Transcript Lecture11
INTERNET Security COMPUTER, NETWORK & INTERNET SECURITY Cryptography & Secure Transactions Cryptography Encrypt before sending, decrypt on receiving (plain text and cipher text) Cryptography & Secure Transactions Cryptography All cryptosystems are based only on three Cryptographic Algorithms: Message Digest (MD2-4-5, SHA, SHA-1, …) Maps variable length plaintext into fixed length ciphertext No key usage, computationally infeasible to recover the plaintext Private KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …) Encrypt and decrypt messages by using the same Secret Key PUBLIC KEY (DSA, RSA, …) Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together) Cryptography & Secure Transactions Cryptography Two components: key, and the algorithm Algorithms are publicly known and Secrecy is in the Key Key distribution must be secure Plaintext Hello World Encryption Key Ciphertext &$*£(“!273 Decryption Key Plaintext Hello World Cryptography & Secure Transactions Cryptography Symmetric Key Cryptography (DES, Triple DES, RC4): KE = KD Asymmetric Key Cryptography (RSA): KE KD Cryptography & Secure Transactions Private Key Cryptography The Sender and Receiver share the same Key which is private Plaintext Encryption Ciphertext Sender/Receiver’s Private Key Decryption Plaintext Sender/Receiver’s Private Key Cryptography & Secure Transactions Public Key Cryptography Both the Sender and Receiver have their Private Key and Public Key Messages are encrypted using receiver’s Public Key and the receiver decrypts it using his/her Private Key Plaintext Encryption Ciphertext Receiver’s Public Key Decryption Plaintext Receiver’s Private Key Cryptography & Secure Transactions Digital Signature Message Digest Algorithm Hash Function Digest Private Key Message Digest Algorithm Hash Function Public Key Encryption Decryption Signature Expected Digest Actual Digest Cryptography & Secure Transactions Digital Certificate Secure HTTP (HTTPS) communication is done using Public Key Cryptography The public Keys are distributed using Digital Certificates Digital Certificates contain the Public Key and is digitally signed by a trusted Certificate Authority (CA) like Verisign or Thawte Cryptography & Secure Transactions Digital Certificate CERTIFICATE Issuer Subject Subject Public Key Issuer Digital Signature Cryptography & Secure Transactions SET Architecture End User Credit Card Company Web Site Payment Gateway QUESTIONS? INTERNET Security INTERNET Security Threats Hacking DoS Reconnaissance Malware Mail SPAM Phishing Botnets INTERNET Security Hacking Unauthorized Access: From a small few thousand Rupees fraud using somebody’s Credit Card to Bringing down the economy by hacking into share market online trading servers Intruders will take advantage of hidden features or bugs to gain access to the system. Common types of Hacking attacks include: Buffer Overflow attack to get root access SSH Dictionary attack to get root access Defacing website using apache vulnerabilities Installing malicious codes INTERNET Security DoS Denial of Service (DoS) attempts to collapse the service or resource to deny access to anyone. Common types of DoS attacks: ICMP Flooding TCP SYN Flooding UDP Flooding Distributed Denial Of Service Attacks (DDOS) can be defined as a denial of service attack with several sources distributed along the Internet that focuses on the same target. INTERNET Security Reconnaissance Reconnaissance attacks include Ping Sweeps DNS zone transfers TCP or UDP port scans Indexing of public web servers to find cgi holes INTERNET Security Malware The Wikipedia definition of Malware is: “Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a blend of the words “malicious” and “software”. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.” Different types of Malware are Viruses, Worms, Trojan Horses, Adwares, Spywares and any other malicious and unwanted software. INTERNET Security Malware: Virus A computer virus is a self-replicating Computer Program written to alter the way a computer operates, without the permission or knowledge of the user. It can damage the computer by damaging programs, deleting files, or reformatting the hard disk. It is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce by attaching to other programs and wreak havoc. Viruses usually need human action to replicate and spread. INTERNET Security Malware: Worms A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other systems and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer. Today, worms are most commonly written for the Windows OS, although a small number are also written for Linux and Unix systems. Worms work in the same basic way: they scan the network for computers with vulnerable network services, break in to those computers, and copy themselves over. INTERNET Security Malware: Trojan A Trojan horse is a malicious program that is disguised as or embedded within legitimate software. Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. The payload may take effect immediately and can lead to many undesirable effects, such as deleting all the user's files, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals. INTERNET Security Malware: Spyware Spyware is a general term used for software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent. Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information. Other kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash. There are a number of ways spyware or other unwanted software can get on your system. A common trick is to covertly install the software during the installation of other software you want such as a music or video file sharing program. INTERNET Security Mail Spam Email that has been unsolicited, with no meaningful content to the receiver – Advertising – Research – Fraud / Schemes – Viruses (40% email is spam) Spam are generated using – Open Mail Relays – Spammer Viruses & Trojans – Botnets INTERNET Security Phishing Scam to steal valuable information such as credit cards, social security numbers, user IDs and passwords. Official-looking e-mail sent to potential victims Pretends to be from their ISP, retail store, etc., Due to internal accounting errors or some other pretext, certain information must be updated to continue the service. Link in e-mail message directs the user to a Web page Asks for financial information Page looks genuine Easy to fake valid Web site Any HTML page on the real Web can be copied and modified The location of the page is changed regularly INTERNET Security Botnets Bots are compromised machines which executing malicious codes installed in them A botnet is a computers—bots collection of are compromised They have become the major sources of Spam, Malwares, DoS attacks etc. QUESTIONS? INTERNET Security Prevention Techniques Some of the prevention tools include: Network Firewall Host Firewall IDS/IPS Mail Antispam and Antivirus Appliances UTM Appliances Application and OS Hardening Firewall Firewall Basic Setup Internet Application Web Server Database Firewall Firewall Firewall Rules IP Address of Source (Allow from Trusted Sources) IP Address of Destinations) Destination (Allow to trusted Application Port Number (Allow Mail but restrict Telnet) Direction of Traffic (Allow outgoing traffic but restrict incoming traffic) Linux Security Firewall Rules To allow incoming and outgoing SMTP traffic: Direction 1. outbound 2. inbound 3. inbound 4. outbound 5. * Prot TCP TCP TCP TCP * Src Dest Addr Addr internal external external internal external internal internal external * * Dest Port 25 >=1024 25 >=1024 * Src Port >=1024 25 >=1024 25 * Action allow allow allow allow deny Firewall Firewall Implementation Hardware Firewall: Dedicated Hardware Box (Cisco PIX, Netscreen ) Software Firewall: Installable (Checkpoint) on a Server Host OSs (Windows XP/Linux) also provide software firewall features to protect the host Linux Security LINUX Firewall Use GUI (Applications ->System Settings-> Security Level) to activate the firewall Allow standard services and any specific port based application All other services and ports are blocked Linux Security LINUX Firewall IDS/IPS IDS An intrusion detection system is used to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. It detects network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms). IDS/IPS IDS/IPS – What They Will Do IDS/IPS use intrusion signatures to identify the intrusion. Detect and Block Network and Application Scans Against a Network - Powerful Capability in Anticipating an Attack Block Nearly all Forms of Denial of Service Attacks in Real Time Completely Stop Brute Force, Password Cracks, Dictionary Attacks, etc. Block Virus & Worm Propagation Provide URL filtering and block Spyware IDS/IPS Antispam Firewall Antispam Techniques include DNS Black List DNS Reverse Lookup (PTR) check Subject & Body content SMTP Callback Rate Limiting Personal Whitelist and Blacklist UTM UTM UTM incorporates firewall, intrusion detection and prevention, Anti Spam and Anti Virus in one highperformance appliance Host Hardening Host Hardening Web application hardening Outbound filtering Host hardening Application and OS Patching QUESTIONS? INTERNET Security WLAN Security INTERNET Security WLAN Security WLANs create a new set of security threats to enterprise networks such as – Sniffing – Rogue APs – Mis-configured APs – Soft APs – MAC Spoofing – Honeypot APs – DoS – Ad hoc Networks INTERNET Security WLAN Security Techniques used to secure WLANs include – Do not broadcast SSID, – Use encryption (WEP, 802.1x) – Use WLAN Firewalls INTERNET Security WLAN Firewall QUESTIONS?