Network Security Techniques - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

Network Security Techniques

Description:

Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University Bruce.Millard_at_asu.edu What is Network Security Hardware ... – PowerPoint PPT presentation

Number of Views:6587
Avg rating:3.0/5.0
Slides: 34
Provided by: dcsAsuEd
Category:

less

Transcript and Presenter's Notes

Title: Network Security Techniques


1
Network SecurityTechniques
  • by
  • Bruce Roy Millard
  • Division of Computing Studies
  • Arizona State University
  • Bruce.Millard_at_asu.edu

2
What is Network Security
  • Hardware computers, routers, etc
  • Networks ethernet, wireless
  • Communication
  • Intruders
  • Mitigation

3
What is Network SecurityHardware
  • Workstation
  • Servers (and load balancers)
  • Printers (and other shared devices)
  • Routers/switches/hubs
  • Security devices (firewalls, IDS, etc)

4
What is Network SecurityNetworks
  • Connectivity
  • Ethernet (cable, DSL, TP, 1Gbps up)
  • Wireless (radio waves, 802.11?, satellite)
  • LAN, CAN, MAN, WAN, PAN
  • Internet

5
What is Network SecurityCommunication
  • E-mail
  • FTP
  • HTTP/HTML
  • Voice, video, teleconferencing
  • SSH/SCP

6
What is Network SecurityIntruders
7
What is Network SecurityIntruders
  • Eavesdroppers
  • Insertion
  • Hijacking
  • Spoofing
  • Denial of Service
  • Trojan horse software
  • Lurkers (viruses and worms)

8
What is Network SecurityMitigation
  • Prevent
  • Avoid
  • Detect
  • Assess
  • React

9
Security Goals
  • Privacy
  • Integrity
  • Non-repudiation
  • Trust relationships internal external
  • Authentication supports authorization
    supports fine-grained access control

10
Security Model(Protection)
  • Assets - identify
  • Risks - characterize
  • Counter-measures - obtain
  • Policy create where no laws exist

11
Security Methods
  • Shields firewalls, virus scanners
  • Selective shields - access control (VPN)
  • Protocols IPsec, SSL/TLS
  • Intrusion Detection Systems
  • Training awareness
  • Redundancy backups, encryption,
    hashes, digests

12
Prevention(Attempts)
  • Firewalls have holes
  • Virus Scanners behind the times
  • Physical Security
  • Know Fundamentals routing, IP, TCP, ARP,
    DHCP, applications
  • Encryption PGP, SSH, SSL/TLS, Ipsec,
    stenography, public key, symetric key
  • Patches windowsupdate, up2date, yum

13
Avoidance
  • Firewalls VPNs Ipsec, SSL,
    access control
  • Host hardening personal firewalls, ssh,

    iptables
  • Proxy servers squid (Web content cache)
  • Honeynets/honeypots - redirection

14
DetectionFeeds Avoidance
  • Vulnerability Scanning netstat, netview,
    netmon, nmap,
    Nessus
  • Network-based IDS snort, kismet, ACID,
    tcpdump, ethereal,
    windump,
    netstumbler
  • Host-based IDS TCPwrappers, xinetd,
    tripwire, logsentry,
    portsentry
  • Web security, Cisco logs

15
Exploits
  • Password cracking WEP cracking
  • Denial of Service
  • OS typing null session, xmas tree, . . .
  • OS configuration sadmin password, . . .
  • Application holes buffer overflow, NFS,
    rpc, netbios, BIND,
    sendmail, CGI,etc
  • Dumpsec, pingwar, . . .

16
URLs of Interest
  • http//www.sans.org
  • http//www.giac.org
  • http//www.isc2.org
  • http//www.cissp.com

17
10 Domains of the CBK
  • Security Management Practices
  • Security Architecture and Models
  • Access Control Systems Methodology
  • Application Development Security
  • Operations Security
  • Physical Security
  • Cryptography
  • Telecommunications, Network, Internet Security
  • Business Continuity Planning
  • Law, Investigations, Ethics

18
NS Applications
  • netstat
  • tcpview
  • netmon
  • netstumbler
  • windump
  • nmap
  • ethereal
  • snortiquette

19
www.sans.org/top20(vulnerabilities)
  • Top Vulnerabilities to Windows Systems
  • W1 Web Servers Services
  • W2 Workstation Service
  • W3 Windows Remote Access Services
  • W4 Microsoft SQL Server (MSSQL)
  • W5 Windows Authentication
  • W6 Web Browsers
  • W7 File-Sharing Applications
  • W8 LSAS Exposures
  • W9 Mail Client
  • W10 Instant Messaging

20
www.sans.org/top20(vulnerabilities)
  • Top Vulnerabilities to UNIX Systems
  • U1 BIND Domain Name System
  • U2 Web Server
  • U3 Authentication
  • U4 Version Control Systems
  • U5 Mail Transport Service
  • U6 Simple Network Management Protocol (SNMP)
  • U7 Open Secure Sockets Layer (SSL)
  • U8 Misconfiguration of Enterprise Services
    NIS/NFS
  • U9 Databases
  • U10 Kernel

21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com