cisco networking academy chabot college elec 99.05 internet security introduction
DESCRIPTION
CISCO NETWORKING ACADEMY Internet Security Security intrusions over the internet are common. The following slide shows 48 hours of intrusion attempts against a DSL-connected PC… –Note that the probes come from all over the world, including Romania. –Most of these attempts are from “script kiddies” running a program on a PC to grind through a range of IP addresses.TRANSCRIPT
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Chabot CollegeChabot College
ELEC 99.05ELEC 99.05Internet Security IntroductionInternet Security Introduction
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Internet SecurityInternet Security• TCP/IP and the internet were designed by
professionals with a common culture and cooperative goals.
• Today they are used by a wide range of persons with varying and sometimes malicious goals.
• The technology of TCP/IP does not assure user security.
• There are many points at which TCP/IP security can be compromised.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Internet SecurityInternet Security• Security intrusions over the internet are
common.• The following slide shows 48 hours of intrusion
attempts against a DSL-connected PC…– Note that the probes come from all over the
world, including Romania.– Most of these attempts are from “script
kiddies” running a program on a PC to grind through a range of IP addresses.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Probes Against DSL-Connected MachineProbes Against DSL-Connected Machine issueName intruderIp intruderName parameters Back Orifice ping 193.231.209.31 ppp31.fx.ro type=PING(1)&passwd=0x7A69&length=19&xid=0x4|0xD&iport=0x041A&vport=0x7A69 Back Orifice ping 193.226.61.246 ppp53.starnets.ro type=PING(1)&passwd=0x7A69&length=19&xid=0x0&iport=0x0404&vport=0x7A69 Back Orifice ping 193.230.162.163 type=PING(1)&passwd=0x7A69&length=19&xid=0xC&iport=0x0401&vport=0x7A69 Back Orifice ping 193.230.162.185 type=PING(1)&passwd=0x7A69&length=19&xid=0x0&iport=0x041F&vport=0x7A69 Back Orifice ping 193.230.162.80 type=PING(1)&passwd=0x7A69&length=19&xid=0x5&iport=0x040B&vport=0x7A69 Back Orifice ping 139.92.173.88 slip139-92-173-88.buk.ro.ibm.net type=PING(1)&passwd=0x7A69&length=19&xid=0x1|0x4&iport=0x040A&vport=0x7A69 SubSeven port probe 64.218.67.36 DEFAULT port=27374&name=Sub_7_2 SubSeven port probe 63.197.207.4 B-VANNOY-98WS port=27374&name=Sub_7_2 SubSeven port probe 63.198.106.43 REYNALDO port=27374&name=Sub_7_2 SubSeven port probe 200.40.59.146 r200-40-59-146.adinet.com.uy port=27374&name=Sub_7_2 DNS port probe 207.42.254.34 pinnacle.pinnaclenetwork.COM port=53 DNS port probe 24.6.48.235 cc750365-a.chmbl1.ga.home.com port=53 FTP port probe 62.226.25.215 p3EE219D7.dip.t-dialin.net port=21 FTP port probe 64.161.213.21 MODERN-IMAGES port=21 NetBIOS port probe 63.206.117.39 TED port=139 NetBIOS port probe 63.198.183.96 MONICA & LOUIE port=139 NetBIOS port probe 63.198.103.101 adsl-63-198-103-101.dsl.snfc21.pacbell.net port=139 NetBIOS port probe 63.198.217.105 JAY'SROOM port=139 PCAnywhere ping 63.198.176.9 adsl-63-198-176-9.dsl.snfc21.pacbell.net port=22 PCAnywhere ping 63.198.176.94 adsl-63-198-176-94.dsl.snfc21.pacbell.net port=5632 PCAnywhere ping 63.198.176.227 adsl-63-198-176-227.dsl.snfc21.pacbell.net port=5632 SOCKS port probe 63.22.60.176 2Cust48.tnt10.atl2.da.uu.net port=1080 TCP OS fingerprint 195.120.158.202 port=21&flags=3 TCP OS fingerprint 208.62.23.150 port=9704&flags=3 TCP OS fingerprint 24.13.154.175 c186232-a.aurora1.co.home.com port=21&flags=3 UDP port probe 205.188.153.108 fes-d012.icq.aol.com port=1062 UDP port probe 205.188.153.106 fes-d010.icq.aol.com port=1058 UDP port probe 205.188.153.105 fes-d009.icq.aol.com port=1654
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Security StrategiesSecurity Strategies• Use a NAT router to connect to DSL or
cable modem.• Use a software firewall for dial-up, DSL or
cable modem. – (e.g. Zone Alarm, from www.zonelabs.com -
free)• Read Steve Gibson’s excellent Shields-UP
site and follow his configuration advice. (free)
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Shields UPShields UP• Key ideas from Shields UP:
– As delivered, Windows is not secure when connected to the internet.
– The key problems can be fixed by a free reconfiguration.
– Free software firewalls are recommended.
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Shields UPShields UP• Here’s how windows protocol bindings are
delivered:
Layer 1&2
Layer 3
Higher Layers
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Shields UPShields UP• Binding these Microsoft network services to
TCP/IP creates security vulnerabilities!
ProblemBindings
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Shields UPShields UP• Here are the bindings needed for access to
the internet:
CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY
Shields UPShields UP• The excellent Shields Up site tells you how to
do it!
• Bonus Credit Assignment - fix your home PC!
http://www.grc.com