1

Network SecurityMITM 205 – Advance Computer Networks

Ralph Vincent H. Badon

2

Network Security

• consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and the effectiveness (or lack) of these measures combined together.

• has become a major concern to companies throughout the world

3

Security Issues

• How do you protect confidential information from those who do not explicitly need to access it?

• How do you protect your network and its resources from malicious users and accidents that originate outside your network?

4

Its concern is to prevent the theft, destruction, corruption, and introduction of information that can cause irreparable damage to sensitive and confidential data.

Protecting Confidential Information

5

Protecting Confidential Information

• Confidential information can reside in two states on a network. – on physical storage media - a hard drive

or memory– in transit across the physical network

wire • These two information states present

multiple opportunities for attacks from users on your internal network, as well as those users on the Internet (if network is connected to the Internet)

6

Common Methods of Attack

• Network packet sniffers• IP spoofing• Password attacks• Distribution of sensitive internal

information to external sources• Man-in-the-middle attacks

7

Network Packet Sniffers

●Several network applications distribute network packets in clear text—that is, the information sent across the network is not encrypted

●a packet sniffer can provide its user with meaningful and often sensitive information, such as user account names and passwords

●a packet sniffer can provide an attacker with information that is queried from the database, as well as the user account names and passwords used to access the database

8

IP Spoofing

• refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system.

• By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine.

9

Denial of Service Attack

goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to his attack packets

HOW?o the targeted host receives a TCP SYN and

returns a SYN-ACK. o It then remains in a wait state, anticipating the

completion of the TCP handshake that never happens.

o Each wait state uses system resources until eventually, the host cannot respond to other legitimate requests.

10

Password Attack

• usually refer to repeated attempts to identify a user account and/or password - brute-force attacks– a brute-force attack is performed using

a dictionary program that runs across the network and attempts to log in to a shared resource, such as a server

• can be implemented using several different methods– brute-force attacks, Trojan horse

programs, IP spoofing, and packet sniffers

11

Distribution of Sensitive Information

• Controlling the distribution of sensitive information is at the core of a network security policy

• majority of computer break-ins that organizations suffer are at the hands of disgruntled present or former employees

• At the core of these security breaches is the distribution of sensitive information to competitors or others that will use it to your disadvantage

12

Man-in-the-Middle Attacks

• the attacker have access to network packets that come across the networks– An example of such a configuration

could be someone who is working for your Internet service provider (ISP)

• often implemented using network packet sniffers and routing and transport protocols

• possible uses of such attacks are theft of information, denial of service, corruption of transmitted data, etc.

13

Attributes of a Secure Network

• User authentication – username/password• firewall - enforcing access policies such

as what services are allowed to be accessed by network users

• Intrusion Prevention System (IPS)– helps detect and prevent such malware– monitors for suspicious network traffic

for contents, volume and anomalies to protect the network from attacks such as denial of service

14

Attributes of a Secure Network

• Encryption Mechanism - Communication between two hosts using the network could be encrypted to maintain privacy

• Audit Trail - Individual events occurring on the network could be tracked for audit purposes

• Surveillance and early-warning tools– decoy network-accessible resources– could be used to further tighten security

of the actual network being protected

15

Proxy

• acts as a go-between for requests from clients seeking resources from other servers– evaluates the request according to its

filtering rules– For example, it may filter traffic by IP

address or protocol• A proxy server has two purposes:

– To keep machines behind it anonymous (mainly for security).

– To speed up access to a resource (via caching). It is commonly used to cache web pages from a web server.

16

Firewall

• a part of a computer system or network that is designed to block unauthorized access while permitting outward communication

• a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria

• frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets

17

Types of Firewalls

• Packet filter– Looks at each packet entering or

leaving the network and accepts or rejects it based on user-defined rules.

• Application gateway– Applies security mechanisms to specific

applications, such as FTP and Telnet servers.

18

Types of Firewall

• Circuit-level gateway– Applies security mechanisms when a

TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

• Proxy server– Intercepts all messages entering and

leaving the network.

19

Virtual Private Network (VPN)

• a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger networks, such as the Internet

20

Any questions?

End of Lecture.MITM 205 – Advance Computer Networks