Cyber Defense Overview Active Defense – 1 / 11
Active Defense and Prevention
Coleman Kane
Introduction
Introduction
Firewalls
Firewall Example Proxy Servers Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
Active Defense and Prevention are the strategies employed to prevent, obstruct, or otherwise block
unwanted access to the system. This lecture will discuss some preventative systems, an overview of their operation, as well as measures which can be taken at the application configuration level for common services to enforce
Firewalls
Introduction
Firewalls
Firewall Example Proxy Servers Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
Cyber Defense Overview Active Defense – 3 / 11
Firewall Example
Introduction Firewalls
Firewall Example
Proxy Servers Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
Some examples using Linux’s iptables. iptables uses a firewall appraoch where a list of firewall rules are evaluated against every packet, and the first matching rule is used to determine the action to be taken. Linux supports a
"default" action, typically either a permissive "ACCEPT" or restrictive "DROP" action.
■ iptables -A INPUT -s 192.168.0.4 -j ACCEPT # Allow one client if default is DROP
■ iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT # Allow an entire network
■ iptables -A INPUT -p tcp –dport 6881 -j ACCEPT # Allow all hosts on a certain port
Proxy Servers
Introduction Firewalls
Firewall Example
Proxy Servers
Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
Cyber Defense Overview Active Defense – 5 / 11
A proxy server is an application-level gateway which can be used to control access, hide implementation details from view, and add visibility to application traffic. Some example proxy servers are:
■ Privoxy http://www.privoxy.org/
■ Squid http://www.squid-cache.org/
■ Apache mod_proxy
Proxy Server Uses
Introduction Firewalls
Firewall Example Proxy Servers
Proxy Server Uses
Network Applications File Sharing E-Mail Interactive CLI References
A few applications for proxy servers:
■ Place an HTTPS proxy server in front of an HTTP server, gaining visibility on the encrypted network traffic without sacrificing confidentiality or authentication
■ Route user traffic through a central device to enable filtering and policies
■ Conceal the underlying organization of a system using URL "rewrite" rules
Network Applications
Introduction Firewalls
Firewall Example Proxy Servers Proxy Server Uses
Network Applications File Sharing E-Mail Interactive CLI References
Cyber Defense Overview Active Defense – 7 / 11
File Sharing
Introduction Firewalls
Firewall Example Proxy Servers Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
A common legacy Internet file-sharing protocol is called FTP (File Transfer Protocol). Many FTP servers come pre-configured with authorization for unauthenticated
"anonymous" users to write arbitrary into a public folder. The SSH protocol (Secure SHell) now provides a similar encapsualted protocol called SFTP (Secure File Transfer Protocol), and there exist many Windows-compatible
Introduction Firewalls
Firewall Example Proxy Servers Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
Cyber Defense Overview Active Defense – 9 / 11
The original SMTP, POP3, and IMAP protocols were originally designed as plain-text protocols with simple
authentication methods. Since their publication, a number of new features have been added:
■ STARTTLS supporting secure-sockets with modern
encryption
■ Challenge-based authentication
Interactive CLI
Introduction Firewalls
Firewall Example Proxy Servers Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
References
Introduction Firewalls
Firewall Example Proxy Servers Proxy Server Uses Network Applications File Sharing E-Mail Interactive CLI References
Cyber Defense Overview Active Defense – 11 / 11
[1] Christoph Galuschka. Howtos network iptables.
