Network and website security,

Security Technologies

What is “Security” Dictionary.com says:

o Freedom from risk or danger; safety.o Freedom from doubt, anxiety, or fear; confidence.o Something that gives or assures safety, as:

• A group or department of private guards: Call building security if a visitor acts suspicious.

• Measures adopted by a government to prevent espionage, sabotage, or attack.

• Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.

…etc.

Network Security Network security consists of the

provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Network security involves the authorization of access to data in a network, which is controlled by the network administrator.

What is network security?

Confidentiality: only sender, intended receiver should “understand” message contents o sender encrypts message o receiver decrypts message

Authentication: sender, receiver want to confirm identity of each other

Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

Access and availability: services must be accessible and available to users

Friends and enemies: Alice, Bob, Trudy

well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages

Who might Bob, Alice be?

… well, real-life Bobs and Alices! web browser/server for electronic

transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?

There are bad guys (and girls) out there!

They can do a lot of things eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address

in packet (or any field in packet) hijacking: “take over” ongoing connection by

removing sender or receiver, inserting himself in place

denial of service: prevent service from being used by others (e.g., by overloading resources)

Security properties Confidentiality

o Information about system or its users cannot be learned by an attacker

Integrityo The system continues to operate properly,

only reaching states that would occur if there were no attacker

Availabilityo Actions by an attacker do not prevent users

from having access to use of the system

What do we Need to Protect?

Datao Information we keep on computers (product

design, financial records, personnel data) o Lost time, lost sales, lost confidence

Resourceso Unauthorized use of computer time & space

Reputationo Misrepresentation, forgery, negative

publicity

Who is vulnerable? Financial institutions and banks Internet service providers Pharmaceutical companies Government and defence agencies Contractors to various government

agencies Multinational corporations ANYONE ON THE NETWORK

Firewall Definition - hardware &/or software

components that restrict access between a restricted network & the Internet or between networks

Logically - a separator, restricted, analyser Rarely a single object

o Restricts people to entering at a controlled pointo Prevents attackers from getting close to other

defences (host controls)o Restricts people to leaving at a controlled point

Firewall Capabilities Focus security decisions - single point to

leverage control Enforce security policy - minimize

exceptions Log Internet activity - analysis Limit exposure - separate sensitive areas

of one network from another or outside world

Firewall Limitations Can’t protect against

o malicious insiderso connections that don’t go through ito new threatso viruseso scans for source & destination addresses &

port numbers, not details of data

Attacking the Network

The Internet

De-MilitarizedZone

Private Network

Border Router/Firewall

Commercial Network

Private NetworkWLAN

Path of Logical Access

The Internet

De-MilitarizedZone

Private Network

Border Router/Firewall

Router/FirewallWLAN

Protecting the Network

The Internet

De-MilitarizedZone

Private Network

Border Router: Packet Filter

Bastion Hosts

Proxy server firewallWLAN

Security Services Authentication (entity, data origin) Access control (prevent unauthorized

access) Confidentiality (disclosure, encryption) Data integrity (value of data item) Non-repudiation (falsely denying a

transaction)

Intrusion Detection Used to monitor for “suspicious activity”

on a network Can protect against known software

exploits, like buffer overflows

Dictionary Attack We can run a dictionary attack on the

passwordso The passwords in /etc/passwd are encrypted

with the crypt(3) function (one-way hash)o Can take a dictionary of words, crypt() them

all, and compare with the hashed passwords This is why your passwords should be

meaningless random junk!o For example, “sdfo839f” is a good password

Denial of Service Purpose: Make a network service

unusable, usually by overloading the server or network

Many different kinds of DoS attackso SYN floodingo SMURFo Distributed attacks

Historical hackers (prior to 2000)

Profile:o Maleo Between 14 and 34 years of ageo Computer addictedo No permanent girlfriend

Trends for 2010 - 14 Malware, worms, and Trojan horses

o spread by email, instant messaging, malicious or infected websites Botnets and zombies

o improving their encryption capabilities, more difficult to detect Scareware – fake/rogue security software Attacks on client-side software

o browsers, media players, PDF readers, etc. Ransom attacks

o malware encrypts hard drives, or DDOS attack Social network attacks

o Users’ trust in online friends makes these networks a prime target. Cloud Computing - growing use will make this a prime target for

attack. Web Applications - developed with inadequate security controls Budget cuts - problem for security personnel and a boon to cyber

criminals.

Cryptography