THREAT TO NETOWRK SECURITY & MEASURES AGAINST ATTACK
PRESENTED TO: Mrs. Inderpreet PRESENTED BY: DIKSHA ROLL NOL: 6 CLASS 10TH
�Attack Sophistication vs. Intruder Technical Knowledge
High
Auto Coordinated
Cross site scripting
Tools
Staged
stealth / advanced scanning techniques packet spoofing denial of service sniffers
Intruder Knowledge
sweepers
distributed attack tools www attacks automated probes/scans GUI
back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack Sophistication exploiting known vulnerabilities password cracking
self-replicating code
Low
1980
password guessing
Intruders
1995 2004
1985
1990
�E-mail Viruses
E-mail has become the
Corp Network
primary means for distributing threats Trojans are easy to deliver and install HTML viruses (no user intervention) with webmail E-mails with attachments containing:
Macros, VB scripts, java scripts and html scripts
�File Based Threats
File Server
Example: Internet download Viruses and malicious code
infection:
Peer to Peer Instant Messaging apps Shareware sites Compromised servers Legitimate corporations Web based email
Corp Network
Threats pass through
stateful packet inspection firewalls Once inside the network, others are easily affected
�File Based Threats
Example: Netbios file
Corp Network
File Server
transfers Viruses can be uploaded to network drives Once on the network drive users can be affected Nimda was a virus that attacked file servers and opened up a hole to allow a hacker to obtain control of the server
�Application Attacks
Buffer Overflow Malicious Hacker
Unpatched Servers: Scob Servers do not get up to
date patches Attacker sends malicious code through a buffer overflow Executes program instructions
to the victims computer for execution Can also be used as denialof-service attack, causing the computer to crash
Server is infected New users who access
server get infected
�Software Development Mistakes
Double Free
Format String
Integer Overflow
3%
Unknown 6% 2%
Access Validation Error
Input Validation Error
Boundary Condition Error
Configuration Error Others
Buffer Overflows
Failure to Handle Exceptional Conditions
Design Error
CERT Advisories
Security Focus
�What is Spyware/Adware?
Spyware is any software that utilizes a computers Internet
According to certain experts, approximately 90% of
computers have some form of Spyware
access without the hosts knowledge or explicit permission
Aids in gathering information:
Browsing habits (sites visited, links clicked, etc.) Data entered into forms (including account names, passwords, text
of Web forms and Web-based email, etc.) Key stokes and work habits
�Spyware Infection
A - Downloading programs
B - Trojans that are delivered or
Kazaa / screensavers / windows utilities Download managers / file sharing sw / demo software
downloaded in e-mail C - In free, banner ad-based software Popups D - The most notorious enabler of Spyware is Microsofts ActiveX module
User Zone
C/D
Random IPs Server Zone
�MEASURES AGAINST NETWORK ATTACK
Firewall Technology
Typical firewalls are effective for port blocking
If a port is open it is assumed any data can pass Intrusion detection is a reactive approach that does
not actively protect
Security must be built upon deep packet inspection,
AV/Spy/Intrusion prevention with dynamic updates
User Zone
Server Zone
�The New Standard - UTM
Unified Threat Management Integration of Firewall
Deep Packet Inspection Intrusion Prevention for blocking network threats Anti-Virus for blocking file based threats Anti-Spyware for blocking Spyware
Faster updates to the dynamic changing threat
environment and elimination of False Positives
�Hidden threats
Typical User Activity Typical Network Traffic: Email
Our World View Firewall View
Network communication, like email, file transfers and web sessions are packetized
Traffic = multiple packets of information
HEA DER
DATA One Packet = Header info and Data Firewall Traffic Path
�Security Must Be Updated
Signature Database
ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MSSQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT
AV Database IPS Database Spy Database Content Filtering Database
Stateful Packet Inspection
Deep Packet Inspection
Gateway Anti-Virus Anti-Virus Anti-Spyware
Content Content Filtering Inspection Service
Firewall Traffic Path
