lecture 18

Download Report

Transcript lecture 18 

Overview
• Last Lecture
– Directory services
• This Lecture
– Network security
– Source: Chapter 7 in Computer Networking - A TopDown Approach Featuring the Internet by J.F. Kurose
and K.W. Ross
• Next Lecture
– Internal routing
TELE 301 Lecture 18: Network security
1
Security of networks
• Security is something that is not necessary
in a trusted world!
TELE 301 Lecture 18: Network security
2
Security
• A system can be compromised by
–
–
–
–
Malicious attacks
Accidental erasure of data
Disk crashes
User ignorance
• Physical security
– Locked in a secret cabinet
TELE 301 Lecture 18: Network security
3
Security (continued)
• Trust relationships
– Trust relationships have to be clear before making
security policies
• Security policy
– Define how secure we want to be
– Without definition, security means nothing
– A security policy should balance between security and
convenience
– We will see an example policy later
TELE 301 Lecture 18: Network security
4
Security Issues
• Privacy: restriction of access.
• Authentication: verification of identity
– Privacy and authentication are fundamental
issues
– Nonrepudiation
• Trust: whom you can trust
• Integrity: protection against corruption or
loss (use redundancy and regulations)
TELE 301 Lecture 18: Network security
5
Authentication Protocols
• Scenario
– Alice, the sender, wants to communicate with Bob, the
receiver
– But Trudy , the intruder, tries to pretend to be Alice for
some purpose or wants to get access to data/system
• AP1.0
– Alice sends a message to Bob saying she is Alice
– Con: There is no way for Bob to actually know that the
person sending the message, “I am Alice” is indeed
Alice
TELE 301 Lecture 18: Network security
6
Authentication Protocols (cont.)
TELE 301 Lecture 18: Network security
7
Authentication Protocols (cont.)
• AP2.0
– Use the source IP address to authenticate
– Fails if IP spoofing is used
TELE 301 Lecture 18: Network security
8
Authentication Protocols (cont.)
• AP3.0
– Use secret password
– Password can be eavesdropped
– Encrypted password can be played back
TELE 301 Lecture 18: Network security
9
Authentication Protocols (cont.)
• AP4.0
– Use a number, called a nonce, that will be used only
once in a lifetime
– The protocol has the following procedures
• Alice sends the message “I am Alice”, to Bob
• Bob chooses a nonce, R, and sends it to Alice
• Alice encrypts the nonce using Alice and Bob’s symmetric
secret key, K A-B, and sends the encrypted nonce, K A-B(R)
back to Bob
• Bob decrypts the received message. If the decrypted nonce
equals the nonce he sent Alice, then Alice is authenticated.
TELE 301 Lecture 18: Network security
10
Authentication Protocols (cont.)
TELE 301 Lecture 18: Network security
11
Authentication Protocols (cont.)
• AP5.0
– Use the public key encryption in AP4.0
– The protocol has the following procedures
• Alice sends the message “I am Alice”, to Bob
• Bob chooses a nonce, R, and sends it to Alice
• Alice encrypts the nonce using Alice’s private key A and sends
the encrypted nonce, d A(R) back to Bob
• Bob decrypts the received message using Alice public key. If
the decrypted nonce equals the nonce he sent Alice, then Alice
is authenticated.
– The retrieval of the public key could be a security hole
TELE 301 Lecture 18: Network security
12
Authentication Protocols (cont.)
TELE 301 Lecture 18: Network security
13
Authentication Protocols (cont.)
TELE 301 Lecture 18: Network security
14
Authentication Protocols (cont.)
• Man-in-the-middle attack
– If the public key needs to be retrieved in AP5.0,
the man-in-the-middle attack can be achieved,
and both Bob and Alice will not notice the man
in the middle
TELE 301 Lecture 18: Network security
15
Authentication Protocols (cont.)
TELE 301 Lecture 18: Network security
16
Key Distribution
• Key Distribution Centre (KDC)
– Everyone has his/her individual key manually
installed at KDC (a server) when she registers
– Suppose Alice and Bob have their individual
keys K A-KDC and K B-KDC, the procedure for key
distribution is as below.
TELE 301 Lecture 18: Network security
17
Key Distribution (cont.)
TELE 301 Lecture 18: Network security
18
Key Distribution (cont.)
– Using K A-KDC to encrypt her communication with the KDC, Alice
sends a message to the KDC saying she (A) wants to communicate
with Bob(B). The message is denoted as K A-KDC (A,B)
– The KDC, knowing K A-KDC , decrypts K A-KDC (A,B). The KDC
then generates a random number, R1. This is the shared key value
that Alice and Bob will use to perform symmetric encryption when
they communicate with each other. R1 is the one-time session key.
In addition KDC will send Alice a pair of values A and R1
encrypted by the KDC using Bob’s key K B-KDC
– When Alice receives the message from the KDC, extracts R1 from
the message and save it, then forwards K B-KDC (A, R1) to Bob
– Bob decrypts the message and knows the shared key with Alice. He
takes care to authenticate Alice using R1 before proceeding further
TELE 301 Lecture 18: Network security
19
Digital Signatures
• Want nonrepudiation
• Use encryption backwards
TELE 301 Lecture 18: Network security
20
Message Digest
• Verifies that a message has not be altered
• Uses a hash function
– MD5
– SHA-1
TELE 301 Lecture 18: Network security
21
Message Digest (cont.)
TELE 301 Lecture 18: Network security
22
Public Key Certification
• Masquerading using public key cryptography
TELE 301 Lecture 18: Network security
23
Public Key Certification (cont.)
• Certification authority
TELE 301 Lecture 18: Network security
24
Security attacks
• SYN flooding
– Use IP spoofing
– Use an address of a host which doesn’t exist, send SYN packets
repeatedly to another host, cause that host to have millions of
connections, and fill up its memory space.
• TCP sequence guessing
– Use IP spoofing
– An attacker makes a TCP connection to a host by
guessing the initial TCP sequence number used by the
host
– This attack is used to impersonate other hosts for
trusted access such as rsh
TELE 301 Lecture 18: Network security
25
TCP sequence guessing
• How TCP sequence guessing works?
– Normal procedure
– Attacking procedure
TELE 301 Lecture 18: Network security
26
Policies for maintenance
• The purpose is to keep the system from becoming
chaotic
• A clear expression of goals and responses is
essential
– Organisation, Users, Network, Mail, WWW, Printing,
Security, Privacy
– Policy making: (refer to
http://policy01.otago.ac.nz/rdbase/home.html)
•
•
•
•
•
Determine the system policy
Sysadm team agreement
Expect the worst
Educate users in good and bad practice
Special users
TELE 301 Lecture 18: Network security
27
Security policy
• Security policy
– A formal statement of the rules by which people who
are given access to an organisation’s technology and
information assets must abide
– RFC 2196: Site Security Handbook. It is a guide to
developing security policies for sites that are connected
to the Internet
• Purposes of security policies
– Policy is the first layer of protection for your resources
and information
– To inform users, staff and managers of their obligations
for protecting technology and information assets
• Should specify the mechanism through which these
requirements can be met
TELE 301 Lecture 18: Network security
28
Security policy (cont.)
• Policies have to be written explicitly
– Implied policies do not help
• Who should be involved in writing of a policy?
–
–
–
–
–
–
Site security manager
IT technical staff
User representatives
Security incident response team
Responsible management
Legal counsel
TELE 301 Lecture 18: Network security
29
Security policy (cont.)
• Aspects of a security policy
–
–
–
–
–
–
–
–
–
From outside the organisation
From inside the organisation
Against the interruption of services
From user error
User convenience
What resources are we trying to protect?
Whom are we trying to protect the resources from?
What will happen if the system is compromised?
How much work will we need to put into protecting the
system? What risk is acceptable?
– Protect from loss: backup should be stored at a different
physical location to the original.
TELE 301 Lecture 18: Network security
30
Security policy (cont.)
• Criteria for a good policy
– Viable implementation through system administration
procedures,
– Acceptable by the users
– Can be forced with security tools and sanctions
– Clearly defines the areas of responsibility for the users,
administrators and management
• Otago IT policies
– http://policy01.otago.ac.nz/rdbase/home.html
TELE 301 Lecture 18: Network security
31
Useful tips for system admin
–
–
–
–
–
–
Don’t rely on vendors
Post info for users in a clear and friendly way
Document all changes on configuration
Don’t make changes before taking leave
Be aware of system limitations and capacity
If something looks unusual, investigate and understand
what is happening
– “If it ain’t broke, don’t fix it”
– Some redundancy will help survival
– After-hour support
TELE 301 Lecture 18: Network security
32
Other References
• Linux Network Administrators Guide (chapter 9)
• Principles of Network and System Administration
(Chapters 9, 10)
• Business Data Communications and Networking (7th
edition) by FitzGerald & Dennis (Chapter 10)
• Computer Communications and Networking Technologies
by M.A. Gallo and W.M. Hancock (Chapter 17)
• Local Area Networks - a business-oriented approach (2nd
edition) by J.E. Goldman and P.T. Rawles (Chapter 16)
TELE 301 Lecture 18: Network security
33