當前位置：首頁 > 報告詳情

思科：2020年國際互聯網協會思科NTW 2000網絡安全報告（英文版）（169頁）.pdf

上傳人： Me****y 編號：19610 2020-09-24 PDF PDF 169頁 2.09MB

文檔加載中……請稍候！
如果長時間未打開，您也可以點擊刷新試試。

下載報告到電腦，查找使用更方便

VIP專享文檔

書簽

分享

收藏

已收藏

版權投訴

/169

立即下載

word格式文檔無特別注明外均可編輯修改，預覽文件經過壓縮，下載原文更清晰！

三個皮匠報告文庫所有資源均是客戶上傳分享，僅供網友學習交流，未經上傳用戶書面授權，請勿作商用。

《思科：2020年國際互聯網協會思科NTW 2000網絡安全報告（英文版）（169頁）.pdf》由會員分享，可在線閱讀，更多相關《思科：2020年國際互聯網協會思科NTW 2000網絡安全報告（英文版）（169頁）.pdf（169頁珍藏版）》請在三個皮匠報告上搜索。

1、1 2000, Cisco Systems, Inc. NTW 2000 Network SecurityNetwork Security ISOC NTW 2000ISOC NTW 2000 2 2000, Cisco Systems, Inc. NTW 200022000, Cisco Systems, Inc. IntroductionIntroduction 3 2000, Cisco Systems, Inc. NTW 2000 Network Security ComponentsNetwork Security Components 4 2000, Cisco Systems,

2、Inc. NTW 2000 ISP ExampleISP Example . . . Customer Site ISP Management Plane. . . T1 WWW DNS1 Pub1TFTPDNS2Pub 2 ISP Service Plane Foreign Site Internet 5 2000, Cisco Systems, Inc. NTW 2000 Enterprise ExampleEnterprise Example Protected Network Engineering Admin Finance Dial-Up Access Business Partn

3、ers DNS Server WWW Server Internet 6 2000, Cisco Systems, Inc. NTW 2000 Current Threats and Current Threats and Attack MethodsAttack Methods 62000, Cisco Systems, Inc. 7 2000, Cisco Systems, Inc. NTW 2000 Attack TrendsAttack Trends Exploiting passwords and poor configurations Software bugs Trojan ho

4、rses Sniffers IP address spoofing Toolkits Distributed attacks 8 2000, Cisco Systems, Inc. NTW 2000 Attack TrendsAttack Trends High Low 19882000 Attack Sophistication Attacker Knowledge 9 2000, Cisco Systems, Inc. NTW 2000 Vulnerability Exploit Cycle Advanced Intruders Discover Vulnerability Crude E

5、xploit Tools Distributed Novice Intruders Use Crude Exploit Tools Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools Intruders Begin Using New Types of Exploits Source: CERT Coordination Center 10 2000, Cisco Systems, Inc. NTW 2000 Increasingly Serious Impa

6、ctsIncreasingly Serious Impacts $10M transferred out of one banking system Loss of intellectual property - $2M in one case, the entire company in another Extensive compromise of operational systems - 15,000 hour recovery operation in one case Alteration of medical diagnostic test results Extortion -

7、 demanding payments to avoid operational problems 11 2000, Cisco Systems, Inc. NTW 2000 Evolving DependenceEvolving Dependence Networked appliances/homes Wireless stock transactions On-line banking Critical infrastructures Business processes 12 2000, Cisco Systems, Inc. NTW 2000 100% vulnerable Inte

8、rnalInternal ExploitationExploitation ExternalExternal ExploitationExploitation 75% vulnerable Internet The Communitys VulnerabilityThe Communitys Vulnerability Source: Cisco Security Posture Assessments 1996-1999 13 2000, Cisco Systems, Inc. NTW 2000 0 10 20 30 40 50 60 70 19961997199819992000 Yes

9、No Dont Know Unauthorized UseUnauthorized Use Percentage of Respondents Source: 2000 CSI/FBI Computer Crime and Security Survey 14 2000, Cisco Systems, Inc. NTW 2000 ConclusionConclusion Sophisticated attacks + Dependency + Vulnerability 15 2000, Cisco Systems, Inc. NTW 2000 Classes of AttacksClasse

10、s of Attacks Reconnaisance Unauthorized discovery and mapping of systems, services, or vulnerabilities Access Unauthorized data manipulation, system access, or privilege escalation Denial of Service Disable or corrupt networks, systems, or services 16 2000, Cisco Systems, Inc. NTW 2000 Reconnaissanc

11、e MethodsReconnaissance Methods Common commands and administrative utilities nslookup, ping, netcat, telnet, finger, rpcinfo, File Explorer, srvinfo, dumpacl Public tools Sniffers, SATAN, SAINT, NMAP, custom scripts 17 2000, Cisco Systems, Inc. NTW 2000 Network Network SniffersSniffers telnet Router

12、5 User Access Verification Username: squiggie password: Sq%*jkl;T Router5ena Password: jhervq5 Router5# Got It ! Router5 18 2000, Cisco Systems, Inc. NTW 2000 ISP ExampleISP Example . . . Customer Site ISP Management Plane. . . T1 WWW DNS1 Pub1TFTPDNS2Pub 2 ISP Service Plane Foreign Site Internet 19

13、 2000, Cisco Systems, Inc. NTW 2000 Enterprise ExampleEnterprise Example Protected Network Engineering Admin Finance Dial-Up Access Business Partners DNS Server WWW Server Internet 20 2000, Cisco Systems, Inc. NTW 2000 nmapnmap network mapper is a utility for port scanning large networks: TCP connec

14、t() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep) TCP Ping s

15、canning Direct (non portmapper) RPC scanning Remote OS Identification by TCP/IP Fingerprinting (nearly 500) Reverse-ident scanning. 21 2000, Cisco Systems, Inc. NTW 2000 nmapnmap nmap Scan Type(s) Options Example: my-unix-host% nmap -sT my-router Starting nmap V. 2.53 by fyodorinsecure.org ( www.ins

16、ecure.org/nmap/ ) Interesting ports on my- (10.12.192.1) (The 1521 ports scanned but not shown below are in state closed) Port State Service 21/tcpopen ftp 22/tcpopenssh 23/tcpopen telnet 25/tcpopensmtp 37/tcpopen time 80/tcpopen http 110/tcpopen pop-3 22 2000, Cisco Systems, Inc. NTW 2000 Why Do Yo

17、u Care?Why Do You Care? The more information you have, the easier it will be to launch a successful attack: Map the network Profile the devices on the network Exploit discovered vulnerabilities Achieve objective 23 2000, Cisco Systems, Inc. NTW 2000 Exploiting passwords Brute force Cracking tools Ex

18、ploit poorly configured or managed services anonymous ftp, tftp, remote registry access, nis, Trust relationships: rlogin, rexec, IP source routing File sharing: NFS, Windows File Sharing Access MethodsAccess Methods 24 2000, Cisco Systems, Inc. NTW 2000 Access Methods Access Methods contdcontd Expl

19、oit application holes Mishandled input data: access outside application domain, buffer overflows, race conditions Protocol weaknesses: fragmentation, TCP session hijacking Trojan horses: Programs that plant a backdoor into a host 25 2000, Cisco Systems, Inc. NTW 2000 IP PacketIP Packet Internet Prot

20、ocol IP = connectionless network layer SAP = 32 bits IP address RFC 791, Sep 1981 26 2000, Cisco Systems, Inc. NTW 2000 IP: Packet FormatIP: Packet Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Versio

21、n| IHL |Type of Service| Total Length| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

22、-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Options| Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Internet Datagra

23、m Header 27 2000, Cisco Systems, Inc. NTW 2000 IP SpoofingIP Spoofing A B C Attacker Hi, my name is B 28 2000, Cisco Systems, Inc. NTW 2000 IP: Normal RoutingIP: Normal Routing Ra Rb Rc A B C Routing based on routing tables A - B A - B A - B B via Rb C via Rc A, C via Ra B via Ethernet B,C via Ra 29

24、 2000, Cisco Systems, Inc. NTW 2000 IP: Source RoutingIP: Source Routing Ra Rb Rc A B C A - B via Ra, Rb B unknown C via Rc Routing based on IP datagram option A - B via Ra, Rb A - B via Ra, Rb 30 2000, Cisco Systems, Inc. NTW 2000 IP Unwanted RoutingIP Unwanted Routing DMZ intranet Internet R1 R2 C

25、 A C-A via R1, R2 C-A via R1, R2 C-A via R1, R2 C-A via R1,R2 A unknown B via Internet A unknown B via R1 A unknown B via DMZ A via Intranet B via DMZ C unknown B 31 2000, Cisco Systems, Inc. NTW 2000 IP Unwanted Routing (IP Unwanted Routing (ContCont.) .) B (acting as router) Internet dial-up PPP i

26、ntranet A C A unknown B via Internet A unknown B via PPP A via Ethernet C via PPP C-A via B C-A via B C-A via B 32 2000, Cisco Systems, Inc. NTW 2000 IP Spoofing Using Source IP Spoofing Using Source RoutingRouting Ra Rb Rc A B C B-A via C, Rc,Ra Back traffic uses the same source route B-A via C,Rc

27、Ra B-A via C,Rc,Ra A-B via Ra, Rc,C A-B via Ra, Rc,C A-B via Ra, Rc,C B is a friend allow access 33 2000, Cisco Systems, Inc. NTW 2000 Transport Control ProtocolTransport Control Protocol TCP = connection oriented transport layer RFC 793, Sep 1981 SAP= 16 bits TCP ports 34 2000, Cisco Systems, Inc.

28、NTW 2000 TCP Packet FormatTCP Packet Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number

29、| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Acknowledgment Number| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

30、-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TCP Header Format 35 2000, Cis

31、co Systems, Inc. NTW 2000 TCP connection establishmentTCP connection establishment B A flags=SYN, seq=(Sb,?) flags=SYN+ACK, seq=(Sa,Sb) flags=ACK, seq=(Sb,Sa) flags=ACK, seq=(Sb,Sa+8) data=“Username:” 36 2000, Cisco Systems, Inc. NTW 2000 TCP blind spoofingTCP blind spoofing BA flags=SYN, seq=(Sb,?)

32、 flags=SYN+ACK, seq=(Sa,Sb) flags=ACK, seq=(Sb,Sa) flags=ACK, seq=(Sb,Sa+8) data=“Username:” C masquerading as B flags=ACK, seq=(Sa+8,Sb+7) data=“myname” C guesses SaC guesses SaC guesses Sa A believes the connection comes from B and starts the application (e.g. rlogin) A believes the connectionA be

33、lieves the connection comes from B and startscomes from B and starts the application (e.g.the application (e.g. rloginrlogin) ) 37 2000, Cisco Systems, Inc. NTW 2000 TCP blind spoofing (TCP blind spoofing (ContCont.) .) C masquerades as B A believes the connection is coming from trusted B C does not

34、 see the back traffic For this to work, the real B must not be up, and C must be able to guess As sequence number 38 2000, Cisco Systems, Inc. NTW 2000 TCP session hijackingTCP session hijacking BA flags=SYN, seq=(Sb,?) flags=SYN+ACK, seq=(Sa,Sb) flags=ACK, seq=(Sb,Sa) “Password:”, seq=(Sb,Sa+9) “Xy

35、zzy” , seq=(Sa+9,Sb+5) “delete *”, seq=(Sb+5,Sa+18) C masquerading B B initiates a connection with A and is authenticated by application on A B initiates a connection with AB initiates a connection with A and is authenticated and is authenticated by application on Aby application on A C guesses Sa,

36、Sb C inserts invalid data C guesses Sa,C guesses Sa, SbSb C inserts invalid dataC inserts invalid data 39 2000, Cisco Systems, Inc. NTW 2000 It Never EndsIt Never Ends Latest FTP Vulnerability “Because of user input going directly into a format string for a *printf function, it is possible to overwr

37、ite important data, such as a return address, on the stack. When this is accomplished, the function can jump into shell code pointed to by the overwritten eip and execute arbitrary commands as root. While exploited in a manner similar to a buffer overflow, it is actually an input validation problem.

38、 Anonymous ftp is exploitable making it even more serious as attacks can come anonymously from anywhere on the internet.” Source: SecurityFocus.Com, 2000 40 2000, Cisco Systems, Inc. NTW 2000 Denial of Service MethodsDenial of Service Methods Resource Overload Disk space, bandwidth, buffers, . Ping

39、floods, SYN flood, UDP bombs, . Software bugs Out of Band Data Crash: Ping of death, fragmentation Toolkits: TRINOO,Tribal Flood Net and friends Distributed attacks for amplification 41 2000, Cisco Systems, Inc. NTW 2000 IP Normal FragmentationIP Normal Fragmentation IP largest data is 65.535 = 216-

40、1 IP fragments a large datagram into smaller datagrams to fit the MTU fragments are identified by fragment offset field destination host reassembles the original datagram 42 2000, Cisco Systems, Inc. NTW 2000 IP Normal Fragmentation (IP Normal Fragmentation (ContCont.) .) TL=1300, FO=0data length 12

41、80 TL=500, FO=0data length 480 TL=500, FO=480data length 480 TL=360, FO=960data length 340 Before fragmentation: After fragmentation (MTU = 500): IP HeaderIP data 43 2000, Cisco Systems, Inc. NTW 2000 IP NormalIP Normal ReassemblyReassembly TL=500, FO=0data length 480 TL=500, FO=480data length 480 T

42、L=360, FO=960data length 340 Received from the network: Kernel memory at destination host Reassembly buffer, 65.535 bytes 44 2000, Cisco Systems, Inc. NTW 2000 IPIP ReassemblyReassembly AttackAttack send invalid IP datagram fragment offset + fragment size 65.535 usually containing ICMP echo request

43、(ping) not limited to ping of death ! 45 2000, Cisco Systems, Inc. NTW 2000 IPIP ReassemblyReassembly Attack (Attack (ContCont.) .) TL=1020, FO=0data length 1000 TL=1020, FO=65000data length 1000 Received from the network: Reassembly buffer, 65.535 bytes 64 IP fragments 64 IP fragments with data len

44、gth 1000 . Kernel memory at destination host BUG: buffer exceededBUG: buffer exceededBUG: buffer exceeded 46 2000, Cisco Systems, Inc. NTW 2000 SYN attackSYN attack BA flags=SYN, seq=(Sb,?) flags=SYN+ACK, seq=(Sa,Sb) C masquerading as B A allocates kernel resource for handling the starting connectio

45、n A allocates kernel resourceA allocates kernel resource for handling the starting connectionfor handling the starting connection No answer from B 120 sec timeout Free the resource No answer from BNo answer from B 120 sec timeout120 sec timeout Free the resourceFree the resource Denial of Services k

46、ernel resources exhausted 47 2000, Cisco Systems, Inc. NTW 2000 Directed Broadcast PING SMURF AttackSMURF Attack 172.18.1.2 160.154.5.0 ICMP REQ D=160.154.5.255 S= 172.18.1.2 ICMP REPLY D=172.18.1.2 S=160.154.5.10 ICMP REPLY D=172.18.1.2 S=160.154.5.11 ICMP REPLY D=172.18.1.2 S=160.154.5.12 ICMP REP

47、LY D=172.18.1.2 S=160.154.5.13 ICMP REPLY D=172.18.1.2 S=160.154.5.14 Attempt to overwhelm WAN link to destination 48 2000, Cisco Systems, Inc. NTW 2000 DDoS Step 1: Find Vulnerable DDoS Step 1: Find Vulnerable HostsHosts Attacker Use reconnaissance tools locate Use reconnaissance tools locate vulne

48、rable hosts to be used as mastersvulnerable hosts to be used as masters and daemonsand daemons 49 2000, Cisco Systems, Inc. NTW 2000 DDoS Step 2: Install Software on DDoS Step 2: Install Software on Masters and Agents Masters and Agents Attacker Innocent Master Innocent Master Innocent daemon agents Innocent daemon agents 1) Use master and agent programs 1) Use master and agent programs on all cracked hosts on all cracked hosts 2) create a hierarchical covert control2) create

相關圖表

本文主要介紹了網絡安全的重要性，以及如何保護網絡免受攻擊。文章首先指出，隨著網絡的普及和人們對網絡的依賴增加，網絡安全問題日益嚴重。接著，文章詳細介紹了各種網絡攻擊手段，包括密碼攻擊、軟件漏洞利用、特洛伊木馬、嗅探器、IP地址欺騙、工具包和分布式攻擊等。文章還指出，攻擊者通常會利用網絡設備的配置不當或管理不善來發動攻擊。為了保護網絡，文章建議制定網絡安全政策，包括訪問控制、認證、問責制、隱私保護、違規處理等。此外，還應開發安全計劃，保護網絡，并制定事故響應程序。文章還提到了一些制定網絡安全政策的資源，如AusCERT網站、RFC 2196《站點安全手冊》和RFC 1281《互聯網安全操作指南》等。總的來說，本文強調了網絡安全的重要性，并提供了保護網絡免受攻擊的建議和資源。

網絡安全的威脅有哪些？如何防范分布式拒絕服務攻擊？企業應如何制定安全策略？

相關報告

聯系我們

0731-84720580
sgpjbg002
工作日 9:30 - 18:00

關于我們

侵權處理

關于我們

出版物經營許可證
工信部備案號：湘ICP備17000430號-2
公安備案號：湘公網安備43010402001071號

三個皮匠報告專業的行業報告下載站，每日更新，歡迎大家關注！

copyright@2008-2013 長沙景略智創信息技術有限公司版權所有
網站備案/許可證號：湘B2-20190120

客服

小程序

服務號

折疊

午夜网日韩中文字幕,日韩Av中文字幕久久,亚洲中文字幕在线一区二区,最新中文字幕在线视频网站