Transcript - Bilal A. Bajwa

Information Technology in Theory
By Pelin Aksoy and Laura DeNardis
Chapter 15
Network Security
Objectives
• Understand the main types of network security threats,
including denial-of-service attacks, viruses, worms,
identity theft, and password theft
• Examine why critical infrastructure attacks are a concern
in the current economic and political context
• Understand how to significantly reduce the risk of attacks
through basic security approaches like firewalls, access
control software, and encryption
Information Technology in Theory
2
Objectives (continued)
• Distinguish between packet filtering and stateful inspection
and application proxy firewall approaches
• Learn about public key cryptography
• Become familiar with advanced security techniques such
as digital signatures and biometric identification
Information Technology in Theory
3
Understanding the Threats
• Morris Worm
– The first highly publicized network security
problem
– 1988
• Network security breaches are still a daily
occurrence
• The annual costs of preventing attacks and
implementing reparative security measures is
massive
Information Technology in Theory
4
CERT
•
•
•
•
•
•
Respond to problems
Report incidents
Research security technologies
Educate users about security
Homeland security
International CERTs
Information Technology in Theory
5
Who is a threat?
•
•
•
•
•
Hackers
Spammers
Rogue employees
Corporate or national spies
Cyberterrorists
Information Technology in Theory
6
Cyberterrorism
• A terrorist attack could employ a variety of tactics
to disrupt or disable networks for hours, days, or
even weeks
–
–
–
–
–
–
–
Financial systems
Airline reservation systems
Stock market networks
ATMs
Power grid
Water systems
Air traffic control
Information Technology in Theory
7
Types of Attacks
•
•
•
•
•
•
Viruses and worms
Denial-of-service attacks
Identity and password theft
Data interception and modification
Bandwidth piracy
Critical infrastructure attacks
Information Technology in Theory
8
Viruses
• Like biological viruses spread among people,
computer viruses propagate from computer to
computer
• A virus is malicious code embedded within a
seemingly legitimate program that only becomes
active when the program is executed
• For example, a file attached to an e-mail may
actually be a virus that executes when the file
downloads or the user double-clicks the link
Information Technology in Theory
9
Worms
• Self-propagating and self-replicating
• Autonomous—once unleashed, replicate without
any action on the part of users
• Exploit existing vulnerabilities, or security holes
• Modify files, launch coordinated attacks that flood
a target computer with messages, or simply
overwhelm a network with debilitating amounts of
traffic
Information Technology in Theory
10
Social Engineering
• Hoax viruses use social engineering techniques to
make users take some action that simulates the
actual effects of a virus
• For example, virus hoaxes warn users that opening
any message with a certain phrase in the title
would erase the users’ hard drives
• The effect of a hoax is thousands and thousands of
users forwarding the e-mail warning, similar to the
effects of a real worm
Information Technology in Theory
11
Denial-of-Service Attack
• Floods a targeted computer with so many requests
that it cripples functionality
• Easy to perpetrate and hard to prevent
• If a Web site receives too many requests, it will
not be available for other users who want access
• Consumes bandwidth and system resources
• Does not require a hacker to gain unauthorized
access, but simply overwhelms a system with
requests
Information Technology in Theory
12
Distributed Denial-of-Service Attack
Information Technology in Theory
13
Identity and Password Theft
• Hacker technique of assuming the identity of an
authorized network user, often by obtaining a
network or system password
• Hackers obtain passwords in a variety of ways:
– Trash cans, snooping
– Solicit from help desk
– Software tools
Information Technology in Theory
14
Password Interception
Information Technology in Theory
15
Data Interception & Modification
• Wire-based systems that use fiber-optic, coaxial,
or twisted pair cable are susceptible to such
attacks
• Wireless networks are especially vulnerable
• The act of accessing unsecured wireless LAN
transmissions is known as Wi-Fi sniffing
Information Technology in Theory
16
Data Interception
Unencrypted wireless transmission is a security problem
Information Technology in Theory
17
Bandwidth Piracy
• Hackers use Wi-Fi sniffing equipment to intercept
information and to gain free access to the Internet
through wireless LANs and other unsecured
networks
• Because wireless access points are so easy and
inexpensive to establish, people set them up
outside the purview of technical administrators
• These ad hoc arrangements are known as rogue
access points
Information Technology in Theory
18
Critical Infrastructure Attacks
•
•
•
•
•
•
•
The Internet’s DNS
Power grids
Telecommunications systems
Cell phone networks
Internet infrastructure
Stock market networks
ATM networks
Information Technology in Theory
19
Network Security Strategies
• Privacy
• Access control
• Authentication
Information Technology in Theory
20
Privacy
• The most effective method of protecting the
privacy of network information is encryption
– The scrambling of data prior to transmission
over a shared or vulnerable network
• One benefit of digital technology is the ease and
effectiveness of applying encryption algorithms
that scramble 0s and 1s, as opposed to scrambling
frequencies in analog transmissions
Information Technology in Theory
21
Encryption
• To encrypt data, a transmitting computer
mathematically manipulates data according to a
predetermined algorithm called a cipher
• If someone accesses this encrypted data during
transmission, the message will be unreadable
• Once the data reaches its destination, a receiving
computer can unscramble it; in other words, the
computer can decrypt the data
Information Technology in Theory
22
Simplified Encryption Example
Information Technology in Theory
23
Public Key Encryption
Information Technology in Theory
24
Generating an Encrypted Message
Information Technology in Theory
25
Access Control
• Physical security
• Passwords
• Firewalls
Information Technology in Theory
26
Firewall
• An access control device
• Installed between a secure private network and a
nonsecure public network to regulate access to and
from the private network
• Can be implemented in hardware or software
• Users can configure access control requirements
that must be met before the firewall will permit
access to a network or system
Information Technology in Theory
27
Function of a Network Firewall
Information Technology in Theory
28
Typical Firewall Implemenation
Information Technology in Theory
29
Packet Filtering
• One way that firewalls can restrict access is
through packet inspection
• Intercepts packets and inspects header contents,
including the source IP address, destination IP
address, source port, and destination port
• The firewall then either permits or blocks the
packet from entering the network
• One downside: firewall must inspect every packet
that traverses it
Information Technology in Theory
30
Stateful Packet Filtering
• A more intelligent form of packet filtering that
notes when an incoming response is expected after
an outgoing request is made
• The stateful packet filtering firewall knows to
expect traffic transmitted from a certain IP address
or port, and can allow this traffic to go through
• If an unexpected packet arrives and indicates that
it is a response to an outgoing solicitation, the
firewall knows to block this traffic if no such state
exists
Information Technology in Theory
31
Network Address Translation
• Firewall converts the IP address of every outgoing
packet into a shared IP address before the traffic is
sent over a network
• Prevents bidirectional transmission
– Only connections that are initiated on a local,
private network are established
– Any communication that originates on a public
network is stopped by the NAT firewall, which
automatically prevents malicious attacks like
worms from entering the protected network
Information Technology in Theory
32
Application Proxy Firewalls
• The most complex type of firewall is the
application proxy firewall
• Filters information based on the application data
itself
• Rather than filtering packets based on allowing or
denying HTTP traffic, an application firewall
looks at the application content and distinguishes
between normal and unexpected HTTP traffic
Information Technology in Theory
33
Password Strategies
• Sample guidelines for strong passwords
– At least eight characters long
– Include letters and numbers
– Include uppercase and lowercase letters
– Incorporate characters like &, $, and *
– Not the same as user’s ID
– Not anyone’s name, birthday, address, or Social
Security number
Information Technology in Theory
34
User ID and Password
Information Technology in Theory
35
Physical Security
• An important and sometimes overlooked form of
access control
• Many security breaches involve insiders within a
company, organization, university, or home
• Routine physical safeguards include door locks for
rooms that house servers and network equipment
(including wiring closets), and providing adequate
building security
Information Technology in Theory
36
Physical Security (continued)
Server racks in a controlled environment
Information Technology in Theory
37
Authentication
• The process of verifying a person’s identity before
allowing network access
• Besides passwords and personal identification
numbers, authentication methods include:
– “Token-based” authentication
– Biometric identification
– Digital signatures
Information Technology in Theory
38
Token-Based Authentication
• Requires a computer user to physically hold a
device called a token
– Matchbook-sized device with a liquid crystal
display that provides a one-time password for
gaining network access
• User enters the access number displayed by the
token
• Number changes approximately every 10 seconds,
and is completely synchronized with the network
Information Technology in Theory
39
Token-Based Authentication
(continued)
Information Technology in Theory
40
Biometric Identifiers
• Biometrics can identify any of a person’s unique
physical characteristics:
–
–
–
–
–
–
Fingerprints
Facial features
Voice patterns
Retinal patterns
Iris recognition
DNA
Information Technology in Theory
41
Biometric Identifiers (continued)
Information Technology in Theory
42
Biometric Identifiers (continued)
Information Technology in Theory
43
Biometric Identifiers (continued)
Information Technology in Theory
44
Biometric Identifiers (continued)
Information Technology in Theory
45
Digital Signatures
• Reversal of public key encryption
• A sender encrypts information using its private
key and transmits the information over a network
to its intended destination
• Once the data is received, the destination device
looks up the sender’s public key and uses it to
decrypt the message
• If this decryption is successful, the data is verified
as having originated with the presumptive sender
Information Technology in Theory
46
Summary
• In the United States, the Department of Homeland Security
tracks security incidents, publicizes security
vulnerabilities, and provides information about necessary
software patches and upgrades at its US-CERT Web site,
www.us-cert.gov
• The people and organizations that attack networks
generally fall into the following categories: hackers,
spammers, rogue employees, corporate spies, and
cyberterrorists
• A virus is malicious code embedded in a seemingly
legitimate program; it becomes active only when a user
executes the legitimate program
Information Technology in Theory
47
Summary (continued)
• A worm is an autonomous, self-propagating, and selfreplicating program that exploits existing security
vulnerabilities to perpetrate attacks, such as erasing files,
modifying files, or overwhelming a system
• In a distributed denial-of-service attack, numerous
computer systems—some of them unwittingly—flood a
targeted computer with an overwhelming and crippling
number of requests
• Other types of common security attacks include identity
and password theft, data interception and modification,
bandwidth piracy, and critical infrastructure attacks
Information Technology in Theory
48
Summary (continued)
• Three important categories of security strategies include
access control, authentication, and privacy
• Important techniques for ensuring information privacy
over a network include encryption approaches such as SSL
and 802.11i
• Various types of firewalls provide access control between
a public and private network, including packet-filtering
firewalls, stateful packet-filtering firewalls, and
application-level firewalls
• Authentication is the process of ensuring that a person or
system is who it claims to be; authentication is
accomplished via passwords, token-based authentication,
digital signatures, and biometric identification
Information Technology in Theory
49