Computer Network Security

Computer Network SecurityP.S.Dhekne BARC

Presentation at SASTRA

OrganizationWhat is Security all about?What is at Risk?Why Risks Exist?General Threat PerceptionsSecurityData (local, Remote)CommunicationsSecure BackupNetwork Perimeter SecurityGeneral PolicyMin. Security EnforcementIntrusion Detection SystemCryptographic SecurityVPN: A RoadmapPoints for ActionEmergency Response Team


INFORMATION SECURITY The information systems are known to be vulnerable to many threats like cyber crime, hacking and terrorism Regardless of whether the information has been stolen by the attacker or not, the security breaches and virus attacks result in adverse publicity to the organization. Thus issues like protection and security of the information systems have become greater concern.


85% detected computer security breaches within the last twelve months. 64% acknowledged financial losses due to computer breaches. 36% reported the intrusions to law enforcement; a significant increase from 2000, when only 25% reported them.Some Harsh Facts : (IDC report)


INFORMATION SECURITY Information & Network penetration do occur- from outsiders & insidersin spite of having various security measures such as Anti-virus, Firewalls, Routers There are two ways to attack computers- Gain physical access to machines & conduct physical attack- Attack by use of malicious software; Malware


What is Security all about?Confidentiality:Protecting sensitive information from unauthorized disclosure or intelligible interception; Only seen by entities to whom it is addressedIntegrity:Not modified/destroyed in a unauthorized way; safeguarding the accuracy & completeness of information & softwareAccess Control:Access (computation, data, service) follows the prescribed policyAuthentication: Verifying the identity claimed


What is Security All About?Availability:System accessible/usable on demandNonrepudiation:Protection against false denial of comm.Audit Trail:Chronological record of system activities to enable reconstruction/examination of environments/activities leading to an operation from inception to final results.Privacy:Breach of confidentiality is also invasion of privacy.Collecting a dossier based upon his activities - inferring habits, movements, expenditures Security Risk


What is at Risk?Data, Time and MoneyObvious: deletion/modification of data Slowly modifying data so that breach is not discovered right awayUsing Service providers software (say a online brokers CD software) provides flexibility than by standard browsers. However it is a golden opportunity for an attacker with the knowledge of how that software works.


What is at Risk? (Contd)2. ConfidentialityData disclosure is often overlooked riskA breach of confidentiality is much less likely to be discovered than the deletion of dataBest Defence: well-designed cryptographic protected system note that the data must be in the clear at some point (it is here attacker can get in )


What is at Risk? (Contd)Privacy:One of the things that is risk in todays computerized and networked world.Resource Availability:Denial of Service attacks


Why Risks Exist?Erroneous ProgramLack of prudent Software Engineering PracticesComplexity of software (millions of lines)Urgently developed Components of The Shelf (COTS)The user (Systems should be User proof!)Responsibility lies with the user (ignorance/non co-operation are problems)Security policy should convince the usersPoor AdministrationConfiguration, backup procedures, constant updates, monitoring, disaster recovery


General Threat PerceptionsNetwork threatened by external running malicious scripts (Malware)Adversaries attempting access protected services, break into machines, snoop communications, collect statistics of transactions Insiders and outsidersDisasters (natural and man-made)


Secure Storing of Data(Local Storage)Physical SecurityProtect machineLimit network accessMost secure (without external access)Suppose it falls into an adversaryAll the data can be obtained in the clearCryptographic Secure.Protects even if the m/c falls to adversaryOf course person having access can delete -- Hence, BACKUPData IntegrityCryptography: FragileSystem issues, user interfaces , Crypto-file servers


Secure Storing of Data(Remote Storage)Need (also advantages!):Data protected from local disk failureSharing of filesCentralized administration and backupUse of diskless workstationsAdding Security: passwords, cryptography, access control lists, capabilitiesPhysical security (Key servers etc)


Prevent what you cannot detect and detect what you cannot preventSecurity of the backup itselfBackup over a networkCryptographic encryptionKey serversIncremental BackupDeleting BackupsSecure Backup


Secure CommunicationCryptographyEncryption/decryptionKey managementSession key protocolsPublic Key InfrastructuresCertificationDigital Signatures


Replay PreventionReplay attacks are simple yet very effectiveRecords a message say from A to B, and later replays it to impersonate AAttack is effective as attacker need not decryptNeeds to be addressed regardless of layer chosen


Network Perimeter Security(Protection from Outsiders)General (Policies to be enforced)Policies delineating appropriate and inappropriate behaviourSecurity Classification of data and Machines and enforce access controlsOnly required access to be given to insidersEnforce Physical security for file servers, secure nodes, key servers, authentication servers, backups etc.Audit Procedures (manual and automated)


Network Perimeter Security(Min. Security Enforcement)External Access: One point access: Internet, Dialups (callbacks), Broadband, DSL, wireless ; violation only with cryptographic encryptionMinimum Standards for Hardware Software Standards: OS, Browsers, Compilers, Tools prefer open sourceSecure Configuration email, mobile agents/systems, only required ports to be open, restrictions on shell (corresponding to required security levels)Viruses (continuous protection)Denial of Service Protection


Minimum Security (contd)Web Security: embarrassing quite often;Have Exit Control (ensures web modifications through authentication)Check Mirror sites periodicallyAuditing the usage and trafficBackup (automatic, mirroring, remote, ) and disaster recovery -- Perhaps use


Intrusion Detection SystemsAttack detection, with automated responseDamage prevention and containmentTracing and isolation of attack origin pointsMimic hackers attacking networks (including ISPs) continuously highlighting dangerous infrastructure flaws that could cripple the system Leads to required Upgrades in SecurityLeads to next generation design of devices


Certification: Key Servers, PKI InfrastructureNeeded securityVia parameters identified in the policyAuthenticated usage Computing DataBackup of Data and its integrity Onlineoffline


Securing CommunicationTrusted sitesUse of public networkSecure channelsTransparent to users


Virtual Private Network:VPNSecure use of public communication channel with

Off the shelf hardwareIP tunnelingSoftware encryption


Basic VPNFixed encryption algorithmStatic keys per pair of sitesAn encrypting PC router per siteOff the shelf hardwareCustom softwareSecures communication between sites


Managing the VPNIntroduce key serversManage dynamic keys on the networkCustomize encryption algorithmsInvolves software upgrades at each site.Provide a scalable management model


Tighten Exit SecurityFake traffic on the linksReroute trafficInsulate from statistical inferences


Internal SecurityIntroduce encryption within a siteInvolves software upgrades to the OS

Minimize damage from within (may be crypto fileservers)


Points for actionPolicyAccess Control and LogEncryptionCertificationBackupTeamsRoutine Audit and Management StructureEmergency Response TeamDynamic IDS and Crypto-Systems Work


Emergency Response TeamPlan Person on firecall and in-charge Reaction to security breach. Internal expertise If not alternatives Determine chain of command


- Loss of data- Loss of server up time- Loss of user's productivity- Loss of moneyAverage cost per virus encounter US $ 2454How much protection is enough ?No one knows!!COST OF UNPROTECTED ENVIRONMENT


Information Security Management System (ISMS)Organization SecurityPersonnel SecurityPhysical & Environmental securitySecurity PolicyAsset Classification & ControlAccess ControlCommunications & Operations ManagementSystem Development & Maint.Security Standard Compliance: IS 15150/27001


Information Security ApproachSecure Network Design, Layered approach (Defense in Depth concept), SPF and Application firewallsHarden the Operating SystemUse Secure Applications with Secure ConfigurationsCentralized logging and MonitoringIntrusion Detection System (HIDS,NIDS)EncryptionLocal Vulnerability tests, self auditing


Secured Multi-layered Network DesignNAT FirewallWWWserverInternetMailGateway

DNSserverInternal Email ServerCentralizedLog serverAnd SMSISDNExchangeISDN linesPCPC2 Mbps192.168.x.xPCPCRemote AccessServer10.x.x.x202.41.86.x Router/Firewall

IDSBrowsing PCsBrowsing PCsBrowsing PCsPROXYServerVia VPNIDSIDSDMZ


SECURITY BUILDING BLOCKSAuthentication (passwords, biometric devices) Encryption - so that unauthorized user cannot make sense of the data even if he intercepts it.Access control - a policy by the organization to decide who has access to what.Key management - the properties of the encryption/decryption keys.Resource isolation- so that damage is contained.Network Perimeter Protection Firewall, NAT


Use of Secure Software

Centralized Logging and Security Monitoring System

Web-Pages Integrity check module for Apache Web-ServerSecuring Web Server

Securing Mail-gateways

Securing DNS servers Use of Public Domain Firewalls, Proxy and NAT servers with value additions


Intrusion Detection SystemHost Intrusion Detection SystemSecurity Monitoring System Developed at BARCNetwork Intrusion Detection SystemOpen Source SNORT IDS implemented with rule set customized for our environment.


Web Based Security Monitoring & IDS BARC has developed a Web based Security Monitoring & Intrusion Detection System For monitoring security of routers, all Internet connected servers and related software packages on a continuous basis. This software tool can detect network attacks in real-time by analyzing various log files and known signatures It allows system administrator to take appropriate corrective action before any damage to information can be caused by setting an alarm.


Central Administration & MonitoringTo ensure that IT Security policies within a organization are properly implemented, it is necessary to conduct periodic audits Need powerful automated tools forAuditingIntrusion detectionPerformance measurementAnd to find a variety of threats, vulnerabilities and advance warning for any penetration that might occur


Centralized logging & Monitoring System All Internet Servers, routers logs are collected on centralized log serverLogs are parsed for abnormal events on Routers, Internet connected hostsAll incoming/outgoing mail archivedMail logs are parsed for generating Mail usage, abnormal event statisticsProxy server logs are parsed for generating proxy server usage statistics



The loss of data

Documents

Computer Network Security