Transcript COS 338_day18

COS 338
Day 18
DAY 18 Agenda

Second capstone progress report over due

Lab 5 graded


1 A, 2 B’s, 2 F’s and 1 non-submits
Assignment 5 Graded

2 A’s, 2 B’s and 2 non-submits

Lab 6 Due

Assignment 6 Posted


Monday November 14 is Road Trip To UM




Due November 17
http://www.umcs.maine.edu/~markov/seminarsf05.html
http://www.papert.org/
Meet by Physical Plant at 10:15, Van leaves promptly at 10:30 AM
Today we will begin finish discussing Security

Along with Security for windows XP (chap 9a)
Security Management
Figure 9-10: Digital Certificate
Authentication

Digital Certificate

User gets secret private key and non-secret public
key

Digital certificates give the name of a true party and
his or her public key
Figure 9-10: Digital Certificate
Authentication

Testing a Digital Signature

Applicant performs a calculation with his or her
private key

Verifier tests calculation using the public key
found in the true party’s digital certificate

If the test succeeds, the applicant must be the
true party
Figure 9-11: Testing a Digital Signature
Digital Certificate
Digital Signature
Name of True Party
Public Key of
True Party
Authentication
Digital Signature
Created with
Private Key of
Applicant.
Added to each
Message.
Figure 9-10: Digital Certificate
Authentication

Strong Authentication


The strongest method today
Expensive and Time-Consuming to Implement

Software must be added to clients and servers, and
each computer must be configured

Expensive because there are so many clients in a
firm
Figure 9-10: Digital Certificate
Authentication

Client Weaknesses

Sometimes, only server gets digital certificate

Client uses passwords or something else
Figure 9-11: Testing a Digital Signature

Verifier must test the digital signature with the
public key of the true party.

If the test succeeds, the applicant must have
the true party’s private key.

Only the true party should know this private
key; so the applicant must be the true party.
Figure 9-12: Biometric Authentication

Biometric Authentication

Based on bodily measurements

Promises to dramatically simplify authentication
Figure 9-12: Biometric Authentication

Fingerprint Scanning

Simple and inexpensive

Substantial error rate (misidentification)

Often can be fooled fairly easily by impostors

Dominates biometrics today
Figure 9-12: Biometric Authentication

Iris Scanners

Scan the iris (colored part
of the eye)

Irises are complex, so
strong authentication

Expensive

(Do NOT shine light in your
eyes; scanner is a
camera.)
Figure 9-12: Biometric Authentication

Face Recognition

Camera allows analysis of
facial structure

Can be done surreptitiously—
without the knowledge or
consent of person being
scanned

Very high error rate and easy
to fool
Figure 9-12: Biometric Authentication

Error Rates and Deception

Error and deception rates are higher than vendors
claim

Usefulness of biometrics is uncertain
Firewalls, IDSs,
and IPSs
Figure 9-13: Firewall Operation
Corporate Network
Permit (Pass)
Legitimate
Packet
Deny
(Drop)
Attack
Packet
Log File
Static
Packet
Filter
Firewall
The Internet
IP-H
TCP-H Application Message
IP-H
UDP-H Application Message
IP-H
ICMP Message
Arriving Packets
Figure 9-14: Access Control List (ACL) for
a Packet Filter Firewall

1. If destination IP address = 60.47.3.9 AND
TCP destination port = 80 OR 443, PASS


2. If ICMP Type = 0, PASS


[connection to a public webserver]
[allow incoming echo reply messages]
3. If TCP destination port = 49153 to 65535,
PASS

[allow incoming packets to ephemeral TCP port
numbers]
Figure 9-14: Access Control List (ACL) for
a Packet Filter Firewall

4. If UDP destination port = 49153 to 65535,
PASS


[allow incoming packets to ephemeral UDP port
numbers]
5. DENY ALL

[deny all other packets]
Figure 9-15: Stateful Firewall Default
Operation
Internally initiated
communication
is allowed.
Internal Host
X
Externally
initiated
communication
is stopped.
External
Host
Figure 9-16: Application Firewalls

Application Firewalls

Examine application layer messages in packets

Packet filter firewalls and stateful firewalls do not
look at application messages at all

This makes them vulnerable to certain attacks
Figure 9-16: Application Firewalls

Application Fidelity

Requiring the application using a well-known port to
be the application that is supposed to use that port

For instance, if an application uses Port 80,
application firewall requires it to be HTTP, not a
peer-to-peer file transfer program or something else

This is called enforcing application fidelity
Figure 9-16: Application Firewalls

Limited Content Filtering

Allow FTP Get commands but stop FTP Put
commands

Do not allow HTTP connections to black-listed
(banned) websites

E-mail application server may delete all attachments
Figure 9-16: Application Firewalls

Antivirus Scanning

Few application firewalls do antivirus filtering

Packets also must be passed through separate
antivirus filtering programs
Figure 9-17: Defense in Depth with
Firewalls
Internet
Client
with
Host
Firewall
Software
Application
Firewall
e-mail,
HTTP,
etc.
Main
Firewall:
Stateful
Inspection
Firewall
Screening
Border
Router with
Packet Filter
Firewall
Software
Site
Figure 9-18: Firewalls
Hardened
Server
Allowed Legitimate
Packet
Internet
Firewall
Attacker
IDS
Legitimate
Packet
Hardened
Client PC
Network Management
Console
Log File
Internal
Corporate
Network
Legitimate
Host
Figure 9-18: Firewall
Hardened
Server
Internet
Firewall
IDS
Attack
Packet
Hardened
Client PC
Denied
Attack
Packet
Network Management
Log File
Console
Internal
Corporate
Network
Attacker
Legitimate
Host
Figure 9-18: Intrusion Detection System (IDS)
Hardened Server
Suspicious Packet
Suspicious
Packet
IDS
Hardened
Client
PC
Alarm
About
Suspicious
Packet
Network Management
Console
Log File
IDS
Internal
Corporate
Network
Attacker
Legitimate
Host
Figure 9-18: Intrusion Prevention Systems (IPSs)

Firewalls stop simple attacks

IDSs can identify complex attacks involving
multiple packets


But many false positives (false alarms)
Intrusion prevention systems (IPSs)

Like IDSs, can identify complex attacks

Unlike IDSs, also stop these attacks

Only allowed to stop clearer complex attacks
Figure 9-19: Cryptographic System
(SSL/TLS)
Applicant
(Customer Client)
without Digital Certificate
Verifier
(Merchant Webserver)
with Digital Certificate
Provides Protection at Transport Layer
Protects all Application Traffic
That is SSL/TLS-Aware (Mostly HTTP)
Figure 9-19: Cryptographic System
(SSL/TLS)
Applicant
(Customer Client)
without Digital Certificate
Verifier
(Merchant Webserver)
with Digital Certificate
1.
Negotiation of Security Options (Brief)
2.
Merchant Authenticates Self to Customer
Uses a Digital Certificate
Customer Authentication Is Optional and Uncommon
Figure 9-19: Cryptographic System
(SSL/TLS)
Applicant
(Customer Client)
without Digital Certificate
Verifier
(Merchant Webserver)
with Digital Certificate
3.
Client Generates Random Session Key
Client Sends to Server Encrypted by Merchant’s Public Key
4.
Ongoing Communication with Confidentiality
and Merchant Digital Signatures
Figure 9-19: Cryptographic System (SSL/TLS)

Perspective

Initial Hand-Shaking Phases
are Very Brief (Milliseconds)

The Last Phase (Ongoing
Communication) Is Almost
All Total Communication
Encryption for Confidentiality
Figure 9-20: Symmetric Key Encryption
and Public Key Encryption
Symmetric Key Encryption for Confidentiality
Symmetric
Key
Message Encryption
Method &
“Hello”
Key
Encrypted Message
Interceptor
Network
Party A
Party B
Encryption uses a
non-secret encryption method and
a secret key
Figure 9-20: Symmetric Key Encryption
and Public Key Encryption
Symmetric Key Encryption for Confidentiality
Symmetric
Key
Encrypted Message
Interceptor
Network
Party A
Encrypted Message
Interceptor cannot read
encrypted messages
Party B
Figure 9-20: Symmetric Key Encryption
and Public Key Encryption
Symmetric Key Encryption for Confidentiality
Symmetric
Key
Message Encryption
Method &
“Hello”
Key
Encrypted Message
Interceptor
Network
Party A
Encrypted Message
Receiver decrypts the message
Using the same encryption message
And the same symmetric key
Same
Symmetric
Key
Decryption Message
Method &
“Hello”
Key
Party B
Figure 9-20: Symmetric Key Encryption
and Public Key Encryption
Public Key Encryption for Confidentiality
Encrypt with
Party B’s Public Key
Party A
Encrypted
Message
Decrypt with
Party B’s Private Key
Note:
Four keys are used to encrypt
and decrypt in both directions
Decrypt with
Party A’s Private Key
Encrypted
Message
Party B
Encrypt with
Party A’s Public Key
Figure 9-21: Other Aspects of Protection

Hardening Servers and Client PCs

Setting up computers to protect themselves

Server Hardening
 Patch vulnerabilities
 Minimize applications running on each server
 Use host firewalls
 Backup so that restoration is possible
Figure 9-21: Other Aspects of Protection

Hardening Servers and Client PCs

Client PC Hardening

As with servers, patching vulnerabilities,
minimizing applications, having a firewall, and
implementing backup

Also, a good antivirus program that is updated
regularly

Client PC users often make errors or sabotage
hardening techniques
Figure 9-21: Other Aspects of Protection

Vulnerability Testing

Protections are difficult to set up correctly

Vulnerability testing is attacking your system yourself
or through a consultant

There must be follow-up to fix vulnerabilities that are
discovered
Incident Response
Dealing with attacks that succeed
Figure 9-22: Incident Response

Response Phases


Detecting the attack

If not detected, damage will
continue unabated

IDS or employee reports
are common ways to detect
attacks
Stopping the attack

Depends on the attack

Reconfiguring firewalls may
work
Figure 9-22: Incident Response

Response Phase

Repairing the damage

Sometimes as simple as running a cleanup
utility

Sometimes, must reformat a server disk and
reinstall software

Can be very expensive if the attacker has
done much damage
Figure 9-22: Incident Response

Response Phase

Punishing the attackers

Easier to punish
employees than remote
attackers

Forensic tools collect
data in a manner
suitable for legal
proceedings
Figure 9-22: Incident Response

Major Attacks and CSIRTs

Major attacks cannot be handled by the on-duty staff

On-duty staff convenes the computer security
incident response team (CSIRT)

CSIRT has people from security, IT, functional
departments, and the legal department
Figure 9-22: Incident Response

Disasters

Natural and attacker-created disasters

Can stop business continuity (operation)

Data backup and recovery are crucial for disaster
response

Dedicated backup facilities versus real-time
backup between different sites
Figure 9-22: Incident Response

Disasters

Business continuity recovery is broader

Protecting employees

Maintaining or reestablishing communication

Providing exact procedures to get the most
crucial operations working again in correct order
Topics Covered
Topics Covered

A Wide Variety of Attacks

Viruses and Worms

Hacking (Break-in)
 Scanning
 Break-In
 Exploitation (delete log files, create backdoors, do
damage)

Denial-of-Service (DoS) Attacks

Employee misuse of the Internet

Growing in frequency (and viciousness)
Topics Covered

A Wide Variety of Attackers

Traditional Attackers
 Wizard attackers
 Employees and Ex-Employees

Criminals (Exploding)

Cyberterrorists and National Governments
Topics Covered

A Management Issue, not a Technical Issue


Technology does not work automatically
Planning

Risk analysis

Comprehensive security

Defense in depth
Topics Covered

Authentication and Authorization

Authentication servers give consistency

Passwords (weak)

Digital signatures and digital certificates
 High security but difficult to implement

Biometric authentication
 Could eliminate passwords
 Error rates and deception
Topics Covered

Firewalls

Drop and log packets

Packet filter firewalls and ACLs

Stateful firewalls (dominate for main firewalls today)

Application firewalls filter application content
 Usually do NOT provide antivirus filtering

Defense in depth with multiple firewalls

IDSs to detect complex attacks

IPSs to stop some complex attacks
Topics Covered


Cryptographic Systems

Negotiate security parameters

Authentication

Key exchange

Ongoing communication (dominates)
SSL/TLS

Cryptographic system used in e-commerce

Protects HTTP communication
Topics Covered

Encryption for Confidentiality

Symmetric key encryption
 Both sides use the same symmetric key
 Dominates because fast and efficient

Public key encryption
 Each side has a secret private key and a nonsecret public key
Topics Covered


Hardening Servers and Client PCs

Patching vulnerabilities

Minimize applications

Host firewalls

Backup

Clients: antivirus filtering (users may sabotage)
Vulnerability Testing
Topics Covered

Incident Response

Detection, stopping, repair, punishment

CSIRTs for major attacks to big for the on-duty staff
to handle

Disaster response and business continuity recovery
Hands-On: Windows XP Home
Security
Chapter 9a
Copyright 2004 Prentice-Hall
Panko’s Business Data Networks and Telecommunications, 5th edition
Figure 9a-1: Windows Updates (Study
Figure)

The Need for Windows Updates

To patch security vulnerabilities

To fix bugs and add functionality
Figure 9a-1: Windows Updates (Study
Figure)

Options

Automatic updating turned on by default in Windows
XP

Default is to notify user of updates before
downloading and installing

Option to download but notify user of the need to
install
Figure 9a-1: Windows Updates (Study
Figure)

Options

Option to download and install without user
intervention

Dangerous because problem updates may cause
difficulties for users
Figure 9a-1: Windows Updates (Study
Figure)

Other Matters

Work-arounds (manual) are difficult for end users

Service packs are cumulative collections of updates

Service packs must be installed in order of their
creation

Severe updates may be loaded immediately while
others wait
Figure 9a-1: Windows Updates (Study
Figure)

Updating Applications

All applications must be updated as well to eliminate
security vulnerabilities

If an application is taken over, an attacker may be
able to take over the computer

Updating applications is difficult because there are
so many of them

Each will have a different method for users to
discover, download, and install updates
Figure 9a-3: Antivirus Scanning (Study
Figure)

Importance

Viruses are widespread

Every PC needs antivirus software to stop incoming
(and outgoing) viruses

Free Anti-virus for UMFK students and staff

http://www.umfk.maine.edu/it/
Figure 9a-3: Antivirus Scanning (Study
Figure)

Using Antivirus Programs Effectively

Virus definitions database and program must be
updated frequently

Preferably daily

Program must be configured to work with user’s email, other programs

Antivirus software must be selected to work with
user’s applications, including peer-to-peer
Figure 9a-3: Antivirus Scanning (Study
Figure)

User Subversion

Turning off antivirus programs to reduce problems,
work faster

Turning off (or not turning on) automatic updating

Failing to pay for subscription extensions
Figure 9a-4: Network and Internet
Connections Dialog Box
Figure 9a-5: Internet Options Dialog Box
Security Tab
Security tab of
Internet Options
dialog box
URLs are
automatically
treated as part of
your Internet zone
Internet is set to a
moderate setting by
default
Custom Level…
allows you to
customize security
Figure 9a-6: Security Settings Dialog Box
Figure 9a-7: Internet Options Dialog Box
Privacy Tab
Privacy settings
in Internet
Options
Uses a slide tab
Default is
medium
Figure 9a-8: Network Connections Dialog
Box
Figure 9a-9: Internet Connection Properties
Dialog Box
Figure 9a-10: Options in Advanced TCP/IP
Settings Dialog Box
Figure 9a-11: TCP/IP Filtering
Configuration
Would
check
Enable
box to
enable
TCP/IP
filtering
Figure 9a-12: Malware Scanning Programs
(Study Figure)

Malware


Evil software

Viruses and worms

Trojan horses

Spyware (reports personal information to outside
parties)
Gets onto client PCs despite security precautions
Figure 9a-12: Malware Scanning Programs
(Study Figure)


Malware Scanning Programs Scan for Malware

Usually find malware

Must be updated
More info


http://perleybrook.umfk.maine.edu/slides/spring%202005/cos12
5/Keeping%20Your%20PC%20Spyware%20Free.pdf
Anti-Spyware Applications

http://perleybrook.umfk.maine.edu/slides/spring%202005/cos12
5/spyware%20stuff/
Figure 9a-13: Two Connections for
Windows XP VPN
2. VPN
Connection
1.
Internet
Connection
Internet
Security
Server
at Remote
Site
To create a VPN, you create two connections
One to the Internet
One to the host you are trying to reach
Figure 9a-14: Connection Screen for a
VPN
Figure 9a-15: VPN Properties Dialog Box
Figure 9a-16: Advanced VPN Security
Settings
VPN will use MSCHAP or MS-CHAP
v 2 for authentication
Bad because original
MS-CHAP had
serious security
weaknesses
Figure 9a-17: Windows Domain
Domain
Domain
Controller
Group
Policy Object
(GPO)
Client PC
Member Server
GPO
GPO
With Windows XP Professional, client PC
Security settings can be set on a domain controller
Group Policy Object (GPO) specifies settings
Client PC