• No results found

Network Security Management

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Network Security Management"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

Network Security Management

TWNIC

2003

Objective

„ Have an overview concept on network

security management.

„ Learn how to use NIDS and firewall

(2)

Outline

„ Network Security Management

„ NIDS „ Firewall

„ Case Study: Firewall on Linux

What is Information Security?

„ In its most simple form, it is protecting

data from unauthorized access.

„ Three basic levels of security:

„ The application level. „ The host level.

„ The network level.

„ Each level must be properly secured.

(3)

Why Network Security?

„ The Internet, just like a traditional

society, exists some unfriendly people which try to break into your network system for certain reason.

„ Money

„ Access to additional resources „ Competitive advantages

„ Curiosity and Mischief

Network Security Objectives

(4)

Network Security Utilities?

„ There are two common network

security utilities

„ Network Intrusion Detection System

(NIDS)

„ Which is able to identify intrusion attempts.

„ Firewall

„ Which is able to do network access control.

(5)

NIDS

„ NIDS stands for “Network Intrusion

Detection System”

„ Intrusion – Someone tries to break into your

network system.

„ NIDS is a intelligent system which is

able to monitor packets on the network wire, identify network

intrusion attempts, then send alert to administrators, and make response.

Attack Identification

„ Stateless Pattern Matching „ Stateful Pattern Matching

„ Protocol Decode-based Analysis „ Heuristic-based Analysis

(6)

Stateless Pattern Matching

„ Pattern matching is based on looking

for a fixed sequence of bytes in a single packet.

„ Pros

„ Simplest method to detect intrusions

„ Cons

„ Any modification to the attack can lead to

missed events (false negatives)

„ limited to inspection of a single packet

Stateful Pattern Matching

„ Maintain state information on the TCP

stream being monitored.

„ Matches is made in context within the state

of the stream.

„ Pros

„ Matching patterns across packet boundaries.

„ Cons

„ May lead to high false positive rates if the pattern is not

(7)

Protocol Decode-based Analysis

„ Decoding the various elements in the same manner

as the client or server in the conversation would.

„ When the elements of the protocol are identified,

the IDS applies rules defined by the RFCs to look for violations.

„ Pros

„ Minimizes the chance for false positives if the protocol is well

defined and enforced. „ Cons

„ Can lead to high false positive rates if the RFC is ambiguous.

However, these gray area protocol violations are very common.

Heuristic-based Analysis

„ Use some type of algorithmic logic on which

to base their alarm decisions.

„ These algorithms are often statistical evaluations of the type of traffic being presented.

„ Pros

„ Some types of suspicious/malicious activity cannot be

detected through any other means.

„ Cons

„ Algorithms may require tuning or modification in order

(8)

Anomaly-base Analysis

„ Geared to looking for network traffic that

deviates from what is seen “normally.”

„ A subcategory of this type of detection is the profile-based detection methods.

„ Base their alerts on changes in the way that users or

systems are interacting on the network.

„ Pros

„ Can detect unknown attacks if implemented properly.

„ Cons

„ Highly dependent on the environment in which the

systems learn what normal is.

NIDS Reaction

„ Common actions

„ Log suspicious attempts „ Log suspicious packets

„ sent alert (email or short message) to

administrator

„ Make response

„ Reset connection

(9)

NIDS Limitation

„ NIDS may not be able to identify

intrusion attempts based on newly hacking or cracking technologies.

„ NIDS monitors network traffic in a

real-time manner; however, its reaction to intrusion attempts may not take effect in time.

An IDS

„ SNORT

„ The Open Source Network Intrusion Detection

System

(10)

Firewall

Firewall

„ An inter-network gateway that

restricts data communication traffic to and from one of the connected

(11)

Firewall (cont.)

„ A firewall typically protects a smaller,

secure network (such as a corporate LAN, or even just one host) from a larger network (such as the Internet).

„ The firewall is installed at the point

where the networks connect, and the firewall applies security policy rules to control traffic that flows in and out of the protected network.

Firewall Zones

„ Un-trust (Internet, external) „ DMZ

„ De-Militarized Zone: a portion of a network

that separate a purely internal network from an external network.

(12)

Trust

DMZ

Un-trust

Firewall Zones (cont.)

(13)
(14)
(15)

Firewall Limitation

„ Cannot protect against attacks inside

networks.

„ Cannot protect against attacks coming

from trusted networks.

„ Cannot protect against traffic with

viral contents. (Anti-Virus Programs required)

A Firewall

„ netfilter

„ firewalling, NAT and packet mangling for

Linux 2.4

(16)

Case Study

Firewall on Linux

iptables

„ Linux 2.4 kernels „ Stateful „ IPV6 support

„ Backwards compatibility modules for

ipfwadm and ipchains

(17)

iptables Syntax Example

#domain/udp (O)

/sbin/iptables –A OUTPUT –o lo –p udp –s localhost/32 - -sport 1024:65535 –d localhost/32 - -dport domain –j ACCEPT

Initial

„ Check firewall rules

„ iptables –L

„ INPUT, OUTPUT, FORWARD chains

„ IP Forwarding

(18)

Rules

„ Add rules

„ iptables -A INPUT -p icmp -j DROP

(19)

Configuration Examples (cont.)

#198.168.0.0 Æ telnet service

iptables -A OUTPUT -p tcp --destination-port telnet -d 198.168.0.0 -j ACCEPT #Not from 192.168.0.0 Æ telnet service iptables -A OUTPUT -p tcp

--destination-port telnet -d ! 198.168.0.0 -j REJECT

iptables Log Format

(20)

Reference

„ Cisco System, Inc., “The Science of

References

Download now ( PDF - 20 Page - 118.08 KB )

Related documents

Walls and Gates, Windows and Mirrors: Urban Defences, Cultural Memory, and Security Theatre in Song Kaifeng

In two Song envoys’ accounts of their journeys through Kaifeng on their way to the Jin Central Capital of Yanjing 燕京 (modern-day Beijing), we find a description of the

ALL PARTIES INTENDING TO BID MUST READ THIS BULLETIN. **NEW PROCEDURES ARE INCLUDED.**

AS DISCUSSED IN THE GENERAL INFORMATION SECTION, THE DEPOSIT IS 10% OF THE APPRAISED VALUE OF THE PROPERTY, NOT TO EXCEED $3,000.00, AND IS DUE IMMEDIATELY AT THE SALE, ALONG WITH

Coordination and hybrid governance – theoretical and empirical challenges

Public organizations are increasingly hybrid and complex, trying to attend to numerous and partly conflicting structures and cultural elements at the same time. The different

Multi-person Decision Model for Unfinished Construction Project

The proposed model for multi person decision on unfinished construction project can help decision makers to evaluate and rank the solution alternatives to each

“Cellât ve Ağlayan Yüz” Adlı Hikâyenin Göstergebilimsel Açıdan Çözümlemesi

Hikâyede Cellât Kara Ömer’in öldürmeden hemen önce, kurbanının yüzünde gördüğü ilginç ifade, eski yaşamının değişip yenileşmesine yol açar ancak bu yeni durum

Neural Mechanisms Involved in Social Conformity and Psychopathic Traits: Prediction Errors, Reward Processing and Saliency

Third, we found that the amygdala was differently involved for conflict trials that were followed by conformity or non-conformity depending on the group: females scoring low

OCT 2003 Wide-Ranging Reforms Texas in Texas Tort Law Class Actions. Section 10.11, H.B. 4

Monetary damages in any civil action brought against a hospital or hospital system are limited to $500,000 if the patient or person responsible for the patient signs a written