Team 1 - KsuWeb

Download Report

Transcript Team 1 - KsuWeb

Network Security
Hawkes, William
Team Members
Murphy, Nick
Bhimani, Shan
Hou, Boyu
Introduction
Three Goals to Internet Security
• Confidentiality
• Integrity
• Availability
Confidentiality
Protection Of Confidential Information
Applies to both Storage and Transmission of information
Threats: Snooping, Traffic Analysis, Phishing
Prevention: Encryption
Integrity
Changes to data should only be done by the person authorized to do so
Not necessarily caused by malicious act. Power surge. Hardware failure
Modification, For example using SQL injection to modify the query to a server.
Availability
Information should always be available to authorized users
Biggest threat to availability would be DOS
Virus and Malware can also cause serious bottlenecks in servers and routers
Very Large Topic
Internet security is a large topic with many different aspects.
We chosen to divide the topic into two areas:
• Types of threats
• Methods of prevention
Types of threats
DOS
Phishing
Malware
Ransomware
SQL Injection
DoS
Denial of Service (DoS) attacks against web sites occur when an attacker attempts to make the web
server, or servers, unavailable to serve up the web sites they host to legitimate visitors.
Most commonly, the following tactics are used in a DoS attack:
Ping Flooding
Peer-to-peer attacks
Application level floods
Phishing
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit
card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a
trustworthy entity in an electronic communication.
Communications are commonly used to lure unsuspecting victims.
Attempts to deal with the growing number of reported phishing incidents include legislation, user
training, public awareness, and technical security measures. Many websites have now created
secondary tools for applications, like maps for games, but they should be clearly marked as to who
wrote them, and users should not use the same passwords anywhere on the internet.
Malware
malicious software
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software,
including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and
other malicious programs.
Executable code, scripts, active content, and other software. Malware is often disguised as, or
embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or
trojans rather than viruses.
In law, malware is sometimes known as a computer contaminant, as in the legal codes of several
U.S. states.
Ransomware
Ransomware is a Cryptovirology attack carried out using covertly installed malware that encrypts
the victim's files and then requests a ransom payment in return for the decryption key that is needed
to recover the encrypted files.
Ransomware is an access-denial type of attack that prevents legitimate users from accessing files
since it is intractable to decrypt the files without the decryption key. Other attacks superficially lock
the system and display messages intended to coax the user into paying.
Ransomware typically propagates as a Trojan, whose payload is disguised as a seemingly legitimate
file.
SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which
nefarious SQL statements are inserted into an entry field for execution. SQL injection must exploit a
security vulnerability in an application's software.
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation
issues such as voiding transactions or changing balances, allow the complete disclosure of all data
on the system, destroy the data or make it otherwise unavailable, and become administrators of the
database server.
Also can be used in NoSQL databases.
Methods of Prevention
Network Layer - SSL
IPSec
Encryption
Firewalls
Antivirus
Password Management
Encryption
•
Basic Definition: Encoding info so that only certain people can read it
•
Does not prevent a message from being stolen; only greatly decreases the chance of the
message being understood (assuming good encryption is used).
•
Unlike a hash, meant to be a two-way process - data is decrypted upon arrival at their
destination based on a known key
•
Simple encryption: Caesar Cipher, Rot13 (shifting letters in message over, so A->E, B->F,
etc)
•
•
The “key” is knowing how many letters were shifted over, so you can reverse the process
More Advanced Encryption: RSA, Blowfish, AES (Advanced Encryption Standard)
Types of Encryption
• Symmetrical Encryption
The same key is used to both encrypt and decrypt a message
•
•
Also called “Private Key Encryption”, which leads us to…
• Public Key Encryption
•
Encryption key itself is publically available
•
However, the decryption key (“private key”) is only known to the recipient.
•
Also known as “Asymmetrical Encryption”
Keys
•
Whichever type of encryption used, the receiver needs to know the key
•
Key can be predetermined before communication begins; not flexible
•
Key can be sent with message (or in a separate transmission)
•
•
Simple and convenient
•
Increased chance of key being intercepted
Keys can be created “on-the-fly” by mixing partial keys to create the final one
(see Diffie-Hellman Key Exchange)
Secure Sockets Layer
•
•
•
Recap: Network - Layer 3 in OSI Model; handles routing/packet forwarding
SSL runs between the Transport and Network layers
Manages encryption and authentication for clients and servers
• Mix of Symmetrical and Asymmetrical Encryption used
•
Developed by Netscape in 1994, for use in protecting Netscape Navigator users and their
sensitive information
Largely a legacy name - some version of TLS is used instead today (Historical RFC 6101)
•
Transport Layer Security
• IETF took over the specification from Netscape
• Open Standard: SSL 3.1 => TLS 1.0
• New Features: Message Authentication, newer encryption algorithms
IPsec
•
Suite of protocols that encrypt & authenticate each IP packet during a communication
session.
• Authentication: Proving that the message is what it states it is (origin, sender, etc)
• (Separate from Authorization, which is what you’re allowed to do based on who you are)
• Mutual Authentication: Communicating parties authenticating each other at the same
time (not treating one party as initially trustworthy at the beginning of communication)
•
Implementations:
•
Transport Mode
•
•
Host-to-Host; only data is encrypted/authenticated
Tunnel Mode
•
•
Network-based; entire IP datagram is protected, then encapsulated in new IP datagram
Used in VPN
IPsec - Protocols
• Authentication Headers
•
•
•
Operates on top of IP datagram (protocol 51)
Origin authentication of IP datagrams
IPv4: Covers payload and most of IP Header (excluding changeable fields like checksum
and flags)
IPsec - Protocols
•
Encapsulating Security Payloads (IP Protocol 50)
•
•
Doesn’t protect the entire IP Packet in “Transport Mode”, but can encapsulate it in
“Tunnel Mode”
Has encryption-only and authentication-only flags (discouraged)
IPsec - Protocols
• Security Associations
Collection of algorithms and attributes that are used for encrypting/authenticating data
flow in one direction (simplex)
•
•
Networks define enough of these collections to allow for secure connections to and
from other networks.
•
Standardized by ISAKMP (Internet Standards Association & Key Management Protocol)
•
•
Unauthenticated version of IPsec allowed by RFC 5386 (Better-than-Nothing
Security)
SPI (Security Parameter Index) used to determine the level of security needed for an IP
Packet
Firewalls
What is firewall?
•
A choke point of control and monitoring
•
Interconnects networks with differing trust
•
Imposes restrictions on network services
•
•
only authorized traffic is allowed
Auditing and controlling access
•
can implement alarms for abnormal behavior
•
Itself immune to penetration
•
Provides perimeter defence
Firewalls - Cont..
• Types of Firewalls
•
Packet Filters
•
Application - Gateway Firewalls
•
Circuit - Gateways Firewalls
•
Hybrid Firewalls
•
Virtual Private Networks
Firewalls - Packet Filters
• Uses transport-layer information only
• IP Source Address, Destination Address
• Protocol/Next Header (TCP, UDP, ICMP, etc)
• TCP or UDP source & destination ports
• TCP Flags (SYN, ACK, FIN, RST, PSH, etc)
Firewalls - Application Gateway Firewalls
Firewalls - Application Gateway Firewalls
• Types of Application Gateway firewalls:
• Generic Firewalls
• Specific Firewalls
Firewalls - Circuit - Gateways Firewalls
• Designed to produce a more seamless, transparent
connection between clients and destinations using
routines in special libraries.
• Works at Session Layer of OSI Model
• Monitors TCP Handshaking
• Implemented using SOCKS
Firewalls - Circuit - Gateways Firewalls
• SOCKS
•
A tool that includes set of client libraries for proxy interfaces with
clients.
•
SOCKS is client/server
•
How does SOCKS work?
Antivirus
• An anti-virus software program is a computer program
that can be used to scan files to identify and eliminate
computer viruses and other malicious software
(malware).
Antivirus - Cont….
• Features of Antivirus Software
• Background Scanning
• Full System Scans
• Virus Definitions
Antivirus - Cont….
• Ways to get rid of Viruses
• Signature-based detection
• Heuristic-based detection
• Behavioural-based detection
• Sandbox detection
• Data mining techniques
Password Management
Password managers store your login information for all
the websites you use and help you log into them
automatically. They encrypt your password database with
a master password – the master password is the only one
you have to remember.
Conclusion
With the three Internet Security goals in mind:
Confidentiality, Integrity, and Availability
We have attempted to give a brief description of some of the
types of threats as well as some of the preventative
measures used to help provide Internet Security.
Conclusion
Thank you for your time
Any Questions?
Sources
• http://www.ittoday.info/AIMS/DSM/83-10-41.pdf
• http://www.cs.northwestern.edu/~ychen/classes/mitp458/firewalls.ppt
• http://www.antivirusworld.com/articles/antivirus.php
• https://antivirus.comodo.com/how-antivirus-softwareworks.php
• http://www.howtogeek.com/141500/why-you-should-usea-password-manager-and-how-to-get-started/
Sources
•
•
•
•
•
•
http://searchsecurity.techtarget.com/definition/encryption
https://tools.ietf.org/html/rfc2631
https://tools.ietf.org/html/rfc4880
https://tools.ietf.org/html/rfc5246
https://tools.ietf.org/html/rfc5386
http://docs.google.com/viewer?a=v&pid=sites&srcid=bmV
0aXAuY29tfGhvbWV8Z3g6NTA2NTM0YmNhZjRhZDYzZQ
Sources
• http://www.philzimmermann.com/EN/essays/WhyIWrote
PGP.html
• http://www.cisco.com/c/en/us/about/press/internetprotocol-journal/back-issues/table-contents-18/ssl.html
• https://www.evsslcertificate.com/ssl/ssl-history.html
• https://technet.microsoft.com/enus/network/bb531150.aspx
• http://www.unixwiz.net/techtips/iguide-ipsec.html