Professional Documents
Culture Documents
ELEC 99.05
Internet Security Introduction
Internet Security
TCP/IP and the internet were designed by professionals with a common culture and cooperative goals. Today they are used by a wide range of persons with varying and sometimes malicious goals. The technology of TCP/IP does not assure user security. There are many points at which TCP/IP security can be compromised.
CISCO NETWORKING ACADEMY
Internet Security
Security intrusions over the internet are common. The following slide shows 48 hours of intrusion attempts against a DSL-connected PC Note that the probes come from all over the world, including Romania. Most of these attempts are from script kiddies running a program on a PC to grind through a range of IP addresses.
CISCO NETWORKING ACADEMY
slip139-92-173-88.buk.ro.ibm.net DEFAULT B-VANNOY-98WS REYNALDO r200-40-59-146.adinet.com.uy pinnacle.pinnaclenetwork.COM cc750365-a.chmbl1.ga.home.com p3EE219D7.dip.t-dialin.net MODERN-IMAGES TED MONICA & LOUIE adsl-63-198-103-101.dsl.snfc21.pacbell.net JAY'SROOM adsl-63-198-176-9.dsl.snfc21.pacbell.net adsl-63-198-176-94.dsl.snfc21.pacbell.net adsl-63-198-176-227.dsl.snfc21.pacbell.net 2Cust48.tnt10.atl2.da.uu.net
parameters type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 type=PING(1)&passwd=0x7 port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=27374&name=Sub_7_ port=53 port=53 port=21 port=21 port=139 port=139 port=139 port=139 port=22 port=5632 port=5632 port=1080 port=21&flags=3 port=9704&flags=3 port=21&flags=3 port=1062 port=1058 port=1654
Security Strategies
Use a NAT router to connect to DSL or cable modem. Use a software firewall for dial-up, DSL or cable modem.
(e.g. Zone Alarm, from www.zonelabs.com free)
Read Steve Gibsons excellent Shields-UP site and follow his configuration advice. (free)
CISCO NETWORKING ACADEMY
Shields UP
Key ideas from Shields UP:
As delivered, Windows is not secure when connected to the internet. The key problems can be fixed by a free reconfiguration. Free software firewalls are recommended.
Shields UP
Heres how windows protocol bindings are delivered:
Higher Layers
Layer 3 Layer 1&2
Shields UP
Binding these Microsoft network services to TCP/IP creates security vulnerabilities!
Problem Bindings
Shields UP
Here are the bindings needed for access to the internet:
Shields UP
The excellent Shields Up site tells you how to do it!
http://www.grc.com