Subject 10: System Security Administration - Part 18: Working together on the Web - Section 20: System Security.


103 views
Uploaded on:
Category: People / Lifestyle
Description
The expense of cyberattacks to U.S. organizations multiplied to $10 billion in 1999, agreeing ... Business Data Communications, 4e. 9. The most effective method to keep the misfortunes from ...
Transcripts
Slide 1

Theme 10: Network Security Management - Chapter 18: Doing Business on the Internet - Chapter 20: Network Security Business Data Communications, 4e

Slide 2

Why Networks Need Security as of late, associations have turned out to be progressively reliant on the information correspondence systems for their day by day business interchanges, database recovery, conveyed information preparing, and the internetworking of LANs. The misfortunes connected with security disappointments can be colossal. More critical than direct burglary misfortunes are the potential misfortunes from the disturbance of utilizations frameworks that keep running on PC systems. Business Data Communications, 4e

Slide 3

Loss from Hack Attacks The expense of cyberattacks to U.S. organizations multiplied to $10 billion in 1999, as per assessments from the Computer Security Institute (CSI). The examination gather today is discharging the consequences of its study of 643 extensive associations, indicating assessed misfortunes of $266 million in 1999 from cybercrime, which is more than double the sum lost in 1998. - Los Angeles Times (03/22/00) P. C1; Piller, Charles Business Data Communications, 4e

Slide 4

A Hacker\'s Story Kevin Mitnick - a celebrated programmer captured At 1:30 a.m., February 15, 1995 discharged on January 21, 2000 What has he done? Broke into LA Unified School District\'s principle PCs when he was in secondary school. Gotten to North American Air Defense Command PCs He is alluded to as "electronic terrorist" for some PC break-ins he has submitted. More stories Business Data Communications, 4e

Slide 5

A True Story of Linux Hacking How the programmer did? Got the login for administrator account Delete netlog index to counteract revelation Load a DoS programming bomb Attack different PCs utilizing the bomb How it is found? When it assaults somebody got it A grumbling is sent to Tech Business Data Communications, 4e

Slide 6

A True Story of Linux Hacking From: roger rick [mailto:h4ker@hotmail.com] Sent: Sunday, February 04, 2001 2:32 PM To: J.Stalcup@ttu.edu; webmaster@ba.ttu.edu Subject: Compromised Box? I accept on of your frameworks on your subnet has been bargained and is currently running an eggdrop on IRC EFnet. An eggdrop is a customer that is constantly associated with the EFnet server and permits a client to get Operator status. This eggdrop could bring about DoS assaults on your server if the client makes the right individuals furious. Úäääää - Ä- - Äää-Ääääää - Ä- - Ää-Äääääääää - | H20B0NG ( bong@geek.ba.ttu.edu <mailto:bong@geek.ba.ttu.edu> ) ³ ircname : ]real eyes acknowledge genuine lies[ | channels : #shells ³ server : irc.stanford.edu Àäääää - Ä- - Äää-Ääääää - Ä- - Ää-Äääääääää - There is the bot and framework data. On the off chance that you are not worried about this, too bad to waste your time. However, it could bring about downtime over the long haul. Search for an association with an irc server on port 6667, It may uncover the persons IP that is utilizing your case to interface. Much obliged. Roger Business Data Communications, 4e

Slide 7

Security Threats Passive assaults Eavesdropping on, or checking, transmissions Electronic mail, record exchanges, and customer/server trades are case of transmissions that can be observed Active assaults Modification of transmitted information Attempts to increase unapproved access to PC frameworks Business Data Communications, 4e

Slide 8

Security Threats - Type 1 Non-specialized based dangers and can be avoid and ensured utilizing administrative methodologies. Normally, they are from debacles. Nature debacles: surge, fire, seismic tremor, and so on Terror assaults Criminal cases Accidents by human blunder Direct results: Destroying host PCs or vast segments of the system. Harming information stockpiles Business Data Communications, 4e

Slide 9

How to keep the misfortunes from sort 1 dangers? Examination center: If you were CIO for a huge organization what you ought to do to keep the misfortunes from a debacle from an administrative perspective? Business Data Communications, 4e

Slide 10

Security Threats - Type 2 These are specialized assaults. Need both specialized and administrative ways to deal with forestall and ensure the assaults. Devastation: Virus/Worm assaults Disruption: DoS (Denial of Service) and DDoS (Distributed DoS) assault Unauthorized access: frequently saw as programmers accessing authoritative information records and assets. Most unapproved access occurrences include workers. Genuine interlopers could change records to submit extortion or robbery, or pulverize data to harm the association. Story: Microsoft system was hacked in Oct. 2000 Business Data Communications, 4e

Slide 11

Attacks: Passive versus Dynamic Passive Attacks Eavesdropping Monitoring Active Attacks Modification Hacking Software shelling Disrupting Business Data Communications, 4e

Slide 12

Worm versus Infection Business Data Communications, 4e

Slide 13

Red Alert Worm "\'Code Red\' Unleashed on Web" Los Angeles Times (08/01/01) P. C3; Piller, Charles A vindictive PC worm is spreading over the Internet, bringing on contaminated PCs to look the Web to discover more casualties. In the long run the Code Red worm, which just as of late started its spread, will bring about its host PCs to storm the White House Web webpage with a torrent of information. In any case, a past form of the worm was discharged before a month ago against the same White House target. That rendition additionally ruined the Web locales facilitated on the servers it tainted with a message asserting "Hacked by Chinese," however the Chinese government has denied the worm begun in that nation. Authorities at the White House have following utilized a location change system to redirect the information stream from Code Red PCs, and the site will likewise stay safe from the present adaptation. Code Red, in any case, will keep on spreading, achieving its top inside 36 hours of its August first discharge date, as per Internet Security Systems analyst Chris Rouland. The worm is modified to go torpid on August 28th. Business Data Communications, 4e

Slide 14

A True Story of Red Alert Attack When: July 20, 2001 Where: Dr. Lin\'s Office What PC: 129.118.49.94, Windows 2000 Advanced Server How: Not known yet Who found the assault: somebody utilizing DShield.org reported and they sent BACS an email Symptoms: When utilizing asp scripts, the page shows: "Hacked by Chinese" A noxious project checks ports of other PC Business Data Communications, 4e

Slide 15

Security Attacks Normal stream Interruption Interception Business Data Communications, 4e Modification Fabrication

Slide 16

Preventing Unauthorized Access Approaches to averting unapproved access: Developing a security strategy Developing client profiles Strengthen physical security and programming security Securing dial-in administration framework Fix security gaps Using firewall Using encryption A mix of all strategies is best to guarantee solid security. Business Data Communications, 4e

Slide 17

Securing Network Access Points What is a firewall: A switch, door, or unique reason PC that looks at bundles streaming into and out of a system and limits access to the association\'s system. Why utilizing firewall: With the expanding utilization of the Internet, it gets to be critical to counteract unapproved access to your system from gatecrashers on different systems. Contextual investigation: Attack to a firewall Business Data Communications, 4e

Slide 18

Securing Network Access Points Packet-level firewall: Examines the source and destination location of each system parcel that goes through it and just permits bundles that have satisfactory source and destination locations to pass. Powerless against IP-level ridiculing, fulfilled by changing the source address on approaching bundles from their genuine location to a location inside the association\'s system. Numerous firewalls have had their security reinforced subsequent to the initially archived instance of IP ridiculing in December 1994. Business Data Communications, 4e

Slide 19

*Spoof "Spoof" was an amusement designed in 1933 by an English entertainer, Arthur Roberts. Webster\'s characterizes the verb to mean (1) to misdirect or scam, and (2) to make amiable fun of. On the Internet, "to spoof" can mean: To bamboozle with the end goal of accessing another person\'s assets (for instance, to fake an Internet address so one resembles a specific sort of Internet client) To recreate an interchanges convention by a project that is contributed into a typical arrangement of procedures with the end goal of adding some valuable capacity To energetically caricaturize a Web webpage. Business Data Communications, 4e

Slide 20

Application-level Firewall Application-level firewall Acts as a middle host PC or door between the Internet and whatever remains of the association\'s system. As a rule, needs extraordinary programming codes to allow the utilization of use programming interesting to the association. Contrast: bundle level firewalling - forbids just impaired gets to application-level firewalling - allows just approved gets to Business Data Communications, 4e

Slide 21

Proxy Server Proxy server - the innovation for firewalls Uses a location table to interpret system addresses inside the associations into fake locations for use on the Internet (system address interpretation or location mapping). Along these lines frameworks outside the association never see the genuine inside IP addresses. Is turning into the application-level firewall of decision. Numerous associations utilize a mix of bundle level and application-level firewalls. Business Data Communications, 4e

Slide 22

Network Address Translation (NAT) The procedure of deciphering between one arrangement of private locations inside a system and an arrangement of open location outside the system. Straightforward A NAT intermediary server utilizes a location table to decipher the private IP addresses utilized inside the association into intermediary IP address utilized on the Internet. It utilizes the source port

Recommended
View more...