network infrastructure security
play

Network Infrastructure Security APRICOT 2005 Workshop February - PowerPoint PPT Presentation

Feb 22, 2023 •319 likes •748 views

Network Infrastructure Security APRICOT 2005 Workshop February 18-20, 2005 Merike Kaeo merike@doubleshotsecurity.com Agenda (Day 1) Threat Models What Are We Protecting Against? Securing The Device Physical and Logical

  1. Network Infrastructure Security APRICOT 2005 Workshop February 18-20, 2005 Merike Kaeo merike@doubleshotsecurity.com

  2. Agenda (Day 1)  Threat Models  What Are We Protecting Against?  Securing The Device  Physical and Logical Connections • User Authentication / Authorization • Access Control  Logging Information Integrity  System Image / Configuration Integrity  LAB  Securing The Infrastructure Device  SSH on LINUX and to the Router www.doubleshotsecurity.com APRICOT 2005

  3. Agenda (Day 2)  Securing Data Traffic  Packet Filters  Encryption (IPsec vs SSL)  Securing Routing Protocols  Route Authentication (MD5)  Filtering Policies  Flap Damping  Prefix Limits  LAB www.doubleshotsecurity.com APRICOT 2005

  4. Agenda (Day 3)  Auditing Tools  Sniffers and Traffic Analyzers  Vulnerability Assessment (Nessus, NMAP)  Logging Information  What To Log  Storing Logs  Mitigating DoS Attacks  Blackhole /Sinkhole Routing  Rate Limiting  LAB www.doubleshotsecurity.com APRICOT 2005

  5. What Are Security Goals?  Controlling Data / Network Access  Preventing Intrusions  Responding to Incidences  Ensuring Network Availability  Protecting information in Transit www.doubleshotsecurity.com APRICOT 2005

  6. First Step…..Security Policy  What are you trying to protect?  What data is confidential?  What resources are precious?  What are you trying to protect against?  Unauthorized access to confidential data?  Malicious attacks on network resources?  How can you protect your site? www.doubleshotsecurity.com APRICOT 2005

  7. Typical Network Components NOC Hosts Internet Corporate Network Remote Access Authentication / Syslog Servers Customer Customer www.doubleshotsecurity.com APRICOT 2005

  8. Security Services We Need To Consider  User Authentication  User Authorization  Data Origin Authentication  Access Control  Data Integrity  Data Confidentiality  Auditing / Logging  DoS Mitigation www.doubleshotsecurity.com APRICOT 2005

  9. Varying Degrees of Robustness for Security Elements Will I Go Bankrupt ? • Spend More Money • Spend More Time Is It An Embarrassment ? NEED TO DO A RISK ANALYSIS ! www.doubleshotsecurity.com APRICOT 2005

  10. Risk Mitigation vs Cost of Security Risk mitigation: the process of selecting appropriate controls to reduce risk to an acceptable level. The level of acceptable risk is determined by comparing the risk of security hole exposure to the cost of implementing and enforcing the security policy. Assess the cost of certain losses and do not spend more to protect something than it is actually worth. www.doubleshotsecurity.com APRICOT 2005

  11. The Security Practices Should Include…..  Physical security controls  Media  Equipment location  Environmental safeguards  Logical security controls  Subnet boundaries  Routing boundaries  Logical access control (preventative / detective)  System and data integrity  Firewalls  Network services  Data confidentiality www.doubleshotsecurity.com APRICOT 2005

  12. The Security Practices Should Include….  Mechanisms to verify and monitor security controls  Accounting  Management  Intrusion detection  Policies and procedures for staff that is responsible for the corporate network  Secure backups  Equipment certification  Use of Portable Tools  Audit Trails  Incident Handling  Appropriate security awareness training for users of the corporate network www.doubleshotsecurity.com APRICOT 2005

  13. Definitions (rfc 2828) Threat: A threat is a potential for a security violation, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. Threat Action (attack): an assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system Threat Consequence: The threat consequences are the security violations which results from a threat action, i.e. an attack. www.doubleshotsecurity.com APRICOT 2005

  14. Network Attack Sources  Passive vs Active  Eavesdropping  Scanning by injecting traffic  On-Path vs Off-Path  Insider vs Outsider  Trusted/authorized individual causing security compromise ?  Deliberate vs Unintentional  Unintentional causes same problems as deliberate attack www.doubleshotsecurity.com APRICOT 2005

  15. Example Active Reconnaissance Attempt DNS query to figure out 1 DNS Servers which web-servers available Ping sweep to see which 2 servers alive and accessible Intruder Web Servers 3 Port scan to see which services are available Target Host for exploitation www.doubleshotsecurity.com APRICOT 2005

  16. Off-Path, Outsider Attack: War Dialing Large Interesting Corporation 1 Intruder finds list of corporate phone numbers in phone book War dialing application 2 Initiated using phone number block 732-XXXX Insecure corporate 5 modem bank allows 4 Intruder attempts to unauthorized access connect to devices that answered via deceptive route Intruder U N I V E R S I T Y U N I V E R S I T Y 3 Answered numbers are accessible via database www.doubleshotsecurity.com APRICOT 2005

  17. Threat Consequences  (Unauthorized) Disclosure  A circumstance or event whereby an entity gains access to data for which the entity is not authorized.  Deception  A circumstance or event that may result in an authorized entity receiving false data and believing it to be true.  Disruption  A circumstance or event that interrupts or prevents the correct operation of system services and functions.  Usurpation  A circumstance or event that results in control of system services or functions by an unauthorized entity. www.doubleshotsecurity.com APRICOT 2005

  18. Disruption Often Caused by DoS and DDoS Attacks  TCP SYN  TCP ACK  UDP, ICMP, TCP floods  Fragmented Packets  IGMP flood  Spoofed and un-spoofed www.doubleshotsecurity.com APRICOT 2005

  19. TCP Packet Format 0 4 8 16 31 Source Source TCP Port Number TCP Port Number Destination TCP Port Number Destination TCP Port Number Sequence Number Acknowledgment Number U A P R S S F Offset Reserved Window Size R C S S Y Y I G K H T N N N TCP Checksum Urgent Pointer Options (if any) Padding DATA................ www.doubleshotsecurity.com APRICOT 2005

  20. Basics of a DDoS Attack DDoS client DDoS DDoS DDoS handler handler handler DDoS agents Victim DDoS Traffic www.doubleshotsecurity.com APRICOT 2005

  21. Automated DDoS Attack Vulnerable hosts 1 2 Initiate scan are compromised Attack tool installed on 3 each compromised host 4 Attacker Further scanning 4 4 for compromises 5 5 5 Massive DDoS attack launched Victim Network www.doubleshotsecurity.com APRICOT 2005

  22. DDoS Is A Huge Problem  Distributed and/or coordinated attacks  Increasing rate and sophistication  Infrastructure protection  Coordinated attack against infrastructure  Attacks against multiple infrastructure components  Overwhelming amounts of data  Huge effort required to analyze  Lots of uninteresting events www.doubleshotsecurity.com APRICOT 2005

  23. What If Router Becomes Attack Target? It allows an attacker to:  Disable the router & network…  Compromise other routers…  Bypass firewalls, IDS systems, etc…  Monitor and record all outgoing an incoming traffic…  Redirect whatever traffic they desire… www.doubleshotsecurity.com APRICOT 2005

  24. Router CPU Vulnerabilities CPU Overload  Attacks on applications on the Internet have affected router CPU performance leading to some BGP instability  100,000+ hosts infected with most hosts attacking routers with forged-source packets  Small packet processing is taxing on many routers…even high-end  Filtering useful but has CPU hit www.doubleshotsecurity.com APRICOT 2005

  25. Securing The Device  Miscreants have a far easier time gaining access to devices than you think.  Ensure that the basic security capabilities have been configured. www.doubleshotsecurity.com APRICOT 2005

  26. Fundamental Device Protection Security Practices Secure logical access to routers with passwords and  timeouts Never leave passwords in clear-text  Authenticate individual users  Restrict logical access to specified trusted hosts  Allow remote vty access only through ssh  Disable device access methods that are not used  Protect SNMP if used  Shut down unused interfaces  Shut down unneeded services  Ensure accurate timestamps for all logging  Create appropriate banners  Test device integrity on a regular basis  www.doubleshotsecurity.com APRICOT 2005

  27. Secure Access to Routers with Passwords and Timeouts line console 0 User Access Verification login Password: <letmein> password letmein exec-timeout 0 0 router> The native passwords can be viewed by anyone The native passwords can be viewed by anyone NOT SECURE ! logging in with the enabled password logging in with the enabled password www.doubleshotsecurity.com APRICOT 2005

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Compiler Infrastructure Systems and Internet Infrastructure Security

603 views • 23 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Network Security: Public Key Infrastructure Guevara Noubir Northeastern University

Network Security: Public Key Infrastructure Guevara Noubir Northeastern University

Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu CSG254: Network Security Slides adapted from Radia Perlmans slides Key Distribution - Secret Keys What if there are millions of users

706 views • 41 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Namespaces Systems and Internet Infrastructure Security (SIIS)

1.13k views • 49 slides
Network Security: Public Key Infrastructure Guevara Noubir Northeastern University

Network Security: Public Key Infrastructure Guevara Noubir Northeastern University

Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlmans slides Key Distribution - Secret Keys What if there are millions of users and

624 views • 14 slides
Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott Wakelin 4/27/2004 1 Road Map Road Map Project Goals and Overview Project Status Network Infrastructure ISP Topology ISP

554 views • 30 slides
Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS

Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS

Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS Department Capital Improvements to be funded Project #1 Project #2 5-Year Network Infrastructure plan 5-Year Enterprise Security Solution Total

399 views • 13 slides
CNT 5410 - Computer and Network Security: Web Security Professor Kevin Butler Fall 2015

CNT 5410 - Computer and Network Security: Web Security Professor Kevin Butler Fall 2015

CNT 5410 - Computer and Network Security: Web Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Network vs. Web Security Southeastern Security for Enterprise and Infrastructure

710 views • 58 slides
Constraint Solving Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline

Constraint Solving Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Constraint Solving Systems and Internet Infrastructure Security (SIIS)

455 views • 18 slides
Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS)

1.06k views • 60 slides
Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure

Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure

Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure PROMOTING CHOICE SECURING STANDARDS PREVENTING HARM Ofcom and cyber security Area of growing importance across all sectors, with

216 views • 7 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

555 views • 35 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Attacks Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and

Attacks Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attacks Trent Jaeger Systems and Internet Infrastructure Security

534 views • 18 slides
Dense Word Embeddings CMSC 470 Marine Carpuat Slides credit: Jurasky &amp; Martin How to

Dense Word Embeddings CMSC 470 Marine Carpuat Slides credit: Jurasky &amp; Martin How to

Dense Word Embeddings CMSC 470 Marine Carpuat Slides credit: Jurasky &amp; Martin How to generate vector embeddings? One approach: feedforward neural language models Training a neural language model just to get word embeddings is expensive!

537 views • 35 slides
C Style Strings Lecture 11 COP 3014 Fall 2019 October 29, 2019 Recap Recall that a C-style

C Style Strings Lecture 11 COP 3014 Fall 2019 October 29, 2019 Recap Recall that a C-style

C Style Strings Lecture 11 COP 3014 Fall 2019 October 29, 2019 Recap Recall that a C-style string is a character array that ends with the null character Character literals in single quotes a, \ n, $ string

597 views • 17 slides
I LOVE MAKING SENSE OF MESSES. Thinking about INFORMATION as a material is hard Information can

I LOVE MAKING SENSE OF MESSES. Thinking about INFORMATION as a material is hard Information can

I LOVE MAKING SENSE OF MESSES. Thinking about INFORMATION as a material is hard Information can be made from the lack of physical material Information Content Content Context Information architecture is how we arrange the parts to be

647 views • 40 slides
NE Food Processors Community of Practice VT Food Venture Center Coastal Farms Food Processing

NE Food Processors Community of Practice VT Food Venture Center Coastal Farms Food Processing

Northern Girl NE Food Processors Community of Practice VT Food Venture Center Coastal Farms Food Processing Mad River Food Hub Portland Public School Central Kitchen Western Mass. Food Processing Center Crop Circle Kitchen Farm 2 Plate

377 views • 21 slides
APAN30 Program Committee Meeting Date : 12 August 2010 Venue : Melia Hotel,

APAN30 Program Committee Meeting Date : 12 August 2010 Venue : Melia Hotel,

APAN30 Program Committee Meeting Date : 12 August 2010 Venue : Melia Hotel, Hanoi Time : 1100 1230 hrs Chair : Jacqueline Brown, Co-Chair: Francis Lee Agenda Items Action 1 APRICOT-APAN 2011 Meeting 1.1 APAN Meeting

295 views • 4 slides
An Object-Oriented Modeling Language for Hybrid Systems . Huixing Fang Huibiao Zhu Jianqi Shi

An Object-Oriented Modeling Language for Hybrid Systems . Huixing Fang Huibiao Zhu Jianqi Shi

. An Object-Oriented Modeling Language for Hybrid Systems . Huixing Fang Huibiao Zhu Jianqi Shi East China Normal University fang.huixing@gmail.com . . . . . . . . . . . . . . . . . . . . .. . .. . .. . .. . ..

672 views • 28 slides
Flow-tools Tutorial Mark Fullmer maf@splintered.net Agenda Network flows Cisco /

Flow-tools Tutorial Mark Fullmer maf@splintered.net Agenda Network flows Cisco /

Flow-tools Tutorial Mark Fullmer maf@splintered.net Agenda Network flows Cisco / Juniper implementation NetFlow Cisco / Juniper Configuration flow-tools programs overview and examples from Abilene and Ohio- Gigapop

934 views • 74 slides
CockroachDBs Survivability Model Scalable, Survivable, Consistent, SQL presented by Marc

CockroachDBs Survivability Model Scalable, Survivable, Consistent, SQL presented by Marc

CockroachDBs Survivability Model Scalable, Survivable, Consistent, SQL presented by Marc Berhault / Engineer @cockroachdb CockroachDB: Make Data Easy Scalable Survivable Strongly Consistent SQL And... Open Source

828 views • 33 slides

More recommend