Network Security - elista - elearning ista网络安全——埃利斯塔-电子学习ISTA.pptVIP

Port scanning Nmap Which application running * Network Mapping Icmp Ping traceroute * Limiting Published Information Disable unnecessary services and closing port netstat –nlptu Xinetd Opening ports on the perimeter and proxy serving edge + personal firewall * Securing from Rootkit, Spoofing, DoS * Rootkit Let hacker to: Enter a system at any time Open ports on the computer Run any software Become superuser Use the system for cracking other computer Capture username and password Change log file Unexplained decreases in available disk space Disk activity when no one is using the system Changes to system files Unusual system crashes * Spoofprotect Debian way to protect from spoofing /etc/network/options Spoofprotect=yes /etc/init.d/networking restart * DoS preventive IDS IPS Honeypots firewall * Intrusion Detection Software (IDS) Examining system logs (host based) Examining network traffic (network based) A Combination of the two Implementation: snort * Intrusion Preventions Software (IPS) Upgrade application Active reaction (IDS = passive) Implementation: portsentry * Honeypots () * Securing from Malware * Malware Virus Worm Trojan horse Spyware On email server : Spamassassin, ClamAV, Amavis On Proxy server Content filter using squidguard * Securing user and password * User and password Password policy Strong password Password file security /etc/passwd, /etc/shadow Password audit John the ripper Password management software Centralized password Individual password management * Securing Remote Access * Remote access Telnet vs SSH VPN Ipsec Freeswan Racoon CIPE PPTP OpenVPN * Wireless Security Signal bleed insertion attack Signal bleed interception attack SSID vulnerabilities DoS Battery Exhaustion attacks - bluetooth * Securing Wireless-LAN * 802.11x security WEP – Wired Equivalency Privacy 802.11i security and WPA – Wifi Protected Access 801.11 authentication EAP (Extensible Authentication Protocol) Cisco LEAP/PEAP authentication Bluetooth security – use m