Transcript Security
Ensuring Network Security
•
•
•
•
•
•
Physical Security
Ciphering
Authentication
Integrity
Firewalls
Data Security
– Passwords
– Auditing
• Sniffing
• Viruses
Physical Security
• Access to hardware
– Locked Doors
– Locked Cabinets
• Access to the system console
– Screen Passwords
– Locked keyboards (removing keyboard)
• Access to network wiring/switches/routers
Physical Environment
•
•
•
•
•
Power source
Noise sources
Air conditioning (temperature control)
Dust and smoke
Water problems (flood possible?)
Network Security
• Confidentiality
• Authentication
• Message integrity and nonrepudiation
(modification, deletion, or insertion)
• Availability and access control
Cryptography/Ciphers
• Simple cipher
– ABCDEFGHIJKLMNOPQRSTUVWXYZ
– MNOPQRSTUVWXYZABCDEFGHIJKL
– “Secret Message” crypted “EQODQF YQEEMSQ”
• Better cipher
–
–
–
–
–
ABCDEFGHIJKLMNOPQRSTUVWXYZ
FGHIJKLMNOPQRSTUVWXYZABCDE C1(k=5)
TUVWXYZABCDEFGHIJKLMNOPQRS C2(K=19)
Crypt Codes C1,C2,C1,C2,etc.
“Secret Message” = “XXHKJM RXXLFZJ”
Decrypting
• Simplest
– Use the frequency of characters
–
–
–
–
–
–
E
V
M
S
O
J
12.88
0.99
2.56
6.36
7.62
0.13
N
Q
P
L
H
6.94 R 5.97
0.11 T 9.31
1.85 K 0.61
4.00 F 2.53
6.00U 2.83
C
I
Z
Y
W
2.75
6.92
0.06
1.73
2.06
G
D
A
X
B
1.87
4.07
8.03
0.22
1.60
• Find the most commonly used character
and insert it into the sentence.
Downsides
• The encryption systems are too simple (easy
to crack)
• The keys must be distributed to the users
• Ciphers don’t change with time (same each
day until news keys are distributed)
• Faster computing provides faster cracking
algorithms.
Encryption
•
•
•
•
•
DES (Digital Encryption Standard)
AES (Advanced Encryption Standard)
Secure Shells
Secure Web Pages
Pretty Good Privacy
– Private Keys
– Publics
– Signatures
DES/AES
• Data Encryption Standard
• Advanced Encryption Standard
How safe is encryption?
• 4 character password (alphabetic characters
only) cracking time (maybe a minute on a
450mhz computer)
• 40 bit key (can be cracked in 24hours on a
parallel computing system)
• 128 bit key (probably not able to be cracked
in a millennium)
Pretty Good Privacy
• Encryption of keys
– 40 bit
– 128 bit
•
•
•
•
Creating your authenticated signature
Your key ring
Submitting your public key to a database
Email and PGP
PGP System
PGP
Encryption
International
Database
Public keys
User 1
Private key
Data
PGP
Decryption
Key Ring
Message can be entirely encrypted or
Just the signature can be encrypted.
Key Ring
User 2
Authentication
• Simple: “I am Alice”, Bob believes the message
– It is very easy to lie!
• Next: Alice is on a “known” IP address, Bob believes Alice
because the message header contains the address.
– Address SPOOFING
• Better: Alice gives Bob her password
– Hacker records the conversation and plays it back
(playback attack)
• Best: Public Key/Private Key
– “Man in the middle attack”
Man in the middle Attack
Integrity
• Digital Signatures
Key Distribution and Certification
• Trusted intermediary
• Key Distribution Center (KDC)
– Repository of public keys
• Certification Authority (CA)
– Certificate creation and authentication
Firewalls
• Purpose
• Disadvantages
– Slowdown of packets
– Inconvenient for users
• Advantages
– Slows down hacking attempts
– Limits incoming traffic
– Overcomes IP number limitations (NAT)
Firewalls (cont.)
• Setup
– IPTABLES
– ZoneAlarm
– Addressing
– Name Service
• Proxies
– E-mail
– Web
– FTP
Types of attacks
• Packet Sniffing
• Spoofing
– Stealing and copying IP addresses
• Denial of Service (DOS)
– Syn flooding
• Distributed Denial of Services (DDOS)
– Numerous hosts operating concurrently
• Hijacking
Sniffers
•
•
•
•
Sniffer, Snoop, Tcpdump, Ethereal
Promiscuous mode
Many protocols
Interpretation
Data Security
• Share Level Security vs. User Level Security
• Proper passwords
–
–
–
–
Length
Uncommon names
Use of non alphanumeric characters
Controlled access (Screen/Keyboard Locks)
• Use of a Routed vs. Flat network architecture
• Audit use of the system
Security Planning
•
•
•
•
•
Unauthorized access
Electronic Tampering
Theft
Intentional damage
Unintentional damage
Auditing
• Check for System Logs for:
–
–
–
–
–
–
Logon attempts
Connection to resources
Connection termination
Directory creation, modification, or deletion
Server events and modifications
Password changes
Microsoft Gotchas
• Microsoft operating systems have a
tendency to store passwords on the local
hard disk in the Windows registry to save
time when logging in to remote services.
This can be quite dangerous!
Flat Network
Hub
User 1:129.123.7.56
User 3:129.123.6.123
Internet
User 2:129.123.3.88
Monitor sees
some traffic from
all 3 users
Routed Network
User 2:Subnet 3
User 1:Subnet 7
User 3:Subnet 6
Router
Internet
Monitor on
Subnet 1
Monitor can’t see
traffic other than
it’s own subnet
Login Security
• Usernames/Passwords may be in plain text
over the network
• Email security
– Netscape/Eudora leave configuration files on
each PC.
– Webmail is an IMAP interface to a mail server
• can use SSL for security
Secure Shell (SSH)
•
•
•
•
Use of encryption based on keys/certificates
Block undesired hosts from accessing
All data on the wire is encrypted
Can be used for interactive communication
and copying files
Secure Web Sites
• SSL/TLS
– Secure Sockets Layer, Transport Layer Security
• Keys/Cookies
– New key/encryption code for each access
• Encryption of data over the wire
• Keep track of trusted hosts that access the
site.
SSL Handshake
IPsec
•
•
•
•
•
•
This is Network Layer confidentiality
Authentication Header (AH)
Encapsulation Security Protocol (ESP)
Security Parameter Index (SPI)
Security association (SA)
Internet Key Exchange (IKE)
IPsec Headers
ESP Headers
Viruses/Trojans/Macros
• Viruses spread by:
– Removable media
– downloaded files
– Email
• Viruses are removed by:
– Deleting the affected file
– Running a virus scanning/cleaning program
Companion Viruses
• Looks like a real program (WORD.EXE)
• Make replace a logon program and grab
usernames/passwords
• Usually renames the actual executable and
calls that executable from the bogus
program.
Macro Viruses
• The virus infects the Macro definitions of a
program (like Microsoft Word) and then
infects every document created by the
original program.
• These viruses are difficult to detect because
they haven’t infected an executable
program.
Polymorphic Viruses
• These change appearance every time they
replicate. They may even change each time
the computer is rebooted.
• Since they change frequently, virus
checkers have a hard time determining a
pattern or fingerprint of the virus.
Stealth Virus
• These hide from detection
• They may use hidden files or may modify
the operating system so a standard directory
scan doesn’t show the virus file.
• They also return false information to virus
checkers.
Trojans
• Trojan Horses
– Look like a benign game or program
– After a period of time they execute the virus
• Some may be cleaned with virus protection
software.
• Some masquerade as Windows programs
and removal will crash the system
Back Doors
• Provide access to system through published,
unused, or unpublished ports.
• Sometimes are put there by programmers,
engineers, or hackers
• They are hard to protect against unless you
can find their access port and firewall
protect against it.
Virus Consequences
•
•
•
•
•
•
•
Can’t boot
Data is scrambled or unreadable
Erratic or slow operation of the computer
Computer is used as a distribution agent
Excessive disk activity
Disk drive is erased or data is lost.
Disk is reformatted
Virus Protection
• Test each disk write for a particular pattern
unique to the virus
• Test for writes to the disk boot block
• Test for code that might access PC hardware
• Scan files for virus patterns
D.O.S. Attacks
•
•
•
•
Denial of Service
Flood of useless packets/data
Hard/Impossible? To track
Can a firewall protect the network?
D.D.O.S. Attacks
•
•
•
•
•
Distributed Denial of Service
Many servers running in parallel
Hard/Impossible? To track
Good example of distributed computing
How do we stop it?
Email Virus
• Use innocent email messages as the
transport.
• Grab address book entries to spread
• Infect critical windows programs
• The user doesn’t know he is infecting others
• Can be prevented by using email front end
scanners and filtering outgoing mail.
Backups
•
•
•
•
What kind of backup system should we use?
Even a fault tolerant disk system can fail!
Always back up
Rotate several copies of backups in case one tape
is unreadable
• Check the backups to see if they are readable
• Store the tapes or removable media in a safe place
Backup Strategy
•
•
•
•
•
Full Backup
Incremental Backup
Copy
Daily Copy
Logging
– Date, tape-set number, type, which computer
Disaster Recovery
• Prevention
–
–
–
–
–
What can I control?
What is the best method?
Keep updating your prevention methods
Keep up on maintenance
Training!
Disaster Preparation
•
•
•
•
Plan ahead
Use fault tolerance equipment
Maintain backups
Test your preparation plan!
Network Security
Remember Homework 4 on the Web page!