• No results found

Outline (Network Security Challenge)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Outline (Network Security Challenge)"

Copied!
51
0
0

Loading.... (view fulltext now)

Download now ( 51 Page )

Full text

(1)
(2)

Outline

(Network Security Challenge)

2

Security Device Selection

Internet Sharing Solution

(3)
(4)
(5)

Firewall

firewall: An introduction to firewalls

(6)

Firewall

Firewall Type

▪ First generation

▪ Packet Filtering

▪ Layer 3 Firewall

▪ Source / Destination IP address

▪ Source / Destination port

▪ Protocol

▪ Access Control Lists (ACL)

(7)

Firewall

Firewall Type: Packet Filtering

Disadvantage

▪ Packet-filtering firewalls do not have visibility into the payload.

(8)

Firewall

Firewall Type

▪ Second generation

▪ Circuit level Gateway

▪ Session layer Model OSI , TCP Specific

(9)

Firewall

Firewall Type: Circuit level Gateway

Disadvantage

(10)

Firewall

Firewall Type

▪ Application level Gateway (ALG)

▪ Web Application Firewall (WAF)

▪ Third generation

▪ Layer 7, Application Request (Good or Bad)

(11)

Firewall

Firewall Type

▪ Stateful Multilayer Inspection (SMLI):

▪ Stateful packet inspection (SPI)

(12)

Firewall

Firewall Type

▪ Stateless firewalls:

▪ Packet filters

▪ Vulnerable to spoofing attacks

▪ Stateful firewalls:

▪ keeps track of the state of network connections

(13)

Firewall Traffic Path

INSPECT

Version | Service |Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port Checksum Source 212.56.32.49 Destination 65.26.42.17 Source Port 823747 Dest Port 80 Sequence 28474 Sequence 2821 Syn state SYN IP Option none Stateful Packet Inspection Stateful is limited inspection that can only block on ports No Data Inspection!

(14)

Deep Packet Inspection

Firewall Traffic Path

INSPECT

Version | Service |Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port Checksum Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT INSPECT Stateful Packet Inspection Deep Packet Inspection

Deep Packet Inspection inspects all traffic moving through a

(15)

Firewall Traffic Path

Stateful Packet Inspection

Version | Service |Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum

DATA

Version | Service |Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port Checksum

Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum

Source IP Address Destination IP Address Version | Service | Total Length

ID | Flags | Fragment TTL | Protocol | IP Checksum

Source IP Address Destination IP Address Version | Service | Total Length

ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Comparing… Application Attack, Worm or Trojan Found! Deep Packet Inspection

Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans.

(16)

16

(17)

UTM

Integrated security solutions:

▪ UTM (Unified Threat Management)

▪ USM (Unified Security Management )

▪ Multiple security functions:

▪ network firewalling, network intrusion prevention, antivirus (AV)

(18)

UTM

Key advantages

▪ Reduced complexity

▪ Simplicity

▪ Easy Management: Plug & Play Architecture, Web-based GUI for easy management

Key Disadvantages

▪ Single point of failure for network traffic, unless HA is used

▪ Single point of compromise if the UTM has vulnerabilities

(19)

UTM vs NGFW

NGFW (

N

ext-

G

eneration

F

ire

w

all)

UTM vs NGFW:

▪ UTMs typically have a lower throughput rating and are marketed to small and medium-sized businesses.

The term NGFW was coined by vendors working with Gartner to create a class of products capable of fitting into an enterprise network that

(20)

Security Device Selection Factor Designed

Notice:

Requirement

▪ Bandwidth / Increase / Client # / Server # / Type Of Services /

(21)

Gartner Magic Quadrant - Firewall

Leaders

Challengers

Visionary

(22)

Gartner Magic Quadrant - UTM

Leaders

Challengers

Visionary

(23)
(24)

Internet Sharing

Network

Isolation

(Internet & Intranet)

▪ Classified information and Organization

▪ False Sense of security

▪ Laches of Providing Security

▪ Lack of Attention Internal Threat

▪ Deficiency Function of External Threat

(25)

Internet Sharing

Internet Sharing Solution: Security

▪ VPN

▪ Proxy

▪ Hotspot

▪ NAT

▪ Virtualization (VDI, V-App)

▪ Cloud (Public , Private)

▪ Thin Client (Zero Client)

▪ Hardware Isolation (HDD)

(26)

Internet Sharing

Internet Sharing Solution: Manageability and Monitoring

• Authentication

ØWho ?

• Authorization

ØWhat can the user do?

• Accounting

(27)
(28)

Proxy

▪ proxy is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.

▪ Monitoring ,filtering and Security(Firewall), Caching, Bypassing filters

▪ Types of proxy

Open proxies: anonymity, Daisy chaining

Forward proxies: Internet Sharing

(29)

Forward proxies

▪ Internet Sharing

▪ Monitoring

▪ Security

(30)

Reverse Proxies

▪ Load balancing, authentication

(31)

Implementations of proxies

▪ Web proxy : HTTP, HTTPs ,ftp

▪ Transparent proxy

▪ SOCKS proxy:

▪ a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

▪ CGI proxy:

▪ (Common Gateway Interface) proxy appears to a user as a web page that allows the user to access a different site through it, in most cases anonymously.

▪ DNS proxy

(32)
(33)

NAT

NAT (

N

etwork

A

ddress

T

ranslation)

▪ IPv4 of Limitation

(34)

NAT

▪ NAT (Network Address Translation)

▪ Type Of NAT

▪ Static NAT: one-to-one NAT

▪ Dynamic NAT: Pool IP Address, Port Address Translation (PAT)

▪ Classification Of NAT:

▪ Destination network address translation (DNAT):publish a service, port forwarding, DMZ

▪ Source network address translation (SNAT): connection tracking and filtering ,Internet Sharing

(35)

NAT

▪ DNAT

▪ Destination network address translation (DNAT):publish a service, port

(36)

NAT

▪ SNAT

▪ Source network address translation (SNAT): connection tracking and filtering ,Internet Sharing

(37)

NAT Advantage and Disadvantage

Advantages of NAT:

provide an additional layer of security by making the original source and destination addresses hidden.

provides increased flexibility when connecting to the public Internet.

Disadvantages of NAT:

a processor and memory resource consuming technology, for all incoming and outgoing

may cause delay in IPv4 communication

cause loss of end-device to end-device IP traceability

(38)

38

(39)

39

(40)

DMZ

MZ (

M

ilitarized

Z

one)

▪ Private network Zone Include Servers and DB.

DMZ (

D

e-

M

ilitarized

Z

one)

▪ is a physical or logical sub-network that separates an internal local area network (LAN) from other untrusted networks.

(41)
(42)

42

(43)

VPN

▪ Virtual Private Network (VPN)

▪ extends a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks.

▪ VPN Type:

▪ Remote Access (Teleworking)

(44)

VPN

VPN systems may be classified by:

▪ The protocols used to tunnel the traffic

▪ Whether they offer site-to-site or network-to-network connectivity

▪ The levels of security provided (Encrypted or Unencrypted)

(45)

VPN

Tunneling Protocols:

▪ PPTP (Point-to-Point Tunneling Protocol)

▪ PPP (Point-to-Point Protocol)

▪ PPPOE (Point-to-Point Protocol over Ethernet)

▪ PPPOA (Point-to-Point Protocol over ATM)

▪ L2TP (Layer 2 Tunneling Protocol)

▪ L2F (Layer 2 Forwarding)

▪ IPSec (Internet Protocol Security)

▪ SSTP (Secure Socket Tunneling Protocol)

▪ GRE (Generic Routing Encapsulation)

(46)

IPSec

▪ IP or Internet Protocol in Layer 3 OSI Model

▪ Is a protocol suite for secure Internet Protocol

▪ The IPsec suite is an open standard

▪ IPSec Protocol Type

(47)

IPSec

▪ IP Security Protocol :

▪ Authentication Header (AH) (Header)

▪ Encapsulating Security Payloads (ESP) (Header + Payload)

▪ Modes of operation

▪ Transport mode

(48)

IPSec

▪ NAT + IPSec

(49)

Conclusion

(50)

Security is Puzzle …

(51)

Questions ?

References

Download now ( PDF - 51 Page - 3.47 MB )

Related documents

Autologous non-myeloablative hematopoietic stem cell transplantation for

In contrast to earlier studies in patients with progressive MS, we found that after a mean follow-up of 3 years, PFS is 100% and furthermore, 81% of our patients had reversal

TechFinancials, Inc. Registered in the British Virgin Islands under Registration Number

Lock-in deeds dated 9 March 2015 have been entered into by the Directors, the Locked-in Shareholders, the Selling Shareholder, Eyal Alon and Eyal Rosenblum with each of

Data Sheet 28 Port Gigabit Ethernet Switch with 4x 10G Uplink

Drop or rate limitation based on source and destination MAC, VLAN ID or IP address, protocol, port, differentiated services code point (DSCP) / IP precedence, TCP/ UDP source

SonicWALL Unified Threat Management. Alvin Mann April 2009

Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination

Towards Streaming Media Traffic Monitoring and Analysis. Hun-Jeong Kang, Hong-Taek Ju, Myung-Sup Kim and James W. Hong. DP&NM Lab.

total packet size packet count service application protocol Number destination port source port destination IP address source IP address data session information packet header

OBJECTIVES This paper examines how NetFlow is implemented on logical interfaces. Logical interfaces can be divided into two groups:

From a NetFlow point of view, a flow is a unique combination of the source and destination IP addresses, source and destination TCP/UDP port numbers, IP protocol type, IP Type

CISCO NETWORK FOUNDATION PROTECTION

Network Foundation Protection, 1/05 Interface Source IP address IP header TCP/UDP header Source port Data packet Destination port. NetFlow and

LANCOM GS-2326P. Manageble 26-port Gigabit Ethernet switch with Power over Ethernet for reliable networks

Drop or rate limitation of connections based on source and destination MAC addresses, VLAN ID, IP address, protocol, port, DSCP/IP precedence, TCP/UDP source and destination ports,