Enviar pesquisa
Carregar
topicCybersecurity_4
•
0 gostou
•
46 visualizações
Anne Starr
Seguir
t
Leia menos
Leia mais
Educação
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 36
Recomendados
Topic22
Topic22
Anne Starr
Securityic2
Securityic2
Anne Starr
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
Protolcols in communication system
Protolcols in communication system
Archana Dwivedi
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
sandy_vasan
Computer Networks
Computer Networks
Shylesh BC
Performance Analysis of VoIP by Communicating Two Systems
Performance Analysis of VoIP by Communicating Two Systems
IOSR Journals
Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m
Agus Awaludin
Mais conteúdo relacionado
Mais procurados
I ptable
I ptable
Sandeep Gupta
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
eroglu
security problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suite
Yash Kotak
UCL
UCL
Janak Chandarana
Remote access service
Remote access service
Apoorw Pandey
Test
Test
sinha.mrinal
Hacking Cisco
Hacking Cisco
guestd05b31
Remote access connection
Remote access connection
Ah Fawad Saiq
Scalable Service Oriented Architecture for Audio/Video ...
Scalable Service Oriented Architecture for Audio/Video ...
Videoguy
Remote Procedure Call
Remote Procedure Call
VIKASH MAINANWAL
Insights on the configuration and performances of SOME/IP Service Discovery
Insights on the configuration and performances of SOME/IP Service Discovery
Nicolas Navet
Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolution
Daniel Vinyar
It nv51 instructor_ppt_ch10
It nv51 instructor_ppt_ch10
newbie2019
IP tables and Filtering
IP tables and Filtering
Aisha Talat
Module 1 slides
Module 1 slides
AnaniaKapala
Chapter13
Chapter13
KathirKathiresan4
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
Chris Harrington
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed System
PoojaBele1
98 366 mva slides lesson 5
98 366 mva slides lesson 5
suddenven
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
joebeone
Mais procurados
(20)
I ptable
I ptable
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
security problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suite
UCL
UCL
Remote access service
Remote access service
Test
Test
Hacking Cisco
Hacking Cisco
Remote access connection
Remote access connection
Scalable Service Oriented Architecture for Audio/Video ...
Scalable Service Oriented Architecture for Audio/Video ...
Remote Procedure Call
Remote Procedure Call
Insights on the configuration and performances of SOME/IP Service Discovery
Insights on the configuration and performances of SOME/IP Service Discovery
Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolution
It nv51 instructor_ppt_ch10
It nv51 instructor_ppt_ch10
IP tables and Filtering
IP tables and Filtering
Module 1 slides
Module 1 slides
Chapter13
Chapter13
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed System
98 366 mva slides lesson 5
98 366 mva slides lesson 5
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
Semelhante a topicCybersecurity_4
gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2
Anne Starr
gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2
Anne Starr
Application Protocol
Application Protocol
Chandnigupta80
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 10
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 10
Waqas Ahmed Nawaz
Ports and protocols
Ports and protocols
Kailash Kumar
Basic to advance protocols
Basic to advance protocols
Varinder Singh Walia
Nachos Theoretical assigment 3
Nachos Theoretical assigment 3
colli03
Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
Deepraj Bhujel
Web technologies: recap on TCP-IP
Web technologies: recap on TCP-IP
Piero Fraternali
Network protocol
Network protocol
Online
Protocols in computer network
Protocols in computer network
priya sehgal
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
Cengage Learning
It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9
newbie2019
Tcpip services and applications
Tcpip services and applications
Online
Computer networks
Computer networks
sonukumar142
Tcpip Intro
Tcpip Intro
Adil Jafri
Overview of TCP IP
Overview of TCP IP
university of education,Lahore
Web Engineering Lecture2
Web Engineering Lecture2
Muhammad Tahir Mehmood
Overview of tcp ip
Overview of tcp ip
Computing Cage
CCNA RS_ITN - Chapter 10
CCNA RS_ITN - Chapter 10
Irsandi Hasan
Semelhante a topicCybersecurity_4
(20)
gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2
Application Protocol
Application Protocol
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 10
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 10
Ports and protocols
Ports and protocols
Basic to advance protocols
Basic to advance protocols
Nachos Theoretical assigment 3
Nachos Theoretical assigment 3
Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
Web technologies: recap on TCP-IP
Web technologies: recap on TCP-IP
Network protocol
Network protocol
Protocols in computer network
Protocols in computer network
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
It nv51 instructor_ppt_ch9
It nv51 instructor_ppt_ch9
Tcpip services and applications
Tcpip services and applications
Computer networks
Computer networks
Tcpip Intro
Tcpip Intro
Overview of TCP IP
Overview of TCP IP
Web Engineering Lecture2
Web Engineering Lecture2
Overview of tcp ip
Overview of tcp ip
CCNA RS_ITN - Chapter 10
CCNA RS_ITN - Chapter 10
Mais de Anne Starr
I01letor20so201leutor2020
I01letor20so201leutor2020
Anne Starr
Iso27001leadauditor2020
Iso27001leadauditor2020
Anne Starr
Ccsddm5days
Ccsddm5days
Anne Starr
Dayblic
Dayblic
Anne Starr
Day1cspbeblic
Day1cspbeblic
Anne Starr
Dncybersecurity
Dncybersecurity
Anne Starr
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
2 slides(2ndvariadaystion)
2 slides(2ndvariadaystion)
Anne Starr
Sec4
Sec4
Anne Starr
Secuntialesse
Secuntialesse
Anne Starr
)k
)k
Anne Starr
inte
inte
Anne Starr
Awtitioneressentialsdeckscloudprac401-577
Awtitioneressentialsdeckscloudprac401-577
Anne Starr
01wslouAsentialsdeck2dpractitioneres-400
01wslouAsentialsdeck2dpractitioneres-400
Anne Starr
uderessAwscloentialsdeck1-2ion00
uderessAwscloentialsdeck1-2ion00
Anne Starr
Cloudhnologysstecociat
Cloudhnologysstecociat
Anne Starr
Cmbysantocsddsh
Cmbysantocsddsh
Anne Starr
Cddmbysantcsosh
Cddmbysantcsosh
Anne Starr
Ccbysantsddosh
Ccbysantsddosh
Anne Starr
Ccsdbyhday1santodms
Ccsdbyhday1santodms
Anne Starr
Mais de Anne Starr
(20)
I01letor20so201leutor2020
I01letor20so201leutor2020
Iso27001leadauditor2020
Iso27001leadauditor2020
Ccsddm5days
Ccsddm5days
Dayblic
Dayblic
Day1cspbeblic
Day1cspbeblic
Dncybersecurity
Dncybersecurity
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
2 slides(2ndvariadaystion)
2 slides(2ndvariadaystion)
Sec4
Sec4
Secuntialesse
Secuntialesse
)k
)k
inte
inte
Awtitioneressentialsdeckscloudprac401-577
Awtitioneressentialsdeckscloudprac401-577
01wslouAsentialsdeck2dpractitioneres-400
01wslouAsentialsdeck2dpractitioneres-400
uderessAwscloentialsdeck1-2ion00
uderessAwscloentialsdeck1-2ion00
Cloudhnologysstecociat
Cloudhnologysstecociat
Cmbysantocsddsh
Cmbysantocsddsh
Cddmbysantcsosh
Cddmbysantcsosh
Ccbysantsddosh
Ccbysantsddosh
Ccsdbyhday1santodms
Ccsdbyhday1santodms
Último
CARNAVAL COM MAGIA E EUFORIA _
CARNAVAL COM MAGIA E EUFORIA _
Colégio Santa Teresinha
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
Sayali Powar
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
mary850239
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
National Information Standards Organization (NISO)
Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,
Nigar Kadar Mujawar,Womens College of Pharmacy,Peth Vadgaon,Kolhapur,416112
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
Quiz Club NITW
Chi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical Variable
Nigar Kadar Mujawar,Womens College of Pharmacy,Peth Vadgaon,Kolhapur,416112
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6
Vanessa Camilleri
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
Anupam32727
DBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdf
Christalin Nelson
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
Nguyen Thanh Tu Collection
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
Celine George
Unit :1 Basics of Professional Intelligence
Unit :1 Basics of Professional Intelligence
Dr Vijay Vishwakarma
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command Line
Celine George
The role of Geography in climate education: science and active citizenship
The role of Geography in climate education: science and active citizenship
Karl Donert
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
Nguyen Thanh Tu Collection
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
Nguyen Thanh Tu Collection
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Nigar Kadar Mujawar,Womens College of Pharmacy,Peth Vadgaon,Kolhapur,416112
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
MISSRITIMABIOLOGYEXP
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
DhatriParmar
Último
(20)
CARNAVAL COM MAGIA E EUFORIA _
CARNAVAL COM MAGIA E EUFORIA _
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
Chi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical Variable
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
DBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdf
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
Unit :1 Basics of Professional Intelligence
Unit :1 Basics of Professional Intelligence
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command Line
The role of Geography in climate education: science and active citizenship
The role of Geography in climate education: science and active citizenship
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
topicCybersecurity_4
1.
CYBER SECURITY Network Security
2.
Network Security Overview Copyright
© 2019 Logical Operations, Inc. All rights reserved. • Network security is one of the most critical topics. • Rapid changes to technology make networking complex. • Need to secure each technology separately. • Need to handle interoperability issues. • No more clear-cut boundaries for the network.
3.
The OSI Model 7
Application 7 Application 6 Presentation 6 Presentation 5 Session 5 Session 4 Transport 4 Transport 3 Network 3 Network 2 Data Link 2 Data Link 1 Physical 1 Physical Web Server Client Browser Information/Data Flow Copyright © 2019 Logical Operations, Inc. All rights reserved.
4.
• TCP—establishes, maintains,
and terminates a connection-oriented session. • UDP—sends datagrams to a destination without establishing any session. • IP—adds a logical address and chooses the best route. • ICMP—used by network devices to communicate network conditions and conduct diagnostic tests. • IGMP—used by downstream applications to inform the router that they still wish to receive a multicast transmission. • ARP—used to discover the MAC address used by each IP node. Copyright © 2019 Logical Operations, Inc. All rights reserved. TCP/IP Protocol Suite
5.
TCP/IP Core Protocol
Vulnerabilities and Mitigation (Slide 1 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Vulnerability or Threat Mitigation TCP • An attacker can predict the incrementing sequence number of a TCP session and use it to hijack a session that has already been authenticated and authorized. • TCP can carry malicious payloads to other computers. • Use encrypted versions of Layer 7 protocols. • Encrypt or digitally sign data payloads. • Block unused TCP ports on firewalls. UDP • UDP requires no acknowledgment, so it’s easy to spoof the source or destination of UDP packets. • UPD can cause amplification and other denial-of-service attacks. • Use encrypted versions of Layer 7 protocols. • Encrypt and digitally sign data payloads. • Block unused UDP ports on firewalls. IP • IP has no mechanism for verifying the actual identity of the sender or the receiver. • It’s easy to spoof IP addresses, so that packets are sent to or received from a machine other than the intended destination or source. • An attacker can craft malicious IP packet fragments that cannot be reassembled by the receiving computer, causing a denial of service attack. Configure the router and other IP devices to disallow IP features that can be abused, including fragments, ICMP redirection, and source routing.
6.
TCP/IP Core Protocol
Vulnerabilities and Mitigation (Slide 2 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Vulnerability or Threat Mitigation ICMP • An attacker can send an ICMP redirect telling targets to use the attacker's machine as a default gateway. • An attacker can insert malicious data inside an ICMP packet, which will pass through routers and firewalls under the assumption that it is just a status message. • An attacker can send oversized ICMP packets and overwhelm the system. Configure firewalls and routers to disallow ICMP unless it is actually needed. IGMP Malformed IGMP packets can cause a buffer overflow in denial of service on a receiving host. Configure firewalls and routers to disable IGMP unless it is actually needed. ARP • ARP (and its twin RARP) is vulnerable because it is sent in cleartext by broadcast, with no way to verify the identity of the sending computer. • An attacker can poison a system's ARP table or cache, causing traffic to be delivered to the wrong node. This type of poisoning is the underlying mechanism for most man-in-the-middle attacks. Hard-code IP-to-MAC mappings in switches and device ARP caches.
7.
Application Layer Protocols
(Slide 1 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Port(s) Description DHCP UDP67 UDP68 • Clients use the DORA process to obtain an IP address lease from a DHCP server. DNS UDP 53 TCP 53 • Clients request a DNS server to resolve a name to an IP address. • DNS servers replicate (zone transfer) their databases to each other. SNMP UDP161 UDP162 • An SNMP management application queries SNMP-enabled devices (agents) for their current status. • Queries are sent on regular intervals. Answers are presented in a console for an administrator to monitor and act on. FTP TCP21 TCP20 • Clients upload or download files to an FTP server. • TCP 21 is used to send commands. • TCP 20 was used to send the data, but most FTP sessions now negotiate a different port for data transfer. Telnet TCP 23 • Used by administrators to obtain a command-line interface for a network device or server for remote control and administration. SSH TCP 22 • Encrypted replacement for Telnet. HTTP TCP 80 • Used by browsers to request web pages from web servers. SMTP TCP 25 • Used by email clients to send email, and by email servers to relay email to each other.
8.
Application Layer Protocols
(Slide 2 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Port(s) Description POP and IMAP TCP 110 TCP 143 • POP is used by email clients to download email from a mailbox on an email server. The current version of POP is POP3. • IMAP allows a client to retrieve email interactively, including obtaining previews of the messages before downloading. The current version of IMAP is v4. LDAP TCP 389 • Allows client applications to search and edit X.500-compliant directory services such as Microsoft Active Directory. Kerberos TCP 88 • Authentication protocol used by Active Directory and other directory services. • Includes secret key cryptography, pre-authentication by the client computer, and a time-skew limit that inhibits replay attacks. SMB TCP 445 • Microsoft file and print protocol. RPC TCP 135 • Used by Microsoft operating system services to make procedure calls to each other across the network. • Enabled by default on all Microsoft servers. NFS TCP 2049 UDP 2049 • Linux/UNIX file transfer protocol. RDP TCP 3389 • Used by administrators to gain access to the desktop of a remote Microsoft Windows system for remote management.
9.
Application Layer Protocols
Vulnerabilities and Mitigation (Slide 1 of 4) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Vulnerability Mitigation DHCP Broadcasts in cleartext, so attackers can: • Plug directly into a network jack and receive an IP address. • Set up rogue DHCP servers that provide incorrect addresses to clients. Don’t use DHCP; hard code IP addresses on hosts instead. DNS Sends data in cleartext with no authentication, so attackers can: • Divert, intercept, or deny end-user communications. • Perform unauthorized zone transfers with DNS servers. • Send inaccurate lookup information to clients. • Corrupt the DNS server’s database or lookup cache. Use DNS Security (DNSSEC) to accompany all DNS records with digital signatures. SNMP • Prior to v3, SNMP is sent in cleartext, allowing it to be sniffed. • SNMP uses a weak authentication method that is easy to spoof. Install SNMP v3, or use a proprietary network management solution.
10.
Application Layer Protocols
Vulnerabilities and Mitigation (Slide 2 of 4) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Vulnerability Mitigation FTP • Standard FTP uses plaintext password authentication and no encryption, enabling man-in-the-middle attacks. • Some FTP implementations permit anonymous connections. • Use an encrypted replacement like FTPS or SFTP. • Disallow anonymous connections. • Apply file system permissions on the directories that contain FTP content. Telnet • Telnet is sent in cleartext with no encryption or digital signatures. • Its sessions can be sniffed, and it is vulnerable to session hijacking and man-in-the-middle attacks. Use SSH instead of Telnet. SSH • Different implementations have been vulnerable. • OpenSSH bug allowed enumeration of usernames registered on the SSH server. Make sure your SSH product is patched. HTTP • Uses plaintext and no authentication, so an attacker can intercept or manipulate sensitive information in web forms. • Lack of encryption and digital signatures allows for man-in-the-middle attacks. • Use HTTPS, with TLS v1.2 encryption. • Configure the web server to require Strict Transport Security (HSTS) so that an HTTPS session cannot be downgraded to HTTP.
11.
Application Layer Protocols
Vulnerabilities and Mitigation (Slide 3 of 4) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Vulnerability Mitigation SMTP • No authentication or encryption between servers, allowing fake email servers to send spam. • Cleartext SMTP can be sniffed and spoofed. • Create TLS tunnels and authentication between email servers. • Configure clients to use encrypted versions of SMTP. POP and IMAP Messages are sent in cleartext and can be sniffed or spoofed by an unauthorized person. Configure clients to use encrypted versions of POP3 and IMAP4. LDAP • LDAP provides weak authentication based on DNS. • If DNS is compromised, LDAP is also easy for an attacker to compromise. • Standard LDAP sends messages in plaintext, which can be easily intercepted and read by attackers. Configure clients and servers to use encrypted LDAPS. Kerberos • Weak implementations can have vulnerabilities. • Microsoft implementation allows creation of fake hash checksums and forged tickets (Security Bulletin MS14-068). Patch and update affected systems.
12.
Application Layer Protocols
Vulnerabilities and Mitigation (Slide 4 of 4) Copyright © 2019 Logical Operations, Inc. All rights reserved. Protocol Vulnerability Mitigation SMB • Unauthenticated "null session" enumeration. • Weak encryption. • Ransomware like WannaCry. • Buffer overflows like EternalBlue. • Patch and update affected systems. • Configure systems to disallow older protocol versions and null sessions. • Block SMB-related ports on the firewall: TCP 139 and 445, UDP 137, 138, and 139. RPC Crafted RPC calls can gain system level privilege from vulnerable Windows Services that use RPC (CVE-2003-0352/MS03-026 DCOM buffer overflow being the most notable). • Patch and update affected systems. • Block TCP 135 on the firewall. NFS • Older versions of NFS do not include encryption mechanisms to prevent eavesdropping or tampering of data being transferred. • Many implementations do not have access controls to prevent unauthorized connection and data theft. • Put access control on all NFS shares. • Block TCP 2049 on the firewall. RDP RDP is vulnerable to numerous flooding, overflow, and cryptographic attacks. • Patch affected systems, and configure the RDP server to allow only Network Level Authentication. • Use certificates issued by a trusted CA for authentication.
13.
IP Networking (Slide
1 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. IP Version Description IPv4 • Uniquely identifies a node on a network. • Uses 32-bit addressing. • Requires a subnet mask to determine if the destination is on the same or a different network. • Subnet mask determines routing of IP address as it divides IP address into two components: • Network address. • Node address. • Example: IP address 192.168.10.5 with a subnet mask of 255.255.255.0. • First three octets (192.168.10) is the network address. • Final octet (5) is the node address.
14.
IP Networking (Slide
2 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. IP Version Description IPv6 • IPv4 issues: • Availability: 4.2 billion numbers isn’t enough for the future. • No built-in security mechanisms. • IPv6 was proposed as a 128-bit number. • Creates an absolutely huge number (340 undecillion) of possible IP addresses. • Provides sufficient growth for the foreseeable future. • Provides more efficient routing. • Has built-in support for security and quality of service. • Sample IPv6 globally unique (public) address: 2601:140:8600:cbc:c490:50b2:37ff:3191 • Sample IPv6 link local (private) address: fe80::c490:50b2:37ff:3191
15.
• Use firewalls/intrusion
detection to monitor protocol abuse/suspicious traffic. • Harden/patch servers and workstations to mitigate risks from TCP/IP protocols. • Use TCP wrappers on Linux/UNIX devices to verify incoming connections to host. • Configure personal firewalls on all computers. • Configure routers to disallow/filter: • Source routing - can potentially be used for spoofing. • Subnet broadcasts - can potentially be used for denial of service. • ICMP - filter ICMP by message type; only allow PING to and from trusted hosts. • IP fragments - deliberately malformed fragments could be a denial of service technique. • IP options - excessive use could result in router CPU denial of service. • IP packets with low time-to-live (TTL) - could be used for denial of service. Copyright © 2019 Logical Operations, Inc. All rights reserved. Network Vulnerability Mitigation (Slide 1 of 2)
16.
• If practical,
implement DNSSEC in your environment. • If practical, implement authentication/encryption between servers, in your enterprise, and with partners. • Use authenticated/encrypted alternatives to cleartext protocols, including: • SSH (port 22) instead of telnet (port 23). • HTTPS (port 443) instead of HTTP (port 80). • SMTPS (port 465) or MSA (port 587) instead of SMTP (port 25). • IMAPS (port 993) or IMAP-SSL (port 585) instead of IMAP (port 143). • SSL-POP (port 995) instead of POP3 (port 110). • When possible, change default port of a service to an unexpected port number. • When possible, encrypt and digitally sign the payload. Copyright © 2019 Logical Operations, Inc. All rights reserved. Network Vulnerability Mitigation (Slide 2 of 2)
17.
• Combination of
data and voice networks over one IP network. • IP not designed for time-sensitive voice traffic. • Voice over IP (VoIP) is most common converged product. • Benefits of convergence: • Improved support for multimedia applications. • Easy to maintain. • Flexible. • Scalable. • Efficient use of resources. • Lower operating and maintenance costs. • Other converged protocols: • FCoE • iSCSI • MPLS Copyright © 2019 Logical Operations, Inc. All rights reserved. IP Convergence
18.
Wireless Technologies (Slide
1 of 3) Copyright © 2019 Logical Operations, Inc. All rights reserved. Wireless Technology Description Wi-Fi • Uses IEEE 802.11 WLAN standards. • Devices connect to wireless access points. • New protocols continue to be developed. • 802.11ac has throughput of at least 500 Mb/s (single link). Bluetooth • Short-range medium used between two personal devices. • Typical range is around 30 feet. WiMax • Longer range than Wi-Fi (50 miles). • Variable throughput that degrades over long distances. • Used in very large networks across large areas. Spread Spectrum • Spreads wireless communications over multiple frequencies. • Makes it harder for someone to intercept a message. • Doesn’t employ encryption, but can be used with it. Cellular/Mobile • Uses orbiting satellites and terrestrial towers. • Communicates over global distances. • Primarily used for telephony, but also for data transfer.
19.
Wireless Technologies (Slide
2 of 3) Copyright © 2019 Logical Operations, Inc. All rights reserved. Wireless Technology Description Zigbee • Zigbee is an open standard, low power wireless mesh network. • Devices that connect to it are typically home consumer types that manage "smart home" automation, power, lighting, health, etc. • It works at a distance of 10 - 20 meters, uses 128-bit AES symmetric encryption, and can theoretically support 65,000 devices on a single network. • It is not IP-based, and therefore does not easily interoperate with Wi-Fi, Ethernet, or 4G LTE technologies. Z-Wave • Z-Wave is a proprietary competitor to Zigbee. • It has a lower data rate, can support up to 232 devices, and can work at a distance of 100 meters. • Like Zigbee, Z-Wave is also not IP-based and does not directly interoperate with IP-based technologies. WeMo • WeMo is a proprietary competitor to Z-Wave and Zigbee. • Rather than creating its own infrastructure, it piggybacks off of existing Belkin Wi-Fi routers. • Because it uses standard Wi-Fi, WeMo devices consume considerably more power than Zigbee or Z-Wave devices. • Some kitchen appliance and home security manufacturers are interoperable with WeMo.
20.
Wireless Technologies (Slide
3 of 3) Copyright © 2019 Logical Operations, Inc. All rights reserved. Wireless Technology Description Thread • Thread is based on IPv6. • It works in the Wi-Fi frequency range, creating a self-healing, low power wireless mesh of up to 250 devices. • Using IPv6, it closes the security holes that plague other Wi-Fi technologies. Bluetooth Mesh • Bluetooth mesh builds upon the Bluetooth Low Energy standard, allowing devices to connect to each other in a distributed network that is similar to Zigbee and Z-Wave. • It can work up to 100 meters, but its low data rate makes it unsuitable for high- throughput applications such as video.
21.
Wireless Security (Slide
1 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. Wireless Security Protocol Description WEP • Wired Equivalent Privacy. • Relies on stream cipher with 24-bit initialization vector (IV). • Attack on IV can easily predict short value. • Can be compromised in minutes. • Obsolete – do not use. WPA • Wi-Fi Protected Access. • Provides additional encryption using Temporal Key Integrity Protocol (TKIP). • TKIP is vulnerable to transmission of arbitrary packets. • Also vulnerable to decryption of arbitrary packets. • Obsolete – do not use. WPA2 (802.11i) • Improvement on WPA. • Includes stronger encryption (CCMP protocol using AES standard). • Biggest known vulnerability is choosing a weak password. • The current best choice for Wi-Fi security. WPS • Automated mechanism for wireless devices to obtain the Wi-Fi key from the router. • Wi-Fi setup is easy and convenient. • Negotiation can be intercepted and cracked by hacking tools.
22.
When implementing wireless
security: • Select WPA2 (even WPA2 personal) over WEP or WPA. • When possible, use a RADIUS server for wireless authentication. • If you must use a pre-shared key, make the password complex and change it regularly. • Manually enter Wi-Fi passwords into your device, rather than allowing them to autoconfigure themselves by using WPS. • If necessary, enter the MAC addresses of all devices that are permitted to connect to the wireless network into the access point. Copyright © 2019 Logical Operations, Inc. All rights reserved. Wireless Security (Slide 2 of 2)
23.
Network Encryption Protocols Copyright
© 2019 Logical Operations, Inc. All rights reserved. Encryption Protocol Description SSL/TLS • Secure Sockets Layer/Transport Layer Security. • Combines digital certificates with public-key encryption. • Offers authenticity, integrity, and confidentiality. • De facto protocol for protecting HTTP web traffic. SSH • Secure Shell. • Secure remote login and transfer of data. • Session is encrypted. • Encryption defends against eavesdropping. • Preferred protocol to work with FTP and access Linux/UNIX shells. DNSSEC • Domain Name System Security Extension. • Provides added security to DNS. • Authenticates DNS data and ensures data integrity. • Supports zone signing. PGP • Email encryption protocol using a public-key cryptography variant. • Supports authentication through digital signatures. • GNU Privacy Guard (GPG) is open source version. S/MIME • Secure/Multipurpose Internet Mail Extensions. • Email encryption using public-key cryptography. • Uses traditional MIME communication standard. • Ensures confidentiality, integrity, authentication, and non-repudiation.
24.
Networking Hardware • Router •
Wireless router • Switch • Hub • Gateway • Modem • Multiplexer • Concentrator • Front-end processor • Repeater • Firewall • Proxy • Reverse Proxy • Appliance Switch Modem Hub Router Firewall Wireless Router Copyright © 2019 Logical Operations, Inc. All rights reserved.
25.
Data Network Types
(Slide 1 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. Data Network Type Description LAN • Local area network. • Network limited in scope: single building, floor, or room. • Implemented with copper-based wiring or wireless. WLAN • Wireless LAN CAN • Campus area network. • Connects buildings in a university or enterprise campus. • Often uses fiber optic media. MAN • Metropolitan area network. • Provides networking to a city and surrounding neighborhoods. • Often implemented as SONET rings or with Ethernet. WAN • Wide area network. • Connects networks over long distances. • Uses X.25, frame relay, and HDLC. PAN • Personal area network. • Very small area. • Often uses Bluetooth to connect a phone with a headset.
26.
Data Network Types
(Slide 2 of 2) Copyright © 2019 Logical Operations, Inc. All rights reserved. Data Network Type Description SAN • Storage area network. • Storage devices linked together to create one large storage resource. • SAN looks like another local drive to devices that use it. VLAN • Logical grouping of switch ports. • Provides Layer 2 security on a switched network. • Limits impact of broadcast traffic. • Nodes connected to VLAN can only communicate to other nodes in same VLAN. • Each VLAN assigned its own IP subnet. • VLANs communicate to other VLANS via routers. • Biggest risk is improper implementation. Switched networks • Forward traffic between segments using a single type of network protocol. • Provide isolation services. • Forward frames at data link layer. Routed networks • Connect similar or dissimilar networks at Layer 3. • Often used to connect LANs to other LANs. • Router required when connecting a LAN to a WAN.
27.
Network Topologies Physical Star Nodes
connect to a central device in a hub-and-spoke arrangement Logical Ring Data moves from node to node in an unbroken loop Physical and logical topology do not need to match. Copyright © 2019 Logical Operations, Inc. All rights reserved.
28.
• A link
between two devices. • Offers speed and reliability. • Very limited size and distance. • Impractical in most circumstances. Data Network Topology Types: Point-to-Point Topology Copyright © 2019 Logical Operations, Inc. All rights reserved.
29.
• All devices
are connected to a central device. • Problems with cabling are isolated to a single device. • Need to run cable for each device back to central device. • Results in a large amount of cabling. Data Network Topology Types: Star Topology Copyright © 2019 Logical Operations, Inc. All rights reserved.
30.
• All devices
are connected to a single, linear communication path. • Cabling requirements are minimal. • A single break in the cable means the entire network is unavailable. Data Network Topology Types: Bus Topology Copyright © 2019 Logical Operations, Inc. All rights reserved.
31.
• All devices
are connected to a branching cable. • All nodes receive all transmissions. • Nodes process only traffic destined for that node. • Damage to one node will not affect the rest. • Cable failure will bring entire network down. Data Network Topology Types: Tree Topology Copyright © 2019 Logical Operations, Inc. All rights reserved.
32.
• All devices
are connected to a single, circular path. • Each node connects directly to two other nodes. • More cabling than a bus topology. • If the ring is broken, the network will go down. Data Network Topology Types: Ring Topology Copyright © 2019 Logical Operations, Inc. All rights reserved.
33.
• All devices
are directly connected to all other devices. • Provides greater resiliency to denial of service. • Requires an enormous amount of cabling infrastructure. • Usually confined to critical devices in data center. Data Network Topology Types: Mesh Topology Copyright © 2019 Logical Operations, Inc. All rights reserved.
34.
• Physically protect
devices and systems. • Keep patches up-to-date. • Keep antivirus software and signatures up-to-date. • Configure strong firewall rules. • Disallow browser script execution, or install anti-script plugins (e.g., NoScript). • Harden systems based on the manufacturer's recommendations. • Require strong authentication. • Require two-factor authentication for administrators. • Install/configure network and host monitoring, such as IDS and logging. • Include input validation in your application's source code. • Educate users to protect themselves. • Regularly scan for rogue wireless access points. • Lock user accounts after three or five bad login attempts. • Monitor for malicious network or host activity. • Keep all critical systems and data backed up. Copyright © 2019 Logical Operations, Inc. All rights reserved. Countermeasures
35.
• Keep system
patches up-to-date. • Implement endpoint security, especially on mobile devices. • Turn off unnecessary network services that might permit unauthorized connections in the background, such as Bluetooth or Wi-Fi. • Implement IDS/IPS. • Configure your router to disallow source routing or broadcasting. • Regularly check for unknown user accounts, especially administrator accounts. • Forward all logs to a central log collection server. Copyright © 2019 Logical Operations, Inc. All rights reserved. Control Countermeasures
36.
END Copyright © 2019
Logical Operations, Inc. All rights reserved.