تأمين الشبكة. نظم تشغيل 1. المحتوى. 1. تكوين سياسة أمنية للشبكة. 2. تهديدات أمن الشبكة. 3. تنفيذ الإجراءات الأمنية. 4. تطبيق التضميدات و التحديثات. 5. الجدار الناري. لماذا تأمين الشبكة ؟. هجوم خارجي. هجوم داخلي. موارد الشركة. أذونات خاطئة. فيروس. - PowerPoint PPT Presentation
Slide 1
1
LOGO1 2123 4 5 LOGO
3LOGO3
: - - -
4LOGO security accessibility . .
5LOGO :
:Policies
6LOGO6
7LOGO7 Acceptable Use Policy (AUP). : .
8LOGO Acceptable Use Policy (AUP).
AUP .
9LOGO : . Naming convention .
. .Hana Sultan HSultanSamah Mohammad SMohammad10LOGO filters
access lists (unwanted access).
e-mail policies .
11LOGO . NOS
http://www.microsoft.comhttp://www.redhat.com12LOGO Hackers
CrackersVirusWorms Trojan horse
13LOGO .
Hackers:Crackers:
? 14LOGO . .Virus :Worm : Trojan horse :
15LOGO Denial of Service (DoS(
DoS . .16LOGO Distributed Denial of Service DDoS
. DoS (DDoS). DoS .
17LOGO "" "zombies" ( ) .
Distributed Denial of Service DDoS 18LOGO . . . zombies DDoS
.
Distributed Denial of Service DDoS 19LOGO :
- buffer overflow .- ping of death (ICMP) .
Denial of Service (DoS( 20LOGO20SYN attacks TCP (SYN) TCP .
three-way handshake TCP ( SYN).
SYNACK &SYNSYNInstead of an ACK123 Denial of Service (DoS(
21LOGO
SYN attacks
A normal connection between a user (Alice) and a server. The
three-way handshake is correctly performed.SYN Flood. The attacker
(Mallory) sends several packets but does not send the "ACK" back to
the server. The connections are hence half-opened and consuming
server resources. Alice, a legitimate user, tries to connect but
the server refuses to open a connection resulting in a denial of
service.
22LOGO SYN TCP . . SYN . . . . . SYN . half-open connections .
SYN . SYN attacks
23LOGOThe TCP synchronization (SYN) attack exploits the TCP
protocol three-way handshake. This is illustrated in Figure . The
attacker sends a large volume of TCP synchronization requests (SYN
requests). These requests represent the first part of the three-way
handshake. The target system responds with the second part of the
handshake and then awaits a reply. The reply is the third and final
part of the handshake. The target will not wait forever. The target
must wait long enough to allow legitimate sessions to be
established. The attacking system does not reply, but instead sends
additional SYN requests as quickly as possible. The resulting
volume of half-open connections may be too much for the target to
handle, causing its software to crash. Even if the target does not
crash, it may be so busy with the half-open connections that it
cannot effectively service legitimate SYN requests.
23Destination IPLandLand attack IP header SYN. SYN . IP header
.
SourceDestinationSource IPDestination IPSource
IP24LOGOSmurfDestination IP
SourceDestinationSource IPDestination IPSource IP
25LOGOSmurf smurf . . IP . ping . .26LOGO . .
.
27LOGO
Authentication Auditing 28LOGO .
29LOGO / . . . . asymmetric encryption .
.
EncryptionDecryption 30LOGO Windows 2000 . Windows 9x Windows NT
3 :PC GuardianDeltacryptWinzap
31LOGO Authentication :Login and password dialog Run as
dialog
32LOGO AuditingEvent ViewerCustom scripts .33LOGO Intrusion
Detection Systems (IDS) .
Intrusion Detection Systems: IDS real-time .Snort:34LOGOIP
Security IPSec . the packet level OSI. Authentication Header (AH) .
Encapsulating Security Payload (ESP) .
ApplicationPresentationSessionTransportNetworkData-LinkPhysical
734562135LOGO Secure Sockets Layer (SSL) SSL
Netscape .
.
36LOGOSecure Sockets Layer (SSL)
37LOGO Patches and Windows Updates Patch:
38LOGO LAN . . .
)proxy ) .Internet
Proxy Server39LOGO Network Address Translation (NAT) .0 IP . IP
. .
Private IP: 192.168.2.0Internet
Public IP: 10.75.9.0 40LOGO Packet filtering Routing rules
Packet filtering User-based authentication Intrusion detection
41LOGO41Packet Filtering IP. packet filter .
42LOGOPacket Filtering TCP UDP . 3 4 7. 7 HTTP FTP
...ApplicationPresentationSessionTransportNetworkData-LinkPhysical
734562143LOGO NOS packet filtering NAT. . NOS . NOS .
44LOGOwww.themegallery.comThank You ! LOGO
