chapter-2 telecommunications & network security

7/28/2019 Chapter-2 Telecommunications & Network Security

http://slidepdf.com/reader/full/chapter-2-telecommunications-network-security 1/100

Chapter 2: Telecommunications & Network Security

of 100

Firewalls :




of 100




of 100

Screened Subnet firewall is most secure and act as a Perimeter network. Access

o Primary Firewall Administratoro Backup Firewall Administratoro Network service Manager.

Boundary Controls eg . – Fences and firewalls State Packet Filter Firewall – is simple , inexpensive and quick to implement. Firewall – eg. Boundary access control. Static packet filter firewall – low-risk computing environment. Hybrid gateway firewall- medium to high-risk computing environment. Stateful and dynamic filter firewall- high risk computing environment. A rulebase – facilities implementing security controls in a firewalls. Firewall on a packet – Accept/Deny and Discard.

Best backup strategy – Day Zero Backup. Firewalls- protected for fail-safe performance. RPC,NFS and SNMP – should always be blocked and FTP should be restricted. Provide a “Line of perimeter defense” against attacks – Traffic to and from the Internet. Firewall Compromised – correct steps to rebuild the Firewll.

o Bring down the primary firewallo Deploy the secondary Firewallo Reconfigure the primary Firewallo Restore the primary firewall.

Packet filtering firewall are most vulnerable to attack.




of 100

Primary component of Fiewallso Protocol filteringo Application gatewayso Extended logging capability.

Firewall implementations is a by-product of administering the security policy. Firewall is an effective security control over an Internet.

Attacks:

Denial of Service Attack :

DOS name Type Description Counter Measure

Land MalformedPacket

The land attack uses a spoofed SYN packetthat includes the victim’s IP address andTCP port as both source and destination.This attack targets the TCP/IP stack of olderunpatched windows system.

Smurf ResourceExhaustion

A smurf attck involves ICMP flooding. Theattacker sends ICMP Echo Request messageswith spoofed source addresses of the victimto the directed broadcast address of a

network known to be a Smurf amplifier. ASmurf amplifier is a public facing networkthat is misconfigured such that it willforward packets sent to the networkbroadcast address to each host in thenetwork. Assuming a /24 Smurf amplifier,this means that for every single spoofedICMP Echo Request sent the victim couldreceive up to 254 ICMP Echo Responses. Aswith most of resource exhaustion denial of service attack, prevention involves having

infrastructure that can filter the DOS traffic




of 100

and /or an ISP that can provide assistance inthe traffic.

SYN Flood ResourceExhaustion

SYN Floods are the most basic type of resource exhaustion attacks, and involve anattacker , or attacker controlled machines,

initiating many connections to the victim,but not responding to the victim’s SYN/ACKpackets. The vicitim’s connection queue willeventually be unable to process any morenew connections. Configuring a system tomore quickly recycle half-open connectionscan help with this technique. As with mostof the resource exhaustion denial of serviceattacks, prevention involves havinginfrastructure that can filter the DOS trafficand/or an ISP that can provide assistance in

filtering the traffic.Teardrop Malformed

PacketThe teardrop attack is a malformed packetattack that targets issues with systems’fragmentation reassembly. The attackinvolves sending packets with overlappingfragment offsets, which can cause a systemattempting to reassemble the fragmentsissues.

Ping of Death MalformedPacket

The Ping of Death denial of service involvedsending a malformed ICMP Echo Request(ping) that was larger than the maximum

size of an IP packet. Historically, sending thePing of Death would crash systems.

Patching the TCP/IPstacks of systemsremoved the

vulnerability of thisDOS attack.

Fraggle ResourceExhaustion

The Fraggle attack is a variation of thesmurf’s attack. The main difference betweensmurf and fraggle leverages UDP for therequest portion, and stimulates, most likely,and ICMP Port Unreachable message beingsent to the victim rather than an ICMP EchoResponse.

DNSReflection

A more recent denial of service techniquethat, like the smurf attack, leverages a third

party is the DNS reflection attack. Theattacker who has poorly configured thirdparty DNS server query an attacker-controlled DNS server and cache theresponse(a maximum-size DNS record).Once the large record is cached by manythird party DNS Servers, the attacker sendsDNS requests for those records with aspoofed source of the victim. This causesthese extremely large DNS records to besent to the victim in response. As with most

of resource exhaustion denial of service




of 100

attacks, prevention involves havinginfrastructure that can filter the DOS trafficand/or an ISP that can provide assistance infiltering the traffic.

Computer VirusCommon virus Malicious

CodeA malicious code that replicates using a hostprogram.An effective defence against computerviruses does not include –Virus scanningprograms.

Boot SectorVirus

The boot sector virus works duringcomputer booting , where the master bootsector and boot sector code are read andexecuted.

Worm A worm is a self-replicating program that isself-contained and does not require a hostprogram. The worm searches the networkfor idle computing resources and uses themto execute the program in small segments.

Multi-partite A multi-partite virus combines both sectorand file infector virus.

Cookies Web It raises privacy issues such as whatinformation is collected and how it is used.Internet privacy is not enhanced when thecookies file is delted. Deleting cookies filewill not protect the user since a new file iscreated by the browser therefore, thecookies file is a security concern on theinternet.

Link Viruses Manipulate the directory structure of themedia on which they are stored pointing tothe OS to virus code instead of legitimatecode.

Macro Stored in a spread sheet or word processingdocument. Maximum number of encounters.it is difficult to detect.

Attacks :Data leakageattack

Data leakage is removal of data from asystem by covert means. It might beconducted through the use of Trojan horse,logic bomb, or scavenging methods.

Asynchronousattacks

Are indirect attacks on a computer programthat act by altering legitimate data or codesat a time when the programs is idle, thencausing the changes to be added to thetarget program at later execution.

Inference An inference attack is where a user or an Access controls




of 100

Attack intruder is able to deduce information towhich he had no privilege from informationto which he has privilege.Data & Information

Hidden code

attacks

Based on data and information Use layered protection

and disable active-content code.(e.g. Active-X and Javascript) from the Webbrowser are effectivecontrols against suchattacks.

Trapdoorattacks

Trapdoors are entry points built into aprogram created by programmers fordebugging purposes.Major Risks: software disconnection and

hacker entry.Back door is wide open for hackersThe vendor can modify the software at willwithout the user’s knowledge or permission.

War dialling software

Spoofingattacks

Firewall

TOC/TOU is ane.g. of asynchronousattacks

It takes advantage of timing differencesbetween two events.

Applying tasksequence rules.Apply encryption tools

Traffic analysis

Attack

Traffic padding

techniqueCG Scriptvulnerable

Because it can be interpreted.

Logic bomb A time bomb is a part of a logic bomb. Atime bomb is a Trojan horse set to trigger ata particular time while the logic bomb is setto trigger at a particular condition ,event orcommand.

Nak attack Is a penetration technique capitalizing on apotential weakness in an OS that does nothandle asynchronous interrupts properly,

thus leaving the system in an unprotectedstate during such interrupts.

Trojan horse Maliciouscode

It is a program that performs a usefulfunction and an unexpected action as well asa form of virus.DAC is most vulnerable to Trojan horseattack.Back Office is a Trojan horse in windows OS.

ComputerVirus

Maliciouscode

Computer viruses affect integrity, availabilityand usability.e-mail server is the best place to check for

computer virus.




of 100

Applets Maliciouscode

Applets are small application programswritten in various programming languagesthat are automatically downloaded andexecuted by applet-enabled web browsers.

Antivirus

Methods

Malicious

code

Anti-virus software scans every boot-up

Polymorphicvirus

Maliciouscode

Uses a mutation engine to transform simpleviruses into polymorphic ones forproliferation purposes.

Maliciouscode defn.

“Remove” and “Clean” are usedinterchangeably.

Stealth virus It’s a resident virus.Active-Xcontrols

Can be easily exploited when executingbehind firewalls.Forms the basic component technology of the Active-X fram ework for Microsoft’s

software component technology , it isplatform specific in that Active-X contentscan be executed by only a 32-bit windowsplatform . it is language independent can bewritten in C,C++,VisualBasic and Java.

Java applets Has a sound security model to preventmalicious code behaviour.

ComputerVirus

Maliciouscode

An effective means of preventing anddetecting computer virus on a network .Technical measures to defend againstcomputer virus.

Certify all disks prior totheir use.Access controls , Audittrails, Least PrivilegePrinciple.

Eavesdroppingattack fromremote accessto Firewall s

Session encryption isused to encrypt databetween applicationsand end users. Thisprovides strongauthentication. Streamencryption encryptsand decryptsarbitrarily sized

messages, not a strongauthentication

Cryptographicattacks

Focus on Cryptographic parameters(CSPs-critical security parameters) contain keys ,passwords, PINs.

Ciphertext-only attack

The most common attack againstcryptographic.

Replay anearliersuccessfulauthenticationexchange

A time-stamp ,Asequence number, Anunpredictable value.




of 100

Attacks Counter MeasureEavesdropping and loss of confidentialityEavesdropping also known assniffing or snooping of network traffic.

Encrypting the contents of the message or encryptingthe contents of thechannel over which it istransmitted.

Telephone cloning Electronic SignaturesCall-screening SystemDigital technologies

Telephone Tumbling attack Pre-Call Validation systemTumbling Attack Analog Cellular PhoneA technique used toperpetrate wireless Fraud

Cloning

Login Spoofing Providing a secure channelbetween the user and thesystem.Installing a hardware resetbuttonImplementing acryptographicauthentication techniques.

Session hijacking andEavesdropping (intrusion)Session hijacking : An attacker connecting acovert computer terminal toa data communication linebetween the authorizedterminal and the computer.Eavesdropping : A source of eavesdropping on the WWWweb server is : System logs

SSL

E-mail Spoofing Pretty good Privacy (PGP)-for the protection of computer files andelectronic mail.




of 100

Confidentiality protection.Reprograms a Cellular phonewith an ESN/MIN Pair fromanother phone

Cloners

IP Address Spoofing : e.g.

session hijacking attacks.Not detected & reported byIDS.

User Firewall,Disable

active-content, use time-stamps.

TCP session hijacking Remove default accounts,install software patches,use encryption tools.

Cloning of Cellular phones Voice encryptionSniffers Use secure shell protocol,

apply end-to-endencryption, andImplement robust

authentication techniques.Flooding attacks Use packet filters

Brute Force Attack Every possible key will be tried. This issimilar to a known plain text attack.

Change keys and increasein key length.

Network Attack Prevent and Intervene-best approach

Mail bombings Caused by Temporaryaccounts setup by the ISP

Tunnelling AttackTo exploit a weakness in asystem that exists at a levelbelow the developer’s designlevel (such as throughoperating system code versusapplication code).Active Attack: NonPreventable and detectableE.g. – Active Threats :1.Denial of message service2.Masquerding.3.Modification of messageservice.

Cryptography

Passive Attack: Preventablebut difficult to detecte.g.1. Listing to a systempassword when the usertypes it.2. Release of messagecontents and traffic analysis.

Cryptography

Asynchronous Attacks Take the advantage of dynamic




of 100

system actions and the ability tomanipulate the timing of thoseactions.

Hackers-trying to login tocomputer systems

Dial-back modems andfirewalls

Password sniffing One-time passwords andencryption.One – time passwords arenot susceptible toeavesdropping.

Voice hacker : Attack modem pools and access datanetworks through the private branchexchange (PBX) system.

Data hacker : Can steal information and damagecomputer systems.

Voice mail fraud A Call-accounting system

provides hacking patterns.Voice mail fraud preventioncontrols can be counterproductive and counterbalancing.

1.Turning off direct inwardsystem access(DISA) portsduring nonworking hours.2. disconnecting dial-inmaintenance ports.

Spoofing attack :- Is tempering activity – active attackImpersonating a user or systemSpoofing synonymous :Mimcking,impersonating,Masquerding

Firewalls

Spamming :

Posting indentical messagesto multiple unrelatednewsgroup on the internet.

E-mail filters are effective.

Sniffing or snooping :observing packet’s passing byon the network.Sniffing precedes SpoofingIs a surveillance activity and isa passive attack.Scanning,snooping andsniffing are lead to

penetration attacks.Sniffing is monitoringnetwork traffic.Hiddencode,Inference andTraffice analysis are based ondata and information.

Hidden code – 1. Use layered protections.2. Disable active-contentcode.

Bufferoverflow – eg. Of inputvalidation error.Ping of death e.g. –Bufferoverflow attack, a part of

Denial of service attack




of 100

Denial of service attack Example :Flow exploitation attacks, Floodingattack,Distributed attacks,Smurf attack, SYN flood attack, Sendmailattack

It compromise Availability propertiesof information systems.Most malicious Internet-based attack.Connection clogging –denial-of-serviceattacks is less common in occurance.

1.Use faster hardware2.use packet filters.3. it can be prevented byRedundancy

MIM attacks 1.Implement digitalsignatures2.use split knowledgeprocedures.

Locking-based attacks-Degradation of service.

Shoulder surfing 1.promoting educationand awareness2.preventing passwordguessing.3.Asking people not towatch while password isbeing typed.Packet spoofing :Is the most sophisticatedtool or technique thatattackers use against

computer systems.

Packet replay Packet-time stamping andpacket-sequence counting.

Impersonation :can beachieved byForgery , Relay andInterception.

Masquerading attacks Detective controls :Reporting of the last time

user accessed the system.Analysing audit logs and

journalsPassive detectionmethods, logs are notreviewed unless there is asuspicion.

Attacks plus breach A PenetrationTCP Sequence number check

– e.g. Session hijacking attack.Piggyback attack :An intruder gainsunauthorized access to a

system by using a valid user’s




of 100

connection.Teardrop attack :Freezes vulnerablewindows95 and linux hosts byexploiting a bug in the

fragemented packet rea-assembly routines.Locking attack :Prevents users from accessingand running shared programssuch as those found inMicrosoft office.Boot Sector :During computer booting,where the master bootsector and boot sector code

are read and executed.Worm : A worm is self replicating program

that is self-contained and does notrequire a host program.Searches the network for the idlecomputing resources and executes theprogram in small segments.

Multi-partite virus :Combines both sector and fileinfector viruses.

Antivirus software : eg. of both preventive anddetective control.Audit Trails : DetectivecontrolPolicies and procedure :directive controlsContingency plan : recoverycontrols.Data leakage attacks : is

removal of data from asystem by covert means.itmight be conducted throughthe use of Trojan horse,logicbombs, or scavengingmethods.

Inference attacks are basedon : Data and informationLink viruses : manipulate thedirectory structure of the

media on which they are




of 100

stored, pointing the operatingsystem to virus code insteadof legitimate code.Macro virus – are stored In a spreadsheet or word

processing document.

Had the maximum number of encounters.It is difficult to detect .It resides in documents.

Trapdoor Programmers frequently create entrypoints into a program for debuggingpurposes and/or insertion of newprogram codes at a later date.its alsocalled as hooks and back doors.Software disconnection and hackerentry are major risk.

War dialing software

Time-of-check to time-of-use(TOC/TOU) e.g. of Asynchronous attack

1.Apply task sequencerules.2.Apply encryption rules.

Traffic analysis attack Traffic padding techniqueData inference attacks Access controlsLogic bomb(time bomb) : A malicious unauthorized act that is

triggered upon information of apredefined event or condition andresides within a computer program isknown as .A time bomb is a Trojan horse set to

trigger at a particular time while thelogic bomb is set to trigger at aparticular condition,event orcommand. The Logic bomb could be acomputer program or a codefragment.

Trojan horse It is a program that performs a usefulfunction and unexpected action aswell a form of virus.Discretionary access control – mostvulnerable to Trojan horse attack.

Backoffice – is a Trojan horse in aWindows operating system.

Computer Virues Affect – integrity,availability anduseability.Remove and Clean are usedinterchangeably.Password : technical measure .

Antivirus method Anti-virus software scans evry boot-up.

e-Mail Server Best place to check for Computervirus.

A Polymorphic Virus Used A Mutation Engine




of 100

Active Wiretapping Message stream modifications,including delay, duplication, deletion,or counterfeiting.

Tools :1. Packet spoofing :Is the most sophisticated toolor technique that attackersuse against computersystems.2.Nmap is a sophisticatednetwork-scanning tool.

Ping : Tells the location of a phone user. Merit Protection :

o Privacy of location and privacy of transmission of contents. Secure

o Digital systems are inherently more secure that analog cellular telephony because of their digital formats and error-checking and correction protocols.




of 100

o TDMA or CDMA use spread spectrum much more effectively than analog cellular andother traditional systems.

o CDMA is inherently efficient and difficult to intercept. Its more efficient and securethan TDMA because its uses spread spectrum technology more efficiently. Its moredifficult to crack because the coding scheme changes with each conversation and isgiven only once at the beginning of the transmission.

RSA - Voice encryption schemes are based on RSA algorithm to provide privacy protectionover mobile or cellular phones.

As per the U.S. lawo when scanner is used with intent to defraud is illegal. Possession or sale of

electronic serial number (ESN) altering software is currently legal.o Phone cloning and call selling – illegal.

Remote Access:

RAS – Provides a security service in authenticating a remote network access.

Protocols:

Protocols CharacteristicsSSL Session-oriented protocol

Public key (digital certificates) + symmetric key(DES) cryptography to perform




of 100

authentication and encryption. It has become the de facto standard for securecommunication on the internet.Strong authentication for Web server.All the Web network traffic dealing with a Firewall system is secured.TLS supports the SSL to perform client-to-server authentication process.

PPTP Hiding capabilities and is useful to implement end-to-end VPNIPSEC- Supersedes PPTPAuthentication at end nodes(limitations)

IPSEC Implemented on a Firewall for VPNs.Ethernet Connectionless data communications.X.25 Connection –oriented data communication.TCP Connection –oriented data communication.WAN Connection –oriented data communication.WTLS Communications protocol that allows a cellular phones to send and receive encrypted

information over the internet.WTP Wireless transaction protocolWSP Wireless session protocolWDP Wireless datagram protocolWAP Wireless access protocol is an internet protocol that defines the way in which cell

phones and similar devices can access the internet.SecureRPC

Diffie-Hellman key – each user has a private/public key.The authentication servers provides public/private keys to servers and clients.Provides authentication service.

ARP Provides a dynamic mapping of a 32 bit IP Address to a 48-bit physical hardwareaddress.

X.509 PEM standard for secure e-mail on the internet that support services such asencryption, digital signatures and digital certificates.

X3.93 Data encryption algorithmX9.9 Message authenticationX9.17 Cryptographic key management for financial institution key management.X.25FrameRelay

Packet switching

X9.63 Key establishment schemes that employ asymmetric techniques.X9.44 Is transport of symmetric algorithm keys using reversible public key cryptography.X.75 Public packet switched communications between network hubs.SET Secure transactions over the internet in terms of buying and selling of goods and

services.TLS Prevent Eavesdropping , tampering or message forgery. Communication privacy and

data integrity over the internet.CHAP Re-authenticationSLIP Does not provide error detection or correction mechanism.ICMP Function-Redirecting messages is used to trick routers and hosts.

Checking remote hosts function of ICMP of TCP/IP cause a buffer overflow on thetarget machine.

TCP Used by the InternetSNA Used by IBMDECnet Used by Digital Equipment Corporation

MAP Manufacturing Automation Protocol.




of 100

SSL : Strong authentication for the Web Server.

VPN :

A VPN creates a secure , private network over the internet – Encryption, Packet tunnelling ,

Firewalls. Make only one entry point to a company’s network from the internet.

Intranet:

The integration of personal computers, LAN, WAN , mainframe legacy systems, and externalsystems.

It can be used to link employees together , thus enabling easy communication, collaboration,and workflow.

Help in resolving document distribution problems and in increasing employee productivity in

an organization.

Communications and Network Security :

Bypass Switch Fallback Switch Crossover Switch Matrix Switch




of 100

chapter-2 telecommunications & network security

Documents