firewall and network securit
TRANSCRIPT
-
8/14/2019 Firewall and Network Securit
1/28
11
-
8/14/2019 Firewall and Network Securit
2/28
221997 2007
Packetspoofing
WidespreadDDoS
Back-Orifice
Auto.
Toolkits
Attack Sophistication vs.Attack Sophistication vs.Required Intruder KnowledgeRequired Intruder Knowledge
Required Intruder Knowledge Attack
Sophistication
-
8/14/2019 Firewall and Network Securit
3/28
33
What are the Issues &What are the Issues &
problems?problems?Security was not a fundamentalSecurity was not a fundamentaldesign considerationdesign consideration
The Internet is growing The Internet is growingexponentiallyexponentially
User dependence is increasing;User dependence is increasing;
With increasing complexity, thereWith increasing complexity, thereare billions of entry pointsare billions of entry points
-
8/14/2019 Firewall and Network Securit
4/28
44
Who are the intruders?Who are the intruders?
CriminalsCriminals
CuriousCurious Intruders Intruders
InsidersInsiders
Corporate SpiesCorporate Spies
-
8/14/2019 Firewall and Network Securit
5/28
55
MotivesMotives
MoneyMoneyAccess to additional resourcesAccess to additional resourcesCompetitive advantagesCompetitive advantages
Curiosity and Mischief Curiosity and Mischief
Terrorism Terrorism
-
8/14/2019 Firewall and Network Securit
6/28
66
WHY THEY ATTACK?
WHAT THEY WANT?
WHAT WE SHOULD DO?
BUT!!!! I do not have anything important on my machine;who would want to crack my machine ??????
-
8/14/2019 Firewall and Network Securit
7/2877
They want your Bandwidth
They want your CPUThey want your Disk SpaceThey want your Data
They want to Steal Information They want to Destroy
WHY THEY ATTACK?
WHAT THEY WANT?
-
8/14/2019 Firewall and Network Securit
8/2888
Possible Attacks:Possible Attacks:
DDoS (Distributed Denial of Service)DDoS (Distributed Denial of Service)SniffingSniffing
Port ScanningPort ScanningMalicious codeMalicious code
-
8/14/2019 Firewall and Network Securit
9/28
99
-
8/14/2019 Firewall and Network Securit
10/28
1010
Denial of Service (DoS)Denial of Service (DoS)
Attack Attack Attacker prevent user from accessingAttacker prevent user from accessinga servicea service
Floods network with information.Floods network with information.Server unable to process yourServer unable to process yourrequest.request.
-
8/14/2019 Firewall and Network Securit
11/28
1111
Example of DDoS attack:Example of DDoS attack:
Intruder Intruder
TargetTarget
Request withRequest withspoofed IP of targetspoofed IP of target
-
8/14/2019 Firewall and Network Securit
12/28
1212
Example of DDoS attack:Example of DDoS attack:
Intruder Intruder
TargetTarget
Flood TargetFlood Targetwith replieswith replies
-
8/14/2019 Firewall and Network Securit
13/28
1313
SniffingSniffing
Examines traffic on same physicalExamines traffic on same physicalnetworknetwork
Intruder must have physical accessIntruder must have physical accessto networkto network
Used to gather usernames andUsed to gather usernames andpasswordspasswords
-
8/14/2019 Firewall and Network Securit
14/28
1414
Port ScanningPort Scanning
Over 65535 ports available.Over 65535 ports available. Each port scanned sequentially.Each port scanned sequentially.
Scan Reply PortStatus
SYN SYN+ACKOpen
SYN RST CloseFIN RST Close
FIN Ignored Open
-
8/14/2019 Firewall and Network Securit
15/28
1515
Malicious CodeMalicious Code
Includes VirusesIncludes Virusesand Trojan Horsesand Trojan Horses
Difficult to control.Difficult to control.
-
8/14/2019 Firewall and Network Securit
16/28
1616
Methods of Defence
Encryption Software Controls
Hardware Controls Policies Firewalls
-
8/14/2019 Firewall and Network Securit
17/28
1717
EncryptionEncryption
Science of writing in Secret CodeScience of writing in Secret CodeProtects data from theft andProtects data from theft andalteration.alteration.Unencrypted Data PlainTextUnencrypted Data PlainTextEncrypted Data CipherTextEncrypted Data CipherText
-
8/14/2019 Firewall and Network Securit
18/28
1818
Cryptographic Techniques
Secret Key CryptographyPublic Key CryptographyHash Functions
-
8/14/2019 Firewall and Network Securit
19/28
1919
Secret KeyCryptography
-
8/14/2019 Firewall and Network Securit
20/28
2020
Public Key
Cryptography
-
8/14/2019 Firewall and Network Securit
21/28
2121
Hash Function
-
8/14/2019 Firewall and Network Securit
22/28
2222
AlicesPrivate
Key
AlicesMessage
Random
SessionKeyBobsPublic
Key
Public KeyCrypto
DigitalSignature
DigitalEnvelope
Encrypted
Message
Encrypted Session
Key
Sent toBob
HashFunction
Secret KeyCrypto
Public KeyCrypto
Sample Application of 3 CryptographyTechniques for Secure Communication
-
8/14/2019 Firewall and Network Securit
23/28
2323
SOFTWARE CONTROLSSOFTWARE CONTROLS
Access limitations in databaseAccess limitations in databaseAnti-Virus SoftwareAnti-Virus Software
HARDWARE CONTROLS
Use Smartcard for authentication
-
8/14/2019 Firewall and Network Securit
24/28
2424
POLICIESPOLICIES
Frequent Change of PasswordsFrequent Change of Passwords
Never Share Your PasswordNever Share Your PasswordAvoid Using Dictionary word as PasswordAvoid Using Dictionary word as PasswordNetwork MonitoringNetwork Monitoring
-
8/14/2019 Firewall and Network Securit
25/28
2525
FirewallsFirewalls A firewall is a network access controlA firewall is a network access controldevice.device.Performs a centralized securityPerforms a centralized securitymanagement function.management function.Denies all traffic except that which isDenies all traffic except that which isexplicitly allowed.explicitly allowed.
-
8/14/2019 Firewall and Network Securit
26/28
2626
Why Use firewalls?Why Use firewalls?
Prevent Compromises andVulnerabilities
Preventing DDoS Attack
Preventing Port Scanning
Preventing Malicious Code
Prevent Attack From Insiders
-
8/14/2019 Firewall and Network Securit
27/28
2727
As individuals and businesses increasebusinesses increaseinformation sharing and communication via theinformation sharing and communication via the
InternetInternet , vulnerability to attack or , vulnerability to attack or intrusion rises.intrusion rises.
In the world of technologicalIn the world of technological evolution,
everyone is a target of electronic crimeand needs to be concerned about
-
8/14/2019 Firewall and Network Securit
28/28
2828
I would like to thank:I would like to thank:
Mrs. Vandana SyalMrs. Vandana Syal&&
All of you for your time andAll of you for your time andpatiencepatience ..