Ch11 Bonus Security
Content
Chabot College
ELEC 99.05
Internet Security Introduction
CISCO NETWORKING ACADEMY
Internet Security
• TCP/IP and the internet were designed by professionals with a common culture and cooperative goals. • Today they are used by a wide range of persons with varying and sometimes malicious goals. • The technology of TCP/IP does not assure user security. • There are many points at which TCP/IP security can be compromised.
CISCO NETWORKING ACADEMY
Internet Security
• Security intrusions over the internet are common. • The following slide shows 48 hours of intrusion attempts against a DSL-connected PC… – Note that the probes come from all over the world, including Romania. – Most of these attempts are from “script kiddies” running a program on a PC to grind through a range of IP addresses.
CISCO NETWORKING ACADEMY
Probes Against DSL-Connected Machine
issueName Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping SubSeven port probe SubSeven port probe SubSeven port probe SubSeven port probe DNS port probe DNS port probe FTP port probe FTP port probe NetBIOS port probe NetBIOS port probe NetBIOS port probe NetBIOS port probe PCAnywhere ping PCAnywhere ping PCAnywhere ping SOCKS port probe TCP OS fingerprint TCP OS fingerprint TCP OS fingerprint UDP port probe UDP port probe UDP port probe intruderIp 193.231.209.31 193.226.61.246 193.230.162.163 193.230.162.185 193.230.162.80 139.92.173.88 64.218.67.36 63.197.207.4 63.198.106.43 200.40.59.146 207.42.254.34 24.6.48.235 62.226.25.215 64.161.213.21 63.206.117.39 63.198.183.96 63.198.103.101 63.198.217.105 63.198.176.9 63.198.176.94 63.198.176.227 63.22.60.176 195.120.158.202 208.62.23.150 24.13.154.175 205.188.153.108 205.188.153.106 205.188.153.105 intruderName ppp31.fx.ro ppp53.starnets.ro
slip139-92-173-88.buk.ro.ibm.net DEFAULT B-VANNOY-98WS REYNALDO r200-40-59-146.adinet.com.uy pinnacle.pinnaclenetwork.COM cc750365-a.chmbl1.ga.home.com p3EE219D7.dip.t-dialin.net MODERN-IMAGES TED MONICA & LOUIE adsl-63-198-103-101.dsl.snfc21.pacbell.net JAY'SROOM adsl-63-198-176-9.dsl.snfc21.pacbell.net adsl-63-198-176-94.dsl.snfc21.pacbell.net adsl-63-198-176-227.dsl.snfc21.pacbell.net 2Cust48.tnt10.atl2.da.uu.net
c186232-a.aurora1.co.home.com fes-d012.icq.aol.com fes-d010.icq.aol.com fes-d009.icq.aol.com
parameters type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=53 port=53 port=21 port=21 port=139 port=139 port=139 port=139 port=22 port=5632 port=5632 port=1080 port=21&flags=3 port=9704&flags=3 port=21&flags=3 port=1062 port=1058 port=1654
CISCO NETWORKING ACADEMY
Security Strategies
• Use a NAT router to connect to DSL or cable modem. • Use a software firewall for dial-up, DSL or cable modem.
– (e.g. Zone Alarm, from www.zonelabs.com free)
• Read Steve Gibson’s excellent Shields-UP site and follow his configuration advice. (free)
CISCO NETWORKING ACADEMY
Shields UP
• Key ideas from Shields UP:
– As delivered, Windows is not secure when connected to the internet. – The key problems can be fixed by a free reconfiguration. – Free software firewalls are recommended.
CISCO NETWORKING ACADEMY
Shields UP
• Here’s how windows protocol bindings are delivered:
Higher Layers
Layer 3 Layer 1&2
CISCO NETWORKING ACADEMY
Shields UP
• Binding these Microsoft network services to TCP/IP creates security vulnerabilities!
Problem Bindings
CISCO NETWORKING ACADEMY
Shields UP
• Here are the bindings needed for access to the internet:
CISCO NETWORKING ACADEMY
Shields UP
• The excellent Shields Up site tells you how to do it!
http://www.grc.com
• Bonus Credit Assignment - fix your home PC!
CISCO NETWORKING ACADEMY
ELEC 99.05
Internet Security Introduction
CISCO NETWORKING ACADEMY
Internet Security
• TCP/IP and the internet were designed by professionals with a common culture and cooperative goals. • Today they are used by a wide range of persons with varying and sometimes malicious goals. • The technology of TCP/IP does not assure user security. • There are many points at which TCP/IP security can be compromised.
CISCO NETWORKING ACADEMY
Internet Security
• Security intrusions over the internet are common. • The following slide shows 48 hours of intrusion attempts against a DSL-connected PC… – Note that the probes come from all over the world, including Romania. – Most of these attempts are from “script kiddies” running a program on a PC to grind through a range of IP addresses.
CISCO NETWORKING ACADEMY
Probes Against DSL-Connected Machine
issueName Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping SubSeven port probe SubSeven port probe SubSeven port probe SubSeven port probe DNS port probe DNS port probe FTP port probe FTP port probe NetBIOS port probe NetBIOS port probe NetBIOS port probe NetBIOS port probe PCAnywhere ping PCAnywhere ping PCAnywhere ping SOCKS port probe TCP OS fingerprint TCP OS fingerprint TCP OS fingerprint UDP port probe UDP port probe UDP port probe intruderIp 193.231.209.31 193.226.61.246 193.230.162.163 193.230.162.185 193.230.162.80 139.92.173.88 64.218.67.36 63.197.207.4 63.198.106.43 200.40.59.146 207.42.254.34 24.6.48.235 62.226.25.215 64.161.213.21 63.206.117.39 63.198.183.96 63.198.103.101 63.198.217.105 63.198.176.9 63.198.176.94 63.198.176.227 63.22.60.176 195.120.158.202 208.62.23.150 24.13.154.175 205.188.153.108 205.188.153.106 205.188.153.105 intruderName ppp31.fx.ro ppp53.starnets.ro
slip139-92-173-88.buk.ro.ibm.net DEFAULT B-VANNOY-98WS REYNALDO r200-40-59-146.adinet.com.uy pinnacle.pinnaclenetwork.COM cc750365-a.chmbl1.ga.home.com p3EE219D7.dip.t-dialin.net MODERN-IMAGES TED MONICA & LOUIE adsl-63-198-103-101.dsl.snfc21.pacbell.net JAY'SROOM adsl-63-198-176-9.dsl.snfc21.pacbell.net adsl-63-198-176-94.dsl.snfc21.pacbell.net adsl-63-198-176-227.dsl.snfc21.pacbell.net 2Cust48.tnt10.atl2.da.uu.net
c186232-a.aurora1.co.home.com fes-d012.icq.aol.com fes-d010.icq.aol.com fes-d009.icq.aol.com
parameters type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=53 port=53 port=21 port=21 port=139 port=139 port=139 port=139 port=22 port=5632 port=5632 port=1080 port=21&flags=3 port=9704&flags=3 port=21&flags=3 port=1062 port=1058 port=1654
CISCO NETWORKING ACADEMY
Security Strategies
• Use a NAT router to connect to DSL or cable modem. • Use a software firewall for dial-up, DSL or cable modem.
– (e.g. Zone Alarm, from www.zonelabs.com free)
• Read Steve Gibson’s excellent Shields-UP site and follow his configuration advice. (free)
CISCO NETWORKING ACADEMY
Shields UP
• Key ideas from Shields UP:
– As delivered, Windows is not secure when connected to the internet. – The key problems can be fixed by a free reconfiguration. – Free software firewalls are recommended.
CISCO NETWORKING ACADEMY
Shields UP
• Here’s how windows protocol bindings are delivered:
Higher Layers
Layer 3 Layer 1&2
CISCO NETWORKING ACADEMY
Shields UP
• Binding these Microsoft network services to TCP/IP creates security vulnerabilities!
Problem Bindings
CISCO NETWORKING ACADEMY
Shields UP
• Here are the bindings needed for access to the internet:
CISCO NETWORKING ACADEMY
Shields UP
• The excellent Shields Up site tells you how to do it!
http://www.grc.com
• Bonus Credit Assignment - fix your home PC!
CISCO NETWORKING ACADEMY
