Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Topics in network security

6,943 views

Published on

VPN, Malware Analysis, Digital Forensics, Penetration Testing, Firewalls etc.

Published in: Technology
  • Login to see the comments

Topics in network security

  1. 1. Dr. M Nasir Mumtaz Bhutta Institute of Computing Bahauddin Zakariya University Multan, Punjab, 60,000 Pakistan Email: bhutta.nasir@gmail.com www.bzu.edu.pk Network Security Course Miscellaneous Topics 12 January 2014
  2. 2. Dr. M N M Bhutta www.bzu.edu.pk Secure Socket Layer/ Transport Layer Security • Transport Layer Security (TLS) and its predecessors Secure Socket Layer (SSL) provides security (confidentiality & integrity) at transport layer in TCP/IP stack and at session layer in OSI model. • Client and Server should setup a TLS connection before communicating securely with each other. • It uses PKI for secure channel setup and exchanges symmetric session key. • Symmetric cryptography is used for main security operations. • SSL has been superseded by TLS. Current TLS version is 1.2 and TLS 1.3 is available in draft version. 2
  3. 3. Dr. M N M Bhutta www.bzu.edu.pk Virtual Private Network (VPN) • VPN extends private networks across public network (internet). • Enables computer and network devices to send and receive data across public network as if they are on private networks. • Major implementations of VPN include OpenVPN and IPsec. 3
  4. 4. Dr. M N M Bhutta www.bzu.edu.pk Firewall • A system to control the incoming and outgoing traffic based on applied rules. – Packet filtering can control the traffic e.g. source and destination IP addresses, port No etc. – The information about connection and packets can be used to filter the packets (e.g. packets passing for existing connections, new connection packets etc.) – The traffic can be controlled on all layers up to application layer (e.g. information about protocols can be used to filter the traffic like DNS, HTTP etc.) 4
  5. 5. Dr. M N M Bhutta www.bzu.edu.pk Malwares • Common Malwares: 5
  6. 6. Dr. M N M Bhutta www.bzu.edu.pk Malware Analysis/Reverse Engineering • Art of dissection of malware: – To provide information about intrusion/attack (what exactly happened). – The goal is exactly to find out: what a suspect binary program can do, how to detect it, and how to measure and contain its damage. • Host based signatures and network based signatures are used to detect malwares on computers and networks. • Most often malware analysis is performed on executable files using following techniques: – Basic and Advanced Static Analysis – Basic and Advanced Dynamic Analysis 6
  7. 7. Dr. M N M Bhutta www.bzu.edu.pk Malware Analysis/Reverse Engineering – II • Basic Static Analysis – It is performed on executable file without actually running it and without viewing the instructions code. – It answers whether file is malicious, provide information about its functionality and some times to produce network signatures to detect malwares. • Advanced Static Analysis – It is performed by dissecting the malware executable by loading it into disassembler and looking into its instructions to find out what malware do. • Basic dynamic Analysis – It involves running the malware and observing its behaviour on the system in order to remove the files, produce effective signatures. • Advanced Dynamic Analysis – It involves debugging the internal state of malicious executable. 7
  8. 8. Dr. M N M Bhutta www.bzu.edu.pk Penetration Testing/Ethical Hacking (Web and Infrastructure Hacking) • Penetration testing is legal and authorized exploitation of computer systems to make them more secure. • Penetration testing is performed in following phases: – Reconnaissance: collecting detailed information about system (e.g. all machines IP addresses etc. ) – Scanning: 1. Port Scanning (finding open ports on systems and services being run). 2. Vulnerability Scanning (finding known vulnerabilities for services running on the system) – Exploitation: Attacking the system for the found vulnerabilities. – Maintaining Access: After exploitation, creating a permanent backdoor for easy access to the system later on. – Reporting: Details about the found issues, detailed procedures and presenting solutions to mitigate the security issues found. 8
  9. 9. Dr. M N M Bhutta www.bzu.edu.pk Digital Forensics (Computer & Network Forensics) • It is defined as application of science to law. • It is the application of collection, examination and analysis of data while preserving the integrity of data and chain of custody. • The process usually consists of following phases: – Collection: Identifying, collecting, labelling and storing data. – Examination: Assessing and extracting particular interest of data. – Analysis: Analysing the data using legally justifiable techniques. – Reporting: Reporting results of analysis (actions to be taken to secure against vulnerabilities, information about crime/attack etc) 9
  10. 10. Dr. M N M Bhutta www.bzu.edu.pk10 Practice ! Don’t try at home and/or without required permissions
  11. 11. Dr. M N M Bhutta www.bzu.edu.pk11 Thanks for listening ! »Questions ?

×