Scribd Logo
Upload

Welcome to Scribd!

  • Lecture 9

    Uploaded by

    Janus Cesar Ruizan Quilenderino
    22 views20 pages
    Data Comm

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Data Comm

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views20 pages

    Lecture 9

    Uploaded by

    Janus Cesar Ruizan Quilenderino
    Data Comm

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Network Security

    MITM 205 Advance Computer Networks

    Ralph Vincent H. Badon


    1

    Network Security

    consists of the provisions made in an


    underlying computer network
    infrastructure, policies adopted by the
    network administrator to protect the
    network and the network-accessible
    resources from unauthorized access and
    the effectiveness (or lack) of these
    measures combined together.
    has become a major concern to
    companies throughout the world

    Security Issues

    How do you protect confidential


    information from those who do not
    explicitly need to access it?
    How do you protect your network and its
    resources from malicious users and
    accidents that originate outside your
    network?

    Protecting Confidential Information

    Its concern is to prevent the theft,


    destruction, corruption, and introduction
    of information that can cause irreparable
    damage to sensitive
    and confidential
    data.

    Protecting Confidential Information

    Confidential information can reside in two


    states on a network.
    on physical storage media - a hard drive
    or memory
    in transit across the physical network
    wire
    These two information states present
    multiple opportunities for attacks from
    users on your internal network, as well as
    those users on the Internet (if network is
    connected to the Internet)
    5

    Common Methods of Attack

    Network packet sniffers


    IP spoofing
    Password attacks
    Distribution of sensitive internal
    information to external sources
    Man-in-the-middle attacks

    Network Packet Sniffers

    Several network applications distribute


    network packets in clear textthat is, the
    information sent across the network is not
    encrypted
    a packet sniffer can provide its user with
    meaningful and often sensitive information,
    such as user account names and passwords
    a packet sniffer can provide an attacker
    with information that is queried from the
    database, as well as the user account
    names and passwords used to access the
    database
    7

    IP Spoofing

    refers to the creation of IP packets with a


    forged (spoofed) source IP address with
    the purpose of concealing the identity of
    the sender or impersonating another
    computing system.
    By forging the header so it contains a
    different address, an attacker can make it
    appear that the packet was sent by a
    different machine.

    Denial of Service Attack

    goal is to flood the victim with overwhelming


    amounts of traffic, and the attacker does not
    care about receiving responses to his attack
    packets
    HOW?
    o the targeted host receives a TCP SYN and
    returns a SYN-ACK.
    o It then remains in a wait state, anticipating the
    completion of the TCP handshake that never
    happens.
    o Each wait state uses system resources until
    eventually, the host cannot respond to other
    legitimate requests.
    9

    Password Attack

    usually refer to repeated attempts to


    identify a user account and/or password brute-force attacks
    a brute-force attack is performed using
    a dictionary program that runs across
    the network and attempts to log in to a
    shared resource, such as a server
    can be implemented using several
    different methods
    brute-force attacks, Trojan horse
    programs, IP spoofing, and packet
    sniffers
    10

    Distribution of Sensitive Information

    Controlling the distribution of sensitive


    information is at the core of a network
    security policy
    majority of computer break-ins that
    organizations suffer are at the hands of
    disgruntled present or former employees
    At the core of these security breaches is
    the distribution of sensitive information to
    competitors or others that will use it to
    your disadvantage
    11

    Man-in-the-Middle Attacks

    the attacker have access to network


    packets that come across the networks
    An example of such a configuration
    could be someone who is working for
    your Internet service provider (ISP)
    often implemented using network packet
    sniffers and routing and transport
    protocols
    possible uses of such attacks are theft of
    information, denial of service, corruption
    of transmitted data, etc.
    12

    Attributes of a Secure Network

    User authentication username/password


    firewall - enforcing access policies such
    as what services are allowed to be
    accessed by network users
    Intrusion Prevention System (IPS)
    helps detect and prevent such malware
    monitors for suspicious network traffic
    for contents, volume and anomalies to
    protect the network from attacks such
    as denial of service
    13

    Attributes of a Secure Network

    Encryption Mechanism - Communication


    between two hosts using the network
    could be encrypted to maintain privacy
    Audit Trail - Individual events occurring on
    the network could be tracked for audit
    purposes
    Surveillance and early-warning tools
    decoy network-accessible resources
    could be used to further tighten security
    of the actual network being protected
    14

    Proxy

    acts as a go-between for requests from


    clients seeking resources from other servers
    evaluates the request according to its
    filtering rules
    For example, it may filter traffic by IP
    address or protocol
    A proxy server has two purposes:
    To keep machines behind it anonymous
    (mainly for security).
    To speed up access to a resource (via
    caching). It is commonly used to cache
    web pages from a web server.
    15

    Firewall

    a part of a computer system or network that


    is designed to block unauthorized access
    while permitting outward communication
    a device or set of devices configured to
    permit, deny, encrypt, decrypt, or proxy all
    computer traffic between different security
    domains based upon a set of rules and other
    criteria
    frequently used to prevent unauthorized
    Internet users from accessing private
    networks connected to the Internet,
    especially intranets
    16

    Types of Firewalls

    Packet filter
    Looks at each packet entering or
    leaving the network and accepts or
    rejects it based on user-defined rules.
    Application gateway
    Applies security mechanisms to specific
    applications, such as FTP and Telnet
    servers.

    17

    Types of Firewall

    Circuit-level gateway
    Applies security mechanisms when a
    TCP or UDP connection is established.
    Once the connection has been made,
    packets can flow between the hosts
    without further checking.
    Proxy server
    Intercepts all messages entering and
    leaving the network.

    18

    Virtual Private Network (VPN)

    a computer network in which some of the


    links between nodes are carried by open
    connections or virtual circuits in some
    larger networks, such as the Internet

    19

    Any questions?

    End of Lecture.
    MITM 205 Advance Computer Networks
    20

    You might also like