Transcript Chapter 10

Chapter 10
Network Security
Introduction
• Look at:
– Principles of Security (10.1)
– Threats (10.2)
– Encryption and Decryption (10.3)
– Firewalls (10.4)
Introduction
• Look at:
– IP Security (IPSec) (10.5)
– Web Security (10.6)
– E-mail Security (10.7)
– Best Internet Security Practices (10.8)
Principles of Security
• The concept of security within the network
environment includes:
–
–
–
–
–
–
All aspects of operating systems
Software packages
Hardware
Networking configurations
Network sharing connectivity
Physical security is also linked to IT security
Principles of Security
• Security is not just a policy or a plan
• It is a mindset
• You must properly train and cultivate
employees to be security aware
• Remember that your network is only as
strong as its weakest link, which is
usually a human being
Threats
• Humans pose probably the greatest threat to
a network because their behavior cannot be
controlled
• Because an environment can’t be made
completely threat-proof, you must be
constantly attentive to be sure that it is as
secure as possible
• The first step to sound security is establishing
a security policy
Threats
• A back door is a program that allows access
to a system without using security checks
• Programmers will put back doors in programs
so they can debug and change code during
test deployments of software
• A back door can also be installed through
applications that are hidden inside of games
or software such as screen savers
• Another type of back door comes in the form
of a privileged user account
Threats
• Brute force is a term used to describe a way
of cracking a cryptographic key or password
• It involves systematically trying every
conceivable combination until a password is
found, or until all possible combinations have
been exhausted
• Brute force is a method of pure guessing
• Password complexity plays an important role
when dealing with brute force programs
• The more complex the password, the longer it
takes to crack
Threats
• The most popular attacks are buffer overflow
attacks
• More data is sent to a computer’s memory
buffer than it is able to handle causing it to
overflow
• The system is left in a vulnerable state or
arbitrary code can be executed
• Buffer overflows are probably the most
common way to cause disruption of service
and lost data
Threats
• The purpose of a denial of service (DoS)
attack is to disrupt the resources or services
that a user would expect to have access to
• These types of attacks are executed by
manipulating protocols and can happen
without the need to be validated by the
network
• Many of the tools used to produce this type of
attack are readily available on the Internet
Threats
• The man-in-the-middle attack takes place
when an attacker intercepts traffic and then
tricks the parties at both ends into believing
that they are communicating with each other
• The attacker can also choose to alter the
data or merely eavesdrop and pass it along
• A man-in-the-middle attack can be compared
to inserting a receptive box between two
people having a conversation
• This attack is common in Telnet and wireless
technologies
Threats
• Session hijacking is a term given to an attack
that takes control of a session between the
server and a client
• A hijacker waits until the authentication cycle
is completed and then generates a signal to
the client
• This causes the client to think it has been
disconnected
• Then the hijacker begins to transact data
traffic, pretending to be the original client
Threats
• Spoofing is making data appear to come from
somewhere other than where it really
originated
• This is accomplished by modifying the source
address of traffic or source of information
• Spoofing bypasses IP address filters by
setting up a connection from a client and
using an IP address that is allowed through
the filter
Threats
• Social engineering plays on human behavior
and how we interact with one another
• The attack doesn’t feel like an attack at all
• We teach our employees to be customer
service oriented so often they think they are
being helpful and doing the right thing
• Each attack plays on human behavior and
our willingness to help and trust others
Threats
• Software exploitation is a method of
searching for specific problems,
weaknesses, or security holes in
software code
• Improperly programmed software can
be exploited
• It takes advantage of a program’s
flawed code
Threats
• A program or piece of code that is loaded
onto your computer without your knowledge
is a virus
• It is designed to attach itself to other code
and replicate
• It replicates when an infected file is executed
or launched
• It attaches to other files, adding its code to
the application’s code and continues to
spread
Threats
• Trojan horses are programs disguised as
useful applications
• Trojan horses do not replicate themselves like
viruses but they can be just as destructive
• Code hidden inside the application can attack
your system directly or allow the system to be
compromised by the code’s originator
• It is typically hidden so its ability to spread is
dependent on the popularity of the software
and a user’s willingness to download and
install the software
Threats
• Worms are similar in function and behavior to
a virus, Trojan horse, or logic bomb
• Worms are self-replicating
• A worm is built to take advantage of a security
hole in an existing application or operating
system, find other systems running the same
software, and automatically replicate itself to
the new host
• The process repeats with no user intervention
Threats
• Other types of malware are:
– Logic bombs
– Spyware
– Sniffers
– Keystroke loggers
• As with anything, the intent and use of
some of these can be good or bad
Encryption and Decryption
• Cryptosystem or cipher system provides
a way to protect information by
disguising it into a format that can be
read only by authorized systems or
individuals
• The use of these systems is called
cryptography and the disguising of the
data is called encryption
Encryption and Decryption
• Encryption is the transformation of data
into a form that cannot be read without
the appropriate key to decipher it
• It is used to ensure that information is
kept private
• Decryption is the reverse of encryption
• Decryption deciphers encrypted data
into plain text that can easily be read
Encryption and Decryption
• There are two basic types of encryption
where one letter is replaced with
another by a scheme
• This is called a cipher
• The two basic types are:
– substitution
– transposition
Encryption and Decryption
• A substitution cipher replaces characters or
bits with different characters or bits, keeping
the order in which the symbols fall the same
• In a transposition cipher, the information is
scrambled by keeping all of the original letters
intact, but mixing up their order
• This is called permutation
Encryption and Decryption
• The Data Encryption Standard (DES)
suggests the use of a certain mathematical
algorithm in the encrypting and decrypting of
binary information
• The system consists of an algorithm and a
key
• It is a block cipher using a 56-bit key on each
64-bit chuck of data
• In a block cipher, the message is divided into
blocks of bits
Encryption and Decryption
• Rivest-Shamir-Adleman (RSA) is an
Internet encryption and a digital
signature authentication system that
uses an algorithm
• This encryption system is currently
owned by RSA Security
• The RSA key length may be of any length,
and it works by multiplying two large prime
numbers
Encryption and Decryption
• Public-key cryptosystems use different keys
to encrypt and decrypt data
• The public key is readily available whereas
the private key is kept confidential
• There are two major types of algorithms used
today:
– symmetric, which has one key that is
private at all times
– asymmetric, which has two keys: a public
one and a private one
Encryption and Decryption
• Besides RSA, some of the more popular
asymmetric encryption algorithms are:
– Diffie-Hellman Key Exchange
– El Gamal Encryption Algorithm
– Elliptic Curve Cryptography (ECC)
• The environments where public-key
encryption is very useful include unsecured
networks where data is vulnerable to
interception and abuse
Encryption and Decryption
• Public Key Infrastructure (PKI) allows you to
bring strong authentication and privacy to the
Internet
• Public-key cryptographic techniques and
encryption algorithms allow you to provide
authentication and ensure that only the
intended recipients have access to data
• PKI is comprised of several standards and
protocols that are necessary for
interoperability among different security
products
Encryption and Decryption
• The system consists of digital certificates and
the certificate authorities (CAs) that issue the
certificates
• Certificates identify sources that have been
verified as authentic and trustworthy
• The CA’s job is to verify the holder of a digital
certificate and ensure that the holder of the
certificate is who they claim to be
Encryption and Decryption
• Digital signatures are used to authenticate
the identity of the sender, as well as ensure
that the original content sent has not been
changed
• Non-repudiation is intended to provide a
method in which there is no way to refute
where data has come from
• Non-repudiation is unique to asymmetric
systems because private keys are not shared
Encryption and Decryption
• A virtual private network (VPN) is a network
connection that allows you secure access
through a publicly accessible infrastructure
• VPN technology is based on tunneling
• Tunneling uses one network to send its data
through the connection of another network
• It works by encapsulating a network protocol
within packets carried by a public network
Encryption and Decryption
• The protocol that is wrapped around the
original data is the encapsulating protocol
such as:
– IP Security (IPSec)
– Point-to-Point Tunneling Protocol (PPTP)
– Layer Two Tunneling Protocol (L2TP)
– Layer 2 Forwarding (L2F)
• Tunneling is not a substitute for encryption
Firewalls
• A firewall is a component placed
between computers and networks to
help eliminate undesired access by the
outside world
• It can be comprised of:
– hardware
– software
– a combination of both
Firewalls
• There are four broad categories that
firewalls fall into:
– packet filters
– circuit level gateways
– application level gateways
– stateful inspection
• These four categories can be grouped
into two general categories
Firewalls
• A packet-filtering firewall is typically a router
• Packets can be filtered based on IP
addresses, ports, or protocols
• They operate at the Network layer (Layer 3)
of the Open System Interconnection (OSI)
model
• Packet filtering is based on the information
contained in the packet header
Firewalls
• An Application-level gateway is known as a
proxy
• Proxy service firewalls act as go betweens for
the network and the Internet
• The firewall has a set of rules that the packets
must pass to get in or out of the network
• They hide the internal addresses from the
outside world and don’t allow the computers
on the network to directly access the Internet
IP Security (IPSec)
• IPSec is a set of protocols developed by the
IETF that operates at the Transport Layer
(Layer 3) to support the secure exchange of
packets
• The IPSec protocol suite adds an additional
security layer in the TCP/IP stack
• The IPSec suite attains a higher level of
support for data transport by using a set of
protocols and standards together
IP Security (IPSec)
• These include:
– Authenticated Header (AH)
– Encapsulated Secure Payload (ESP)
– Internet Key Exchange (IKE)
• AH provides integrity, authentication,
and anti-replay capabilities
• ESP provides all that AH provides, plus
data confidentiality
Web Security
• A Web server is used to host Web-based
applications and internal or external Web
sites
• The best way to ensure that only necessary
services are running is to do a clean install
• Web servers contain large, complex
programs that may have some security holes
• Many protocols contain common
vulnerabilities that may be manipulated to
allow unauthorized access
E-mail Security
• E-mail has become the preferred
method of communication
• The public transfer of sensitive
information exposes it to interception or
being sent to undesired recipients
• Unsolicited e-mail may contain
dangerous file attachments such as
viruses, trojan horses or worms
E-mail Security
• Pretty Good Privacy (PGP) is a specification
and application which is integrated into
popular e-mail packages
• PGP enables you to securely exchange
messages, secure files, disk volumes and
network connections with both privacy and
strong authentication
• PGP can also be used for applying a digital
signature without encrypting the message
E-mail Security
• Privacy-Enhanced Mail (PEM) was one of the
first standards for securing e-mail messages
by encrypting 7-bit text messages
• PEM may be employed with either symmetric
or asymmetric cryptographic key mechanisms
• It works at the application layer, using a
hierarchical authentication framework
compatible with X.509 standards
Best Internet Security Practices
• Here are some best practices for being
able to detect network attacks:
– Assume everyday that a new vulnerability
has surfaced overnight
– Make it part of your daily routine to check
the log files from firewalls and servers
– Have a list of all the security products that
you use and check vendor Web sites for
updates
Best Internet Security Practices
• Here are some best practices for being
able to detect network attacks:
– Know your infrastructure
– Ask questions and look for answers
– Set good password policies
– Install virus software and update the files
on a regular basis
Best Internet Security Practices
• Listed below are some Web sites that
offer good information on best practices:
– http://csrc.nist.gov/fasp/
– http://www.cert.org/security-improvement/
– http://www.sans.org/rr/
– http://www.securityfocus.com