Thông tin tài liệu
1
© 2000, Cisco Systems, Inc.
NTW 2000
Network Security
Network Security
ISOC NTW 2000
ISOC NTW 2000
2
© 2000, Cisco Systems, Inc.
NTW 2000 2
2000, Cisco Systems, Inc.
Introduction
Introduction
3
© 2000, Cisco Systems, Inc.
NTW 2000
Network Security Components
Network Security Components
4
© 2000, Cisco Systems, Inc.
NTW 2000
ISP Example
ISP Example
. . .
Customer Site
ISP Management Plane
. . .
T1
WWW DNS1
Pub1TFTPDNS2Pub 2
ISP Service Plane
Foreign
Site
Internet
5
© 2000, Cisco Systems, Inc.
NTW 2000
Enterprise Example
Enterprise Example
Protected
Network
Engineering
Admin
Finance
Dial-Up
Access
Business
Partners
DNS
Server
WWW
Server
Internet
6
© 2000, Cisco Systems, Inc.
NTW 2000
Current Threats and
Current Threats and
Attack Methods
Attack Methods
6
2000, Cisco Systems, Inc.
7
© 2000, Cisco Systems, Inc.
NTW 2000
Attack Trends
Attack Trends
• Exploiting passwords and poor
configurations
• Software bugs
• Trojan horses
• Sniffers
• IP address spoofing
• Toolkits
• Distributed attacks
8
© 2000, Cisco Systems, Inc.
NTW 2000
Attack Trends
Attack Trends
High
Low
1988 2000
Attack
Sophistication
Attacker
Knowledge
9
© 2000, Cisco Systems, Inc.
NTW 2000
Vulnerability Exploit Cycle
Advanced
Intruders
Discover
Vulnerability
Crude Exploit
Tools Distributed
Novice Intruders
Use Crude
Exploit Tools
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools
Intruders Begin
Using New Types
of Exploits
Source: CERT Coordination Center
10
© 2000, Cisco Systems, Inc.
NTW 2000
Increasingly Serious Impacts
Increasingly Serious Impacts
• $10M transferred out of one banking system
• Loss of intellectual property - $2M in one
case, the entire company in another
• Extensive compromise of operational
systems - 15,000 hour recovery operation in
one case
• Alteration of medical diagnostic test results
• Extortion - demanding payments to avoid
operational problems
[...]... jhervq5 Router5# NTW 2000 © 2000, Cisco Systems, Inc 17 ISP Example Internet Foreign Site ISP Service Plane T1 Customer Site WWW DNS1 ISP Management Plane NTW 2000 © 2000, Cisco Systems, Inc Pub 2 DNS2 TFTP Pub1 18 Enterprise Example Engineering Finance Internet Admin WWW Server Protected Network Dial-Up Access NTW 2000 © 2000, Cisco Systems, Inc DNS Server Business Partners 19 nmap • network mapper... 1996-1999 12 Unauthorized Use 70 Percentage of Respondents Yes 60 No 50 Don't Know 40 30 20 10 0 1996 1997 1998 1999 2000 Source: 2000 CSI/FBI Computer Crime and Security Survey NTW 2000 © 2000, Cisco Systems, Inc 13 Conclusion Sophisticated attacks + Dependency + Vulnerability NTW 2000 © 2000, Cisco Systems, Inc 14 Classes of Attacks • Reconnaisance Unauthorized discovery and mapping of systems, services,... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Internet Datagram Header NTW 2000 © 2000, Cisco Systems, Inc 26 IP Spoofing C is am e n my Hi, A B Attacker B NTW 2000 © 2000, Cisco Systems, Inc 27 IP: Normal Routing A, C via Ra B via Ethernet B,C via Ra B via Rb C via Rc A A - >B Rb B A -> B Ra A -> B Rc C Routing based on routing tables NTW 2000 © 2000, Cisco Systems, Inc 28 IP: Source Routing B B unknown ->...Evolving Dependence • Networked appliances/homes • Wireless stock transactions • On-line banking • Critical infrastructures • Business processes NTW 2000 © 2000, Cisco Systems, Inc 11 The Community’s Vulnerability Internal Exploitation Internet External Exploitation 75% vulnerable NTW 2000 © 2000, Cisco Systems, Inc 100% vulnerable Source: Cisco Security Posture Assessments 1996-1999... telnet 25/tcp open smtp 37/tcp open time 80/tcp open http 110/tcp open pop-3 NTW 2000 © 2000, Cisco Systems, Inc 21 Why Do You Care? • The more information you have, the easier it will be to launch a successful attack: Map the network Profile the devices on the network Exploit discovered vulnerabilities Achieve objective NTW 2000 © 2000, Cisco Systems, Inc 22 Access Methods • Exploiting passwords Brute... escalation • Denial of Service Disable or corrupt networks, systems, or services NTW 2000 © 2000, Cisco Systems, Inc 15 Reconnaissance Methods • Common commands and administrative utilities nslookup, ping, netcat, telnet, finger, rpcinfo, File Explorer, srvinfo, dumpacl • Public tools Sniffers, SATAN, SAINT, NMAP, custom scripts NTW 2000 © 2000, Cisco Systems, Inc 16 Network Sniffers Router5 Got It !! … telnet... Sharing NTW 2000 © 2000, Cisco Systems, Inc 23 Access Methods cont’d • Exploit application holes Mishandled input data: access outside application domain, buffer overflows, race conditions • Protocol weaknesses: fragmentation, TCP session hijacking • Trojan horses: Programs that plant a backdoor into a host NTW 2000 © 2000, Cisco Systems, Inc 24 IP Packet • Internet Protocol IP = connectionless network. .. A A -> B via Ra, Rb via R b ,R a Rb B A -> B via Ra, Rb Ra Rc C Routing based on IP datagram option NTW 2000 © 2000, Cisco Systems, Inc 29 IP Unwanted Routing R1, >A via C- R2 Internet C -> Av ia R A unknown B via R1 1, R 2 A unknown B via DMZ R1 C->A via R1, R2 A intranet R2 C->A via R1,R2 NTW 2000 © 2000, Cisco Systems, Inc C A unknown B via Internet B DMZ A via Intranet B via DMZ C unknown 30 IP... via A C-> A unknown B via PPP B (acting as router) C->A via B NTW 2000 © 2000, Cisco Systems, Inc 31 IP Spoofing Using Source Routing B is a friend allow access A Ra B->A via C,Rc,Ra Rb B Rc C B-> Av ia C ,Rc A -> Ra Bv ia R a, R c,C A->B via Ra, Rc,C B->A via C, Rc,Ra A->B via Ra, Rc,C Back traffic uses the same source route NTW 2000 © 2000, Cisco Systems, Inc 32 Transport Control Protocol • TCP =... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TCP Header Format NTW 2000 © 2000, Cisco Systems, Inc 34 TCP connection establishment B A flags=SYN , seq=(Sb,? ) b) , seq=(Sa,S +A C K flags=SYN flags=ACK , seq=(Sb,S a ) +8) eq=(Sb,Sa ,s flags=ACK :” “Username data= NTW 2000 © 2000, Cisco Systems, Inc 35 TCP blind spoofing B C masquerading as B b,?) YN, seq=(S flags=S A . 1 © 2000, Cisco Systems, Inc. NTW 2000 Network Security Network Security ISOC NTW 2000 ISOC NTW 2000 2 © 2000, Cisco Systems, Inc. NTW 2000 2 2000, Cisco Systems, Inc Inc. Introduction Introduction 3 © 2000, Cisco Systems, Inc. NTW 2000 Network Security Components Network Security Components 4 © 2000, Cisco Systems, Inc. NTW 2000 ISP Example ISP Example . Distributed attacks 8 © 2000, Cisco Systems, Inc. NTW 2000 Attack Trends Attack Trends High Low 1988 2000 Attack Sophistication Attacker Knowledge 9 © 2000, Cisco Systems, Inc. NTW 2000 Vulnerability
Ngày đăng: 28/03/2014, 20:20
Xem thêm: Network Security ISOC NTW 2000 ppt, Network Security ISOC NTW 2000 ppt