Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Firewalls, Honeypots, and Intrusion Detection: Security Tools for Network Protection, Slides of Web Application Development

An overview of various security tools including firewalls, honey pots, and intrusion detection systems (ids) such as snort and iptables. The functions and types of firewalls, the concept and advantages of honeypots, and the role of ids in network security. Relevant images and quotes from security texts are included.

Typology: Slides

2012/2013

Uploaded on 04/25/2013

baidehi
baidehi 🇮🇳

4.4

(14)

101 documents

1 / 49

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security tools
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31

Partial preview of the text

Download Firewalls, Honeypots, and Intrusion Detection: Security Tools for Network Protection and more Slides Web Application Development in PDF only on Docsity!

Security tools

Outline

• Firewalls and network design

• Honeybots

• IPTables

• Snort

Types of Firewalls

  • packet filtering gateways or screening routers
  • stateful inspection firewalls
  • application proxies
  • guards
  • personal firewalls

From “Security in Computing” by Pfleeger and Pfleeger.Docsity.com

Image from “Computer Security” by Matt Bishop, Addison Wesley.

From “Computer Security” by Matt Bishop

More Realistic Example

Illustrating some current best practices.

Image from “Computer Security” by Matt Bishop, Addison Wesley.

DMZ

Demilitarized Zone.

Part of network that is between internal intranet sand external internet.

Image from “Computer Security” by Matt Bishop, Addison Wesley.

Outer Firewall Configuration

  • Conceal information about internal network (NAT).
  • Only allow expected services (HTTP, HTTPS, SMTP), only to DMZ servers.

Image from “Computer Security” by Matt Bishop, Addison Wesley.

DMZ Mail Server

  • Proxy.
  • Virus scanner.

Image from “Computer Security” by Matt Bishop, Addison Wesley.

Web Server

  • Boot from CDROM
  • All system files and application on CDROM.
  • CGI files on CDROM
  • Pages are updated frequently, so can be on hard drive.

Everything possible is on unalterable media.

No unneeded services are present (no compiler for sure). Only updated via SSH. Docsity.com

Image from “Computer Security” by Matt Bishop, Addison Wesley.

DMZ DNS Server

  • Some hosts.
  • Although hosts may have static addresses for reliability.
  • proxy

Image from “Computer Security” by Matt Bishop, Addison Wesley.

DMZ Log Server

  • All servers write to log.
  • write-once media
  • accept connections from internal network only.

Definition

"… a honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.

The primary value of a honeypot is in the information it provides, which can be used for things such as detection, early warning and prediction, or awareness. While often a computer, a honeypot can take on other forms, such as files or data records, or even unused IP space. Honeypots have no production value; they should not see any traffic or activity. If they do capture any activity, it is most likely malicious or unauthorized.

Honeypots can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to actually break into a system."

Etymology

The term "honeypot" is often understood to refer to the British children's character Winnie-the-Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey.

An alternative explanation for the term is a reflection of the sarcastic term for outhouses …

Many types of Honeypots

  • a honeypot does not even have to be a computer.
  • It can be any type of digital entity (often called a honeytoken) that has no production value.
  • For example, a hospital could create a false set of electronic patient records labeled George W. Bush. Because these records are honeypots, nobody should be accessing or interacting with them.
  • These records could then be implanted into a hospital's patient database as a honeypot component. If any employee or attacker attempted to access these records, this would indicate unauthorized activity because no one should be using these records.

Advantages of Honeypots

  • Honeypots collect only small data sets.
    • Organizations that log thousands of alerts a day may log only a hundred alerts with honeypots. makes the data honeypots collect much easier to manage and analyze.
  • Honeypots reduce false positives.
    • One of the greatest challenges of most detection technologies is that they generate false positives or false alerts.
    • The larger the probability that a security technology produces a false positive, the less likely the technology will be useful.
    • Honeypots dramatically reduce false positives simply because almost any activity with honeypots is by definition unauthorized, making honeypots extremely efficient at detecting attacks.