SlideShare a Scribd company logo

Day4

Download as PPT, PDF
J
Jai4uk

Network security is important to protect systems from attacks. Firewalls act as the first line of defense, blocking unauthorized incoming and outgoing network traffic based on security rules. Different types of firewalls operate at different layers of the OSI model and provide varying levels of security. No single security measure can guarantee protection, so a defense-in-depth approach using firewalls along with other tools like intrusion detection systems is recommended.

Technology
1 of 52
Downloaded 92 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Network Security and Hacking Techniques DAY-4
Firewalls We are here Visible IP Address Internal Network PC Servers Linux and windows Host Application Servers Like IDS,Sniffers
What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI and TCP/IP Network models? Different types of firewall. Different firewall architectures. What kind of firewall is best for what infrastructure.
Introduction Benefits of Internet Better Communication Remote Access Immense source of information Boosting the efficiency of buisnesses Network security a major concern.
Why you need a firewall? What happens when you connect to the Internet? Your network becomes part of Internet. Possibility of attack by thieves and vandals. How do you protect confidential information from those who do not explicitly need to access it? How do you protect your network and its resources from malicious users and accidents that originate outside of your network?
Types of Attacks Network Packet sniffers IP Spoofing Password Attacks Distribution of sensitive information to external resources. Man-in-the-middle attacks Denial of Service Attacks Application layer attacks
What is Firewall?
Computer with firewall software
Basic Purpose of a Firewall It blocks incoming data that might contain a hacker attack. It hides information about the network by making it seem that all outgoing traffic originates from the firewall rather than the network. This is called Network Address Translation (NAT). It screens outgoing traffic to limit Internet use and/or access to remote sites.
Other Features of Firewall Content Filtering Virtual Private Networks Antivirus Protection Demilitarized Zone Firewalls
What can't a firewall do? They cannot provide complete security T hey can do nothing to guard against insider threats. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced.
How does a network firewall interact with OSI and TCP/IP Network models? Network Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. The higher up in the stack layer at which an architecture examines packets, the greater the level of protection the architecture provides, since more information is available upon which to base decisions.
Types of Firewall Static Packet Filter Dynamic (stateful) packet filter Circuit level Gateway Application level Gateway Stateful Multilayer Inspection Firewall
Static Packet Filter
Static Packet Filter(contd.) Advantages Low cost – now included with many operating systems. Disadvantages Filters are difficult to configure Static packet filter is not state aware . Static packet filter does not examine the complete packet.
Dynamic (stateful) packet filter State awareness Aware of the difference between a new and an established connection. Advantage: State awareness provides measurable performance benefit. Disadvantage: Susceptible to IP spoofing. Only provides for a low level of protection.
Circuit Level Gateway
Circuit Level Gateway(contd.) Advantages: Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Higher level of security than a static or dynamic (stateful) packet filter. Disadvantage: A circuit level gateway cannot examine the data content of the packets it relays between a trusted network and an untrusted network. The potential exists to slip harmful packets through a circuit level gateway to a server behind the firewall.
Application Level Gateway
Application Level Gateway(contd.) Advantages: Filter application specific commands such as http: post and get, etc. Inspect the complete packet. Highest level of security. Disadvantages: Vendors must keep up with new protocols. A common complaint of application level gateway users is lack of timely vendor support for new protocols. Must be written securely.
Stateful Multilayer Inspection Firewall
Stateful Multilayer Inspection Firewall(contd.) Advantages: Does not break the client server model. Offer a high level of security. Disadvantages: The failure to break the client server model creates an unacceptable security risk as the hacker has a direct connection to the protected server. They are expensive. Due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel.
Dual-Homed Host Architecture
Screened Host Architecture
Screened Subnet Architecture
Conclusion Keeping your software patched and running updated antivirus software are very important pieces, but having a firewall block incoming connections in the first place is definitely a wise idea as well. No one security solution will solve everything. The more lines of defense you have in place, the harder it is for hackers to get in and the safer you will be.
Firewalls Questions
What is Intrusion Detection Intrusion detection systems (IDSs) are designed for detecting, blocking and reporting unauthorized activity in computer networks. “ The life expectancy of a default installation of Linux Red Hat 6.2 server is estimated to be less than 72 hours.” “ The fastest compromise happened in 15 minutes (including scanning, probing and attacking)” “ Netbios scans affecting Windows computers were executed with the average of 17 per day” (source: Honeynet Project )
Motivation for Intrusion Detection Unauthorized Use of Computer Systems Within Last 12 Months (source Indian ISP’s Study)
Definitions Intrusion A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability, of a computing and networking resource Intrusion detection The process of identifying and responding to intrusion activities
Why Is Intrusion Detection Necessary? Prevent Detect React/ Survive Security principles: layered mechanisms
Different Types of IDSs Application based Host based Network based.
Different Types of IDSs Application IDS Watch application logs Watch user actions Stop attacks targeted against an application Advantages Encrypted data can be read Problems Positioned too high in the attack chain (the attacks reach the application)
Different Types of IDSs Host IDS Watch kernel operations Watch network interface Stop illegal system operations Drop attack packets at network driver Advantages Encrypted data can be read Each host contributes to the detection process Problems Positioned too high in the attack chain (the attacks reach the network driver)
Different Types of IDSs Network IDS Watch network traffic Watch active services and servers Report and possibly stop network level attacks Advantages Attacks can be stopped early enough (before they reach the hosts or applications) Attack information from different subnets can be correlated Problems Encrypted data cannot be read Annoyances to normal traffic if for some reason normal traffic is dropped
An Adaptive IDS Architecture FW Quick and dirty Real-time IDS Best-effort in real-time Backend IDS Thorough and slow (scenario/trend) Dynamic Cost-sensitive Decision Making Detection Models
Different Ways to put IDS on network HUB
Different Ways to put IDS on network TAP
Circuit Diagrams of Taping 100Mb Ethernet Switch
Circuit Diagrams of Taping 1Gb Ethernet Switch
Circuit Diagrams of Taping 1Gb Ethernet Switch
SNORT Open Source Just about any platform(Including windows) Many plugins and external modules. Frequent rules updates.
Snort Plugins Databases mySQL Oracle Postgresql unixODBC Spade (Statistical Packet Anomaly Detection engine) FlexResp (Session response/closing) XML output TCP streams (stream single-byte reassembly)
Snort Add-ons Acid(Analysis Console for Intrusion Detection) - PHP Guardian – IPCHAINS rules modifier.(Girr – remover) SnortSnarf - HTML Snortlog – syslog “ Ruleset retreive” – automatic rules updater. Snorticus – central multi-sensor manager – shell LogSnorter – Syslog > snort SQL database information adder. + a few win32 bits and pieces.
Acid + Snort Acid is a Cert project. Pretty simple PHP3 to mySQL Quite customizable. Simple GUI for casual browsing.
Snort Web Access - ACID Main Console
Snort Web Access - ACID
Snort Web Access - ACID Securityfocus Whitehats CVE
Snort Web Access - ACID Rule details
Snort Web Access - ACID Incident details
Snort Web Access - ACID Incident details
END

More Related Content

PPT
Day3
Jai4uk
 
PPT
Day3 Backup
Jai4uk
 
PPT
Day1
Jai4uk
 
PPT
Firewall
lmbriscoe
 
PPTX
network security, group policy and firewalls
Sapna Kumari
 
PPT
Data security in local network using distributed firewall ppt
Sabreen Irfana
 
PDF
4 (data security in local network using)
JIEMS Akkalkuwa
 
PDF
Intrusion Detection System Project Report
Raghav Bisht
 
Day3
Jai4uk
 
Day3 Backup
Jai4uk
 
Day1
Jai4uk
 
Firewall
lmbriscoe
 
network security, group policy and firewalls
Sapna Kumari
 
Data security in local network using distributed firewall ppt
Sabreen Irfana
 
4 (data security in local network using)
JIEMS Akkalkuwa
 
Intrusion Detection System Project Report
Raghav Bisht
 

What's hot (20)

PPTX
Firewall ppt
OECLIB Odisha Electronics Control Library
 
PPT
Data Security in Local Area Network Using Distributed Firewall
Manish Kumar
 
PPTX
Firewall presentation
yogendrasinghchahar
 
PPT
Using Genetic algorithm for Network Intrusion Detection
Sagar Uday Kumar
 
PPT
Dmz
أحلام انصارى
 
PPT
Tech 101: Understanding Firewalls
Likan Patra
 
PPTX
Introduction of firewall slides
rahul kundu
 
PPT
Firewall protection
VC Infotech
 
PPT
Firewall Architecture
Yovan Chandel
 
PPT
Intrusion Detection And Prevention
Nicholas Davis
 
PDF
IDS/IPS security
Clarejenson
 
DOCX
Firewalls
Sonali Parab
 
PDF
Network firewall function & benefits
Anthony Daniel
 
PDF
Firewalls
Jyoti Akhter
 
PDF
Next Generation Network: Security and Architecture
ijsrd.com
 
PDF
Network Attack and Intrusion Prevention System
Deris Stiawan
 
PPT
Network Intrusion Detection System Using Snort
Disha Bedi
 
PPTX
Windows firewall
VC Infotech
 
PPT
Presentation, Firewalls
kkkseld
 
PPT
Intrusion detection system ppt
Sheetal Verma
 
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Data Security in Local Area Network Using Distributed Firewall
Manish Kumar
 
Firewall presentation
yogendrasinghchahar
 
Using Genetic algorithm for Network Intrusion Detection
Sagar Uday Kumar
 
Dmz
أحلام انصارى
 
Tech 101: Understanding Firewalls
Likan Patra
 
Introduction of firewall slides
rahul kundu
 
Firewall protection
VC Infotech
 
Firewall Architecture
Yovan Chandel
 
Intrusion Detection And Prevention
Nicholas Davis
 
IDS/IPS security
Clarejenson
 
Firewalls
Sonali Parab
 
Network firewall function & benefits
Anthony Daniel
 
Firewalls
Jyoti Akhter
 
Next Generation Network: Security and Architecture
ijsrd.com
 
Network Attack and Intrusion Prevention System
Deris Stiawan
 
Network Intrusion Detection System Using Snort
Disha Bedi
 
Windows firewall
VC Infotech
 
Presentation, Firewalls
kkkseld
 
Intrusion detection system ppt
Sheetal Verma
 
Ad

Similar to Day4 (20)

PDF
Eximbank security presentation
laonap166
 
PPT
Ch05 Network Defenses
Information Technology
 
PPTX
firewall filtering and communication domain
MohammedAli580048
 
PPTX
Firewall
trilokchandra prakash
 
PDF
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
PPT
Firewall
Amuthavalli Nachiyar
 
DOCX
Firewall
syeda zoya mehdi
 
PPTX
UNIT-4 network information security ID system
agasyabutolia
 
PPT
Firewall presentation m. emin özgünsür
emin_oz
 
PPTX
Firewall
reddivarihareesh
 
PPT
Web Application Security
Abdul Wahid
 
PPT
Firewalls
Shreya Singireddy
 
PDF
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
PDF
DDoS Falcon_Tech_Specs-Haltdos
Haltdos
 
PDF
Security assignment (copy)
Amare Kassa
 
PPTX
Firewall presentation
gaurav96raj
 
PDF
Firewall.pdf
ImXaib
 
PPTX
Network security
Sidiq Dwi Laksana
 
ODP
Introduction To NIDS
Michael Boman
 
PDF
Denial of Service Attack Defense Techniques
IRJET Journal
 
Eximbank security presentation
laonap166
 
Ch05 Network Defenses
Information Technology
 
firewall filtering and communication domain
MohammedAli580048
 
Firewall
trilokchandra prakash
 
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
Firewall
Amuthavalli Nachiyar
 
Firewall
syeda zoya mehdi
 
UNIT-4 network information security ID system
agasyabutolia
 
Firewall presentation m. emin özgünsür
emin_oz
 
Firewall
reddivarihareesh
 
Web Application Security
Abdul Wahid
 
Firewalls
Shreya Singireddy
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
DDoS Falcon_Tech_Specs-Haltdos
Haltdos
 
Security assignment (copy)
Amare Kassa
 
Firewall presentation
gaurav96raj
 
Firewall.pdf
ImXaib
 
Network security
Sidiq Dwi Laksana
 
Introduction To NIDS
Michael Boman
 
Denial of Service Attack Defense Techniques
IRJET Journal
 
Ad

Recently uploaded (20)

PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
KodekX | Application Modernization Development
KodekX
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Teaching material agriculture food technology
LiaRayya
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 

Day4

  • 1. Network Security and Hacking Techniques DAY-4
  • 2. Firewalls We are here Visible IP Address Internal Network PC Servers Linux and windows Host Application Servers Like IDS,Sniffers
  • 3. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI and TCP/IP Network models? Different types of firewall. Different firewall architectures. What kind of firewall is best for what infrastructure.
  • 4. Introduction Benefits of Internet Better Communication Remote Access Immense source of information Boosting the efficiency of buisnesses Network security a major concern.
  • 5. Why you need a firewall? What happens when you connect to the Internet? Your network becomes part of Internet. Possibility of attack by thieves and vandals. How do you protect confidential information from those who do not explicitly need to access it? How do you protect your network and its resources from malicious users and accidents that originate outside of your network?
  • 6. Types of Attacks Network Packet sniffers IP Spoofing Password Attacks Distribution of sensitive information to external resources. Man-in-the-middle attacks Denial of Service Attacks Application layer attacks
  • 9. Basic Purpose of a Firewall It blocks incoming data that might contain a hacker attack. It hides information about the network by making it seem that all outgoing traffic originates from the firewall rather than the network. This is called Network Address Translation (NAT). It screens outgoing traffic to limit Internet use and/or access to remote sites.
  • 10. Other Features of Firewall Content Filtering Virtual Private Networks Antivirus Protection Demilitarized Zone Firewalls
  • 11. What can't a firewall do? They cannot provide complete security T hey can do nothing to guard against insider threats. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced.
  • 12. How does a network firewall interact with OSI and TCP/IP Network models? Network Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. The higher up in the stack layer at which an architecture examines packets, the greater the level of protection the architecture provides, since more information is available upon which to base decisions.
  • 13. Types of Firewall Static Packet Filter Dynamic (stateful) packet filter Circuit level Gateway Application level Gateway Stateful Multilayer Inspection Firewall
  • 15. Static Packet Filter(contd.) Advantages Low cost – now included with many operating systems. Disadvantages Filters are difficult to configure Static packet filter is not state aware . Static packet filter does not examine the complete packet.
  • 16. Dynamic (stateful) packet filter State awareness Aware of the difference between a new and an established connection. Advantage: State awareness provides measurable performance benefit. Disadvantage: Susceptible to IP spoofing. Only provides for a low level of protection.
  • 18. Circuit Level Gateway(contd.) Advantages: Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Higher level of security than a static or dynamic (stateful) packet filter. Disadvantage: A circuit level gateway cannot examine the data content of the packets it relays between a trusted network and an untrusted network. The potential exists to slip harmful packets through a circuit level gateway to a server behind the firewall.
  • 20. Application Level Gateway(contd.) Advantages: Filter application specific commands such as http: post and get, etc. Inspect the complete packet. Highest level of security. Disadvantages: Vendors must keep up with new protocols. A common complaint of application level gateway users is lack of timely vendor support for new protocols. Must be written securely.
  • 22. Stateful Multilayer Inspection Firewall(contd.) Advantages: Does not break the client server model. Offer a high level of security. Disadvantages: The failure to break the client server model creates an unacceptable security risk as the hacker has a direct connection to the protected server. They are expensive. Due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel.
  • 26. Conclusion Keeping your software patched and running updated antivirus software are very important pieces, but having a firewall block incoming connections in the first place is definitely a wise idea as well. No one security solution will solve everything. The more lines of defense you have in place, the harder it is for hackers to get in and the safer you will be.
  • 28. What is Intrusion Detection Intrusion detection systems (IDSs) are designed for detecting, blocking and reporting unauthorized activity in computer networks. “ The life expectancy of a default installation of Linux Red Hat 6.2 server is estimated to be less than 72 hours.” “ The fastest compromise happened in 15 minutes (including scanning, probing and attacking)” “ Netbios scans affecting Windows computers were executed with the average of 17 per day” (source: Honeynet Project )
  • 29. Motivation for Intrusion Detection Unauthorized Use of Computer Systems Within Last 12 Months (source Indian ISP’s Study)
  • 30. Definitions Intrusion A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability, of a computing and networking resource Intrusion detection The process of identifying and responding to intrusion activities
  • 31. Why Is Intrusion Detection Necessary? Prevent Detect React/ Survive Security principles: layered mechanisms
  • 32. Different Types of IDSs Application based Host based Network based.
  • 33. Different Types of IDSs Application IDS Watch application logs Watch user actions Stop attacks targeted against an application Advantages Encrypted data can be read Problems Positioned too high in the attack chain (the attacks reach the application)
  • 34. Different Types of IDSs Host IDS Watch kernel operations Watch network interface Stop illegal system operations Drop attack packets at network driver Advantages Encrypted data can be read Each host contributes to the detection process Problems Positioned too high in the attack chain (the attacks reach the network driver)
  • 35. Different Types of IDSs Network IDS Watch network traffic Watch active services and servers Report and possibly stop network level attacks Advantages Attacks can be stopped early enough (before they reach the hosts or applications) Attack information from different subnets can be correlated Problems Encrypted data cannot be read Annoyances to normal traffic if for some reason normal traffic is dropped
  • 36. An Adaptive IDS Architecture FW Quick and dirty Real-time IDS Best-effort in real-time Backend IDS Thorough and slow (scenario/trend) Dynamic Cost-sensitive Decision Making Detection Models
  • 37. Different Ways to put IDS on network HUB
  • 38. Different Ways to put IDS on network TAP
  • 39. Circuit Diagrams of Taping 100Mb Ethernet Switch
  • 40. Circuit Diagrams of Taping 1Gb Ethernet Switch
  • 41. Circuit Diagrams of Taping 1Gb Ethernet Switch
  • 42. SNORT Open Source Just about any platform(Including windows) Many plugins and external modules. Frequent rules updates.
  • 43. Snort Plugins Databases mySQL Oracle Postgresql unixODBC Spade (Statistical Packet Anomaly Detection engine) FlexResp (Session response/closing) XML output TCP streams (stream single-byte reassembly)
  • 44. Snort Add-ons Acid(Analysis Console for Intrusion Detection) - PHP Guardian – IPCHAINS rules modifier.(Girr – remover) SnortSnarf - HTML Snortlog – syslog “ Ruleset retreive” – automatic rules updater. Snorticus – central multi-sensor manager – shell LogSnorter – Syslog > snort SQL database information adder. + a few win32 bits and pieces.
  • 45. Acid + Snort Acid is a Cert project. Pretty simple PHP3 to mySQL Quite customizable. Simple GUI for casual browsing.
  • 46. Snort Web Access - ACID Main Console
  • 48. Snort Web Access - ACID Securityfocus Whitehats CVE
  • 49. Snort Web Access - ACID Rule details
  • 50. Snort Web Access - ACID Incident details
  • 51. Snort Web Access - ACID Incident details
  • 52. END