Net Defender
-
Upload
krishna-maddikara -
Category
Technology
-
view
805 -
download
4
description
Transcript of Net Defender
Tuesday, May 2, 2001SC 546 1
Net Defender Net Defender Net Defender Net Defender
By:
Krishna Maddikara
Synopsis of PresentationSynopsis of Presentation
• Security Issues
• Firewalls:
– How do they work?
– What can they do?
• The future of Security called
“Net Defender”
Security Issues Today:Security Issues Today:
• What are the issues and problems?
• Who are the intruders and why?
• What are their techniques?
What are the Issues & Problems?What are the Issues & Problems?
• Security was not a fundamental design consideration
• The Internet is growing exponentially
• User dependence is increasing;
• With increasing complexity
• There are billions of entry points
Who are the intruders?Who are the intruders?
• CriminalsCriminals
• “ “CuriousCurious” Intruders” Intruders
• InsidersInsiders
• Corporate SpiesCorporate Spies
Motives:Motives:
• Money
• Access to additional resources
• Competitive advantages
• Curiosity and Mischief
Possible Attacks:Possible Attacks:
• Compromises and Vulnerabilities
• DDoS (Distributed Denial of Service)
• “Sniffing”
• Port Scanning
• Malicious code
Example of DoS attack:Example of DoS attack:
IntruderIntruder
TargetTarget
ICMP request with ICMP request with spoofed IP of targetspoofed IP of target
Example of DoS attack:Example of DoS attack:
IntruderIntruder
TargetTarget
Flood Target Flood Target with replieswith replies
Finally this report contain information regarding our firewall which we had developed using Packet Filtering Technique.
And now I'll describes its functioning and working in detail.
Net DefendersNet Defenders
What is Net Defender?What is Net Defender?• A simple Firewall for securing Personal Computer from
unauthorized access through Internet or network by novice and advanced users.
• A firewall that monitors all traffic to and from a site This allows for monitoring, filtering, logging, and proper access to the network
Net defender Problem StatementNet defender Problem Statement
Developing a simple Firewall for securing Developing a simple Firewall for securing Personal Computer from unauthorized Personal Computer from unauthorized access through Internet or network by access through Internet or network by novice and advanced users.novice and advanced users.
Objective of Net defender Objective of Net defender Net Defender software is being designed keeping in mind a Net Defender software is being designed keeping in mind a novice user (those who knows very less about networking or novice user (those who knows very less about networking or computers). computers).
We had laid a great deal of stress in providingWe had laid a great deal of stress in providinga sound user interface so that a general user should learn how a sound user interface so that a general user should learn how to use and control this firewall in simple and easy steps.to use and control this firewall in simple and easy steps.
REQUIREMENT ANALYSISREQUIREMENT ANALYSIS
• o Users perspective
• o Developer Perspective
• o Functional Perspective
General System and General System and Interface RequirementsInterface Requirements
1.1. The interface should be intuitive for users to use.The interface should be intuitive for users to use.
2. Users should be able to immediately stop all 2. Users should be able to immediately stop all outgoing Internet traffic using the firewalloutgoing Internet traffic using the firewall..33. . The system should have the ability to notify the The system should have the ability to notify the user about all blocked attacks from the Internet.user about all blocked attacks from the Internet. 1. Users should be able to enable/disable these 1. Users should be able to enable/disable these notifications of attacks.notifications of attacks.
Main ScreenMain Screen
Firewall has a simple user Firewall has a simple user interface that gives you instant interface that gives you instant access to all your securityaccess to all your securityfeaturesfeatures
Add Rule :Add Rule :
This dialog box will help in adding This dialog box will help in adding new rules to Firewall. To create a new rules to Firewall. To create a rule, you must first specify the kind rule, you must first specify the kind of traffic that should be affected by of traffic that should be affected by the rule. There are several different the rule. There are several different characteristics of traffic, each of characteristics of traffic, each of which you can use to specifythe kind which you can use to specifythe kind
of traffic that you want to controlof traffic that you want to control..
Port Scanner:Port Scanner:
• Port Scanner can be opened by going to tool menu and selecting port scanner from there It is a Small Utility for checking a system for open ports. It systematically scans the ports of the computer and report the open port to the user. User then can define the rule in the Firewall to close that particular port
Well-known ports used by TCPWell-known ports used by TCPWell-known ports used by TCPWell-known ports used by TCPPort Protocol Description
7 Echo Echoes a received datagram back to the sender
9 Discard Discards any datagram that is received
11 Users Active users
13 Daytime Returns the date and the time
17 Quote Returns a quote of the day
19 Chargen Returns a string of characters
20 FTP, Data File Transfer Protocol (data connection)
21 FTP, Control File Transfer Protocol (control connection)
23 TELNET Terminal Network
25 SMTP Simple Mail Transfer Protocol
53 DNS Domain Name Server
67 BOOTP Bootstrap Protocol
79 Finger Finger
80 HTTP Hypertext Transfer Protocol
111 RPC Remote Procedure Call
How do Firewalls work?How do Firewalls work?• Most firewalls function through packet
filtering
– Filter based upon port or address
Courtesy http://www.vicomsoft.com/knowledge/reference/firewalls1.html
Filtering based on PortFiltering based on Port• Filtering based on port occurs by
examining the Transport layer
• Deny-all
– Reject all packets except to required services
Courtesy http://www.vicomsoft.com/knowledge/reference/firewalls1.html
Filtering Based on AddressFiltering Based on Address
• The incoming and outgoing address can be examined to see if the computer is allowed access to the network
• However, this can be circumvented by an attacker who fakes the incoming address, making it look as if they are allowed
How Net Defender preventHow Net Defender prevent
• Lets look over some of the common attacks we spoke about
Preventing Compromises and VulnerabilitiesPreventing Compromises and Vulnerabilities
• The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another.
• Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports
Action :• Select whether to Allow that type of traffic to pass threw or
Block it.
Block All• Block All prevents the transmission of ANY AND ALL network
traffic that is attempting to either enter or leave your computer.
Allow All• Allow All effectively disables Firewall protection for both
incoming and outgoing traffic
Port Scanner:Port Scanner:
• Port Scanner can be opened by going to tool menu and selecting port scanner from there
• It is a Small Utility for checking a system for open ports.
• It systematically scans the ports of the computer and report the open port to the user.
• User then can define the rule in the firewall to close that particular port
Working of the filter:Working of the filter:
• working of firewall is based on the following steps
• Ø Extract the packet header
• Ø Check the protocol associated
• Ø Compare with the rules
• Ø Check the source and destination add. If protocol is same
• Ø Check out the port if protocol is TCP
Other Prevention:Other Prevention:• Preventing DDoS:
– Turn off ping except to trusted IP’s
• Preventing Port Scanning:– Turn off all ports except ports needed
– Use NAT to hide IP’s
• Preventing Malicious Code– Difficult to block with firewall
– Internal zones can prevent spreading and contamination
Direction of Internet VulnerabilitiesDirection of Internet Vulnerabilities
• Sophistication of attacks is increasing
• Knowledge is being passed to less knowledgeable
• Vendor testing cycle is decreasing
– Relying on patches
Direction of Internet SecurityDirection of Internet Security
• Better encryption methods
• Adding more security to the transport and IP layer of protocols
– IPSEC
• Packet level security based on socket or destination address
Future Improvements:Future Improvements:
• This analysis can be extended to the level of granularity necessary to move directly into creating a program that will effectively model a firewall in a simple network.
• It could also be extended to model a more complex firewall and/or proxy server.
We would like to thank:We would like to thank:
Mr.P.Ramesh(HOD)
&
Mr.E.Venkataramana(Supervisor)
The class for your time and patience.