SECURITY ISSUES IN NETWORKS

WITH INTERNET ACCESS

Lecture-11-12

Presented by: Mazhar Hussain

Topics of Discussion

• Principles for secure networking

• Internet Vulnerabilities

• Security building blocks

Internet Security

• Why do we need to study security in the

internet? Here are some reasons …– Computer networks have lots of vulnerabilities and

threats

– A hacker can log into my machine remotely and destroy

the information

– A malicious program can wipe out data on hundreds of

computers causing huge losses

Principles for Secure Networking

• Questions to consider

– What are we trying to protect?

– What operations are authorized?

– What is security parameter?

Principles continued…

• Know the configuration of the network hardware

and software

• Know the vulnerabilities of the configuration

• Know the threats and consider it in relation to the

vulnerabilities to asses the risk

• Authenticate and authorize the accessto network

resources

Principles Continued..

• Maintain audit logs

• Have a plan to detect and respond to security

incidents

• Ensure individual accountability

The Networks of TwoHands Corporation

• TwoHands corporation develops, produces, and

markets specialized gloves used in waste disposal

and other safety related applications

• The corporation has a Headquarters,a Research

Lab,several factories and warehouses in different

parts of the country

Continued…

• Let us discuss the five stages of development in

TwoHands Networks and consider in each stage

the problems associated with the network and the

possible remedies

Stage1:Private Networks Only

Security Problems

1. Any user can access network traffic

2. Diskette drives on the client

workstations

3. PCs with modem connections

4. Insufficient training to authorized users

Continued…

Possible Countermeasures

1. Introduction of an authentication system for each user

2. Installation of virus detection software and configuration monitors

3. Installation of temper resistant hardware

4. Security awareness training for authorized users

Stage 2:Private Networks plus Read-only

Web Server

Security Problems

1. All the problems in stage 1

2. Denial of service attack

3. Unauthorized change to data on web

server

4. Web address spoofing

Continued…

Possible Countermeasures

1. Use a reliable web server package

2. Keep abreast of the advisories provided

by CERT(Computer Emergency

Response Team), FIRST(Forum of

Incident Response Teams)

3. Proper maintenance of web server

Stage 3:Private Nets Plus Forms-Based

WWW Server

Security Problems

1. Compromise of order information

2. Spoofing of order information

3. Loss of control over the web site

4. Customer information stored on ISP

host.

Continued…

Possible Countermeasures

1. Using a secure web server like HTTP

2. Double checking the CGI scripts

3. Customer authentication

Stage 4:Internet Service through Firewall

with Forms-Based WWW Server

Security Problems

1. Attacks on internal systems via misconfigured

firewalls

2. Importing of malicious software or

exporting of sensitive information via

properly configured firewall

3. Compromise of identity of correspondents

4. Back doors into internal networks

Continued…

Possible Countermeasures

1. Proper firewall configuration

2. Vigilant management of firewall and the

website

3. Provide proper awareness of security to

the internal users

Stage 5:Virtual Private Networks

Security Problems

1. Contamination of internal database via actions of cooperating companies

2. Service delays/denial for intranet traffic due to Internet/ISP problems

3. Compromise or delay of intranet traffic due to crypto mismanagement

4. Compromise of internal traffic patterns

Continued…

Possible Countermeasures

1. Using proper encryption methodology

2. Avoid same company as ISP all the sites

Network Security Policy and Services

• For any level of network security to be established

and maintained we need to understand:

• what assets we need to protect

• against what threats

• to what degree

• identify the elements of security policies

appropriate for networks

• construct a security policy to meet the needs of network

• decide on means for enforcing the policy

Network security services

• confidentiality (protection against eavesdropping)

• integrity (protection against data modification)

• authentication (assurance that the source of

the data is accurately identified to the recipient)

• non-repudiation (inability of the sender to disavow

data the recipient receives)

Vulnerabilities

• Network

• Sniffing

• War Dialing

• Protocol

• Data-link-layer security

• Network-layer security

• Transport-layer security

• IP origin forgery

Above the application layer

• System access control and authorization data structures

• Malicious Software

• Hidden Application Features

Types of Encryption Algorithms

Symmetric

DES ( Digital Encryption Standard)

Asymmetric ( Public Key Cryptography)

RSA (Rivest Shamir Adleman)

DES

RSA

Authentication

Cryptographic Hash Functions

MAC (Message Authentication Code)

Digital Signatures

Security in TCP/IP Protocol Stack

Application Layer Encryption

Session Encryption

IP Layer Encryption

Relative Location of Security in TCP/IP Protocol Stack

SSL Protocol Operation

IP Security Scenario

The Kerberos Architecture

Kerberos

Client

Ticket

Granting

Service

Server

(1) request/receive TGS ticket (2) request/receive server ticket

(3) request service

Intrusion Detection

Network Based Network Security Monitor, Network

IDS, Net Ranger, Tripwire etc…

Host Based Probes of host ports, password guessing

etc…

Taxonomy of Malicious Programs

Security Management Tools

SATAN (Security Analysis Tool for Auditing Networks)

ISS (Internet Security Scanner)

Tiger

Crack

Snoop

Firewall

• Firewall : a method used to prevent unauthorized

access to a private network

Internet

Trust

Types of Firewalls

SOCKS

Target of

communication

sends information

back through SOCKS

daemon, which routes it

to the user desktop.

Protected

NetworkInternet

Firewall

SOCKS daemon

on firewall parses

request, checks

access control

rules, and makes

connection (proxy);

copy data back in through

firewall.

Socksified

user app asks

SOCKS daemon for

circuit