Firewall And Network Securit

1

Attack Sophistication vs. Required Intruder Knowledge Required Intruder Knowledge

BackOrifice

Attack Sophistication Auto. Toolkits

Packet spoofing

1997

Widespread DDoS

2007 2

What are the Issues & problems? 



Security was not a fundamental design consideration The Internet is growing exponentially



User dependence is increasing;



With increasing complexity, there are billions of entry points

3

Who are the intruders? • Criminals • “Curious” Intruders • Insiders • Corporate Spies

4

Motives     

Money Access to additional resources Competitive advantages Curiosity and Mischief Terrorism

5

BUT!!!! I do not have anything important on my machine; who would want to crack my machine ??????

WHY THEY ATTACK? WHAT THEY WANT? WHAT WE SHOULD DO?

6

WHY THEY ATTACK? WHAT THEY WANT? They want your Bandwidth They want your CPU They want your Disk Space They want your Data They want to Steal Information They want to Destroy 7

Possible Attacks: DDoS (Distributed Denial of Service) Sniffing Port Scanning Malicious code

8

9

Denial of Service (DoS) Attack 

 

Attacker prevent user from accessing a service Floods network with information. Server unable to process your request.

10

Example of DDoS attack:

Request with spoofed IP of target

Intruder Target 11

Example of DDoS attack:

Intruder

Flood Target with replies

Target

12

Sniffing •

•

•

Examines traffic on same physical network Intruder must have physical access to network Used to gather usernames and passwords

13

Port Scanning • •

Over 65535 ports available. Each port scanned sequentially. Scan

Reply

Port Status

SYN

SYN+ACKOpen

SYN FIN FIN

RST RST Ignored

Close Close Open

14

Malicious Code •

•

Includes Viruses and Trojan Horses Difficult to control.

15

Methods of Defence • • • • •

Encryption Software Controls Hardware Controls Policies Firewalls

16

Encryption  

 

Science of writing in Secret Code Protects data from theft and alteration. Unencrypted Data PlainText Encrypted Data CipherText

17

Cryptographic Techniques

Secret Key Cryptography Public Key Cryptography Hash Functions

18

Secret Key Cryptography

19

Public Key Cryptography

20

Hash Function

21

Sample Application of 3 Cryptography Techniques for Secure Communication Alice’s Private Key

Public Key Crypto

Alice’s Message

Hash Function

Random Session Key Bob’s Public Key

Secret Key Crypto

Public Key Crypto

Digital Signature

Digital Envelope Encrypte d Message

Sent to Bob

Encrypte d Session Key 22

SOFTWARE CONTROLS  

Access limitations in database Anti-Virus Software

HARDWARE CONTROLS 

Use Smartcard for authentication

23

POLICIES    

Frequent Change of Passwords Never Share Your Password Avoid Using Dictionary word as Password Network Monitoring

24

Firewalls 





A firewall is a network access control device. Performs a centralized security management function. Denies all traffic except that which is explicitly allowed.

25

Why Use firewalls? Prevent Compromises and Vulnerabilities Preventing DDoS Attack Preventing Port Scanning Preventing Malicious Code Prevent Attack From Insiders

26

As individuals and businesses increase information sharing and communication via the

Internet, vulnerability to attack or intrusion rises.

In the world of technological evolution,

everyone is a target of electronic crime and needs to be concerned about 27

I would like to thank: Mrs. Vandana Syal & All of you for your time and patience.

28