SSA CATC

Modern Network Security Threats

Presentation_ID

2007 SSA CATC. All rights reserved.

Agenda
SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

SSA CATC

Common OSPF Fundamental Principles of a Problems Secure Network

Presentation_ID

2007 SSA CATC. All rights reserved

What is Network Security?

SSA CATC

National Security Telecommunications and Information Systems Security Committee (NSTISSC) Network security is the protection of information, and systems and hardware that use, store, and transmit that information Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources

Presentation_ID

2007 SSA CATC. All rights reserved

Rationale for Network Security

SSA CATC

The need for network security and its growth are driven by many factors:
1. Internet connectivity is 24/7 and is worldwide 2. Increase in cyber crime 3. Impact on business and individuals 4. Legislation 5. Proliferation of threats 6. Sophistication of threats

Presentation_ID

2007 SSA CATC. All rights reserved

Business Impact
SSA CATC

1. Decrease in productivity 2. Release of unauthorized sensitive data 3. Threat of trade secrets or formulas 4. Compromise of reputation and trust 5. Loss of communications 6. Loss of time
Presentation_ID 2007 SSA CATC. All rights reserved

Sophistication of Threats
SSA CATC
Inexperienced individuals easily available tools

Highly motivated individuals planned attacks exploit vulnerabilities in the system

Presentation_ID

2007 SSA CATC. All rights reserved

Legislation
SSA CATC

Federal and local government has passed legislation that holds organizations and individuals liable for mismanagement of sensitive data. These laws include: 1.The Health Insurance Portability and Accountability Act of 1996 (HIPAA) 2.The Sarbanes-Oxley Act of 2002 (Sarbox) 3.The Gramm-Leach-Blilely Act (GLBA) 4.US PATRIOT Act 2001

Presentation_ID

2007 SSA CATC. All rights reserved

Network Security Organisations

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

Domains of Network Security Defined by ISO

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

10

Network Security Policy

SSA CATC

Broad document designed to be clearly applicable to an organization's operations used to aid in network design, convey security principles, and facilitate network deployments The network security policy outlines what assets need to be protected and gives guidance on how it should be protected Outlines rules for network access, determines how policies are enforced, and describes the basic architecture of the organization's network security environment Establishes a hierarchy of access permissions, giving employees only the minimal access necessary to perform their work

Presentation_ID

2007 SSA CATC. All rights reserved

11

Network Security Policy

SSA CATC

A network security policy drives all the steps to be taken to secure network resources Identifies critical assets Guidelines for what users can and cannot do = Acceptable User Policy (AUP)

Presentation_ID

2007 SSA CATC. All rights reserved

12

Cisco Self-Defending Network

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

13

Products for Cisco Self-Defending Network

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

14

SSA CATC

Common OSPF Viruses, Worms and Trojan Problems Horses

Presentation_ID

2007 SSA CATC. All rights reserved

15

Phases of Attack
Probe phase
Vulnerable targets are identified through Reconnaissance Attacks Ping Sweeps and Port Scans Identify OSs and vulnerable software Hackers can obtain passwords using social engineering, dictionary attack, brute-force attack, network sniffing etc

SSA CATC

Penetrate phase
Exploit code is transferred to the vulnerable target

Persist phase
After the attack is successfully launched the code tries to persist on the target system The goal is to ensure that the attacker code is running and available to the attacker even if the system reboots Back doors, Trojans

Propagate phase
The attacker attempts to extend the attack to other targets by looking for vulnerable neighboring machines

Paralyze phase
Actual damage is done to the system Files can be erased, systems can crash, information can be stolen, and distributed DoS (DDoS) attacks can be launched
Presentation_ID 2007 SSA CATC. All rights reserved

16

Viruses, Worms and Trojan Horses primary vulnerabilities

SSA CATC
Program that runs and spreads by modifying other programs or files Transmitted via email attachments, downloaded files or USB devices

Written to appear like a legitimate program, when in fact it is an attack tool Uses the network to send copies of itself to any connected hosts Worms can run independently and spread quickly

Presentation_ID

2007 SSA CATC. All rights reserved

17

Virus Mitigation (Countermeasures)

SSA CATC

Anti-virus software is the most widely deployed security product on the market today Anti-virus products have update automation options so that new virus definitions and new software updates can be downloaded automatically or on demand Anti-virus products are host-based installed on computers and servers to detect and eliminate viruses however, they do not prevent viruses from entering the network

Presentation_ID

2007 SSA CATC. All rights reserved

18

Anatomy of a Worm
SSA CATC

Enabling vulnerability a worm installs itself using an exploit mechanism (email attachment, executable file, Trojan Horse) on a vulnerable system Propagation mechanism after gaining access to a device, the worm replicates itself and locates new targets Payload any malicious code that results in some action most often this is used to create a backdoor to the infected host
Presentation_ID 2007 SSA CATC. All rights reserved

19

Worm Mitigation
contain spread of worm into network compartmentalize uninfected parts of your network

SSA CATC

track down each infected machine inside your network disconnect, remove, or block infected machines

start patching all systems and scanning for vulnerable systems

clean and patch each infected system

Presentation_ID

2007 SSA CATC. All rights reserved

20

Mitigating Worms Example

SQL Slammer UDP port 1434
SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

21

Cisco Security Agent (CSA)

Host-based Intrusion Prevention System (HIPS)
- can be integrated with anti-virus

SSA CATC

Cisco Network Admission Control (NAC) Turnkey solution to control network access It admits only hosts that are authenticated and have had their security posture examined and approved for the network
22

Presentation_ID

2007 SSA CATC. All rights reserved

SSA CATC

Common OSPF Attack Methodologies Problems

Presentation_ID

2007 SSA CATC. All rights reserved

23

Types of Attacks
SSA CATC
Reconnaissance Attacks Unauthorized discovery and mapping of systems, services, or vulnerabilities. Reconnaissance attacks often employ the use of packet sniffers and port scanners Access Attacks Exploit known vulnerabilities in authentication services, web services to gain entry to web accounts, confidential databases, and other sensitive information Often employs a dictionary attack to guess system passwords Denial of Service Attacks Send extremely large numbers of requests over a network or the Internet Cause the target device to run suboptimally Attacked device becomes unavailable for legitimate access and use

Presentation_ID

2007 SSA CATC. All rights reserved

24

Reconnaissance Attacks Usually 1st Step for Attacker

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

25

5 Types of Access Attacks

Password attack - attempts to guess system passwords
SSA CATC

Trust exploitation - uses privileges granted to a system in an unauthorized way Port redirection - a compromised system is used as a jump-off point for attacks against other targets Man-in-the-middle attack - attacker is positioned in the middle of communications between two legitimate entities in order to read or modify the data that passes between the two parties Buffer overflow - program writes data beyond the allocated buffer memory. Buffer overflows usually arise as a consequence of a bug in a C or C++ program = valid data is overwritten or exploited to enable the execution of malicious code
Presentation_ID 2007 SSA CATC. All rights reserved

26

Denial of Service (DoS)

Poisonous Packet - improperly formatted packet - target device could crash or run slowly Continuous stream of data

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

27

Distributed DoS (DDoS)

SSA CATC

Attacker scans for vulnerable devices (handlers) installs Zombie software infects agent devices used to launch attack
Presentation_ID 2007 SSA CATC. All rights reserved

28

DoS Attack Symptoms

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

29

Reconnaissance Attack Mitigation

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

30

Access Attack Mitigation

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

31

DoS Attack Mitigation

SSA CATC

Presentation_ID

2007 SSA CATC. All rights reserved

32

10 Best Practices for Network Security

SSA CATC

1. Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks 2. Shut down unnecessary services and ports 3. Use strong passwords and change them often 4. Control physical access to systems 5. Avoid unnecessary web page inputs some websites allow users to enter usernames and passwords (plus additional info)

Presentation_ID

2007 SSA CATC. All rights reserved

33

10 Best Practices for Network Security

SSA CATC

6. Perform backups and test the backed up files on a regular basis 7. Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person 8. Encrypt and password-protect sensitive data 9. Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, anti-virus software 10. Develop a written security policy for the company

Presentation_ID

2007 SSA CATC. All rights reserved

34

SSA CATC

Questions?

Presentation_ID

2007 SSA CATC. All rights reserved

35

Chapter 1 Labs
SSA CATC

Lab-A

Researching Network Attacks and Security Audit Tools

Presentation_ID

2007 SSA CATC. All rights reserved

36