what are the three "core/key skills"?
Download
Report
Transcript what are the three "core/key skills"?
COMP3123
Internet Security
Richard Henson
University of Worcester
November 2010
Week 7: Communications:
Securing LAN–LAN data using
VPNs and secure protocols
Objectives:
Relate Internet security problems to the TCP/IP
protocol stack
Explain Internet security solutions that use the
principles of a VPN
Explain Internet security solutions at OSI levels
above IP routing
Security and the OSI layers
Actually 7 layers in original OSI model…
Unix TCP/IP leaves out level 1 (physical) level
2 (data link), and level 5 (session)
TELNET
FTP
SMTP
NFS
TCP (transport)
DNS
UDP
IP (network)
SNMP
TCP/IP and the Seven Layers
screen
lower layers are required to interface
with IP to create/convert electrical
signals
upper layers interface with TCP to
produce the screen display
TCP
IP
hardware
TCP (Transport Control Protocol)
and IP (Internet Protocol) only
make up part (layers 3 & 4) of the
seven layers
Each layer interface represents
a potential security problem…
Intranets
Definition:
An in-house Web site that serves the employees
of the enterprise. Although intranet pages may
link to the Internet, an intranet is not a site
accessed by the general public.
Achieved by organisations using http to
share data in a www-compatible format
Implemented as:
single LAN with a web server
several interconnected LANs
» cover a larger geographic area
» use secure user authentication
» use secure data transmission system
Extranets
Definition:
organisational web sites for employees and existing
customers rather than the general public
An extension of the Intranet to cover selected trusted
“links”
e.g. for an organisation the “trusted” links might be to
customers and business partners
uses the public Internet as its transmission system, but
requires passwords to gain access
Can provide access to:
paid research
current inventories
internal databases
OR virtually any information that is private and not published
for everyone
Issues in creating an Extranet
As with the Intranet, use of public networks
means that security must be handled through
the appropriate use of secure authentication
and transmission technologies…
Private leased lines between sites do not
need to use http, etc.
therefore more secure, but expensive (BALANCE)
If using the Internet…
can use client-server web applications across
different sites
BUT security issues need resolving
Securing Authentication
through Extranets
Kerberos and trusted domains…
Windows 2000 Solution:
Potential security problem…
several TCP ports used for e.g. Kerberos
authentication when establishing a
session…
Solution:
firewall configured to allow relevant ports
to be opened only for “trusted” hosts
Securing Sharing of Data
through Extranets
An Extranet client uses the web server &
browser for user interaction
standard level 7 www protocol to display html
data
Raw HTML data will pass through the firewall
to the Internet
could be “sensitive” for the organisation…
Under IETF guidance, developers came up
with RFCs for a secure version of http…
standardised as http-s (secure http)
The Internet generally uses IP
- HOW can data be secured?
2010: more than 600 million hosts!
Securing the Extranet
Problem:
IP protocol sends packets off in different directions according to:
» destination IP address
» routing data
packets can be intercepted/redirected
Solution:
secure level 7 application layer www protocols developed
» https: ensure that pages are only available to authenticated users
» ssh : secure download of files
» sftp: as above
secure level 4 transport (TLS) protocol to restrict use of IP
navigation to only include secure sites
Protection against interception at lower OSI layers
Virtual Private Networks: use of level 2 & 3
SSH (Secure Shell)
Designed 1995, University of Helsinki, for
secure file transfer SSH-1
server listens on TCP port 22
runs on a variety of platforms
Enhanced version SSH-2
using the PKI
including digital certificates
RFC 4252 – recent, 2006
By contrast, Telnet and FTP:
can use authentication
BUT DO NOT use encrypted text…
Secure http (http-s)
IETF set up WTS (Web Transaction Security)
in 1995 to:
look at proposals for a secure version of http
ensure secure embedding of any emerging
protocol with HTML
Proposals agreed in 1999
defined as:
» RFC #2659 – secure HTML documents
» RFC #2660 – the secure protocol itself
More about Secure http
Modification of http:
works with Netscape’s SSL/TLS and the PKI
ensures security of HTML data sent through the
Internet
When a browser requests a web page…
normally, just downloaded
HOWEVER, if the page is held on a HTTP-S
server it must be downloaded using the https
protocol
» will ONLY be downloaded and displayed if its URL has
been authenticated and certificated
Authentication handled by a PKI-affiliated
body (e.g. Verisign)
therefore considered to be very secure
SSL (Secure Sockets Layer)
Developed by Netscape in 1995
so browsers could participation in secure Internet
transactions
soon became most commonly used protocol for ecommerce transactions
still not been accessed by hackers (so far…)
Excellent upper layer security:
RSA public key en/decryption of http packets at
the session layer (OSI 5) before sending/after
receiving between Internet hosts
PKI-compatibility means that digital certificates are
supported as well
Extending SSL
SSL standard submitted by Netscape to
IETF for further development
working party set up in 1996
worked with Netscape to standardise SSL v3.0
» RFC draft same year
agreed standard RFC #2246: TLS (Transport
Layer Security)
TLS was the result of IETF development of
components of Netscape’s SSL lower down
the OSI layers
» SSL – level 5
» TLS – level 4
Secure HTTP, SSL and TLS
Together, HTTPS/SSL/TLS can provide
a secure interface between TCP (level
4) and HTML (level 7)
very secure conduit for message transfer
across the Internet…
VPNs: restricted use of the
Physical Internet
VPN shown in green
VPNs
(Virtual Private Networks)
Two pronged defence:
physically keeping the data away from unsecured
servers…
» several protocols available for sending packets along a
pre-defined route
data encapsulated and encrypted so it appears to
travel as if on a point-point link but is still secure
even if intercepted
Whichever protocol is used, the result is a
secure system with pre-determined pathways
for all packets
Principles of VPN protocols
The tunnel - where the private data is
encapsulated
The VPN connection - where the private
data is encrypted
Principles of VPN protocols
To emulate a point-to-point link:
data encapsulated, or wrapped, with a header
» provides routing information
» allows packets to traverse the shared public network to its
endpoint
To emulate a private link:
data encrypted for confidentiality
Any packets intercepted on the shared
public network are indecipherable without
the encryption keys…
Potential weakness of the VPN
Once the data is encrypted and in the tunnel it is very secure
BUT
to be secure, it MUST be encrypted and tunnelled throughout its
whole journey
if any part of that journey is outside the tunnel…
» e.g. network path to an outsourced VPN provider
» obvious scope for security breaches
Using a VPN as part of an
Extranet
Using a VPN for point-to-point
Using a VPN to connect a
remote computer to a Secured
Network
VPN-related protocols offering
even greater Internet security
Two possibilities are available for
creating a secure VPN:
Layer 3:
» IPsec – fixed point routing protocol
Layer 2 “tunnelling” protocols
» encapsulate the data within other data before
converting it to binary data:
PPTP (Point-point tunnelling protocol)
L2TP (Layer 2 tunnelling protocol)
IPsec
First VPN system
defined by IETF RFC 2401
uses ESP (encapsulating security protocol) at the IP
packet level
IPsec provides security services at the IP layer
by:
enabling a system to select required security protocols
(ESP possible with a number of encryption protocols)
determining the algorithm(s) to use for the chosen
service(s)
putting in place any cryptographic keys required to
provide the requested services
More about IPSec in practice
Depends on PKI for authentication
both ends must be IPSec compliant, but not the
various network systems that may be between
them…
Can therefore be used to protect paths
between
a pair of hosts
a pair of security gateways
a security gateway and a host
Can work with IPv4 and IPv6
PPTP
Sponsored by Microsoft
proposal submitted for consideration by IETF
Extension of PPP
Uses PPP authentication and Microsoft’s own
encryption
allow organisations to extend their own corporate
network by using private “tunnels” over public
Internet
effectively using WAN as a single large LAN
Claimed to provide a secure connection over
public networks
but not universally accepted as secure…
L2TP
Microsoft hybrid of:
their own PPTP
CISCO’s L2F (layer 2 forwarding)
With L2TP, IPSec is optional:
like PPTP:
» it can use PPP authentication and access controls (PAP
and CHAP!)
» It uses NCP to handle remote address assignment of
remote client
as no IPSec, no overhead of reliance on PKI
Implementation of
Secure HTTP
Like http, http-s is a client-server protocol
Server end:
» PKI-compliant Web Server configured to provide
https access
» valid server certificate to authenticate server to
client
Client end
» browser needs to be able to identify &
authenticate secure http traffic:
URL header https://
“lock” sign at bottom of screen
Configuring a Web Server
for https…
Any properly configured web server will offer
unsecured links to many www pages (http)
A secure web server can ADDITIONALLY
offer secure links to specified folders (https)
BUT… it must first acquire that PKI server
certificate from e.g. Verisign or an affiliate…
the server certificate needs to be viewable by a
client browser to verify trust in the web page
provider
IIS Configuration to support
SSL and https
A “wizard” drives the whole process
need administrator access to IIS in “webserver”
mode
access the “directory security” tab
click on “server certificate”…
» and the process begins
Once IIS has downloaded & installed that
server certificate, developments of a secure
website can begin in specific folders
Web Server Configuration
for client-end https
IF the webserver is properly configured for
https…
IS username/password protected
HAS a Server Certificate…
» viewable by client browsers not revoked or out of date
THEN, via username/password authentication
browser will allow https access via the web
“lock” symbol appears below the web page display
» click on “lock” symbol for server certificate details
Otherwise, a “not authorised” message will be
displayed
The Server Certificate
Both encryption and identity checking require
the owner of the server to obtain and install a
Digital SSL (Server) Certificate
more expensive than a personal certificate
Verisign again a suitable source…
SSL Certificate has to be:
downloaded from source website
installed onto the relevant web server
authenticated by a named individual
(administrator?) at the server end
Ways to “sign” an SSL Certificate
Three possibilities:
Commercial
» usually recognised silently by browsers, with no pop-up or alert
Self-signing
» almost always produce an alert on the browser
» shows the identity asserted (but not proved) by the server
owner
» the user is likely to be offered the option to recognise this
certificate in future (effectively silencing the alert)
Organisation-signed
» also likely to result in an alert that names the organisation
» an organisation with an existing relationship with most of its
users can instruct them to configure their browsers to silently
recognise certificates signed by their own organisation