Network Security
Techniques
by
Bruce Roy Millard
Division of Computing Studies
Arizona State University
Bruce.Millard@asu.edu
What is Network Security
•
•
•
•
•
Hardware – computers, routers, etc
Networks – ethernet, wireless
Communication
Intruders
Mitigation
What is Network Security
Hardware
•
•
•
•
•
Workstation
Servers (and load balancers)
Printers (and other shared devices)
Routers/switches/hubs
Security devices (firewalls, IDS, etc)
What is Network Security
Networks
•
•
•
•
•
Connectivity
Ethernet (cable, DSL, TP, 1Gbps & up)
Wireless (radio waves, 802.11?, satellite)
LAN, CAN, MAN, WAN, PAN
Internet
What is Network Security
Communication
•
•
•
•
•
E-mail
FTP
HTTP/HTML
Voice, video, teleconferencing
SSH/SCP
What is Network Security
Intruders
What is Network Security
Intruders
•
•
•
•
•
•
•
Eavesdroppers
Insertion
Hijacking
Spoofing
Denial of Service
Trojan horse software
Lurkers (viruses and worms)
What is Network Security
Mitigation
•
•
•
•
•
Prevent
Avoid
Detect
Assess
React
Security Goals
•
•
•
•
•
Privacy
Integrity
Non-repudiation
Trust relationships – internal & external
Authentication
supports authorization
supports fine-grained access control
Security Model
(Protection)
•
•
•
•
Assets - identify
Risks - characterize
Counter-measures - obtain
Policy – create where no laws exist
Security Methods
•
•
•
•
•
•
Shields – firewalls, virus scanners
Selective shields - access control (VPN)
Protocols – IPsec, SSL/TLS
Intrusion Detection Systems
Training & awareness
Redundancy – backups, encryption,
hashes, digests
Prevention
(Attempts)
•
•
•
•
Firewalls – have holes
Virus Scanners – behind the times
Physical Security
Know Fundamentals – routing, IP, TCP, ARP,
DHCP, applications
• Encryption – PGP, SSH, SSL/TLS, Ipsec,
stenography, public key, symetric key
• Patches – windowsupdate, up2date, yum
Avoidance
• Firewalls & VPNs – Ipsec, SSL,
access control
• Host hardening – personal firewalls, ssh,
iptables
• Proxy servers – squid (Web content cache)
• Honeynets/honeypots - redirection
Detection
Feeds Avoidance
• Vulnerability Scanning – netstat, netview,
netmon, nmap, Nessus
• Network-based IDS – snort, kismet, ACID,
tcpdump, ethereal,
windump, netstumbler
• Host-based IDS – TCPwrappers, xinetd,
tripwire, logsentry,
portsentry
• Web security, Cisco logs+
Exploits
•
•
•
•
•
Password cracking & WEP cracking
Denial of Service
OS typing – null session, xmas tree, . . .
OS configuration – sadmin password, . . .
Application holes – buffer overflow, NFS,
rpc, netbios, BIND,
sendmail, CGI,etc
• Dumpsec, pingwar, . . .
URLs of Interest
•
•
•
•
http://www.sans.org
http://www.giac.org
http://www.isc2.org
http://www.cissp.com
10 Domains of the CBK
•
•
•
•
•
•
•
•
•
•
Security Management Practices
Security Architecture and Models
Access Control Systems & Methodology
Application Development Security
Operations Security
Physical Security
Cryptography
Telecommunications, Network, & Internet Security
Business Continuity Planning
Law, Investigations, & Ethics
NS Applications
•
•
•
•
netstat
tcpview
netmon
netstumbler
•
•
•
•
windump
nmap
ethereal
snortiquette
www.sans.org/top20
(vulnerabilities)
•
•
•
•
•
•
•
•
•
•
Top Vulnerabilities to Windows Systems
W1 Web Servers & Services
W2 Workstation Service
W3 Windows Remote Access Services
W4 Microsoft SQL Server (MSSQL)
W5 Windows Authentication
W6 Web Browsers
W7 File-Sharing Applications
W8 LSAS Exposures
W9 Mail Client
• W10 Instant Messaging
www.sans.org/top20
(vulnerabilities)
•
•
•
•
•
•
•
•
•
•
•
Top Vulnerabilities to UNIX Systems
U1 BIND Domain Name System
U2 Web Server
U3 Authentication
U4 Version Control Systems
U5 Mail Transport Service
U6 Simple Network Management Protocol (SNMP)
U7 Open Secure Sockets Layer (SSL)
U8 Misconfiguration of Enterprise Services NIS/NFS
U9 Databases
U10 Kernel