SlideShare una empresa de Scribd logo

Network Security

UTD Computer Security Group
UTD Computer Security Group

An overview of network security covering firewalls, IDS/IPS systems, traffic shaping and monitoring, and practical ways to get started learning network security.

Tecnología
1 de 28
Descargar para leer sin conexión
Network Based Security By: UTD CSG
Get in touch with us Mailing List - Sign in and check “Add to Mailing List” Website - csg.utdallas.edu Slack - #csg on ecsutd.slack.com Email - utdcsg@gmail.com 2
Announcements Lab Hangouts - ECSS 4.619 - 4 PM Thursday - February 15 Pentesting Session - FO 1.202 February 24th, 1 - 4pm State Farm CTF Sign-up - March 5th - 12th 3
Network Based Security Overview 1. Networking Overview a. Basics b. Securing your infrastructure 2. Firewall a. Services b. Rules c. Tools 3. Monitoring a. Performance Monitoring b. Packet Monitoring c. Intrusion Detection Systems 4. IDS/IPS Rules a. Snort b. Surricata c. Pfsense 5. Network Security Policies a. Security culture b. Mitigating social engineering threats
Networking Overview
Basics ● LAN ● Routing packets ● Routers ● Switches ● Ports ● Firewalls
http://darron.net/wp-content/uploads/sites/6/2014/03/basic_network_diagram.jpg
Securing Your Infrastructure ● 802.1X (Authentication over ethernet) ○ Secure your ports! ● IPSec ○ Authentication and encryption across a network ● VLAN segmentation ○ VLAN Hopping & Mitigation ■ Switch Spoofing ■ Double Tagging ● WiFi Authentication Technologies -> (https://www.utdallas.edu/oit/howto /cometnet/) ○ Don’t WEP ○ Don’t WPS ○ Don’t WPA ○ Do WPA2, until WPA3 gets popular, then ditch WPA2.
Firewall
Basics of a firewall Firewall acts as a gate for traffic on a network Setting rules sets what traffic can enter and exit the network Allow traffic through some ports and disallow from others Block certain ports and ip address from accessing the network or reaching out.
Windows Firewall
Windows Firewall
Linux Firewall IP Tables: sudo iptables -A INPUT -s 15.15.15.51 -j DROP sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
Routing Firewalls
Network Monitoring
Performance Monitoring Why monitor Performance of a system: Look for unusual cpu usage and unusual bandwidth in the network Seeing Usage during non-work hours maybe be a result of someone breaking into the network
Traffic Shaping
Packet Monitoring
Intrusion Detection Systems A system that logs all incoming and outgoing traffic and alerts based on a rule set created by the user Most IDS Systems also have rule sets for denying/reject traffic if the traffic matches the key
IDS and IPS
Snort Open Source tool that allows you to monitor different interface on a router or specific device for key rule sets Installation can be done on network level or user level Can be set to block traffic as well as alert
Snort Rule Set Basic Rule Set: Alert tcp any any -> any any (msg:”You’ve got traffic”) More Specific Rules: Alert tcp $EXTERNAL_NET any -> 192.168.3.0/24 80 (msg”You got port 80 traffic on 192.168.3.0” classtype: web-application)
Community Rule for Snort alert tcp $EXTERNAL_NET any -> $HOME_NET any ( msg:"INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate"; flow:to_client,established; content:"|16 03 02|"; content:"|0B|",within 1,distance 2; content:"|30 82|",within 2,distance 9; content:"|30 82|",within 2,distance 2; content:"|A0 03 02 01 02 02|",within 6,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01|",within 22; content:"|31|",within 1,distance 5; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30|",within 10,distance 3; content:"|17 0D|",within 2,distance 1; content:"Z|17 0D|",within 3,distance 12; content:"Z|30|",within 2,distance 12; content:"|31|",within 1,distance 1; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30 82|",within 9,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82|",within 17,distance 2; content:"|30 82|",within 2,distance 3; content:"|02 82|",within 2,distance 2; content:"|02 03 01 00 01 A3 0D 30 0B 30 09 06 03 55 1D 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00|",fast_pattern,nocase; metadata:ruleset community; service:ssl; reference:url,blog.didierstevens.com; classtype:misc-activity; sid:36612; rev:2; )
Suricata Similar to Snort but allows for multiprocessing on larger networks Easier to scale
Suricata rule https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules
Network Security Policies
A Word On Culture ● We’re not going to bore you with the gritty details of developing comprehensive network security policies. ● The Story of Olga from Accounting ● Social Engineering Threats
Mitigating Social Engineering Threats ● Fix the IT Security culture. ● No more “stupid users.” ● Make users a part of your security team. ○ Turn a weakness into a resource. https://www.youtube.com/watch?v=JsVtHqICeKE

Recomendados

Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash CourseUTD Computer Security Group
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to ExploitationUTD Computer Security Group
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhydn|u - The Open Security Community
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELopenstackstl
 
GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-Naoto MATSUMOTO
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 

Recomendados

Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash CourseUTD Computer Security Group
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to ExploitationUTD Computer Security Group
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhydn|u - The Open Security Community
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELopenstackstl
 
GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-Naoto MATSUMOTO
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Snort
SnortSnort
Snortbala150985
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneetguest575e9c
 
install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -Naoto MATSUMOTO
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-TutorialVladimir Koychev
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Nginx
NginxNginx
NginxShaopeng He
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure SecurityUTD Computer Security Group
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -Naoto MATSUMOTO
 
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKHow to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKNaoto MATSUMOTO
 
MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -Naoto MATSUMOTO
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Unidade3 roteiro proxy
Unidade3 roteiro proxyUnidade3 roteiro proxy
Unidade3 roteiro proxyLeandro Almeida
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -Naoto MATSUMOTO
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
Enumeration
EnumerationEnumeration
EnumerationUTD Computer Security Group
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...Stefano Salsano
 
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONSMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONaidil swldn
 

Más contenido relacionado

La actualidad más candente

How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneetguest575e9c
 
install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -Naoto MATSUMOTO
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -Naoto MATSUMOTO
 
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKHow to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKNaoto MATSUMOTO
 
MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -Naoto MATSUMOTO
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -Naoto MATSUMOTO
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 

La actualidad más candente (20)

Snort
SnortSnort
Snort
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan)
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
 
install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-Tutorial
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Nginx
NginxNginx
Nginx
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure Security
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion Conference
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -
 
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKHow to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
 
MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Unidade3 roteiro proxy
Unidade3 roteiro proxyUnidade3 roteiro proxy
Unidade3 roteiro proxy
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlation
 
Enumeration
EnumerationEnumeration
Enumeration
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 

Similar a Network Security

The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...Stefano Salsano
 
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONSMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONaidil swldn
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...APNIC
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
Using open source for IoT
Using open source for IoTUsing open source for IoT
Using open source for IoTIan Skerrett
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
SDARPiBot - VLES'16
SDARPiBot - VLES'16SDARPiBot - VLES'16
SDARPiBot - VLES'16Arun Joseph
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5SalmenHAJJI1
 
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptChapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptmadin20232022
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
IRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud ComputingIRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud ComputingIRJET Journal
 

Similar a Network Security (20)

The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...
 
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONSMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
 
ioT_SDN
ioT_SDN ioT_SDN
ioT_SDN
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104
 
Arduino Radar System
Arduino Radar SystemArduino Radar System
Arduino Radar System
 
Using open source for IoT
Using open source for IoTUsing open source for IoT
Using open source for IoT
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
snort.ppt
snort.pptsnort.ppt
snort.ppt
 
Kumar cscl final
Kumar cscl finalKumar cscl final
Kumar cscl final
 
nikhil project ppt.pptx
nikhil project ppt.pptxnikhil project ppt.pptx
nikhil project ppt.pptx
 
SDARPiBot - VLES'16
SDARPiBot - VLES'16SDARPiBot - VLES'16
SDARPiBot - VLES'16
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
 
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptChapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
 
IRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud ComputingIRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud Computing
 

Más de UTD Computer Security Group

UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 

Más de UTD Computer Security Group (20)

Py jail talk
Py jail talkPy jail talk
Py jail talk
 
22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)
 
Cloud talk
Cloud talkCloud talk
Cloud talk
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
 
Forensics audio and video
Forensics audio and videoForensics audio and video
Forensics audio and video
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
 
Intro to python
Intro to pythonIntro to python
Intro to python
 
Powershell crash course
Powershell crash coursePowershell crash course
Powershell crash course
 
Intro to cybersecurity
Intro to cybersecurityIntro to cybersecurity
Intro to cybersecurity
 
Intro to Bash
Intro to BashIntro to Bash
Intro to Bash
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
 
Penetration Testing: Celestial
Penetration Testing: CelestialPenetration Testing: Celestial
Penetration Testing: Celestial
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
 
Cryptography Crash Course
Cryptography Crash CourseCryptography Crash Course
Cryptography Crash Course
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
 
Heap Base Exploitation
Heap Base ExploitationHeap Base Exploitation
Heap Base Exploitation
 

Último

QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Último (20)

QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Network Security

  • 2. Get in touch with us Mailing List - Sign in and check “Add to Mailing List” Website - csg.utdallas.edu Slack - #csg on ecsutd.slack.com Email - utdcsg@gmail.com 2
  • 3. Announcements Lab Hangouts - ECSS 4.619 - 4 PM Thursday - February 15 Pentesting Session - FO 1.202 February 24th, 1 - 4pm State Farm CTF Sign-up - March 5th - 12th 3
  • 4. Network Based Security Overview 1. Networking Overview a. Basics b. Securing your infrastructure 2. Firewall a. Services b. Rules c. Tools 3. Monitoring a. Performance Monitoring b. Packet Monitoring c. Intrusion Detection Systems 4. IDS/IPS Rules a. Snort b. Surricata c. Pfsense 5. Network Security Policies a. Security culture b. Mitigating social engineering threats
  • 6. Basics ● LAN ● Routing packets ● Routers ● Switches ● Ports ● Firewalls
  • 8. Securing Your Infrastructure ● 802.1X (Authentication over ethernet) ○ Secure your ports! ● IPSec ○ Authentication and encryption across a network ● VLAN segmentation ○ VLAN Hopping & Mitigation ■ Switch Spoofing ■ Double Tagging ● WiFi Authentication Technologies -> (https://www.utdallas.edu/oit/howto /cometnet/) ○ Don’t WEP ○ Don’t WPS ○ Don’t WPA ○ Do WPA2, until WPA3 gets popular, then ditch WPA2.
  • 10. Basics of a firewall Firewall acts as a gate for traffic on a network Setting rules sets what traffic can enter and exit the network Allow traffic through some ports and disallow from others Block certain ports and ip address from accessing the network or reaching out.
  • 13. Linux Firewall IP Tables: sudo iptables -A INPUT -s 15.15.15.51 -j DROP sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
  • 16. Performance Monitoring Why monitor Performance of a system: Look for unusual cpu usage and unusual bandwidth in the network Seeing Usage during non-work hours maybe be a result of someone breaking into the network
  • 19. Intrusion Detection Systems A system that logs all incoming and outgoing traffic and alerts based on a rule set created by the user Most IDS Systems also have rule sets for denying/reject traffic if the traffic matches the key
  • 21. Snort Open Source tool that allows you to monitor different interface on a router or specific device for key rule sets Installation can be done on network level or user level Can be set to block traffic as well as alert
  • 22. Snort Rule Set Basic Rule Set: Alert tcp any any -> any any (msg:”You’ve got traffic”) More Specific Rules: Alert tcp $EXTERNAL_NET any -> 192.168.3.0/24 80 (msg”You got port 80 traffic on 192.168.3.0” classtype: web-application)
  • 23. Community Rule for Snort alert tcp $EXTERNAL_NET any -> $HOME_NET any ( msg:"INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate"; flow:to_client,established; content:"|16 03 02|"; content:"|0B|",within 1,distance 2; content:"|30 82|",within 2,distance 9; content:"|30 82|",within 2,distance 2; content:"|A0 03 02 01 02 02|",within 6,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01|",within 22; content:"|31|",within 1,distance 5; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30|",within 10,distance 3; content:"|17 0D|",within 2,distance 1; content:"Z|17 0D|",within 3,distance 12; content:"Z|30|",within 2,distance 12; content:"|31|",within 1,distance 1; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30 82|",within 9,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82|",within 17,distance 2; content:"|30 82|",within 2,distance 3; content:"|02 82|",within 2,distance 2; content:"|02 03 01 00 01 A3 0D 30 0B 30 09 06 03 55 1D 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00|",fast_pattern,nocase; metadata:ruleset community; service:ssl; reference:url,blog.didierstevens.com; classtype:misc-activity; sid:36612; rev:2; )
  • 24. Suricata Similar to Snort but allows for multiprocessing on larger networks Easier to scale
  • 27. A Word On Culture ● We’re not going to bore you with the gritty details of developing comprehensive network security policies. ● The Story of Olga from Accounting ● Social Engineering Threats
  • 28. Mitigating Social Engineering Threats ● Fix the IT Security culture. ● No more “stupid users.” ● Make users a part of your security team. ○ Turn a weakness into a resource. https://www.youtube.com/watch?v=JsVtHqICeKE