Chapter 1 - Introduction

Download Report

Transcript Chapter 1 - Introduction

Computer Networks and Internets, 5e
By Douglas E. Comer
Lecture PowerPoints
By Lami Kaya, [email protected]
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
1
Chapter 30
Network Security
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
2
Topics Covered
•
•
•
•
•
•
•
•
•
•
•
30.1 Introduction
30.2 Criminal Exploits and Attacks
30.3 Security Policy
30.4 Responsibility and Control
30.5 Security Technologies
30.6 Hashing: An Integrity and Authentication Mechanism
30.7 Access Control and Passwords
30.8 Encryption: A Fundamental Security Technique
30.9 Private Key Encryption
30.10 Public Key Encryption
30.11 Authentication with Digital Signatures
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
3
Topics Covered
•
•
•
•
•
•
•
•
•
30.12
30.13
30.14
30.15
30.16
30.17
30.18
30.19
30.20
Key Authorities and Digital Certificates
Firewalls
Firewall Implementation with a Packet Filter
Intrusion Detection Systems
Content Scanning and Deep Packet Inspection
Virtual Private Networks (VPNs)
The Use of VPN Technology for Telecommuting
Packet Encryption Vs. Tunneling
Security Technologies
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
4
30.1 Introduction
• This chapter
– considers the important aspect of network security
– describes types of crime that have been perpetrated over the
Internet
– discusses key aspects of security
– explains technologies used to increase network security
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
5
30.2 Criminal Exploits and Attacks
• Whenever a new technology appears, criminals ask how
they can use the technology to commit crimes
• Internet has been used for criminal activities
• Businesses are especially concerned with threats to the
long-term viability of the company
– All following are important to a business
•
•
•
•
damage to reputation
loss of customer confidence
stolen intellectual property
and prevention of customer access are
• Several questions arise regarding security:
–
–
–
–
What are the major Internet security problems and threats?
What technical aspects of protocols do criminals exploit?
What are the key aspects of security?
What technologies are available to help increase security?
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
6
30.2 Criminal Exploits and Attacks
• Figure 30.1 (below) summarizes some of the major security
problems that exist on the Internet
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
7
30.2 Criminal Exploits and Attacks
• It is important to distinguish between
– a conventional crime that is committed using the Internet in an
incidental way
– and a crime that is specific to the Internet
• Most widespread crimes experienced on the Internet are
conventional crimes that happen to use the Internet:
– false advertising of some goods offered in an auction
– failure to deliver goods purchased
• Our discussion will focus on the following:
– ways that criminals exploit technology and the technologies that
have been created to make crime more difficult or expensive
• Figure 30.2 lists specific techniques that attackers use
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
8
Figure 30.2
Techniques
used in
security
attacks
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
9
30.2 Criminal Exploits and Attacks
Wiretapping
– An unauthorized third party can listen to an ongoing conversation
taking place between two legitimate parties
– Conversation scripts/data can be captured
– Captured data can be used in replay attacks
– Wiretapping is especially easy when packets travel across a wireless
LAN because a physical connection is not required
• anyone within range of the transmission can capture a copy of each packet
Packet Interception
– Someone can launch man-in-the-middle attacks
– An intermediary can modify packets as they pass from source to
destination
– Packet interception has the greatest potential for damage
– Figure 30.4 illustrates the concept
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
10
30.2 Criminal Exploits and Attacks
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
11
30.2 Criminal Exploits and Attacks
Spoofing
• Attacks are used to impersonate a trusted host
• Impersonation allows an adversary to launch various attacks
• As an example, consider address spoofing in ARP:
– an attacker broadcasts an ARP reply that binds an arbitrary IP
address, A, to the attacker's MAC address
– when any host on the network sends a packet to A, the packet will be
forwarded to the attacker instead
• Other forms of spoofing involve using a routing protocol to
send incorrect routes
– Such as sending a DNS message that stores an incorrect binding in a
DNS server
– It can use a slight misspelling of a well-known domain to give a user
the impression that they have reached a trusted site (phishing attacks)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
12
30.2 Criminal Exploits and Attacks
Denial of Service (DoS)
– flooding a host (usually a web server) with a stream of packets
• An attacker can effectively consume all resources, meaning
– other users experience long delays
– legitimate users have their connections rejected
• Distributed Denial of Service (DDoS)
– a large set of hosts throughout the Internet each send a stream of
packets, and bring down a server
• Figure 30.3 illustrates the concept
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
13
30.2 Criminal Exploits and Attacks
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
14
30.2 Criminal Exploits and Attacks
SYN flooding
• A specific technique used to deny service
• Each incoming packet contains a TCP SYN message
– that requests a new TCP connection
• A receiver allocates a TCP control block for the connection
–
–
–
–
Sends a SYN + ACK
And waits for a response
Eventually, all control blocks are allocated
And no further connections can be opened
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
15
30.3 Security Policy
• What is a secure network?
– The concept of a secure network is appealing to most users
– Networks cannot be classified simply as secure or not secure
– The term is not absolute
• each organization defines the level of access that is permitted or denied
• An organization must take precautions to achieve a secure
system is to define the organization's security policy
– The policy does not specify how to achieve protection
– It states clearly and unambiguously the items that are to be protected
• Security policies are complex
– They involve human behavior as well as computer/network facilities
– Assessing the costs and benefits of various security policies also
adds complexity
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
16
30.3 Security Policy
• An organization should consider the following:
• Integrity
– refers to protection from change
– Is the data that arrives at a receiver identical to the data that was
sent?
•
Availability
– refers to protection against disruption of service
– Does data remain accessible for legitimate uses?
•
Confidentiality
– refers to protection against unauthorized data access
– Is data protected against unauthorized access?
•
Privacy
– refers to the ability of a sender to remain anonymous
– Is the sender's identity revealed?
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
17
30.4 Responsibility and Control
• An organization must specify exactly how responsibility for
information is assigned or controlled
• The issue of responsibility for information has two aspects
• Accountability
– refers to how an audit trail is kept: which group is responsible for
each item of data?
– How does the group keep records of access and change?
•
Authorization
–
–
–
–
refers to responsibility for each item of information
How is such responsibility delegated to others?
Who is responsible for where information resides?
How does a responsible person approve access and change?
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
18
30.4 Responsibility and Control
• The critical issue underlying both accountability and
authorization is control
– an organization must control access to information
• analogous to the way the organization controls access to physical resources
• A key aspect of control concerns authentication
– refers to validation of identity
• The authorization policy is meaningless unless the
organization has an authentication mechanism
– that distinguishes between a visitor and an employee
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
19
30.5 Security Technologies
• Many security products exist
– that perform a variety of functions for both individual computers and
a set of computers in an organization
• Figure 30.5 (below) summarizes the techniques
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
20
30.6 Hashing: An Integrity and
Authentication Mechanism
• Earlier, we discussed parity bits, checksums, and CRCs
– used to protect data against accidental damage
• Additional mechanisms need to guarantee the integrity of
messages against intentional change
– Message authentication code (MAC) is one of them
• Typical encoding use cryptographic hashing mechanisms
– One hashing scheme relies on a secret key
• known only to the sender and receiver
– The sender
• takes a message as input
• uses the key to compute a hash, H
• and transmits H along with the message
– H provides message authentication
• because a receiver knows a message that arrives with a valid hash is authentic
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
21
30.7 Access Control and Passwords
• Access control mechanism controls which users or
application programs can access data
– For example, some OSs implement an access control list (ACL) for
each object that specifies who is allowed to access the object
– In other systems, each user is assigned a password for each
protected resource
• When extending ACLs and passwords across a network
– steps must be taken to prevent unintentional disclosure
– steps must be taken to assure that passwords are not easy to guess
• because an attacker to automate attempts to break a password
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
22
30.8 Encryption:
A Fundamental Security Technique
•
Cryptography is a fundamental tool in security
– because it is used to guarantee data confidentiality
• A sender applies encryption to scramble the bits
– in such a way that only the intended recipient can unscramble them
• Someone who intercepts a copy of an encrypted message
will not be able to extract information
• The terminology used with encryption defines following:
–
–
–
–
Plaintext
 original message before it has been encrypted
Cyphertext  a message after it has been encrypted
Encryption key  a short bit string used to encrypt a message
Decryption key  a short bit string used to decrypt a message
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
23
30.8 Encryption:
A Fundamental Security Technique
• Mathematically, we think of encryption as a function,
encrypt, that takes two arguments:
– a key, K and a plaintext message to be encrypted, M
• The function produces an encrypted version of the message,
cyphertext C:
• A decrypt function reverses the mapping:
– Decryption may or may not use the same key as encryption
– Mathematically, decrypt is the inverse of encrypt :
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
24
30.9 Private Key Encryption
• Encryption technologies can be divided into two broad
categories that are defined by the way they use keys:
– Private Key
– Public Key
• In a private key system
– The name arises because the key must be kept secret (private)
– Each pair of communicating entities share a single key
• that serves as both an encryption key and decryption key
– Private key systems are symmetric
• each side can send or receive messages using the same key
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
25
30.10 Public Key Encryption
• A public key system assigns each entity a pair of keys
– The private key, is kept secret
– The public key, published along with the name of the user
• A message encrypted with the public key cannot be decrypted except with
the private key
• and a plaintext message encrypted with the private key cannot be decrypted
except with the public key
• The relationship between encryption and decryption with the
two keys can be expressed mathematically:
where public_u1 denote user 1’s public key, and private_u1 denote user 1’s private key
• Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
© 2009
26
30.10 Public Key Encryption
• Figure 30.6 (below) illustrates why a public key system is
classified as asymmetric
– by showing the keys used to encrypt messages sent in each direction
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
27
30.10 Public Key Encryption
• Revealing a public key is safe
– because the functions used for encryption and decryption have a
one-way property
– telling someone the public key does not allow the person to forge a
message that is encrypted with the private key
• Public key can be used to guarantee confidentiality
– Obtaining a copy of the cyphertext as it passes across the network
does not enable someone to read the contents
• because decryption requires the receiver's private key
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
28
30.11 Authentication with Digital Signatures
• An encryption mechanism can also be used to authenticate
the sender of a message
– The technique is known as a digital signature
• To sign a message
– Sender encrypts the message using a key known only to the sender
– The recipient uses the inverse function to decrypt the message
– The recipient knows who sent the message
• because only the sender has the key needed to perform the encryption
– To ensure that encrypted messages are not copied and resent later
• the message can contain the time and date that the message was created
• If a meaningful message results from decryption
– it must be true that the message was confidential and authentic
– the message must have reached its intended recipient
• because only the intended recipient has the correct private key
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
29
30.12 Key Authorities and Digital Certificates
• One of the fundamental questions in public key technology
– the way in which a public key is obtained
• Can a system be devised to distribute public keys?
– Of course, the distribution system must be secure
– If the public key given to a user is incorrect
• security is broken, and no further encryption can be trusted
– The problem is known as the key distribution problem
• Formation of a viable key distribution system has been an
obstacle to widespread adoption of public key systems
• Several key distribution mechanisms have been proposed
– including one that uses the DNS
– by knowing one key , namely the public key of a key authority, it is
possible to obtain other public keys in a secure manner
• Figure 30.7 illustrates the message exchange
– when a user decides to interact with a new web site, W
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
30
30.12 Key Authorities and Digital Certificates
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
31
30.13 Firewalls
• Term firewall is derived from the fireproof physical boundary
placed between two parts of a structure to prevent fire from
moving between them
• The technology helps protect an organization's computers and
networks from unwanted Internet traffic
• A firewall is placed between an organization and the Internet
– all packets entering/leaving the organization pass through the firewall
• Figure 30.8 (below) illustrates the placement of a firewall
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
32
30.13 Firewalls
• All traffic entering/leaving the organization should passes
through firewall
• The firewall implements the security policy and drops
packets that do not adhere to the policy
• The firewall itself must be immune to security attacks
• By placing a firewall on each external network connection,
an organization can define a secure perimeter
– that prevents outsiders from interfering with the organization's
computers
• A firewall has a key advantage over other security schemes:
• It centralizes control
– To provide security without a firewall, an organization must make
each of its computers secure
– All outside access can be restricted to a single computer
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
33
30.14 Firewall Implementation with a
Packet Filter
• A firewall can consist of a stand-alone device
– But most firewalls are embedded in a switch or router
• A firewall can be considered as a packet filter
– examines fields in each packet header
– decides whether to allow the packet to pass through the router or to
discard the packet
• A manager configures the packet filter
– by specifying which packets can pass in each direction
– It allows us to specify combinations of source/destination addresses
and services
• Figure 30.9 illustrates a firewall configuration for a site
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
34
Figure 30.9
Example firewall
configuration for a
site with three
servers, with an
asterisk used to
denote a wildcard
entry that matches
any value
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
35
30.15 Intrusion Detection Systems (IDS)
• An IDS monitors all packets arriving at a site
– and notifies the site administrator if a security violation is detected
• An IDS provides an extra layer of security awareness
– even if a firewall prevents an attack
– an IDS can notify the site administrator that a problem is occurring
• IDSs can be configured to watch for specific types of attacks
– For example, an IDS can be configured to detect a port scanning
• The chief difference between an IDS and a firewall is that
– an IDS includes state information
– an IDS can keep a history of packets
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
36
30.16 Content Scanning and Deep
Packet Inspection
• A firewall has a severe limitation:
• It only examines fields in a packet header
– That is, a firewall cannot test the payload of a packet
• Contents of packets are important, considering viruses
– One of the most common ways a virus is introduced into an
organization is through an email attachment
• How can a site prevent problems such as the installation of
a virus?
– The answer lies in content analysis
• There are two types of content analysis:
– File scanning
– Deep Packet Inspection (DPI)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
37
30.16 Content Scanning and Deep
Packet Inspection
File scanning
– In essence, a file scanner takes a file as input and looks for patterns
of bytes that indicate a problem
– For example, many virus scanners look for strings of bytes known as
a fingerprint, a company that sells a virus scanner
•
•
•
•
collects copies of viruses
places each in a file
finds sequences of bytes that are uncommon
and creates a list of all sequences
• Virus scanner software
– searches files on the user's disk to see if any file contains sequences
of bytes that match items on the list
• File scanning can make mistakes
– yy producing a false positive and/or a false negative
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
38
30.16 Content Scanning and Deep
Packet Inspection
Deep Packet Inspection (DPI)
• It operates on packets instead of files
– instead of examining the headers in packets that pass into the site
– a DPI mechanism also examines the data in the packet payload
• Note that DPI does not exclude header examination
– in many cases, the contents of a payload cannot be interpreted
without examining fields in the packet header
• Disadvantage of DPI is computational overhead
– The payload is not divided into fixed fields
• means that DPI mechanisms must parse contents during an inspection
• DPI mechanisms are limited to lower-speed networks
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
39
30.17 Virtual Private Networks (VPNs)
• VPN uses encryption to provide secure access to an
organization's intranet from remote sites
• Consider the interconnection alternatives:
• Private Network Connections
– An organization leases data circuits to connect its sites
– Each leased connection extends from a router at one of the
organization's sites to a router at another site
• Public Internet Connections
– Each site contracts with a local ISP for Internet service
– Data sent from one corporate site to another passes across Internet
• Figure 30.10 illustrates two possibilities for an organization
with three sites
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
40
30.17 Virtual Private Networks (VPNs)
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
41
30.17 Virtual Private Networks (VPNs)
• Leased circuit provides completely private circuit
– No other organization has access to a leased circuit
• so no one else can read the data that passes from one site to another
• Internet connections are low cost
– Unfortunately, the Internet cannot guarantee confidentiality
• a datagram passes across a shared networks
• A VPN combines the best of both approaches
– by using the Internet to transfer data among sites
– but taking additional steps to ensure that the data cannot be
accessed by outsiders
• In VPN
– instead of expensive leased connections, it uses encryption
• An organization can devote dedicated routers to the VPN
– use a firewall to prohibit the VPN routers from accepting any
unauthorized packets
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
42
30.18 The Use of VPN Technology for
Telecommuting
• VPN is popular among employees who telecommute
• Two forms of VPN can be considered:
– Stand-alone device
– VPN software
• Stand-alone device
– The organization issues an employee a physical device that is
sometimes called a VPN router
• the device connects to the Internet
• automatically establishes secure communication to a VPN server
• VPN software
– Stand-alone devices can be cumbersome for employees who travel
– In such cases, an organization can use VPN software
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
43
30.19 Packet Encryption Vs. Tunneling
• How should data be encrypted to travel across the Internet?
• There are three main options:
– Payload Encryption
– IP-in-IP Tunneling
– IP-in-TCP Tunneling
• Payload Encryption
– encrypts the payload area of a datagram
– leaves the header untouched
• IP-in-IP Tunneling
– keeps header information hidden as datagrams pass across the
Internet from one site to another
– the sending VPN encrypts the entire datagram
• including the header, and places the result inside another datagram
• Figure 30.11 illustrates the encapsulation
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
44
30.19 Packet Encryption Vs. Tunneling
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
45
30.19 Packet Encryption Vs. Tunneling
• IP-in-TCP Tunneling
– two parties establish a TCP connection, and then use the connection
to send encrypted datagrams
• Advantage of IP-in-TCP over IP-in-IP is reliable delivery:
– TCP insures that all datagrams sent between two sites arrive reliably
and in order
• Disadvantage of using IP-in-TCP is head-of-line blocking:
– all datagrams must be delivered in order
– if one TCP segment is lost or delayed, TCP cannot deliver data from
successive segments, even if they have arrived correctly
• There are some performance issues to be considered
– Latency
– Throughput
– Overhead and fragmentation
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
46
30.20 Security Technologies
• A variety of security technologies have been invented for use
in the Internet, such as:
• PGP (Pretty Good Privacy)
– applications can use to encrypt data before transmission
• SSH (Secure Shell)
– an application-layer protocol for remote login that guarantees confidentiality
• by encrypting data before transmission across the Internet
• SSL (Secure Socket Layer)
– uses encryption to provide authentication and confidentiality
– SSL software fits between an application and the socket API
• and encrypts data before transmitting over the Internet
•
TLS (Transport Layer Security)
– designed by the IETF as a successor to SSL
– both SSL and TLS are available for use with HTTPS
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
47
30.20 Security Technologies
• HTTPS (HTTP Security)
– combines HTTP with either SSL or TLS and a certificate mechanism
– provides users with authenticated, confidential communication
• IPsec (IP security)
– a security standard used with IP datagrams
– uses cryptographic techniques
• and allows the sender to choose authentication or confidentiality
• RADIUS (Remote Authentication Dial-In User Service)
– used to provide centralized authentication, authorization, and accounting
– RADIUS is popular with ISPs that have dialup users and with VPN
systems that provide access to remote users
• WEP (Wired Equivalent Privacy)
– It used for Wi-Fi wireless
• The protocol has several weaknesses
– a replacement WPA (Wi-Fi Protected Access) has been developed
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
48