This preview shows page 1-2-3-24-25-26-27-48-49-50 out of 50 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 50 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Slide 1OutlineWhat is Network SecuritySlide 4Slide 5Network ForensicWhat is Network Forensics?Network Forensics Analysis Tools (NFAT): Relationships between IDS, Firewalls and NFATNFAT TasksHoneynets/HoneypotsPolicies: Computer Attack TaxonomyPolicies to enhance forensicsExample Prototype System: Iowa State UniversityExample Prototype System: ModulesSome Popular ToolsTypes of Secure Network SystemsInternet Security SystemsIntrusion Detection SystemsWorm Detection: IntroductionEmail Worm Detection using Data MiningFirewall Security SystemsTraffic MiningStorage Area Network Security SystemsNetwork Disaster Recovery SystemsPublic Key Infrastructure SystemsDigital Identity ManagementDigital Identity Management - IIIdentity Theft ManagementBiometricsHomeland Security SystemsOther Types of SystemsOSI ModelSlide 33Slide 34Slide 35Application LayerSlide 37Network Protocols TechnologiesTCP/IPIPV4IPSECTLS/SSLSlide 43DMZSlide 45WAPSlide 47Instant MessagingVPNNext StepsDr. Bhavani ThuraisinghamCyber SecurityLecture for July 16, 2010Network Security13-201/13/19 23:41 Outline0Introduction to Network Security0Types of Secure Network Systems0Secure Network Protocols13-301/13/19 23:41 What is Network Security0Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access, and consistent and continuous monitoring and measurement of its effectiveness0The terms network security and information security are often used interchangeably. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers).0 Information security, however, explicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of data loss prevention (DLP) techniques.13-401/13/19 23:41 What is Network Security0Network security starts from authenticating the user, commonly with a username and a password. 0Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.[0Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. 0Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high level analysis.13-501/13/19 23:41 What is Network Security0Communication between two hosts using a network could be encrypted to maintain privacy.0Honeypots essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the honeypot.0A Botnet is a collection of software agents, or robots, that run autonomously and automatically. The term is most commonly associated with malicious software, but it can also refer to a network of computers using distributed computing software.13-601/13/19 23:41 Network Forensic0Network forensics is essentially about monitoring network traffic and determining if there is an attack and if so, determine the nature of the attack0Key tasks include traffic capture, analysis and visualization0Many tools are now available0Works together with IDs, Firewalls and Honeynets0Expert systems solutions show promise13-701/13/19 23:41 What is Network Forensics?0Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. 0Network forensics systems can be one of two kinds:-"Catch-it-as-you-can" systems, in which all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage, usually involving a RAID system.-"Stop, look and listen" systems, in which each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires less storage but may require a faster processor to keep up with incoming traffic.13-801/13/19 23:41 Network Forensics Analysis Tools (NFAT): Relationships between IDS, Firewalls and NFAT 0IDS attempts to detect activity that violates an organization’s security policy by implementing a set of rules describing preconfigures patterns of interest0Firewall allows or disallows traffic to or from specific networks, machine addresses and port numbers0NFAT synergizes with IDSs and Firewalls.-Preserves long term record of network traffic-Allows quick analysis of trouble spots identified by IDSs and Firewalls0NFATs must do the following:-Capture network traffic-Analyze network traffic according to user needs-Allow system users discover useful and interesting things about the analyzed traffic13-901/13/19 23:41 NFAT Tasks 0Traffic Capture-What is the policy?-What is the traffic of interest?-Intermal/Externasl?-Collect packets: tcpdump0Traffic Analysis-Sessionizing captured traffic (organize)-Protocol Parsing and analysis=Check for strings, use expert systems for analysis0Interacting with NFAT-Appropriate user interfaces, reports, examine large quantities of information and make it manageable13-1001/13/19 23:41 Honeynets/Honeypots0Network Forensics and honeynet systems have the same features of collecting information about computer misuses0Honeynet system can lure attackers and gain information about new types of intrusions0Network forensics systems analyze and reconstruct he attack behaviors0These two systems integrated together build a active self learning and response system to profile the intrusion behavior features and investigate the original source of the attack.13-1101/13/19 23:41 Policies: Computer Attack


View Full Document

UTD CS 6V81 - LECTURE NOTES

Documents in this Course
Botnets

Botnets

33 pages

Privacy

Privacy

27 pages

Privacy

Privacy

27 pages

Load more
Download LECTURE NOTES
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view LECTURE NOTES and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view LECTURE NOTES 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?