Security Implementation : Products and...
Transcript of Security Implementation : Products and...
![Page 1: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/1.jpg)
Security Implementation :Products and Services
![Page 2: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/2.jpg)
Contents
1. Security Vulnerablility2. Security Products3. Security Services
![Page 3: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/3.jpg)
Security Vulnerability
![Page 4: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/4.jpg)
Security Vulnerability
Definition weakness in a product that could allow an attacker to
compromise the integrity, availability, or confidentiality of that product
Classification by asset Hardware : 온습도, 먼지, 진동 등
Software : Memory leak, Race condition
Networks : Protocol, Traffic
Environment : 전원, 자연재해
Personnel : Password, Management, Audit
![Page 5: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/5.jpg)
Security Vulnerability
Network/Software/Personnel Password Protocol Traffic Application Service Worm
![Page 6: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/6.jpg)
Security Vulnerability
Password ID – email Dictionary attack Brute Force Attack (무차별 대입 공격) : 성공할 때까지 가능한
모든 조합의 경우의 수를 시도해 원하는 공격을 시도하는 것
Alphabet(26) + number(10) = 36 4자리 : 38 ^ 4 = 1,679,6168자리 : 38 ^ 8 = 2,821,109,907,456
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
14 6 6 8 20 6 8 10 14 4 4 8 8 12 14 6 4 12 12 14 10 4 8 2 4 2
![Page 7: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/7.jpg)
Security Vulnerability
Protocol SYN Flooding TCP sequence number guessing ICMP Flooding : ping –f –s 10000 DHCP
Traffic DoS, DDos
Application Exploit Shellcode : buffer overflow Messenger : MS messenger phishing Spyware : PC내 정보수집, 바이러스 감염 경고/결재 유도
![Page 8: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/8.jpg)
Security Vulnerability
Service HTTP, FTP, SMTP, POP3,TELNET, SSH DNS, SNMP, SQL, Oracle Netbios, RPC, Remote Desktop, etc, ….
Worm Slammer worm : 2003.1.25
MSSQL 취약점 이용, PC rebooting10분만에 약 75,000 대 감염
![Page 9: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/9.jpg)
Security Products
![Page 10: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/10.jpg)
Firewall
• Filtered by L2(MAC), IP Header, TCP Header, Protocols
![Page 11: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/11.jpg)
Firewall
![Page 12: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/12.jpg)
Firewall
TCP Header Format
![Page 13: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/13.jpg)
LINUX Netfilter Kernel > 2.4 Main Features
– stateless packet filtering (IPv4 and IPv6)– stateful packet filtering (IPv4 and IPv6)– NAT/NAPT (IPv4 and IPv6)– flexible and extensible infrastructure– multiple layers of API's for 3rd party extensions
Firewall - Implementation
![Page 14: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/14.jpg)
Prerouting Forward Postrouting
Input
Routing
Routing
Local Process
ConntrackMangleNAT(dnat)
filter
FilterConntrack
ConntrackMangleNAT(dnat)filter
Output
NAT(snat)NAT(Masq)conntrack
Firewall - Implementation
Netfilter Architecture
![Page 15: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/15.jpg)
VPN(IPSEC)
Source KISA
![Page 16: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/16.jpg)
VPN(IPSEC)
Overview of IPSEC standards
![Page 17: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/17.jpg)
Internet
IPsec Tunnel or TransportData
Host Host
Internet
IPsec TunnelData
Host HostSecureGateway Secure
Gateway
Transport mode Tunnel mode상위계층 데이터에 보안서비스 제공 전체 IP 패킷에 보안서비스 제공
host에 적용 host와 secure gateway에 적용
VPN(IPSEC)
Operation Modes
![Page 18: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/18.jpg)
VPN(IPSEC)
• Next Header(8 bits)
– Specify the Next Header Type
• Payload Length(8 bits)
– Length of AH in 4-byte Unit
– Null Authentication used for debugging• IPv4 = 1, IPv6 = 2
• RESERVED(16 bits)
– Set ot All “Zero”
• SPI(32 bits)
– Identify the Security Association
– 1~255 : Reserved by IANA
• Sequence Number(32 bits)
– Monotonically Increasing Counter Value
– For the Anti-Replay Service
• Authentication Data(Variable Size)
– ICV of the Packet
Next Header Payload Length RESERVEDSecurity Parameter Index(SPI)Sequence Number Field
Authentication Data(variable)
0 7 8 15 16 31 Authentication Header Format
![Page 19: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/19.jpg)
AH Location - Transport Mode
VPN(IPSEC)
Original IP Header(Any options)
TCP Data
Original IP Header(Any options)
TCP DataAH
IPv4
Before Applying AH
Authenticated except for mutable fields
Original IP Header(Any options)
TCP Data
Original IP Header(Any options)
TCP DataAH
Extension Headersif present
ExtHdr(Hop-by-hop,dest,routing, frag.)
Dest.Options
IPv6
Before Applying AH
Authenticated except for mutable fields
![Page 20: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/20.jpg)
AH Location - Tunnel Mode
VPN(IPSEC)
Original IP Header(Any options)
TCP Data
Original IP Header(Any options)
TCP DataAH
IPv4
Before Applying AH
New IP Header(Any options)
Authenticated except for mutable fields in the New IP Header
Original IP Header(Any options)
TCP Data
Original IP Header(Any options)
TCP DataAH
Extension Headersif present
Ext Hdrsif present
IPv6
Before Applying AH
Ext Hdrsif present
New IP Header(Any options)
Authenticated except for mutable fields in the New IP Header
![Page 21: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/21.jpg)
VPN(IPSEC)
• SPI(32 bits)
– Identify the Security Association
– 1~255 : Reserved by IANA
• Sequence Number(32 bits)
– Monotonically Increasing Counter Value
– For the Anti-Replay Service
• Padding(for Encryption)
– For the Block Cipher
• Payload Data(variable size)
– Upper Layer Data
– IV(Initial Vector) Included
• Pad Length(8 bits)
• Next Header(8 bits)
– Specify the Next Header Type
• Authentication Data(Variable Size)
– ICV of the Packet
Sequence Number FieldPayload Data(variable)
0 15 16 31Security Parameter Index(SPI)
Pad LengthAuthentication Data(variable)
Next Header
Padding(0~255 bytes)
AuthenticationCoverage
ConfidentialityCoverage
ESP Header Format
![Page 22: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/22.jpg)
ESP Header Location - Transport Mode
VPN(IPSEC)
Original IP Header(Any options)
TCP Data
Original IP Header(Any options)
ESP Hdr.
IPv4
Before Applying ESP
TCP Data ESPTrailer
ESPAuth.
Original IP Header(Any options)
Original IP Header(Any options)
ESP Hdr.
Extension Headersif present
ExtHdr(Hop-by-hop,dest,routing, frag.)
Dest.Options
IPv6
Before Applying ESPTCP Data
TCP Data ESPTrailer
ESPAuth.
EncryptedAuthenticated
EncryptedAuthenticated
![Page 23: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/23.jpg)
ESP Header Location - Tunnel Mode
VPN(IPSEC)
Original IP Header(Any options)
TCP Data
New IP Header(Any options)
ESP Hdr.
IPv4
Before Applying ESP
TCP Data ESPTrailer
ESPAuth.
Original IP Header(Any options)
Original IP Header(Any options)
New IP Header(Any options)
ESP Hdr.
Extension Headersif present
Ext Hdrsif present
Orig ExtHeaders
IPv6
Before Applying ESPTCP Data
TCP Data ESPTrailer
ESPAuth.
Original IP Header(Any options)
EncryptedAuthenticated
EncryptedAuthenticated
![Page 24: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/24.jpg)
Introduction to IKE(1/2)
IKE is a mature, complex protocol for securely setting up keyed sessions, in particular IP-Sec Security Associations (SA)
IKE evolved over several years from multiple proposals.IKEv2 is now `draft standard`
IKE runs over UDP (port 500; detect NAT: 4500)One IKE message per UDP datagram
Uses (only) exchanges (request/response)- Initiator makes request, Responder responses- Initiator (only) retransmits/aborts for reliability- Not necessarily client/server! But usually Initiator is client.
VPN(IPSEC)
![Page 25: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/25.jpg)
VPN(IPSEC)
Introduction to IKE(2/2)
Two phases
1st phase: setup ISAKMP SA (Internet Security Association and Key Management Protocol)
- Algorithms, keys, etc. – to be used by IKE (not AH/ESP!)- Perfect forward secrecy (PFS): exposure of all keys does not
expose past traffic [using Diffie- Helman]
2nd phase: Generate IP-Sec SA- Protected using the ISAKMP SA- Many 2nd phases may share ISAKMP SA (1st phase)E.g. one 1st phase for gateways, then many 2nd phase for eachpair of hosts using these gateways
- More efficient than 1st phase; PFS optional
![Page 26: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/26.jpg)
VPN - Implementation
1. Kernel IPSEC SupportLinux Kernel > 2.5.47
2. Package InstallUser-land tool : set-keyIKE tool : racoon(ipsec-tools)
![Page 27: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/27.jpg)
VPN - Implementation
• Turn on/Verify the following features in Kernel 2.6.x
Networking support (NET) [Y/n/?] y** Networking options* PF_KEY sockets (NET_KEY) [Y/n/m/?] y
IP: AH transformation (INET_AH) [Y/n/m/?] yIP: ESP transformation (INET_ESP) [Y/n/m/?] yIP: IPsec user configuration interface (XFRM_USER) [Y/n/m/?] y
Cryptographic API (CRYPTO) [Y/n/?] yHMAC support (CRYPTO_HMAC) [Y/n/?] yNull algorithms (CRYPTO_NULL) [Y/n/m/?] yMD5 digest algorithm (CRYPTO_MD5) [Y/n/m/?] ySHA1 digest algorithm (CRYPTO_SHA1) [Y/n/m/?] yDES and Triple DES EDE cipher algorithms (CRYPTO_DES) [Y/n/m/?] yAES cipher algorithms (CRYPTO_AES) [Y/n/m/?] y
![Page 28: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/28.jpg)
• SSL (Secure Socket Layer)– 배경 : 1993년 웹 서버와 브라우저간의 안전한 통신을 위해 Netscape 社에 의해 개발
– 특징 : 세션계층에서 적용되며, 응용계층의 FTP, TELNET, HTTP등의 프로토콜의 안전성 보장
– 서버 인증, 클라이언트 인증, 기밀성 보장– 현황 및 전망 : 현재 많은 전자 쇼핑 몰 업체에서 채택, 운영
• TLS (Transport Layer Security)– 배경 : SSL 3.0 이 표준화된 이후 IETF는 1996년 6월부터 TLS 프로토콜
에 대한 표준화 (SSLv3.1)– Backward compatible with SSLv3– 특징 : SSL 3.0을 기반으로 한 업그레이드 프로토콜– 현황 및 전망 : 현재 TLS 1.2 발표, 지속적 개발 예상
SSL / TLS
![Page 29: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/29.jpg)
SSL / TLS
SSL / TLS 의 기능
• 서버 인증 기능– 사용자는 서버의 신원을 확인– 서버의 certificate 와 public ID가 정당 확인– 클라이언트의 신뢰 된 인증 기관들의 목록에 서버의 인증 기관이 포
함되었는지를 확인 (표준 공개키 암호화 기술을 사용)
• 클라이언트 인증– 서버는 클라이언트의 신원을 확인– 클라이언트의 certificate 와 public ID가 정당 확인– 서버의 신뢰 된 인증기관 들의 목록에 클라이언트의 인증 기관이 포
함되었는지를 확인 (표준 공개키 암호화 기술을 사용)
• 암호화된 SSL 연결– 클라이언트와 서버 사이에 송/수신 되는 모든 정보는 암호화/복호화
+ 무결성 보장
![Page 30: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/30.jpg)
SSL / TLS
SSL Architecture
![Page 31: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/31.jpg)
• Handshake 프로토콜– 서버와 클라이언트간의 상호인증을 수행하고, 사용할 키 교환 방식,
대칭키 암호 방식, HMAC 방식, 압축방식 등의 보안속성을 협상
• Change Cipher Spec 프로토콜– Handshake 프로토콜에 의해 협상된 압축, MAC, 암호화 방식 등이
이후부터 적용됨을 상대방에게 알림
• Alert 프로토콜– 세션의 종료 또는 오류 발생시 이를 상대방에게 알림
• Record 프로토콜– 상위계층 메시지들이 보안성이 유지되며 전송될 수 있도록 하기 위
하여, 메시지 분할, 압축, 메시지 인증, 암호화 등의 작업을 수행
SSL / TLS
![Page 32: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/32.jpg)
SSL / TLS
SSL Record protocol
![Page 33: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/33.jpg)
SSL Record protocol
▣ Confidentiality◈using symmetric encryption with a shared secret key defined by
Handshake Protocol◈ IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128◈message is compressed before encryption
▣ Message integrity◈using a MAC with shared secret key◈similar to HMAC but with different padding
SSL / TLS
![Page 34: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/34.jpg)
SSL / TLS
• Fragmentation– 2^14bytes(16384bytes) or less
• Compression– Optional, lossless– No compression in SSLv3, TLS
• MAC
• Encryption– IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128
hash ( MAC_write_secret pad_2hash( =MAC_write_secret pad_1 seq_num SSLCompressed.type
SSLCompressed.length SSLCompressed.fragment) )
![Page 35: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/35.jpg)
SSL HandShake
1 ClientHello
7 Certificate
8 ClientKeyExchange
9 CertificateVerify
10 ChangeCipherSpec
11 Finished
6ServerHelloDone
13Finished
2ServerHello
3Certificate
4ServerKeyExchange
5CertificateRequest
ChangeCipherSpec 12
클
라
이
언
트
서
버
Note: Optional or situation-dependent messages that are not always sent
![Page 36: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/36.jpg)
Openssl www.openssl.org Build
download latest openssl package (v1.0.1c – 2012.5.10)
compile package./configmakemake testmake install
RootCA 생성
SSL/TLS - Implementation
![Page 37: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/37.jpg)
IDS(Intrusion Detection System) IPS(Intrusion Prevention System) L2 ~ L7 pattern matching
IDS/IPS
IPS
![Page 38: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/38.jpg)
Pattern Matching Regular Expression
| : gray | grey? : colou?r matches both "color" and "colour“* : ab*c matches "ac", "abc", "abbc", "abbbc", …..+ : ab+c matches "abc", "abbc", "abbbc", ….,
but not "ac".
DFA(Deterministic Finite Automaton) NFA(Nondeterministic Finite Automaton) PCRE(Perl Compatible Regular Expression) HFA(Hyper Finite Automaton)
IDS/IPS
![Page 39: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/39.jpg)
Snortwww.snort.orglatest version : 2.9.3.1 (2012.8)
IDS/IPS - Implementaion
![Page 40: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/40.jpg)
Output Plug-ins
Output to log file, console etc
Detection Engine
Detection Plug-insReferences
Preprocessors
Decoder
Packet Capture Module
Packets from wire
Output Notification
Host
SnortRunning
OnSystem
Rule Storage
SnortXL Output Agent SnortXL Input Agent
Rules etc.
Packet Out Module
Packets back on the wire
(for IPS only)
IDS/IPS - Implementaion
Architecture
![Page 41: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/41.jpg)
Security Services
![Page 42: Security Implementation : Products and Servicesocw.dongguk.edu/contents/2013/2013222111152/pdf2013222111152.pdfSecurity Vulnerability Definition weakness in a product that could allow](https://reader033.fdocument.pub/reader033/viewer/2022050102/5f4144dc8f305e4f253fea0d/html5/thumbnails/42.jpg)
Security Services
Security Consulting Service 모의 해킹, 보안 점검, Consulting
Security Monitoring/Management Remote Security, Network Monotoring/Management
Patch Management Windows patch Virus patch Software patch
Training