Network Security

1
Network Security
2
Reasons to attack

• Steal information
• Modify information
• Deny service (DoS)

3
Targets

• DB
• Servers
• Traffic
• Workstations
• Bandwidth

4
Types of attack

• Snooping listening to data
• Corrupting modifying data
• Spoofing generate traffic that will be perceived
  as legitimate traffic
• Denial of service

5
DoS methods

• Ping of death offset in packet causes buffer
  overflow gt memory corruption
• Tear drop misfragmented packet gt OS crashes
  trying to reconstruct
• Land SYN w/ identical src and dest gt loop
• SYN attack/flood massive number of SYNs

6
IP Sec

• Encryption authentication
• Authentication header (AH) authenticates
  non-variable part of frame (MD5 hash)
• Encapsulation Security Payload (ESP) Encrypts
  payload (DES)

7
Modes of operation Tunnel

• GW to GW
• GWs need to be IPSEC enabled
• ESP encrypts initial frame
• AH authenticates non variable parts

8
Modes of operation Transport

• Host to host
• Hosts need to IPSEC enabled
• ESP encrypts payload
• AH authenticates non-variable part

9
Encapsulation
10
Security Associations

• One-way connections gt a communications requires
  2 SA
• Negotiation managed by IKE (Internet Key
  Exchange) gt Dynamic and secure establishment of
  SA
• IKE authenticates each peer in an IPSec
  transaction, negotiates security policy, and
  handles the exchange of session keys.

11
Firewalls

• Inside devices are not directly accessible from
  the outside
• Filters traffic based on defined RULES (rules can
  apply to addresses, ports, protocols, etc )
• Can be either software or hardware
• Can not protect from everything

12
DMZ

• DeMilitarized zone
• Private area that can be accessed from the
  outside (FTP or Web servers for example)
• Different or no rules

13
Firewall with DMZ
14
NAT