Network Security

Intro to Network Security

Network Security
Politeknik Elektronika Negeri Surabaya
2007

PENS-ITS
 Network Security

Introduction
Penilaian
Tugas 25%
UAS 40%
UTS 30%
Kehadiran 5%

Max terlambat 15 menit dari pelajaran dimulai

Di atas 15 menit diberi tugas dan dipresentasikan

PENS-ITS
 Network Security

Overview

PENS-ITS
Network Services CISCO Router
Network Security

Using acl , block malware

from outside

INTERNET
ROUTER
All Server in DMZ
Manage using SSH , GTW -
Secure Webmin

PROXY (Squid ) FIREWALL

FIREWALL -IDS
Linux bridge , iptables
All access to Internet
shorewall , snort , Managable Switchs
must through Proxy

DMZ
portsentry , acidlab Block unwanted user from port ,
manage from WEB

SQL Database (MySQL )

Access only from
localhost (127.0.0.1) MULTILAYER
SWITCH
L3 Switch
Block malware on
physical port from inside
network LECTURER
E-MAIL WWW PROXY NOC EMPLOYEE
,
DOMAIN
Traffic Monitoring
CACTI
Http://noc .eepis-its.edu

E-Mail server
HTTPS , SPAM EEPISHOTSPOT
(Spamassassin ), Virus Access from wifi , signal
Scanner ( ClamAV ) only in EEPIS campus
Authentication from
Proxy

FILESERVER EIS
Internal Server
STUDENTS EEPIS -INFORMATION SYSTEM
(EIS http ://eis.eepis -its.edu)
PENS-ITS
EEPISHOTSPOT
Http://fileserver .eepis -its .edu
 Network Security

Why Secure a Network?

Internal External
attacker attacker

Corporate Assets Incorrect

Virus permissions

A network security design protects assets from threats and

vulnerabilities in an organized manner
To design security, analyze risks to your assets and create
responses
PENS-ITS
 Network Security

Computer Security Principles

Confidentiality
Protecting information from exposure and
disclosure
Integrity
Decrease possible problems caused by corruption
of data
Availability
Make information always available

PENS-ITS
 Network Security

Exploits (1)
What is an Exploit?
Crackers break into a computer network by exploiting weaknesses in
operating system services.
Types of attacks
Local
Remote

PENS-ITS
 Network Security

SANS Security Threats

SANS/FBI top 20 security
threats
http://www.sans.org/top20/
Goals attackers try to
achieve
Gain unauthorized access
Obtain administrative or
root level
Destroy vital data
Deny legitimate users
service
Individual selfish goals
Criminal intent

PENS-ITS
 Network Security

Security Statistics: Attack

Trends
Computer Security Institute (http://www.gocsi.com)
Growing Incident Frequency
Incidents reported to the Computer Emergency Response
Team/Coordination Center
1997: 2,134
1998: 3,474 (75% growth from previous year)
1999: 9,859 (164% growth)
2000: 21,756 (121% growth)
2001: 52,658 (142% growth)
Tomorrow?

PENS-ITS
 Network Security

Attack Targets
SecurityFocus
31 million Windows-specific attacks
22 million UNIX/LINUX attacks
7 million Cisco IOS attacks
All operating systems are attacked!

PENS-ITS
 Network Security

Hackers Vs Crackers
Ethical Hackers vs. Crackers
Hacker usually is a programmer constantly seeks
further knowledge, freely share what they have
discovered, and never intentionally damage data.
Cracker breaks into or otherwise violates system
integrity with malicious intent. They destroy vital
data or cause problems for their targets.

PENS-ITS
 Network Security

Pengelompokan Attack

PENS-ITS
 Network Security

Pengelompokan Attacks
Attacks

Physical Access Social Engineering

Attacks --
-- Opening Attachments
Dialog Attacks
Wiretapping/menyadap Password Theft
--
Server Hacking Information Theft
Eavesdropping Penetration
Vandalism/perusakan
(Mendengar yg tdk boleh) Attacks
Impersonation (Usaha menembus)
(meniru) Malware
Message Alteration --
Merubah message Denial of
Break-in Service Viruses
Scanning Worms
(Probing)

PENS-ITS
 Network Security

Social Engineering
Definisi Social enginering
seni dan ilmu memaksa orang untuk memenuhi harapan anda ( Bernz ),
Suatu pemanfaatan trik-trik psikologis hacker luar pada seorang user
legitimate dari sebuah sistem komputer (Palumbo)
Mendapatkan informasi yang diperlukan (misalnya sebuah password) dari
seseorang daripada merusak sebuah sistem (Berg).
Tujuan dasar social engineering sama seperti umumnya hacking:
mendapatkan akses tidak resmi pada sistem atau informasi untuk
melakukan penipuan, intrusi jaringan, mata-mata industrial,
pencurian identitas, atau secara sederhana untuk mengganggu
sistem atau jaringan.
Target-target tipikal termasuk perusahaan telepon dan jasa-jasa
pemberian jawaban, perusahaan dan lembaga keuangan dengan
nama besar, badan-badan militer dan pemerintah dan rumah
sakit.

PENS-ITS
 Network Security

Bentuk Social Engineering

Social Engineering dengan telepon
Seorang hacker akan menelpon dan meniru seseorang dalam suatu kedudukan
berwenang atau yang relevan dan secara gradual menarik informasi dari user.
Diving Dumpster
Sejumlah informasi yang sangat besar bisa dikumpulkan melalui company
Dumpster.
Social engineering on-line :
Internet adalah lahan subur bagi para teknisi sosiaal yang ingin mendapatkan
password
Berpura-pura menjadi administrator jaringan, mengirimkan e-mail melalui
jaringan dan meminta password seorang user.
Persuasi
Sasaran utamanya adalah untuk meyakinkan orang untuk memberikan
informasi yang sensitif
Reverse social engineering
sabotase, iklan, dan assisting

PENS-ITS
 Network Security

Penetration Attacks Steps

Port scanner
Network enumeration
Gaining & keeping root / administrator access
Using access and/or information gained
Leaving backdoor
Attack
Denial of Services (DoS) :Network flooding
Buffer overflows : Software error
Malware :Virus, worm, trojan horse
Brute force
Covering his tracks
PENS-ITS
 Network Security

Scanning (Probing) Attacks

Reply from Probe Packets to

172.16.99.1 172.16.99.1, 172.16.99.2, etc.

Host
Internet
172.16.99.1

Attacker
No Host
No Reply Results
172.16.99.2
172.16.99.1 is reachable
172.16.99.2 is not reachable
Corporate Network

PENS-ITS
 Network Security

Network Scanning

PENS-ITS
 Network Security

Denial-of-Service (DoS)
Flooding Attack

Message Flood

Server
Attacker
Overloaded By
Message Flood

PENS-ITS
 Network Security

DoS By Example

PENS-ITS
 Network Security

Dialog Attack
Eavesdropping, biasa disebut dengan spoofing,
cara penanganan dengan Encryption
Impersonation dan message alteration
ditangani dengan gabungan enkripsi dan
autentikasi

PENS-ITS
 Network Security

Eavesdropping on a Dialog

Dialog

Hello
Client PC
Server
Bob
Alice

Hello

Attacker (Eve) intercepts

and reads messages

PENS-ITS
 Network Security

Password Attack By Example

PENS-ITS
 Network Security

Sniffing By Example

PENS-ITS
 Network Security

KeyLogger

PENS-ITS
 Network Security

Message Alteration
Dialog

Balance = Balance =
Client PC $1 $1,000,000 Server
Bob Alice

Balance =
$1 Balance =
$1,000,000
Attacker (Eve) intercepts
and alters messages

PENS-ITS
 Network Security

PENS-ITS
 Network Security

Security form Attack

PENS-ITS
 Network Security

Network Penetration Attacks

and Firewalls
Passed Packet Attack
Internet Packet
Firewall
Hardened
Client PC Internet

Attacker

Dropped
Packet

Hardened
Server Internal
Log File Corporate
Network
PENS-ITS
 Network Security

Intrusion Detection System

1.
4. Alarm Intrusion Suspicious
Detection Packet
System
Network
2. Suspicious
Administrator Internet
Packet Passed
Attacker

3. Log
Packet

Hardened
Server
Log File Corporate Network

PENS-ITS
 Network Security

Encryption for Confidentiality

Encrypted
Message
100100110001

Client PC Server
Bob Alice
100100110001

Attacker (Eve) intercepts

Original but cannot read Decrypted
Message Message
Hello Hello

PENS-ITS
 Network Security

Impersonation and
Authentication

Im Bob

Prove it!
Client PC Attacker (Authenticate Yourself)
Server
Bob (Eve) Alice

PENS-ITS
 Network Security

Secure Dialog System

Secure Dialog

Client PC
Automatically Handles Server
Bob
Negation of Security Options Alice
Authentication
Encryption
Integrity
Attacker cannot
read messages, alter
messages, or impersonate

PENS-ITS
 Network Security

Hardening Host Computers

The Problem
Computers installed out of the box have known
vulnerabilities
Not just Windows computers

Hackers can take them over easily

They must be hardeneda complex process that

involves many actions

PENS-ITS
 Network Security

Hardening Host Computers

Elements of Hardening
Physical security
Secure installation and configuration
Fix known vulnerabilities
Turn off unnecessary services (applications)
Harden all remaining applications (Chapter 9)
(more on next page)

PENS-ITS
 Network Security

Hardening Host Computers

Elements of Hardening (continued)
Manage users and groups
Manage access permissions
For individual files and directories, assign access
permissions specific users and groups
Back up the server regularly
Advanced protections

PENS-ITS
 Network Security

Hardening Host Computers

Security Baselines Guide the Hardening

Effort
Specifications for how hardening should be done

Different for different operating systems

Different for different types of servers

(webservers, mail servers, etc.)
Needed because it is easy to forget a step
PENS-ITS
 Network Security

Installation and Patching

Installation Offers Many Options, Some of
Which Affect Security
For example, in Windows, the NTFS file system
is better for security than FAT32

Need a security baseline to guide option choices

during installation

PENS-ITS
 Network Security

Installation and Patching

Known Vulnerabilities
Most programs have known vulnerabilities

Exploits are programs that take advantage of

known vulnerabilities

PENS-ITS
 Network Security

Installation and Patching

Known Vulnerabilities
Vulnerability reporters send vulnerability reports
to vendors

Vulnerability reporters often say that vendors take

too long to fix vulnerabilities

Vendors say that vulnerability reporters do not

give them enough time, report too much detail to
the press
PENS-ITS
 Network Security

Installation and Patching

Fixes
Work-around: A series of actions to be taken; no
new software

Patches: New software to be added to the

operating system

Upgrades: Newer versions of programs usually

fix older vulnerabilities.

PENS-ITS
 Network Security

Installation and Patching

Upgrades
Often, security vulnerabilities are fixed in new
versions

If a version is too old, the vendor might stop

offering fixes

It might be good to wait to upgrade until after the

first round of bug and security fixes

PENS-ITS
 Network Security

Turning Off Unnecessary

Services
Unnecessary Services
Operating system vendors used to install many
services by default

This made them easier to use. When use changes,

services do not have to be turned on.

Attackers have found flaws in many of these rare

services

PENS-ITS
 Network Security

Turning Off Unnecessary

Services
Unnecessary Services
Vendors now install fewer services by default
lock down mode

Turn to security baseline to see what services to

turn on and off

Easier to install too few and add than to install too

many and remove unwanted services

PENS-ITS
 Network Security

Managing Users and Groups

Introduction
Every user must have an account

There can also be groups

Can assign security measures to groups

These measures apply to the individual group members

automatically

Faster and easier than assigning security measures to

individuals

PENS-ITS
 Network Security

Managing Permissions
Principle of Least Permissions: Give Users
the Minimum Permissions Needed for Their
Job
More feasible to add permissions selectively than
to start with many, reduce for security

PENS-ITS
 Network Security

Advanced Server Hardening

Techniques
Reading Event Logs
The importance of logging to diagnose problems
Failed logins, changing permissions, starting
programs, kernel messages, etc.

Backup

File Encryption

File Integrity Checker

PENS-ITS