Security Threat Analysis
Download
Report
Transcript Security Threat Analysis
Computer Systems Security
Security in Networks
(Security Controls)
Topic 2
Pirooz Saeidi
Source: Pfleeger, Chapter 7
css security in Networks-css-ps2
1
Network Security Controls
Agenda:
Security Threat Analysis
Design, Implementation and Architecture
Control types
Firewalls
Intrusion Detection Systems
Secure Email
Summary and Conclusion
css security in Networks-css-ps2
2
Network Security Controls
We introduce a number of defence strategies
available to network security engineer.
With details of three important controls:
1.
2.
3.
Firewalls,
Intrusion Detection Systems, and
Encrypted e-mail.
css security in Networks-css-ps2
3
Security Threat Analysis
–
The three steps of security threat analysis are:
1.
2.
3.
Scrutinise all parts of the system
Consider possible damage to confidentiality,
integrity and availability.
Speculate the kind of attack.
css security in Networks-css-ps2
4
Security Threat Analysis
–
The individual parts of a network:
Local nodes connected through
Local communication links to a
LAN which also contains
Local processes, storage and devices
css security in Networks-css-ps2
5
Security Threat Analysis
–
–
–
LAN is also connected to a gateway that
provides access through Network communications links
to
Network control resources, routers, databases, etc.
css security in Networks-css-ps2
6
Security Threat Analysis
–
Possible threats and damage:
Intercepting data in traffic
Accessing or modifying data/programmes in remote
hosts.
Modifying data in transit
Blocking traffic
Impersonating a user
and more…
css security in Networks-css-ps2
7
Security Threat Analysis
–
–
–
The network security engineer speculates these
threats and uses the defence available.
Such defence varies from design and
architecture to different types of controls
We will have a close look at these defences.
css security in Networks-css-ps2
8
Design, Implementation and
Architecture
–
–
–
In previous lectures we elaborated on design and
implementation issues.
Similarly a network architecture and design can
have a considerable effect on its security.
In this context we will consider:
Segmentation
Redundancy and
Single Points of Failure
css security in Networks-css-ps2
9
Segmented Architecture
Reduces the number of threats and limits
damage.
Consider an e-commerce application with the
following parts:
A web server
Application code
Database of products
Database of orders
css security in Networks-css-ps2
10
Segmented Architecture
–
We don’t want to
compromise the entire
application by putting all
of these activities in one
machine. Instead we can
use multiple segments.
Pfleeger&Pfleeger
css security in Networks-css-ps2
11
Other Architectural Controls
Redundancy
Example: provide more than one server and use
failover mode:
Servers communicate periodically with each other.
If one fails the other takes over processing for both.
Avoid Single Point of Failure
Example: distribute parts of a database in different
segments
css security in Networks-css-ps2
12
Controls: Encryption
–
Two forms:
Link Encryption
–
Between hosts
End-to-end Encryption
–
Between applications
css security in Networks-css-ps2
13
Link Encryption
–
–
–
Data encrypted just
before it is placed in
physical link.
Takes place in layer 1 &
2 of OSI
Appropriate when
transmission line is
vulnerable.
css security in Networks-css-ps2
Pfleeger&Pfleeger
14
Link Encryption
–
–
Example of a typical
Link Encrypted message.
Some of header/trailer
information may be
applied before
encryption takes place.
css security in Networks-css-ps2
15
End-to-end Encryption
Encryption can be
applied by hardware as
well as software at
highest layers.
Pfleeger&Pfleeger
css security in Networks-css-ps2
16
End-to-end Encryption
Example: An encrypted
message
Pfleeger&Pfleeger
css security in Networks-css-ps2
17
End-to-end Encryption
Messages sent to several
hosts are protected and
the data content is still
encrypted while in
transit even if it passes
through potentially
insecure nodes.
css security in Networks-css-ps2
18
Virtual Private Networks (VPN)
With link encryption the users may think they
are on a private network. Hence the word VPN.
The greatest exposure for a user is between
his/her machine and the perimeter of the host
network.
A VPN can deploy firewalls to implement an
encrypted connection between a user's
distributed sites over a public network.
css security in Networks-css-ps2
19
Virtual Private Networks (VPN)
Communication passes
through an encrypted
tunnel.
VPN is created when the
firewall interacts with an
authentication service
inside the perimeter.
Any communication is
done through the
encrypted tunnel
css security in Networks-css-ps2
Pfleeger&Pfleeger
20
Virtual Private Networks (VPN)
Firewall implements
Access control on the
basis of VPN.
Example of a VPN with
privileged access
The firewall passes to
internal server the
privileged identity of
User2
css security in Networks-css-ps2
Pfleeger&Pfleeger
21
Public Key Infrastructure (PKI) and
Certificates
PKI is used to implement public key cryptography.
Offers each user a set of services on access control and
identification.
Integrate digital certificates, public-key cryptography,
and certificate authorities into a total, enterprise-wide
network security architecture.
Involves registration authority to act as an interface
between user and certificate authority
More information from:
http://csrc.nist.gov/pki/
css security in Networks-css-ps2
22
Secure Shell (SSH) Encryption
SSH is a pair of protocols originally for Unix but now
available in Windows 2000
Provides authenticated and encrypted path to shell or
command line interpreter
Replaces utilities such as Telnet, rlogin and rsh for remote access
Protects against spoofing attacks and modification of data in
communication.
css security in Networks-css-ps2
23
Secure Socket Layer (SSL) Encryption
SSL designed to protect communication
between a web browser and a server.
Interfaces between applications and the TCP/IP
protocols to provide server authentication.
Client and server negotiate a mutually supported
set of encryption for session encryption and
hashing
css security in Networks-css-ps2
24
Secure Socket Layer (SSL) Encryption
To use SSL,
The client requests an SSL session
The server responds with its public key certificate with
which the client authenticates the server
Client returns part of a symmetric session key
encrypted under the server’s public key
Client and server both compute the session key, and
switch to encrypted communication, using the shared
session key
css security in Networks-css-ps2
25
Encryption-IP Security Protocol
(IPSec)
Adopted by IPv6, addresses many
shortcomings of conventional IP such as
spoofing, session hijacking, …
Implemented at IP layer so it effects all layers
above it, including TCP and UDP.
Works similar to SSL in terms of authentication
and confidentiality and is independent of
cryptographic protocols.
css security in Networks-css-ps2
26
IP Security Protocol (IPSec)
IPSEc is based on security association, a set
of security parameters for a secured
communication channel.
The main data structures of IPSEc are AH
(Authentication header) and ESP
(Encapsulated Security Payload)
css security in Networks-css-ps2
27
IP Security Protocol (IPSec)
ESP replaces the TCP
header and data portion
of a packet
Packets: (a) Conventional Packet; (b) IPSec Packet.
Pfleeger&Pfleeger
css security in Networks-css-ps2
28
IP Security Protocol (IPSec)
ESP replaces the
conventional TCP
header and data
portion of a packet
and
contains both of an
authenticated portion
and an encrypted
portion
The Encapsulated Security Packet
css security in Networks-css-ps2
Pfleeger&Pfleeger
29
Content Integrity Controls
Guarding against modification in transmission.
We can use methods such as:
Error Correcting Codes
Cryptographic checksums
css security in Networks-css-ps2
30
Error Correcting Codes
Error Detection Codes
Parity checking (odd or even parity bit)
Hash code: a unique signed number returned by a hash
function
Huffman code
Usually used to detect non-malicious changes (e.g. noise)
A data compression method that changes the length of the encoded
token in proportion to its information content, that is the more
frequently a token is used, the shorter the binary string used to
represent it in the compressed stream
Error Correction
Correct without retransmission
css security in Networks-css-ps2
31
Cryptographic Checksum
Also called message digest is a cryptographic
function that produces a checksum.
The checksum is assigned to a file and used to
"test" the file at a later stage to verify that the
data contained in the file has not been
maliciously changed.
css security in Networks-css-ps2
32
Strong Authentication Controls
Networked environments as well as both ends
of communication need authentication.
We will consider the following methods:
One-Time Password
Challenge-Response Systems
Digital Distributed Authentication
Kerberos
css security in Networks-css-ps2
33
One-Time Password
Guards against wiretapping and spoofing
Password is effective only once
Uses a secretly maintained password list, or
each user can use a device to randomly generate
new passwords every minute (computation is
based on the value of current “time” interval).
Within the same “minute” the receiving
computer should be able to compute the same
password to match.
css security in Networks-css-ps2
34
Challenge_Response Systems
The user authenticates to a simple device by
means of say a PIN.
The system prompts the user with a new
challenge for each use:
The remote system sends a random number (the
“challenge”) which the user enters into the device.
The device responds to that number with another
number, which the user transmits to the system and
so on.
css security in Networks-css-ps2
35
Authentication in Distributed Systems –
Kerberos
Designed at MIT.
Used for authentication between clients and servers.
Based on the idea that a central server provides
authenticated tokens called tickets to requesting
applications.
A ticket is non-forgeable and non-replayable.
css security in Networks-css-ps2
36
Authentication in Distributed Systems –
Kerberos
Kerberos design goals was to enable systems to
withstand attacks in distributed systems. The main
characteristics are:
1.
No passwords are communicated on the network.
2.
User’s password is stored only at the Kerberos server.
It is not sent from the user’s workstation when it initiates a session.
Provides cryptographic protection against spoofing.
Each access is mediated by a ticket-granting server
Which knows the identity of the user based on the authentication
performed initially by the server.
css security in Networks-css-ps2
37
Authentication in Distributed Systems –
Kerberos
3. Limited period of validity (of tickets)
Tickets contain timestamps with which the server will determine the
ticket’s validity.
The attacker therefore will not have time to complete a long term
attack.
Timestamps prevent replay attacks
In a replay attack a valid data transmission is maliciously or fraudulently
repeated or delayed.
The server compares the timestamps of requests with current time. And
accepts requests only if they are reasonably close to current time.
This time-checking prevents most replay attacks, since the attacker’s
presentation of tickets will be delayed!
4. Mutual authentication
The user of a service can be assured of any server’s authenticity by
requesting an authenticating response from the server.
css security in Networks-css-ps2
38
Authentication in Distributed
Systems -Kerberos
Uses public key technology for key exchange.
A central server provides authenticated tokens,
called tickets to requesting applications.
Ticket is an encrypted data structure naming a
user and a service the user has permission to
access.
css security in Networks-css-ps2
39
Kerberos
The user first establishes a session with
Kerberos server as follows:
The user’s workstation sends user’s identity to
Kerberos server.
The Kerberos server verifies that the user is
authorised by sending two messages. One to the
user and the other to the ticket-granting server.
css security in Networks-css-ps2
40
Kerberos
User’s message contains:
A session key SG to communicate with ticket
granting server G; and a ticket TG.
SG Is encrypted under user’s password:
E(SG+ TG, PW)
Ticket granting server’s message contains:
A copy of the session key SG and the encrypted
identity of the user
css security in Networks-css-ps2
41
Kerberos
If the workstation can
decrypt E(SG+ TG, PW)
using pw, then the user has
been successful in
authentication.
Diagram show how a
Kerberos session is initiated
Pfleeger&Pfleeger
css security in Networks-css-ps2
42
Kerberos
Now the user (U) wants to access the services
of the distributed system (say access file F)
Using key SG the user requests a ticket from ticket
granting server to access file F.
The ticket granting server verifies U’s access
permission and returns a ticket and a session key.
css security in Networks-css-ps2
43
Kerberos
The ticket contains the
following:
U’s authenticated identity
An identification of F
Access rights
A session key SF (with file
server)
Ticket expiry date
Diagram shows how a
Ticket can be obtained to
access a file
Pfleeger&Pfleeger
css security in Networks-css-ps2
44
Access Control
Access control enforce what and How of
security control policies.
Mechanisms such as:
ACLs on Routers
Firewalls
We will look at them later
css security in Networks-css-ps2
45
ACLs on Routers
Routers can be configured with ACLs to deny access to
particular hosts from particular hosts.
This is very expensive. Brings a large load to routers.
Routers inspect the source and destination addresses.
But with UDP datagrams, attackers can forge source
address so that their attack can not be blocked by
router’s ACL..
Limited and restricted use of ACLs is a more viable
option.
css security in Networks-css-ps2
46
Honeypots Controls
Like catching a mouse we can set a trap with an
attractive bait!
A honeypot is a computer system or a network
segment open to attackers to
See what the attackers do
tempt the attacker to a place so that you can learn its
habits and stop future attacks
Make a playground to divert him/her from the real
system
css security in Networks-css-ps2
47
Firewalls
A firewall is a device or, software, or a combination of
both designed to prevent unauthorised users from
accessing a network and/or a single workstation.
Networks usually use hardware firewalls which are
implemented on the router level. These firewalls are
expensive, and it is difficult to configure them.
Software Firewalls are used in single workstations and
are usually less expensive and it is easier to configure
them
css security in Networks-css-ps2
48
Firewalls
Inspect each individual inbound or outbound
packet of data to or from the system
Check if it should be allowed to enter or
otherwise it should be blocked
css security in Networks-css-ps2
49
Types of firewalls
Packet filtering gateways or screening routers
Stateful inspection firewalls
Application proxies
Guards
Personal firewalls
css security in Networks-css-ps2
50
Packet filtering gateways
Control is based on packet address or a specific
transport protocol (e.g. HTTP).
Example: a packet filter can block traffic using
Telnet protocol but allows HTTP traffic.
css security in Networks-css-ps2
51
Stateful inspection firewalls
Keeps a history of previously seen packets to
make better decisions about current and future
packets.
Useful to counter attacks which force very
short length packets into, say a TCP packet
stream.
Remember TCP packets arrive in different order
and firewall will not be able to detect the signature
of an attack split across 2 or more packets.
css security in Networks-css-ps2
52
Application Proxies
Packet filters deal with header information but
not data inside the message. So the SMTP
example we sow in the tutorial last week
leaves a back door open to anything inbound to
port 25.
Also a flawed applications that acts on behalf
of the user (e.g. an e-mail agent), with all
user’s privileges can cause damage.
css security in Networks-css-ps2
53
Application Proxies
Application Proxies have access to the entire
range of information in the network stack. They
can also filter harmful or disqualified
commands in the data stream.
The proxy controls actions through the firewall
on the basis of the data visible inside the
protocol, and not just on external header
information
css security in Networks-css-ps2
54
Next lecture
Will conclude network security buy looking at
two more controls:
Email and
Intrusion Detection Systems
css security in Networks-css-ps2
55