Network Security

Intro to Network Security

Network Security
Politeknik Elektronika Negeri Surabaya
2007
PENS-ITS

Network Security

Introduction
Penilaian

Tugas
UAS
UTS
Kehadiran

25%
40%
30%
5%

Max terlambat 15 menit dari pelajaran dimulai

Di atas 15 menit diberi tugas dan dipresentasikan
PENS-ITS

Network Security

Overview

PENS-ITS

Network Services

Network Security

CISCO Router
Using acl , block malware
from outside

ROUTER
GTW

All Server in DMZ

Manage using SSH ,
Secure Webmin

PROXY (Squid )
All access to Internet
must through Proxy

DMZ

INTERNET
-

-IDS
FIREWALLFIREWALL
Linux bridge , iptables
shorewall , snort ,
portsentry , acidlab

SQL Database (MySQL )

Access only from
localhost (127.0.0.1)

MULTILAYER
SWITCH
L3 Switch
Block malware on
physical port from inside
network

DOMAIN

E-MAIL

WWW

E-Mail server
HTTPS , SPAM
(Spamassassin ), Virus
Scanner (ClamAV )

Managable Switchs
Block unwanted user from port ,
manage from WEB

PROXY

LECTURER
,
EMPLOYEE

NOC

Traffic Monitoring
CACTI
Http://noc .eepis-its.edu

EEPISHOTSPOT
Access from wifi , signal
only in EEPIS campus
Authentication from
Proxy

FILESERVER
STUDENTS

PENS-ITS
EEPISHOTSPOT

EIS

Internal Server
EEPIS -INFORMATION SYSTEM
(EIS http ://eis.eepis -its.edu )
Http://fileserver .eepis -its .edu

Network Security

Why Secure a Network?

Internal
attacker

External
attacker

Corporate Assets
Virus

Incorrect
permissions

A network security design protects assets from threats and

vulnerabilities in an organized manner
To design security, analyze risks to your assets and create
responses
PENS-ITS

Network Security

Computer Security Principles

Confidentiality
Protecting information from exposure and
disclosure

Integrity
Decrease possible problems caused by corruption
of data

Availability
Make information always available

PENS-ITS

Network Security

Exploits (1)

What is an Exploit?

Crackers break into a computer network by exploiting weaknesses in

operating system services.

Types of attacks

Local
Remote

PENS-ITS

Network Security

SANS Security Threats

SANS/FBI top 20 security

threats

http://www.sans.org/top20/

Goals attackers try to

achieve

Gain unauthorized access

Obtain administrative or
root level
Destroy vital data
Deny legitimate users
service
Individual selfish goals
Criminal intent

PENS-ITS

Network Security

Security Statistics: Attack

Trends

Computer Security Institute (http://www.gocsi.com)

Growing Incident Frequency
Incidents reported to the Computer Emergency Response
Team/Coordination Center
1997:

2,134

1998:

3,474 (75% growth from previous year)

1999:

9,859 (164% growth)

2000: 21,756 (121% growth)

2001: 52,658 (142% growth)
Tomorrow?
PENS-ITS

Network Security

Attack Targets
SecurityFocus
31 million Windows-specific attacks
22 million UNIX/LINUX attacks
7 million Cisco IOS attacks
All operating systems are attacked!

PENS-ITS

Network Security

Hackers Vs Crackers
Ethical Hackers vs. Crackers

Hacker usually is a programmer constantly seeks

further knowledge, freely share what they have
discovered, and never intentionally damage data.
Cracker breaks into or otherwise violates system
integrity with malicious intent. They destroy vital
data or cause problems for their targets.

PENS-ITS

Network Security

Pengelompokan Attack

PENS-ITS

Network Security

Pengelompokan Attacks
Attacks
Social Engineering
Physical Access
-Attacks
Opening Attachments
-Dialog Attacks
Password Theft
Wiretapping/menyadap
-Information Theft
Server Hacking
Eavesdropping
Penetration
Vandalism/perusakan
(Mendengar yg tdk boleh)
Attacks
Impersonation
(Usaha menembus)
(meniru)
Malware
Message Alteration
-Denial
of
Merubah message
Viruses
Break-in
Service
Scanning
Worms
(Probing)
PENS-ITS

Network Security

Social Engineering
Definisi Social enginering
seni dan ilmu memaksa orang untuk memenuhi harapan anda ( Bernz ),
Suatu pemanfaatan trik-trik psikologis hacker luar pada seorang user
legitimate dari sebuah sistem komputer (Palumbo)
Mendapatkan informasi yang diperlukan (misalnya sebuah password) dari
seseorang daripada merusak sebuah sistem (Berg).

Tujuan dasar social engineering sama seperti umumnya hacking:

mendapatkan akses tidak resmi pada sistem atau informasi untuk
melakukan penipuan, intrusi jaringan, mata-mata industrial,
pencurian identitas, atau secara sederhana untuk mengganggu
sistem atau jaringan.
Target-target tipikal termasuk perusahaan telepon dan jasa-jasa
pemberian jawaban, perusahaan dan lembaga keuangan dengan
nama besar, badan-badan militer dan pemerintah dan rumah
sakit.
PENS-ITS

Network Security

Bentuk Social Engineering

Social Engineering dengan telepon

Seorang hacker akan menelpon dan meniru seseorang dalam suatu kedudukan
berwenang atau yang relevan dan secara gradual menarik informasi dari user.

Diving Dumpster
Sejumlah informasi yang sangat besar bisa dikumpulkan melalui company
Dumpster.

Social engineering on-line :

Internet adalah lahan subur bagi para teknisi sosiaal yang ingin mendapatkan
password
Berpura-pura menjadi administrator jaringan, mengirimkan e-mail melalui
jaringan dan meminta password seorang user.

Persuasi
Sasaran utamanya adalah untuk meyakinkan orang untuk memberikan
informasi yang sensitif

Reverse social engineering

sabotase, iklan, dan assisting
PENS-ITS

Network Security

Penetration Attacks Steps

Port scanner
Network enumeration
Gaining & keeping root / administrator access
Using access and/or information gained
Leaving backdoor
Attack

Denial of Services (DoS) :Network flooding

Buffer overflows : Software error
Malware :Virus, worm, trojan horse
Brute force

Covering his tracks

PENS-ITS

Network Security

Scanning (Probing) Attacks

Reply from
172.16.99.1
Host
172.16.99.1

Probe Packets to
172.16.99.1, 172.16.99.2, etc.
Internet
Attacker

No Host
172.16.99.2

Results
172.16.99.1 is reachable
172.16.99.2 is not reachable

No Reply

Corporate Network

PENS-ITS

Network Security

Network Scanning

PENS-ITS

Network Security

Denial-of-Service (DoS)
Flooding Attack
Message Flood

Server
Overloaded By
Message Flood

Attacker

PENS-ITS

Network Security

DoS By Example

PENS-ITS

Network Security

Dialog Attack
Eavesdropping, biasa disebut dengan spoofing,
cara penanganan dengan Encryption
Impersonation dan message alteration
ditangani dengan gabungan enkripsi dan
autentikasi

PENS-ITS

Network Security

Eavesdropping on a Dialog
Dialog

Hello
Client PC
Bob

Server
Alice
Hello
Attacker (Eve) intercepts
and reads messages
PENS-ITS

Network Security

Password Attack By Example

PENS-ITS

Network Security

Sniffing By Example

PENS-ITS

Network Security

KeyLogger

PENS-ITS

Network Security

Message Alteration
Dialog

Balance =
$1

Client PC
Bob

Balance =
$1,000,000

Balance =
$1

Balance =
$1,000,000
Attacker (Eve) intercepts
and alters messages
PENS-ITS

Server
Alice

Network Security

PENS-ITS

Network Security

Security form Attack

PENS-ITS

Network Security

Network Penetration Attacks

and Firewalls
Passed Packet
Internet
Firewall
Hardened
Client PC

Attack
Packet
Internet
Attacker

Dropped
Packet
Hardened
Server

Log File

Internal
Corporate
Network
PENS-ITS

Network Security

Intrusion Detection System

4. Alarm
Network
Administrator

Intrusion
Detection
System

2. Suspicious
Packet Passed

1.
Suspicious
Packet
Internet
Attacker

3. Log
Packet
Hardened
Server

Log File

Corporate Network
PENS-ITS

Network Security

Encryption for Confidentiality

Encrypted
Message
100100110001

Client PC
Bob

Server
Alice
100100110001

Original
Message
Hello

Attacker (Eve) intercepts

but cannot read

PENS-ITS

Decrypted
Message
Hello

Impersonation and
Authentication

Network Security

Im Bob

Client PC
Bob

Attacker
(Eve)

Prove it!
(Authenticate Yourself)

PENS-ITS

Server
Alice

Network Security

Secure Dialog System

Secure Dialog

Client PC
Automatically Handles
Bob
Negation of Security Options
Authentication
Encryption
Integrity

Server
Alice

Attacker cannot
read messages, alter
messages, or impersonate
PENS-ITS

Network Security

Hardening Host Computers

The Problem
Computers installed out of the box have known
vulnerabilities
Not just Windows computers

Hackers can take them over easily

They must be hardeneda complex process that
involves many actions

PENS-ITS

Network Security

Hardening Host Computers

Elements of Hardening

Physical security
Secure installation and configuration
Fix known vulnerabilities
Turn off unnecessary services (applications)
Harden all remaining applications (Chapter 9)
(more on next page)

PENS-ITS

Network Security

Hardening Host Computers

Elements of Hardening (continued)
Manage users and groups
Manage access permissions
For individual files and directories, assign access
permissions specific users and groups

Back up the server regularly

Advanced protections

PENS-ITS

Network Security

Hardening Host Computers

Security Baselines Guide the Hardening
Effort
Specifications for how hardening should be done
Different for different operating systems
Different for different types of servers
(webservers, mail servers, etc.)
Needed because it is easy to forget a step
PENS-ITS

Network Security

Installation and Patching

Installation Offers Many Options, Some of
Which Affect Security
For example, in Windows, the NTFS file system
is better for security than FAT32
Need a security baseline to guide option choices
during installation

PENS-ITS

Network Security

Installation and Patching

Known Vulnerabilities
Most programs have known vulnerabilities
Exploits are programs that take advantage of
known vulnerabilities

PENS-ITS

Network Security

Installation and Patching

Known Vulnerabilities
Vulnerability reporters send vulnerability reports
to vendors
Vulnerability reporters often say that vendors take
too long to fix vulnerabilities
Vendors say that vulnerability reporters do not
give them enough time, report too much detail to
the press
PENS-ITS

Network Security

Installation and Patching

Fixes
Work-around: A series of actions to be taken; no
new software
Patches: New software to be added to the
operating system
Upgrades: Newer versions of programs usually
fix older vulnerabilities.
PENS-ITS

Network Security

Installation and Patching

Upgrades
Often, security vulnerabilities are fixed in new
versions
If a version is too old, the vendor might stop
offering fixes
It might be good to wait to upgrade until after the
first round of bug and security fixes
PENS-ITS

Network Security

Turning Off Unnecessary

Services
Unnecessary Services

Operating system vendors used to install many

services by default
This made them easier to use. When use changes,
services do not have to be turned on.
Attackers have found flaws in many of these rare
services
PENS-ITS

Network Security

Turning Off Unnecessary

Services
Unnecessary Services

Vendors now install fewer services by default

lock down mode
Turn to security baseline to see what services to
turn on and off
Easier to install too few and add than to install too
many and remove unwanted services
PENS-ITS

Network Security

Managing Users and Groups

Introduction
Every user must have an account
There can also be groups
Can assign security measures to groups
These measures apply to the individual group members
automatically
Faster and easier than assigning security measures to
individuals
PENS-ITS

Network Security

Managing Permissions
Principle of Least Permissions: Give Users
the Minimum Permissions Needed for Their
Job
More feasible to add permissions selectively than
to start with many, reduce for security

PENS-ITS

Network Security

Advanced Server Hardening

Techniques
Reading Event Logs

The importance of logging to diagnose problems

Failed logins, changing permissions, starting
programs, kernel messages, etc.

Backup
File Encryption
File Integrity Checker
PENS-ITS