hands on network security practical tools methods
play

Hands-On Network Security: Practical Tools & Methods Security - PowerPoint PPT Presentation

Dec 10, 2022 •359 likes •881 views

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

  1. Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012

  2. Hands-On Network Security Module 6 Firewalls & VPNs

  3. Topics • Firewall Fundamentals • Case study: Linux iptables • Virtual Private Networks (VPNs) 04/12 cja 2012 3

  4. Firewalls 04/12 cja 2012 4

  5. Firewalls 04/12 cja 2012 5

  6. Firewalls • A firewall limits the extent to which hosts on different networks can interact with one another 04/12 cja 2012 6

  7. Types of firewalls • Packet level • Application level • Host-based 04/12 cja 2012 7

  8. Packet level firewalls • Firewall inspects incoming packets • Blocks packets violating policy rules  => packets dropped without acknowledgement • Rules allow blocking based on  Source and destination IP address  Source and destination port  Protocol, flags, TOS, … 04/12 cja 2012 8

  9. Statelessness • Traditional packet level firewalls treated every packet independently  Stateless firewalling • Problem  Doesn ’ t relate packet information to overall packet flow  Doesn ’ t remember anything • Results in coarse-grained control  Forces overly liberal or conservative policies 04/12 cja 2012 9

  10. Example • H.323 video streaming protocol  Initiates two TCP connections and several RTP (real-time transport protocol) streams  The RTP streams contain no information relating them to the H.323 application  How should a stateless firewall decide if these streams are to be blocked? 04/12 cja 2012 10

  11. Example • IP Fragmentation  All but the first fragment don ’ t specify ports 04/12 cja 2012 11

  12. Statefulness • Solution: firewall keeps state about recent packet flows  Decides to block packet based on packet contents plus stored state  More fine-grained control  Obviates application-level firewalls • Problem  All that state consumes firewall resources 04/12 cja 2012 12

  13. Canonical firewalled network 04/12 cja 2012 13

  14. Zones Collection of networks with specified security properties • Perimeter • DMZ • Wireless • Intranet 04/12 cja 2012 14

  15. Perimeter zone The outside world  Untrusted zone  No control over hosts in this zone  Internet rules 04/12 cja 2012 15

  16. DMZ Demilitarized zone • Contains an organization ’ s publicly visible services (email, Web, DNS, FTP, …)  Hardened hosts  Proxies • Semi-trusted zone 04/12 cja 2012 16

  17. Intranet zone • Most trusted zone • Organizational assets placed here • Access blocked from untrusted zones  Access via proxies in the DMZ only 04/12 cja 2012 17

  18. Wireless zone A perimeter zone! • Untrusted hosts • Semi-trusted network 04/12 cja 2012 18

  19. Application-level firewalls Application proxy server • Accepts client traffic • Maintains state, validates traffic • Passes validated traffic to server 04/12 cja 2012 19

  20. Application-level firewalls • Firewall worries about security  Obviates security-related server changes  Hampers defense-in-depth • Firewall must understand application protocol  Increased complexity • Stateful packet-level firewalls are an alternative 04/12 cja 2012 20

  21. Host-based firewalls • Firewall run on individual hosts • Placed between incoming packets and the host network stack • Acts like a packet-level firewall 04/12 cja 2012 21

  22. Host-based firewalls • Each host requires policy management  Administration headache  Simple default policies in distributions • Defense-in-depth 04/12 cja 2012 22

  23. References • The Tao of Network Security Monitoring, Richard Bejtlich, Addison-Wesley, 2005. ISBN 0-321-24677-2 • Information Security Illuminated, Michael G.Solomon and Mike Chapple, Jones and Bartlett, 2005. • http://en.wikipedia.org/wiki/Firewall_(computing) (accessed April 2010) 04/12 cja 2012 23

  24. iptables 04/12 cja 2012 24

  25. IP Tables • Linux packet-level firewall • Successor to IP Chains • NAT/NAPT support • Extended functionality via modules • Stateful filter support • Applications  Host based firewall  Stateful packet firewall  net.ipv4.ip_forward=1 in /etc/sysctl.conf 04/12 cja 2012 25

  26. IP Tables Architecture • Three tables for organization  filter, nat, mangle • Each table contains several chains  built-in (invoked at fixed points in network layer)  user-defined • Each chain contains several rules  first rule matched determines action taken • Each rule contains matching criteria and target • Built-in chains have policies  specifies default target if no rule in chain matches 04/12 cja 2012 26

  27. Rules • (Standard) matching criteria  protocol  source IP (address/mask)  dest IP (address/mask)  port (source/dest/both)  interface (input/output) • Target 04/12 cja 2012 27

  28. Rules • Extended matching criteria  Implemented via modules • Connection state matching  INVALID  packet not associated with any connection  NEW  packet is starting a new connection  ESTABLISHED  packet is associated with existing connection  RELATED  packet is starting a new connection, but is associated with an existing connection » FTP DATA, ICMP error • Several other extended matching criteria 04/12 cja 2012 28

  29. Predefined targets • All terminate processing in this chain for this packet  ACCEPT  accept packet for processing  DROP  drop packet  QUEUE  pass packet to userland (not common)  RETURN  return to calling chain (use policy if no calling chain) 04/12 cja 2012 29

  30. Extended targets • Both terminating and non-terminating targets  REJECT (terminating)  return packet indicating error  LOG (non-terminating)  generate log entry  … 04/12 cja 2012 30

  31. filter table • Default table • Built-in chains  INPUT  incoming network packets  FORWARD  packets being routed by the host  OUTPUT  locally-generated packets output to network 04/12 cja 2012 31

  32. nat table • For network address translation • Built-in chains  PREROUTING (DNAT)  alter packets as they arrive  OUTPUT  alter locally-generated packets before routing  POSTROUTING (SNAT)  alter packets as they depart 04/12 cja 2012 32

  33. mangle table • For specialized packet changes  change TOS/DSCP header  set netfilter mark value  … • Built-in chains  PREROUTING  INPUT  OUTPUT  FORWARDING  POSTROUTING 04/12 cja 2012 33

  34. Firewall traversal Prerouting Input Route Local Forward Output Postrouting 04/12 cja 2012 34

  35. Firewall Traversal Rob Mayoff 04/12 cja 2012 35

  36. Some caveats • iptables and ipchains don ’ t mix • rule additions are atomic  … rule set additions are not • avoid leaving firewall open while editing  … use DROP, DENY, REJECT policies • policy actions do not log • rules are not removed when an interface goes down • raw sockets are unaffected by rules 04/12 cja 2012 36

  37. iptables lab • Examine iptables man page  man iptables • Examine existing firewall settings  sudo service iptables status  sudo iptables –L [-v] [–n] [–-line-numbers] 04/12 cja 2012 37

  38. iptables lab 1. Add firewall rule(s) to allow outbound ssh to pst.merit.edu only 2. Add firewall rules(s) to allow root outbound ssh to anywhere 3. Add firewall rule(s) to limit non-root logins to pst.merit.edu to one at a time 4. Add firewall rule(s) to log all successful and unsuccessful outbound ssh attempts 04/12 cja 2012 38

  39. Virtual Private Networks (VPNs) 04/12 cja 2012 39

  40. Roadmap • Definition • VPN Uses • Types of VPNs • Protocol Details 04/12 cja 2012 40

  41. Definition A VPN is a link over a shared public network, typically the Internet, that simulates the behavior of dedicated WAN links over leased lines. A VPN uses encryption to authenticate the communications endpoints and to secure your data as it travels over an insecure network . 04/12 cja 2012 41

  42. VPN motivators • Confidentiality, Integrity & Authentication  Encryption • Bypass blocks  Border  Local ISP • Extends the office network  VoIP  Drive mapping • Collaboration • Enabling technology 04/12 cja 2012 42

  43. Some VPNs • Protocol  IPSec  Standards-based  Varied Encryption Levels  Flexible  SSL  Clientless (Web Browser) • Application  SSH VPN is not a single solution 04/12 cja 2012 43

  44. IPSec Details IPSec protocol • Internet Standard • Two complementary protocols  Authentication Headers (AH) Prevents tampering with packet headers  Encapsulating Security Protocol (ESP) Provides confidentiality and integrity of packet contents 04/12 cja 2012 44

Recommend

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

592 views • 35 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

750 views • 31 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu G. Noubir Tools 1 1 Lesson Outcomes: you need to be able to Describe and discuss the various security threats to

1.04k views • 39 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Extrae & Paraver Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for most of the hands on from the web site https://tools.bsc.es/tools-hands-on. No binaries are provided, but you can follow the

633 views • 24 slides
Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Clustering Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for most of the hands on from the web site https://tools.bsc.es/tools-hands-on. Clustering has to be executed on a Linux machine. > ls

389 views • 6 slides
Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow monitoring extended by application layer

1.99k views • 184 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

694 views • 45 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

1.71k views • 60 slides
Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter

Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter Hack Reloaded, Ed Skoudis, 2005, Prentice-Hall. Threats to Communication Networks Security was an add-on to many network

456 views • 10 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

336 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

644 views • 36 slides
Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security Consultant Agenda Social Engineering Methodology Attacks & Techniques Demos Tools of the trade Prevention Methods and Advice

502 views • 27 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 02/13 cja 2013 2 02/13 cja 2013 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

1.24k views • 55 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 03/12 cja 2012 2 03/12 cja 2012 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

753 views • 53 slides
Supervisor: Joe Klemencic Computing Division-Network Security Fermi National Accelerator

Supervisor: Joe Klemencic Computing Division-Network Security Fermi National Accelerator

Supervisor: Joe Klemencic Computing Division-Network Security Fermi National Accelerator Laboratory, Batavia, IL 60510 OUTLINE Introduction Objective Relevance Tools & Methods Results Four different cases

370 views • 18 slides
Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security

Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security

Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security Overview By default networks are very insecure Connected to the open internet There are a number of well known methods for securing a

659 views • 21 slides
The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Tools of the Trade Basic Toolbox 1. awk 2. head/tail 3. sort 4. uniq 5. bro-cut 2 / 9

627 views • 41 slides
The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Tools of the Trade Basic Toolbox 1. awk 2. head/tail 3. sort 4. uniq 5. bro-cut 2 / 9

128 views • 9 slides
Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Lower Layer Security Physical Layer Overview Common attack methods Ethernet

967 views • 40 slides
INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for

INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for

INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for Summer, 2008 Michele Rousseau Lecture Note 10 Effort Estimation Announcements Assignment #3 is due on Monday Quiz #3 regrades are due today

647 views • 21 slides
Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015

731 views • 62 slides

More recommend