Network Security: Threats
03 Network Security Threats
https://kali.training/topic/firewall-or-packet-filtering/
1. Packet Filtering
2. Cryptography Tools and Concepts
1. Packet Filtering
Packet
filtering is the use of creating policies within the Linux kernel for the firewall
to accept or drop packets incoming and outgoing from your browser. You
can configure packet filtering as a network gateway only allowing configurations to modify the packets e.g. stopping them from passing through the firewall or letting them through the firewall.
Netfilter
The Linux kernel has a framework known as Netfilter. Netfilter gives the user different functions and operations that allows the filtering of packets between the network application layer (NOT the transport layer).
Netfilter Tables
The Netfilter has different behaviors also known as tables which store rules
The Netfilter has different behaviors also known as tables which store rules
Hook Decisions
the Netfilter framework
Kali linux firewall works with network application layer
Kali linux firewall works with application layer
Open 3 terminals and one internet browser
The 3 terminals are known as
Firewall - A policy is a high statement that must have procedures to follow
Creating a policy with
Iptables –B (means you are going to create a policy)
First
Terminal One
Terminal one will display the packets you are accepting.
Kali Linux
Firewall – Packet Filtering
To take control of the networks firewall in Kali Linux you must:
Open 3 terminals and one internet browser
Terminal one is for inputs
Terminal two is for outputs
Terminal three is for _______
Browser is for browsing
- Creating Policies for the firewall to follow – input terminal #1
Make a policy for the input firewall to accept all packets:
Creating a static IP table
- In the input terminal enter the policy command: iptables –L –v –n
(this
creates a static IP table which means every time new packets have been
created/sent or received you will have to enter the policy command iptable –L –v –n every time to refresh the packets and display the packets inputted in the browser through the input terminal)
Creating a Dynamic IP table
- In the input terminal enter the policy command: iptables –L –v –n -line-numbers
- Creating a Policy in the firewall to drop any packets – input terminal #2
Make a policy for the firewall to
Chains 1: the three chains are input, output and forward.
don't forget to add how to save the firewall configurations.
don't forget to add how to save the firewall configurations.
2. Cryptography Tools and Concepts
What is a channel/channels?
If you sign up to a website and they ask you for a phone number to verify you to the website by text, then this is the organization using a different channel to communicate with you.
Encryption Algorithms
Reversible – means you can encrypt your plain text to ciphertext and then decrpyt the ciphertext back to plain text
Irreversible – Means you can change plain text to cyber text but there is no way to decrpyt back from ciphertext to plain text
Keys
Symmetric is used for encrypting the plain text to ciphertext
Asymmetric is used for decrypting the ciphertext to plain text
Creating a hash then decrpyting it to plain text
- Enter “Hello” and view the hash encrypted text (5d41402abc4b2a76b9719d911017c592)
- To decrypt the hashed information
Reversible – Symmetric / Asymmetric
Both symmetric and asymmetric keys are reversible
Irreversible – Hash Function
As
an example, if you have installed a new operating system, when setting
up the new operating system you are to create an account. When you
create an account, you have an option to create a password for the
account to keep it secure. When you create a password for the system to
log in, the password you enter will be cyphered from plain text to ciphertext.
This
now means that the system has used a checksum function/algorithm which
creates an algorithm to hash the input data and produce a modified
hashed output, aka encryption.
This now means that to log on to the system through that password, you must match the hashed encrypted password.
Using
MD5 to convert the plain text to hash, if the hash matches the
encrypted hash that was encrypted from plain text originally on the
system, then they
other links to write about:
https://security.stackexchange.com/questions/16019/is-aes-slower-to-encrypt-than-md5
why MD5 is much quicker SHA-1, SHA-256 and SHA-3
does speed affect encryption cracking ?
Firewalls
A firewall has policies and rules that are followed to allow the packets through the firewall. The rules are configurations that are set by the user for the firewall to follow. e.g. drop specific packets.
a policy in the firewall will take high effect.
ICMP
ICMP also known as Internet Control Message Protocol - write about ICMP
Stateful firewall
when a type of protocol tries to establish a communication between a workstation and server. Known as handshaking. If the workstation sends a SYN to the server then the workstation is trying to establish communication.
Stateless firewall
https://www.cybrary.it/0p3n/stateful-vs-stateless-firewalls/
proxy firewall
also look up
iptable commands
-L = lists a chain
-F = flushes a chain
-s = Source
-P = policy
-p = protocol
-p tcp --dport tenlnet -j DROP = drop any packets from this
iptables -t nat -L -v -n
ASSIGNMENT
- Download Kali Linux
- Download two/three other operating systems
- Set I.P. Addresses for the other operating systems
- Use Kali Linux to monitor and configure the input forward and output packets for the other operating systems.
https://unix.stackexchange.com/questions/396064/server-replies-to-tcp-syn-packets-with-delay?rq=1
https://en.wikipedia.org/wiki/SYN_flood
https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment
Write about honeypots
- IDS: (intrusion detection system) Detection and alert
whats the difference between IDS and Anti-Virus
IDS vs IPS
https://pdfs.semanticscholar.org/8534/183e987a0536a63b7905a0df35644270d179.pdf