SlideShare uma empresa Scribd logo

Cybersecurity cyberlab2

Transferir como PPTX, PDF
R
rayborg

Intro to computer hacker and attacks and network security.

Tecnologia
1 de 48
Network Security Slides by Raymond Borges
Outline • In the NEWS (LOIS) DDoS attacks • Passive Network Attacks • Active Network Attacks • Designing a “Secure” Network • Web 2.0 • Summary 2
IN THE NEWS 3
Low Orbit Ion Cannon (LOIC) • Primary tool being used by the script kiddies • Low Orbit Ion Cannon (LOIC) is a web app performance tool • Denial of Service/testing tool • DoS operation using HTTP/TCP/UDP requests • DDoS voluntarily joining botnet Hive Mind 4
How does LOIC work? While IsFlooding is True{ 1. Create/Connect a TCP Socket to webserver 2. Send standard GET request to the server 3. Read the first 64 bytes returned 4. Sleep for configured Delay } 5
Low Orbit Ion Cannon Hive 6
Low Orbit Ion Cannon New 7
Hive Mind • The automatic mode or Hive Mind, option to voluntarily join a botnet • Using mode, all parameters of attack set up remotely via IRC, including target • IRC is a network protocol designed to provide real-time group chat, often (miss)used to control botnets 8
LOIC trail • If an anonymization network (TOR) is not used traceable IP address records can be logged by its recipient • Logs kept by the ISP used to identify users • Many users arrested using LOIC • LOIC not anonymous 9
LOIC/ Wireshark Demo 1. Turn on VMware WinXP machine 2. Turn on Wireshark 3. Turn on LOIC 4. Start packet capture in Wireshark 5. Start LOIC 10
LOIC Mitigation Attack vector old as the HTTP protocol • Best approach is to use a good rule based firewall, allow for rules on connection limits per IP per second Legitimate uses for this tool: • Performance base lines • Measuring server performance 11
PASSIVE NETWORK ATTACKS 12
FTP Password Attack Setup 1. Install virtual machine or connect to network 2. Install Internet Information Services (IIS) on Windows and File Transfer Protocol (FTP) 3. Setup FTP with a password 4. Run Wireshark while attempting FTP 13
FTP Password Attack 1. Run Wireshark on LAN in promiscuous mode 2. Wait till someone connects to host with FTP 14
Passive online attack 0.http://www.httprecipes.com/1/2/forms.php 1.Run Wireshark 2.Filter http 3.Find post method 4.Follow TCP stream 5.You have username and password in the clear if server isn’t using https SSL or other encryption 15
ACTIVE NETWORK ATTACKS 16
Replay and Man-in-the-middle • When passwords can’t be caught in plaintext Man-in-the-middle • ARP poisoning Replay attack Session hijacking 17
Cain and Abel (ARP poisoning) 1. Install Cain and Abel 2. Connect to a network 3. Select sniffer tab 4. Start sniffer and select network interface 5. Select hosts on bottom and press then ok 6. Select bottom APR tab and click top window 7. Press and select target IP then hit Ok 8. Hit then select passwords tab, (http) 18
NETWORK INFRASTRUCTURE 19
Policy • Network security • Company goals lead to  security policy • Network infrastructure design policy • Network design meets requirements 20
So how do we go from? 21
Data Classification • Policy develops from information flow • Who can access what? Common classifications: • Public • Secret • Confidential • Group based 22
User Classifications • Serves same purpose as data classification • Who can access what? Common classifications: • Outsiders • Employees • Executives • Owners 23
Access Control Matrix (ACM) 24
Network Organization • Network infrastructure design using ACM • Layered security measures • Separation of information • Fairly standard corporate network 25
Network Organization Public network firewall Demilitarized Zone (DMZ) Public or External Network Internal network firewall Internal Network 26
Firewalls Firewalls filter based on: • IP Addresses, destination • Ports Filtering firewall based on: • Packet Headers • Source addresses Proxy or application level firewalls based on message content: • Virus scanner • Key terms? 27
Firewall Operation 28
Outer Firewall Can be used to: 1. Restrict outside access to internal network 2. Restrict internal access to internet while allowing access to DMZ based on Access Control Lists (ACL’s) 3. ACL’s bind source address/port and destinations address/ports to access rights 29
Outer Firewall • Public needs Web server and mail server access, no other services • Firewall interface allows connections to WWW services (HTTP and HTTPS) and electronic mail (SMTP) • Internet sees addresses of Web and mail servers equal—that of the firewall, NAT 30
Internal Firewall • Sensitive data resides in internal network • Block all traffic except authorized traffic (fail-safe defaults principle) • Information comes only from DMZ, never directly from Internet 31
Ports/Services 20-21 FTP 22 SSH/SCP 23 Telnet 25 SMTP 53 DNS 67-68 DHCP/BOOTP 80 HTTP 443 HTTP over SSL 465 SMTP over SSL 32
Proxies Proxies - hosts that relay data • Hide identity and protect privacy • Can be used as firewalls The Onion Routing network (TOR) • Proxy network made of volunteer hosts 33
DMZ and Servers Demilitarized Zone or DMZ - area outside internal firewall, some ports unblocked for inbound internet access to servers Servers – hosts which serve webpages or store and process electronic mail for users Web server and mail server contained in DMZ 34
Domain Name System (DNS) Server Knows directory name service information for: • DMZ mail, Web, and log hosts • Internal trusted administrative host • Outer firewall • Inner firewall 35
DMZ Log Server All other servers log messages by writing them to a local file and then to the log server • The log server also writes them to a file and then to write-once media • Confined to the DMZ • Does not initiate transfer to inner network 36
Internal Network • Subnets may have firewall and servers, may filter traffic as inner firewall does • Subnets may share servers • Information flow constraints  arrangement • Firewalls impose confinement at interfaces 37
Firewall Attacks Attackers have 3 methods of firewall entry • Web server ports (HTTP) port proxy checks for invalid or illegal HTTP requests and rejects them • SMTP port Mail proxy will detect and reject such attempts • Bypass the low-level firewall checks by exploiting firewall vulnerabilities 38
Defense Practices • Economy of mechanism (simple mechanisms) Making hosts or devices do only their job • Separation of privilege (divided jobs) More than one host does a certain job • Defense in depth (layered security defense) Multiple defenses to bypass 39
Internet Attacks Distributed Denial of Service (DDoS) SYN flood • Consumes bandwidth • Consumes memory resources Remedies • TCP intercept mode • Synkill software 40
Attacks Focus on what we are most concerned about: • Successful attacks • Failed attacks in areas where attacks ought not to be launched e.g. DMZ. Efforts into where we can obtain useful results 41
Summary • Security requirements  network infrastructure • Security goals security policy network form • Internal firewall limits traffic to public servers • Outer firewall blocks external traffic from internal • Public servers only provide one service • Application level firewalls check contents 42
RECENT RESEARCH 43
Quantification of Attackers Activities on Servers running Web 2.0 Applications • Attackers use search-based strategies Google • Easiest ways to attack servers dominate • Password cracking attacks on SSH 44
Quantification of Attackers Activities on Servers running Web 2.0 Applications • Blog user accounts and vulnerability scans • Spam attacks dominate Web 2.0 applications such as Blogs and Wikis • Less activity use known vulnerabilities 45
Possible Questions 1. Why is privilege separation so important? 2. What is normally closed security? 3. What security model do you think Facebook uses? 4. How can DNS be used to censor websites? 5. Is there another means of reaching a website other than by URL? 6. What makes the internet impossible to bring down completely? (Discussion erupts…) 46
References • Introduction to Computer Security, Matt Bishop • Attacks by “Anonymous” WikiLeaks Proponents not Anonymous Pras et.al. Design and Analysis of Communication Systems Group University of Twente, Enschede, The Netherlands • Quantification of Attackers Activities on Servers runningWeb 2.0 Applications, Katerina Goseva-Popstojanova, Risto Pantev, Ana Dimitrijevikj, and Brandon Miller, Lane Department of CS and EE WVU • https://github.com/NewEraCracker/LOIC • http://wasntnate.com/2012/01/analysis-of-low-orbit-ion-cannon- loic-web-stress-tool/ • http://www.youtube.com/watch?v=F6_9i-aGAa0&feature=related 47
Questions?

Recomendados

Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100DHoai Duyen
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
Firewall
FirewallFirewall
FirewallIdris Shah
 
CNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationCNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationSam Bowne
 

Recomendados

Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100DHoai Duyen
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
Firewall
FirewallFirewall
FirewallIdris Shah
 
CNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationCNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationSam Bowne
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: EnumerationSam Bowne
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
eWON_SecurityV5 - Public
eWON_SecurityV5 - PubliceWON_SecurityV5 - Public
eWON_SecurityV5 - PublicYvan Rudzinski
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatCNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
Cryptography
CryptographyCryptography
CryptographySri Manakula Vinayagar Engineering College
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)Sam Bowne
 
ACS-2010
ACS-2010ACS-2010
ACS-2010Bob Radvanovsky
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
Hash crypto
Hash cryptoHash crypto
Hash cryptoHarry Potter
 
Attacks
AttacksAttacks
AttacksNitin Birari
 

Mais conteúdo relacionado

Mais procurados

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: EnumerationSam Bowne
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
eWON_SecurityV5 - Public
eWON_SecurityV5 - PubliceWON_SecurityV5 - Public
eWON_SecurityV5 - PublicYvan Rudzinski
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatCNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)Sam Bowne
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 

Mais procurados (20)

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: Enumeration
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: Enumeration
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
eWON_SecurityV5 - Public
eWON_SecurityV5 - PubliceWON_SecurityV5 - Public
eWON_SecurityV5 - Public
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatCNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection Systems
 
Cryptography
CryptographyCryptography
Cryptography
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
 
ACS-2010
ACS-2010ACS-2010
ACS-2010
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 

Destaque

Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in CryptographyBasudev Saha
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 

Destaque (7)

Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Attacks
AttacksAttacks
Attacks
 
Osi model in networking
Osi model in networkingOsi model in networking
Osi model in networking
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in Cryptography
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 

Semelhante a Cybersecurity cyberlab2

Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360Scott Sutherland
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Brandon Arvanaghi
 
Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)ClubHack
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy ServerLakshyaArora12
 

Semelhante a Cybersecurity cyberlab2 (20)

Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Network security basics
Network security basicsNetwork security basics
Network security basics
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architecture
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Firewall
FirewallFirewall
Firewall
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17
 
Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)Ultimate pen test compromising a highly secure environment (nikhil)
Ultimate pen test compromising a highly secure environment (nikhil)
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy Server
 
Network security
Network security Network security
Network security
 

Mais de rayborg

Borges rprojectcs691y
Borges rprojectcs691yBorges rprojectcs691y
Borges rprojectcs691yrayborg
 
Cybersecurity cyberlab3
Cybersecurity cyberlab3Cybersecurity cyberlab3
Cybersecurity cyberlab3rayborg
 
Cybersecurity cyberlab1
Cybersecurity cyberlab1Cybersecurity cyberlab1
Cybersecurity cyberlab1rayborg
 
Research week3 idea
Research week3 ideaResearch week3 idea
Research week3 idearayborg
 
Mushroom tutorial http://rjdatamining.weebly.com
Mushroom tutorial http://rjdatamining.weebly.comMushroom tutorial http://rjdatamining.weebly.com
Mushroom tutorial http://rjdatamining.weebly.comrayborg
 
Project 2 Data Mining Part 1
Project 2 Data Mining Part 1Project 2 Data Mining Part 1
Project 2 Data Mining Part 1rayborg
 

Mais de rayborg (6)

Borges rprojectcs691y
Borges rprojectcs691yBorges rprojectcs691y
Borges rprojectcs691y
 
Cybersecurity cyberlab3
Cybersecurity cyberlab3Cybersecurity cyberlab3
Cybersecurity cyberlab3
 
Cybersecurity cyberlab1
Cybersecurity cyberlab1Cybersecurity cyberlab1
Cybersecurity cyberlab1
 
Research week3 idea
Research week3 ideaResearch week3 idea
Research week3 idea
 
Mushroom tutorial http://rjdatamining.weebly.com
Mushroom tutorial http://rjdatamining.weebly.comMushroom tutorial http://rjdatamining.weebly.com
Mushroom tutorial http://rjdatamining.weebly.com
 
Project 2 Data Mining Part 1
Project 2 Data Mining Part 1Project 2 Data Mining Part 1
Project 2 Data Mining Part 1
 

Último

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Cybersecurity cyberlab2

  • 1. Network Security Slides by Raymond Borges
  • 2. Outline • In the NEWS (LOIS) DDoS attacks • Passive Network Attacks • Active Network Attacks • Designing a “Secure” Network • Web 2.0 • Summary 2
  • 4. Low Orbit Ion Cannon (LOIC) • Primary tool being used by the script kiddies • Low Orbit Ion Cannon (LOIC) is a web app performance tool • Denial of Service/testing tool • DoS operation using HTTP/TCP/UDP requests • DDoS voluntarily joining botnet Hive Mind 4
  • 5. How does LOIC work? While IsFlooding is True{ 1. Create/Connect a TCP Socket to webserver 2. Send standard GET request to the server 3. Read the first 64 bytes returned 4. Sleep for configured Delay } 5
  • 6. Low Orbit Ion Cannon Hive 6
  • 7. Low Orbit Ion Cannon New 7
  • 8. Hive Mind • The automatic mode or Hive Mind, option to voluntarily join a botnet • Using mode, all parameters of attack set up remotely via IRC, including target • IRC is a network protocol designed to provide real-time group chat, often (miss)used to control botnets 8
  • 9. LOIC trail • If an anonymization network (TOR) is not used traceable IP address records can be logged by its recipient • Logs kept by the ISP used to identify users • Many users arrested using LOIC • LOIC not anonymous 9
  • 10. LOIC/ Wireshark Demo 1. Turn on VMware WinXP machine 2. Turn on Wireshark 3. Turn on LOIC 4. Start packet capture in Wireshark 5. Start LOIC 10
  • 11. LOIC Mitigation Attack vector old as the HTTP protocol • Best approach is to use a good rule based firewall, allow for rules on connection limits per IP per second Legitimate uses for this tool: • Performance base lines • Measuring server performance 11
  • 13. FTP Password Attack Setup 1. Install virtual machine or connect to network 2. Install Internet Information Services (IIS) on Windows and File Transfer Protocol (FTP) 3. Setup FTP with a password 4. Run Wireshark while attempting FTP 13
  • 14. FTP Password Attack 1. Run Wireshark on LAN in promiscuous mode 2. Wait till someone connects to host with FTP 14
  • 15. Passive online attack 0.http://www.httprecipes.com/1/2/forms.php 1.Run Wireshark 2.Filter http 3.Find post method 4.Follow TCP stream 5.You have username and password in the clear if server isn’t using https SSL or other encryption 15
  • 17. Replay and Man-in-the-middle • When passwords can’t be caught in plaintext Man-in-the-middle • ARP poisoning Replay attack Session hijacking 17
  • 18. Cain and Abel (ARP poisoning) 1. Install Cain and Abel 2. Connect to a network 3. Select sniffer tab 4. Start sniffer and select network interface 5. Select hosts on bottom and press then ok 6. Select bottom APR tab and click top window 7. Press and select target IP then hit Ok 8. Hit then select passwords tab, (http) 18
  • 20. Policy • Network security • Company goals lead to  security policy • Network infrastructure design policy • Network design meets requirements 20
  • 21. So how do we go from? 21
  • 22. Data Classification • Policy develops from information flow • Who can access what? Common classifications: • Public • Secret • Confidential • Group based 22
  • 23. User Classifications • Serves same purpose as data classification • Who can access what? Common classifications: • Outsiders • Employees • Executives • Owners 23
  • 25. Network Organization • Network infrastructure design using ACM • Layered security measures • Separation of information • Fairly standard corporate network 25
  • 26. Network Organization Public network firewall Demilitarized Zone (DMZ) Public or External Network Internal network firewall Internal Network 26
  • 27. Firewalls Firewalls filter based on: • IP Addresses, destination • Ports Filtering firewall based on: • Packet Headers • Source addresses Proxy or application level firewalls based on message content: • Virus scanner • Key terms? 27
  • 29. Outer Firewall Can be used to: 1. Restrict outside access to internal network 2. Restrict internal access to internet while allowing access to DMZ based on Access Control Lists (ACL’s) 3. ACL’s bind source address/port and destinations address/ports to access rights 29
  • 30. Outer Firewall • Public needs Web server and mail server access, no other services • Firewall interface allows connections to WWW services (HTTP and HTTPS) and electronic mail (SMTP) • Internet sees addresses of Web and mail servers equal—that of the firewall, NAT 30
  • 31. Internal Firewall • Sensitive data resides in internal network • Block all traffic except authorized traffic (fail-safe defaults principle) • Information comes only from DMZ, never directly from Internet 31
  • 32. Ports/Services 20-21 FTP 22 SSH/SCP 23 Telnet 25 SMTP 53 DNS 67-68 DHCP/BOOTP 80 HTTP 443 HTTP over SSL 465 SMTP over SSL 32
  • 33. Proxies Proxies - hosts that relay data • Hide identity and protect privacy • Can be used as firewalls The Onion Routing network (TOR) • Proxy network made of volunteer hosts 33
  • 34. DMZ and Servers Demilitarized Zone or DMZ - area outside internal firewall, some ports unblocked for inbound internet access to servers Servers – hosts which serve webpages or store and process electronic mail for users Web server and mail server contained in DMZ 34
  • 35. Domain Name System (DNS) Server Knows directory name service information for: • DMZ mail, Web, and log hosts • Internal trusted administrative host • Outer firewall • Inner firewall 35
  • 36. DMZ Log Server All other servers log messages by writing them to a local file and then to the log server • The log server also writes them to a file and then to write-once media • Confined to the DMZ • Does not initiate transfer to inner network 36
  • 37. Internal Network • Subnets may have firewall and servers, may filter traffic as inner firewall does • Subnets may share servers • Information flow constraints  arrangement • Firewalls impose confinement at interfaces 37
  • 38. Firewall Attacks Attackers have 3 methods of firewall entry • Web server ports (HTTP) port proxy checks for invalid or illegal HTTP requests and rejects them • SMTP port Mail proxy will detect and reject such attempts • Bypass the low-level firewall checks by exploiting firewall vulnerabilities 38
  • 39. Defense Practices • Economy of mechanism (simple mechanisms) Making hosts or devices do only their job • Separation of privilege (divided jobs) More than one host does a certain job • Defense in depth (layered security defense) Multiple defenses to bypass 39
  • 40. Internet Attacks Distributed Denial of Service (DDoS) SYN flood • Consumes bandwidth • Consumes memory resources Remedies • TCP intercept mode • Synkill software 40
  • 41. Attacks Focus on what we are most concerned about: • Successful attacks • Failed attacks in areas where attacks ought not to be launched e.g. DMZ. Efforts into where we can obtain useful results 41
  • 42. Summary • Security requirements  network infrastructure • Security goals security policy network form • Internal firewall limits traffic to public servers • Outer firewall blocks external traffic from internal • Public servers only provide one service • Application level firewalls check contents 42
  • 44. Quantification of Attackers Activities on Servers running Web 2.0 Applications • Attackers use search-based strategies Google • Easiest ways to attack servers dominate • Password cracking attacks on SSH 44
  • 45. Quantification of Attackers Activities on Servers running Web 2.0 Applications • Blog user accounts and vulnerability scans • Spam attacks dominate Web 2.0 applications such as Blogs and Wikis • Less activity use known vulnerabilities 45
  • 46. Possible Questions 1. Why is privilege separation so important? 2. What is normally closed security? 3. What security model do you think Facebook uses? 4. How can DNS be used to censor websites? 5. Is there another means of reaching a website other than by URL? 6. What makes the internet impossible to bring down completely? (Discussion erupts…) 46
  • 47. References • Introduction to Computer Security, Matt Bishop • Attacks by “Anonymous” WikiLeaks Proponents not Anonymous Pras et.al. Design and Analysis of Communication Systems Group University of Twente, Enschede, The Netherlands • Quantification of Attackers Activities on Servers runningWeb 2.0 Applications, Katerina Goseva-Popstojanova, Risto Pantev, Ana Dimitrijevikj, and Brandon Miller, Lane Department of CS and EE WVU • https://github.com/NewEraCracker/LOIC • http://wasntnate.com/2012/01/analysis-of-low-orbit-ion-cannon- loic-web-stress-tool/ • http://www.youtube.com/watch?v=F6_9i-aGAa0&feature=related 47