firewall and network securit

8/14/2019 Firewall and Network Securit

1/28

11


2/28

221997 2007

Packetspoofing

WidespreadDDoS

Back-Orifice

Auto.

Toolkits

Attack Sophistication vs.Attack Sophistication vs.Required Intruder KnowledgeRequired Intruder Knowledge

Required Intruder Knowledge Attack

Sophistication


3/28

33

What are the Issues &What are the Issues &

problems?problems?Security was not a fundamentalSecurity was not a fundamentaldesign considerationdesign consideration

The Internet is growing The Internet is growingexponentiallyexponentially

User dependence is increasing;User dependence is increasing;

With increasing complexity, thereWith increasing complexity, thereare billions of entry pointsare billions of entry points


4/28

44

Who are the intruders?Who are the intruders?

CriminalsCriminals

CuriousCurious Intruders Intruders

InsidersInsiders

Corporate SpiesCorporate Spies


5/28

55

MotivesMotives

MoneyMoneyAccess to additional resourcesAccess to additional resourcesCompetitive advantagesCompetitive advantages

Curiosity and Mischief Curiosity and Mischief

Terrorism Terrorism


6/28

66

WHY THEY ATTACK?

WHAT THEY WANT?

WHAT WE SHOULD DO?

BUT!!!! I do not have anything important on my machine;who would want to crack my machine ??????


7/2877

They want your Bandwidth

They want your CPUThey want your Disk SpaceThey want your Data

They want to Steal Information They want to Destroy

WHY THEY ATTACK?

WHAT THEY WANT?


8/2888

Possible Attacks:Possible Attacks:

DDoS (Distributed Denial of Service)DDoS (Distributed Denial of Service)SniffingSniffing

Port ScanningPort ScanningMalicious codeMalicious code


9/28

99


10/28

1010

Denial of Service (DoS)Denial of Service (DoS)

Attack Attack Attacker prevent user from accessingAttacker prevent user from accessinga servicea service

Floods network with information.Floods network with information.Server unable to process yourServer unable to process yourrequest.request.


11/28

1111

Example of DDoS attack:Example of DDoS attack:

Intruder Intruder

TargetTarget

Request withRequest withspoofed IP of targetspoofed IP of target


12/28

1212

Example of DDoS attack:Example of DDoS attack:

Intruder Intruder

TargetTarget

Flood TargetFlood Targetwith replieswith replies


13/28

1313

SniffingSniffing

Examines traffic on same physicalExamines traffic on same physicalnetworknetwork

Intruder must have physical accessIntruder must have physical accessto networkto network

Used to gather usernames andUsed to gather usernames andpasswordspasswords


14/28

1414

Port ScanningPort Scanning

Over 65535 ports available.Over 65535 ports available. Each port scanned sequentially.Each port scanned sequentially.

Scan Reply PortStatus

SYN SYN+ACKOpen

SYN RST CloseFIN RST Close

FIN Ignored Open


15/28

1515

Malicious CodeMalicious Code

Includes VirusesIncludes Virusesand Trojan Horsesand Trojan Horses

Difficult to control.Difficult to control.


16/28

1616

Methods of Defence

Encryption Software Controls

Hardware Controls Policies Firewalls


17/28

1717

EncryptionEncryption

Science of writing in Secret CodeScience of writing in Secret CodeProtects data from theft andProtects data from theft andalteration.alteration.Unencrypted Data PlainTextUnencrypted Data PlainTextEncrypted Data CipherTextEncrypted Data CipherText


18/28

1818

Cryptographic Techniques

Secret Key CryptographyPublic Key CryptographyHash Functions


19/28

1919

Secret KeyCryptography


20/28

2020

Public Key

Cryptography


21/28

2121

Hash Function


22/28

2222

AlicesPrivate

Key

AlicesMessage

Random

SessionKeyBobsPublic

Key

Public KeyCrypto

DigitalSignature

DigitalEnvelope

Encrypted

Message

Encrypted Session

Key

Sent toBob

HashFunction

Secret KeyCrypto

Public KeyCrypto

Sample Application of 3 CryptographyTechniques for Secure Communication


23/28

2323

SOFTWARE CONTROLSSOFTWARE CONTROLS

Access limitations in databaseAccess limitations in databaseAnti-Virus SoftwareAnti-Virus Software

HARDWARE CONTROLS

Use Smartcard for authentication


24/28

2424

POLICIESPOLICIES

Frequent Change of PasswordsFrequent Change of Passwords

Never Share Your PasswordNever Share Your PasswordAvoid Using Dictionary word as PasswordAvoid Using Dictionary word as PasswordNetwork MonitoringNetwork Monitoring


25/28

2525

FirewallsFirewalls A firewall is a network access controlA firewall is a network access controldevice.device.Performs a centralized securityPerforms a centralized securitymanagement function.management function.Denies all traffic except that which isDenies all traffic except that which isexplicitly allowed.explicitly allowed.


26/28

2626

Why Use firewalls?Why Use firewalls?

Prevent Compromises andVulnerabilities

Preventing DDoS Attack

Preventing Port Scanning

Preventing Malicious Code

Prevent Attack From Insiders


27/28

2727

As individuals and businesses increasebusinesses increaseinformation sharing and communication via theinformation sharing and communication via the

InternetInternet , vulnerability to attack or , vulnerability to attack or intrusion rises.intrusion rises.

In the world of technologicalIn the world of technological evolution,

everyone is a target of electronic crimeand needs to be concerned about


28/28

2828

I would like to thank:I would like to thank:

Mrs. Vandana SyalMrs. Vandana Syal&&

All of you for your time andAll of you for your time andpatiencepatience ..

firewall and network securit

Documents