Beginning Network Security

Beginning Network Security

Beginning Network Security Monitor and control flow into and out of the LAN Ingress Egress Only let in the good guys Only let out the corp. business How do they get in? Vulnerable services Unexpected format and/or quantity Inside information Accounts, passwords & configuration Lack of access control Weak/no passwords Virus payloads Unsafe computing practices Where do they get in? Network Services Intentional Unintentional User Conveniences

File Sharing File servers Spy-ware Conveniences BAD e-mail Practices Phishing scams Loop Backs Peer-to-Peer What do they get out? Intellectual Property myfip Spam remailers Tunes & toons server DoS platform Network services Intentional

ftp telnet DNS Mail servers http ssh https Web servers Network Services Unintentional Trojans Spyware Web services e-Wallets e-Cash

Peer-to-Peer networks Bots Bot servers Virus payload Traffic Flow Source Destination Category Internal Internal External Internal External Internal Internal Outbound

Inbound Secure Shell Protocol ssh Client Client connects to server's ssh port (22) Server New co nnectio hed Establis n tio connec n Server acknowledges client Secure Shell Protocol ssh Conn.

State Src Dest Addr. Protocol Addr. Src Dst Port SYN Port ACK Notes New client server

TCP >1023 22 Yes No client TCP 22 >1023 Yes Yes Client opens ssh connection Server

Est server acknowledges Est client server TCP >1023 22 No Yes Est server client

TCP 22 >1023 No Yes client Connection established Connection established File Transfer Protocol ftp Server Client Port 20 Port 21 data cmnd's User port User port Client connects to

server's ftp command port (21) Client acknowledges server New conn ection command port ommand Confirm c n port connectio n New connectio data port Confirm conne ction data port Server acknowledges client Server connects to client's ftp data port

File Transfer Protocol ftp Conn. State Src Dest Addr. Protocol Addr. Src Dst Port SYN Port ACK Notes New

client server TCP >1023 21 Yes No Est server client TCP 21 >1023

Yes Yes Rel server client TCP 20 >1023 Yes No Est client server TCP

>1023 20 Yes Yes Est server client TCP 20 >1023 No Yes Est

client server TCP >1023 21 No Yes Client opens ftp connection Server acknowledges client Server opens ftp data connection to client Client acknowledges connection to server Established TCP data connection - server to client Established TCP command connection - client to server

Http Conn. State Src Dest Addr. Protocol Addr. Src Dst Port SYN Port ACK Notes New client

server TCP >1023 80 Yes No client TCP 80 >1023 Yes Yes Client opens http connection

Server Est server acknowledges Est client server TCP >1023 80 No Yes Est server

client TCP 80 >1023 No Yes client Connection established Connection established What to do? Control! Who gets in What comes in Who goes out What goes out What services are offered Privileges

Blockers and Observers Blockers Filters Firewalls ACLs Observers IDS Packet Filters Look at the packet Varying depths of information in headers Accept or reject Depending on rules and filter type Three types Static Statefull Proxy Static Packet Filters Inspect only the IP address and packet header Each packet is accepted or rejected base only on the info in that packet Fast

Simple Stateful Packet Filters Tracks the state of each connection Maintains a state table of every connection Remembers permitted traffic Accepts or rejects based on the packet's place in a state table TCP Connection-oriented Protocol TCP Connection states are well defined Start-up Connected Shutting down TCP States RFC 793 CLOSED Non-state

SYN-RCVD Host receivec SYN Sent SYN-ACK FIN-WAIT-1 After the initial FIN is sent asking for a graceful shutdown SYN-SENT Host sent a SYN Waiting for a SYN-ACK ESTABLISHED After SYN , SYN-ACK, ACK have been sent LISTEN Server waiting for a connection

CLOSE-WAIT Host's state after FIN received and ACK has been sent TCP States RFC 793 FIN-WAIT-2 Host has received ACK in response to it's FIN and waits for the final FIN LAST-ACK State of host who has sent the second FIN to gracefully close

waits for acknowledgement TIME-WAIT State of initiating host having sent final ACK to a received ACK. Wait for a specific time, no response is expected CLOSING The state employed when a non-standard simultaneous close is used TCP States 3 way handshake CLOSED Client Server LISTEN SYN-SENT SYN

SYN-RCVD CK SYN A ESTABLISHED ACK ESTABLISHED TCP States Graceful Shutdown Client FIN_WAIT_1 Server ESTABLISHED FIN CLOSE_WAIT ACK FIN_WAIT_2 FIN

TIME_WAIT LAST_ACK ACK CLOSED TCP States Simultaneous Shutdown Client FIN_WAIT_1 CLOSING TIME_WAIT Server FIN AC K FIN K

AC FIN_WAIT_1 CLOSING TIME_WAIT UDP States Is connectionless Has no connection concept Has no sequence numbers IP addresses and ports are all we have Pseudo-states are based on IP and ports Shutdown is based on time out ICMP is UDP's error handler UDP/ICMP relation is important for pseudo-state tracking

Firewall Purpose Control Inbound and outbound traffic Control in accordance with a set of rules Reduce risk of LAN compromise Ensure you are a good network citizen Configuration Multi-ported host Set of rules and actions Set of states Firewalls Computer System Actions Rules States

Firewalls System Computer System Fast Memory At least 2 network interfaces Internal External Sometimes only 1 interface A desktop that does no routing Firewalls Actions Firewalls inspect all inbound and outbound network traffic Three actions possible Accept permit flow Reject send icmp error message Drop stealth mode Logs action Firewalls

Rules Ingress rules actions for inbound packets Egress rules actions for outbound packets Example: Src Addr. Action Dest Addr. any 172.16.13.3 Protocol TCP >1023 Src Port 22 Dst Port Yes

No SYN FIN Accept Firewalls States New Packets establishing a connection (tcp) Established Connection established and packet is related Related Packet is related to an established connection but different protocol or port Invalid Not one of the above Firewalls Internet Services Application protocols will determine the firewall rules Crucial to know how a connection is established

Crucial to know how a connection is maintained Firewalls Info for Rules Connection state Source IP Destination IP Protocol Source port Destination port SYN flag ACK flag

Recently Viewed Presentations

  • Diapositiva 1

    Diapositiva 1

    Lenguaje en especies no humanas. Irene Pepperberg y Alex el perico. Capacidad para expresar sus deseos mediante el lenguaje, identificar hasta 50 objetos diferentes, siete colores y cinco formas
  • DSS Chapter 1

    DSS Chapter 1

    Hive Pig Hbase Flume Oozie Ambari Avro Mahout, Sqoop, Hcatalog, …. Big Data Technologies MapReduce MapReduce distributes the processing of very large multi-structured data files across a large cluster of ordinary machines/processors Goal - achieving high performance with "simple" computers...
  • Investment Companies - Wake Forest University

    Investment Companies - Wake Forest University

    Mutual fund adviser does it all sets up fund (organized as corporation or business trust) chooses investment style puts in initial board of directors Directors (or trustees) are ostensible watchdogs approves advisory contract approves fees supervises conflicts of interest Computation...
  • ECE 465 Teaching Philosophy

    ECE 465 Teaching Philosophy

    ECE 465 Teaching Philosophy Shantanu Dutt ECE Dept. UIC Teaching Philosophy Four Pillars: In-depth understanding of basic/fundamental principles: Besides understanding of fundamental issues, this also allows you to derive more complex results w/o blind memorization (you can only memorize so...
  • Equilibrium and Efficiency in Competitive Markets or The ...

    Equilibrium and Efficiency in Competitive Markets or The ...

    Review of Results from Double Auctions 20 different markets 10 buyers and 10 sellers in each market the 5 buyers and 5 sellers on page 178-179 plus their clones Prediction: P = $13 and Q = 26 results were very...
  • CSNB 143 Discrete Mathematical Structures

    CSNB 143 Discrete Mathematical Structures

    Both recursive and explicit formula can have both finite and infinite sequence. Ex 5: Consider all the sequences below, and identify which sequence is recursive/explicit and finite/infinite. C1 = 5, Cn = 2Cn-1, 2 n 6 D1 = 3, Dn...
  • Dějiny elektrické vozby v českých zemích

    Dějiny elektrické vozby v českých zemích

    Michal DRÁBEK Robert JUŘINA Poválečná elektrická vozba Tomáš ZÁRUBA Vlastislav WEINER Elektrická vozba po 2. světové válce za standardní se v ČSR před válkou považovala stejnosměrná trakční soustava o napětí 1500 V pražské spojky mezi stanicemi Praha Masarykovo n., Praha...
  • Health and Wellness Assessment Roger  Age: 55  Occupation:

    Health and Wellness Assessment Roger Age: 55 Occupation:

    Health and Wellness Assessment Roger Age: 55 Occupation: long-distance truck driver Lifestyle: smokes 1 pack of cigarettes a day, eats mainly fast food and processed snacks.