Beruflich Dokumente
Kultur Dokumente
APNIC eLearning:
Network Security
Fundamentals
08 JULY 2015
01:00 PM AEST Brisbane (UTC+10)
Introduction
• Presenter Sheryl Hermoso
Training Officer
sheryl@apnic.net
Specialties:
Network Security
IPv6
DNS/DNSSEC
Internet Resource Mgmt
1
7/07/15
Overview
• Goals of Information Security
• Attacks on Different Layers
• Attack Examples
• Trusted Network and Access Control
• Cryptography and PKI
• VPN and Ipsec
• APNIC Whois Database
1 of Information Security
Goals
SECURITY
2
7/07/15
Why Security?
• The Internet was initially designed for connectivity
– Trust assumed
– We do more with the Internet nowadays
– Security protocols are added on top of the TCP/IP
• Fundamental aspects of information must be protected
– Confidential data
– Employee information
– Business models
– Protect identity and resources
• We can’t keep ourselves isolated from the Internet
– Most business communications are done online
– We provide online services
– We get services from third-party organizations online
Network Internet
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
Ping/ICMP
Flood, Sniffing
Data Link Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Network Access
ARP spoofing, MAC
Physical (Link Layer)
flooding
3
7/07/15
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets without replying
with the ACK packet
• Finite queue size for incomplete connections
SYN
SYN+ACK
ACK
Server
CONNECTION ESTABLISHED
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets without replying
with the ACK packet
• Finite queue size for incomplete connections
SYN
SYN+ACK
Attacker Server
(Victim)
4
7/07/15
1 3
www.example.com 192.168.1.99
I want to access
www.example.com QID=64569
(pretending to be
QID=64570 the authoritative
QID=64571 match! zone)
2
QID=64571
Client DNS Caching Root/GTLD
Server
QID=64571
3
www.example.com 192.168.1.1
Webserver
(192.168.1.1) ns.example.com
1
Common Types of Attack
• Ping sweeps and port scans - reconnaissance
• Sniffing – capture packet as they travel through the network
• Man-in-the-middle attack – intercept messages that are
intended for a valid device
• Spoofing - set up a fake device and trick others to send
messages to it
• Hijacking – take control of a session
• Denial of Service (DoS) and Distributed DoS (DDoS)
10
5
7/07/15
Trusted Network
• Standard defensive-oriented technologies
– Firewall – first line of defense
– Intrusion Detection
11
Access Control
• Access control - ability to permit or deny the use of an
object by a subject.
• It provides 3 essential services (known as AAA):
– Authentication (who can login)
– Authorization (what authorized users can do)
– Accountability (identifies what a user did)
12
6
7/07/15
Cryptography
• Has evolved into a complex science in the field of
information security
• Encryption – process of transforming plaintext to ciphertext
using a cryptographic key
• Symmetric key cryptography – uses a single key to encrypt
and decrypt information. Also known as private key.
– Includes DES, 3DES, AES, IDEA, RC5
13
2
Cryptography
ENCRYPTION DECRYPTION
ALGORITHM ALGORITHM
Plaintext Ciphertext Plaintext
Symmetric Key
Cryptography Shared Key Shared Key
Asymmetric Key
Cryptography Public Key Private Key
14
7
7/07/15
15
Network Internet
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
IPsec
Ping/ICMP
Flood, Sniffing
Data Link Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Network Access
ARP
IEEE spoofing,
802.1X, PPPMAC
&
Physical PPTP (Link Layer)
flooding
8
7/07/15
• Two types:
– Remote access
– Site-to-site VPN
17
VPN Protocols
• PPTP (Point-to-Point tunneling Protocol)
– Developed by Microsoft to secure dial-up connections
– Operates in the data-link layer
• L2F (Layer 2 Forwarding Protocol)
– Developed by Cisco
– Similar as PPTP
• L2TP (Layer 2 Tunneling Protocol)
– IETF standard
– Combines the functionality of PPTP and L2F
• IPsec (Internet Protocol Security)
– Open standard for VPN implementation
– Operates on the network layer
18
9
7/07/15
Source Destination
Network Layer - IPSec
19
IPSec
• Provides Layer 3 security
• Tunnel or Transport mode
– Tunnel mode – entire IP packet is encrypted
– Transport mode – IPSec header is inserted in to the packet
20
10
7/07/15
21
Security Management
• Network security is a part of a bigger information security
plan
• Policies vs. Standards vs. Guidelines
• Must develop and implement comprehensive security policy
– Minimum password length, frequency of password change
– Access of devices, host firewalls
– User creation/deletion process
– Data signing/encryption
– Encrypting all communication (remote access)
– Use of digital certificates
22
11
7/07/15
23
Questions
• Please remember to fill out the
feedback form
– https://surveymonkey.com/r/
apnic-20150708-eL2
24
12
7/07/15
25
Thank You!
END OF SESSION
26
13