Download - Chapter 15: Network Security
Chapter 15:Network Security
Principles of Computer Principles of Computer Networks and CommunicationsNetworks and Communications
M. Barry Dumas and Morris SchwartzM. Barry Dumas and Morris Schwartz
Principles of Computer Networks and Communications
2Chapter 15
Objectives Describe the goals of network security and the issues most relevant to business Differentiate methods of attacks on corporate networks, provide protection strategies,
and discuss the elements of an effective security policy Illustrate how different types of firewalls function, and assess their effectiveness and
impact on network performance Differentiate between different types of attacks that might come from the Internet, and
provide pre- and post-infection security measures Discuss denial-of-service attacks, how they operate, and network defense strategies Explain techniques associated with social engineering, including differentiating
among pretexting, spam, spoofing, and phishing Describe the role of proxy servers in network security and assess their utility Explain the options and functionality of encryption systems Describe security issues associated with virtual private networks and the role of
network address translation Illuminate the added security complications inherent in wireless networks Provide criteria for assessing security compliance, including certification standards
Principles of Computer Networks and Communications
3Chapter 15
Overview
Network security covers a wide range of concerns, including
Physical intrusion and disruption Software-based mischief and assaults Unauthorized transmission capture Terrorist attacks!
Thwarting these challenges that can come from internal and external sources
is the goal of network security.
Principles of Computer Networks and Communications
4Chapter 15
Overview
Network security is Policy based Company specific
“Consider that security is not an all-or-nothing proposition.
Dealing with it adequately is an ongoing task that is bound to be substantial
in terms of time and cost.”
Principles of Computer Networks and Communications
5Chapter 15
Overview
Why require security measures? Intrusion!
Any unauthorized network activity On corporate or wide area networks With the intent to disrupt operations To alter stored data or transmissions in any way
Goal Deter attacks on corporate networks Protect corporate transmissions from meaningful interception
intrusion prevention
Principles of Computer Networks and Communications
6Chapter 15
Overview
What security measures are required?
First Identify types of threats anticipated Determine likelihood of occurrence Estimate probable cost to the company from
successful security breaches
A company should always undertake a risk assessment/risk analysis
before security measures are modified, enacted, or contemplated
Conduct a risk assessment (aka risk analysis)
Principles of Computer Networks and Communications
7Chapter 15
Overview
Where/How should security measures be applied? From the risk assessment/risk analysis, determine
Personnel To monitor the network To contain threats
Methods Hardware Software Budget Implementation
Security methods must be effective Risk assessments and policies must be revisited to stay relevant
Principles of Computer Networks and Communications
8Chapter 15
Security Perspectives
Not every disruption is a security breach Power outages due to acts of nature Damage from accidents Equipment failure
Even so . . .
Risk assessments should consider these
Action plans should respond to these
Principles of Computer Networks and Communications
9Chapter 15
Security Perspectives
Five security issue perspectives (categorizing threats) Source
Internal (employee) or external (outside company) Type
Physical or electronic (e.g., illegal downloads) Intent
Mischievous (pranks) or malevolent (deliberate) Random or focused
Method Breaking and entering, hacking, spoofing, denial of service
Target Corporate networks, wireless networks, Internet
Principles of Computer Networks and Communications
10Chapter 15
Security Perspectives
Threat prevention strategies based on source
Attacks from internal sourcesStrategy
Monitoring—recording employee activity (activity logs) Limiting access (authorization)
Physically restricting access from areas (locks, badges) Electronically restricting access (passwords)
Attacks from external sourcesStrategy
Devices Firewall—principle corporate blockade method Proxy servers—sit between user requests and corporate servers
Software Protocols to secure transmissions (encryption, tunneling) Anti-virus (detection/removal), anti-spam, anti-spyware, pop-up blockers
Principles of Computer Networks and Communications
11Chapter 15
Security Perspectives
Generally speaking, security measures take two basic routes
Proactive Cordoning off corporate networks to prevent attacks
before they get into the network and take hold
Reactive Invoking procedures to remove threats that are inside the
network before they cause damage
Example: Firewalls!
Example: Virus removal software!
Principles of Computer Networks and Communications
12Chapter 15
Security Perspectives
Intrusion detection systems (IDS)
Goal Focuses on network data or host activity
Network based—monitors packets by inspecting layer headers or applications data
Host based—monitors activity on host machine, looking for valid security certificates, signatures of known threats, suspicious sites
vs.
Intrusion prevention system (IPS)
Goal Isolates and quarantines suspect files Prevents access to particular sites Refuses to download/install certain files
Detect security threats (internal and external)
Take action to prevent threats from affecting the network
An IDS can also be an IPS
Principles of Computer Networks and Communications
13Chapter 15
External Attacks and Firewalls
Firewall
Purpose Prevent intranet access by unauthorized parties Stop transmissions that could harm or compromise corporate data
or resource functioning Concept
Screens traffic coming into one network from another Combination of hardware and software
Corporate devices Dedicated computers (PCs or routers—usually without keyboards) Connected to but not part of internal networks
Principles of Computer Networks and Communications
14Chapter 15
External Attacks and Firewalls
Firewall types
Packet filtering Check layer 3 network headers of packets from external networks Run on corporate border routers
Circuit level Check layer 4 transport headers Monitor connection-oriented session creation attempts by TCP
Application Check layer 5 application packet data for program-specific software Identify harmful tendencies in applications
All here are considered packet-filtering firewalls
All three in the same device = multilayer firewall
Principles of Computer Networks and Communications
15Chapter 15
External Attacks and Firewalls
Firewall filtering modes
Admit/deny decisions are determined by a variety of criteria (rules) loaded into the firewall router
Rules can be based on IP addresses or domain names Port numbers Protocols Circuits or sessions Applications Other packet attributes, such as specific data patterns, words, or phrases
Two filtering modes (filtering rules) Deny all but explicit—Transmit only packets that meet specific rules Pass all but explicit—Transmit any packets that don’t match denial rules
Risky! New threats won’t be on the denial list.
Rules must be kept up to date
for filters to be effective.
Principles of Computer Networks and Communications
16Chapter 15
External Attacks and Firewalls
Firewall connection states Stateful
Stores relevant aspects of each approved connection-oriented session in the router table
Packets are examined to see if they belong to the approved session
(stateful inspection) instead of being compared with the entire rule set
More efficient than firewalls that do not use stateful operation Can also be incorporated in network-layer packet filters
Stateless Do not maintain state tables Must treat each packet independently without regard to prior
experience (i.e., comparing every packet with every rule)
Principles of Computer Networks and Communications
17Chapter 15
Security Attacks via the Internet
Malware What is it?
Software aimed at network or computer-related disruption Some examples
Viruses Denial-of-service attacks Web-site substitution
“In the end, the user is responsible for dealing with
the variety of threats posed.”
Principles of Computer Networks and Communications
18Chapter 15
Security Attacks via the Internet
Malware “highlights”
Viruses Self-replicating; cannot propagate on their own
Worms Self-replicating; can propagate on their own
Trojan horses Cannot run on their own; must be executed
Spyware Tracking software; records activity down to the keystrokes
Adware Tracking software; presents advertisements based on usage
Principles of Computer Networks and Communications
19Chapter 15
Security Attacks via the Internet
Viruses Self-replicating; cannot propagate on their own Spreads by infection, placing executable program code in a file Damage is done by the actions the viruses take
Displaying messages or pictures Modifying or erasing files (including deleting all files) Reformatting drives Crashing the computer
When the file is executed, the code reproduces itself and infects other computers
Hundreds of viruses exist and new ones are created every day!
Principles of Computer Networks and Communications
20Chapter 15
Security Attacks via the Internet
Worms Self-replicating; can propagate on their own Do not need to attach themselves to other programs
(as viruses must) Usually designed to travel along with transmissions so they
rapidly spread Each machine they move to send out worm transmissions Worms tend to aim more at network disruption than
individual computer damageE-mail is a common medium of worms
Principles of Computer Networks and Communications
21Chapter 15
Security Attacks via the Internet
Trojan horses Cannot run on their own; must be executed Cannot propagate Hide within legitimate software Typically activated when a user unsuspectingly
executes it believing it to be something else
More recently, viruses and especially worms, have been designed to carry trojans
Principles of Computer Networks and Communications
22Chapter 15
Security Attacks via the Internet
Spyware Tracking software; records activity down to the keystrokes Watches activity on the computer without your knowledge or consent Recorded activity can be transmitted over the Internet to other parties Might try to steal account information, passwords, and other sensitive
information Resides in particular files Usually does not replicate
Adware Tracking software; presents advertisements based on usage Often considered a specific type of spyware Consent to load adware on a computer is sometimes embedded in
“terms of use” that accompany software
Web pages are common carriers of spyware
Principles of Computer Networks and Communications
23Chapter 15
Security Attacks via the Internet
Malware antidotes
Firewalls Can stop many malware attacks
Properly configured e-mail servers Good at catching spyware and adware Can incorporate scanning software to trap viruses and worms
in attachments Operating systems
Can block pop-ups ISP e-mail systems
Might scan outgoing mail and incoming attachments
Anti-virus software Can detect malware in inbound and outbound attachments Can delete/quarantine files identified with malware
Blocking pop-ups might thwart adware but it will also block some legitimate traffic!
Whether firewall-, server-, or computer-based, anti-malware software must be kept up to date!
Principles of Computer Networks and Communications
24Chapter 15
Security Attacks via the Internet
Denial-of-service (DoS) attacks Designed to shut down particular resources by
overwhelming them, denying their services to legitimate users
Not designed to destroy files or steal data Current variations depend on flooding resources
with packets
Many older DoS versions relied on exploiting weaknesses in protocol implementations. These no longer affect newer devices and systems.
Principles of Computer Networks and Communications
25Chapter 15
Security Attacks via the Internet
Denial-of-service (DoS) attack forms TCP-based SYN flood
Takes advantage of TCP’s handshaking procedure for setting up a session (SYN/ACK packets)
Requester sends a great many session requests, each with a bogus IP address
Server ends up trying to send SYN/ACK packets to the bogus address, leaving a number of half-open connections
UDP-based flood Counterfeit UDP packets are sent requesting delivery to an application Server gets overwhelmed trying to reply with “destination unreachable”
messages Broadcast attack (Smurf attack)
Engages many hosts to (unknowingly) bombard another host Attacker spoofs the victim IP address and sends a broadcast ICMP
echo request to the unknowing participants Participants send responses to the victim IP address, overwhelming it
Principles of Computer Networks and Communications
26Chapter 15
Security Attacks via the Internet
Denial-of-service (DoS) attack forms—older versions Teardrop attack
Sends packets whose offset values overlap Host crashes trying to perform impossible packet reassembly
Bonk attack Sends packets whose offset values are too large Host crashes trying to perform impossible packet reassembly
Ping of death Sends an ICMP echo request with packets larger than the
IP packet maximum (65,535 bytes) Host crashes when packet reassembly overflows a buffer
Land attack Sends a packet whose source and destination address are the same Host gets confused and tries to set up a connection with itself
Principles of Computer Networks and Communications
27Chapter 15
Security Attacks via the Internet
Distributed Denial-of-service (DDoS) attack Actual attack is one of the DoS attacks Many hosts are unknowingly enlisted in the process Attack effectively comes from many computers Commonly activated by sending trojans to many computers When activated, the trojan installs code that allows the
computer to be controlled by a remote host (the attacker)
Because they are unaware of what they’re doing,the unsuspecting hosts participating in the attack
are called zombies.
Principles of Computer Networks and Communications
28Chapter 15
Security Attacks via the Internet
Dealing with DoS and DDos attacks Before the attack
(for SYN floods) Configure border routers and other nodes to Limit the number of half-open sessions Keep time-outs short
(for UDP floods) Close unused UDP ports at the firewall and at hosts (for broadcast attacks) Configure devices not to respond (for older versions) Update systems and software to remove vulnerability
During the attack Try to block it before system shutdown
After the attack Very difficult to deal with Often an attack is not recognized until
damage has occurred and the attacked services have shut down
Restore the system
If you can’t find a way to block the flood, the shutdown
will be repeated!
Principles of Computer Networks and Communications
29Chapter 15
Security Attacks via the Internet
Social engineering Tricking people or systems into providing confidential
information Social security number Bank account number Passwords Birthday
“Much security breach activity focuses on obtaining confidential, personal, private, or
other sensitive information.”
Principles of Computer Networks and Communications
30Chapter 15
Security Attacks via the Internet
Social engineering schemes
Pretexting Claiming to be someone you’re not (under the “pretext” of being another) Pretending to be an agency representative (bank, police, social agency) and
then obtaining confidential information during the conversation
Spam Bulk e-mail May be solicited (opt in) or unsolicited
Spoofing Falsifying source addresses to lure one into revealing information
Phishing Trolling for confidential information by randomly sending out spoofed spam
Opt out is deliberately indicating you do not want to receive e-mail.
Principles of Computer Networks and Communications
31Chapter 15
Security Attacks via the Internet
Dealing with social engineering schemes Never open an e-mail message
whose source subject looks suspicious Misspelled subject lines Subjects with symbols Missing subject
Never reply to a suspicious source Never open an attachment from a suspicious source Confirm suspicious e-mails from someone you know by
asking the sender for verification Keep your scanning software up to date Never provide confidential information in reply to
an unsolicited e-mail
The best way to avoid being dupedis to be on guard!
Principles of Computer Networks and Communications
32Chapter 15
Security Attacks via the Internet
Hacker packet sniffing When hackers use a packet sniffer to break into networks and
their attached systems Hackers can obtain sensitive data and disrupt systems
Dealing with hacker packet sniffing For intranets
Secure wiring closets and unused network connections For Internets
Use encryption to render intercepted data meaningless
A packet sniffer is a device for eavesdropping on network traffic that includes software for discovering protocols being used.
Principles of Computer Networks and Communications
33Chapter 15
Proxies
Proxy server—basic operation What it is
The proxy server acts as an intermediary, sitting between the client and the requested server
How it works A client requesting a file that resides on a particular server
actually gets connected to the proxy server The proxy server requests the file from (the real server) and
supplies it to the client The client is never actually directly connected with the
requested server
Proxy servers typically act for web servers
Principles of Computer Networks and Communications
34Chapter 15
Proxies
Proxy server—guardian of corporate networks Security
Keeps a direct doorway to the corporate network closed Performance
Sizeable cache enables the proxy server to satisfy repeat web page (file) requests without involving the web server
Filtering Proxy servers can filter sensitive or offensive material from web
pages or block the pages all together Formatting
Proxy servers can reformat pages to fit particular devices (e.g., small screens of PDAs or cell phones)
Common Gateway Interface (CGI) enables direct client/server transactions,enabling particular users to directly access a site that is otherwise blocked.
Principles of Computer Networks and Communications
35Chapter 15
Encryption
Plaintext The original unencrypted document
Ciphertext The encrypted document
“The idea behind encryption is a simple one— obfuscate the data so that it will not be
intelligible to anyone but the intended recipient.”
Cipher derives from various languages, all of which leave it meaning
zeroempty
nothing
Principles of Computer Networks and Communications
36Chapter 15
Encryption
Encryption
Is done by algorithm
Algorithms are manipulations based on rules to disguise the plaintext
Examples A substitution code where one symbol is substituted for
by another (e.g., replacing every alphabet letter with the one following)
Use of a key that, when applied, converts plaintext to ciphertext; the same key (or another key) is required to convert the ciphertext back into plaintext
Principles of Computer Networks and Communications
37Chapter 15
Encryption
Key ciphers
Most relevant to computer systems Mathematical algorithms use keys to
encrypt plaintext and decrypt ciphertext Two versions of key ciphers
1. Asymmetric keys Both a public and a private key are in play
2. Symmetric keys Sender and receive use same key
Principles of Computer Networks and Communications
38Chapter 15
Encryption
1. Asymmetric keys Both a public and a private key are in play Both must be used to complete the transmission Example
A wants to send a ciphertext to B B publishes a public key
that A uses to encrypt the plaintext After it is encrypted, in can be decrypted only with
B’s private key (which only B has)
Even if A’s signal is intercepted, it cannot
be understood without the private key.
Principles of Computer Networks and Communications
39Chapter 15
Encryption
1. Asymmetric keys—similar process Digital signature—provides
Authentication Message is actually from the party it appears to be from
Non-repudiation Prevents the sender from claiming it did not send the
message Digital signature—process
For A to send a digital signature to B, A publishes a public key and uses A’s own private key to encrypt the message
B then uses A’s public key to decrypt the message and verify that it must have been sent from A
Principles of Computer Networks and Communications
40Chapter 15
Encryption
2. Symmetric keys Sender and receive use same key
(sender to encrypt; receiver to decrypt) Because there is only one key, it must be kept
private from everyone except the authorized sender and receiver
Major weakness Getting the key to the receiver (risk of interception)
Symmetric keys work best for internal use within company networks, orvia a third-party key manager
Principles of Computer Networks and Communications
41Chapter 15
Encryption
Key management via third parties Digital certificate
Most reliable method for online key exchange Copy of a key that is digitally signed by a trusted third party Verifies that the key is authentic
The key it contains is genuine The key comes from the named source
“Key-based systems, whether asymmetric or symmetric, face the problem of reliable key exchange.”
Certificate authority (CA)
Principles of Computer Networks and Communications
42Chapter 15
Encryption
Digital certificates—What’s in it?
1. Serial number
2. Name and key of its owner (sender)
3. Certificate’s valid dates (from/to expiration)
4. Name and digital signature of the CA
5. Algorithm used to create the CA’s signature
CA is certificate authority
Principles of Computer Networks and Communications
43Chapter 15
Encryption
Digital certificates—in practice
1. A sender applies to a CA for a certificate2. CA transmits its public key to the applicant3. Sender uses CA’s public key to encrypt its own key
and sends it to the CA4. CA issues a certificate for the owner5. Sender transmits the encrypted message, with the certificate
attached, to the recipient6. Recipient uses CA’s public key to decrypt the certificate,
uncovering the sender’s key and using it to decrypt the message. Recipient can use that same key or its own certificate to send a reply.
Principles of Computer Networks and Communications
44Chapter 15
Virtual Private Networks
Virtual private network (VPN) Way to transmit secure data over a network that may
not be secure Created by tunneling
This technique is used to send one network’s packets through another network using secure protocols, without those packets having to conform to the other network’s protocols
How tunneling works One network’s packets are encapsulated within the
protocols of another network Encapsulating protocols are removed on exit
Principles of Computer Networks and Communications
45Chapter 15
Virtual Private Networks
Virtual private network (VPN)— protocol sets
Internet protocol security (IPsec) Point-to-point tunneling protocol (PPTP) Layer 2 tunneling protocol (L2TP) Multiprotocol label switching (MPLS)
Most frequently used
Principles of Computer Networks and Communications
46Chapter 15
Virtual Private Networks
Virtual private network (VPN) Internet protocol security (IPsec)
Developed by IETF Group of open standards used to create VPNs Operates at the network layer Two IPsec modes
Transport Layer 3 payload is encrypted; IP header is not Used for protected end-to-end between two hosts
Tunnel Both Layer 3 payload and header are encrypted Used for protected transmission between two nodes,
one of which is not a host
End points are a weakness
Hackers might read trafficbefore encryption occurs or after emerging from tunnel
Principles of Computer Networks and Communications
47Chapter 15
Network Address Translation
Network address translation (NAT)
Originally designed as a short-term solution for the dwindling availability of IPv4 addresses
NAT maps a single public IP address to many internal (private) IP addresses
With proper protocols installed in the NAT router, internal hosts gain a measure of security from malicious external sources
Unless specific protocol support is included, NAT routers will obstruct TCP connection attempts and UDP traffic initiated from outside the organization
With a NAT-enabled border router, there is no direct route between an external source and an internal host
Principles of Computer Networks and Communications
48Chapter 15
Wireless Security
Wireless network—security goals
Same as wired networks Protecting against
Disruption of service Interception of private or sensitive data Corruption of private or sensitive data Mischief
With one addition
Tempting target as backdoorinto the wired network
Principles of Computer Networks and Communications
49Chapter 15
Wireless Security
Wireless network—security measures
(1999) Wired equivalent privacy (WEP) Encryption between stations or between a station and an access point 64-bit encryption using RC4 stream cipher All WLAN members share the same static 40-bit key,
which is concatenated with a 24-bit initialization vector (IV) (2002) WiFi protected access (WPA)
Incorporated WEP features 172-bit encryption (key size: 128 bits, IV size: 48 bits) using RC4 Improved security with the temporal key integrity protocol (TKIP)
that dynamically changes the key before encryption (2004) 802.11i (certified as WPA2)
Official replacement for WEP 172-bit encryption (key size: 128 bits, IV size: 48 bits) Replaced RC4 stream cipher with
advanced encryption standard (AES) block cipher
Not very secure!
Good for home/home office
Good for corporate
Principles of Computer Networks and Communications
50Chapter 15
Compliance and Certification Standards for Computer Security (2004) Common criteria (CC)
International effort that combined three pre-existing standards Trusted Computer System Evaluation Criteria (TCSEC)
U.S. standard (aka “Orange Book”) (1985- U.S. National Computer Center) Canadian Trusted Computer Product Evaluation Criteria (CTCPEC)
Canadian government (1989) Information Technology Security Evaluation Criteria (ITSEC)
European standard (1990) Provides guidelines for establishing security claims and comparing
products Protection profile (PP)—focuses on security product users Security target (ST)—focuses on product/system functions and a target of
evaluation (TOE) to determine hardware/software compliance Provides assistance for creating security specifications (PPs and STs)
Security functional requirements (SFRs)—list of security functions for documenters
Security assurance requirements (SARs)—steps for achieving compliance Evaluation assurance levels (EALs)—testing has been performed
Principles of Computer Networks and Communications
51Chapter 15
Compliance and Certification Standards for Computer Security [2001] FIPS
Security Requirements for Cryptographic Modules National Institute of Standards and Technology (NIST)
(2001)
Intended to assess product ability to protect government IT systems
Products that pass are given validation certificates for the level certified
Principles of Computer Networks and Communications
52Chapter 15
Cyberlaw
Cyberlaw observations Technology changes faster than do laws and regulations Legislation designed to deal with older communication techniques (e.g., print and
telephone) does not apply well to high-speed networks, associated databases, and the Internet
Net neutrality—opposing views Status quo
Users should be in control of what they view as well as what applications they use on the Internetvs.
Current Internet should be replaced With tiered fees and access based on bandwidth requirements
“Cyberlaw refers to legislation and regulation as applied to
computer-assisted communication.”