Chabot College

ELEC 99.05
Internet Security Introduction

CISCO NETWORKING ACADEMY

Internet Security
TCP/IP and the internet were designed by professionals with a common culture and cooperative goals. Today they are used by a wide range of persons with varying and sometimes malicious goals. The technology of TCP/IP does not assure user security. There are many points at which TCP/IP security can be compromised.
CISCO NETWORKING ACADEMY

Internet Security
Security intrusions over the internet are common. The following slide shows 48 hours of intrusion attempts against a DSL-connected PC Note that the probes come from all over the world, including Romania. Most of these attempts are from script kiddies running a program on a PC to grind through a range of IP addresses.
CISCO NETWORKING ACADEMY

Probes Against DSL-Connected Machine

issueName Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping Back Orifice ping SubSeven port probe SubSeven port probe SubSeven port probe SubSeven port probe DNS port probe DNS port probe FTP port probe FTP port probe NetBIOS port probe NetBIOS port probe NetBIOS port probe NetBIOS port probe PCAnywhere ping PCAnywhere ping PCAnywhere ping SOCKS port probe TCP OS fingerprint TCP OS fingerprint TCP OS fingerprint UDP port probe UDP port probe UDP port probe intruderIp 193.231.209.31 193.226.61.246 193.230.162.163 193.230.162.185 193.230.162.80 139.92.173.88 64.218.67.36 63.197.207.4 63.198.106.43 200.40.59.146 207.42.254.34 24.6.48.235 62.226.25.215 64.161.213.21 63.206.117.39 63.198.183.96 63.198.103.101 63.198.217.105 63.198.176.9 63.198.176.94 63.198.176.227 63.22.60.176 195.120.158.202 208.62.23.150 24.13.154.175 205.188.153.108 205.188.153.106 205.188.153.105 intruderName ppp31.fx.ro ppp53.starnets.ro

slip139-92-173-88.buk.ro.ibm.net DEFAULT B-VANNOY-98WS REYNALDO r200-40-59-146.adinet.com.uy pinnacle.pinnaclenetwork.COM cc750365-a.chmbl1.ga.home.com p3EE219D7.dip.t-dialin.net MODERN-IMAGES TED MONICA & LOUIE adsl-63-198-103-101.dsl.snfc21.pacbell.net JAY'SROOM adsl-63-198-176-9.dsl.snfc21.pacbell.net adsl-63-198-176-94.dsl.snfc21.pacbell.net adsl-63-198-176-227.dsl.snfc21.pacbell.net 2Cust48.tnt10.atl2.da.uu.net

c186232-a.aurora1.co.home.com fes-d012.icq.aol.com fes-d010.icq.aol.com fes-d009.icq.aol.com

parameters type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=53 port=53 port=21 port=21 port=139 port=139 port=139 port=139 port=22 port=5632 port=5632 port=1080 port=21&flags=3 port=9704&flags=3 port=21&flags=3 port=1062 port=1058 port=1654

CISCO NETWORKING ACADEMY

Security Strategies
Use a NAT router to connect to DSL or cable modem. Use a software firewall for dial-up, DSL or cable modem.
(e.g. Zone Alarm, from www.zonelabs.com free)

Read Steve Gibsons excellent Shields-UP site and follow his configuration advice. (free)
CISCO NETWORKING ACADEMY

Shields UP
Key ideas from Shields UP:
As delivered, Windows is not secure when connected to the internet. The key problems can be fixed by a free reconfiguration. Free software firewalls are recommended.

CISCO NETWORKING ACADEMY

Shields UP
Heres how windows protocol bindings are delivered:
Higher Layers
Layer 3 Layer 1&2

CISCO NETWORKING ACADEMY

Shields UP
Binding these Microsoft network services to TCP/IP creates security vulnerabilities!

Problem Bindings

CISCO NETWORKING ACADEMY

Shields UP
Here are the bindings needed for access to the internet:

CISCO NETWORKING ACADEMY

Shields UP
The excellent Shields Up site tells you how to do it!

http://www.grc.com

Bonus Credit Assignment - fix your home PC!

CISCO NETWORKING ACADEMY