email security, web security and malicious programs lecture 9
Post on 20-Dec-2015
220 views
TRANSCRIPT
Email Security, Web Security and Email Security, Web Security and Malicious ProgramsMalicious Programs
Lecture 9Lecture 9
Information and Nework Security 2
Email Basis Email Basis
Email InfrastructureEmail InfrastructureAllows a user to send a message to one or Allows a user to send a message to one or
more recipientsmore recipientsUsing either single email address or a Using either single email address or a
distribution listdistribution listIf a distribution list is used then:If a distribution list is used then:
The message is sent to a site where the The message is sent to a site where the distribution list is maintained and that site then distribution list is maintained and that site then sends the message to each of the recipient sends the message to each of the recipient from the list, orfrom the list, or
The sender retrieves the list and then sends The sender retrieves the list and then sends the message to each recipient from the list the message to each recipient from the list
Information and Nework Security 3
Email Infrastructure Email Infrastructure
Source and destination computers are Source and destination computers are directly communicate to each otherdirectly communicate to each otherBoth machines have to be running and reachable Both machines have to be running and reachable
on the network (not always work if the user on the network (not always work if the user machine is only occasionally connected to the machine is only occasionally connected to the network)network)
In general, email infrastructure consists of:In general, email infrastructure consists of: a whole mesh of mail forwarders or Mail Transfer a whole mesh of mail forwarders or Mail Transfer
Agents (MTA)Agents (MTA)The mail processing at the source and destination The mail processing at the source and destination
computers is done by a program called User computers is done by a program called User Agent (UA)Agent (UA)
Information and Nework Security 4
Email Infrastructure (e.g)Email Infrastructure (e.g)
UA
MTA
MTA
MTA
MTA
MTA
MTA
UA
MTA
Authentication between MTAs or between MTA and users
Not authenticated path
Information and Nework Security 5
Reasons for multiple MTAsReasons for multiple MTAs
Reasons for needing multiple MTAs along a Reasons for needing multiple MTAs along a mail path from the source to the destination:mail path from the source to the destination:Part of the network may be occasionally Part of the network may be occasionally
connectedconnectedMTAs may need to authenticate other MTAs or MTAs may need to authenticate other MTAs or
user machinesuser machinesA company may want a security gateway through A company may want a security gateway through
which all mail has to be forwardedwhich all mail has to be forwardedDifferent parts of the network may be using Different parts of the network may be using
different protocol suites different protocol suites
Information and Nework Security 6
Email Services and Security Email Services and Security
Privacy:Privacy: message is only for intended message is only for intended recipient(s) recipient(s)
Authentication:Authentication: authentication of the source authentication of the source Integrity:Integrity: integrity of message integrity of message Non-repudiation:Non-repudiation: sender can’t deny her sent sender can’t deny her sent
messagemessage Proof of submission:Proof of submission: verification to the verification to the
sender that the message was handed to the sender that the message was handed to the mail delivery system mail delivery system
Information and Nework Security 7
Email Services and SecurityEmail Services and Security
Message flow confidentiality:Message flow confidentiality: a third person a third person C cannot even determine whether A sent B a C cannot even determine whether A sent B a mail or notmail or not
Containment:Containment: the ability of the network to the ability of the network to keep certain security levels of information keep certain security levels of information from leaking out of a particular regionfrom leaking out of a particular region
Self-destruction:Self-destruction: message can’t be message can’t be forwarded or storedforwarded or stored
Proof of delivery:Proof of delivery: verification that the verification that the recipient received the messagerecipient received the message
Anonymity:Anonymity: recipient can’t find out the recipient can’t find out the identity of the sender identity of the sender
Information and Nework Security 8
Email Security ServicesEmail Security Services
Most email security services can be Most email security services can be provided by cryptographic meansprovided by cryptographic meansPrivacy: Privacy: using secret or public keyusing secret or public keyNon-repudiation: Non-repudiation: digital signaturedigital signatureAuthentication:Authentication: using secret and public using secret and public
key technologykey technologyIntegrity:Integrity: using secured hash function using secured hash function
and secret or public key technologyand secret or public key technology
Information and Nework Security 9
Email Security ServicesEmail Security Services
Proof of delivery: Proof of delivery: Is it possible to provide a receipt if and only if Is it possible to provide a receipt if and only if
the recipient got the message (Yes/No) – Yes? the recipient got the message (Yes/No) – Yes? How?How? If the recipient signs before the message is delivered, If the recipient signs before the message is delivered,
the message can be lost but the mail system has the the message can be lost but the mail system has the signature.signature.
If the recipient signs after receiving the message, the If the recipient signs after receiving the message, the recipient may not furbish a signature at that point, but recipient may not furbish a signature at that point, but yet has the message.yet has the message.
Anonymity: Anonymity: What for?What for? Is it easy? Is it easy? (most mail systems automatically include the (most mail systems automatically include the
sender’s name in the message)sender’s name in the message)Does it compromise mail security?Does it compromise mail security?
Information and Nework Security 10
Email Security counter measuresEmail Security counter measures
Make sure email software is configured Make sure email software is configured properlyproperly
Use wrappers to enhance security of email Use wrappers to enhance security of email softwaresoftware
Educate and regularly remind users of the Educate and regularly remind users of the danger of malicious programs (No email danger of malicious programs (No email system is secured)system is secured)
Design and implement prevention systems Design and implement prevention systems to early detect and give warning message to to early detect and give warning message to users or stop malicious programsusers or stop malicious programs
Information and Nework Security 11
Further Readings about Email Security Further Readings about Email Security
PEM (Private Enhanced Mail)PEM (Private Enhanced Mail) Additional features: encryption, source authentication, and Additional features: encryption, source authentication, and
integrity protectionintegrity protection Relies on certificates and uses one path of certificatesRelies on certificates and uses one path of certificates
S/MIME (Secure Multipurpose Internet Mail S/MIME (Secure Multipurpose Internet Mail Extensions)Extensions) Additional features: Additional features: Similar to PEMSimilar to PEM Relies on certificates and usees multiple certificate Relies on certificates and usees multiple certificate
hierarchieshierarchies PGP (Pretty Good Privacy)PGP (Pretty Good Privacy)
Certificates are an optional in PGPCertificates are an optional in PGP Each user decides which keys to trust Each user decides which keys to trust Different from PEM & S/MIME by treating mails as filesDifferent from PEM & S/MIME by treating mails as files
Information and Nework Security 12
Web SecurityWeb Security
Server-side security:Server-side security: Protect the server against denial of serviceProtect the server against denial of service Need to protect against site vandalismNeed to protect against site vandalism Protect against break-insProtect against break-ins
Client-site security: Client-site security: need to protect client’s machine against malicious need to protect client’s machine against malicious
programsprograms Limit the amount of personal information that the browser Limit the amount of personal information that the browser
can transmit without the user’s consent can transmit without the user’s consent Document confidentiality: Document confidentiality:
Need to protect documents against eavesdroppingNeed to protect documents against eavesdropping Protect against the risk of fraudulentProtect against the risk of fraudulent
A user misrepresents herself to get unauthorised access to A user misrepresents herself to get unauthorised access to the serverthe server
A web server tricks a user into sending it confidential A web server tricks a user into sending it confidential informationinformation
Information and Nework Security 13
Web Security: Risks Web Security: Risks
Web and Email by their services have a high Web and Email by their services have a high security risk security risk
Web browsers and servers are large and Web browsers and servers are large and complex pieces of software => vulnerable to complex pieces of software => vulnerable to security bugs (security bugs (e.g: Internet Explorer 3.0e.g: Internet Explorer 3.0))
Webservers allow scripts, applets & Webservers allow scripts, applets & programs in many languages to run on programs in many languages to run on server machines by request from clients server machines by request from clients ( browsers) => high security risk( browsers) => high security risk
Web servers can be easily misconfigured => Web servers can be easily misconfigured => provide security holesprovide security holes
Information and Nework Security 14
Web Security: RisksWeb Security: Risks
The server’s hardware may not be securedThe server’s hardware may not be secured Transmissions across the Internet are not Transmissions across the Internet are not
secured hence web documents and secured hence web documents and interactive login session are vulnerable to interactive login session are vulnerable to eavesdroppingeavesdropping
Remote authoring and administration tools Remote authoring and administration tools open security holesopen security holes
Many web accounts may need be created Many web accounts may need be created due to a high number of people involved in due to a high number of people involved in providing different information providing different information
Information and Nework Security 15
Web Security (e.g)Web Security (e.g)
Possible attacks:Possible attacks: Integrity: Integrity:
Modification of messageModification of messageConfidentiality: Confidentiality:
Eavesdropping; theft; getting information about Eavesdropping; theft; getting information about network configuration or which client talk to which network configuration or which client talk to which serverserver
Denial of service:Denial of service: Killing of user processes; flooding servers with bogus Killing of user processes; flooding servers with bogus
requests; filling up memory or disk; etc.requests; filling up memory or disk; etc.Authentication: Authentication:
Impersonation of legitimate users; data forgeryImpersonation of legitimate users; data forgery
Information and Nework Security 16
Web Security – counter measuresWeb Security – counter measures
Integrity: cryptographic checkIntegrity: cryptographic check Confidentiality: encryption (or using Confidentiality: encryption (or using
Web proxies – this is not an absolute Web proxies – this is not an absolute solution)solution)
Denial of service: Difficult to preventDenial of service: Difficult to prevent Authentication: Cryptographic Authentication: Cryptographic
techniquestechniques
Information and Nework Security 17
Web Security – counter measuresWeb Security – counter measures
Other web security issues can be Other web security issues can be minimized by:minimized by:Carefully design and test CGI scripts and Carefully design and test CGI scripts and
other added programsother added programsDo the configuration carefullyDo the configuration carefullyDo not provide more web accounts than Do not provide more web accounts than
necessarynecessary
Information and Nework Security 18
Danger of Malicious ProgramsDanger of Malicious Programs
Systems such as Microsoft Outlook make it very Systems such as Microsoft Outlook make it very simple to send anything to anyone and to work with simple to send anything to anyone and to work with objects that are receivedobjects that are received
Mobile-program systems such as Java based Mobile-program systems such as Java based system, ActiveX based system, Mobile-agent based system, ActiveX based system, Mobile-agent based system, allow programs to move on their own from system, allow programs to move on their own from one system to another => malicious programs can one system to another => malicious programs can take advantage and spread quickly (modern take advantage and spread quickly (modern software systems tend to allow mobile agents and software systems tend to allow mobile agents and program migrations [program migrations [see see P.D Le, B. Srinivasan and P. Granville, "A P.D Le, B. Srinivasan and P. Granville, "A Prototype Tool to Support Migration in Distributed Environments", Prototype Tool to Support Migration in Distributed Environments", Proceedings of the 2nd International Symposium on Applied and Corporate Proceedings of the 2nd International Symposium on Applied and Corporate
Computing, pp. 53-62, 1994.Computing, pp. 53-62, 1994. ] ]))
Information and Nework Security 19
Taxonomy of Malicious Programs
19
Need Host Program
Independent
Trapdoors Logic Bombs
TrojanHorses
Viruses Bacteria WormsZombie
Information and Nework Security 20
Malicious Programs
Logic bomb: coded embedded in some program Logic bomb: coded embedded in some program that is set to explode when certain conditions are that is set to explode when certain conditions are metmet
Trapdoor: a secret entry point (often for debugging Trapdoor: a secret entry point (often for debugging purpose) in a program that allows someone to gain purpose) in a program that allows someone to gain access without going through normal procedureaccess without going through normal procedure
Trojan horse: instructions hidden inside an Trojan horse: instructions hidden inside an otherwise useful program that do the bad thingsotherwise useful program that do the bad things
Bacteria: programs that replicate themselves to fill Bacteria: programs that replicate themselves to fill disk and memory or to take up CPU disk and memory or to take up CPU
Worm: a program that replicates itself by installing Worm: a program that replicates itself by installing copies of itself on other machines across network copies of itself on other machines across network
Information and Nework Security 21
Malicious Programs
Zombie: malicious code installed on a Zombie: malicious code installed on a system that can be remotely triggered system that can be remotely triggered to carry out some attack with less to carry out some attack with less traceability.traceability.
Virus: code that, when executed, Virus: code that, when executed, inserts copies of itself into another inserts copies of itself into another program – the infected program, when program – the infected program, when executed, will execute the virus executed, will execute the virus
Information and Nework Security 22
Malicious Programs - Virus
Virus can be embedded into a program in Virus can be embedded into a program in different fashion (pre-pended, post-pended, different fashion (pre-pended, post-pended, pre-defined point, etc)pre-defined point, etc)
Most viruses are designed to work for Most viruses are designed to work for particular OS or environmentparticular OS or environment
They are designed to take advantage of the They are designed to take advantage of the weaknesses of a particular system or weaknesses of a particular system or software platformsoftware platform
Virus can do anything a program can do – it Virus can do anything a program can do – it attaches itself to a host program and attaches itself to a host program and executes secretly when the host program is executes secretly when the host program is runrun
Information and Nework Security 23
Simple Structure of A VirusSimple Structure of A Virus
InfectedProgram {Goto virus_main;Label_for_virus;
Virus_main: Infect_executable (…); if Trigger-pulled (…) Do-damage (…)}
Do-damage (…){ do-whatever-damage-you-like}
Trigger-pulled (…){ if some condition holds return true else return false}
Infect_executable (…) { loop; AFile = randomly get an executable file; if there is Label_for_virus (file already infected)
goto loop; else prepend Virus to AFile}
Information and Nework Security 24
Malicious programsMalicious programsImmune SystemImmune System
Derive prescription
Analyse virus behavior and structure
Extract signature
Virus analysis machine
Administrative machine
Individual user
Administrative machine
Virus infected client machine
client machine
client machine
client machine
client machine
A Private Network A
A Private Network B
Information and Nework Security 25
Malicious programsMalicious programsImmune SystemImmune System
Each computer (client) has a monitoring program Each computer (client) has a monitoring program runningrunning
The monitoring program tries to find a thought-to-be The monitoring program tries to find a thought-to-be infected programinfected program
If there is one, then the client forwards a copy of that If there is one, then the client forwards a copy of that program to administrative machine within the program to administrative machine within the organisationorganisation
The administrative machine (AM) encrypts the The administrative machine (AM) encrypts the suspicious program and sends it to a virus analysis suspicious program and sends it to a virus analysis machine (VAM)machine (VAM)
The VAM creates an environment in which suspicious The VAM creates an environment in which suspicious program can be run safely for analysisprogram can be run safely for analysis
The VAM produces a prescription for treatment and The VAM produces a prescription for treatment and sends it back to the AMsends it back to the AM
The AM forwards the description to the client and othersThe AM forwards the description to the client and others With this method subscribers can receive antivirus With this method subscribers can receive antivirus
updatesupdates
Information and Nework Security 26
How to Protect your Systems against How to Protect your Systems against Malicious Programs (MP)Malicious Programs (MP)
There are many ways to enhance your There are many ways to enhance your system security such as using encryption, system security such as using encryption, firewall, security at different layers, etcfirewall, security at different layers, etc
However, there is no absolute way to protect However, there is no absolute way to protect your system against malicious programsyour system against malicious programs
Modern computer systems allow mobile Modern computer systems allow mobile programs and services via Web, Email, programs and services via Web, Email, Internet software products and the like Internet software products and the like
MPs will be the main security concern for MPs will be the main security concern for modern computer systemsmodern computer systems
Information and Nework Security 27
MP and Security MP and Security
How to prevent MPs from quickly spreadingHow to prevent MPs from quickly spreading Should your system provide rapid response so that Should your system provide rapid response so that
MPs can be stamped out almost as soon as they MPs can be stamped out almost as soon as they are introduced? How can it be done?are introduced? How can it be done?
Should your systems be able to automatically Should your systems be able to automatically capture new MPs when it enters your organisation capture new MPs when it enters your organisation computer system?computer system?
Should your system dynamically inform other Should your system dynamically inform other systems so that they can analyse, detect and systems so that they can analyse, detect and possibly remove MPs?possibly remove MPs?
Dynamically provide tools for diagnosis & Dynamically provide tools for diagnosis & treatment, etc. treatment, etc.
Information and Nework Security 28
Malicious Program Detection System Malicious Program Detection System (MPDS) – Overview (MPDS) – Overview
Virtual machine 1
Quantum machine
Common Administrative machine
Network 1
Virtual machine 2
Virtual machine 3
Virtual machine N
Network 2 Network 3
Information and Nework Security 29
Proposed Malicious Program Proposed Malicious Program Detection SystemDetection System
Reason: Modern computer systems allow Reason: Modern computer systems allow mobile programs and services via Web, mobile programs and services via Web, Email, Internet software products and the Email, Internet software products and the like like Such systems are more vulnerable due to the Such systems are more vulnerable due to the
nature of the services they provide and the nature of the services they provide and the heavy interactions between users and the heavy interactions between users and the systemssystems
Goals: Goals: The proposed system attempts to reduce the The proposed system attempts to reduce the
impact of MPs attackimpact of MPs attackThe idea can be applied at organisation level or The idea can be applied at organisation level or
larger scalelarger scale
Information and Nework Security 30
How MPDS works?How MPDS works?
MPDS requires that if an application MPDS requires that if an application allows user interactions, then it must allows user interactions, then it must be constructed to allow corresponding be constructed to allow corresponding non-interactive optionsnon-interactive optionsThis requirement is reasonable since it This requirement is reasonable since it
allows automatic software testing, allows automatic software testing, analysis and correctionanalysis and correction
Modern software are object-oriented and Modern software are object-oriented and hence it facilitates both interactive and hence it facilitates both interactive and non-interactive optionsnon-interactive options
Information and Nework Security 31
Main components of MPDSMain components of MPDS
A quantum or extremely fast computer (FC) is used A quantum or extremely fast computer (FC) is used as a simulation and detection centre on which as a simulation and detection centre on which many different software platforms can concurrently many different software platforms can concurrently residereside
A common administrative machine (CAM) forwards A common administrative machine (CAM) forwards all incoming messages to FCall incoming messages to FC
FC delivers messages to FC for analysis and FC delivers messages to FC for analysis and checkingchecking
If the analysis and checking says “If the analysis and checking says “Not O.KNot O.K”, then ”, then messages are messages are markedmarked “unsafe” and sent back to “unsafe” and sent back to CAMCAM
CAM forwards unmarked messages to intended CAM forwards unmarked messages to intended destinations or rejects destinations or rejects markedmarked messages messages
Information and Nework Security 32
Further research readingFurther research reading
Security achievement is related to Security achievement is related to planning more than fixing, we planning more than fixing, we encourage you to:encourage you to:Discuss the trend of web, Email Discuss the trend of web, Email
applications and other Internet servicesapplications and other Internet servicesAttempt to provide some conceptual Attempt to provide some conceptual
models to deal with threats from MPsmodels to deal with threats from MPs