View
218
Download
0
Tags:
Embed Size (px)
Citation preview
COS 338
Day 18
DAY 18 Agenda
Second capstone progress report over due Lab 5 graded
1 A, 2 B’s, 2 F’s and 1 non-submits
Assignment 5 Graded 2 A’s, 2 B’s and 2 non-submits
Lab 6 Due Assignment 6 Posted
Due November 17
Monday November 14 is Road Trip To UM http://www.umcs.maine.edu/~markov/seminarsf05.html http://www.papert.org/ Meet by Physical Plant at 10:15, Van leaves promptly at 10:30 AM
Today we will begin finish discussing Security Along with Security for windows XP (chap 9a)
Security Management
Figure 9-10: Digital Certificate Authentication
Digital Certificate
User gets secret private key and non-secret public key
Digital certificates give the name of a true party and his or her public key
Figure 9-10: Digital Certificate Authentication
Testing a Digital Signature
Applicant performs a calculation with his or her private key
Verifier tests calculation using the public key found in the true party’s digital certificate
If the test succeeds, the applicant must be the true party
Figure 9-11: Testing a Digital Signature
Digital Certificate Digital Signature
Authentication
Name of True PartyPublic Key of
True Party
Digital SignatureCreated with Private Key of
Applicant.Added to each
Message.
Figure 9-10: Digital Certificate Authentication
Strong Authentication The strongest method today
Expensive and Time-Consuming to Implement Software must be added to clients and servers, and
each computer must be configured
Expensive because there are so many clients in a firm
Figure 9-10: Digital Certificate Authentication
Client Weaknesses Sometimes, only server gets digital certificate
Client uses passwords or something else
Figure 9-11: Testing a Digital Signature
Verifier must test the digital signature with the public key of the true party.
If the test succeeds, the applicant must have the true party’s private key.
Only the true party should know this private key; so the applicant must be the true party.
Figure 9-12: Biometric Authentication
Biometric Authentication Based on bodily measurements
Promises to dramatically simplify authentication
Figure 9-12: Biometric Authentication
Fingerprint Scanning Simple and inexpensive
Substantial error rate (misidentification)
Often can be fooled fairly easily by impostors
Dominates biometrics today
Figure 9-12: Biometric Authentication
Iris Scanners Scan the iris (colored part
of the eye)
Irises are complex, so strong authentication
Expensive
(Do NOT shine light in your eyes; scanner is a camera.)
Figure 9-12: Biometric Authentication
Face Recognition
Camera allows analysis of facial structure
Can be done surreptitiously—without the knowledge or consent of person being scanned
Very high error rate and easy to fool
Figure 9-12: Biometric Authentication
Error Rates and Deception
Error and deception rates are higher than vendors claim
Usefulness of biometrics is uncertain
Firewalls, IDSs,and IPSs
Figure 9-13: Firewall Operation
Corporate Network The Internet
Log File
Arriving Packets
Permit (Pass)Legitimate
Packet
Deny(Drop)AttackPacket
Application Message
Application Message
ICMP MessageIP-H
IP-H
IP-H TCP-H
UDP-H
StaticPacketFilter
Firewall
Figure 9-14: Access Control List (ACL) for a Packet Filter Firewall
1. If destination IP address = 60.47.3.9 AND TCP destination port = 80 OR 443, PASS [connection to a public webserver]
2. If ICMP Type = 0, PASS [allow incoming echo reply messages]
3. If TCP destination port = 49153 to 65535, PASS [allow incoming packets to ephemeral TCP port
numbers]
Figure 9-14: Access Control List (ACL) for a Packet Filter Firewall
4. If UDP destination port = 49153 to 65535, PASS [allow incoming packets to ephemeral UDP port
numbers]
5. DENY ALL [deny all other packets]
Figure 9-15: Stateful Firewall Default Operation
Internal HostExternal
Host
Internally initiatedcommunication
is allowed.
Externallyinitiated
communicationis stopped.
X
Figure 9-16: Application Firewalls
Application Firewalls
Examine application layer messages in packets
Packet filter firewalls and stateful firewalls do not look at application messages at all
This makes them vulnerable to certain attacks
Figure 9-16: Application Firewalls
Application Fidelity
Requiring the application using a well-known port to be the application that is supposed to use that port
For instance, if an application uses Port 80, application firewall requires it to be HTTP, not a peer-to-peer file transfer program or something else
This is called enforcing application fidelity
Figure 9-16: Application Firewalls
Limited Content Filtering
Allow FTP Get commands but stop FTP Put commands
Do not allow HTTP connections to black-listed (banned) websites
E-mail application server may delete all attachments
Figure 9-16: Application Firewalls
Antivirus Scanning
Few application firewalls do antivirus filtering
Packets also must be passed through separate antivirus filtering programs
Figure 9-17: Defense in Depth with Firewalls
ClientwithHost
FirewallSoftware
Internet
ApplicationFirewalle-mail,HTTP,
etc.
MainFirewall:Stateful
InspectionFirewall
ScreeningBorder
Router withPacket Filter
FirewallSoftware Site
Figure 9-18: Firewalls
Log File
HardenedServer
IDS
HardenedClient PC
Network ManagementConsole
InternalCorporateNetwork
InternetFirewall
Allowed LegitimatePacket
LegitimateHost
LegitimatePacket
Attacker
Figure 9-18: Firewall
Log File
HardenedServer
IDS
HardenedClient PC
Network ManagementConsole
InternalCorporateNetwork
InternetFirewall
LegitimateHost
AttackerAttackPacket
DeniedAttackPacket
Figure 9-18: Intrusion Detection System (IDS)
Log File
IDS
HardenedClient
PC
Network ManagementConsole
InternalCorporateNetwork
IDS
LegitimateHost
AttackerAlarmAbout
SuspiciousPacket
Suspicious Packet
Hardened Server
SuspiciousPacket
Figure 9-18: Intrusion Prevention Systems (IPSs)
Firewalls stop simple attacks
IDSs can identify complex attacks involving multiple packets But many false positives (false alarms)
Intrusion prevention systems (IPSs) Like IDSs, can identify complex attacks
Unlike IDSs, also stop these attacks
Only allowed to stop clearer complex attacks
Figure 9-19: Cryptographic System (SSL/TLS)
Applicant(Customer Client)without Digital Certificate
Verifier(Merchant Webserver)with Digital Certificate
Provides Protection at Transport Layer
Protects all Application TrafficThat is SSL/TLS-Aware (Mostly HTTP)
Figure 9-19: Cryptographic System (SSL/TLS)
Applicant(Customer Client)without Digital Certificate
Verifier(Merchant Webserver)with Digital Certificate
1.Negotiation of Security Options (Brief)
2.Merchant Authenticates Self to Customer
Uses a Digital CertificateCustomer Authentication Is Optional and Uncommon
Figure 9-19: Cryptographic System (SSL/TLS)
Applicant(Customer Client)without Digital Certificate
Verifier(Merchant Webserver)with Digital Certificate
3.Client Generates Random Session Key
Client Sends to Server Encrypted by Merchant’s Public Key
4.Ongoing Communication with Confidentiality
and Merchant Digital Signatures
Figure 9-19: Cryptographic System (SSL/TLS)
Perspective
Initial Hand-Shaking Phases are Very Brief (Milliseconds)
The Last Phase (Ongoing Communication) Is Almost All Total Communication
Encryption for Confidentiality
Figure 9-20: Symmetric Key Encryption and Public Key Encryption
Symmetric Key Encryption for Confidentiality
Message“Hello”
EncryptionMethod &
Key
SymmetricKey
Party A
Party B
InterceptorNetwork
Encrypted Message
Encryption uses anon-secret encryption method and
a secret key
Figure 9-20: Symmetric Key Encryption and Public Key Encryption
Symmetric Key Encryption for Confidentiality
Encrypted Message
SymmetricKey
Party A
Party B
InterceptorNetwork
Interceptor cannot readencrypted messages
Encrypted Message
Figure 9-20: Symmetric Key Encryption and Public Key Encryption
Symmetric Key Encryption for Confidentiality
Message“Hello”
EncryptionMethod &
Key
Encrypted Message Message“Hello”
DecryptionMethod &
Key
SymmetricKey
SameSymmetric
Key
Party A
Party B
InterceptorNetwork
Receiver decrypts the messageUsing the same encryption message
And the same symmetric key
Encrypted Message
Figure 9-20: Symmetric Key Encryption and Public Key Encryption
Public Key Encryption for Confidentiality
EncryptedMessage
EncryptedMessage
Party A Party B
Encrypt withParty B’s Public Key
Decrypt withParty B’s Private Key
Decrypt withParty A’s Private Key
Encrypt withParty A’s Public Key
Note:Four keys are used to encryptand decrypt in both directions
Figure 9-21: Other Aspects of Protection
Hardening Servers and Client PCs
Setting up computers to protect themselves
Server HardeningPatch vulnerabilitiesMinimize applications running on each serverUse host firewallsBackup so that restoration is possible
Figure 9-21: Other Aspects of Protection
Hardening Servers and Client PCs Client PC Hardening
As with servers, patching vulnerabilities, minimizing applications, having a firewall, and implementing backup
Also, a good antivirus program that is updated regularly
Client PC users often make errors or sabotage hardening techniques
Figure 9-21: Other Aspects of Protection
Vulnerability Testing
Protections are difficult to set up correctly
Vulnerability testing is attacking your system yourself or through a consultant
There must be follow-up to fix vulnerabilities that are discovered
Incident Response
Dealing with attacks that succeed
Figure 9-22: Incident Response
Response Phases Detecting the attack
If not detected, damage will continue unabated
IDS or employee reports are common ways to detect attacks
Stopping the attackDepends on the attackReconfiguring firewalls may
work
Figure 9-22: Incident Response
Response Phase Repairing the damage
Sometimes as simple as running a cleanup utility
Sometimes, must reformat a server disk and reinstall software
Can be very expensive if the attacker has done much damage
Figure 9-22: Incident Response
Response Phase Punishing the attackers
Easier to punish employees than remote attackers
Forensic tools collect data in a manner suitable for legal proceedings
Figure 9-22: Incident Response
Major Attacks and CSIRTs
Major attacks cannot be handled by the on-duty staff
On-duty staff convenes the computer security incident response team (CSIRT)
CSIRT has people from security, IT, functional departments, and the legal department
Figure 9-22: Incident Response
Disasters
Natural and attacker-created disasters
Can stop business continuity (operation)
Data backup and recovery are crucial for disaster response
Dedicated backup facilities versus real-time backup between different sites
Figure 9-22: Incident Response
Disasters Business continuity recovery is broader
Protecting employees
Maintaining or reestablishing communication
Providing exact procedures to get the most crucial operations working again in correct order
Topics Covered
Topics Covered
A Wide Variety of Attacks Viruses and Worms
Hacking (Break-in)ScanningBreak-InExploitation (delete log files, create backdoors, do
damage)
Denial-of-Service (DoS) Attacks Employee misuse of the Internet Growing in frequency (and viciousness)
Topics Covered
A Wide Variety of Attackers Traditional Attackers
Wizard attackersEmployees and Ex-Employees
Criminals (Exploding)
Cyberterrorists and National Governments
Topics Covered
A Management Issue, not a Technical Issue Technology does not work automatically
Planning Risk analysis
Comprehensive security
Defense in depth
Topics Covered
Authentication and Authorization Authentication servers give consistency
Passwords (weak)
Digital signatures and digital certificatesHigh security but difficult to implement
Biometric authenticationCould eliminate passwordsError rates and deception
Topics Covered
Firewalls Drop and log packets
Packet filter firewalls and ACLs
Stateful firewalls (dominate for main firewalls today)
Application firewalls filter application contentUsually do NOT provide antivirus filtering
Defense in depth with multiple firewalls
IDSs to detect complex attacks
IPSs to stop some complex attacks
Topics Covered
Cryptographic Systems Negotiate security parameters
Authentication
Key exchange
Ongoing communication (dominates)
SSL/TLS Cryptographic system used in e-commerce
Protects HTTP communication
Topics Covered
Encryption for Confidentiality Symmetric key encryption
Both sides use the same symmetric keyDominates because fast and efficient
Public key encryptionEach side has a secret private key and a non-
secret public key
Topics Covered
Hardening Servers and Client PCs Patching vulnerabilities
Minimize applications
Host firewalls
Backup
Clients: antivirus filtering (users may sabotage)
Vulnerability Testing
Topics Covered
Incident Response
Detection, stopping, repair, punishment
CSIRTs for major attacks to big for the on-duty staff to handle
Disaster response and business continuity recovery
Hands-On: Windows XP Home Security
Chapter 9a
Copyright 2004 Prentice-HallPanko’s Business Data Networks and Telecommunications, 5th edition
Figure 9a-1: Windows Updates (Study Figure)
The Need for Windows Updates To patch security vulnerabilities
To fix bugs and add functionality
Figure 9a-1: Windows Updates (Study Figure)
Options
Automatic updating turned on by default in Windows XP
Default is to notify user of updates before downloading and installing
Option to download but notify user of the need to install
Figure 9a-1: Windows Updates (Study Figure)
Options Option to download and install without user
interventionDangerous because problem updates may cause
difficulties for users
Figure 9a-1: Windows Updates (Study Figure)
Other Matters
Work-arounds (manual) are difficult for end users
Service packs are cumulative collections of updates
Service packs must be installed in order of their creation
Severe updates may be loaded immediately while others wait
Figure 9a-1: Windows Updates (Study Figure)
Updating Applications
All applications must be updated as well to eliminate security vulnerabilities
If an application is taken over, an attacker may be able to take over the computer
Updating applications is difficult because there are so many of them
Each will have a different method for users to discover, download, and install updates
Figure 9a-3: Antivirus Scanning (Study Figure)
Importance
Viruses are widespread
Every PC needs antivirus software to stop incoming (and outgoing) viruses
Free Anti-virus for UMFK students and staff
http://www.umfk.maine.edu/it/
Figure 9a-3: Antivirus Scanning (Study Figure)
Using Antivirus Programs Effectively
Virus definitions database and program must be updated frequently
Preferably daily
Program must be configured to work with user’s e-mail, other programs
Antivirus software must be selected to work with user’s applications, including peer-to-peer
Figure 9a-3: Antivirus Scanning (Study Figure)
User Subversion
Turning off antivirus programs to reduce problems, work faster
Turning off (or not turning on) automatic updating
Failing to pay for subscription extensions
Figure 9a-4: Network and Internet Connections Dialog Box
Figure 9a-5: Internet Options Dialog Box Security Tab
Security tab of Internet Options dialog box
URLs are automatically treated as part of your Internet zone
Internet is set to a moderate setting by default
Custom Level… allows you to customize security
Figure 9a-6: Security Settings Dialog Box
Figure 9a-7: Internet Options Dialog Box Privacy Tab
Privacy settings in Internet Options
Uses a slide tab
Default is medium
Figure 9a-8: Network Connections Dialog Box
Figure 9a-9: Internet Connection Properties Dialog Box
Figure 9a-10: Options in Advanced TCP/IP Settings Dialog Box
Figure 9a-11: TCP/IP Filtering Configuration
Would check Enable box to enable TCP/IP filtering
Figure 9a-12: Malware Scanning Programs (Study Figure)
Malware Evil software
Viruses and worms
Trojan horses
Spyware (reports personal information to outside parties)
Gets onto client PCs despite security precautions
Figure 9a-12: Malware Scanning Programs (Study Figure)
Malware Scanning Programs Scan for Malware
Usually find malware
Must be updated
More info
http://perleybrook.umfk.maine.edu/slides/spring%202005/cos125/Keeping%20Your%20PC%20Spyware%20Free.pdf
Anti-Spyware Applications
http://perleybrook.umfk.maine.edu/slides/spring%202005/cos125/spyware%20stuff/
Figure 9a-13: Two Connections for Windows XP VPN
SecurityServer
at RemoteSite1.
InternetConnection
2. VPNConnection
Internet
To create a VPN, you create two connectionsOne to the Internet
One to the host you are trying to reach
Figure 9a-14: Connection Screen for a VPN
Figure 9a-15: VPN Properties Dialog Box
Figure 9a-16: Advanced VPN Security Settings
VPN will use MS-CHAP or MS-CHAP v 2 for authentication
Bad because original MS-CHAP had serious security
weaknesses
Figure 9a-17: Windows Domain
Client PC
Client PCMember Server
DomainController
GPO
GroupPolicy Object
(GPO)
Domain
GPO
With Windows XP Professional, client PCSecurity settings can be set on a domain controller
Group Policy Object (GPO) specifies settings