Netwo Network rk Secur Security ity
Intro to Network Security
Network Security
PENS-ITS
Netwo Network rk Secur Security ity
Network Security In Action Client Configuration
IP & Port Scanning
DNS
Web Server Exploit
Hardening Host
Email Exploit
AntiVirus Applications
System Log Analysis
Intrusion Detection System
Network Services
DoS Attack
Using Firewall
HoneyPot
FTP/Telnet
Trojan Attack
Using GPG/PGP
Spyware Detection and Removal
PENS-ITS
SMTP/POP
Sniffing Traffic
Using SSH
Backup and Restore
Web Server
KeyStroke Logging
Password Cracking
Using Certificate
Finding Hidden Data
MITM Attack
Using IPSec
Netwo Network rk Secur Security ity
Why Secure a Network? Internal attacker
External attacker
Corpora Corpor ate Assets Virus
Incorrect permissions
A net n etwo worr k s ecu ec u r i t y d esi es i g n p r o t ect ec t s as a s s ets et s f r o m t h r eats eat s and an d vulnera vuln erabili bilities ties in an organized organized manne m anner r To design d esign security, securi ty, analyze analyze risks to your assets assets and create create responses PENS-ITS
Network Security
Computer Security Principles • Confidentiality – Protecting information from exposure and disclosure
• Integrity – Decrease possible problems caused by corruption of data
• Availability – Make information always available
PENS-ITS
Network Security
Exploits (1) •
What is an Exploit? –
•
Types of attacks – –
•
Crackers break into a computer network by exploiting weaknesses in operating system services. Local Remote
Categories of exploits – – – – –
0-day ( new unpublished) Account cracking Buffer overflow Denial of service Impersonation
PENS-ITS
Network Security
Exploits (2) • Categories of exploits (cont.) – – – – –
Man in the middle Misconfiguration Network sniffing Session hijacking System/application design errors
PENS-ITS
Network Security
SANS Security Threats •
SANS/FBI top 20 security threats –
•
http://www.sans.org/top20/
Goals attackers try to achieve – – – – – –
Gain unauthorized access Obtain administrative or root level Destroy vital data Deny legitimate users service Individual selfish goals Criminal intent
PENS-ITS
Network Security
Security Statistics: Attack Trends
• Computer Security Institute (http://www.gocsi.com) • Growing Incident Frequency –
Incidents reported to the Computer Emergency Response Team/Coordination Center
–
1997:
2,134
–
1998:
3,474 (75% growth from previous year)
–
1999:
9,859 (164% growth)
–
2000: 21,756 (121% growth)
–
2001: 52,658 (142% growth)
–
Tomorrow? PENS-ITS
Network Security
Attack Targets • SecurityFocus – 31 million Windows-specific attacks – 22 million UNIX/LINUX attacks – 7 million Cisco IOS attacks – All operating systems are attacked!
PENS-ITS
Network Security
Hackers Vs Crackers • Ethical Hackers vs. Crackers – Hacker usually is a programmer constantly seeks further knowledge, freely share what they have discovered, and never intentionally damage data. – Cracker breaks into or otherwise violates system integrity with malicious intent. They destroy vital data or cause problems for their targets.
PENS-ITS
Network Security
Attack Type
PENS-ITS
Network Security
Types of Attacks Attacks
Social Engineering Physical Access - Attacks Opening Attachments -Dialog Attacks Password Theft Wiretapping/menyadap -Information Theft Server Hacking Eavesdropping Penetration Vandalism/perusakan (Mendengar yg tdk boleh) Attacks Impersonation (Usaha menembus) (meniru) Malware Message Alteration -Denial of Merubah message Viruses Break-in Service Scanning Worms (Probing) PENS-ITS
Network Security
Social Engineering • Definisi Social enginering – seni dan ilmu memaksa orang untuk memenuhi harapan anda ( Bernz ), – Suatu pemanfaatan trik-trik psikologis hacker luar pada seorang user legitimate dari sebuah sistem komputer (Palumbo) – Mendapatkan informasi yang diperlukan (misalnya sebuah password) dari seseorang daripada merusak sebuah sistem (Berg).
• Tujuan dasar social engineering sama seperti umumnya hacking: mendapatkan akses tidak resmi pada sistem atau informasi untuk melakukan penipuan, intrusi jaringan, matamata industrial, pencurian identitas, atau secara sederhana untuk mengganggu sistem atau jaringan. • Target-target tipikal termasuk perusahaan telepon dan jasa-jasa pemberian jawaban, perusahaan dan lembaga keuangan dengan nama besar, badan-badan militer dan pemerintah dan rumah sakit. PENS-ITS
Network Security
Bentuk Social Engineering •
Social Engineering dengan telepon – Seorang hacker akan menelpon dan meniru seseorang dalam suatu kedudukan berwenang atau yang relevan dan secara gradual menarik informasi dari user.
•
Diving Dumpster – Sejumlah informasi yang sangat besar bisa dikumpulkan melalui company Dumpster.
•
Social engineering on-line : – Internet adalah lahan subur bagi para teknisi sosiaal yang ingin mendapatkan password – Berpura-pura menjadi administrator jaringan, mengirimkan e-mail melalui jaringan dan meminta password seorang user.
•
Persuasi – Sasaran utamanya adalah untuk meyakinkan orang untuk memberikan informasi yang sensitif
•
Reverse social engineering – sabotase, iklan, dan assisting
PENS-ITS
Network Security
Penetration Attacks Steps • • • • • •
Port scanner Network enumeration Gaining & keeping root / administrator access Using access and/or information gained Leaving backdoor Attack – – – –
Denial of Services (DoS) :Network flooding Buffer overflows : Software error Malware :Virus, worm, trojan horse Brute force
• Covering his tracks PENS-ITS
Network Security
Scanning (Probing) Attacks Reply from 172.16.99.1 Host 172.16.99.1
Probe Packets to 172.16.99.1, 172.16.99.2, etc. Internet Attacker
No Host 172.16.99.2
Results 172.16.99.1 is reachable 172.16.99.2 is not reachable …
No Reply
Corporate Network
PENS-ITS
Network Security
Network Scanning
PENS-ITS
Network Security
Denial-of-Service (DoS) Flooding Attack Message Flood
Server Overloaded By Message Flood
Attacker
PENS-ITS
Network Security
DoS By Example
PENS-ITS
Network Security
Dialog Attack • Eavesdropping, biasa disebut dengan spoofing, cara penanganan dengan Encryption • Impersonation dan message alteration ditangani dengan gabungan enkripsi dan autentikasi
PENS-ITS
Network Security
Eavesdropping on a Dialog Dialog
Hello Client PC Bob
Server Alice Hello Attacker (Eve) intercepts and reads messages PENS-ITS
Network Security
Password Attack By Example
PENS-ITS
Network Security
Sniffing By Example
PENS-ITS
Network Security
KeyLogger
PENS-ITS
Network Security
Message Alteration Dialog
Balance = $1
Client PC Bob
Balance = $1,000,000
Balance = $1
Balance = $1,000,000 Attacker (Eve) intercepts and alters messages PENS-ITS
Server Alice
Network Security
Network Scanning dan Probing
PENS-ITS
Network Security
Scanning nmap • Scanning nmap dengan TCP paket
PENS-ITS
Network Security
Flag
28
Network Security
Three Way Handshake
29
Network Security
Type Scanning • connect scan • TCP SYN scan • TCP FIN scan • TCP Xmas Tree scan • TCP Null scan • TCP ACK scan • TCP Windows scan • TCP RPC scan • UDP scan PENS-ITS
