SlideShare une entreprise Scribd logo

Network security

S
Shyam Kumar Singh

NETWORK SECURITY

Technologie
1  sur  10
Security Measures In Networking The security measures to be followed in networking are as follows: Firewall By far the most common security measure these days is a firewall. A lot of confusion surrounds the concept of a firewall, but it can basically be defined as any perimeter device that permits or denies traffic based on a set of rules configured by the administrator. Thus, a firewall may be as simple as a router with access lists or as complex as a set of modules distributed through the network controlled from one central location. The firewall protects everything "behind" it from everything in "front" of it. Usually the "front" of the firewall is its Internet facing side, and the "behind" is the internal network. The way firewalls are designed to suit different types of networks is called the firewall topology.
These are packages meant for individual desktops and are fairly easy to use. The first thing they do is make the machine invisible to pings and other network probes. Most of them also let you choose what programs are allowed to access the Internet. Therefore, you can allow your browser and mail client, but if you see some suspicious program trying to access the network, you can disallow it. This is a form of egress filtering or outbound traffic filtering and provides very good protection against Trojan horse programs and worms. However, firewalls are no cure-all solution to network security woes. A firewall is only as good as its rule set, and there are many ways an attacker can find commonmisconfigurations and errors inthe rules. For example, if the firewall blocks all traffic except traffic originating from port 53 (DNS) so that everyone can resolve names, the attacker could then use this rule to his advantage. By changing the source port of his attack or scan to port 53, the firewall will allow all of his traffic through, because it assumes it is DNS traffic. Bypassing firewalls is a whole study in itself and one which is very interesting (especially to those with a passion for networking), because it normally involves misusing the way TCP and IP are supposed to work. That said, firewalls today are becoming very sophisticated and a well-installed firewall can severely thwart a would-be attacker's plans. It is important to remember that the firewall does not lookinto the data section of the packet. Thus, if you have a Web server that is vulnerable to a CGI exploit and the firewall is set to allow traffic to it, there is no way the firewall can stop an attacker from attacking the Web server. It does not look at the data inside the packet. That would be the job of an intrusion- detection system (covered in part three). Antivirus systems Everyone is familiar with the desktop version of antivirus packages like Norton Antivirus and McAfee. The way these operate is fairly simple -- when researchers find a new virus, they figure out some unique characteristic it has (maybe a registry key it creates or a file it replaces) and out of this they write the virus "signature."
The whole load of signatures for which your antivirus software scans is known as the virus "definitions." This is the reason why keeping your virus definitions up-to-date is very important. Many antivirus packages have an auto-update feature for you to download the latest definitions. The scanning ability of your software is only as good as the date of your definitions. In the enterprise, it is very common for administrators to install antivirus software onall machines, but there is no policy for regular updates of the definitions. This is meaningless protection and serves only to provide a false sense of security. With the recent spread of e-mail viruses, antivirus software at the mail server is becoming increasingly popular. The mail server will automatically scan any e-mail it receives for viruses and quarantine the infections. The idea is that since all mail passes through the mail server, this is the logical point to scan for viruses. Given that most mail servers have a permanent connection to the Internet, they can regularly download the latest definitions. On the downside, these can be evaded quite simply. If you zip up the infected file or Trojan, or encrypt it, the antivirus system may not be able to scan it. End users must be taught how to respond to antivirus alerts. This is especially true in the enterprise -- anattacker doesn't needto tryand bypass your fortress-like firewall if all he has to do is e-mail Trojans to a lot of people inthe company. It takes just one uninformed user to open the infected package to allow the hacker a backdoor to the internal network. It is advisable that the IT department gives a brief seminar on how to handle e-mail from untrusted sources and how to deal with attachments.
Intrusion-detection systems There are basicallytwo types of intrusion-detectionsystems (IDS):  Host-basedIDS  Network-basedIDS Host-based IDS: These systems are installed on a particular important machine (usually a server or some important target) and are tasked with making sure that the system state matches a particular set baseline. For example, the popular file-integrity checker Tripwire is run on the target machine just after it has been installed. It creates a database of file signatures for the system and regularly checks the current system files against their known safe signatures. If a file has been changed, the administrator is alerted. This works very well because most attackers will replace a common system file with a trojaned version to give them backdoor access.
Network-based IDS: These systems are more popular and quite easy to install. Basically, they consist of a normal network sniffer running in promiscuous mode. (In this mode, the network card picks up all traffic even if it is not meant for it.) The sniffer is attached to a database of known attack signatures, and the IDS analyzes each packet that it picks up to check for known attacks. For example, a common Web attack might contain the string /system32/cmd.exe? in the URL. The IDS will have a match for this in the database and will alert the administrator. Newer versions of IDS support active prevention of attacks. Instead of just alerting an administrator, the IDS can dynamically update the firewall rules to disallow traffic from the attacking IP address for some amount of time. Or the IDS can use "session sniping"to fool both sides of the connection into closing down so that the attack cannot be completed. Unfortunately, IDS systems generate a lot of false positives. A false positive is basically a false alarm, where the IDS sees legitimate traffic and for some reason matches it against an attack pattern. This tempts a lot of administrators into turning them off or even worse -- not bothering to read the logs. This may result in an actual attack being missed. IDS evasion is also not all that difficult for an experienced attacker. The signature is based on some unique feature of the attack, and so the attacker can modify the attack so that the signature is not matched. For example, the above attack string /system32/cmd.exe? could be rewritten in hexadecimal to look something like: '2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f' This might be totally missed by the IDS. Furthermore, an attacker could split the attack into many packets by fragmenting the packets. This means that each packet would only contain a small part of the attack, and the signature would not match. Even if the IDS is able to reassemble fragmented packets, this creates a time overhead and since the IDS has to run at near real-time status, they tend to drop packets while they are processing. IDS evasion is a topic for a paper on its own. The advantage of a network-based IDS is that it is very difficult for anattacker to detect. The IDS itself does not need to generate any traffic, and, in fact, many of them have a broken TCP/IP stack so that they don't have an IP address. Thus the attacker does not know whether the network segment is being monitored or not.
Patching and updating It is embarrassing and sad that this has to be listed as a security measure. Despite being one of the most effective ways to stop an attack, there is a tremendously laid-back attitude to regularly patching systems. There is no excuse for not doing this, and yet the level of patching remains woefully inadequate. Take, for example, the MS blaster worm that spread havoc recently. The exploit was known almost a month in advance and a patch had been released. Still, millions of users and businesses were infected. While administrators know that having to patch 500 machines is a laborious task, the way I look at it is that I would rather be updating my systems on a regular basis than waiting for disaster to strike and then running around trying to patch and clean up those 500 systems. In the enterprise, there is no "easy" way to patch large numbers of machines, but there are patch deployment mechanisms that take a lot of the burden away. Frankly, it is part of an admin's job to do this, and when a network is horribly fouled up by the latest worm, it just means that someone, somewhere didn't do his job well enough. Now that we've concluded a brief introduction to the types of threats faced in the enterprise, it is time to have a look at some of the tools that attackers use.
Keep in mind that a lot of these tools have legitimate purposes and are very useful to administrators as well. For example, I can use a network sniffer to diagnose a low-level network problem or I can use it to collect your password. It just depends which shade of hat I choose to wear. General network tools As surprisingas it might sound, some of the most powerful tools, especially in the beginning stages of an attack, are the regular network tools available with most operating systems. For example, an attacker will usually query the "whois" databases for information on the target. After that, he might use "nslookup" to see if he can transfer the whole contents of the DNS zone. This will let him identify high-profile targets such as Web servers, mail servers, and DNS servers. He might also be able to figure what different systems do based on their DNS name; for example, sqlserver.victim.com would most likely be a database server. Other important tools include trace route to map the network and ping to check which hosts are alive. You should make sure your firewall blocks ping requests and trace route packets.
Port scanners Most of you will know what port scanners are. Any system that offers TCP or UDP services will have an open port for that service. For example, if you're serving up Web pages, you'll likely have TCP port 80 open. FTP is TCP port 20/21, Telnet is TCP 23, SNMP is UDP port 161 and so on. A port scanner scans a host or a range of hosts to determine what ports are open and what service is running on them. This tells the attacker which systems can be attacked. For example, if I scan a Web server and find that port 80 is running an old Web server, like IIS/4.0, I can target this system with my collection of exploits for IIS 4. Usually the port scanning will be conductedat the start of the attack, to determine whichhosts are interesting. This is when the attacker is still footprinting the network -- feeling his way around to get an idea of what type of services are offered and what operating systems are in use. One of the best port scanners around is Nmap (http://www.insecure.org/nmap). Nmap runs on just about every operating system, is very versatile and has many features including OS fingerprinting, service version scanning and stealth scanning. Another popular scanner is Superscan (http://www.foundstone.com), which is only for the windows platform.
Network sniffers A network sniffer puts the computer's NIC (network interface card or LAN card) into promiscuous mode. In this mode, the NIC picks up all the traffic on its subnet regardless of whether it was meant for it or not. Attackers set up sniffers so that they can capture all the network traffic and pull out log-ins and passwords. The most popular network sniffer is TCPdump. It can be run from the command line, which is usually the level of access a remote attacker will get. Other popular sniffers are Iris and Ethereal. When the target network is a switched environment (a network which uses Layer 2 switches), a conventional network scanner will not be of any use. For such cases, the switched network sniffer Ettercap (http://ettercap.sourceforge.net) is very popular. It allows the attacker to collect passwords, hijack sessions, modify ongoing connections and kill connections. It can even sniff securedcommunicationslike SSL (Secure Sockets Layer, used for secure Web pages) and SSH1 (Secure Shell, a remote access service like telnet, but encrypted). There are also programs that allow an admin to detect whether any NICs are running in promiscuous mode.
Vulnerability scanners A vulnerability scanner is like a port scanner on steroids. Once it has identified which services are running, it checks the system against a large database of known vulnerabilities and then prepares a report on the security holes that are found. The software can be updated to scan for the latest securityholes. These tools are verysimple to use, so many script kiddies point them at a target machine to find out what they can attack. The most popular ones are Retina (http://www.eeye.com), Nessus (http://www.nessus.org) and GFI Lan Scan (http://www.gfi.com). These are very useful tools for administrators, as well, because they can scan their whole network and get a detailed summary of the holes that exist. Made by: Ayush Singh

Recommandé

Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemDuwinowo NT
 
Future Prediction: Network Intrusion Detection System in the cloud
Future Prediction: Network Intrusion Detection System in the cloudFuture Prediction: Network Intrusion Detection System in the cloud
Future Prediction: Network Intrusion Detection System in the cloudSedthakit Prasanphanich
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemSarah Rudd
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsMohamed Jelidi
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 

Recommandé

Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemDuwinowo NT
 
Future Prediction: Network Intrusion Detection System in the cloud
Future Prediction: Network Intrusion Detection System in the cloudFuture Prediction: Network Intrusion Detection System in the cloud
Future Prediction: Network Intrusion Detection System in the cloudSedthakit Prasanphanich
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemSarah Rudd
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsMohamed Jelidi
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Day3 Backup
Day3 BackupDay3 Backup
Day3 BackupJai4uk
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot SecurityIRJET Journal
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Day4
Day4Day4
Day4Jai4uk
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Eng. Mohammed Ahmed Siddiqui
 
Intrusion preventionintrusion detection
Intrusion preventionintrusion detectionIntrusion preventionintrusion detection
Intrusion preventionintrusion detectionIJCNCJournal
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systemsprimeteacher32
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionSagar Uday Kumar
 
Day3
Day3Day3
Day3Jai4uk
 
Ids(final)
Ids(final)Ids(final)
Ids(final)Not yet working. I am still studying
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionPramod M Mithyantha
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 
Double guard
Double guardDouble guard
Double guardDivya Gowda
 
Day1
Day1Day1
Day1Jai4uk
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Paper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devicesPaper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devicesYOU SHENG CHEN
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemMaulana Arif
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networkingShyam Kumar Singh
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-idsAdam Viet
 

Contenu connexe

Tendances

Day3 Backup
Day3 BackupDay3 Backup
Day3 BackupJai4uk
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot SecurityIRJET Journal
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Eng. Mohammed Ahmed Siddiqui
 
Intrusion preventionintrusion detection
Intrusion preventionintrusion detectionIntrusion preventionintrusion detection
Intrusion preventionintrusion detectionIJCNCJournal
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systemsprimeteacher32
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionSagar Uday Kumar
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionPramod M Mithyantha
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Paper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devicesPaper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devicesYOU SHENG CHEN
 

Tendances (19)

Day3 Backup
Day3 BackupDay3 Backup
Day3 Backup
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot Security
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
 
Day4
Day4Day4
Day4
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
 
Intrusion preventionintrusion detection
Intrusion preventionintrusion detectionIntrusion preventionintrusion detection
Intrusion preventionintrusion detection
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion Detection
 
Day3
Day3Day3
Day3
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure Selection
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasure
 
Double guard
Double guardDouble guard
Double guard
 
Day1
Day1Day1
Day1
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Paper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devicesPaper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devices
 

Similaire à Network security

Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemMaulana Arif
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networkingShyam Kumar Singh
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
The Security Of Information Security
The Security Of Information SecurityThe Security Of Information Security
The Security Of Information SecurityRachel Phillips
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
Intrusion detection system IDS
Intrusion detection system IDSIntrusion detection system IDS
Intrusion detection system IDSMAURICE NTAHOBARI
 
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and DemeritsSignature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demeritsdavid rom
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxwrite4
 
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxwrite4
 
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxwrite31
 

Similaire à Network security (20)

Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection system
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
The Security Of Information Security
The Security Of Information SecurityThe Security Of Information Security
The Security Of Information Security
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Intrusion detection system IDS
Intrusion detection system IDSIntrusion detection system IDS
Intrusion detection system IDS
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewalls
 
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and DemeritsSignature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Network security
Network securityNetwork security
Network security
 
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
 
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
 
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docxANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
 

Plus de Shyam Kumar Singh

SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
Conservation of Plants and Animals
Conservation of Plants and AnimalsConservation of Plants and Animals
Conservation of Plants and AnimalsShyam Kumar Singh
 
Crop Production and Management
Crop Production and ManagementCrop Production and Management
Crop Production and ManagementShyam Kumar Singh
 

Plus de Shyam Kumar Singh (7)

SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURES
 
Air & Water Pollution
Air & Water PollutionAir & Water Pollution
Air & Water Pollution
 
Pollution of Air and Water
Pollution of Air and WaterPollution of Air and Water
Pollution of Air and Water
 
Stars and The Solar System
Stars and The Solar SystemStars and The Solar System
Stars and The Solar System
 
Synthetic Fibres and Plants
Synthetic Fibres and PlantsSynthetic Fibres and Plants
Synthetic Fibres and Plants
 
Conservation of Plants and Animals
Conservation of Plants and AnimalsConservation of Plants and Animals
Conservation of Plants and Animals
 
Crop Production and Management
Crop Production and ManagementCrop Production and Management
Crop Production and Management
 

Dernier

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Network security

  • 1. Security Measures In Networking The security measures to be followed in networking are as follows: Firewall By far the most common security measure these days is a firewall. A lot of confusion surrounds the concept of a firewall, but it can basically be defined as any perimeter device that permits or denies traffic based on a set of rules configured by the administrator. Thus, a firewall may be as simple as a router with access lists or as complex as a set of modules distributed through the network controlled from one central location. The firewall protects everything "behind" it from everything in "front" of it. Usually the "front" of the firewall is its Internet facing side, and the "behind" is the internal network. The way firewalls are designed to suit different types of networks is called the firewall topology.
  • 2. These are packages meant for individual desktops and are fairly easy to use. The first thing they do is make the machine invisible to pings and other network probes. Most of them also let you choose what programs are allowed to access the Internet. Therefore, you can allow your browser and mail client, but if you see some suspicious program trying to access the network, you can disallow it. This is a form of egress filtering or outbound traffic filtering and provides very good protection against Trojan horse programs and worms. However, firewalls are no cure-all solution to network security woes. A firewall is only as good as its rule set, and there are many ways an attacker can find commonmisconfigurations and errors inthe rules. For example, if the firewall blocks all traffic except traffic originating from port 53 (DNS) so that everyone can resolve names, the attacker could then use this rule to his advantage. By changing the source port of his attack or scan to port 53, the firewall will allow all of his traffic through, because it assumes it is DNS traffic. Bypassing firewalls is a whole study in itself and one which is very interesting (especially to those with a passion for networking), because it normally involves misusing the way TCP and IP are supposed to work. That said, firewalls today are becoming very sophisticated and a well-installed firewall can severely thwart a would-be attacker's plans. It is important to remember that the firewall does not lookinto the data section of the packet. Thus, if you have a Web server that is vulnerable to a CGI exploit and the firewall is set to allow traffic to it, there is no way the firewall can stop an attacker from attacking the Web server. It does not look at the data inside the packet. That would be the job of an intrusion- detection system (covered in part three). Antivirus systems Everyone is familiar with the desktop version of antivirus packages like Norton Antivirus and McAfee. The way these operate is fairly simple -- when researchers find a new virus, they figure out some unique characteristic it has (maybe a registry key it creates or a file it replaces) and out of this they write the virus "signature."
  • 3. The whole load of signatures for which your antivirus software scans is known as the virus "definitions." This is the reason why keeping your virus definitions up-to-date is very important. Many antivirus packages have an auto-update feature for you to download the latest definitions. The scanning ability of your software is only as good as the date of your definitions. In the enterprise, it is very common for administrators to install antivirus software onall machines, but there is no policy for regular updates of the definitions. This is meaningless protection and serves only to provide a false sense of security. With the recent spread of e-mail viruses, antivirus software at the mail server is becoming increasingly popular. The mail server will automatically scan any e-mail it receives for viruses and quarantine the infections. The idea is that since all mail passes through the mail server, this is the logical point to scan for viruses. Given that most mail servers have a permanent connection to the Internet, they can regularly download the latest definitions. On the downside, these can be evaded quite simply. If you zip up the infected file or Trojan, or encrypt it, the antivirus system may not be able to scan it. End users must be taught how to respond to antivirus alerts. This is especially true in the enterprise -- anattacker doesn't needto tryand bypass your fortress-like firewall if all he has to do is e-mail Trojans to a lot of people inthe company. It takes just one uninformed user to open the infected package to allow the hacker a backdoor to the internal network. It is advisable that the IT department gives a brief seminar on how to handle e-mail from untrusted sources and how to deal with attachments.
  • 4. Intrusion-detection systems There are basicallytwo types of intrusion-detectionsystems (IDS):  Host-basedIDS  Network-basedIDS Host-based IDS: These systems are installed on a particular important machine (usually a server or some important target) and are tasked with making sure that the system state matches a particular set baseline. For example, the popular file-integrity checker Tripwire is run on the target machine just after it has been installed. It creates a database of file signatures for the system and regularly checks the current system files against their known safe signatures. If a file has been changed, the administrator is alerted. This works very well because most attackers will replace a common system file with a trojaned version to give them backdoor access.
  • 5. Network-based IDS: These systems are more popular and quite easy to install. Basically, they consist of a normal network sniffer running in promiscuous mode. (In this mode, the network card picks up all traffic even if it is not meant for it.) The sniffer is attached to a database of known attack signatures, and the IDS analyzes each packet that it picks up to check for known attacks. For example, a common Web attack might contain the string /system32/cmd.exe? in the URL. The IDS will have a match for this in the database and will alert the administrator. Newer versions of IDS support active prevention of attacks. Instead of just alerting an administrator, the IDS can dynamically update the firewall rules to disallow traffic from the attacking IP address for some amount of time. Or the IDS can use "session sniping"to fool both sides of the connection into closing down so that the attack cannot be completed. Unfortunately, IDS systems generate a lot of false positives. A false positive is basically a false alarm, where the IDS sees legitimate traffic and for some reason matches it against an attack pattern. This tempts a lot of administrators into turning them off or even worse -- not bothering to read the logs. This may result in an actual attack being missed. IDS evasion is also not all that difficult for an experienced attacker. The signature is based on some unique feature of the attack, and so the attacker can modify the attack so that the signature is not matched. For example, the above attack string /system32/cmd.exe? could be rewritten in hexadecimal to look something like: '2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f' This might be totally missed by the IDS. Furthermore, an attacker could split the attack into many packets by fragmenting the packets. This means that each packet would only contain a small part of the attack, and the signature would not match. Even if the IDS is able to reassemble fragmented packets, this creates a time overhead and since the IDS has to run at near real-time status, they tend to drop packets while they are processing. IDS evasion is a topic for a paper on its own. The advantage of a network-based IDS is that it is very difficult for anattacker to detect. The IDS itself does not need to generate any traffic, and, in fact, many of them have a broken TCP/IP stack so that they don't have an IP address. Thus the attacker does not know whether the network segment is being monitored or not.
  • 6. Patching and updating It is embarrassing and sad that this has to be listed as a security measure. Despite being one of the most effective ways to stop an attack, there is a tremendously laid-back attitude to regularly patching systems. There is no excuse for not doing this, and yet the level of patching remains woefully inadequate. Take, for example, the MS blaster worm that spread havoc recently. The exploit was known almost a month in advance and a patch had been released. Still, millions of users and businesses were infected. While administrators know that having to patch 500 machines is a laborious task, the way I look at it is that I would rather be updating my systems on a regular basis than waiting for disaster to strike and then running around trying to patch and clean up those 500 systems. In the enterprise, there is no "easy" way to patch large numbers of machines, but there are patch deployment mechanisms that take a lot of the burden away. Frankly, it is part of an admin's job to do this, and when a network is horribly fouled up by the latest worm, it just means that someone, somewhere didn't do his job well enough. Now that we've concluded a brief introduction to the types of threats faced in the enterprise, it is time to have a look at some of the tools that attackers use.
  • 7. Keep in mind that a lot of these tools have legitimate purposes and are very useful to administrators as well. For example, I can use a network sniffer to diagnose a low-level network problem or I can use it to collect your password. It just depends which shade of hat I choose to wear. General network tools As surprisingas it might sound, some of the most powerful tools, especially in the beginning stages of an attack, are the regular network tools available with most operating systems. For example, an attacker will usually query the "whois" databases for information on the target. After that, he might use "nslookup" to see if he can transfer the whole contents of the DNS zone. This will let him identify high-profile targets such as Web servers, mail servers, and DNS servers. He might also be able to figure what different systems do based on their DNS name; for example, sqlserver.victim.com would most likely be a database server. Other important tools include trace route to map the network and ping to check which hosts are alive. You should make sure your firewall blocks ping requests and trace route packets.
  • 8. Port scanners Most of you will know what port scanners are. Any system that offers TCP or UDP services will have an open port for that service. For example, if you're serving up Web pages, you'll likely have TCP port 80 open. FTP is TCP port 20/21, Telnet is TCP 23, SNMP is UDP port 161 and so on. A port scanner scans a host or a range of hosts to determine what ports are open and what service is running on them. This tells the attacker which systems can be attacked. For example, if I scan a Web server and find that port 80 is running an old Web server, like IIS/4.0, I can target this system with my collection of exploits for IIS 4. Usually the port scanning will be conductedat the start of the attack, to determine whichhosts are interesting. This is when the attacker is still footprinting the network -- feeling his way around to get an idea of what type of services are offered and what operating systems are in use. One of the best port scanners around is Nmap (http://www.insecure.org/nmap). Nmap runs on just about every operating system, is very versatile and has many features including OS fingerprinting, service version scanning and stealth scanning. Another popular scanner is Superscan (http://www.foundstone.com), which is only for the windows platform.
  • 9. Network sniffers A network sniffer puts the computer's NIC (network interface card or LAN card) into promiscuous mode. In this mode, the NIC picks up all the traffic on its subnet regardless of whether it was meant for it or not. Attackers set up sniffers so that they can capture all the network traffic and pull out log-ins and passwords. The most popular network sniffer is TCPdump. It can be run from the command line, which is usually the level of access a remote attacker will get. Other popular sniffers are Iris and Ethereal. When the target network is a switched environment (a network which uses Layer 2 switches), a conventional network scanner will not be of any use. For such cases, the switched network sniffer Ettercap (http://ettercap.sourceforge.net) is very popular. It allows the attacker to collect passwords, hijack sessions, modify ongoing connections and kill connections. It can even sniff securedcommunicationslike SSL (Secure Sockets Layer, used for secure Web pages) and SSH1 (Secure Shell, a remote access service like telnet, but encrypted). There are also programs that allow an admin to detect whether any NICs are running in promiscuous mode.
  • 10. Vulnerability scanners A vulnerability scanner is like a port scanner on steroids. Once it has identified which services are running, it checks the system against a large database of known vulnerabilities and then prepares a report on the security holes that are found. The software can be updated to scan for the latest securityholes. These tools are verysimple to use, so many script kiddies point them at a target machine to find out what they can attack. The most popular ones are Retina (http://www.eeye.com), Nessus (http://www.nessus.org) and GFI Lan Scan (http://www.gfi.com). These are very useful tools for administrators, as well, because they can scan their whole network and get a detailed summary of the holes that exist. Made by: Ayush Singh