Security in Computing - Pravin Shetty > Resume
Download
Report
Transcript Security in Computing - Pravin Shetty > Resume
SECURITY LECTURE By PRAVIN SHETTY
Reduce the baud rate!!
2
In the last lecture
3
Taxonomy of security attacks
Aims or services of security
A Model of internetwork security
Security in Computing
In Today’s lecture
5
Computer Security - what we mean?
Security goals and vulnerabilities
Methods of defence
Plan of attack
Carrying to (inter)network security.
Computer Security
6
Computer security deals with the
prevention and detection of unauthorised
actions by users of a computer system.
The security dilemma
security deals with the ready availability of
valuable assets by authorised agents, and
the denial of that access to all others.
Security-unaware users have specific
security requirements but (usually) no
security expertise.
But
7
The security dilemma
8
The costs of additional resources to
implement security mechanisms can be
quantified.
Security mechanisms interfere with users,
and can lead to loss of productivity.
Managing security also costs.
Principles of Security
Principle of easiest penetration
an intruder will use any means of penetration
Principles of timeliness
items only need to be protected until they lose
their value
Principles of effectiveness
controls must work, and they should be
efficient, easy to use, and appropriate.
9
Risk Analysis
10
Risk analysis evaluates the cost of
implementing security measures as
opposed to losing the data and
information.
Vulnerabilities
The three broad computing system
resources are
hardware
interruption (denial of service), interception
(theft)
software
interruption (deletion), interception,
modification
data
interruption (loss), interception,
modification and fabrication
11
Method of defence
By controls
What should be the focus of the controls?
For example: should protection
mechanisms focus on data or operations
on that data or on the users who use the
data?
Since there are layers of technology, where
controls should apply?
Applications, services, operating systems,
kernel, hardware.
12
Controls
13
Can be applied at hardware, software,
physical or polices.
Simple mechanisms or lots of features?
Should defining and enforcing security
mechanism be a centralised function?
How to prevent access to the layer below
the security mechanism?
Effectiveness of Conrols
Merely having controls does no good
unless they are used properly. The factors
that affect the effectiveness are
Awareness of protection
Likelihood of users
Overlapping controls
Periodic review
14
Different forms of control
15
Authentication
Access control
Authentication
Means establishing proof (assurance) of
identify.
Proving that the object or the subject is what it
claims to be: (is the user the person they say
they are?; is this message actually what was
sent by the originator?)
Usually involves one or a combination of
something you are, something you know,
and something you have.
(user name, password, possibly some
hardware authentication device you can have).
16
Access Control
17
Relates to who (or what) may have access
to some object.
The object might be tangible, like a tape
drive or it can be abstract like a directory
in a file system, or a network service on a
remote system (like print or mail server).
Concern with respect to security is how
the object can be accessed; can be used
locally or remotely; can it read, written or
executed? If so by whom or what, and in
what circumstances?
Access Control
18
Access control problem is essentially one
of authorization, rights, and privileges.
There is some standard way to access
computing resources (like username and
password) while there is NO standard
access control scheme for the internet
(internetwork).
Security services
19
Authentication
Access control
Integrity
Confidentiality
Nonrepudiation
Availability
Integrity
20
refers to the current condition of some
data as compared to their pure and
original state.
An example in internetworking: a message
or file that traverses the network at risk of
having data added, removed, or modified
along the way.
Integirty
Consider the following message:
From: [email protected]
To: [email protected],
[email protected]
Subject: hackers
temple.csse has been hacked by intruders. I am
working to resolve this problem. Please check your
systems for possible intrusion.
As a by-product of this email message,
the attacker of temple.csse has also
compromised an email server at this
site (How?).
21
Integrity
22
By monitoring the outbound mail queue,
the attacker intercepts this message and
rather than deleting it, he takes the
following three tacks.
Consider the ramifications of these
messages that actually received by the
root user of the remote sites:
Tack -1
From: [email protected]
To: [email protected],
Subject: hackers
temple.csse has been hacked by intruders. I am
working to resolve this problem. Please check your
systems for possible intrusion.
P.S. One of my co-worker will call you very soon to
discuss the details with you, and to offer
assistance.
23
The attacker can gain the access to the root
(privileged) account of beast.csse.
In addition temple.csse detects and closes the
former point of access, the attacker can erase all
his/her old footprints!!
Tack-2
From: [email protected]
To: [email protected]
Subject: hackers
temple.csse has been hacked by intruders.
24
Here the intruder has left the notice of
temple.csse’s intrusion intact, but removed the
advice to check the other systems – to give time
to cover the tracks as well another venue to
intrude!!
Tack -3
From: [email protected]
To: [email protected],
Subject: hackers
beast.csse has been hacked by intruders. I am working
to resolve this problem. Please check your systems
for possible intrusion.
25
The implication of this action is …
Confidentiality
26
You might not really care if a few postal
employees read a postcard or two, but would you
care if every piece of mail you received were
paraded in plain view past each person that lives
between post office and your home?
On internetworking, email, data transfer via FTP
and www requests may be handled by intervening
networks and devices and anyone with access to
them, authorized or not, can read the
data/messages.
Layered Protocol Models
Sender
Identify
Recipient
Identity
Message
Data
27
Message
Length
A layered protocol stack
Layer N
Layer N-1
Layer 2
Layer 1
28
Protocol enveloping
29
Each layer in a protocol stack uses a unique and
well-defined message format for communicating
with its peer layers on other systems.
As message gets passed down from one layer to
the next, it is enveloped inside of another
message. A new envelop is added at each step.
After transmission across the network, the
protocol layers on the receiving system strip off
their respective envelopes (among other tasks).
The original message is passed to the highest
layer.
Protocol enveloping
30
Layered Architecture for Networks
31
OSI Reference Model
Internet’s TCP/IP Model
OSI Reference Model
OSI reference model is an abstract model,
one that defines services and protocols
that deliver the services.
It does not specify the following:
programming language bindings
operating system bindings
Application interface issues
user interface issues
32
OSI Reference Model
Application
related
services
Application
Presentation
Session
Transport
Network
Data Link
Physical
33
Network
related
services
Internet TCP/IP Model
Application
Transport
(TCP, UDP)
Network (IP)
Data Link
Physical
34
Network Layer - IP
The primary protocol in use at the network layer
is the internet protocol (IP)
4-bit
4-bit
8 bit
Version header length type of service
16 bit
3 bit
Identification
flags
8-bit
8-bit
time to live
protocol
16-bit
Total Length
13 –bit
fragment offset
16-bit
header checksum
32-bit Source address
32-bit Destination address
Options(if any) and padding
Data (variable length)
35
Aside - IP
36
Internet Control Message Protocol (ICMP)
influences and somewhat controls the behavior
of the IP layer, while actually using IP services to
perform its tasks.
ICMP monitors and communicates network
control information between network participants.
The IP layer also is impacted by special routing
protocols like Routing Information Protocol (RIP),
Internet Group Management Protocol (IGMP),
Open Shortest Path First (OSPF) and Border
Gateway Protocol (BGP).
Transport layer – TCP & UDP
37
Transmission control protocol –
connection oriented, full-duplex service
User datagram protocol – lightweight
connectionless service.
TCP segment
16-bit
Source port number
16-bit
Destination port number
32-bit Sequence number
32 bit acknowledgement number
4-bit
Header len
6-bit
6-bit
Reserved Flags
16-bit
TCP Checksum
16-bit
Window Size
16-bit
Urgent pointer
Options(if any) and padding
Data (variable length)
38
UDP datagram
16- bit
Source Port Number
16-bit
Length
16-bit
Destination Port Number
16-bit
Checksum
Date (variable length, if any)
39
Application Layer
40
This layer’s protocol is defined by the
application.
An application engages network services
from the TCP or UDO transport layers
through one of several APIs, such as
Berkeley Sockets on BSD and Transport
Layer Interface (TLI) on System V.
Protocol enveloping in the TCP/IP
41
TCP/IP protocol suite
Application
FTP, SMTP, HTTP, etc
TCP
UDP
ICMP
IP
Data Link
Ethernet, Token Ring, FDDI, etc
Physical
42
Security in layered IP
Security at the IP layer is related to the
layer’s function of end-to-end datagram
delivery.
The security weakness are:
Network snooping
Message replay
Message alteration
Message delay and denial
Authentication issues
Routing attacks
43
Network Snooping
44
Attacker observes network traffic without
disturbing the transmission (passive) –
commonly known as snooping or sniffing.
Commonly snooped are user passwords.
Sniffing software works by placing a
system’s network interface into
promiscuous mode.
Systems like Unix require superuser or
system-level privileges to access the
network promiscuously.
Message Relay
Relaying the message to another host
and it accepts as if it is trusted.
Example: transfer of password files in a
networked unix systems.
45
Message alteration
46
Message means the payload of the IP
datagram, the router performs routine
modifications to the IP datagram header,
and sometimes fragments a datagram into
several smaller ones (when the length
exceeds a limit allowed by the underlying
data link layer).
No need to suspect message alteration,
but techniques such as check sum are not
sufficient.
Message Delay and Denial
By gaining authorised control of a router
or routing host, then modifying executable
code or routing and screening rules used
by the code.
need to apply proper authentication and
access mechanisms to the routing systems.
By overwhelming a routing device, or one
of the communication end systems, with
an inordinate amount of network traffic.
easy to detect but difficult to prevent!
47
Authentication issues
Authentication at the IP layer is concerned
with the identify of computer systems.
IP address are software configurable and
the mere possession (or fraudulent use) of
one enables communication with other
systems.
Two such techniques to do this are
address masquerading
address spoofing
48
Address Masquerading
49
Address Spoofing
Also known as TCP sequence number
attack.
First need to understand how the threeway TCP handshake protocol works.
hanshake means- an assertion that indicates
one party’s readiness to send or receive data.
When two systems share a hardware
connection, two-way handshake is enough.
Since TCP rides on IP – an unreliable,
connectionless protocol – a three-way
handshake is required.
50
Handshake in TCP
SYN+ISN A
SYN+ISN B+ ACK(ISNA)
Machine A
Machine B
ACK(ISNB)
Application
51
SYN – synchronize request
ISN - Initial sequence number
ACK – acknowledgement for the ISN
Data