Home | Computer Security | Fun | About Vikram Phatak | Contact   Introduction: The Transmission Control Protocol/Internet Protocol (TCP/IP) suite was developed in the late 1960's under the purview of the US Department of Defense in order for machines to communicate with each other using standard rules. TCP/IP is an open standard and therefore characterized by the absence of any formal specifications. All TCP/IP specifications are available in the form of RFC's (Request for Comment). In spite of its serious security flaws it is still the most widely used protocol. It is therefore essential to understand the fundamentals of the TCP/IP protocol and its inherent flaws as a part of security analysis. Until recently, firewalls were considered to be the sole guardians of the network. Firewalls were designed with two things in mind, access control and checking for protocol integrity. It was later realized that Firewalls were very good at protecting against exploits targeting the weaknesses in the protocols and controlling access to the network but were almost ineffective against attacks targeting the applications. Since firewalls did not attempt to read the contents of the packet, they had absolutely no control on what flowed in and out of the network through the data packets. Hackers quickly seized the upper hand by changing their tactics. They soon developed sophisticated tools and methodologies, to exploit the flaws in applications that were left open to the Internet (like web, mail, and DNS). There was a two-fold approach to these attacks: First was exploiting the flaws in the application to gain trusted/privileged access within a computer's Operating System, and then attack other network resources "from the inside". These new attacks create a need for security devices that do in-depth (application layer) packet analysis that takes over where the firewall leaves off. The analysis needs to inspect the payload of the application specific traffic in addition to validating adherence to protocol standards. Intrusion Detection systems do in-depth packet analysis and IDS technology has been around since the eighties. Intrusion Detection has several limitations, however, that make it an impractical solution without significant improvement to the current state of the art. This site will dive into the various aspects of networking and network security including TCP/IP, firewalls, intrusion detection, intrusion prevention, extrusion prevention, web application firewalls, content filtering, and vulnerability assessment tools. The goal is to shed some light on what the different security devices protect against, how they operate, and the benefits and limitations of each.   Computer Security Home The OSI and the TCP/IP Layers TCP IP Network & Application Layer Attacks     Network Layer DoS         Syn Flood         Ack Flood         RESET Attack         FIN Attack         Teardrop Attack     IP Spoofing         Predicting TCP Sequence Numbers     Application Layer Attacks         Buffer Overflows         Trojans         Backdoors         Cross-site Scripting         CGI abuses Firewalls     Packet Filters     Proxy Firewalls         Circuit Level Proxies         Application Level Proxies     Stateful Inspection Firewalls   Limitations of Firewalls Intrusion Detection and Prevention Systems     Signature Based     Anomaly Based         Statistical Anomaly Based         Protocol Anomaly Based     Host Based IDS (HIDS)     Network Based IDS (NIDS)         Protocol Anomaly Based NIDS         Signature Based NIDS Web Application Firewalls Vulnerability Assesment     Host Based Scanner     Network Based Scanner     Web Application Vulnerability Scanner Content Filters Encryption Conclusion Copyright © 2006 Vikram Phatak. All rights reserved.