Transcript Lecture11
INTERNET Security
COMPUTER, NETWORK &
INTERNET SECURITY
Cryptography & Secure Transactions
Cryptography
Encrypt before sending, decrypt on receiving (plain
text and cipher text)
Cryptography & Secure Transactions
Cryptography
All cryptosystems are based only on three Cryptographic
Algorithms:
Message Digest (MD2-4-5, SHA, SHA-1, …)
Maps variable length plaintext into fixed length ciphertext
No key usage, computationally infeasible to recover the plaintext
Private KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)
Encrypt and decrypt messages by using the same Secret Key
PUBLIC KEY (DSA, RSA, …)
Encrypt and decrypt messages by using two different Keys:
Public Key, Private Key (coupled together)
Cryptography & Secure Transactions
Cryptography
Two components: key, and the algorithm
Algorithms are publicly known and Secrecy is in the
Key
Key distribution must be secure
Plaintext
Hello World
Encryption
Key
Ciphertext
&$*£(“!273
Decryption
Key
Plaintext
Hello World
Cryptography & Secure Transactions
Cryptography
Symmetric Key Cryptography (DES, Triple DES,
RC4): KE = KD
Asymmetric Key Cryptography (RSA): KE KD
Cryptography & Secure Transactions
Private Key Cryptography
The Sender and Receiver share the same Key which
is private
Plaintext
Encryption
Ciphertext
Sender/Receiver’s
Private Key
Decryption
Plaintext
Sender/Receiver’s
Private Key
Cryptography & Secure Transactions
Public Key Cryptography
Both the Sender and Receiver have their Private Key
and Public Key
Messages are encrypted using receiver’s Public Key
and the receiver decrypts it using his/her Private
Key
Plaintext
Encryption
Ciphertext
Receiver’s Public Key
Decryption
Plaintext
Receiver’s Private Key
Cryptography & Secure Transactions
Digital Signature
Message
Digest
Algorithm
Hash Function
Digest
Private Key
Message
Digest
Algorithm
Hash Function
Public Key
Encryption
Decryption
Signature
Expected
Digest
Actual
Digest
Cryptography & Secure Transactions
Digital Certificate
Secure HTTP (HTTPS) communication is done using
Public Key Cryptography
The public Keys are distributed using Digital
Certificates
Digital Certificates contain the Public Key and is
digitally signed by a trusted Certificate Authority
(CA) like Verisign or Thawte
Cryptography & Secure Transactions
Digital Certificate
CERTIFICATE
Issuer
Subject
Subject Public Key
Issuer
Digital
Signature
Cryptography & Secure Transactions
SET Architecture
End
User
Credit
Card
Company
Web Site
Payment
Gateway
QUESTIONS?
INTERNET Security
INTERNET Security Threats
Hacking
DoS
Reconnaissance
Malware
Mail SPAM
Phishing
Botnets
INTERNET Security
Hacking
Unauthorized Access: From a small few thousand
Rupees fraud using somebody’s Credit Card to
Bringing down the economy by hacking into share
market online trading servers
Intruders will take advantage of hidden features or
bugs to gain access to the system.
Common types of Hacking attacks include:
Buffer Overflow attack to get root access
SSH Dictionary attack to get root access
Defacing website using apache vulnerabilities
Installing malicious codes
INTERNET Security
DoS
Denial of Service (DoS) attempts to collapse the
service or resource to deny access to anyone.
Common types of DoS attacks:
ICMP Flooding
TCP SYN Flooding
UDP Flooding
Distributed Denial Of Service Attacks (DDOS) can be
defined as a denial of service attack with several
sources distributed along the Internet that focuses
on the same target.
INTERNET Security
Reconnaissance
Reconnaissance attacks include
Ping Sweeps
DNS zone transfers
TCP or UDP port scans
Indexing of public web servers to find cgi holes
INTERNET Security
Malware
The Wikipedia definition of Malware is:
“Malware is software designed to infiltrate or
damage a computer system without the owner's
informed consent. It is a blend of the words
“malicious” and “software”. The expression is a
general term used by computer professionals to
mean a variety of forms of hostile, intrusive, or
annoying software or program code.”
Different types of Malware are Viruses, Worms,
Trojan Horses, Adwares, Spywares and any other
malicious and unwanted software.
INTERNET Security
Malware: Virus
A computer virus is a self-replicating Computer
Program written to alter the way a computer operates,
without the permission or knowledge of the user.
It can damage the computer by damaging programs,
deleting files, or reformatting the hard disk. It is a small
piece of software that piggybacks on real programs.
For example, a virus might attach itself to a program
such as a spreadsheet program. Each time the
spreadsheet program runs, the virus runs, too, and it
has the chance to reproduce by attaching to other
programs and wreak havoc.
Viruses usually need human action to replicate and
spread.
INTERNET Security
Malware: Worms
A computer worm is a self-replicating Computer program.
It uses a network to send copies of itself to other systems
and it may do so without any user intervention.
Unlike a virus, it does not need to attach itself to an
existing program.
Worms always harm the network (if only by consuming
bandwidth), whereas viruses always infect or corrupt files
on a targeted computer.
Today, worms are most commonly written for the
Windows OS, although a small number are also written for
Linux and Unix systems.
Worms work in the same basic way: they scan the
network for computers with vulnerable network services,
break in to those computers, and copy themselves over.
INTERNET Security
Malware: Trojan
A Trojan horse is a malicious program that is
disguised as or embedded within legitimate software.
Broadly speaking, a Trojan horse is any program that
invites the user to run it, but conceals a harmful or
malicious payload.
The payload may take effect immediately and can
lead to many undesirable effects, such as deleting all
the user's files, or more commonly it may install further
harmful software into the user's system to serve the
creator's longer-term goals.
INTERNET Security
Malware: Spyware
Spyware is a general term used for software that performs
certain behaviors such as advertising, collecting personal
information, or changing the configuration of your computer,
generally without appropriately obtaining your consent.
Spyware is often associated with software that displays
advertisements (called adware) or software that tracks personal or
sensitive information.
Other kinds of spyware make changes to your computer that can
be annoying and can cause your computer slow down or crash.
There are a number of ways spyware or other unwanted software
can get on your system. A common trick is to covertly install the
software during the installation of other software you want such
as a music or video file sharing program.
INTERNET Security
Mail Spam
Email that has been unsolicited, with no meaningful
content to the receiver
– Advertising
– Research
– Fraud / Schemes
– Viruses
(40% email is spam)
Spam are generated using
– Open Mail Relays
– Spammer Viruses & Trojans
– Botnets
INTERNET Security
Phishing
Scam to steal valuable information such as credit
cards, social security numbers, user IDs and
passwords.
Official-looking e-mail sent to potential victims
Pretends to be from their ISP, retail store, etc.,
Due to internal accounting errors or some other pretext, certain
information must be updated to continue the service.
Link in e-mail message directs the user to a Web
page
Asks for financial information
Page looks genuine
Easy to fake valid Web site
Any HTML page on the real Web can be copied and modified
The location of the page is changed regularly
INTERNET Security
Botnets
Bots are compromised machines which
executing malicious codes installed in them
A botnet is a
computers—bots
collection
of
are
compromised
They have become the major sources of Spam,
Malwares, DoS attacks etc.
QUESTIONS?
INTERNET Security
Prevention Techniques
Some of the prevention tools include:
Network Firewall
Host Firewall
IDS/IPS
Mail Antispam and Antivirus Appliances
UTM Appliances
Application and OS Hardening
Firewall
Firewall Basic Setup
Internet
Application
Web Server
Database
Firewall
Firewall
Firewall Rules
IP Address of Source (Allow from Trusted Sources)
IP Address of
Destinations)
Destination
(Allow
to
trusted
Application Port Number (Allow Mail but restrict
Telnet)
Direction of Traffic (Allow outgoing traffic but
restrict incoming traffic)
Linux Security
Firewall Rules
To allow incoming and outgoing SMTP traffic:
Direction
1. outbound
2. inbound
3. inbound
4. outbound
5. *
Prot
TCP
TCP
TCP
TCP
*
Src
Dest
Addr Addr
internal external
external internal
external internal
internal external
*
*
Dest
Port
25
>=1024
25
>=1024
*
Src
Port
>=1024
25
>=1024
25
*
Action
allow
allow
allow
allow
deny
Firewall
Firewall Implementation
Hardware Firewall: Dedicated Hardware Box (Cisco
PIX, Netscreen )
Software
Firewall: Installable
(Checkpoint)
on
a
Server
Host OSs (Windows XP/Linux) also provide
software firewall features to protect the host
Linux Security
LINUX Firewall
Use GUI (Applications ->System Settings->
Security Level) to activate the firewall
Allow standard services and any specific port
based application
All other services and ports are blocked
Linux Security
LINUX Firewall
IDS/IPS
IDS
An intrusion detection system is used to detect all
types of malicious network traffic and computer
usage that can't be detected by a conventional
firewall.
It detects network attacks against vulnerable
services, data driven attacks on applications, host
based attacks such as privilege escalation,
unauthorized logins and access to sensitive files,
and malware (viruses, trojan horses, and worms).
IDS/IPS
IDS/IPS – What They Will Do
IDS/IPS use intrusion signatures to identify the
intrusion.
Detect and Block Network and Application Scans
Against a Network - Powerful Capability in
Anticipating an Attack
Block Nearly all Forms of Denial of Service Attacks
in Real Time
Completely Stop Brute Force, Password Cracks,
Dictionary Attacks, etc.
Block Virus & Worm Propagation
Provide URL filtering and block Spyware
IDS/IPS
Antispam Firewall
Antispam Techniques include
DNS Black List
DNS Reverse Lookup (PTR) check
Subject & Body content
SMTP Callback
Rate Limiting
Personal Whitelist and Blacklist
UTM
UTM
UTM incorporates firewall, intrusion detection and
prevention, Anti Spam and Anti Virus in one highperformance appliance
Host Hardening
Host Hardening
Web application hardening
Outbound filtering
Host hardening
Application and OS Patching
QUESTIONS?
INTERNET Security
WLAN Security
INTERNET Security
WLAN Security
WLANs create a new set of security threats to
enterprise networks such as
– Sniffing
– Rogue APs
– Mis-configured APs
– Soft APs
– MAC Spoofing
– Honeypot APs
– DoS
– Ad hoc Networks
INTERNET Security
WLAN Security
Techniques used to secure WLANs include
– Do not broadcast SSID,
– Use encryption (WEP, 802.1x)
– Use WLAN Firewalls
INTERNET Security
WLAN Firewall
QUESTIONS?