Explore
For Enterprise
Join for Free
Log In

artes y humanidades
Negocios
Ciencias de la Computación
Ciencia de Datos
Tecnología de información
salud
Matemáticas y Lógica
Desarrollo Personal
Ciencias Físicas e Ingeniería
Ciencias sociales
Aprendizaje de un idioma
Títulos y certificados

Explorar todo lo que Coursera tiene para ofrecer

Explorar
Buscar
For Enterprise
Inicia Sesión
Únete de forma gratuita

SYN Packets for Access Control

Loading...

Real-Time Cyber Threat Detection and Mitigation

New York University Tandon School of Engineering

4.7 (208 calificaciones) | 3.7K estudiantes inscritos

Curso 3 de 4 en Introduction to Cyber Security Programa Especializado

This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets. Perimeter solutions such as firewalls and intrusion prevention systems are shown to have significant drawbacks in common enterprise environments. The result of such weakness is shown to often exist as advanced persistent threats (APTs) from nation-state actors. Such attacks, as well as DDOS and third-party attacks, are shown to have potential solutions for modern enterprise.

Revisiones

4.7 (208 calificaciones)

5 stars
151 ratings
4 stars
53 ratings
3 stars
3 ratings
1 star
1 ratings

S

Oct 11, 2018

i think it was an excellent and very helpful cousre and a big thankyou for the instructor for his hardwork

BT

Dec 30, 2018

Very good course to start with for Real-Time Cyber Threat Detection and Mitigation.

De la lección

Basic Network Security

This module introduces the basics of TCP/IP for security, including firewall design and use.

Introduction: What You Will Learn from This Course on Cyber Security1:51

Assignments and Reading2:23

Security Through Obscurity4:54

TCP/IP Evolution and Security6:06

TCP/IP Overview8:17

IP Spoofing5:57

TCP Sequence Number Attack5:36

Packet Flooding5:04

Packet Sniffing5:54

SYN Packets for Access Control5:13

Definition of a Firewall5:51

Firewall: Stateful versus Stateless5:28

Interview: John Viega8:36

Impartido por:

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC

Hi, folks. Ed Amoroso here.

If you've been watching these videos,

you may remember one of the videos that you may have seen.

I talked about something called a reference monitor concept.

I'll sort of repeat it here because it's kind of important to

understanding where we're going here

from a technology perspective and that's toward firewalls.

The idea of reference monitor,

introduced in the 1970s by James Anderson,

is that Alice wants to do something with Bob and I put this thing in

the middle that's going to watch what's being

requested and make a decision about whether it's allowed or not.

Really simple, but it's so fundamental to the way computer security works,

cyber security works, that it's worth repeating.

So, take that concept and now,

let's take what we understand about TCP/IP and let's think about

the three-step handshake that we have between Alice and Bob to set up a session.

Alice goes, "Hey, here's a SYN packet."

Bob goes, "Hey, here's a SYN ACK." Alice goes, "Hey, here's ACK."

Now, that first packet,

the first initiating packet,

the SYN, it turns out that in TCP,

we got really lucky in the way that thing was designed.

I'm not entirely sure that, Cerf and Kahn,

the two inventors, were thinking security when they did this. I doubt it.

But they were certainly thinking about

establishment of a session and what they decided was,

the first packet in that TCP sequence would have the ACK Bit set to zero.

All subsequent packets going back and forth including all data transfer,

the ACK that would be set to one. How cool is that?

So, what that allows you to do is you can put a little piece of equipment,

think of it as equipment,

it's not going to be equipment but think of it as equipment,

sitting there between Alice and Bob,

and all it's doing is watching packets command

and looking at the ACK Bit and saying, ACK Bit zero.

And if it is, you go, "Oh, wait.

Wait, wait, wait. Hold on.

ACK Bit zero. Hey, everybody.

Somebody is trying to do something here.

Now let's look at the full five-tuple.

It's coming from here.

Go in there. We good with that?

Okay. It's this source port going to this destination port?

Are we good with that? All right.

As protocol, everybody good with that? Everybody's good with it.

Okay, we allow it to proceed."

And what's going to then happen is this SYN ACK and the ACK and so on.

But if that at ACK Bit set to zero that packet hits, and we decide,

for whatever reason, that we're going to drop the packet,

the session never happens.

Bob never gets the phone call,

never gets the connection, never gets the packet.

Do you see how powerful that is?

And that in essence is the embryonic beginnings,

the embryonic birth, of a firewall.

That comes from that.

You probably like, "Oh, firewall.

No big deal. We put this thing in between."

But that's where it starts.

They get packet hits and you know that, all right,

it's going to port 80 and it's coming from a source port greater

than 1023 from an internet address to one of my addresses.

Oh, I see.

Somebody's trying to surf my website.

We good with that? Yeah, it's all ideas why we have a website. Come on in.

But if it's some other port, let's say,

it's port 23, that's an old one.

We see this protocol tool called Telenet,

where you log on to somebody's computer.

Nobody's going to let you do that now.

So now, I see, why it is on port 23?

You go, "Wait. Hold on a minute.

What, are you kidding me?

Destination, port 23? What do you think,

I was born yesterday?

Forget it. No way are you going to tell that on to my machine."

Boom, drop. You get the idea?

Just using that one packet,

we can make some pretty powerful decisions.

Now, to test your understanding here,

this little bit, we got a little test quiz.

So the answer is A, if you do that, there's no session.

The way TCP/IP works is that if you're not expecting something,

and a packet hits with the ACK Bit one,

you discard it, or whatever.

It depends on the implementation.

You'd like to think that your router is set up to do that.

And as we get into firewall design and security design,

you'll see we'll be watching for weird, stray things,

and making sure we have rules in place to catch stray garbage that may be coming at you.

So in a modern design,

you wouldn't get away with that.

And even if you did, you wouldn't be able to set up a session.

So I hope this has been useful.

I hope you got a good understanding of how that

ACK Bit has been so useful for firewall designers for many years.

We'll explore this more in subsequent videos. I'll see you on the next one.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.

© 2019 Coursera Inc. Todos los derechos reservados.

Descargar en la App Store

Consíguelo en Google Play

Coursera
Acerca de
Liderazgo
Empleo
Catálogo
Certificados
Certificados MasterTrack™
Grados
For Enterprise
For Government

Comunidad
Learners
Partners
Developers
Beta Testers
Translators

Conectar
Blog
Facebook
LinkedIn
Twitter
Instagram
Youtube
Blog de Tecnología

Más
Términos
Privacidad
Ayuda
Accesibilidad
Prensa
Contacto
Directorio
Afiliados