a well-
                  known social engineer. Have been
                  imprisoned for two years for hacking into big
 Kevin Mitnick
                  companies such as Nokia, Novell, Motorolla.
                  Now, become consultant and write books on
                  security.
                  Information Security Expert. He written few
  Ed Skoudis
                  books include “Counter Hack Reloaded”.
                                                                13
Script Kiddies
   Script kiddies VS hackers
      Script kiddies - use free hacking tools.
      Hackers - use tools and have the expertise to write
       own codes for hacking.




                                                             14
Phreaking
   Hacks or breaks into phone system
   done by those who have good knowledge in
    telecommunication.
   Kevin Mitnick
      do „dumpster-dive‟ at a telco company.
      find technical information.
      make free phone calls from public phones.




                                                   15
Auditing
   process of reviewing log files, procedures and records to
    make sure that these items meet security standards.
   Normally, auditing and penetration testing are done hand
    in hand to increase security defense in a network.




                                                           16
Why they attack?
   Crackers = attacker.
      Some for fun.
      Some for personal gain, profit.
      Disgruntled (angry) employees.




                                         17
Security Paradigm
Security can be categorized into three:
 Security by obscurity
    E.g. put a key-logger software into all PCs without telling
     the staff, students
 Perimeter defense
    like a house with a wooden fencing around your house
    focusing on preventing intrusion by outsiders using proxy,
     firewall, router.
    does not prevent attack from inside the network itself.
 Defense-in-depth
    Each entity in a network has its own defense
    Do not just rely on other defense
    Sometimes this is also referred to layered security
    For security against internal and external intruder.        18
Security approach

            Layered


                  Hybrid approach


  Passive                           Proactive




            Perimeter                           19
Security approach
   The best approach hybrid approach; combination of
    Layered Security + Proactive
      LAYERED means each items have its own defense
      PROACTIVE means prevents an attacks before it
       occurs (e.g. using Sourcefire, Snort IPS).
         not only detect but also prevent

   PASSIVE means just ALERT you about the attack
    without taking action
   PERIMETER means only use firewall, routers and
    proxies.


                                                        20
Level of security
   Too much security, would cause inconvenience:
      Need to change password every day.
      Every files must be opened with password.
      Using biometrics to access all rooms.
      Use iris biometrics to start a server.
   Analogy
      Two security guards at two security doors
      One is more strict than the other
      The ones who came through the strict security guard
       will be inspected thoroughly and that takes few
       minutes
         Look into pockets, your staf id, hair etc.

                                                             21
Summary
1.    Hybrid approach is the best for security.
      layered + proactive
2.    Appropriate level of security is needed
      High security – network traffic slower
      Lower security – higher network traffic speed




                                                       22

								
To top