SlideShare ist ein Scribd-Unternehmen logo

Network Security

UTD Computer Security Group
UTD Computer Security Group

An overview of network security covering firewalls, IDS/IPS systems, traffic shaping and monitoring, and practical ways to get started learning network security.

Technologie
1 von 28
Downloaden Sie, um offline zu lesen
Network Based Security By: UTD CSG
Get in touch with us Mailing List - Sign in and check “Add to Mailing List” Website - csg.utdallas.edu Slack - #csg on ecsutd.slack.com Email - utdcsg@gmail.com 2
Announcements Lab Hangouts - ECSS 4.619 - 4 PM Thursday - February 15 Pentesting Session - FO 1.202 February 24th, 1 - 4pm State Farm CTF Sign-up - March 5th - 12th 3
Network Based Security Overview 1. Networking Overview a. Basics b. Securing your infrastructure 2. Firewall a. Services b. Rules c. Tools 3. Monitoring a. Performance Monitoring b. Packet Monitoring c. Intrusion Detection Systems 4. IDS/IPS Rules a. Snort b. Surricata c. Pfsense 5. Network Security Policies a. Security culture b. Mitigating social engineering threats
Networking Overview
Basics ● LAN ● Routing packets ● Routers ● Switches ● Ports ● Firewalls
http://darron.net/wp-content/uploads/sites/6/2014/03/basic_network_diagram.jpg
Securing Your Infrastructure ● 802.1X (Authentication over ethernet) ○ Secure your ports! ● IPSec ○ Authentication and encryption across a network ● VLAN segmentation ○ VLAN Hopping & Mitigation ■ Switch Spoofing ■ Double Tagging ● WiFi Authentication Technologies -> (https://www.utdallas.edu/oit/howto /cometnet/) ○ Don’t WEP ○ Don’t WPS ○ Don’t WPA ○ Do WPA2, until WPA3 gets popular, then ditch WPA2.
Firewall
Basics of a firewall Firewall acts as a gate for traffic on a network Setting rules sets what traffic can enter and exit the network Allow traffic through some ports and disallow from others Block certain ports and ip address from accessing the network or reaching out.
Windows Firewall
Windows Firewall
Linux Firewall IP Tables: sudo iptables -A INPUT -s 15.15.15.51 -j DROP sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
Routing Firewalls
Network Monitoring
Performance Monitoring Why monitor Performance of a system: Look for unusual cpu usage and unusual bandwidth in the network Seeing Usage during non-work hours maybe be a result of someone breaking into the network
Traffic Shaping
Packet Monitoring
Intrusion Detection Systems A system that logs all incoming and outgoing traffic and alerts based on a rule set created by the user Most IDS Systems also have rule sets for denying/reject traffic if the traffic matches the key
IDS and IPS
Snort Open Source tool that allows you to monitor different interface on a router or specific device for key rule sets Installation can be done on network level or user level Can be set to block traffic as well as alert
Snort Rule Set Basic Rule Set: Alert tcp any any -> any any (msg:”You’ve got traffic”) More Specific Rules: Alert tcp $EXTERNAL_NET any -> 192.168.3.0/24 80 (msg”You got port 80 traffic on 192.168.3.0” classtype: web-application)
Community Rule for Snort alert tcp $EXTERNAL_NET any -> $HOME_NET any ( msg:"INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate"; flow:to_client,established; content:"|16 03 02|"; content:"|0B|",within 1,distance 2; content:"|30 82|",within 2,distance 9; content:"|30 82|",within 2,distance 2; content:"|A0 03 02 01 02 02|",within 6,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01|",within 22; content:"|31|",within 1,distance 5; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30|",within 10,distance 3; content:"|17 0D|",within 2,distance 1; content:"Z|17 0D|",within 3,distance 12; content:"Z|30|",within 2,distance 12; content:"|31|",within 1,distance 1; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30 82|",within 9,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82|",within 17,distance 2; content:"|30 82|",within 2,distance 3; content:"|02 82|",within 2,distance 2; content:"|02 03 01 00 01 A3 0D 30 0B 30 09 06 03 55 1D 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00|",fast_pattern,nocase; metadata:ruleset community; service:ssl; reference:url,blog.didierstevens.com; classtype:misc-activity; sid:36612; rev:2; )
Suricata Similar to Snort but allows for multiprocessing on larger networks Easier to scale
Suricata rule https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules
Network Security Policies
A Word On Culture ● We’re not going to bore you with the gritty details of developing comprehensive network security policies. ● The Story of Olga from Accounting ● Social Engineering Threats
Mitigating Social Engineering Threats ● Fix the IT Security culture. ● No more “stupid users.” ● Make users a part of your security team. ○ Turn a weakness into a resource. https://www.youtube.com/watch?v=JsVtHqICeKE

Empfohlen

Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash CourseUTD Computer Security Group
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to ExploitationUTD Computer Security Group
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhydn|u - The Open Security Community
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELopenstackstl
 
GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-Naoto MATSUMOTO
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 

Empfohlen

Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash CourseUTD Computer Security Group
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to ExploitationUTD Computer Security Group
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhydn|u - The Open Security Community
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELopenstackstl
 
GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-GCC ARM nRF51 IoT SDK -cheat sheet-
GCC ARM nRF51 IoT SDK -cheat sheet-Naoto MATSUMOTO
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Snort
SnortSnort
Snortbala150985
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneetguest575e9c
 
install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -Naoto MATSUMOTO
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-TutorialVladimir Koychev
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Nginx
NginxNginx
NginxShaopeng He
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure SecurityUTD Computer Security Group
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -Naoto MATSUMOTO
 
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKHow to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKNaoto MATSUMOTO
 
MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -Naoto MATSUMOTO
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Unidade3 roteiro proxy
Unidade3 roteiro proxyUnidade3 roteiro proxy
Unidade3 roteiro proxyLeandro Almeida
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -Naoto MATSUMOTO
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
Enumeration
EnumerationEnumeration
EnumerationUTD Computer Security Group
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...Stefano Salsano
 
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONSMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONaidil swldn
 

Weitere ähnliche Inhalte

Was ist angesagt?

How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneetguest575e9c
 
install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -Naoto MATSUMOTO
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -Naoto MATSUMOTO
 
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKHow to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKNaoto MATSUMOTO
 
MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -Naoto MATSUMOTO
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -Naoto MATSUMOTO
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 

Was ist angesagt? (20)

Snort
SnortSnort
Snort
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan)
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
 
install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -install mosquitto-auth-plug - cheat sheet -
install mosquitto-auth-plug - cheat sheet -
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-Tutorial
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Nginx
NginxNginx
Nginx
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure Security
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion Conference
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -
 
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDKHow to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
 
MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -MQTTS mosquitto - cheat sheet -
MQTTS mosquitto - cheat sheet -
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Unidade3 roteiro proxy
Unidade3 roteiro proxyUnidade3 roteiro proxy
Unidade3 roteiro proxy
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -RabbitMQ Server - cheat sheet -
RabbitMQ Server - cheat sheet -
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlation
 
Enumeration
EnumerationEnumeration
Enumeration
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 

Ähnlich wie Network Security

The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...Stefano Salsano
 
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONSMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONaidil swldn
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...APNIC
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
Using open source for IoT
Using open source for IoTUsing open source for IoT
Using open source for IoTIan Skerrett
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
SDARPiBot - VLES'16
SDARPiBot - VLES'16SDARPiBot - VLES'16
SDARPiBot - VLES'16Arun Joseph
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5SalmenHAJJI1
 
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptChapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptmadin20232022
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
IRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud ComputingIRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud ComputingIRJET Journal
 

Ähnlich wie Network Security (20)

The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...
 
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATIONSMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
SMART HOME SYSTEM: SECURE POSTAGE WITH NOTIFICATION
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...
 
ioT_SDN
ioT_SDN ioT_SDN
ioT_SDN
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104
 
Arduino Radar System
Arduino Radar SystemArduino Radar System
Arduino Radar System
 
Using open source for IoT
Using open source for IoTUsing open source for IoT
Using open source for IoT
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
snort.ppt
snort.pptsnort.ppt
snort.ppt
 
Kumar cscl final
Kumar cscl finalKumar cscl final
Kumar cscl final
 
nikhil project ppt.pptx
nikhil project ppt.pptxnikhil project ppt.pptx
nikhil project ppt.pptx
 
SDARPiBot - VLES'16
SDARPiBot - VLES'16SDARPiBot - VLES'16
SDARPiBot - VLES'16
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
 
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptChapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
 
IRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud ComputingIRJET- Collaborative Network Security in Data Center for Cloud Computing
IRJET- Collaborative Network Security in Data Center for Cloud Computing
 

Mehr von UTD Computer Security Group

UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 

Mehr von UTD Computer Security Group (20)

Py jail talk
Py jail talkPy jail talk
Py jail talk
 
22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)
 
Cloud talk
Cloud talkCloud talk
Cloud talk
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
 
Forensics audio and video
Forensics audio and videoForensics audio and video
Forensics audio and video
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
 
Intro to python
Intro to pythonIntro to python
Intro to python
 
Powershell crash course
Powershell crash coursePowershell crash course
Powershell crash course
 
Intro to cybersecurity
Intro to cybersecurityIntro to cybersecurity
Intro to cybersecurity
 
Intro to Bash
Intro to BashIntro to Bash
Intro to Bash
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
 
Penetration Testing: Celestial
Penetration Testing: CelestialPenetration Testing: Celestial
Penetration Testing: Celestial
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
 
Cryptography Crash Course
Cryptography Crash CourseCryptography Crash Course
Cryptography Crash Course
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
 
Heap Base Exploitation
Heap Base ExploitationHeap Base Exploitation
Heap Base Exploitation
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Network Security

  • 2. Get in touch with us Mailing List - Sign in and check “Add to Mailing List” Website - csg.utdallas.edu Slack - #csg on ecsutd.slack.com Email - utdcsg@gmail.com 2
  • 3. Announcements Lab Hangouts - ECSS 4.619 - 4 PM Thursday - February 15 Pentesting Session - FO 1.202 February 24th, 1 - 4pm State Farm CTF Sign-up - March 5th - 12th 3
  • 4. Network Based Security Overview 1. Networking Overview a. Basics b. Securing your infrastructure 2. Firewall a. Services b. Rules c. Tools 3. Monitoring a. Performance Monitoring b. Packet Monitoring c. Intrusion Detection Systems 4. IDS/IPS Rules a. Snort b. Surricata c. Pfsense 5. Network Security Policies a. Security culture b. Mitigating social engineering threats
  • 6. Basics ● LAN ● Routing packets ● Routers ● Switches ● Ports ● Firewalls
  • 8. Securing Your Infrastructure ● 802.1X (Authentication over ethernet) ○ Secure your ports! ● IPSec ○ Authentication and encryption across a network ● VLAN segmentation ○ VLAN Hopping & Mitigation ■ Switch Spoofing ■ Double Tagging ● WiFi Authentication Technologies -> (https://www.utdallas.edu/oit/howto /cometnet/) ○ Don’t WEP ○ Don’t WPS ○ Don’t WPA ○ Do WPA2, until WPA3 gets popular, then ditch WPA2.
  • 10. Basics of a firewall Firewall acts as a gate for traffic on a network Setting rules sets what traffic can enter and exit the network Allow traffic through some ports and disallow from others Block certain ports and ip address from accessing the network or reaching out.
  • 13. Linux Firewall IP Tables: sudo iptables -A INPUT -s 15.15.15.51 -j DROP sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
  • 16. Performance Monitoring Why monitor Performance of a system: Look for unusual cpu usage and unusual bandwidth in the network Seeing Usage during non-work hours maybe be a result of someone breaking into the network
  • 19. Intrusion Detection Systems A system that logs all incoming and outgoing traffic and alerts based on a rule set created by the user Most IDS Systems also have rule sets for denying/reject traffic if the traffic matches the key
  • 21. Snort Open Source tool that allows you to monitor different interface on a router or specific device for key rule sets Installation can be done on network level or user level Can be set to block traffic as well as alert
  • 22. Snort Rule Set Basic Rule Set: Alert tcp any any -> any any (msg:”You’ve got traffic”) More Specific Rules: Alert tcp $EXTERNAL_NET any -> 192.168.3.0/24 80 (msg”You got port 80 traffic on 192.168.3.0” classtype: web-application)
  • 23. Community Rule for Snort alert tcp $EXTERNAL_NET any -> $HOME_NET any ( msg:"INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate"; flow:to_client,established; content:"|16 03 02|"; content:"|0B|",within 1,distance 2; content:"|30 82|",within 2,distance 9; content:"|30 82|",within 2,distance 2; content:"|A0 03 02 01 02 02|",within 6,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01|",within 22; content:"|31|",within 1,distance 5; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30|",within 10,distance 3; content:"|17 0D|",within 2,distance 1; content:"Z|17 0D|",within 3,distance 12; content:"Z|30|",within 2,distance 12; content:"|31|",within 1,distance 1; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30 82|",within 9,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82|",within 17,distance 2; content:"|30 82|",within 2,distance 3; content:"|02 82|",within 2,distance 2; content:"|02 03 01 00 01 A3 0D 30 0B 30 09 06 03 55 1D 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00|",fast_pattern,nocase; metadata:ruleset community; service:ssl; reference:url,blog.didierstevens.com; classtype:misc-activity; sid:36612; rev:2; )
  • 24. Suricata Similar to Snort but allows for multiprocessing on larger networks Easier to scale
  • 27. A Word On Culture ● We’re not going to bore you with the gritty details of developing comprehensive network security policies. ● The Story of Olga from Accounting ● Social Engineering Threats
  • 28. Mitigating Social Engineering Threats ● Fix the IT Security culture. ● No more “stupid users.” ● Make users a part of your security team. ○ Turn a weakness into a resource. https://www.youtube.com/watch?v=JsVtHqICeKE