Research of the IP-Telephony for the Czech Armed Forces Lt . Bc . Zburníková Lucie
description
Transcript of Research of the IP-Telephony for the Czech Armed Forces Lt . Bc . Zburníková Lucie
Research of the IP-Telephony for the Czech Armed Forces
Lt. Bc. Zburníková LucieZburníková Lucie
Main points of presentationMain points of presentation
characteristic of IP-telephonycharacteristic of IP-telephony
aims of the scientific workaims of the scientific work
DoS attacksDoS attacks
prevention and responseprevention and response
overall summaryoverall summary
22
33
Aims of the scientific workAims of the scientific work
to create a possible network diagramto create a possible network diagram
to categorize the DoS attacksto categorize the DoS attacks
to make the total and actual list of them to make the total and actual list of them
to propose the form of detection and to propose the form of detection and counteraction against them counteraction against them
Network diagramNetwork diagram
44
55
Categories and types of Denial of Categories and types of Denial of Service attacksService attacks
• Direct Denial of Service attacks:Direct Denial of Service attacks:
Single-tier attacksSingle-tier attacks
Dual-tier attacksDual-tier attacks
Triple-tier ‘distributed’ attacksTriple-tier ‘distributed’ attacks
• Indirect Denial of Service attacks: Indirect Denial of Service attacks: The LoveBug virusThe LoveBug virus
Code Red and Nimda wormsCode Red and Nimda worms
66
Direct Denial of Service attacksDirect Denial of Service attacks
Single-tier DoS AttacksSingle-tier DoS Attacks (1990-1997) (1990-1997)
Examples: Ping of Death, SYN floods, other Examples: Ping of Death, SYN floods, other malformed packet attacksmalformed packet attacks
Dual-tier DoS Attacks Dual-tier DoS Attacks (late 1997)(late 1997)
Example: SmurfExample: Smurf Triple-tier DDoS AttacksTriple-tier DDoS Attacks (1998-2000) (1998-2000)
Examples: TFN2K, Stacheldraht, Mstream Examples: TFN2K, Stacheldraht, Mstream
77
Compare of the attacksCompare of the attacks Older attacks are ineffective or of low danger. Older attacks are ineffective or of low danger. The attempts that use new vulnerabilities of The attempts that use new vulnerabilities of
systems have low lifetime. systems have low lifetime. Flood attacks are simple, but dangerous.Flood attacks are simple, but dangerous. DDoS flood attacks cause serious problems DDoS flood attacks cause serious problems
which can shift of any server.which can shift of any server. Some new attempts can combine number of Some new attempts can combine number of
different simple attacks and can use DDos.different simple attacks and can use DDos.
88
Prevention and ResponsePrevention and Response
IIntrusion detection systemntrusion detection system ( (IDSIDS) ) network intrusion detection system network intrusion detection system protocol-based protocol-based intrusion detection system intrusion detection system
(Example: Snort) (Example: Snort) application protocol-based intrusion detection system application protocol-based intrusion detection system host-based intrusion detection system host-based intrusion detection system hybrid intrusion detection system (Example: Prelude)hybrid intrusion detection system (Example: Prelude)
Intrusion prevention systemIntrusion prevention system
(Self)defence against DoS attacks(Self)defence against DoS attacks
-
Network-Based
Host-Based
+
• It's able to verify if attack was succesful or not.
• The functionality isn't affected by transmission or using the encryption.
• It's able to prevent the attack.
• It uses server as a source.
• The possibility of usage depends on OS.
• The extensibility - requires
installation of one agent / server.
• It protects all terminal station on the monitoring net.
• It has no influence on function of the terminal stations / servers.
• It's able to detect DoS attacks.
• There are more difficult implement. in the environment of the switching LAN.
• Monitoring above 1Gb/s is the problem for now.
• Generally it can't for-actively stop the attack.
Network-based vs. host-based system
1010
Solution Set
RouterSensor
HostSensor
FirewallSensor
Mgmt
NetworkSensor 4210 4235 4250
Standard EditionWeb Server Edition
1700 2600 3600 7xxx
Secure Command Line
Web UIEmbedded Mgr
CiscoWorks VMS
SwitchSensor
Catalyst 6500IDS Module
3700
501 506E 515E 525 535
IDS on platforms of Cisco
1111
General defenceGeneral defence
The systems for detection (and prevention) The systems for detection (and prevention) unauthorized intersection get past accessories unauthorized intersection get past accessories for security nets by the firewalls. for security nets by the firewalls.
We obtain high level of defence in the face of We obtain high level of defence in the face of unauthorized activities by the combination of net unauthorized activities by the combination of net IDS and IDS for servers. IDS and IDS for servers.
The correct function of IDS has to be supported The correct function of IDS has to be supported by regular plotting the adventitious information by regular plotting the adventitious information and upgrade of the system.and upgrade of the system.
Overall summaryOverall summary
VoIP telephony has a great potential to bring VoIP telephony has a great potential to bring considerable advantages into considerable advantages into telecommunications in comparison with standard telecommunications in comparison with standard technologies.technologies.
The main advantage is cost reduction especially The main advantage is cost reduction especially in the case of long distance calls.in the case of long distance calls.
It offers quality phone services including secure It offers quality phone services including secure voice and development voice and development prevention and prevention and response.response.
1212