network security - Rackcdn.comhttps://00d65a359d3798ba35fc-f52a5579e6cd81433457816c4620b9ec.ssl.cf1.rackcdn...
3 downloads
151 Views
3MB Size
NETWORK SECURITY “We have the illusion of security, we don’t have security.” – Isaac Yeffet
Objectives • • • •
Dirty Words CIA AAA IoT
• Malware • MiM • Network Security Devices
“Weak security is NO security” - Someone
Dirty Words
Confidentiality = The contents of the message stay secret until you want it to be read Integrity = The message isn’t changed in transit Availability = Making sure that crucial services are running when needed Non-repudiation = The identity of the owner of the message/document stays with the message.
CIA
Encryption and Security Goals Converts data from plaintext to ciphertext
Encryption supports: • Confidentiality • Integrity • Availability (not so much) Visa 1254-9865-4581-8553
• Non-repudiation (digital signature)
B..P...U.,rB..`-....AH.Z.&E....c.&...a?.N..8
Encryption Using SSL 1
Request secure connection
2
Send certificate and public key
3
Negotiate encryption
4
Generates and encrypts a session key
5
Uses session key for data encryption
SSL and TLS
SSTP •
They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key.
•
This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.
•
TLS/SSL is initialized at layer 5 (session layer) and works at layer 6 (the presentation layer).
Message Digest – hashing (Integrity)
E a s y
H a r d
Digital Signature Sender’s side
Plaintext
Plaintext Signed
Now is the time for all good men…
1 Hash AC4KJ9
Receiver’s side
Now is the time for all good men…
BR549X Signature
Plaintext Signed Send 3
Now is the time for all good men…
BR549X
Sender’s Private Key encrypts hash Creates Alice signature Sender
Hash 5 AC4KJ9 Compare
Attach
2
Bob Receiver
4 Sender’s Public Key Decrypts Signature
AC4KJ9
6
Authentication
Authorization
Security Factors - AAA
Accounting (Auditing)
Authentication 1.Something you know a) Password b) Pin c) Answer to a security question 2.Something you have a) Hardware Token b) Fob c) Smart card 3.Something you are (Biometrics) a) Finger print b) Retina scan
Validates an individual’s credentials to access resources
Strong Pass Phrases Minimum length
Special characters
&TheOCAisGr8 Uppercase letters
Lowercase letters
Numbers
Biometrics • • • •
Fingerprint scanner Retinal scanner Hand geometry scanner Voice-recognition software
• Facial-recognition software
Fingerprint Scanner
Multi-Factor Authentication Requires validation of two authentication factors
Password
IoT The internet of everything
Reconnaissance • Shoulder Surfing • Dumpster Diving • War Driving The first step of any attack
Virus / Worms
Man in the middle
Buffer Overflow
DDoS Network-Based Attacks
Attacks
DOS
Evil Twin
Network Security Devices
Receive requests and pass credentials to RADIUS server
Remote access server
Network resources
Established connection mechanism
Remote computer
DMZ
RADIUS Server
Remote Networking Remote access server
Receive requests and pass credentials to TACACS+ server
Network resources
Established connection mechanism
Remote computer
DMZ
TACACS+
LDAP
TACACS+
TACACS and TACACS+ provide centralized authentication and authorization services for remote users.
TACACS: Includes process-wide encryption for authentication.
Utilizes TCP rather than UDP and supports multiple protocols.
TACACS+: Supports multifactor authentication. Is more secure and more scalable than RADIUS. Is not compatible with TACACS because it uses an advanced version of the algorithm used by TACACS.
Firewalls
Administrator Approved Traffic
Firewall
Unapproved Traffic
Firewall Types
There are four common types of firewalls:
Packet filter:
Stateful inspection firewall:
Works at the Session layer. Monitors the condition or state of the connection.
Proxy firewall:
Works at the Network layer. Each packet being passed along the network is compared to a set of default criteria.
Works at the Application layer. Logs user activity and logons.
Stateful multilayer inspection firewall:
Works at the Network, Session, and Application layers Combines the functions of a packet filter, a stateful inspection firewall, and a proxy firewall.
DMZs Web server
DMZ
Passive and Active IDSs
Passive IDS: Detects Logs Alerts
Active IDS: Detects Logs Alerts Blocks
IPSs
IPS
Vulnerability Scanning Nessus nmap
Network Scanners
Network Scanners
Network Scanners
Network Scanners
Network Scanners
Honeypot / Honeynet
NETWORK SECURITY “We have the illusion of security, we don’t have security.” – Isaac Yeffet