chapter 10 network security. introduction look at: –principles of security (10.1) –threats...
TRANSCRIPT
Chapter 10
Network Security
Introduction
• Look at:– Principles of Security (10.1)– Threats (10.2)– Encryption and Decryption (10.3)– Firewalls (10.4)
Introduction
• Look at:– IP Security (IPSec) (10.5)– Web Security (10.6)– E-mail Security (10.7)– Best Internet Security Practices (10.8)
Principles of Security
• The concept of security within the network environment includes:– All aspects of operating systems – Software packages– Hardware– Networking configurations– Network sharing connectivity– Physical security is also linked to IT security
Principles of Security
• Security is not just a policy or a plan
• It is a mindset
• You must properly train and cultivate employees to be security aware
• Remember that your network is only as strong as its weakest link, which is usually a human being
Threats
• Humans pose probably the greatest threat to a network because their behavior cannot be controlled
• Because an environment can’t be made completely threat-proof, you must be constantly attentive to be sure that it is as secure as possible
• The first step to sound security is establishing a security policy
Threats
• A back door is a program that allows access to a system without using security checks
• Programmers will put back doors in programs so they can debug and change code during test deployments of software
• A back door can also be installed through applications that are hidden inside of games or software such as screen savers
• Another type of back door comes in the form of a privileged user account
Threats
• Brute force is a term used to describe a way of cracking a cryptographic key or password
• It involves systematically trying every conceivable combination until a password is found, or until all possible combinations have been exhausted
• Brute force is a method of pure guessing• Password complexity plays an important role
when dealing with brute force programs• The more complex the password, the longer it
takes to crack
Threats
• The most popular attacks are buffer overflow attacks
• More data is sent to a computer’s memory buffer than it is able to handle causing it to overflow
• The system is left in a vulnerable state or arbitrary code can be executed
• Buffer overflows are probably the most common way to cause disruption of service and lost data
Threats
• The purpose of a denial of service (DoS) attack is to disrupt the resources or services that a user would expect to have access to
• These types of attacks are executed by manipulating protocols and can happen without the need to be validated by the network
• Many of the tools used to produce this type of attack are readily available on the Internet
Threats
• The man-in-the-middle attack takes place when an attacker intercepts traffic and then tricks the parties at both ends into believing that they are communicating with each other
• The attacker can also choose to alter the data or merely eavesdrop and pass it along
• A man-in-the-middle attack can be compared to inserting a receptive box between two people having a conversation
• This attack is common in Telnet and wireless technologies
Threats
• Session hijacking is a term given to an attack that takes control of a session between the server and a client
• A hijacker waits until the authentication cycle is completed and then generates a signal to the client
• This causes the client to think it has been disconnected
• Then the hijacker begins to transact data traffic, pretending to be the original client
Threats
• Spoofing is making data appear to come from somewhere other than where it really originated
• This is accomplished by modifying the source address of traffic or source of information
• Spoofing bypasses IP address filters by setting up a connection from a client and using an IP address that is allowed through the filter
Threats
• Social engineering plays on human behavior and how we interact with one another
• The attack doesn’t feel like an attack at all • We teach our employees to be customer
service oriented so often they think they are being helpful and doing the right thing
• Each attack plays on human behavior and our willingness to help and trust others
Threats
• Software exploitation is a method of searching for specific problems, weaknesses, or security holes in software code
• Improperly programmed software can be exploited
• It takes advantage of a program’s flawed code
Threats
• A program or piece of code that is loaded onto your computer without your knowledge is a virus
• It is designed to attach itself to other code and replicate
• It replicates when an infected file is executed or launched
• It attaches to other files, adding its code to the application’s code and continues to spread
Threats
• Trojan horses are programs disguised as useful applications
• Trojan horses do not replicate themselves like viruses but they can be just as destructive
• Code hidden inside the application can attack your system directly or allow the system to be compromised by the code’s originator
• It is typically hidden so its ability to spread is dependent on the popularity of the software and a user’s willingness to download and install the software
Threats
• Worms are similar in function and behavior to a virus, Trojan horse, or logic bomb
• Worms are self-replicating• A worm is built to take advantage of a
security hole in an existing application or operating system, find other systems running the same software, and automatically replicate itself to the new host
• The process repeats with no user intervention
Threats
• Other types of malware are:– Logic bombs – Spyware – Sniffers – Keystroke loggers
• As with anything, the intent and use of some of these can be good or bad
Encryption and Decryption
• Cryptosystem or cipher system provides a way to protect information by disguising it into a format that can be read only by authorized systems or individuals
• The use of these systems is called cryptography and the disguising of the data is called encryption
Encryption and Decryption
• Encryption is the transformation of data into a form that cannot be read without the appropriate key to decipher it
• It is used to ensure that information is kept private
• Decryption is the reverse of encryption • Decryption deciphers encrypted data
into plain text that can easily be read
Encryption and Decryption
• There are two basic types of encryption where one letter is replaced with another by a scheme
• This is called a cipher
• The two basic types are:– substitution
– transposition
Encryption and Decryption
• A substitution cipher replaces characters or bits with different characters or bits, keeping the order in which the symbols fall the same
• In a transposition cipher, the information is scrambled by keeping all of the original letters intact, but mixing up their order
• This is called permutation
Encryption and Decryption
• The Data Encryption Standard (DES) suggests the use of a certain mathematical algorithm in the encrypting and decrypting of binary information
• The system consists of an algorithm and a key
• It is a block cipher using a 56-bit key on each 64-bit chuck of data
• In a block cipher, the message is divided into blocks of bits
Encryption and Decryption
• Rivest-Shamir-Adleman (RSA) is an Internet encryption and a digital signature authentication system that uses an algorithm
• This encryption system is currently owned by RSA Security
• The RSA key length may be of any length, and it works by multiplying two large prime numbers
Encryption and Decryption
• Public-key cryptosystems use different keys to encrypt and decrypt data
• The public key is readily available whereas the private key is kept confidential
• There are two major types of algorithms used today: – symmetric, which has one key that is
private at all times – asymmetric, which has two keys: a public
one and a private one
Encryption and Decryption
• Besides RSA, some of the more popular asymmetric encryption algorithms are:– Diffie-Hellman Key Exchange – El Gamal Encryption Algorithm – Elliptic Curve Cryptography (ECC)
• The environments where public-key encryption is very useful include unsecured networks where data is vulnerable to interception and abuse
Encryption and Decryption
• Public Key Infrastructure (PKI) allows you to bring strong authentication and privacy to the Internet
• Public-key cryptographic techniques and encryption algorithms allow you to provide authentication and ensure that only the intended recipients have access to data
• PKI is comprised of several standards and protocols that are necessary for interoperability among different security products
Encryption and Decryption
• The system consists of digital certificates and the certificate authorities (CAs) that issue the certificates
• Certificates identify sources that have been verified as authentic and trustworthy
• The CA’s job is to verify the holder of a digital certificate and ensure that the holder of the certificate is who they claim to be
Encryption and Decryption
• Digital signatures are used to authenticate the identity of the sender, as well as ensure that the original content sent has not been changed
• Non-repudiation is intended to provide a method in which there is no way to refute where data has come from
• Non-repudiation is unique to asymmetric systems because private keys are not shared
Encryption and Decryption
• A virtual private network (VPN) is a network connection that allows you secure access through a publicly accessible infrastructure
• VPN technology is based on tunneling• Tunneling uses one network to send its data
through the connection of another network• It works by encapsulating a network protocol
within packets carried by a public network
Encryption and Decryption
• The protocol that is wrapped around the original data is the encapsulating protocol such as: – IP Security (IPSec) – Point-to-Point Tunneling Protocol (PPTP)– Layer Two Tunneling Protocol (L2TP)– Layer 2 Forwarding (L2F)
• Tunneling is not a substitute for encryption
Firewalls
• A firewall is a component placed between computers and networks to help eliminate undesired access by the outside world
• It can be comprised of:– hardware– software– a combination of both
Firewalls
• There are four broad categories that firewalls fall into: – packet filters – circuit level gateways– application level gateways– stateful inspection
• These four categories can be grouped into two general categories
Firewalls
• A packet-filtering firewall is typically a router• Packets can be filtered based on IP
addresses, ports, or protocols • They operate at the Network layer (Layer 3)
of the Open System Interconnection (OSI) model
• Packet filtering is based on the information contained in the packet header
Firewalls
• An Application-level gateway is known as a proxy
• Proxy service firewalls act as go betweens for the network and the Internet
• The firewall has a set of rules that the packets must pass to get in or out of the network
• They hide the internal addresses from the outside world and don’t allow the computers on the network to directly access the Internet
IP Security (IPSec)
• IPSec is a set of protocols developed by the IETF that operates at the Transport Layer (Layer 3) to support the secure exchange of packets
• The IPSec protocol suite adds an additional security layer in the TCP/IP stack
• The IPSec suite attains a higher level of support for data transport by using a set of protocols and standards together
IP Security (IPSec)
• These include:– Authenticated Header (AH)– Encapsulated Secure Payload (ESP)– Internet Key Exchange (IKE)
• AH provides integrity, authentication, and anti-replay capabilities
• ESP provides all that AH provides, plus data confidentiality
Web Security
• A Web server is used to host Web-based applications and internal or external Web sites
• The best way to ensure that only necessary services are running is to do a clean install
• Web servers contain large, complex programs that may have some security holes
• Many protocols contain common vulnerabilities that may be manipulated to allow unauthorized access
E-mail Security
• E-mail has become the preferred method of communication
• The public transfer of sensitive information exposes it to interception or being sent to undesired recipients
• Unsolicited e-mail may contain dangerous file attachments such as viruses, trojan horses or worms
E-mail Security
• Pretty Good Privacy (PGP) is a specification and application which is integrated into popular e-mail packages
• PGP enables you to securely exchange messages, secure files, disk volumes and network connections with both privacy and strong authentication
• PGP can also be used for applying a digital signature without encrypting the message
E-mail Security
• Privacy-Enhanced Mail (PEM) was one of the first standards for securing e-mail messages by encrypting 7-bit text messages
• PEM may be employed with either symmetric or asymmetric cryptographic key mechanisms
• It works at the application layer, using a hierarchical authentication framework compatible with X.509 standards
Best Internet Security Practices
• Here are some best practices for being able to detect network attacks: – Assume everyday that a new vulnerability
has surfaced overnight– Make it part of your daily routine to check
the log files from firewalls and servers– Have a list of all the security products that
you use and check vendor Web sites for updates
Best Internet Security Practices
• Here are some best practices for being able to detect network attacks:– Know your infrastructure – Ask questions and look for answers – Set good password policies– Install virus software and update the files
on a regular basis
Best Internet Security Practices
• Listed below are some Web sites that offer good information on best practices:– http://csrc.nist.gov/fasp/– http://www.cert.org/security-improvement/– http://www.sans.org/rr/– http://www.securityfocus.com