APNIC eLearning:

Network Security
Fundamentals

Contact: training@apnic.net

eSEC01_v1.0
Overview
• Goals of Information Security
• Attacks on Different Layers
• Attack Examples
• Trusted Network
• Access Control
• Cryptography
• Public Key Infrastructure
• VPN and IPSec
• Security Management
• Whois Database
1
Goals of Information Security

SECURITY
Confidentiality Integrity Availability

prevents safeguards the authorized

unauthorized accuracy and users have
use or completeness reliable and
disclosure of of information timely access
information to information
Why Security?
• The Internet was initially designed for connectivity
– Trust assumed
– We do more with the Internet nowadays
– Security protocols are added on top of the TCP/IP
• Fundamental aspects of information must be protected
– Confidential data
– Employee information
– Business models
– Protect identity and resources
• We can’t keep ourselves isolated from the Internet
– Most business communications are done online
– We provide online services
– We get services from third-party organizations online
Attacks on Different Layers
Application Layer 7: DNS, DHCP, HTTP, FTP, IMAP,
Application
LDAP, NTP, Radius, SSH, SMTP, SNMP,
Telnet, TFTP
DNS Poisoning, Phishing,
Presentation SQL injection, Spam/Scam

Session Layer 5: SMB, NFS, Socks

Transport
Transport Layer 4: TCP, UDP TCP attacks, Routing
attack, SYN flooding,
Sniffing
Network Internet
Layer 3: IPv4, IPv6, ICMP, IPSec
Ping/ICMP Flood

Data Link Layer 2: PPTP, Token Ring

ARP spoofing, MAC
Network Access
flooding
Physical
OSI Reference Model TCP/IP Model
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets without replying
with the ACK packet
• Finite queue size for incomplete connections

SYN

SYN+ACK

ACK
Server
CONNECTION ESTABLISHED
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets without replying
with the ACK packet
• Finite queue size for incomplete connections
SYN

SYN+ACK

Attacker Server
(Victim)

ACK? OPEN CONNECTIONS

 DNS Cache Poisoning

3
1
www.example.com 192.168.1.99
I want to access
www.example.com QID=64569
QID=64570 (pretending to be
the authoritative
QID=64571 match!
zone)
2
QID=64571
Client DNS Caching Root/GTLD
Server

QID=64571
3
www.example.com 192.168.1.1

Webserver
(192.168.1.1) ns.example.com
1
Common Types of Attack
• Ping sweeps and port scans - reconnaissance
• Sniffing – capture packet as they travel through the network
• Man-in-the-middle attack – intercept messages that are
intended for a valid device
• Spoofing - set up a fake device and trick others to send
messages to it
• Hijacking – take control of a session
• Denial of Service (DoS) and Distributed DoS (DDoS)
Trusted Network
• Standard defensive-oriented technologies
– Firewall – first line of defense
– Intrusion Detection

• Build TRUST on top of the TCP/IP infrastructure

– Strong authentication
• Two-factor authentication
• something you have + something you know
– Public Key Infrastructure (PKI)
Access Control
• Access control - ability to permit or deny the use of an
object by a subject.
• It provides 3 essential services (known as AAA):
– Authentication (who can login)
– Authorization (what authorized users can do)
– Accountability (identifies what a user did)
Cryptography
• Has evolved into a complex science in the field of
information security
• Encryption – process of transforming plaintext to ciphertext
using a cryptographic key
• Symmetric key cryptography – uses a single key to encrypt
and decrypt information. Also known as private key.
– Includes DES, 3DES, AES, IDEA, RC5

• Asymmetric key cryptography – separate keys for

encryption and decryption (public and private key pairs)
– Includes RSA, Diffie-Hellman, El Gamal
2
Cryptography

ENCRYPTION DECRYPTION
ALGORITHM ALGORITHM
Plaintext Ciphertext Plaintext

Encryption Key Decryption Key

Symmetric Key
Cryptography Shared Key Shared Key

Asymmetric Key
Cryptography Public Key Private Key
Public Key Infrastructure
• Combines public key cryptography and digital signatures to
ensure confidentiality, integrity, authentication, non-
repudiation, and access control
• Digital certificate – basic element of PKI; secure credential
that identifies the owner
• Basic Components:
– Certificate Authority (CA)
– Registration Authority (RA)
– Repository
– Archive
Security on Different Layers

Application Layer 7: DNS, DHCP, HTTP, FTP, IMAP,

LDAP, NTP, Radius, SSH, SMTP, SNMP,
Telnet, TFTP
Presentation DNS HTTPS, DNSSEC,
Poisoning, PGP,SQL
Phishing, SMIME
injection,
Session Layer 5:Spam/Scam
SMB, NFS, Socks

Transport Layer 4: TCP, UDP TCP attacks,

TLS, SSL, SSH attack,
Routing
SYN flooding, Sniffing

Network Layer 3: IPv4, IPv6, ICMP, IPSec

IPSecFlood
Ping/ICMP

Data Link Layer 2: VTP, PPTP, Token Ring

ARP 802.1X,
IEEE PPP
spoofing, & PPTP
MAC flooding
Physical
Virtual Private Network
• Creates a secure tunnel over a public network
– Client-to-firewall, router-to-router, firewall-to-firewall

• VPN Protocol Standards

– PPTP (Point-to-Point tunneling Protocol)
– L2F (Layer 2 Forwarding Protocol)
– L2TP (Layer 2 Tunneling Protocol)
– IPSec (Internet Protocol Security)
Different Layers of Encryption
Application Layer – SSL, PGP, SSH, HTTPS

Source Destination
Network Layer - IPSec

Link Layer Encryption

IPSec
• Provides Layer 3 security
• Tunnel or Transport mode
– Tunnel mode – entire IP packet is encrypted
– Transport mode – IPSec header is inserted in to the packet

• Combines different components:

– Security associations, Authentication headers (AH), Encapsulating
security payload (ESP), Internet Key Exchange (IKE)

• A security context for the VPN tunnel is established via the

ISAKMP
Internet Security Protocols
• Layer 4 security: TLS, SSL, SSH
• SSL/TLS (Secure Socket Layer / Transport Layer Security)
– Session-based encryption and authentication for secure
communication (prevent eavesdropping)
– TLS is the IETF standard succeeding SSL
– Uses RSA asymmetric key system

• Secure Shell (SSH2) – secure channel between devices,

replaces telnet and rsh
Security Management
• Network security is a part of a bigger information security
plan
• Policies vs. Standards vs. Guidelines
• Must develop and implement comprehensive security policy
– Minimum password length, frequency of password change
– Access of devices, host firewalls
– User creation/deletion process
– Data signing/encryption
– Encrypting all communication (remote access)
– Use of digital certificates

• Disaster Recovery and Attack Mitigation Plan

Whois Database
• Public network management database
• Tracks network resources
– IP addreses, ASNs, reverse domains, routing

• Records administrative info

– Contacts (person/role), authorization (maintainer)

• All Members must register their resources in the Whois

database
• Must keep records up to date at all times
Questions
• Please remember to fill out the
feedback form
– <survey-link>
• Slide handouts will be available
after completing the survey
APNIC Helpdesk Chat
Thank You!
End of Session