Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University Bruce.Millard@asu.edu What is Network Security • • • • • Hardware – computers, routers, etc Networks – ethernet, wireless Communication Intruders Mitigation What is Network Security Hardware • • • • • Workstation Servers (and load balancers) Printers (and other shared devices) Routers/switches/hubs Security devices (firewalls, IDS, etc) What is Network Security Networks • • • • • Connectivity Ethernet (cable, DSL, TP, 1Gbps & up) Wireless (radio waves, 802.11?, satellite) LAN, CAN, MAN, WAN, PAN Internet What is Network Security Communication • • • • • E-mail FTP HTTP/HTML Voice, video, teleconferencing SSH/SCP What is Network Security Intruders What is Network Security Intruders • • • • • • • Eavesdroppers Insertion Hijacking Spoofing Denial of Service Trojan horse software Lurkers (viruses and worms) What is Network Security Mitigation • • • • • Prevent Avoid Detect Assess React Security Goals • • • • • Privacy Integrity Non-repudiation Trust relationships – internal & external Authentication supports authorization supports fine-grained access control Security Model (Protection) • • • • Assets - identify Risks - characterize Counter-measures - obtain Policy – create where no laws exist Security Methods • • • • • • Shields – firewalls, virus scanners Selective shields - access control (VPN) Protocols – IPsec, SSL/TLS Intrusion Detection Systems Training & awareness Redundancy – backups, encryption, hashes, digests Prevention (Attempts) • • • • Firewalls – have holes Virus Scanners – behind the times Physical Security Know Fundamentals – routing, IP, TCP, ARP, DHCP, applications • Encryption – PGP, SSH, SSL/TLS, Ipsec, stenography, public key, symetric key • Patches – windowsupdate, up2date, yum Avoidance • Firewalls & VPNs – Ipsec, SSL, access control • Host hardening – personal firewalls, ssh, iptables • Proxy servers – squid (Web content cache) • Honeynets/honeypots - redirection Detection Feeds Avoidance • Vulnerability Scanning – netstat, netview, netmon, nmap, Nessus • Network-based IDS – snort, kismet, ACID, tcpdump, ethereal, windump, netstumbler • Host-based IDS – TCPwrappers, xinetd, tripwire, logsentry, portsentry • Web security, Cisco logs+ Exploits • • • • • Password cracking & WEP cracking Denial of Service OS typing – null session, xmas tree, . . . OS configuration – sadmin password, . . . Application holes – buffer overflow, NFS, rpc, netbios, BIND, sendmail, CGI,etc • Dumpsec, pingwar, . . . URLs of Interest • • • • http://www.sans.org http://www.giac.org http://www.isc2.org http://www.cissp.com 10 Domains of the CBK • • • • • • • • • • Security Management Practices Security Architecture and Models Access Control Systems & Methodology Application Development Security Operations Security Physical Security Cryptography Telecommunications, Network, & Internet Security Business Continuity Planning Law, Investigations, & Ethics NS Applications • • • • netstat tcpview netmon netstumbler • • • • windump nmap ethereal snortiquette www.sans.org/top20 (vulnerabilities) • • • • • • • • • • Top Vulnerabilities to Windows Systems W1 Web Servers & Services W2 Workstation Service W3 Windows Remote Access Services W4 Microsoft SQL Server (MSSQL) W5 Windows Authentication W6 Web Browsers W7 File-Sharing Applications W8 LSAS Exposures W9 Mail Client • W10 Instant Messaging www.sans.org/top20 (vulnerabilities) • • • • • • • • • • • Top Vulnerabilities to UNIX Systems U1 BIND Domain Name System U2 Web Server U3 Authentication U4 Version Control Systems U5 Mail Transport Service U6 Simple Network Management Protocol (SNMP) U7 Open Secure Sockets Layer (SSL) U8 Misconfiguration of Enterprise Services NIS/NFS U9 Databases U10 Kernel