Transcript 01-Intro

Network Security
Spring 2017
http://www.faisalakhan.info/Classes/
[email protected]
Office: 01, SS Block, BUITEMS
Course Syllabus
Course Title: Network Security (3 hours lecture, 0
hours lab)
Instructor: Dr. Faisal Kakar (backup - Engr. Raza
Ali)
Course Objective: Fundamental concepts of network
information security and management, including
encryption, secure access methods, and
vulnerabilities in network protocols, operating
systems, and network applications.
2
Course Syllabus
Textbook: "Network Security Essentials:
Applications and Standards," Prentice Hall, William
Stallings, Third Edition, 2007.
http://WilliamStallings.com/Resources
Grading:
Quizzes (2 x 7.5%) 15%
HW 10%
Midterm 25%
Final 50%
3
Course Syllabus
Course Outline:
Introduction
Secret Key and Public/Private Key Cryptography
Cryptographic Hashes and Message Digests
Authentication Systems (Kerberos)
Digital signatures and certificates
Kerberos and X.509v3 digital certificates
Web security
Security standards - SSL/TLS and SET
Intruders and viruses
PGP and S/MIME for electronic mail security
Firewalls
Current Network Security Publications and Web
Sites
4
Attacks, Services, and Mechanisms
* Security Attack: Any action that compromises the security
of information (e.g., stealing information).
* Security Mechanism: A mechanism that is designed to
detect, prevent, or recover from a security attack. (e.g.,
encryption)
•Security Service: A service that enhances the security of
data processing systems and information transfers. A
security service makes use of one or more security
mechanisms (SSL for Web browsers and servers).
• Service - prevents Attacks - by using Mechanisms
5
Security Services
(PI and 3 A's)
* Privacy (Confidentiality)
* Integrity (has not been altered or deleted)
* Availability (accessibility - permanence, non-erasure)
- Denial of Service Attacks
- Virus that deletes files
* Authentication (who created or sent the data)
- Non-repudiation (the buy-order is final)
[attribution]
* Authorization (access control, prevent misuse of resources)
Ref: ISO X.800 and IETF RFC 2424
6
Availability
Integrity, Authentication
Privacy
Authentication, Authorization
7
Computer Emergency Response Team - see www.us-cert.gov
also see www.sans.org
8
Not included above: Theft of Services. Example, a
botnet uses your computer to send spam email, or
participate in a distributed denial-of-service attack
(DDoS)
9
Wiring Closet
Rule 1:
Without
physical
security (to
critical areas),
there is no
security.
10
11
Authentication
Authorization
Logging
12
Security Standards
Internet - Internet Engineering Task Force (IETF)
De Facto (PGP email security system, Kerberos-MIT)
ITU (X.509 Certificates)
- not in book National Institute of Standards and Technology (SHA)
IEEE (802.3-Ethernet, 802.11 - Wireless LAN)
Department of Defense, Nat. Computer Security Center
Export Controls ( U.S. Dept. of Commerce)
- High Performance Computers
- Systems with “Hard” Encryption
13
Viruses, Worms, and Trojan Horses
Virus - code that copies itself into other programs (usually riding on
email messages or attached documents (e.g., macro viruses).
Payload - harmful things it does, after it has had time to spread.
Worm - a program that replicates itself across the network (e.g.,
Saphire worm)
Trojan Horse - instructions in an otherwise good program that cause
bad things to happen (sending your data or password to an attacker
over the net).
Logic Bomb - malicious code that activates on an event (e.g., date).
Trap Door (or Back Door) - undocumented entry point written into
code for debugging that can allow unwanted users.
Bot (robot) - a compromised host that is controlled remotely.
Bot Net (botnet) - many bots controlled by the same organization.
14
Virus Protection
Have a well-known virus protection program, configured to
scan disks and downloads automatically for known viruses.
Monthly (if not weekly) database updates are necessary.
Do not execute programs (or "macro's") from unknown
sources (e.g., PS, JPEG, MS Office documents, Java, ...), if
you can help it. Lately, downloaded image files can
compromise your PC.
Avoid the most common operating systems and email
programs, if possible (I use MacOS, Ubuntu Linux,
thunderbird and Apple mail). If you use Web Mail
(integrated mail and browser programs) then turn off
"automatically download from Web,” and use safe servers.
15
Password Gathering
(Physical Security)
Look under keyboard, telephone etc.
Look in the Rolodex under “X” and “Z”
Call up pretending to be from “micro-support,” and ask for it.
“Snoop” a network and watch for plaintext passwords that go by.
Tap a phone line - but this requires a very special modem.
Use a “Trojan Horse” or “Bot” program, with a “key catcher”to record key
stokes.
Social Engineering - phone or email and pretend to be “PC support.”
16
The 5 Stages of a Classical Network Intrusion
1. Scan the network to:
• locate which IP addresses are in use,
• what operating system is in use,
• what TCP or UDP ports are “open” (being listened to
by Servers).
2. Run “Exploit” scripts against open ports
3. Get access to Shell program which is “suid” (has “root”
privileges).
4. Download from Hacker Web site special versions of systems
files that will let Cracker have free access in the future without his
cpu time or disk storage space being noticed by auditing
programs.
5. Use IRC (Internet Relay Chat) to invite friends to the feast, or
join the host to a botnet.
17
Clicking on the Wrong Button can Compromise your PC
<- Example
18
From: insurance\@fdic.gov
actually from 118.223.217.179 = [email protected] (Seoul, KR)
To: xxx-ece.gatech.edu
Subject: FDIC Insurance
Date: Sat, 8 Jan 2011 16:46:02 -0500 (EST)
To whom it may concern,
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been
denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we
have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency
violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on
your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance
Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your
account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for
identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said
verification and all suspensions of insurance on your account will be lifted.
http://fdic.gov
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account
history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to
provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security
Officials.
Donald E. Powell
Chairman Emeritus FDIC
link goes to: <http://haptered.com/fe45q2/index.php?027ed7c0a5cebf916dd3a0d05>
19
Web Server
Fire Wall
Application
Layer
(HTTP)
Port 80
Transport
Layer
(TCP,UDP)
Router-Firewall
can drop packets
based on
source or destination,
ip address and/or port
Protocol No.
Network
Layer (IP)
IP Address
130.207.22.5
Data
Link Layer
Phys. Layer
Network
Layer
Network
Layer
Data
Link Layer Data Link Layer
Phys.
Layer
Phys. Layer
Browser
Application
Layer
(HTTP)
Port 31337
Transport
Layer
(TCP,UDP)
Protocol No.
Network
Layer (IP)
IP Address
24.88.15.22
Data-Link Layer
Phys. Layer
20
PGP (Pretty Good Privacy) -> GPG
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com
21
Access Control
Yesterday almost all systems were protected only by a simple
password that is typed in, or sent over a network in the clear.
Techniques for guessing passwords (the common ones):
1. Try default passwords.
2. Try all short words, 1 to 3 characters long.
3. Try all the words in an electronic dictionary(60,000).
4. Collect information about the user’s hobbies, family names,
birthday, etc.
5. Try user’s phone number, social security number, street
address, etc.
6. Try all license plate numbers (123XYZ).
These can be automated and run off-line if the password
hash file is obtained.
Prevention: Enforce good password selection (e.g.,
“c0p31an6-liKe5=Alvakad05” or “3Bm1ce-c-htr”)
22
Computer Infection Today
Today many system compromises start by the hacker getting a
user to load and run a program that installs a network backdoor
and automated software, which in turn loads additional software,
making the computer into a "bot" (robot).
These bots join a peer-to-peer network, and can infect other
computers directly over the network. They also can be
commanded by the "bot master" to setup phony Web sites and
send HTML emails that download exploit software into other
computers.
We'll discuss different attacks that are used to steal password and
other identity information, and to misdirect Web browsers to
phony Web sites.
23