Chapter 10 Network Security. Introduction Look at: –Principles of Security (10.1) –Threats (10.2) –Encryption and Decryption (10.3) –Firewalls (10.4)

Chapter 10

Network Security

Introduction

• Look at:– Principles of Security (10.1)– Threats (10.2)– Encryption and Decryption (10.3)– Firewalls (10.4)

Introduction

• Look at:– IP Security (IPSec) (10.5)– Web Security (10.6)– E-mail Security (10.7)– Best Internet Security Practices (10.8)

Principles of Security

• The concept of security within the network environment includes:– All aspects of operating systems – Software packages– Hardware– Networking configurations– Network sharing connectivity– Physical security is also linked to IT security

Principles of Security

• Security is not just a policy or a plan

• It is a mindset

• You must properly train and cultivate employees to be security aware

• Remember that your network is only as strong as its weakest link, which is usually a human being

Threats

• Humans pose probably the greatest threat to a network because their behavior cannot be controlled

• Because an environment can’t be made completely threat-proof, you must be constantly attentive to be sure that it is as secure as possible

• The first step to sound security is establishing a security policy

Threats

• A back door is a program that allows access to a system without using security checks

• Programmers will put back doors in programs so they can debug and change code during test deployments of software

• A back door can also be installed through applications that are hidden inside of games or software such as screen savers

• Another type of back door comes in the form of a privileged user account

Threats

• Brute force is a term used to describe a way of cracking a cryptographic key or password

• It involves systematically trying every conceivable combination until a password is found, or until all possible combinations have been exhausted

• Brute force is a method of pure guessing• Password complexity plays an important role

when dealing with brute force programs• The more complex the password, the longer it

takes to crack

Threats

• The most popular attacks are buffer overflow attacks

• More data is sent to a computer’s memory buffer than it is able to handle causing it to overflow

• The system is left in a vulnerable state or arbitrary code can be executed

• Buffer overflows are probably the most common way to cause disruption of service and lost data

Threats

• The purpose of a denial of service (DoS) attack is to disrupt the resources or services that a user would expect to have access to

• These types of attacks are executed by manipulating protocols and can happen without the need to be validated by the network

• Many of the tools used to produce this type of attack are readily available on the Internet

Threats

• The man-in-the-middle attack takes place when an attacker intercepts traffic and then tricks the parties at both ends into believing that they are communicating with each other

• The attacker can also choose to alter the data or merely eavesdrop and pass it along

• A man-in-the-middle attack can be compared to inserting a receptive box between two people having a conversation

• This attack is common in Telnet and wireless technologies

Threats

• Session hijacking is a term given to an attack that takes control of a session between the server and a client

• A hijacker waits until the authentication cycle is completed and then generates a signal to the client

• This causes the client to think it has been disconnected

• Then the hijacker begins to transact data traffic, pretending to be the original client

Threats

• Spoofing is making data appear to come from somewhere other than where it really originated

• This is accomplished by modifying the source address of traffic or source of information

• Spoofing bypasses IP address filters by setting up a connection from a client and using an IP address that is allowed through the filter

Threats

• Social engineering plays on human behavior and how we interact with one another

• The attack doesn’t feel like an attack at all • We teach our employees to be customer

service oriented so often they think they are being helpful and doing the right thing

• Each attack plays on human behavior and our willingness to help and trust others

Threats

• Software exploitation is a method of searching for specific problems, weaknesses, or security holes in software code

• Improperly programmed software can be exploited

• It takes advantage of a program’s flawed code

Threats

• A program or piece of code that is loaded onto your computer without your knowledge is a virus

• It is designed to attach itself to other code and replicate

• It replicates when an infected file is executed or launched

• It attaches to other files, adding its code to the application’s code and continues to spread

Threats

• Trojan horses are programs disguised as useful applications

• Trojan horses do not replicate themselves like viruses but they can be just as destructive

• Code hidden inside the application can attack your system directly or allow the system to be compromised by the code’s originator

• It is typically hidden so its ability to spread is dependent on the popularity of the software and a user’s willingness to download and install the software

Threats

• Worms are similar in function and behavior to a virus, Trojan horse, or logic bomb

• Worms are self-replicating• A worm is built to take advantage of a

security hole in an existing application or operating system, find other systems running the same software, and automatically replicate itself to the new host

• The process repeats with no user intervention

Threats

• Other types of malware are:– Logic bombs – Spyware – Sniffers – Keystroke loggers

• As with anything, the intent and use of some of these can be good or bad

Encryption and Decryption

• Cryptosystem or cipher system provides a way to protect information by disguising it into a format that can be read only by authorized systems or individuals

• The use of these systems is called cryptography and the disguising of the data is called encryption


• Encryption is the transformation of data into a form that cannot be read without the appropriate key to decipher it

• It is used to ensure that information is kept private

• Decryption is the reverse of encryption • Decryption deciphers encrypted data

into plain text that can easily be read


• There are two basic types of encryption where one letter is replaced with another by a scheme

• This is called a cipher

• The two basic types are:– substitution

– transposition


• A substitution cipher replaces characters or bits with different characters or bits, keeping the order in which the symbols fall the same

• In a transposition cipher, the information is scrambled by keeping all of the original letters intact, but mixing up their order

• This is called permutation


• The Data Encryption Standard (DES) suggests the use of a certain mathematical algorithm in the encrypting and decrypting of binary information

• The system consists of an algorithm and a key

• It is a block cipher using a 56-bit key on each 64-bit chuck of data

• In a block cipher, the message is divided into blocks of bits


• Rivest-Shamir-Adleman (RSA) is an Internet encryption and a digital signature authentication system that uses an algorithm

• This encryption system is currently owned by RSA Security

• The RSA key length may be of any length, and it works by multiplying two large prime numbers


• Public-key cryptosystems use different keys to encrypt and decrypt data

• The public key is readily available whereas the private key is kept confidential

• There are two major types of algorithms used today: – symmetric, which has one key that is

private at all times – asymmetric, which has two keys: a public

one and a private one


• Besides RSA, some of the more popular asymmetric encryption algorithms are:– Diffie-Hellman Key Exchange – El Gamal Encryption Algorithm – Elliptic Curve Cryptography (ECC)

• The environments where public-key encryption is very useful include unsecured networks where data is vulnerable to interception and abuse


• Public Key Infrastructure (PKI) allows you to bring strong authentication and privacy to the Internet

• Public-key cryptographic techniques and encryption algorithms allow you to provide authentication and ensure that only the intended recipients have access to data

• PKI is comprised of several standards and protocols that are necessary for interoperability among different security products


• The system consists of digital certificates and the certificate authorities (CAs) that issue the certificates

• Certificates identify sources that have been verified as authentic and trustworthy

• The CA’s job is to verify the holder of a digital certificate and ensure that the holder of the certificate is who they claim to be


• Digital signatures are used to authenticate the identity of the sender, as well as ensure that the original content sent has not been changed

• Non-repudiation is intended to provide a method in which there is no way to refute where data has come from

• Non-repudiation is unique to asymmetric systems because private keys are not shared


• A virtual private network (VPN) is a network connection that allows you secure access through a publicly accessible infrastructure

• VPN technology is based on tunneling• Tunneling uses one network to send its data

through the connection of another network• It works by encapsulating a network protocol

within packets carried by a public network


• The protocol that is wrapped around the original data is the encapsulating protocol such as: – IP Security (IPSec) – Point-to-Point Tunneling Protocol (PPTP)– Layer Two Tunneling Protocol (L2TP)– Layer 2 Forwarding (L2F)

• Tunneling is not a substitute for encryption

Firewalls

• A firewall is a component placed between computers and networks to help eliminate undesired access by the outside world

• It can be comprised of:– hardware– software– a combination of both

Firewalls

• There are four broad categories that firewalls fall into: – packet filters – circuit level gateways– application level gateways– stateful inspection

• These four categories can be grouped into two general categories

Firewalls

• A packet-filtering firewall is typically a router• Packets can be filtered based on IP

addresses, ports, or protocols • They operate at the Network layer (Layer 3)

of the Open System Interconnection (OSI) model

• Packet filtering is based on the information contained in the packet header

Firewalls

• An Application-level gateway is known as a proxy

• Proxy service firewalls act as go betweens for the network and the Internet

• The firewall has a set of rules that the packets must pass to get in or out of the network

• They hide the internal addresses from the outside world and don’t allow the computers on the network to directly access the Internet

IP Security (IPSec)

• IPSec is a set of protocols developed by the IETF that operates at the Transport Layer (Layer 3) to support the secure exchange of packets

• The IPSec protocol suite adds an additional security layer in the TCP/IP stack

• The IPSec suite attains a higher level of support for data transport by using a set of protocols and standards together

IP Security (IPSec)

• These include:– Authenticated Header (AH)– Encapsulated Secure Payload (ESP)– Internet Key Exchange (IKE)

• AH provides integrity, authentication, and anti-replay capabilities

• ESP provides all that AH provides, plus data confidentiality

Web Security

• A Web server is used to host Web-based applications and internal or external Web sites

• The best way to ensure that only necessary services are running is to do a clean install

• Web servers contain large, complex programs that may have some security holes

• Many protocols contain common vulnerabilities that may be manipulated to allow unauthorized access

E-mail Security

• E-mail has become the preferred method of communication

• The public transfer of sensitive information exposes it to interception or being sent to undesired recipients

• Unsolicited e-mail may contain dangerous file attachments such as viruses, trojan horses or worms

E-mail Security

• Pretty Good Privacy (PGP) is a specification and application which is integrated into popular e-mail packages

• PGP enables you to securely exchange messages, secure files, disk volumes and network connections with both privacy and strong authentication

• PGP can also be used for applying a digital signature without encrypting the message

E-mail Security

• Privacy-Enhanced Mail (PEM) was one of the first standards for securing e-mail messages by encrypting 7-bit text messages

• PEM may be employed with either symmetric or asymmetric cryptographic key mechanisms

• It works at the application layer, using a hierarchical authentication framework compatible with X.509 standards

Best Internet Security Practices

• Here are some best practices for being able to detect network attacks: – Assume everyday that a new vulnerability

has surfaced overnight– Make it part of your daily routine to check

the log files from firewalls and servers– Have a list of all the security products that

you use and check vendor Web sites for updates


• Here are some best practices for being able to detect network attacks:– Know your infrastructure – Ask questions and look for answers – Set good password policies– Install virus software and update the files

on a regular basis


• Listed below are some Web sites that offer good information on best practices:– http://csrc.nist.gov/fasp/– http://www.cert.org/security-improvement/– http://www.sans.org/rr/– http://www.securityfocus.com

Documents

Chapter 10 Network Security. Introduction Look at: –Principles of Security (10.1) –Threats (10.2) –Encryption and Decryption (10.3) –Firewalls (10.4)