You are on page 1of 20

Network Security

MITM 205 Advance Computer Networks

Ralph Vincent H. Badon


1

Network Security

consists of the provisions made in an


underlying computer network
infrastructure, policies adopted by the
network administrator to protect the
network and the network-accessible
resources from unauthorized access and
the effectiveness (or lack) of these
measures combined together.
has become a major concern to
companies throughout the world

Security Issues

How do you protect confidential


information from those who do not
explicitly need to access it?
How do you protect your network and its
resources from malicious users and
accidents that originate outside your
network?

Protecting Confidential Information

Its concern is to prevent the theft,


destruction, corruption, and introduction
of information that can cause irreparable
damage to sensitive
and confidential
data.

Protecting Confidential Information

Confidential information can reside in two


states on a network.
on physical storage media - a hard drive
or memory
in transit across the physical network
wire
These two information states present
multiple opportunities for attacks from
users on your internal network, as well as
those users on the Internet (if network is
connected to the Internet)
5

Common Methods of Attack

Network packet sniffers


IP spoofing
Password attacks
Distribution of sensitive internal
information to external sources
Man-in-the-middle attacks

Network Packet Sniffers

Several network applications distribute


network packets in clear textthat is, the
information sent across the network is not
encrypted
a packet sniffer can provide its user with
meaningful and often sensitive information,
such as user account names and passwords
a packet sniffer can provide an attacker
with information that is queried from the
database, as well as the user account
names and passwords used to access the
database
7

IP Spoofing

refers to the creation of IP packets with a


forged (spoofed) source IP address with
the purpose of concealing the identity of
the sender or impersonating another
computing system.
By forging the header so it contains a
different address, an attacker can make it
appear that the packet was sent by a
different machine.

Denial of Service Attack

goal is to flood the victim with overwhelming


amounts of traffic, and the attacker does not
care about receiving responses to his attack
packets
HOW?
o the targeted host receives a TCP SYN and
returns a SYN-ACK.
o It then remains in a wait state, anticipating the
completion of the TCP handshake that never
happens.
o Each wait state uses system resources until
eventually, the host cannot respond to other
legitimate requests.
9

Password Attack

usually refer to repeated attempts to


identify a user account and/or password brute-force attacks
a brute-force attack is performed using
a dictionary program that runs across
the network and attempts to log in to a
shared resource, such as a server
can be implemented using several
different methods
brute-force attacks, Trojan horse
programs, IP spoofing, and packet
sniffers
10

Distribution of Sensitive Information

Controlling the distribution of sensitive


information is at the core of a network
security policy
majority of computer break-ins that
organizations suffer are at the hands of
disgruntled present or former employees
At the core of these security breaches is
the distribution of sensitive information to
competitors or others that will use it to
your disadvantage
11

Man-in-the-Middle Attacks

the attacker have access to network


packets that come across the networks
An example of such a configuration
could be someone who is working for
your Internet service provider (ISP)
often implemented using network packet
sniffers and routing and transport
protocols
possible uses of such attacks are theft of
information, denial of service, corruption
of transmitted data, etc.
12

Attributes of a Secure Network

User authentication username/password


firewall - enforcing access policies such
as what services are allowed to be
accessed by network users
Intrusion Prevention System (IPS)
helps detect and prevent such malware
monitors for suspicious network traffic
for contents, volume and anomalies to
protect the network from attacks such
as denial of service
13

Attributes of a Secure Network

Encryption Mechanism - Communication


between two hosts using the network
could be encrypted to maintain privacy
Audit Trail - Individual events occurring on
the network could be tracked for audit
purposes
Surveillance and early-warning tools
decoy network-accessible resources
could be used to further tighten security
of the actual network being protected
14

Proxy

acts as a go-between for requests from


clients seeking resources from other servers
evaluates the request according to its
filtering rules
For example, it may filter traffic by IP
address or protocol
A proxy server has two purposes:
To keep machines behind it anonymous
(mainly for security).
To speed up access to a resource (via
caching). It is commonly used to cache
web pages from a web server.
15

Firewall

a part of a computer system or network that


is designed to block unauthorized access
while permitting outward communication
a device or set of devices configured to
permit, deny, encrypt, decrypt, or proxy all
computer traffic between different security
domains based upon a set of rules and other
criteria
frequently used to prevent unauthorized
Internet users from accessing private
networks connected to the Internet,
especially intranets
16

Types of Firewalls

Packet filter
Looks at each packet entering or
leaving the network and accepts or
rejects it based on user-defined rules.
Application gateway
Applies security mechanisms to specific
applications, such as FTP and Telnet
servers.

17

Types of Firewall

Circuit-level gateway
Applies security mechanisms when a
TCP or UDP connection is established.
Once the connection has been made,
packets can flow between the hosts
without further checking.
Proxy server
Intercepts all messages entering and
leaving the network.

18

Virtual Private Network (VPN)

a computer network in which some of the


links between nodes are carried by open
connections or virtual circuits in some
larger networks, such as the Internet

19

Any questions?

End of Lecture.
MITM 205 Advance Computer Networks
20