network layers (in) security
DESCRIPTION
SIM314. Network Layers (in) Security. Paula Januszkiewicz IT Security Auditor, MVP, MCT CQURE [email protected] Marcus Murray Security Team Manager, MVP, MCT TrueSec [email protected]. Agenda. Introduction. Physical Layer. Data-Link Layer. Network Layer. Transport Layer. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/1.jpg)
![Page 2: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/2.jpg)
Network Layers (in) SecurityPaula JanuszkiewiczIT Security Auditor, MVP, [email protected]
Marcus MurraySecurity Team Manager, MVP, MCTTrueSec [email protected]
SIM314
![Page 3: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/3.jpg)
Agenda
Introduction
Transport Layer
Application Layer
Presentation Layer
Session Layer
Summary
Network Layer
Data-Link Layer
Physical Layer
![Page 4: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/4.jpg)
![Page 5: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/5.jpg)
The Issue
No matter how well we secure our hosts we are always “vulnerable” on some layers of the infrastructure
Security is a prime concern for networkingWhile access to the network is enough to break its integrityStill tiny malicious actions can do a lot of damage
Usability stands in front of the securityInteroperability is based on protocols created more then 30 years ago!
So what is this “Network Security” about?
![Page 6: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/6.jpg)
Physical Layer
IssuesLoss of power or environmental controlDisconnection, damage or theft of physical resourcesUnauthorized access: wired or wirelessKey loggers or other data interception method
Countermeasures Use appropriate physical access control f.e. electronic locks or retina scanningRecord video and audio in the company premisesEmployee trainingPhysical network isolation
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
![Page 7: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/7.jpg)
Sniff fiber
![Page 8: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/8.jpg)
TP-Cables
![Page 9: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/9.jpg)
demoWireless Attack BasicsThe scenario of physical access
![Page 10: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/10.jpg)
Data-Link Layer
IssuesMAC address spoofing Wireless accessibilitySpanning tree malfunctionsTraffic flooding on the switch level
Countermeasures Segmentation (VLANs)Use corporate-level wireless solutionsDisable all unnecessary switch ports
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
![Page 11: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/11.jpg)
demo
802.1x (IN)Security
Shadow Host Scenario
![Page 12: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/12.jpg)
demoUntrustedComputer
RadiusServer
Client
DomainController
CAServer
![Page 13: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/13.jpg)
Network Layer
IssuesSpoofingIP AddressingRouting protocolsTunneling protocols
Countermeasures IPSecUse firewalls between different network segmentsUse route filtering on the edgePerform broadcast and multicast monitoringManaged IP Addressing
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
![Page 14: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/14.jpg)
demoPacket ModificationPlaying with protocols
![Page 15: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/15.jpg)
demoDenial of ServiceIPv6 vulnerabilities and others
Evil Hacker
HackerComputer
FileServer
DomainController
WebServer
UntrustedComputerClient
UntrustedComputerClient
UntrustedComputerClient Untrusted
ComputerClient
NEW IPv6 ROUTER ADVERTICEMENTS
![Page 16: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/16.jpg)
Transport Layer
IssuesConnectionless nature of UDPWeak TCP implementations
Predictable sequence numbersMay be disturbed by crafted packets Performance may impact traffic qualification and filtering
Countermeasures Host and network based firewallsIPS/IDSStrong session handling
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
![Page 17: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/17.jpg)
demoCommon TCP/UDP Attacks Network Trace Scenario
![Page 18: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/18.jpg)
Session Layer
IssuesWeak or even lack of authenticationUnlimited number of failed authentication attemptsSession data may be spoofed and hijackedExposure of identification tokens
Countermeasures Rely on strong authentication
KeysMethods
Use account and session expiration time Use timing to limit failed authentication attempts
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
![Page 19: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/19.jpg)
Presentation Layer
IssuesPoor handling of data types and structuresCryptographic flaws may be exploited to circumvent privacy protections
Countermeasures Sanitizing the input – user data should be separated from the control functionsCryptographic solutions must be up to date
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
![Page 20: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/20.jpg)
demo
Null Byte Injection%00
![Page 21: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/21.jpg)
Application Layer
IssuesThe most exposed layer todayBadly designed application may bypass security controlsComplex protocols and applicationError handling…
Countermeasures Application level access controlsUsing standards and testing application codeIDS/ Firewall to monitor application activity
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
![Page 22: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/22.jpg)
demoBinary Patching Over HTTPUnsecure protocol scenario
Poor ImplementationUser authentication scenario
![Page 23: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/23.jpg)
Agenda
Introduction
Transport Layer
Application Layer
Presentation Layer
Session Layer
Summary
Network Layer
Data-Link Layer
Physical Layer
![Page 24: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/24.jpg)
Remember
Do inventory of services and protocolsLower layers are not dependent on upper layersUse Network/Application layer for Integrity & ConfidentialitySecure all layers for accessibiliyTCP/IP is more than 30 years old
It is not idealBut has many security extensions
![Page 25: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/25.jpg)
Safety and Security Centerhttp://www.microsoft.com/security
Security Development Lifecyclehttp://www.microsoft.com/sdl
Security Intelligence Reporthttp://www.microsoft.com/sir
End to End Trusthttp://www.microsoft.com/endtoendtrust
Trustworthy Computing
![Page 26: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/26.jpg)
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
![Page 27: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/27.jpg)
Complete an evaluation on CommNet and enter to win!
![Page 28: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/28.jpg)
Scan the Tag to evaluate this session now on myTech•Ed Mobile
![Page 29: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/29.jpg)
Thank You!
![Page 30: Network Layers (in) Security](https://reader035.vdocuments.net/reader035/viewer/2022062305/56816379550346895dd4578a/html5/thumbnails/30.jpg)