ppt - K.f.u.p.m ocw
Download
Report
Transcript ppt - K.f.u.p.m ocw
Chapter 12
Network Security
Modified by: Masud-Ul-Hasan and Ahmad Al-Yamani
1
Objectives
Understand the many processes involved
with the development of a comprehensive
security policy and security architecture.
Understand the importance of a well-
developed and implemented security policy
and associated people processes to
effective security technology implementation.
Understand the concepts, protocols, etc.
related to Virus Protection, firewalls,
authentication, and encryption.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
2
Business Impact
Impact on business when network security is
violated by on-line thieves ?
According to federal law enforcement estimates
in USA, more than $ 10 billion worth of data is
stolen annually in the US only.
In a single incident, 60,000 credit and calling
card numbers were stolen.
50 % of computer crimes are committed by a
company’s current or ex-employees.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
3
Security Policy Development Life Cycle
A method for the development of a comprehensive
network security policy is known as SPDLC.
Identify business related
security issues
Evaluate effectiveness
Analyze security risks,
of current architectures
and policies
threats, and
vulnerabilities
Design the security
Audit impact of security
technology and
processes
architecture and the
associated processes
Implement security
technology and
processes
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
4
Identification of Business-related security issues
It is security requirement assessment.
What do we have to lose?
What do we have worth stealing?
Where are the security holes in our business
processes?
How much can we afford to lose?
How much can we afford to spend on
network security?
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
5
Analysis of Risks, Threats, Vulnerabilities
Information asset evaluation – what is worth
protecting ?
Network architecture documentation – What is
the current state of the network?
How many unauthorized modems are dialing
in?
Identify all assets, threats and vulnerabilities.
Determine risks and create protective
measures.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
6
Architecture and Process Design
Logical design of security architecture and
associated processes.
What must be the required functionality of the
implemented technology?
What business processes implemented and
monitored by people must match this security
architecture?
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
7
Security Technology and Process Implementation
Choose security technology based on logical
design requirements.
Implement all security technology with
complementary people process.
Increase overall awareness of network
security and implement training.
Design ongoing education process for all
employees including senior management.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
8
Audit Impact of Security Technology & Processes
Ensure that implemented policy and
technology are meeting initial goals.
Institute a method to identify exceptions to
security policy standards and deal with these
exceptions swiftly.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
9
Evaluate effectiveness of Current Architecture
and Processes
Based on results of ongoing audits,
evaluate effectiveness of current policy and
architecture of meeting high-level goals.
Adjust policy and architecture as required
and renew the cycle.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
10
Security Requirements Assessment (SRA)
Proper SRA implies that appropriate security
processes and technology have been applied
for any given users or group’s access to or
from any potential corporate information
resource.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
11
Scope Definition and Feasibility Studies
Before proceeding blindly with a security policy
development project, it is important to properly define
the scope or limitations of the project.
The feasibility study provides an opportunity to gain
vital information on the difficulty of the security policy
development process as well as the assets (human
and financial) required to maintain such a process.
One of the key issues is deciding on the balance
between security and productivity.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
12
Security vs. Productivity Balance
Lack of Security
High risk
No productivity loss
Lack of security may
Low cost
occurs from access
ultimately have
restrictions
negative impact on
Open access
No productivity loss
productivity
Open access may lead to data
loss or data integrity problems
which may lead to productivity
loss.
PRODUCTIVITY
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
SECURITY
13
Security vs. Productivity Balance
Over Restrictive Security
High cost
Over restrictive
Low risk
security causes
Restrictive access
productivity decline
Security needs take
priority over user
access
Productivity loss
Over restrictive security may
lead to noncompliance with
security processes which may
lead to loss of security
PRODUCTIVITY
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
SECURITY
14
Security vs. Productivity Balance
Optimal Balance of Security and Productivity
Minimize negative
Maximize security
Restrictiveness of security
impact on
processes
policy balanced by people's
productivity
Balanced risk and costs
acceptance of those policies
BALANCE
PRODUCTIVITY
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
SECURITY
15
Network Security Policy
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
16
Security vs. Productivity Balance
How to define the balance between security
and productivity?
Identify assets
Identify threats
Identify vulnerabilities
Consider the risks
Identify risk domains
Take protective measures
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
17
Data/Information Classification
Unclassified/Public
Information having no restrictions as to storage,
transmission, or distribution.
Sensitive
Information whose release could not cause
damage to corporation but could cause potential
embarrassment or measurable harm to
individuals, e.g. salaries & benefits of employees.
Confidential
Information whose release could cause
measurable damage to the corporation, e.g.
corporate strategic plans, contracts.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
18
Data/Information Classification
Secret
Information whose release could cause serious
damage to a corporation. E.g., trade secrets,
engineering diagrams, etc.
Top secret
Information whose release could cause severe
or permanent damage. Release of such
information could literally put a company out of
business. Secret formulas for key products
would be considered top secret.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
19
Assets
Corporate property of some value that
require varying degrees of protection.
Assets needed network security are:
Corporate data (highest priority)
Network hardware
Software
Media to transport data
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
20
Threats
Processes or people that pose a potential
danger to identified assets, can be:
Intentional or unintentional, natural, or man-made.
Network related threats include:
Hackers
Fires
Floods
Power failures
Equipment failures
Dishonest employees
Incompetent employees
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
21
Vulnerabilities
Manner or path by which threats are able to attack
assets.
Can be thought of as weak links in overall security
architecture and should be identified for every
potential threat/asset combination.
Vulnerabilities that have been identified can be
blocked.
After identifying vulnerabilities, the questions are:
How should a network analyst proceed in developing
defenses to these vulnerabilities?
Which vulnerabilities should be dealt with first?
How can a network analyst determine an objective means
to prioritize vulnerabilities?
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
22
Risks
Probability of a particular threat successfully
attacking a particular asset in a given amount
of time via particular vulnerability.
By considering the risk, network analysts are
able to quantify/calculate the relative
importance of threats and vulnerabilities.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
23
Assets, Risks, Protection
ASSET
THREAT
VULNERABILITY
Multiple protective measures
may need to be established
between given threat/asset
combinations.
PROTECTIVE MEASURES
RISK
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
GOLDMAN & RAWLES: ADC3e
24
Protective measures
There might exist multiple vulnerabilities (paths)
between a given asset and a given threat
So multiple protective measures need to be established
between given threat/asset combinations
Major categories of potential protective measures
Virus protection
Firewalls
Authentication
Encryption
Intrusion Detection
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
25
Threats and Protective Measures
camouflage
Spying/listen in
attacker is able to read, insert and modify messages b/w two parties
A common technique spammers use is to configure the From
line in an e-mail message to hide the sender's identity.
Modification of data through unauthorized means (e.g., while entering
the data)
Trying every word in dictionary as a possible password.
Form of network attack in which a valid data transmission is
maliciously or fraudulently repeated or delayed by someone who
intercepts the data and retransmits it, possibly as part of a
Computer program masquerading as a game or any “cute” program.
masquerade attack
However, when it runs it does something else - like erasing the hard
A
generic
class ofthe
attacks
where
host, or that
a segment,
or an
entire
drive
or blocking
screen
with a graphic
will not go
away.
network is brought down and becomes unusable by legitimate users.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
26
Threats and Protective Measures
Once policies have been developed, it is up
to everyone to support those policies in their
own way.
Having been included in the policy
development process, users should also be
expected to actively support the implemented
acceptable use policies.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
27
Executive’s Responsibilities
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
28
Management's Responsibilities
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
29
Acceptable Use Policy Development
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
30
User’s Responsibilities
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
31
Virus Protection
Virus protection is often the first area of
network security addressed by individuals or
corporations.
A comprehensive virus protection plan must
combine policy, people, processes, and
technology to be effective.
Too often, virus protection is thought to be a
technology-based quick fix.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
32
Virus Protection
Most common microcomputer security violation.
90% of the organizations surveyed with 500 or more
PCs experience at least one virus incident per month.
Complete recovery from a virus infections costs and
average of $8300 and over a period of 22 working
days.
In Jan 1998, there were over 16,000 known viruses,
with as many as 200 new viruses appearing per month.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
33
Virus Categories
Virus symptoms, methods of infection, and
outbreak mechanisms can vary widely, but all
viruses share a few common behaviors.
Most viruses work by infecting other legitimate
programs and causing them to become destructive
or disrupt the system.
Most viruses use some type of replication method
to get the virus to spread and infect other
programs, systems, or networks.
Most viruses need some sort of trigger or
activation mechanism to set them off. Viruses may
remain dormant and undetected for long periods.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
34
Virus Categories
Some viruses have a delayed action, which is
sometimes called a bomb. E.g., a virus might
display a message on a specific day or wait
until it has infected a certain number of hosts.
Two main types
Time bombs: A time bomb occurs during a
particular date or time.
Logic bombs: A logic bomb occurs when the user
of a computer takes an action that triggers the
bomb. E.g., run a file, etc.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
35
Virus Categories
File infectors: attack the executable, or program files.
System/boot infectors: changes the MBR-Master Boot
Record an area containing all statements to load the
operating system.
Multipartite viruses: also multi-part, attack both the boot
sector and the executable, or program files at the same time.
Hostile applets: Java applets that consume resources in
rude or malicious ways, so that either all the CPU or memory
resources of the computer are consumed.
E-mail viruses: e-mail attachments with spam.
Cluster/File system viruses: changes the system's
FAT-File Allocation Table an index of names and addresses of
files.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
36
Antivirus Strategies (AS)
Effective AS must include
Policy
Procedures
Technology
AS Policies and Procedures
Identify virus infection vulnerabilities and design protective
measures.
Install virus scanning software at all points of attacks.
All diskettes must be scanned at a stand-alone scanning
PC before being loaded onto network attached clients or
servers.
All consultants and third party contractors should be
prohibited from attaching their notebook computers to the
corporate network without scanning.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
37
AS Policies and Procedures
All vendors must run demos on their own
equipment.
Shareware/downloaded software should be
prohibited or controlled and scanned.
All diagnostic and reference diskettes must be
scanned before use.
Write protect all diskettes with .exe, .com files.
Create a master boot record that disables write to
hard drive when booting from a diskette, etc.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
38
AS Antivirus Technology
Viruses can attack
Locally or remotely attached client platforms
Server platforms
Entrance to the corporate network via the
Internet
At each entrance point, viruses must be
detected and removed.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
39
AS Antivirus Technology
Virus Scanning is the primary method for successful
detection and removal.
Software most often works off a library of known
viruses.
Purchase antivirus software which updates virus
signatures at least twice per month.
Typically, vendors update virus signatures files every 4
hours, with hourly updates expected in near future.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
40
AS Antivirus Technology
Emulation technology attempts to detect as yet
unknown viruses by running programs with a software
emulation program known as a virtual PC.
Execution program can be examined in a safe
environment for any unusual behavior of other tell-tale
symptoms of resident viruses.
Proactive rather than reactive.
Advantage: identification of potentially unknown
viruses based on their behavior rather than by relying
on identifiable signatures of known viruses.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
41
AS Antivirus Technology
Such programs are also capable of trapping
encrypted or polymorphic viruses that are
capable of constantly changing their identities
or signatures.
Some of these programs are also self-learning
Knowledge of virus-like activity increases with
experience.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
42
AS Antivirus Technology
CRC checkers or Hashing checkers create and save
unique cyclical redundancy check character or
hashing number for each file to be monitored.
Each time the file is saved, the new CRC is checked
against the reference CRC.
If CRCs are different file has changed
A program evaluates changes to determine a
likelihood that changes were caused by a viral
infection.
Disadvantage: able to detect viruses after infection,
which may already be too late.
Decoys: files that are allowed to be infected to detect
and report on virus activity.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
43
AS Antivirus Technology
Active content monitor
to identify viruses and malicious content such as
Java applets or Active X controls that may be
introduced via Internet connectivity.
Able to examine transmission from the Internet
in real time and identify known malicious
content based on
definition libraries
contents of reference
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
44
Point of Attack: Client PC
Point of Attack: Internet Access
Vulnerabilities
Infected diskettes
Groupware conferences with infected
documents
Protective Measures
Strict diskette scanning policy
Autoscan at system start-up
Vulnerabilities
Downloaded viruses
Downloaded hostile agents
Protective Measures
Firewalls
User education about the dangers of
downloading
Client
PC
Router
INTERNET
hub
Remote
Access
Users
Point of Attack: Remote Access Users
Vulnerabilities
Frequent up/downloading of data and use of
diskettes increase risk
Linking to customer sites increases risk
Protective Measures
Strict diskette scanning policy
Strict policy about the connection to corporate
networks after linking to other sites.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
Server
Point of Attack: Server
Vulnerabilities
Infected documents stored by attached clients
Infected documents replicated from other
groupware servers
Protective Measures
Autoscan run at least once a day
Consider active monitoring virus checking
before allowing programs to be loaded onto
server
Rigorous backup in case of major outbreak
Audit logs to track down sources
45
Firewalls
When a company links to the Internet, a two-way
access point, out of as well as into that company’s
confidential information is created.
To prevent unauthorized access from the Internet to
company’s confidential data, firewall is deployed.
Firewall runs on dedicated server that is connected
to, but outside of, the corporate network.
All network packets are filtered/examined for
authorized access.
Firewall provides a layer of isolation between inside
network and the outside network.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
46
Firewalls
Does it provide full protection? No !!, if
Dial-up modems access remains uncontrolled
or unmonitored.
Incorrectly implemented firewalls may introduce
new loopholes.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
47
Firewall Architectures
No standards for firewall functionality,
architectures, or interoperability.
As a result, user must be especially aware of
how firewalls work to evaluate potential
firewall technology purchase.
Three architectures
Packet Filtering
Application Gateways
Circuit-level Gateways
Internal Firewalls
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
48
Packet Filtering
Every packet of data on the Internet is uniquely
identified by the source and destination addresses.
E.g., addresses in the header
Filter is a program that examines the source and
destination addresses of all incoming packets to the
firewall server.
Filter tables are list of addresses whose data packets
and embedded messages are either allowed or
prohibited from proceeding through the firewall server
and into the corporate network.
It is based on user-defined rules.
Also called as port level filter or network level filter.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
49
Packet Filtering
Routers are also capable of filtering packets-means
an existing piece of technology can be used for dual
purposes.
Dedicated packet-filtering firewalls are usually easier
to configure and require less in-depth knowledge of protocols to be
filtered or examined.
But maintaining filter tables and access rules on
multiple routers is not a simple task.
Packet filtering has limitations in terms of level of
security it provides.
IP spoofing is used by hackers to breach packet filters.
Since packet filters make all filtering decisions based on IP
source and destination addresses, if a hacker can make a
packet appear to come from an authorized or trusted IP
address, then it can pass through the firewall.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
50
Packet Filtering
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
51
Application Level Filters (ALFs)
Also known as
Application gateways
Assured pipelines
Proxies
Go beyond port level filters in their attempts to
prevent unauthorized access.
Port level filters determine the legality of the party
asking for information.
ALFs ensure the validity of what they are asking for in
addition to who is making that request.
Applies security mechanisms to specific applications,
such as FTP and Telnet servers. This is very
effective, but can impose a performance degradation.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
52
Circuit Level Filters
Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has
been made, packets can flow between the hosts
without further checking.
Socks creates a proxy data channel to the
application server on behalf of the application client.
Socks can control traffic by disabling or enabling
communication according to TCP port numbers.
Sock4 – allows outgoing firewall applications.
Sock5 – supports both incoming and outgoing firewall
applications as well as authentication.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
53
Application Gateway
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
54
Dual-Homed Gateway
Both application gateway & packet-filtering router are
used in dual-homed gateway for increased security .
Application gateway is physically connected to the
private secure network & the packet-filtering router is
connected to the non-secure network or the Internet.
Between the application gateway and the packetfiltering router is an area known as the screened
subnet.
Also attached to this screened subnet are information
servers, WWW servers, or other servers that the
company may wish to make available to outside
users. However, all outside traffic still goes through
the application gateway first, and then to the
information servers.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
55
Dual-Homed Gateway
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
56
Trusted Gateway
In this, certain applications are identified as
trusted and are able to bypass the
application gateway entirely and establish
connections directly rather than be executed
by proxy.
In this way, outside users can access
information servers and WWW servers
without tying up the proxy applications on
the application gateway.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
57
Trusted Gateway
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
58
Internal Firewalls
Internal firewalls – the need
60% of the network attacks are made by internal users.
Dissatisfied employees, former employees etc. are
responsible for different incidents of network hacking.
30% of Internet sites that reported breaches had firewalls in
place.
Internal firewalls are a new category of software to
handle internal attacks.
Packet filtering works primarily at the network layer.
Circuit filtering works at the transport layer.
Application filtering works at the application layer.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
59
DMZ
There are times that an organization wants remote
users to have access to items on their network. E.g.,
Web site
Online business
FTP download and upload area
In cases like this, better to create a (Demilitarized
Zone) DMZ. It is really just an area that is outside the
firewall.
Think of DMZ as the front yard of your house. It
belongs to you and you may put some things there,
but you would put anything valuable inside the house
where it can be properly secured.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
60
Firewall – Behind DMZ
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
61
Firewall – In front of DMZ
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
62
Firewall – Multi-tiered
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
63
Proxy Server
The word “proxy” means “one who is authorized to act on
behalf of another”.
A proxy server is a special type of firewall which acts on behalf
of many individual users in screening network traffic into, and
out of, a company's network.
Typically, an Internet proxy server is used to gather all user
requests, forward them out to the Internet, receive the
responses, and in turn forward them to the originating
requester.
To the individual user, the proxy server is invisible, that is, all
Internet requests and returned responses appear to be directly
with the Internet server addressed via a specified URL. To the
external world, a proxy server appears as a single network
user submitting requests, and advertises only one network
address on behalf of many local users.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
64
Proxy Server
A proxy server provides two distinct firewall services.
First, it limits the Internet services to which users of a
company's network may access. E.g., a company's security
policy may dictate that corporate network users are allowed email and web access, while prohibiting file transfer capabilities.
Second, the proxy server limits a company's network
appearance to the outside world by masking internal address
schemes, thereby minimizing hacker access to a company's
internal resources.
Proxy servers can also make Internet access more efficient. If
a page is accessed on a Web site, it is cached (stored) on the
proxy server. This means that the next time when that page is
accessed again, it normally doesn't have to load again from the
Web site. Instead it loads instantaneously from the proxy
server.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
65
Authentication and Access Control
The overall purpose of Authentication is to ensure that
users attempting to gain access to networks are
really who they claim to be.
Password protection was the traditional means to
ensure authentication.
Password protection is no longer sufficient. More is
needed.
A wide variety of Authentication Technology (AT) has
been developed to ensure that users really are who
they say they are.
Products fall into three main categories.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
66
Authentication and Access Control
Three categories are:
1. What you know: AT that delivers single sign-on
(SSO) access to multiple network-attached servers
and resources via passwords.
PassGo SSO from Axent Technologies
Global Sign On from IBM
2. What you have: AT that uses one-time or onesession passwords to authenticate user. This AT
requires the user to possess some type of smart card
or other token authentication device to generate
these single use passwords.
3. What you are: AT that validates users based on
some physical characteristic such as finger prints,
hand geometry, retinal scans etc.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
67
1. Single Sign-On (SSO)
Single sign-on (SSO) - also sometimes known as
secure single sign-on (SSSO), allows users to log
into the enterprise network and authenticated from
their client PC location.
It is not necessary for users to remember a variety of
different user Ids and passwords to the numerous
different enterprise servers from which they may
request services.
Since this is the single entry point onto the enterprise
network for users, log auditing software can be used
to keep non-repudiable records of all activities and
transactions.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
68
Single Point of Registration (SPR)
Single point of registration (SPR) - allows a
network security manager to enter a new user (or
delete a terminated user) from a single centralized
location.
He can assign all associated rights, privileges, and
access control to enterprise resources from this
single point rather than having to enter this new
user's information on multiple resources distributed
throughout the enterprise.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
69
Secure HTTP (SHTTP)
Secure HTTP is a secure version of HTTP that
requires both client and server S-HTTP versions to
be installed for secure end-to-end encrypted
transmission.
Based on public key encryption, providing security at
the document or application level since it works with
the actual HTTP applications to secure documents
and messages.
Uses digital signature encryption to assure that the
document possesses both authenticity and message
integrity.
SSL is designed to establish a secure connection
between two computers, S-HTTP is designed to
send individual messages securely.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
70
Secure Sockets Layer (SSL)
Described as wrapping an encrypted envelope around HTTP
transmissions. Whereas S-HTTP can only be used to encrypt
web documents, SSL can be wrapped around other Internet
service transmissions such as FTP, and Telnet as well as
HTTP.
SSL is a connection-level encryption method providing
security to the network link itself.
Used for transmitting private documents via the Internet. SSL
uses a cryptographic system that uses two keys to encrypt
data − a public key known to everyone and a private or secret
key known only to the recipient of the message.
Many web sites use it to obtain confidential user information,
such as credit card numbers, etc.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
71
Single Access Control View
Single access control view - allows the
user's access from their client workstation to
only display those resources that the user
actually has access to.
Any differences between server platforms
should be shielded from the user. The user
should not need to memorize different
commands or control interfaces for the
variety of enterprise servers that a user may
need to access.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
72
2.Token Authentication (TAu)–Smart Cards
This technology provides one-time-use session
passwords that are authenticated by associated
server software. TAu may be of multiple forms:
Hardware based smart cards that are about the size of a
credit card with a numeric keypad.
In-line TAu devices that connect to the serial port of a
computer for dial-in authentication through a modem.
Software tokens that are installed on client PC and
authenticate with the server portion of the token
authentication product transparently to the end user. PIN is
required to activate authentication process.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
73
Challenge & Response
Terminal Challenges the Smart Card
1. Terminal generates
a random number
3. Terminal decrypts it with its own key.
2. Smart card
encrypts it
with its key
and sends it
back to the
terminal
If the number is same as it is generated by
the terminal’s random number generator,
It will authenticate the smart card.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
74
Challenge & Response
(contd.)
Smart Card Challenges the Terminal
1. Smart card generates
2. Terminal
encrypts it
with its key
and sends it
back to the
smart card
a random number
3. Smart card decrypts it with its own key.
If the number is same as it is generated by
the smart card’s random number generator,
It will authenticate the terminal.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
75
3. Biometric Authentication (BA)
BA can authenticate users based on
finger prints
palm prints
retinal patterns
hand geometry
facial geometry
voice recognition
Other physical characteristics
Not yet perfect or fool proof.
False rejects – BA device comparison algorithm configured
very sensitive.
False Accepts - BA device comparison algorithm not detailed
enough.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
76
Authorization
Can be seen as a subset of authentication.
Authorization ensures that only properly
authorized users are able to access particular
network resources or corporate information
resources.
The authorization security software can be
either:
Server based – also known as brokered
authorization.
Work-station based – also known as trusted node.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
77
Encryption
Encryption involves the changing of data into
an impossible to read form before
transmission.
If the transmitted data are somehow
intercepted, that cannot be interpreted.
The changed, unmeaningful data is known as
ciphertext.
Encryption must be accompanied by
decryption, or changing the unreadable text
back into its original form.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
78
RADIUS (Remote Authentication Dial-In User Service)
RADIUS allows network managers to centrally manage remote
access users, access methods, and logon restrictions.
A client/server protocol that enables remote access servers to
communicate with a central server to authenticate dial-in users
and authorize their access to the requested system or service.
AAA protocol (Authentication, Authorization and Accounting)
The RADIUS protocol improves network security by providing a
mechanism for authenticating remote users connecting to the
network. It does this by carrying authentication, authorization
and configuration information between a Network Access
Server (NAS) and a RADIUS server.
A NAS, also known as a Remote Access Server (RAS), is a
device that provides an access point to a network for remote
users connecting through remote access protocols such as
telnet, ftp or PPP.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
79
RADIUS Architecture
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
80
Logical System View
PPP
IP
ISP POP
Customer
Information
Provider
NAS / RAS
ROUTER
Internet
PSTN
Workstation Modem
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
Remote
Server
VPN (Virtual Private Network)
VPN is a private network that uses a public network
(usually the Internet) to connect remote sites or users
together. Instead of using a dedicated connection
such as leased line, a VPN uses “virtual” connections
routed though the internet.
Tunneling is the transmission of data intended for
use only within a private, usually corporate network
through a public network in such a way that the
routing nodes in the public network are unaware that
the transmission is part of a private network.
C
A
G
E
H
B
D
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
I
F
Tunnel
82
Tunneling Protocols and VPN
To provide VPN capabilities using the Internet as an enterprise
network backbone, specialized tunneling protocols were
developed that could establish private, secure channels
between connected systems.
Point-to-Point Tunneling Protocol
Layer 2 Forwarding protocol
Layer 2 Tunneling
Protocol
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
83
Tunneling Protocols and VPNs
A VPN creates an encrypted tunnel across a
public network and passes the data destined
for the remote location across the tunnel.
The remote workstation gets a local IP
address and appears to all computers on
the local network as if it were local.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
84
Kerberos
A well-known combination authentication/authorization system
developed at MIT & marketed commercially by many.
The name Kerberos comes from Greek mythology; it is the
three-headed dog that guarded the entrance.
Kerberos is designed to enable two
parties to exchange private
information across an open network.
It works by assigning a unique key,
called a ticket, to each user that
logs on to the network.
The ticket is then embedded in
messages to identify the sender of
the message.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
85
Kerberos
Architecture consists of three key components
Kerberos client software
Kerberos authentication server software
Kerberos application server software
To be able to ensure that only authorized users are
able to access a particular application, Kerberos must
be able to communicate directly with that application.
The source code of the application must be modified
to make it compatible with Kerberos. If source code is
not available, perhaps software vendors sells
Kerberized versions of their software.
Kerberos is not able to offer authorization protection
to applications with which it cannot communicate.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
86
Kerberos
Users are first authenticated by the Kerberos authentication
server, which consults its database & issue a ticket for the
valid user to communicate with the ticket granting software
(TGS). This ticket is known as a ticket-granting ticket.
Using this ticket, the user sends an encrypted request to the
ticket granting software (TGS) requesting a ticket for access to
a particular applications server.
If the TGS determines that the request is valid, a ticket is
issued that will allow the user to access the requested server.
This ticket is known as a service-granting ticket.
The user presents this ticket to the application server, which
evaluates the ticket’s validity. If the application determines that
the ticket is valid, a client/server session is established.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
87
Kerberos Architecture
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
88
Security Design Strategies
Make sure that router operating system software
has been patched.
Identify those information assets that are most
critical to the corporation, and protect those
servers first.
Implement physical security constraints to hinder
physical access to critical resources such as
servers.
Monitor system activity logs carefully.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
89
Security Design Strategies
Develop a simple, effective, and enforceable
security policy and monitor its implementation.
Consider installing a proxy server or applications
layer firewall.
Block incoming DNS queries and requests for zone
transfers.
Don’t publish the corporation’s complete DNS map
on DNS servers that are outside the firewall.
Disable all non essential TCP ports and services.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
90
Security Design Strategies
Install only software and hardware that you
really need on the network.
Allow only essential traffic into and out of the
corporate network and eliminate all other types
by blocking with routers or firewalls.
Investigate the business case for outsourcing
Web-hosting services so that the corporate Web
server is not physically on the same network as
the rest of the corporate information assets.
Use routers to filter traffic by IP address.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
91
Government Impact
Government agencies play a major role in the
area of network security.
The two primary functions of these various
government agencies are:
Standards-making organizations that set
standards for the design, implementation, and
certification of security technology and systems.
Regulatory agencies that control the export of
security technology to a company’s international
locations.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
92