Question? Leave a message!




Network Security

Network Security
Dr.SamuelHunt Profile Pic
Dr.SamuelHunt,United Arab Emirates,Teacher
Published Date:22-07-2017
Website URL
Comment
Network Security Network Security ISOC NTW 2000 ISOC NTW 2000 NTW 2000 © 2000, Cisco Systems, Inc. 1Introduction Introduction NTW 2000 © 200 2000, Cisco 0, Cisco S Sys ys tems, Inc. tems, Inc. 2 2Network Security Components Network Security Components NTW 2000 © 2000, Cisco Systems, Inc. 3ISP Example ISP Example Internet Foreign Site . . . ISP Service Plane Customer Site T1 Pub 2 DNS2 TFTP Pub1 WWW DNS1 . . . ISP Management Plane NTW 2000 © 2000, Cisco Systems, Inc. 4Enterprise Example Enterprise Example Protected Network Engineering Finance Internet Admin WWW DNS Server Server Dial-Up Business Access Partners NTW 2000 © 2000, Cisco Systems, Inc. 5Current Threats and Current Threats and Attack Methods Attack Methods NTW 2000 © 200 2000, Cisco 0, Cisco S Sys ys tems, Inc. tems, Inc. 6 6Attack Trends Attack Trends • Exploiting passwords and poor configurations • Software bugs • Trojan horses • Sniffers • IP address spoofing • Toolkits • Distributed attacks NTW 2000 © 2000, Cisco Systems, Inc. 7Attack Trends Attack Trends High Attacker Knowledge Attack Sophistication Low 1988 2000 NTW 2000 © 2000, Cisco Systems, Inc. 8Vulnerability Exploit Cycle Novice Intruders Automated Use Crude Scanning/Exploit Exploit Tools Tools Developed Crude Exploit Widespread Use Intruders Begin Tools Distributed of Automated Using New Types Scanning/Exploit of Exploits Tools Advanced Intruders Discover Vulnerability Source: CERT Coordination Center NTW 2000 © 2000, Cisco Systems, Inc. 9Increasingly Serious Impacts Increasingly Serious Impacts • 10M transferred out of one banking system • Loss of intellectual property - 2M in one case, the entire company in another • Extensive compromise of operational systems - 15,000 hour recovery operation in one case • Alteration of medical diagnostic test results • Extortion - demanding payments to avoid operational problems NTW 2000 © 2000, Cisco Systems, Inc. 10Evolving Dependence Evolving Dependence • Networked appliances/homes • Wireless stock transactions • On-line banking • Critical infrastructures • Business processes NTW 2000 © 2000, Cisco Systems, Inc. 11The Community’s Vulnerability The Community’s Vulnerability Internal Internal Exploitation Exploitation Internet External External Exploitation Exploitation 100% vulnerable 75% vulnerable Source: Cisco Security Posture Assessments 1996-1999 NTW 2000 © 2000, Cisco Systems, Inc. 12Unauthorized Use Unauthorized Use Yes 70 60 No Percentage of 50 Don't Respondents Know 40 30 20 10 0 1996 1997 1998 1999 2000 Source: 2000 CSI/FBI Computer Crime and Security Survey NTW 2000 © 2000, Cisco Systems, Inc. 13Conclusion Conclusion Sophisticated attacks + Dependency + Vulnerability NTW 2000 © 2000, Cisco Systems, Inc. 14Classes of Attacks Classes of Attacks • Reconnaisance Unauthorized discovery and mapping of systems, services, or vulnerabilities • Access Unauthorized data manipulation, system access, or privilege escalation • Denial of Service Disable or corrupt networks, systems, or services NTW 2000 © 2000, Cisco Systems, Inc. 15Reconnaissance Methods Reconnaissance Methods • Common commands and administrative utilities nslookup, ping, netcat, telnet, finger, rpcinfo, File Explorer, srvinfo, dumpacl • Public tools Sniffers, SATAN, SAINT, NMAP, custom scripts NTW 2000 © 2000, Cisco Systems, Inc. 16Network Sniffers Network Sniffers Router5 … telnet Router5 Got It User Access Verification Username: squiggie password: Sq%jkl;T Router5ena Password: jhervq5 Router5 NTW 2000 © 2000, Cisco Systems, Inc. 17ISP Example ISP Example Internet Foreign Site . . . ISP Service Plane Customer Site T1 Pub 2 DNS2 TFTP Pub1 WWW DNS1 . . . ISP Management Plane NTW 2000 © 2000, Cisco Systems, Inc. 18Enterprise Example Enterprise Example Engineering Finance Internet Admin WWW DNS Server Server Protected Network Dial-Up Business Access Partners NTW 2000 © 2000, Cisco Systems, Inc. 19nmap nmap • network mapper is a utility for port scanning large networks: TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep) TCP Ping scanning Direct (non portmapper) RPC scanning Remote OS Identification by TCP/IP Fingerprinting (nearly 500) Reverse-ident scanning. NTW 2000 © 2000, Cisco Systems, Inc. 20