Transcript Lecture 1
NETE4630
Advanced Network Security
and Implementation
Supakorn Kungpisdan
[email protected]
NETE4630
1
Course Descriptions
• Lecture: Sunday 12.30PM-3.30PM
• Lab: Sunday 3.30PM-6.30PM
• Textbooks
– M. Gregg et al., Hack the Stack: Using SNORT and
Ethereal to Master the 8 Layers of An Insecure Network,
Syngress, 2006, ISBN 1-59749-109-8
• http://www.msit.mut.ac.th/
2
NETE4630
Course Information (cont’d)
• Evaluation
– Quizzes 20%
– Assignment 10%
– Project 30%
– Final exam 40%
3
NETE4630
Course Outline
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
Extending OSI to Network Security
Securing Physical Layer
Securing Data Link Layer
Securing Network Layer
Securing Transport Layer
Securing Session Layer
Securing Presentation Layer
Presentation#1
Securing Application Layer
Securing People Layer
Cryptanalysis
Advanced Cryptographic Protocols
Advanced Topic#1: Mobile Payments
Advanced topic#2: Access Controls and Authentication
Presentation#2
4
NETE4630
Lab Works 30%
• Group projects
• Check out the list of assigned security project
during the lab class
• A number of progresses must be reported
• Project demonstration periodically
• Submit a report of the project assigned
5
NETE4630
Task
• Work in a group of 10 students
• Spend 3 minutes on the following tasks:
– (3 students) draw a picture that you can think of
before attending the class.
– (2 students) as a security administrator, draw a
picture that you can imagine what users look like
– (3 students) draw a picture that represents an
organization network with best security
implementation
– 2 student draw a picture that represents the IT
Security manager of your organization
6
NETE4630
Extending OSI to Network Security
Lecture 1
Supakorn Kungpisdan
[email protected]
NETE4630
7
Roadmap
• OSI and People Layer
• Mapping OSI to TCP/IP
• Current State of IT Security
8
NETE4630
OSI Security
9
NETE4630
Roadmap
• OSI and People Layer
• Mapping OSI to TCP/IP
• Current State of IT Security
10
NETE4630
People Layer
• Social Engineering Attacks
• Dumpster Diving
• Attacks usually takes on one of the following angles:
– Diffusion of Responsibility: I know the policy is not to give out
passwords, but I will take responsibility for this
– Identification: We both work for the same company; this
benefits everyone
– Chance for Ingratiation: This is a win-win situation. The
company is going to reward you for helping me in this difficult
situation
– Trust Relationships: Although I am new here, I am sure I have
seen you in the break room
– Cooperation: Together we can get this done
– Authority: I know what the policy is; I drafted those policies and
I have the right to change them
11
NETE4630
Application Layer
• Traditional network applications are vulnerable
to several attacks:
–
–
–
–
–
FTP: sniffing cleartext passwords
Telnet: sniffing cleartext passwords
SMTP: spoofing and spamming
DNS: DNS poisoning
TFTP: lack of session management and
authentication
– HTTP: stateless connection
– SNMP: community strings are passed in cleartext and
default community strings are well-known
• SNMP version 3 offers encryption for more robust security
12
NETE4630
Session Layer
•
•
•
Windows NT LanMan (NTLM) is a Microsoft
authentication protocol used with SMB (Server
Message Block, used to share files in Windows
network) protocol for MS remote access protocols
NTLM has a weak encryption (NTLM password can be
cracked in less than 1 second)
To create an NTLM password:
1.
2.
3.
4.
•
Password is stored in uppercase
Pad the password to 14 characters
Divided into seven character parts and hash them
Concatenate two hash values and store as a LAN Manager
(LM) hash, which is stored in the SAM (Security Account
Manager).
Session hijacking
13
NETE4630
Session Layer (cont.)
• NetBIOS allows applications of different systems to
communicate through the LAN
• Hosts using NetBIOS systems identify themselves using
a 15-character unique name.
• NetBIOS is used in conjunction with SMB, which allows
for the remote access of shared directories and files.
• It also gives attackers the ability to enumerate systems
and gather user names and accounts, and share
information
• Almost every script kiddie and junior league hacker has
exploited the nbtstat, net view, then net use command
• net use is used to map drive on Windows network
14
NETE4630
Transport Layer
• UDP is connectionless; it is vulnerable to DoS
and easy to spoof
• TCP allows hackers to gather information about
targets
– From illegal flag settings, NULL and XMAS, to SYN
and RST, TCP helps attackers identify services and
operating systems
15
NETE4630
Network Layer
• IPv4 has no security services built in
• Vulnerable to various attacks:
–
–
–
–
–
Source routing
DoS
Idle scan (or IPID scan)
Smurf DoS attack on ICMP protocol
Convert channel on ICMP protocol using Loki
• IPSec is now a component of IPv6
16
NETE4630
Data Link Layer
• Address Resolution Protocol (ARP) resolves
logical to physical addresses
• Vulnerable to ARP Poisoning (Dsniff and
Ettercap) and passive sniffing
17
NETE4630
Physical Layer
• An open port in the conference room, or an
unused office could be the foothold needed to
breach the network or gain access to a server
• If someone gains physical access to an item,
they can control it.
18
NETE4630
Stack Attacks and Vulnerabilities
19
NETE4630
Countermeasure Found in Each Layer
•
•
•
•
•
•
•
Virus Scanners
PGP
S/MIME
Privacy Enhanced Mail (PEM)
SSH
SET
Terminal Access Controller
Access Control System
(TACACS)
• Kerberos
• SSL and TLS
• Windows Sockets (SOCKS)
•
•
•
•
•
•
•
•
•
•
Secure RPC (S/RPC)
IPSec
PPTP
Challenge Handshake
Authentication Protocol
(CHAP)
Wired Equivalent Privacy
(WEP)
Wi-Fi Protected Access (WPA)
Packet Filters
NAT
Fiber Cable
Secure Coding
20
NETE4630
Roadmap
• OSI and People Layer
• Mapping OSI to TCP/IP
• Current State of IT Security
21
NETE4630
Physical Security
• Egyptians used locks more than 2,000 years
ago. It the information is important, it was carved
in stone or later written on paper
• The loss of information usually meant the loss of
critical assets, because knowledge is power
• Even when information was not in transit, many
levels of protection were typically used to protect
it
– including guards, walls, dogs, motes, and fences
22
NETE4630
Communications Security
• A means of communication security was found in the
discovery of encryption
– Skytale
– ATBASH
• In the ninth century, Abu al-Kindi published “A
Manuscript on Deciphering Cryptographic Messages”
• National Security Agency (NSA) became involved at the
beginning of the twentieth century
• William Frederick Friedman, on of the best cryptologists
of all time, helped break Japanese cryptographic
schemes
23
NETE4630
Signal Security
• Coreless phone had no security. It is easy to
intercept conversation
• Early cell phones were also easily intercepted
• TEMPEST program, a US-led initiative designed
to develop shielding for equipment to make it
less vulnerable to signal theft
• Spread Spectrum technology improves security
and reliability
– Direct-sequence Spread Spectrum (DSSS)
– Frequency-hopping Spread Spectrum (FHSS)
24
NETE4630
Computer Security
• Computer Security is focused on secure
computer operations
• A number of access control models:
– Bell LaPadula model was designed to protect
confidentiality of information
– Clark Wilson model was the first integrity
model
• Separation of Duties: subjects must access data
through an application, and auditing is required
25
NETE4630
Computer Security (cont.)
• Trusted Computing System Evaluation
Criteria (TCSEC) known as “Orange Book”
defines confidentiality of computer systems
according to the following scales:
– A: Verified Protection: The highest security division
– B: Mandatory Security: Has mandatory protection of
the TCB
– C: Discretionary Protection: Provides discretionary
protection of the TCB
– D: Minimal Protection: Failed to meet any of the
standards of A, B, or C; has to security controls
26
NETE4630
Network Security
• Need for network security was highlighted by the
highly successful attacks e.g. Nimda, CodeRed,
and SQL Slammer
• Such exploits highlight the need for better
network security
• Several tools have been deployed to prevent
such attacks
27
NETE4630
Information Security
• Only physical security, communication security,
signal security, compute security, and network
security are not enough to solve all security risks
• Only when combined together and examined
from the point of information security can we
start to build a complete picture.
28
NETE4630
Information Security (cont.)
• It also requires
– senior management support,
– good security policies,
– risk managements,
– employee training,
– vulnerability testing,
– patch management,
– good code design, and so on
29
NETE4630
Vulnerability Testing
• Vulnerability Testing includes a systematic
examination of an organization’s network,
policies, and security controls
• The purpose is to
– determine the adequacy of security measures,
– identify security deficiencies,
– provide data from which to predict the effectiveness of
potential security measures,
– confirm the adequacy of such measures after
implementation
30
NETE4630
Security Testing
•
•
•
•
•
•
•
Security Audits
Vulnerability Scanning
Ethical Hacks (Penetration Testing)
Stolen Equipment Attack
Physical Entry
Signal Security Attack
Social Engineering Attack
31
NETE4630
Security Testing (cont.)
• Open Source Security Testing Methodology
Manual (OSSTMM) divides security reviews into
six key points:
–
–
–
–
–
–
Physical Security
Internet Security
Information Security
Wireless Security
Communications Security
Social Engineering
32
NETE4630
Finding and Reporting Vulnerabilities
• During security testing, it is necessary to keep
management know about it. Do not let them know at the
completion of the testing
• Need to report findings before developing a final report
• Focus on what is found and its potential impact, not on
its solutions
• People don’t like to hear about problems
• www.cert.org has developed a way to report
anonymously at
www.cert.org/reporting/vulnerability_form.txt
33
NETE4630
Readings
• Chapter 2: The Physical Layer, Hack-the Stack
• James Messer, Secrets of Network Cartography:
A Comprehensive Guide to nmap,
http://www.networkuptime.com/nmap/index.shtm
l
34
NETE4630
Question?
Next week
Physical Layer Security
NETE4630
35