P. 1
Network Security 1Day Course Slides

Network Security 1Day Course Slides

|Views: 14|Likes:
These slides are intended for a 1-day course in network security for managers or maintainers of Windows, Linux, and other systems.

The presentation concentrates on TCP/IP systems and is compatible with the Dulaney CompTIA Security+ SY0-201 exam study guide. It covers the basics of asset identification, risk assessment, and the related security measures of prevention, detection, and response. Various physical and operational threats are discussed in the context of typical network maintenance and operation.
These slides are intended for a 1-day course in network security for managers or maintainers of Windows, Linux, and other systems.

The presentation concentrates on TCP/IP systems and is compatible with the Dulaney CompTIA Security+ SY0-201 exam study guide. It covers the basics of asset identification, risk assessment, and the related security measures of prevention, detection, and response. Various physical and operational threats are discussed in the context of typical network maintenance and operation.

More info:

Categories:Types, Research
Published by: John Michael Williams on Feb 23, 2013
Copyright:Traditional Copyright: All rights reserved
List Price: $5.00 Buy Now

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
See more
See less

05/18/2014

$5.00

USD

pdf

text

original

Sections

  • Seminar Prerequisite Assumptions
  • Seminar Topics
  • References
  • Seminar Schedule
  • What is Security?
  • Asset Identification
  • Risk Assessment
  • Security Measures
  • Three Aspects of Security
  • Who Needs Security?
  • What are Security Policies?
  • Typical Policy List
  • Security Threats
  • Nondigital Physical Security Threats
  • Digital Physical Security Threats
  • Machine Physical Threats
  • File or Device Physical Threats
  • Local Access Physical Threat Example: BackTrack
  • BackTrack: Password Attack Utility Menu
  • BackTrack: DNS Info Utilities
  • Programmed Machine Physical Threats
  • Virus Types
  • Worm Example: MyDoom.M
  • How a Network Works: Data Ordering
  • How a Network Works: Hardware
  • How a Network Works: Domain Organization
  • How a Network Works: Data Transmission (3 of 3)
  • How a Network Works: Network Protocol Models
  • How a Network Works: TCP/IP Encapsulation
  • How a Network Works: TCP/IP Link Protocols
  • How a Network Works: TCP/IP Internet Protocols (1 of 2)
  • How a Network Works: TCP/IP Internet Protocols (2 of 2)
  • How a Network Works: TCP/IP Transport Protocols (1 of 2)
  • How a Network Works: TCP/IP Transport Protocols (2 of 2)
  • How a Network Works: TCP/IP Application Protocols
  • How a Network Works: nonTCP/IP Protocols (1 of 2)
  • How a Network Works: nonTCP/IP Protocols (2 of 2)
  • Lunch
  • Operational Security Threats
  • Causes of Operational Threats
  • Social Engineering Threat
  • Account Carelessness
  • LAN Carelessness
  • Internet Carelessness
  • Removable-Medium Carelessness
  • Summary of Physical and Operational Threats
  • Threats from Runnable Application Types
  • Generic Application Threats
  • Specific Network Threats: Cross-Site Scripting (XSS)
  • Specific Network Threats: DNS Spoofing (1 of 2)
  • Specific Network Threats: DNS Spoofing (2 of 2)
  • Threats from Specific Applications: Flash (ActionScript)
  • Threats from Specific Applications: Java
  • Threats from Specific Applications: JavaScript
  • Threats from Specific Applications: Acrobat PDF
  • Threats from Other Media Applications
  • Three Goals of Security
  • End of Workshop

J. M.

Williams Network Security Seminar 2011-01-07 Slide 1
Establishin Network Security
! Silicon Valley Technical Institute Seminar
by John Michael Williams
2011-01-07
"o#yriht 2011$ John Michael Williams.
%icensed &ree to Silicon 'alley (echnical )nstitute &or trainin-course use. !ll other rihts reser*ed.
jmmwill@comcast.net
J. M. Williams Network Security Seminar 2011-01-07 Slide 2
Table of Contents
Seminar +rere,uisite !ssum#tions...................................................................................................................................................................................... -
Seminar (o#ics...................................................................................................................................................................................................................... .
/e&erences.............................................................................................................................................................................................................................. 0
Seminar Schedule.................................................................................................................................................................................................................. 7
What is Security1................................................................................................................................................................................................................... 2
!sset )denti&ication............................................................................................................................................................................................................... 3
/isk !ssessment.................................................................................................................................................................................................................. 10
Security Measures............................................................................................................................................................................................................... 11
(hree !s#ects o& Security.................................................................................................................................................................................................... 12
Who Needs Security1........................................................................................................................................................................................................... 14
What are Security +olicies1................................................................................................................................................................................................. 1-
(y#ical +olicy %ist............................................................................................................................................................................................................... 1.
Security (hreats.................................................................................................................................................................................................................. 10
Nondiital +hysical Security (hreats................................................................................................................................................................................. 17
5iital +hysical Security (hreats....................................................................................................................................................................................... 12
Machine +hysical (hreats................................................................................................................................................................................................... 13
6ile or 5e*ice +hysical (hreats.......................................................................................................................................................................................... 20
%ocal !ccess +hysical (hreat E7am#le8 9ack(rack......................................................................................................................................................... 21
9ack(rack8 !ccess to Windows 6iles................................................................................................................................................................................. 22
9ack(rack8 +assword !ttack :tility Menu....................................................................................................................................................................... 24
9ack(rack8 )nternet Menu :tilities.................................................................................................................................................................................. 2-
9ack(rack8 5NS )n&o :tilities........................................................................................................................................................................................... 2.
9ack(rack8 Wireless Network :tilities............................................................................................................................................................................. 20
+rorammed Machine +hysical (hreats............................................................................................................................................................................ 27
'irus (y#es.......................................................................................................................................................................................................................... 22
Worm E7am#le8 My5oom.M.............................................................................................................................................................................................. 23
;ow a Network Works8 5ata <rderin............................................................................................................................................................................. 40
;ow a Network Works8 ;ardware..................................................................................................................................................................................... 41
;ow a Network Works8 5omain <rani=ation.................................................................................................................................................................. 42
;ow a Network Works8 5ata (ransmission >1 o& 4?.......................................................................................................................................................... 44
;ow a Network Works8 5ata (ransmission >2 o& 4?.......................................................................................................................................................... 4-
;ow a Network Works8 5ata (ransmission >4 o& 4?.......................................................................................................................................................... 4.
;ow a Network Works8 Network +rotocol Models............................................................................................................................................................ 40
;ow a Network Works8 ("+@)+ Enca#sulation................................................................................................................................................................ 47
;ow a Network Works8 ("+@)+ %ink +rotocols................................................................................................................................................................ 42
;ow a Network Works8 ("+@)+ )nternet +rotocols >1 o& 2?.............................................................................................................................................. 43
J. M. Williams Network Security Seminar 2011-01-07 Slide 4
;ow a Network Works8 ("+@)+ )nternet +rotocols >2 o& 2?.............................................................................................................................................. -0
;ow a Network Works8 ("+@)+ (rans#ort +rotocols >1 o& 2?........................................................................................................................................... -1
;ow a Network Works8 ("+@)+ (rans#ort +rotocols >2 o& 2?........................................................................................................................................... -2
;ow a Network Works8 ("+@)+ !##lication +rotocols..................................................................................................................................................... -4
;ow a Network Works8 non("+@)+ +rotocols >1 o& 2?...................................................................................................................................................... --
;ow a Network Works8 non("+@)+ +rotocols >2 o& 2?...................................................................................................................................................... -.
%unch................................................................................................................................................................................................................................... -0
<#erational Security (hreats............................................................................................................................................................................................. -7
"auses o& <#erational (hreats........................................................................................................................................................................................... -2
Social Enineerin (hreat.................................................................................................................................................................................................. -3
!ccount "arelessness.......................................................................................................................................................................................................... .0
%!N "arelessness................................................................................................................................................................................................................ .1
)nternet "arelessness.......................................................................................................................................................................................................... .2
/emo*able-Medium "arelessness...................................................................................................................................................................................... .4
Summary o& +hysical and <#erational (hreats................................................................................................................................................................. .-
(hreats &rom /unnable !##lication (y#es........................................................................................................................................................................ ..
Aeneric !##lication (hreats............................................................................................................................................................................................... .0
S#eci&ic Network (hreats8 "ross-Site Scri#tin >BSS?..................................................................................................................................................... .7
S#eci&ic Network (hreats8 5NS S#oo&in >1 o& 2?............................................................................................................................................................ .2
S#eci&ic Network (hreats8 5NS S#oo&in >2 o& 2?............................................................................................................................................................ .3
(hreats &rom S#eci&ic !##lications8 6lash >!ctionScri#t?................................................................................................................................................. 00
(hreats &rom S#eci&ic !##lications8 Ja*a.......................................................................................................................................................................... 01
(hreats &rom S#eci&ic !##lications8 Ja*aScri#t................................................................................................................................................................ 02
(hreats &rom S#eci&ic !##lications8 !crobat +56............................................................................................................................................................ 04
(hreats &rom <ther Media !##lications............................................................................................................................................................................. 0-
What is Security1................................................................................................................................................................................................................. 07
Security Measures............................................................................................................................................................................................................... 02
(hree Aoals o& Security....................................................................................................................................................................................................... 03
End o& Worksho#................................................................................................................................................................................................................. 70
J. M. Williams Network Security Seminar 2011-01-07 Slide -
Seminar +rere,uisite !ssum#tions
● +ostsecondary education$ #re&erably with enineerin backround.
● Skill with :ni7$ %inu7$ or Windows.
● 6amiliarity with #rorammin in a modern lanuae such as C.
● 6amiliarity with use o& ty#ical network a##lications such as8
➢ Web browser
➢ Email
➢ 6(+.
Anticipated Audience:
➢ Manaers$ or system or network administrators$ wantin an introduction to network
security.
➢ ;ome or business-network users wantin to reduce their e7#osure to malicious
indi*iduals or so&tware.
J. M. Williams Network Security Seminar 2011-01-07 Slide .
Seminar (o#ics
Windows and %inu7 security. (o#ic %ist8
Aoals o& security.
/isks o& #ersonnel beha*ior.
9asics o& a ("+@)+ network8 +ackets and routin.
Security #olicies and their &ormulation.
+olicy im#lementation uidelines.
+hysical and o#erational kinds o& threat.
Machine$ %!N$ and internet threats.
'irus and worm ty#es.
'ulnerabilities caused by certain scri#tin a##lications.
%inu7 and Windows security com#arisons.
Em#hasis is on security$ not detailed &unctionality. Not co*ered8
• !nti*irus so&tware or other #rorams.
• Network administration.
• ;ardware o#eration$ includin com#uters$ routers$ switches$ or ateways.
J. M. Williams Network Security Seminar 2011-01-07 Slide 0
/e&erences
E. 5ulaney. CompTIA Security+ Study Guide >E7am SC0-201?. )ndiana#olis$ )N8
Wiley +ublishin$ 2003. )S9N 372-0--70-47230-2. )ncludes "5-/<M with random
testin so&tware.
Note8 "ross-re&erences in the slide &ooters are to this recommended study uide.
E. "ole. Network Security Bible >2
nd
ed.?. )ndiana#olis$ )N8 Wiley +ublishin$ 2003.
)S9N 372-0--70-.02-3-.. 'ery ood enerali=ed and backround in&ormation on all
as#ects o& security. :n&ortunately$ data on s#eci&ic <S so&tware such as %inu7 or
)nternet E7#lorer is s#otty and enerally out-o&-date$ endin with Windows 2000.
". Dacker. Upgrading and Troubleshooting Networks The Complete !e"erence.
9erkeley$ "!8 <sborne@McAraw-;ill$ 2000. )S9N 0-07-2122.0-0. <ld$ but *ery &ine &or
networkin co*erae$ includin o#erational details.
J. M. Williams Network Security Seminar 2011-01-07 Slide 7
Seminar Schedule
<ne day$ 03800 to 0.800$ lunch at 12800
%ecture. 9reak about e*ery hour.
#lease Turn o"" cellphones or beepers during lecture$
Communication inhibits learning%
J. M. Williams Network Security Seminar 2011-01-07 Slide 2
What is Security1
(o secure8 *. t. (o make sa&e or to hold tihtly.
Security is the sum o& all thins which secure the assets o& an indi*idual or an
orani=ation.
Security re,uires
• !sset identi&ication.
• /isk assessment.
• Security measures.
#. 4-&E "h. 2E #. 222-22-.
+ae numbers in blue re&er to the 5ulaney book
J. M. Williams Network Security Seminar 2011-01-07 Slide 3
!sset )denti&ication
+ersonnel
• Em#loyees
• "ontractors
• "ustomers
• 'isitors
• 6riends and ac,uaintances o& the abo*e.
+hysical
• 9uildins$ rounds$ and their contents >includin data storae?.
)n&ormational
• 5ata and data communications.
J. M. Williams Network Security Seminar 2011-01-07 Slide 10
/isk !ssessment
:se common sense and a knowlede o& human beha*ior.
)denti&y threats
• +ast
• <noin
• E7#ected.
/isks must be e*aluated continually and e&&ort a##lied accordinly.
J. M. Williams Network Security Seminar 2011-01-07 Slide 11
Security Measures
+ersonnel Measures8
• +ro*ide uidanceE #ost #rocedures and rules.
• Monitor actions.
+hysical Measures8
• +erimeter &encesE buildins.
• %ocks on doors$ sa&es$ &ile cabinets$ com#uters$ network cablin.
)n&ormational Measures8 F")!G
• C on&identiality controls8 Minimi=e e7#osure.
• I nterity controls8 Auarantee that data are not lost$ altered$ or corru#ted.
• A *ailability controls8 +ro*ide authori=ed access$ only.
Security ne*er can be com#leteE always some risk.
#. 24-2-.
J. M. Williams Network Security Seminar 2011-01-07 Slide 12
(hree !s#ects o& Security
+hysical
• 6acilities >buildins$ rounds$ o&&ices$ homes?.
• !nythin #resent in the &acilities$ includin #ersonnel.
<#erational
• !cti*ities #er&ormed by or with #ersonnel or #hysical assets.
+olicy Manaement
• +rocedures or rules &ormulated to manae the #hysical or o#erational as#ects.
#. --3.
J. M. Williams Network Security Seminar 2011-01-07 Slide 14
Who Needs Security1
)ndi*iduals
• Aenerally &ocus on #hysical and o#erational as#ects.
"om#anies
• Aenerally re,uire #hysical$ o#erational$ and #olicy manaement.
• Main outside interaction is business >#aid #roducts or ser*ices?.
Ao*ernment
• %ike com#anies$ re,uire #hysical$ o#erational$ and #olicy manaement.
• !dditional #olicy &rom leislati*e re,uirements.
• Main outside interaction is reulation and ser*ice >not in*ol*in business?.
#. 11-12$ 22.-223$ 420--2-$ -.---.7.
J. M. Williams Network Security Seminar 2011-01-07 Slide 1-
What are Security +olicies1
Auidance by manaement on all as#ects o& security.
• !lmost always written.
• SubHect to re*iew and chane.
• )& written$ enerally should include8
➢ Scope or title.
➢ Overview or summary8 AoalsE where a##licableE how to com#ly.
➢ Policy statements.
➢ Accountability8 Who is res#onsible &or en&orcementE conse,uences o&
noncom#liance.
➢ Exceptions8 "onditions allowin de*iationE who decides noncom#liance.
J. M. Williams Network Security Seminar 2011-01-07 Slide 1.
(y#ical +olicy %ist
• ;uman /esource8
➢ ;irin and terminatin.
➢ EthicsE acce#table use o& com#uters or data.
➢ +ri*acy >#ersonnel and com#any?E need-to-know.
➢ 9ackround in*estiation.
• 9usiness8
➢ Se#aration o& dutiesE o*ersihtE auditin.
➢ 5ue care.
➢ +hysical access control o*er &acilities and in&ormation.
➢ 5ocument dis#osal.
• "erti&icate8
➢ (rusted certi&icate authorities.
➢ "erti&icate manaement.
• )ncident-/es#onse8
➢ "ontact lists.
➢ /es#onse and reco*ery.
➢ E*idence rules.
#. 132-132$ -00--1-.
J. M. Williams Network Security Seminar 2011-01-07 Slide 10
Security (hreats
• +hysical
➢ (he&tE or harm to &acilities or #ersonnel.
➢ :nauthori=ed in&ormation access8
(o local machine &iles or de*ices.
(o network.
9y interacti*e access.
9y #rorammed access >wormE *irus?.
• <#erational
➢ Social enineerin.
➢ "arelessness or #olicy de*iation8
With &acilities or e,ui#ment.
With #assword or account.
With %!N or internet.
With remo*able medium such as :S9 de*ice$ "5$ or &lo##y.
#. .--04$ 21-30$ 244-240$ 204-223$ -3.--37.
J. M. Williams Network Security Seminar 2011-01-07 Slide 17
Nondiital +hysical Security (hreats
• Aeneric threats
➢ 5um#ster-di*in.
➢ E*esdro##in or snoo#in.
➢ )nterce#tion o& mail$ couriers.
➢ )nterce#tion o& su##lies$ #arts$ etc.
• Machine threats
➢ <#eratin en*ironment.
➢ Electrical #ower.
➢ Electromanetic inter&erence.
➢ 6ire or &lood.
J. M. Williams Network Security Seminar 2011-01-07 Slide 12
5iital +hysical Security (hreats
May be interacti*e or #rorammed.
• &achine !ccess
➢%ocal.
➢9y %!N or W!N.
➢9y internet.
• 'ile or (e)ice access on machine
Machine:
➢ "om#uter >most commonly?.
➢Network hardware such as 5NS ser*er or router.
J. M. Williams Network Security Seminar 2011-01-07 Slide 13
Machine +hysical (hreats
• %ocal !ccess (hreats8 Mitiate by hardenin system.
➢ 9reakin or burlary8 Mitiate by locked or uarded &acilitiesE #asswordE biometrics.
➢ 9ackdoor so&tware >interacti*e or #rorammed?8 Mitiate by anti*irus scan.
➢ +assword uessin >brute-&orce or dictionary?8 Mitiate by stron encry#tion.
• %!N or W!N !ccess (hreats8 Mitiate by &irewall or #artitionin.
➢ %ocal access threats >as abo*e?.
➢ S#oo&in >)+ or 5NS?8 Mitiate by ood authentication.
➢ +ri*ilee escalation >a &orm o& s#oo&in?.
➢ Man-in-middle8 Mitiate by ood authentication >e. g.$ W+!2?.
➢ /e#lay8 Mitiate by ood$ time-e7#irin authentication.
• )nternet !ccess (hreats8 Mitiate by &irewall or 5MD.
➢ %!N or W!N access threats >as abo*e?.
#. 202-270$ -11--2-.
J. M. Williams Network Security Seminar 2011-01-07 Slide 20
6ile or 5e*ice +hysical (hreats
• 5e#end stronly on <S and &ilin system
➢ Windows reistry multi#lies *ulnerabilities. 6!( &ilesystem #ro*ides low security8
admin vs. user &ile rwE no x controlE no &ile !"%.
➢ Windows N(6S &ilesystem includes !"%Is$ o#tionally enabled.
➢ No*ell NetWare or NSS includes !"%Is.
➢ :ni7 >System ' J 9S5 about same ood security?8 rwx &ile J #rocess owner
#ermissionsE chroot J other commands. No reistry *ulnerability.
➢ %inu7 can be most secure8 Same as :ni7$ #lus8
• SE%inu7 <S restrictions.
• E7t- &ilesystem includes !"%Is >i& kernel con&iured &or them?.
• !ccess or modi&ication o& #rinters$ scanners$ remo*able media.
• !ccess to modem$ router$ or switch may risk circum*entin &irewall.
#. 22--240.
J. M. Williams Network Security Seminar 2011-01-07 Slide 21
%ocal !ccess +hysical (hreat E7am#le8 BackTrack
• Siplest brea!in8
➢ Steal hard discE
➢ )nstall as 2nd hard disc in com#uter with com#atible &ilesystemE
➢ 9oot u# other com#uterE
➢ !ccess stolen disc at will.
• More sophisticated brea!in8
➢ BackTrack or similar tool.
➢ Must be able to boot com#uter.
➢ :sually re,uires <S insiht -- o&ten %inu7.
➢ !ccess disc at will8 %inu7 extn$ :ni7$ Windows FAT or NTFS.
• Countereasures8
➢ 9)<S boot #assword.
➢ 5isc encry#tion -- but$ makes backu# or disc reco*ery di&&icult.
➢ %ock-and-key and@or uard8 9est.
J. M. Williams Network Security Seminar 2011-01-07 Slide 22
BackTrack8 !ccess to Windows 6iles
J. M. Williams Network Security Seminar 2011-01-07 Slide 24
BackTrack8 +assword !ttack :tility Menu
J. M. Williams Network Security Seminar 2011-01-07 Slide 2-
BackTrack8 )nternet Menu :tilities
J. M. Williams Network Security Seminar 2011-01-07 Slide 2.
BackTrack8 5NS )n&o :tilities
J. M. Williams Network Security Seminar 2011-01-07 Slide 20
BackTrack8 Wireless Network :tilities
J. M. Williams Network Security Seminar 2011-01-07 Slide 27
+rorammed Machine +hysical (hreats
• "or8 Sel&-containedE re#roduces itsel&.
• #irus8 Not sel&-containedE FinhabitsG other so&tware.
• $o%ic &ob8 Worm or *irus triered on a s#eci&ic e*ent.
• Tro'an (orse8 %eitimate so&tware containin a #rorammed threat.
• (oax or Spa8 <&ten to introduce &raudulent a##lications.
N<(E8 (hese threats interact with$ and de#end u#on$ operational ones.
J. M. Williams Network Security Seminar 2011-01-07 Slide 22
'irus (y#es
!ll *iruses corru#t other so&tware to access or modi&y data or e7ecutable code.
• Armored8 )ncludes code &ormatted aainst detection or reconition.
• Stealth8 %ocates or mo*es itsel& to a*oid identi&ication.
• &ultipartite8 "oncurrently #er&orms di*erse harms.
• Companion8 "reates a com#anion e7ecutable to do its work.
• &acro8 /esides in a##lication macro e7ecutables.
• #hage8 Modi&ies #rorams or data irre*ersibly.
• #olymorphic8 !lters its &ormat as it runs.
• !etro)irus8 (arets anti*irus #rorams or data.
J. M. Williams Network Security Seminar 2011-01-07 Slide 23
Worm E7am#le8 MyDoom.M
*orm%&ydoom%&8
> ll
total 32
-rw-r--r-- 1 jmw instrr 27214 2010-08-07 18:46 johns!tii"#om"txt
"$i%
-rw-r--r-- 1 jmw instrr &16 2010-0&-2& 11:0' (et)rne*mail20100&23"txt
)n&ects only MS Windows systems.
Email messae includes an attached e7ecutable$
with the e7tension >in this case$ "$i%? concealed.
5ouble-click the attachment to e7ecute the
worm8
• "ollects local email addresses &or s#am and
#rocreation.
• "reates backdoor Fser!i#es"exeG which
runs as a ser*ice and uses ("+@)+ to
communicate.
• 9ackdoor can s#y on user or download destructi*e malware.
J. M. Williams Network Security Seminar 2011-01-07 Slide 40
;ow a Network Works8 5ata <rderin
E*erythin is based on F&ilesG or FstreamsG o& ordered data.
6ile >read Fto#G to FbottomG?8
9yte 0
9yte 1
9yte 2
. . .
9yte N-2
9yte N-1
9yte N
Stream >shi&t FrihtG to Fle&tG?8
9yte 0 9yte 1 9yte 2 . . . 9yte N-2 9yte N-1 9yte N
J. M. Williams Network Security Seminar 2011-01-07 Slide 41
;ow a Network Works8 ;ardware
Network consists o& connections and nodes.
• "onnections8
➢ "ired8 (ele#hone line$ twisted #air$ o#tic &iber$ coa7ial cable.
➢ "ireless8 "ell towersE Wi6i$ 9luetooth$ etc. transcei*ers.
• Nodes >each a M!" with )+ address or e,ui*alentE o#tional &irewall?8
➢ )eneral*purpose coputers8
 Aateways8 (rans#ort-layer routers. ;andle di&&erent address &ormats.
 +ro7y Ser*ers8 !##lication-s#eci&ic ateways >e. . &or WWW or Email?.
➢ Special*purpose coputers >o#tionally eneral-#ur#ose?8
 /outers8 "onnect di&&erent %!NsE all >and only? )+ addresses.
 Switches8 "onnect a %!N to one )+ address.
J. M. Williams Network Security Seminar 2011-01-07 Slide 42
;ow a Network Works8 5omain <rani=ation
Network is orani=ed into 42-bit )+ address domains connected by routers or switches.
)nternet 131.30.xxx.yyy
2.0
2
addresses in 131.30
72.141.2..0 K
%!N in 132.102.1.xxx
2.0 addresses in de&ault %!N
>2 bits KL 2
2
K 2.0?
72.141.2..0 K ateway
132.102.1.xxx >#ro7ied?
71.xxx.yyy.zzz 131.30.xxx.yyy
71.xxx.yyy.zzz
131.30.xxx.yyy
72.141.2..0
72.141....0
>rest o&
internet?
)nternet 71.xxx.yyy.zzz
2.0
4
addresses in 71
72.141....0 K
%!N in 132.102.1.xxx
2.0 addresses in de&ault %!N
>2 bits KL 2
2
K 2.0?
6irewalls
ateway K 72.141....0
132.102.1.xxx >#ro7ied?
>rest o& internet?
router
router
J. M. Williams Network Security Seminar 2011-01-07 Slide 44
;ow a Network Works8 5ata (ransmission >1 o& 4?
! 2122-byte &ile semented into #ackets >dataram &raments?E add addresses$
&ile lenth$ #acket lenth$ and orderin in&o to each #acket8
Note8 Aateways will include the #ro7ied %!N )+ addresses with their
source addresses. (he #acket &ormat abo*e is conce#tual$ only.
#. 140-147.
2.1 k9
6ile8
9yte 0
9yte 1
. . .
9yte 1022
9yte 1024
9yte 102-
9yte 102.
. . .
9yte 20-0
9yte 20-7
9yte 20-2
9yte 20-3
...
9yte 2120
9yte 2121
;eader 1 5ata
5estination
)+ address
Source )+
address
E"" J other
in&ormation
9yte 0 9yte 1 M 9yte 1022 9yte 1024
;eader 2 5ata
5estination
)+ address
Source )+
address
E"" J other
in&ormation
9yte 102- 9yte 102. M 9yte 20-0 9yte 20-7
;eader 4 5ata
5estination
)+ address
Source )+
address
E"" J other
in&ormation
9yte 20-2 9yte 20-3 M 9yte 2120 9yte 2121
J. M. Williams Network Security Seminar 2011-01-07 Slide 4-
;ow a Network Works8 5ata (ransmission >2 o& 4?
E7am#le8 132.102.1.41 >in %!N at 72.141.2..0? sends some data to 131.30.41.7..
!ll connections in heavy blue recei*e all data #ackets.
)nternet 131.30.xxx.yyy
2.0
2
NK+,! recipients
72.141.2..0 K %!N
NK-.+ recipients
72.141.2..0 K ateway
(o 131.30.41.7.
6rom /0-1/+21/13/
71.xxx.yyy.zzz
router
131.30.xxx.yyy
router
(o 131.30.41.7.
6rom 72.141.2..0
>&or 132.102.1.41?
)nternet 71.xxx.yyy.zzz
72.141....0 K %!N
ateway K 72.141....0
132.102.1.xx
131.30.41.7.
/ recipient
131.30.41.7. switch
(o 131.30.41.7.
6rom 72.141.2..0
>&or 132.102.1.41?
J. M. Williams Network Security Seminar 2011-01-07 Slide 4.
;ow a Network Works8 5ata (ransmission >4 o& 4?
132.102.1.41 in %!N at 72.141.2..0 sends some data8
• Sends 4 #ackets to 131.30.41.7.$ but #acket 2 is lost or corru#ted in transit8
(hen8
• 131.30.41.7. caches the two ood #ackets it recei*ed.
• 131.30.41.7. sends to 72.141.2..0 a re,uest &or a resend o& #acket 2.
• 72.141.2..0 uses its cached co#y o& the messae to resend #acket 2.
When all #ackets ha*e been recei*ed8
• 131.30.41.7. reassembles the messae in correct order.
• 131.30.41.7. con&irms rece#tion o& the messae to 72.141.2..0.
• 9oth machines em#ty the messae &rom communications caches.
• (he web ser*er so&tware at 131.30.41.7. #rocesses the messae.
J. M. Williams Network Security Seminar 2011-01-07 Slide 40
;ow a Network Works8 Network +rotocol Models
F%ayersG K le*els o& abstraction or enca#sulation. +ro*ide conte7t &or #rotocol de&initions.
+SI &odel has se*en layers K a##lication$ #resentation$ session$ trans#ort$ network$ data
link$ #hysical.
TC#,I# &odel has &our layers8
• Application >so&tware a##lication &ormats?
Messae &ormats and controls &or ;((+ browsers$ SM(+ mailers$ 6(+.
• Transport >two main #rotocols?
➢ ("+8 ;as builtin #acket control and host communication sessions.
➢ :5+8 6or small messaesE a##lication controls J checks session.
• Internet >se*eral #rotocols?
➢ )+ #ro*idin address &ormat.
➢ !/+ &or M!"-)+ address resolution.
➢ )"M+ &or con&iuration controls such as ping.
➢ )AM+ to control multicasts.
• $in! >4etwor! Access?
➢ Ethernet or token-rin M!"-addressed #ackets.
#. 0.-7-$ 17--172$ 227$ 24--240.
J. M. Williams Network Security Seminar 2011-01-07 Slide 47
;ow a Network Works8 ("+@)+ Enca#sulation
%ink >Network !ccess?
Ethernet$ !/+$ or other M!"-address #rotocol
)nternet
)+$ !/+$ )"M+$ )AM+ #rotocol
(rans#ort
("+ or :5+ #rotocol
!##lication
data &ile
or e7ecutable
J. M. Williams Network Security Seminar 2011-01-07 Slide 42
;ow a Network Works8 ("+@)+ %ink +rotocols
!ddresses are M!" >hardware-encoded Media !ccess "ontrol?.
• Ethernet8 ! broadcast #rotocol
➢ "an detect collisions and determine resends.
➢ "onnectionless and unreliable >connection J resends
controlled at other layers?.
• Slip and PPP8 1-to-1 #rotocols
➢ Sim#ler #ackets than ethernet8
 S%)+8 No addressesE no data &ormat restriction.
 +++8 +acket identi&ies data &ormat >#lain$ )+B$ )+"+$ +!+$ ";!+$ etc.?.
 +++ #ackets su##ort authentication by +!+ or ";!+E include "/".
• A5P8 ! broadcast #rotocol with addresses and control$ only
 Source M!" and other-#rotocol >e. g.$ )+? address.
 5estination M!" and other-#rotocol address >the M!" (95?.
destination M!" >0 bytes?
source M!" >0 bytes?
#acket lenth >2 bytes?
data J #addin8
e. g.$ )+ #acket containin
a ("+ #acket
>-0 - 1.00 bytes?
"/" checksum >- bytes?
#reamble J clock sync #attern
Ethernet #acket &ormat.
J. M. Williams Network Security Seminar 2011-01-07 Slide 43
;ow a Network Works8 ("+@)+ )nternet +rotocols >1 o& 2?
%ink-layer #ackets are used to enca#sulate internet-layer #ackets.
(wo main internet-layer #rotocols8
• ICMP8 )nternet "ontrol Messae +rotocol
➢ No data in #ackets.
➢ <nly &or error messaes or dianostics >e. g.$ ping a##lication?.
• IP8 )nternet +rotocol
➢ +ro*ides addresses and data.
➢ )tsel& is connectionless and unreliable.
➢ (urns trans#ort-layer #ackets into I# datagrams which #ersist to the destination.
➢ 6raments datarams as necessary.
➢ 5etermines routin #aths throuh network.
J. M. Williams Network Security Seminar 2011-01-07 Slide -0
;ow a Network Works8 ("+@)+ )nternet +rotocols >2 o& 2?
IP #ackets may be enca#sulated in ethernet #ackets8
Each time the ethernet #acket is routed by a router or switch8
• A5P may be used to u#date ethernet M!" addresses.
• )& PPP or S$IP instead o& )+$ +!+ or ";!+ may be used to maintain connection.
Note8 Newer i#*0 )+ #ackets include 10-byte )+ addresses.
destination M!" >0 bytes?
source M!" >0 bytes?
#acket lenth >2 bytes?
)+ #acket
> u# to 1.00 bytes?
"/" checksum >- bytes?
#reamble J clock sync #attern
(y#ical ethernet #acket.
(y#ical )+ #acket.
"/" J #rotocol id >:5+$ ("+$ etc.?
dataram &rament id$ etc.
lenth o& the dataram$ etc.
dataram source )+ address
dataram destination )+ address
dataram data
>o&ten &ramented?
- bytes
- bytes
- bytes
- bytes
- bytes
'ariable lenth
J. M. Williams Network Security Seminar 2011-01-07 Slide -1
;ow a Network Works8 ("+@)+ (rans#ort +rotocols >1 o& 2?
(rans#ort #rotocols
• 5e#end on )+ &or machine addresses.
• :se #ort numbers to de&ine a s#eci&ic #ort-to-#ort socket.
• /eassemble internet-layer &raments into com#lete dataram at destination.
(wo maHor trans#ort-layer #rotocols8
• TCP8 (rans#ort "ontrol +rotocol
➢ "onnection maintained automatically >&ull-du#le7 &low control?.
➢ !utomatic corru#t or lost #acket resendin.
• 67P8 :ser 5ataram +rotocol
➢ "onnectionless and unreliable.
➢ 5e#ends on a##lication &or connection and error-reco*ery.
J. M. Williams Network Security Seminar 2011-01-07 Slide -2
;ow a Network Works8 ("+@)+ (rans#ort +rotocols >2 o& 2?
(y#ical )+ #acket.
"/" J #rotocol id >:5+$ ("+$ etc.?
dataram &rament id$ etc.
lenth o& the dataram$ etc.
source )+ address
destination )+ address
dataram data
>o&ten &ramented?
(y#ical :5+ #acket.
:5+ data or &rament
>u# to 0-k bytes?
#acket total lenth
destination #ort number
source #ort number
#acket checksum
(y#ical ("+ #acket.
#acket data se,uence number
destination #ort number
source #ort number
misc. controls
("+ data or &rament
>&rom a##lication?
checksum$
total messae lenth$ timestam#
J. M. Williams Network Security Seminar 2011-01-07 Slide -4
;ow a Network Works8 ("+@)+ !##lication +rotocols
• (TTP >web ser*er? by de&ault uses ("+ #ort 20.
➢ e. g.$ a client may re,uest a web #ae &rom 131.90.31.75:80.
➢ :sually$ enterin Fhttp://G$ Fftp://G$ etc. tells the browser the de&ault #ort.
• 8TP ser*er by de&ault uses ("+ #orts 21 >control? and 20 >data?.
• T8TP ser*er >no authentication? uses :5+ on ("+ #ort 03.
• 48S ser*er uses /+"s >/emote +rocedure "alls?.
➢ /+" in turn uses :5+ on ("+ #ort .40.
➢ N6S directly may use ("+ #ort 102..
• SMTP >email? ser*er by de&ault recei*es on ("+ #ort 110 >i& +<+4 #rotocol?.
➢ May directly use by de&ault ("+ #ort 2. or .27.
!ll these a##lications use di&&erent #ort numbers when the ser*ice is encry#ted.
!ny ser*er may be con&iured to use a di&&erent ("+ #ort$ u# to 0.000 or hiher.
J. M. Williams Network Security Seminar 2011-01-07 Slide --
;ow a Network Works8 non("+@)+ +rotocols >1 o& 2?
Such #rotocols may8
• 9e connectionless$ unreliable$ #oint-to-#oint O or not.
• :se any #acket &ormat or network to#oloy.
• Soon be su##lanted by ("+@)+.
4ovell8
• 4et"are 9 IP:;SP: #rotocols are bein obsoleted. /outableE not easily secured.
• 47S$ re#laced by e7irectory$ corres#onds to N6S.
Apple8
• (raditional AppleTal! #rotocol is routable.
• /ecent Macintosh networkin uses ("+@)+.
• !##le a##lications tend to be insecure when networked.
J. M. Williams Network Security Seminar 2011-01-07 Slide -.
;ow a Network Works8 non("+@)+ +rotocols >2 o& 2?
Microsoft8
4et&IOS K Network 9asic )n#ut@<ut#ut System8
• 6lat names#ace &or machines$ only$ with )+-like addresses.
• "an be enca#sulated by Net9E:)$ )+B@S+B$ or ("+@)+.
• No network name K not routable.
"I4S K Windows )nternet Namin Ser*ice8
• (ranslates Net9)<S names to )+ addresses.
• like 5NS.
4et&E6I K Net9)<S E7tended :ser )nter&ace. !##lication8
• <nly uses Net9)<S names.
• "an multicast.
SM& K Ser*er Messae 9lock. !##lication &or &ile sharin8
• :sed with ("+@)+$ can share with %inu7 >%inu7 Saba a##lication?
J. M. Williams Network Security Seminar 2011-01-07 Slide -0
-unch
J. M. Williams Network Security Seminar 2011-01-07 Slide -7
<#erational Security (hreats
<#erational threats are closely intertwined with #hysical ones.
(hreat is because o& the way somethin is o#erated8
• :ser o#erates door or #hysical de*ice with #assword$ card$ or biometrics.
• :ser o#erates com#uter or other de*ice interacti*ely.
• :ser o#erates com#uter or other de*ice by runnin #roram >noninteracti*ely?.
(he user or the #roram causes the threat8
• (he #hysical thin o#erated re,uires physical security threat e*aluation.
• (he user or #roram re,uires operational security threat e*aluation.
• 9oth physical and operational risk assessment is re,uired.
#. -3.
J. M. Williams Network Security Seminar 2011-01-07 Slide -2
"auses o& <#erational (hreats
Aenerally are malice$ carelessness$ or o)ersight.
"auses o& :ser Carelessness8
• "om#le7 or badly #romulated security #olicy.
• +oor #olicy im#lementation.
• :ser inorance$ inability$ or low le*el o& alertness.
• Encouraement by malicious insider beha*ior.
"auses o& +)ersight8
• )nade,uate risk assessment by manaement.
• Su#er*isory misunderstandin o& em#loyee ca#abilities.
• Manaement sideste##in o& im#lemented security #olicy.
• )norance$ inability$ or low le*el o& alertness.
• Encouraement by malicious insider beha*ior.
J. M. Williams Network Security Seminar 2011-01-07 Slide -3
Social Enineerin (hreat
'ictim must be ullible >FsociableG? to some e7tent.
5e#ends on a #ersonal re,uest or other dece#tion.
)nteracti*e dece#tion8
• 5isuised in-#erson identity or &aked credentials.
• (ele#honed &alse identi&ication.
• (ailated &acility access.
• Shoulder-sur&ed #assword or other in&ormation.
Noninteracti*e dece#tion8
• +hishin email or )M with troHan attachment.
• Web site disuised as a trustworthy one.
• ;ardco#y letter or email >e. g.$ Nierian scam?.
9est de&ense is an educated$ alert user.
#. 31-34$ 270-272$ .00.
J. M. Williams Network Security Seminar 2011-01-07 Slide .0
!ccount "arelessness
Most common8 "om#uter monitor or #a#ers *isible &rom outside.
• <utsiders may watch #assword entry$ other in&ormation.
• May watch with telesco#e and@or *ideo camera.
• Windowed o&&ice is a liability without blinds.
<ther carelessness8
• Write #asswords or +)Ns on note>s? easily seen.
• /e*eal #asswords or other in&ormation in email.
• /e*eal loin idIs$ or #asswords or other encry#tion keys.
• 6oret to lo out >without automatic screen-lock?.
• /e*eal social security numbers.
• /e*eal bank account numbers.
Solution8 !lways be alert to conceal in&ormation &or sel& and coworkersE
and$ ne*er work with back to unblinded window.
#. -3. O -37.
J. M. Williams Network Security Seminar 2011-01-07 Slide .1
%!N "arelessness
(he o#erational threat here can be interacti*e or #rorammed8
)nteracti*e8
• (he account carelessness threat a##lies to %!N remote access$ too.
• "tp sends #asswords o*er the %!N in #lain te7t. :se vsftp with SS% encry#tion.
• rlogin and telnet also send #lain te7t #asswordsE use ssh.
• 6ile sharin by N'S or samba can be insecure8
➢ Ser*ers should allow only indi*idual accounts.
➢ Ser*ers should limit )+ addresses to 132.102.P$ only.
+rorammed8
• 9rowsers$ email$ )nstant Messain$ etc. #ermit careless %!N users to share malware.
• <nly alert$ educated users can reduce this threat.
#. -37-.00.
J. M. Williams Network Security Seminar 2011-01-07 Slide .2
)nternet "arelessness
!ll the threats because o& account or %!N carelessness a##ly.
*eb browser downloads and e7ecutable &ormats are an increased risk8
• 5ownloads &rom &ored or in&ected sites.
• E7ecutable malware can attack the userIs <S or &iles8
➢ &lash
➢ Ha*a
➢ Ha*ascri#t$ ,uicktime$ etc.
Secure web ser)ers and other security-conscious alternati*es are a*ailable.
.mail is an increased risk8
• Source and destination can not be ke#t #ri*ate e&&ecti*ely.
• +ri*ate and im#ortant messae contents should be encry#ted.
• /ecei*ed attachments increase riskE may be social-enineered or e7ecutable.
• (y#ical #rotocols >SM(+$ +<+4$ )M!+? are e,ually insecure.
#. 03$ 140-1-0$
J. M. Williams Network Security Seminar 2011-01-07 Slide .4
/emo*able-Medium "arelessness
"om#uter storae media8
• &lo##y discs >*ery hih riskE becomin rarer?.
• :S9 &lash-/!M keys >*ery hih risk?.
• &lash-based de*ices such as diital cameras >hih risk?.
• :S9 hard discs >hih risk?.
• "5 or 5'5 o#tical media >low risk i& commercial and read-only?.
<ther com#uter #eri#herals8
• keyboardsE miceE Hoysticks
• s#eakers$ monitors
• o*erhead #roHectors
• webcams and micro#hones >some risk o& e*esdro##in?
• modems >*ery hih risk$ wired or wireless?.
• :S9 ethernet #ort >*ery hih risk$ wired or wireless?
#. -30--37.
Q
*ery low risk.
J. M. Williams Network Security Seminar 2011-01-07 Slide .-
Summary o& +hysical and <#erational (hreats
(hreats are controlled by this #rocess8
1. asset identi&ication
2. risk assessment
4. #olicy de*elo#ment
-. manaement #olicy im#lementation.
+hysical (hreats8
• (he&t or harm to &acilities$ e,ui#ment$ data$ or #ersonnel #resent in &acilities.
• /isks easy to identi&y8 !ccess can be denied or detected.
• 9ut$ unauthori=ed access entails reater risk than &or o#erational threats.
<#erational (hreats8
• )n*ol*e user actionsE may be interacti*e or #rorammed.
• Malice$ carelessness$ and o*ersiht by #ersonnel are main risks.
• "ontrol de#ends on user alertness$ education$ and #olicy awareness.
J. M. Williams Network Security Seminar 2011-01-07 Slide ..
(hreats &rom /unnable !##lication (y#es
!ny e7ecutable >.exe$ .com$ etc.?$ or loadable library >.soE .dll? can be a
threat8
• 9ecause o& malicious or erroneous &ile substitution.
• 9ecause o& builtin <S command-line scri#tin >.shE .bat?.
E7ecutable threats can be reduced by use o& a /irtual &achine >'M?.
S#eci&ic a##lications can be a threat because o& scri#tin8
• Tcl$ perl$ python$ etc. scri#tin enines.
• S<$ database a##lications can in*oke <S-le*el scri#tin.
• =ava >F=ava SEG? can do anythinE =ava applets are limited by browser trust le*el.
• 5oc acroes >MS <&&iceE <#en<&&ice$ %otus$ etc.? can do anythin the a##lication can.
• E7ecutable animations >e. g.$ 8lash$ =ava applets$ Active:$ <T? may be a threat.
• =avaScript can read or modi&y the browserIs dis#laysE may be a threat.
• None7ecutable animations >)I8 aniation$ 7#7 ovies? are little or no threat.
J. M. Williams Network Security Seminar 2011-01-07 Slide .0
Aeneric !##lication (hreats
All threats are aeliorated by:
• Sim#le security #olicies with sim#le im#lementations.
• Minimi=ation o& user interaction re,uired to o#erate a##lications.
• Minimi=ation o& de#endence on networked obHects.
• Minimi=ation o& use o& e7ecutable obHects.
Coplexities which cause increased ris!:
• 5ata dis#lays with multi#le cross-link :/%s.
• !##lets and animations$ es#ecially i& interacti*e.
• +o#u# menus or dialos.
• 6orms re,uirin user in#ut.
)eneric Threats:
• 5eletion or corru#tion o& &iles or memoryE re#lacement o& e7ecutables.
• (he&t o& #ri*ate data or #asswords.
• 5enial o& ser*ice.
)eneric 4etwor! Security Threats:
• "ross-Site Scri#tin >BSS?.
• 5NS s#oo&in.
J. M. Williams Network Security Seminar 2011-01-07 Slide .7
S#eci&ic Network (hreats8 Cross-Site Scripting >XSS?
(arets 'M-based security such as that o& 'lash$ 0a)a$ and 0a)aScript.
!lso #ossible &or Acti)e12 3uickTime$ /BScript$ or #lain ;(M%.
+ermits the&t o& cookie or other data re*ealin #asswords or account in&o.
Malicious machine inHects scri#t >usually Ja*aScri#t? into data8
• (o reside on ser*er #ersistently.
• (o a##ear e#hemerally >in some dynamically-enerated out#uts?.
)nHection methods are mani&old8
• Worm or *irus.
• Malicious Email attachment or ;(M% body.
• Web-site link to malicious ;(M% or scri#t.
+rimary de&enses are user alertness and restrictions on scri#ts in a##lication.
J. M. Williams Network Security Seminar 2011-01-07 Slide .2
S#eci&ic Network (hreats8 DS Spoo!ing >1 o& 2?
Method A: Cache Poisonin%
Su##ose a leitimate ser*er named My&an!1co at 01.104.2..4.8
1. /oue machine set u# as 5NS ser*er in &ake domain 0..100.xxx.yyy8
• %ists the &ake name My&an!1co in its domain at 0..100.2..4..
2. "olludin machine re,uests a roue-domain name &rom leitimate 5NS ser*er8
• %eitimate 5NS ser*er contacts roue 5NS ser*er.
• %eitimate 5NS ser*er caches all the roueIs name-)+ looku# tables.
4. ! *ictim client re,uests )+ address o& My&an!1co &rom leitimate 5NS ser*er8
• %eitimate 5NS ser*er #ro*ides cached &ake )+ address.
• 'ictim connects with &ake My&an!1co instead o& real one.
J. M. Williams Network Security Seminar 2011-01-07 Slide .3
S#eci&ic Network (hreats8 DS Spoo!ing >2 o& 2?
Method &: Man*in*Middle
1. ! malicious machine in the %!N is set u# to sni&& all )+ #ackets.
2. 'ictim client attem#ts to contact a 5NS ser*er8
• Sni&&er machine detects 5NS re,uest.
• Sni&&er machine ,uickly #ro*ides &ored 5NS looku# to &ake )+ address.
• /eal 5NS ser*erIs later res#onse is inored by *ictim.
4. 'ictim connects with site at &ake )+ address.
J. M. Williams Network Security Seminar 2011-01-07 Slide 00
(hreats &rom S#eci&ic !##lications8 "lash >#ctionScript?
$ocal Execution:
/uns in a 'M and can read some local &iles >.swf$ imae$ or sound &iles?.
5eote Execution:
• "an initiate network connections to read 6(+$ ;((+$ or ;((+S :/%s.
• BSS #ossible$ but mitiated by8
➢ !llowed readin only in ser*er-desinated 6lash directories >as in "A)?.
➢ /estricti*e ser*er cross-domain #olicy.
➢ 9ytecode decom#ilation ob&uscation.
➢ 6ilterin o& all user-entered te7t to remo*e inHected scri#ts.
• "an run non6lash scri#ts >e. g.$ Ja*aScri#t? usin 6lash *ariable or :/% #arameter
>http://...?name"akea$e?.
5is!s:
• :n#atched$ can cause crashes or arbitrary e7ecution o& malicious !peg imaes.
• BSS &or annoyance >chane content$ &orm labels$ etc.?$ phishing2 or maybe account
in&o in cookies.
J. M. Williams Network Security Seminar 2011-01-07 Slide 01
(hreats &rom S#eci&ic !##lications8 %ava
$ocal Execution:
0a)a is a eneral #rorammin lanuae and can do anythin locally. 9ut8
• No #ointer arithmetic.
• No arbitrary ty#e-casts.
• No reuse o& deallocated memory.
• No stack o*er&low.
• "ec#rit$%anager determines access.
5eote Execution >%enerally of applets?:
• No nati*e methods allowed in bytecode.
• /uns in a 'M and de#ends on "ec#rit$%anager settins8
➢ May #re*ent deri*ed classes.
➢ May re,uire certi&icate >diital sinin? to download .class &ile.
➢ May limit library calls to read or delete &iles.
➢ May assin ownershi# attributes to threads.
➢ /estricts remote accessE may enable (%S >or SS%? encry#tion.
5is!s:
Applet risks same as 6lash$ e7ce#t weak "ec#rit$%anager settins may create arbitrary
risks.
J. M. Williams Network Security Seminar 2011-01-07 Slide 02
(hreats &rom S#eci&ic !##lications8 %avaScript
/uns on ;(M% document in a 'ME there&ore$ browser controls security.
<nly source code$ not com#iled bytecode$ is #assed to browser.
$ocal Execution:
➢ )n Windows8 "an run embedded Acti)e1 or /BScript. "an be run without 'M.
➢ Malware can be encry#ted or otherwise ob&uscated to circum*ent client &ilters.
➢ "an not create tiny or in*isible windowsE can not close windows it did not o#en.
➢ "an be run in an a## other than a browser O security de#ends on a##.
5eote Execution:
➢ Embedded in &script' block$ can communicate with arbitrary ser*er.
➢ "an create cookies$ but only &or its ser*er siteE can access browser history #aes.
➢ Scri#t runtime can emulate mouse #icks by user.
5is!s:
Annoyance$ phishing$ cookie access O all es#ecially by BSS.
J. M. Williams Network Security Seminar 2011-01-07 Slide 04
(hreats &rom S#eci&ic !##lications8 #crobat +56
!crobat !eader is &reeware O &ormats .pdf &iles &or *iewin or #rintin.
/eader (hreats8
• No threat &or older *ersions >*. 4 or earlier?.
• "urrent *ersions are threatE may e7ecute animations8
➢ Nati*e +56 animation.
➢ !rbitrary media >'lashE !eal#layer?.
➢ 0a)aScript.
6or secure document readin8
• 5isable 0a)aScript and all multimedia.
• 5isable web access by settin FbrowserG to an em#ty &ile with e7ecute #ermission.
• 5o not s#eci&y an email client.
• Enable #ae certi&icate checks and F!d*anced SecurityG.
J. M. Williams Network Security Seminar 2011-01-07 Slide 0-
(hreats &rom <ther Media !##lications
<#tical medium >5'5 or "5? mo)ies or audio add only autostart risk.
Acti)e1 has no builtin security e7ce#t diital sinature authentication.
dotN.T has about the same security &eatures as Ja*a$ but sim#ler desin.
!eal#layer can #lay 6lash or use !cti*eBE has chronic security bus and annoyances.
3uickTime is similar to /eal+layer$ but with &ewer annoyances.
/-C >/ideo-an? is sa&er than /eal+layerE risks de#end on medium #layed.
+ure ;(M% web #aes8
• GI' animations add no risk.
• U!- links$ "orms$ and image maps are user-interacti*e and so add some risk.
)nteractions amon a##lications create com#ounded risk8
• Ruick(ime or !cti*eB &ormats can e7ecute Ja*a.
• 6lash can e7ecute Ja*aScri#t.
J. M. Williams Network Security Seminar 2011-01-07 Slide 0.
So&tware +atches
#atches >a? &i7 bus and@or >b? close security holes.
+atches o&ten themsel*es include new de&ects.
Aeneral rules8
• +atch &or bus likely to be encountered.
• !lways #atch security de&ects.
Security-related de&ects can include8
• !##lication in#ut-bu&&er o*er&low
• Stack or hea# o*er&lows
• 6aulty security #rorammin such as8
➢ /un o& &orbidden e7ecutables or scri#t ty#es.
➢ !ccess to &orbidden &iles or de*ices.
➢ 9reach o& 'M.
#. 247-243.
J. M. Williams Network Security Seminar 2011-01-07 Slide 00
+atchin So&tware +riorities
! patch or Fhot"i4G usually is tem#oraryE may be buyS
+atches to be a##lied with minimal hesitation8
• (hose &i7in <S instability.
• (hose &i7in scri#tin shells >6lash$ Ja*a$ etc.?.
• (hose &i7in a##lications which include scri#tin &unctionality.
• (hose &i7in a##lications with #rorammed network access >Ja*a$ Ja*aScri#t$ etc.?.
• (hose &i7in network a##lications8
➢ Web or Email ser*er.
➢ 9rowser.
➢ Email client.
➢ Social networkin a##lication >Cou(ube$ 6acebook$ )M?.
• (hose &i7in de*elo#ment kits &or #rorammed networkin access.
J. M. Williams Network Security Seminar 2011-01-07 Slide 07
What is Security1
Security is the sum o& all thins which secure the assets o& an indi*idual or an
orani=ation.
Security re,uires
• !sset identi&ication.
• /isk assessment.
• Security measures8
➢ 9est #ractice8 Tee# them sim#le.
➢ 9est #ractice8 /e,uire minimal nai*e-user interaction.
➢ 9est #ractice8 /e,uire minimal network access #er task.
#. 44O-0.
J. M. Williams Network Security Seminar 2011-01-07 Slide 02
Security Measures
Security measures consist o&8
• +ersonnel measures8
➢+ro*ide uidanceE #ost #rocedures and rules.
➢Monitor actions.
• +hysical measures8
➢+erimeter &encesE security uards.
➢%ocks on doors$ sa&es$ &ile cabinets$ com#uters$ network cablin.
• )n&ormational measures >FCIAG?8
➢C on&identiality controls8 Minimi=e e7#osure.
➢I nterity controls8 Auarantee that data are not lost$ altered$ or corru#ted.
➢A *ailability controls8 +ro*ide authori=ed access$ only.
#. 22-2.$ 222-23-.
J. M. Williams Network Security Seminar 2011-01-07 Slide 03
(hree Aoals o& Security
! secure network re,uires #olicies$ #rocesses$ and #rocedures &or8
• +re*ention8
➢Establish user access controls.
➢!uthenticate users &or networked acti*ities.
➢!udit user acti*ities.
➢/e,uire user accountability &or actions.
• 5etection8
➢+er&orm reular anti*irus scans.
➢"on&iure network auditin and loin o& acti*ity.
➢Set u# nonannoyin &irewalls.
➢Establish #rocedures to alert users and )( #ersonnel o& threats.
• /es#onse8
➢+ro*ide redundancy o& ser*ices.
➢+er&orm &re,uent backu#s.
➢Establish #rocedures to noti&y users and )( #ersonnel o& breaches.
#. 12-22$ -70--22 >!##endi7 !?.
J. M. Williams Network Security Seminar 2011-01-07 Slide 70
.nd o" *orkshop
#lease "ill out the e)aluation "orm%

J. M. Williams

Network Security Seminar

2011-01-07

Slide 2

Table of Contents
Seminar Prerequisite Assumptions...................................................................................................................................................................................... 4 Seminar Topics...................................................................................................................................................................................................................... 5 References.............................................................................................................................................................................................................................. 6 Seminar Schedule.................................................................................................................................................................................................................. 7 What is Security?................................................................................................................................................................................................................... 8 Asset Identification............................................................................................................................................................................................................... 9 Risk Assessment.................................................................................................................................................................................................................. 10 Security Measures............................................................................................................................................................................................................... 11 Three Aspects of Security.................................................................................................................................................................................................... 12 Who Needs Security?........................................................................................................................................................................................................... 13 What are Security Policies?................................................................................................................................................................................................. 14 Typical Policy List............................................................................................................................................................................................................... 15 Security Threats.................................................................................................................................................................................................................. 16 Nondigital Physical Security Threats................................................................................................................................................................................. 17 Digital Physical Security Threats....................................................................................................................................................................................... 18 Machine Physical Threats................................................................................................................................................................................................... 19 File or Device Physical Threats.......................................................................................................................................................................................... 20 Local Access Physical Threat Example: BackTrack......................................................................................................................................................... 21 BackTrack: Access to Windows Files................................................................................................................................................................................. 22 BackTrack: Password Attack Utility Menu....................................................................................................................................................................... 23 BackTrack: Internet Menu Utilities.................................................................................................................................................................................. 24 BackTrack: DNS Info Utilities........................................................................................................................................................................................... 25 BackTrack: Wireless Network Utilities............................................................................................................................................................................. 26 Programmed Machine Physical Threats............................................................................................................................................................................ 27 Virus Types.......................................................................................................................................................................................................................... 28 Worm Example: MyDoom.M.............................................................................................................................................................................................. 29 How a Network Works: Data Ordering............................................................................................................................................................................. 30 How a Network Works: Hardware..................................................................................................................................................................................... 31 How a Network Works: Domain Organization.................................................................................................................................................................. 32 How a Network Works: Data Transmission (1 of 3).......................................................................................................................................................... 33 How a Network Works: Data Transmission (2 of 3).......................................................................................................................................................... 34 How a Network Works: Data Transmission (3 of 3).......................................................................................................................................................... 35 How a Network Works: Network Protocol Models............................................................................................................................................................ 36 How a Network Works: TCP/IP Encapsulation................................................................................................................................................................ 37 How a Network Works: TCP/IP Link Protocols................................................................................................................................................................ 38 How a Network Works: TCP/IP Internet Protocols (1 of 2).............................................................................................................................................. 39

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->