Water Industry Process Automation & Control Monthly - April 2024
Network security
1. SELÇUK ÜNİVERSİTESİ - Mühendislik Fakültesi
Bilgisayar Mühendisliği
BİLİŞİM TEKNOLOJİLERİ MÜHENDİSLİĞİ ANABİLİM DALI
BİLİŞİM GÜVENLİĞİ VE HUKUK DERSİ ÖDEV–1
24 Ekim 2016
DOÇ.DR. ŞAKİR TAŞDEMİR
Yük. Blig. Müh. Mustafa Aadel Mashjal
158229001009
2. 2
What is network security?
(Ağ Güvenliği nedir?)
"Network security" refers to any activity designed to
protect the safety of your network and data. It
includes both hardware and software technologies.
Effective network security manages access to the
network. It targets a variety of threats and stops them
from entering on your network.
3. 3
How does network security work?
Network security combines multiple layers of
defenses at the edge and in the network. Each
network security layer execute policies and
controls. Authorized users gain access to network
resources, but malicious actors are blocked from
carrying out threats.
4. 4
How do I benefit from network security?
protect proprietary information from attack.
- Trade secrets, medical records, etc.
Provide authentication and access control for resources
- Ex: Andrew file system (AFS)
"is a distributed file system which uses a local cache to reduce
the workload and increase the performance of a distributed
computing environment".
Guarantee availability of resources
- Ex: 5 9’s (99.999% reliability)
you get a total downtime “system is unavailable” of
approximately five minutes and nine seconds per year with
99.999% uptime “system is available” .
5. 5
Who is vulnerable?
Financial institutions and banks
Internet service providers
Pharmaceutical companies
Government and defense agencies
Multinational companies
ANYONE ON THE NETWORK
6. 6
network access control (NAC)
it is a system that enables an authority to control
access based on a security policy.
Examples
PIN on an ATM cash machine
Password for logging in to a computer account
7. 7
Common security attacks and their
countermeasures
Finding a way into the network
– Firewalls
Exploiting software bugs, buffer overflows
– Intrusion Detection Systems
Denial of Service
– Ingress filtering, IDS
TCP hijacking
– IPSec
Packet sniffing
– Encryption (SSH, SSL, HTTPS)
8. 8
firewall
-A firewall is a system that provides network security by
filtering incoming and outgoing network traffic based on a
set of user-defined rules.
- the purpose of a firewall is to reduce or eliminate the
occurrence of unwanted network communications while
allowing all legitimate communication to flow freely
9. 9
firewall
.
A firewall is like a castle with a
drawbridge
– Only one point of access into the network
– This can be good or bad
Can be hardware or software
– Ex. Some routers come with firewall
functionality
– Windows XP and Mac OS X have built in
firewalls
11. 11
TCP Network Packets
TCP network traffic moves around a network in packets,
which are containers that consist of a packet header—this
contains control information such as source and destination
addresses, and packet sequence information—and the data
(also known as a payload). While the control information in
each packet helps to ensure that its associated data gets
delivered properly, the elements it contains also provides
firewalls a variety of ways to match packets against firewall
rules.
12. 12
An intrusion prevention system
(IPS)
Used to monitor for “suspicious activity”
on a network
– Can protect against known software
exploits, like buffer overflows
Snort is an open-source, free and
lightweight network intrusion detection
system : www.snort.org
13. 13
Denial of Service
Purpose: Make a network service
unusable, usually by overloading the
server or network
Many different kinds of DoS attacks
– SYN flooding
– SMURF
– Distributed attacks
– Mini Case Study: Code-Red
14. 15-441 Networks Fall 2002
• SYN flooding usually executed by flooding the resource (site) with needless
requests in an attempt to overload systems and prevent legitimate requests.
A normal connection between a user (Alice) and a server.
The three-way handshake is correctly performed.
A normal connection between a user (Alice) and a server.
The three-way handshake is correctly performed.
SYN flooding
15. 15-441 Networks Fall 2002
• ICMP is used by network administrator to exchange information about network
state, and also be used to ping other nodes to determine their operational status.
• The nodes which are operational return an echo message in response to a ping
message.
• In SMURF attack the Source IP address of a broadcast ping is forged
• Large number of machines respond back to victim, overloading it
SMURF
Internet
Perpetrator Victim
ICMP echo (spoofed source address of victim)
Sent to IP broadcast address
ICMP echo reply
16. 15-441 Networks Fall 2002
• Distributed Denial of Service
– Same techniques as regular DoS, but on a much larger scale
– Example: Sub7Server Trojan and IRC bots
• Infect a large number of machines with a “zombie”
program
• zombie is a computer connected to the Internet that has
been compromised by a hacker, computer virus or trojan
horse program and can be used to perform malicious
tasks of one sort or another under remote direction.
Botnets of zombie computers are often used to spread e-
mail spam and launch denial-of-service attacks (DOS
attacks).
Distributed attacks
17. 15-441 Networks Fall 2002
TCP reset attack, also known as "forged TCP resets",
"spoofed TCP reset packets" or "TCP reset attacks".
These terms refer to a method of tampering with
Internet communications. Sometimes, the tampering
is malicious; other times, it is beneficial.
TCP reset attack
18. 15-441 Networks Fall 2002 18
Packet Sniffing
• How can we protect ourselves?
• SSH, not Telnet
– Many people at CMU still use Telnet and send their password in the
clear (use PuTTY instead!)
– Now that I have told you this, please do not exploit this information
– Packet sniffing is, by the way, prohibited by Computing Services
• HTTP over SSL
– Especially when making purchases with credit cards!
• SFTP, not FTP
– Unless you really don’t care about the password or data
– Can also use KerbFTP (download from MyAndrew)
• IPSec
– Provides network-layer confidentiality
