Prologue to Network Security November 20 th , 2007.


51 views
Uploaded on:
Description
Your Network Exploits. Malware
Transcripts
Slide 1

Prologue to Network Security November 20 th , 2007 Presented by Aliza Bailey and Phil Ames

Slide 2

The Net is NOT the Web The Internet: TCP/IP, the "street" on the off chance that you will that different conventions keep running on The Web: one of the "vehicles" that keep running on this street. Different vehicles would incorporate email, talk programs, document exchange projects and conventions, and so forth

Slide 3

Introducing… Your Network Exploits

Slide 4

Malware "A nonexclusive term for various distinctive sorts of vindictive code, can incorporate spyware, worms, infections, and so on made with the expectation of penetrating a framework without consent and bringing on decimation, additionally called "PC Contaminants""

Slide 5

Virus "A concealed, self-duplicating segment of PC programming, typically malevolent rationale, that engenders by contaminating - i.e., embeddings a duplicate of itself into and turning out to be a piece of - another system. An infection can\'t keep running without anyone else; it requires that its host project be rush to make the infection dynamic "

Slide 6

Trojans/Backdoors "A PC program that seems to have a valuable capacity, additionally has a covered up and conceivably noxious capacity that dodges security instruments, now and again by misusing honest to goodness approvals of a framework substance that conjures the system."

Slide 7

Keyloggers "Programs intended to log key strokes entered by a client on a machine. At the point when utilized contrarily, this data is transmitted to a remote area to gather the individual information"

Slide 8

Rootkits "An accumulation of apparatuses (projects) that a programmer uses to veil interruption and get head level access to a PC or PC system."

Slide 9

Botnets "A gathering of traded off, broadband-empowered PC\'s captured amid a worm/infection assault and contaminated with programming that connections them to a server where they get "directions" from a botnet controller. These are then used to partake in further infection/worm/spam strikes and Denial of Service assaults"

Slide 11

Denial of Service otherwise known as DoS "An occasion or arrangement of occasions that keeps a framework or system from playing out its planned capacity" This can originate from a botnet or a more straightforward assault. In the fundamental sense, more parcels or information is sent to a casualty than the casualty can deal with and the framework crashes.

Slide 12

Generic DoS

Slide 13

Phishing & Spam "The utilization of messages that seem to begin from a trusted source to trap a client into entering substantial certifications at a fake site. Commonly the email and the site seems as though they are a piece of a bank the client is working with. Spam is any undesirable spontaneous message. Spam is typically sent by means of email"

Slide 14

Breaking Down Barriers Eliminate the "Does not make a difference to me" demeanor with clients

Slide 15

Breaking Down Barriers Users should be dynamic individuals from your "security group" as they are surely individuals from your "system misuse" squad Educate them now on appropriate security rehearses and their advantages before they need to take in the most difficult way possible One traded off machine in a system is all that is expected to influence the whole system

Slide 17

Getting to Know Your Network You can not guard what you don\'t get it.

Slide 18

Getting to Know Your Network DOCUMENTATION IS KEY Baseline your system and center gadgets Port to Jack change list MAC Address stock Static IP address list Knowing where to go when an occasion happens is totally fundamental Vendor data Physical area of gadgets

Slide 19

Getting to Know Your Network Understand the stream of activity in your system Ingress movement This is your inbound activity Egress movement This is your outbound activity Traceroutes Is your system symmetrical? Do you have more than one web nearness? Are your bundles venturing to every part of the right course?

Slide 20

Getting to Know Your Network RESEARCH YOUR PRODUCTS!!! What Operating Systems live in your surroundings? See any items you need to bring into your system, including their motivation, situation, and your desires Create a test domain reflecting your generation system to completely test new hardware

Slide 21

Defense in Depth Multiple layers are constantly superior to anything one.

Slide 22

Defense in Depth Proactive Defense Preventing the discharge from beginning Firewalls Content Filtering Intrusion Prevention Devices Traffic building Network Monitoring Base covering your system and center gadgets Acceptable use strategies

Slide 23

Defense in Depth Reactive Defense Putting out the shoot Intrusion Detection Systems System reinforcements Forensic based projects Fport, nmap Network Monitoring instruments TCPDump, WinDump, Ethereal, Snort

Slide 24

Defense in Depth Desktop Level

Slide 25

Defense in Depth Antivirus "influenza shot" of the security world Anti infection is the most fundamental level of desktop security and ought to be available on all workstations, servers, portable PCs, and so forth This is not a substitution for better security hones. Definitions need steady redesigning to meet the perpetually developing number of infections present. The time between infection distinguishing proof and definition circulation has contracted as innovation increments, however the crevice still exists

Slide 26

Defense in Depth Anti-Spyware Common projects accessible are spybot, promotion mindful, and most antivirus suites now incorporate hostile to spyware alternatives As with against infection programming, these projects require normal upgrades to stay viable

Slide 27

Defense in Depth Host Based Firewalls Windows XP comes standard with a firewall, there are additionally famous choices, for example, ZoneAlarm, Norton Personal Firewall, Black Ice, McAfee Personal Firewall, and so on Controls application access on machines while system based firewalls control the information stream to the machine Learning bend: end clients for the most part need help with arranging the tenets appropriately to abstain from blocking true blue applications

Slide 28

Defense in Depth Physical Access Login: All machines ought to oblige verification to the crate or area controller, no visitor accounts! Removable capacity: unless generally required, removable capacity like thumb drives ought to be confined from being acquainted with your system Location: Are your servers open to be gotten to by anybody? Is your document server sitting around your work area?

Slide 29

Defense in Depth Passwords Passphrases: less demanding to recollect, can be "fun" and more individual Special Characters, Numbers, Case affectability Length: longer = better Set a base watchword approach!

Slide 31

Defense in Depth Patching & Updating Set it and overlook it! Setting up all machines to consequently download and introduce redesigns removes the mystery from it Do not neglect to fix and upgrade all programming projects utilized, not only the OS. This incorporates Microsoft Office, Quicktime, antivirus, hostile to malware, and so on

Slide 32

Network Level Defense Border Patrol Keeping the awful folks from achieving your clients

Slide 33

Network Level Defense Router Security Routers consider more brief efforts to establish safety to be actualized than their switch and center point brethren Networks can be isolated by VLANS Traffic can be designed with access control records

Slide 34

Network Level Defense Router Security Lock down access to the switch Always require a login, be it a neighborhood account, RADIUS validation, and so on. Limit get to just to those systems/IP addresses that ought to get to the gadget Do you get to this switch from outside your work system? Do you just get to this switch from one specific workstation?

Slide 35

Network Level Defense Router Security Lock down port access Restricting what can be connected to your system and where diminishes the event of maverick switches/switches/center points, remote access focuses, and tablets Usually refined by MAC address limitations

Slide 36

Network Level Defense Access Control Lists (ACL\'s) A Standard ACL can confine entrance and departure system activity based upon the source IP, system, or subnet An Extended ACL (Cisco) can limit entrance and departure system movement based upon source and goal systems, alongside ports and conventions Extremely essential to outline EXACTLY what you need to permit/deny access to As with Firewalls, better to keep up a "deny all, grant by exemption" list

Slide 37

Network Level Defense · Routers apply records consecutively in the request in which you write them into the switch. · Routers apply records to bundles consecutively, from top down, one line at once. · Packets are prepared just until a match is made and afterward they are followed up on in view of the entrance list criteria contained in the entrance list proclamations. · Lists dependably end with a certain deny . Switches dispose of any bundles that don\'t coordinate any of the entrance list proclamations. · Access records must be connected to an interface as either inbound or outbound activity channels. · Only one rundown for each bearing can be connected to an interface.

Slide 38

Network Level Defense Example: Restricting system get to just to one system Permits any IP in the 64.251.55.0/28 system to go anyplace, denies all else IP access list 99 10 grant ip 64.251.55.0 0.0.0.15 any 20 deny ip any interface Vlan2 ip address 64.251.55.1 255.255.255.240 ip access-bunch 100 in no ip unreachables Applied INBOUND to the VLAN interface. Inbound means activity coming into that interface from machines inner to your system

Slide 39

Network Level Defense Example: Restricting movement considerably more with expanded ACL\'s ip access-list augmented School_Security license tcp 10.10.10.0 0.0.0.255 10.0.0.0 0.255.255.255 eq smtp grant tcp 10.10.10.0 0.0.0.255 160.241.0.0 0.0.255.255 eq smtp deny tcp any eq smtp deny udp any eq snmp grant tcp 10.10.10.0 0.0.0.255 any eq www grant tcp 10.10.10.0 0.0.0.255 any eq 8888 deny ip any This ACL will permit SMTP access for the 10.10.10.0/24 system o

Recommended
View more...