Date post: | 11-Dec-2015 |
Category: |
Documents |
Upload: | eliana-eyres |
View: | 242 times |
Download: | 13 times |
Network Security
PENS-ITS
Intro to Network Security
Network Security
Politeknik Elektronika Negeri Surabaya
2007
Network Security
PENS-ITS
Introduction
• Penilaian– Tugas 25%– UAS 40%– UTS 30%– Kehadiran 5%
• Max terlambat 15 menit dari pelajaran dimulai– Di atas 15 menit diberi tugas dan dipresentasikan
Network Security
PENS-ITS
Overview
ClientConfiguration
DNS Network Services FTP/Telnet SMTP/POP Web Server
IP & PortScanning
Web Server Exploit
Email Exploit DoS Attack Trojan AttackSniffing Traffic
KeyStroke Logging
Password Cracking
MITM Attack
Hardening Host
AntiVirus Applications
Using Firewall
Using GPG/PGP
Using SSHUsing
CertificateUsing IPSec
System Log Analysis
Intrusion Detection System
HoneyPotSpyware
Detection and Removal
Backup and Restore
Finding Hidden Data
NETWORK
PREVENT
DETECTION
VULNERABILITAS
Network Security
PENS-ITS
INTERNET
FIREWALL
FILESERVER EIS
WWWDOMAIN
ROUTER-GTW
Traffic MonitoringCACTIHttp://noc .eepis-its.edu
EEPISHOTSPOT
PROXY
LECTURER
, EMPLOYEE
STUDENTS Internal ServerEEPIS -INFORMATION SYSTEM (EIS http ://eis.eepis -its.edu)Http://fileserver .eepis -its .edu
DMZ
E-Mail serverHTTPS , SPAM (Spamassassin ), Virus Scanner (ClamAV )
PROXY (Squid )All access to Internet must through Proxy
FIREWALL -IDSLinux bridge , iptables shorewall , snort , portsentry , acidlab
CISCO RouterUsing acl , block malware from outside
L3 SwitchBlock malware on physical port from inside network
All Server in DMZManage using SSH , Secure Webmin
SQL Database (MySQL )Access only from localhost (127.0.0.1)
EEPISHOTSPOTAccess from wifi , signal only in EEPIS campusAuthentication from Proxy
Managable SwitchsBlock unwanted user from port , manage from WEB
Network Services
NOC
MULTILAYERSWITCH
Network Security
PENS-ITS
Why Secure a Network?
External attacker
A network security design protects assets from threats and vulnerabilities in an organized mannerTo design security, analyze risks to your assets and create responses
Corporate Assets
Internal attacker
Incorrect permissionsVirus
Network Security
PENS-ITS
Computer Security Principles
• Confidentiality– Protecting information from exposure and
disclosure• Integrity
– Decrease possible problems caused by corruption of data
• Availability– Make information always available
Network Security
PENS-ITS
Exploits (1)• What is an Exploit?
– Crackers break into a computer network by exploiting weaknesses in operating system services.
• Types of attacks– Local– Remote
Network Security
PENS-ITS
SANS Security Threats• SANS/FBI top 20 security
threats– http://www.sans.org/top20/
• Goals attackers try to achieve– Gain unauthorized access– Obtain administrative or
root level– Destroy vital data– Deny legitimate users
service– Individual selfish goals– Criminal intent
Network Security
PENS-ITS
Security Statistics: Attack Trends
• Computer Security Institute (http://www.gocsi.com)• Growing Incident Frequency
– Incidents reported to the Computer Emergency Response Team/Coordination Center
– 1997: 2,134
– 1998: 3,474 (75% growth from previous year)
– 1999: 9,859 (164% growth)
– 2000: 21,756 (121% growth)
– 2001: 52,658 (142% growth)
– Tomorrow?
Network Security
PENS-ITS
Attack Targets
• SecurityFocus
– 31 million Windows-specific attacks
– 22 million UNIX/LINUX attacks
– 7 million Cisco IOS attacks
– All operating systems are attacked!
Network Security
PENS-ITS
Hackers Vs Crackers
• Ethical Hackers vs. Crackers– Hacker usually is a programmer constantly seeks
further knowledge, freely share what they have discovered, and never intentionally damage data.
– Cracker breaks into or otherwise violates system integrity with malicious intent. They destroy vital data or cause problems for their targets.
Network Security
PENS-ITS
Pengelompokan Attack
Network Security
PENS-ITS
Pengelompokan Attacks
Attacks
Physical AccessAttacks
--Wiretapping/menyadap
Server HackingVandalism/perusakan
Dialog Attacks--
Eavesdropping(Mendengar yg tdk boleh)
Impersonation(meniru)
Message AlterationMerubah message
PenetrationAttacks
(Usaha menembus)
Social Engineering--
Opening AttachmentsPassword Theft
Information Theft
Scanning(Probing)
Break-inDenial ofService
Malware--
VirusesWorms
Network Security
PENS-ITS
Social Engineering• Definisi Social enginering
– seni dan ilmu memaksa orang untuk memenuhi harapan anda ( Bernz ), – Suatu pemanfaatan trik-trik psikologis hacker luar pada seorang user
legitimate dari sebuah sistem komputer (Palumbo)– Mendapatkan informasi yang diperlukan (misalnya sebuah password)
dari seseorang daripada merusak sebuah sistem (Berg).• Tujuan dasar social engineering sama seperti umumnya
hacking: mendapatkan akses tidak resmi pada sistem atau informasi untuk melakukan penipuan, intrusi jaringan, mata-mata industrial, pencurian identitas, atau secara sederhana untuk mengganggu sistem atau jaringan.
• Target-target tipikal termasuk perusahaan telepon dan jasa-jasa pemberian jawaban, perusahaan dan lembaga keuangan dengan nama besar, badan-badan militer dan pemerintah dan rumah sakit.
Network Security
PENS-ITS
Bentuk Social Engineering• Social Engineering dengan telepon
– Seorang hacker akan menelpon dan meniru seseorang dalam suatu kedudukan berwenang atau yang relevan dan secara gradual menarik informasi dari user.
• Diving Dumpster – Sejumlah informasi yang sangat besar bisa dikumpulkan melalui company
Dumpster.• Social engineering on-line :
– Internet adalah lahan subur bagi para teknisi sosiaal yang ingin mendapatkan password
– Berpura-pura menjadi administrator jaringan, mengirimkan e-mail melalui jaringan dan meminta password seorang user.
• Persuasi– Sasaran utamanya adalah untuk meyakinkan orang untuk memberikan
informasi yang sensitif• Reverse social engineering
– sabotase, iklan, dan assisting
Network Security
PENS-ITS
Penetration Attacks Steps
• Port scanner• Network enumeration• Gaining & keeping root / administrator access• Using access and/or information gained• Leaving backdoor• Attack
– Denial of Services (DoS) :Network flooding– Buffer overflows : Software error– Malware :Virus, worm, trojan horse– Brute force
• Covering his tracks
Network Security
PENS-ITS
Scanning (Probing) Attacks
Probe Packets to172.16.99.1, 172.16.99.2, etc.
Internet
Attacker
Corporate Network
Host172.16.99.1
No Host172.16.99.2 No Reply
Reply from172.16.99.1
Results172.16.99.1 is reachable172.16.99.2 is not reachable…
Network Security
PENS-ITS
Network Scanning
Network Security
PENS-ITS
Denial-of-Service (DoS) Flooding Attack
Message Flood
ServerOverloaded ByMessage Flood
Attacker
Network Security
PENS-ITS
DoS By Example
Network Security
PENS-ITS
Dialog Attack
• Eavesdropping, biasa disebut dengan spoofing, cara penanganan dengan Encryption
• Impersonation dan message alteration ditangani dengan gabungan enkripsi dan autentikasi
Network Security
PENS-ITS
Eavesdropping on a Dialog
Client PCBob Server
Alice
Dialog
Attacker (Eve) interceptsand reads messages
Hello
Hello
Network Security
PENS-ITS
Password Attack By Example
Network Security
PENS-ITS
Sniffing By Example
Network Security
PENS-ITS
KeyLogger
Network Security
PENS-ITS
Message Alteration
Client PCBob
ServerAlice
Dialog
Attacker (Eve) interceptsand alters messages
Balance =$1
Balance =$1 Balance =
$1,000,000
Balance =$1,000,000
Network Security
PENS-ITS
Network Security
PENS-ITS
Security form Attack
Network Security
PENS-ITS
Network Penetration Attacks and Firewalls
AttackPacket
Internet
Attacker
HardenedClient PC
HardenedServer Internal
CorporateNetwork
Passed Packet
DroppedPacket
InternetFirewall
Log File
Network Security
PENS-ITS
Intrusion Detection System
1.Suspicious
Packet
Internet
Attacker
NetworkAdministrator
HardenedServer
Corporate Network
2. SuspiciousPacket Passed
3. LogPacket
4. Alarm IntrusionDetectionSystem
Log File
Network Security
PENS-ITS
Encryption for Confidentiality
Client PCBob
ServerAlice
Attacker (Eve) interceptsbut cannot read
“100100110001”
EncryptedMessage
“100100110001”
Original Message
“Hello”
Decrypted Message
“Hello”
Network Security
PENS-ITS
Impersonation and Authentication
Client PCBob
ServerAlice
Attacker(Eve)
I’m Bob
Prove it!(Authenticate Yourself)
Network Security
PENS-ITS
Secure Dialog System
Client PCBob Server
Alice
Secure Dialog
Attacker cannot read messages, alter
messages, or impersonate
Automatically HandlesNegation of Security Options
AuthenticationEncryption
Integrity
Network Security
PENS-ITS
Hardening Host Computers
• The Problem– Computers installed out of the box have known
vulnerabilities• Not just Windows computers
– Hackers can take them over easily
– They must be hardened—a complex process that involves many actions
Network Security
PENS-ITS
Hardening Host Computers
• Elements of Hardening– Physical security– Secure installation and configuration– Fix known vulnerabilities– Turn off unnecessary services (applications)– Harden all remaining applications (Chapter 9)– (more on next page)
Network Security
PENS-ITS
Hardening Host Computers
• Elements of Hardening (continued)– Manage users and groups– Manage access permissions
• For individual files and directories, assign access permissions specific users and groups
– Back up the server regularly– Advanced protections
Network Security
PENS-ITS
Hardening Host Computers
• Security Baselines Guide the Hardening Effort
– Specifications for how hardening should be done
– Different for different operating systems
– Different for different types of servers (webservers, mail servers, etc.)
– Needed because it is easy to forget a step
Network Security
PENS-ITS
Installation and Patching
• Installation Offers Many Options, Some of Which Affect Security
– For example, in Windows, the NTFS file system is better for security than FAT32
– Need a security baseline to guide option choices during installation
Network Security
PENS-ITS
Installation and Patching
• Known Vulnerabilities
– Most programs have known vulnerabilities
– Exploits are programs that take advantage of known vulnerabilities
Network Security
PENS-ITS
Installation and Patching
• Known Vulnerabilities
– Vulnerability reporters send vulnerability reports to vendors
– Vulnerability reporters often say that vendors take too long to fix vulnerabilities
– Vendors say that vulnerability reporters do not give them enough time, report too much detail to the press
Network Security
PENS-ITS
Installation and Patching
• Fixes
– Work-around: A series of actions to be taken; no new software
– Patches: New software to be added to the operating system
– Upgrades: Newer versions of programs usually fix older vulnerabilities.
Network Security
PENS-ITS
Installation and Patching
• Upgrades
– Often, security vulnerabilities are fixed in new versions
– If a version is too old, the vendor might stop offering fixes
– It might be good to wait to upgrade until after the first round of bug and security fixes
Network Security
PENS-ITS
Turning Off Unnecessary Services
• Unnecessary Services
– Operating system vendors used to install many services by default
– This made them easier to use. When use changes, services do not have to be turned on.
– Attackers have found flaws in many of these rare services
Network Security
PENS-ITS
Turning Off Unnecessary Services
• Unnecessary Services
– Vendors now install fewer services by default—lock down mode
– Turn to security baseline to see what services to turn on and off
– Easier to install too few and add than to install too many and remove unwanted services
Network Security
PENS-ITS
Managing Users and Groups
• Introduction
– Every user must have an account
– There can also be groups
• Can assign security measures to groups
• These measures apply to the individual group members automatically
• Faster and easier than assigning security measures to individuals
Network Security
PENS-ITS
Managing Permissions
• Principle of Least Permissions: Give Users the Minimum Permissions Needed for Their Job
– More feasible to add permissions selectively than to start with many, reduce for security
Network Security
PENS-ITS
Advanced Server Hardening Techniques
• Reading Event Logs – The importance of logging to diagnose problems
• Failed logins, changing permissions, starting programs, kernel messages, etc.
• Backup
• File Encryption
• File Integrity Checker