Upload
sandra4211
View
361
Download
5
Tags:
Embed Size (px)
Citation preview
Session Number: 8
Internet Supply Chain Management –
ECT 581 Winter 2003
Session Date: February 25, 2003
Session Outline: Administrative Items Session Topics: Extranet Security Considerations
Network Fundamentals TCP/IP Security Considerations Firewalls & Other Security Considerations
Mission Critical TerminologyNetwork – a system of interconnected computer systems and terminals connected by communications channels..Protocol – a specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data.Transmission Control Protocol/Internet Protocol (TCP/IP) – a set of protocols developed by the Department of Defense to link dissimilar computers across large networks.Security – the combination of software, hardware, networks, and policies designed to protect sensitive business information and to prevent fraud.Virtual Private Network (VPN) – a wide-area network (WAN) created to link a company with external users (including mobile users, field representatives, or strategic allies). It uses the Internet for data transmission, but ensures confidentiality and security through the use of protocol tunneling.
Mission Critical Terminology (continued)Firewall – a security screen placed between an organization’s internal network and the external Internet. According to the National Computer Security Association (NCSA), a firewall is a system or combination of systems that enforces a boundary between two or more networks.
De-militarized Zone (DMZ) – a term used to refer to a screened subnet that resides between a LAN and the Internet. It is a network environment that is configured to provide an additional shield from undesirable or unauthorized intruders.
Repudiation – A security feature that prevents a third party from proving that a communication between two other parties took place.
Non-repudiation – the opposite of repudiation; desirable if you want to be able to trace your communications and prove that they occurred.
Fundamental Technology Components: Focus on Networks & Security Considerations
Network Components Connectivity Equipment Internet Server Hardware and Software Application Server Database System E-mail Gateway
Firewall Internet Server/Intranet Server Authoring/Web Development Server
Network Fundamentals: Open Systems Interconnection (OSI) Model
Network are defined by architecture or protocolOSI reference model defines functional network layers Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Each layer has its own protocol or set of protocols.
Think of OSI model as a ‘layer cake’.
At the bottom is the Physical Layer supporting and holding everything up.
At the top is the Application Layer describing and managing how each application programs will interact.
Network Fundamentals: OSI Model (continued)
Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
• Describes and manages how applications interact with the network operating system. • Protocols include the Network Filing System (NFS), Netware Core Protocol, and Appleshare.
Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
• Handles encryption and some special file formatting. Formats screens and files so that the final product looks like the programmer wanted it to. • This layer is the home to terminal emulators that can make a PC think that it is a DEC VT-100 or an IBM 3270 terminal. • Protocols include Netware Core Protocol, Network Filing System (NFS), and AppleTalk File Protocol (AFP).
Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
• Performs the function that enables two applications to communicate across the network, performing security, name recognition, logging, administration, and other similar functions. • Protocols include Simple Network Management Protocol (SNMP), File Transfer Protocol (FTP), Telnet, Simple Mail Transport Protocol (SMTP), Netbios, LU 6.2 (from IBM’s SNA) and Advanced Program-to-Program Communications (APPC).
Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
• Considered the “railroad yard dispatcher” who takes over if there is a ‘wreck’ somewhere in the system. • Performs a similar function as the Network Layer, only its function is specific to local traffic. • Also handles quality control. Drivers in the networking software perform this layers tasks. • Protocols include Transmission Control Protocol (TCP) and Novell’s SPX.
Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
• Functions as the ‘network traffic cop’ deciding which physical pathway the data should take based on network conditions, priorities of service, and other factors. • Protocols include Internet Protocol (IP), Novell’s IPX, and Apple’s Datagram Delivery Protocol (DDP).
Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
• Controls the data stream between the communicating systems. Works like the foreman of a railroad yard putting cars together to make a train. • Governing protocols include high-level data link control (HDLC), bi-synch, and Advanced Data Communications Control Procedures (ADCCP).
Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Furnishes electrical connections and signals and carries them to higher layers.
Governing protocols include RS-232C, RS-449, X.21 (primarily in Europe).
TCP/IP Overview
A set or family of protocols.
Developed to allow cooperating computers to share resources across a network.
Initially included Arpanet, NSFnet, regional networks such as local university networks, research institutions, and military networks.
All networks are connected and the Internet protocols standardized the order and structure of computer communication within the inter-connected networks.
TCP/IP Overview (continued)
A ‘connection-less’ protocol.
Info transferred in packets.
Built to ensure establishment of connections between end systems.
TCP/IP has limited to no inherent security features.
TCP/IP provides no systematic way to perform encryption (due to unavailability of data-encoding layer).
IP was built for speed and efficiency; ‘just delivers goods’.
IP host address is part of address that identifies networked processors.
Contrasting OSI & TCP/IP
TCP/IP is the de facto global interoperability standard; OSI has more of a presence in Europe.
TCP/IP does not formally have an application layer.
TCP is equivalent of OSI layer 4 protocol.
IP is OSI layer 3 protocol.
TCP/IP Overview (continued)
TCP/IP protocols of primary importance include:
Transmission Control Protocol (TCP) – provides reliable data transport from one node to another using connection-oriented techniques.
User Datagram Protocol (UDP) – provides datagram services for applications. Primary role is to add the port address of an application process to an IP packet & to move packets through the network (used by DNS).
Internet Protocol (IP) – a connectionless, unacknowledged network service; does not care about the order of transmitted packets.
TCP/IP Overview (continued)
Additional services or ‘applications’ built on top of TCP/IP include:
Network File System (NFS) – filing system for Unix hosts. Simple Network Management Protocol (SNMP) – collects info about
the network and reports back to network administrators. File Transfer Protocol (FTP) – enables file transfers between
workstations and a Unix host or Novell Netware NFS. Simple Mail Transfer Protocol (SMTP) – enables electronic messaging. Network News Transport Protocol (NNTP) – distributes and manages
Usenet articles and replies. Post Office Protocol (POP) – stores incoming mail until users access it. Telnet – DECVT100 and VT330 terminal emulation. Hypertext Transfer Protocol (HTTP) – defines means of addressing and
locating resources stored on other systems (by means of uniform resource locators – URL’s) and defines request and transmission formats for the World Wide Web.
IP Addressing
Addresses used to provide hierarchical address space for the Internet.
Provides for computers on diverse types of networks to exchange data.
IP address is 4 bytes (32 bits) long & usually expressed in dotted decimal notation.
Addresses are divided into three major classes: A, B, and C.Classes D & E are reserved for special use.
Each class can be identified through examination of the first four bits of the address.
Classes 1st Four Address Bits
A 0xxx
B 10xx
C 110x
D 111x
E 1111
Class Value of High-
order Byte
Max # Net Addresses
Max # of Host
Addresses
Address Format Example Impact on network
setup
A 1-127 127 16M net.host.host.host 100.10.240.28 Limits # of networks
B 128-191 16,384 65K net.net.host.host 157.100.5.195 Balance of networks & hosts
C 192-223 2,097,152 254 net.net.net.host 205.35.4.120 Limits # of hosts
D 224-239
E 240-255Reserved for special use
IP Addressing (continued)
Internet Security Concerns
Findings from 2000 Computer Crime and Security Survey conducted by the Computer Security Institute (CSI) & the FBI with responses from 538 computer security professionals.
97% have WWW sites. 47% conduct electronic commerce on their sites. 85% of respondents detected security breaches within last 12
months. 64% of respondents reported financial losses due to computer
security breaches 70% of respondents cited their Internet connection as a frequent
point of attack. 23% suffered unauthorized Internet access or misuse in last 12
months. 27% said they did not know if there had been unauthorized
access or misuse.
35% of respondents reported detected financial losses totaling $377,828,700.
16% reported losses due to unauthorized access.
40% of respondents detected unauthorized external system penetration.
38% detected denial of service attacks.
91% detected employee abuse (including downloading of unsavory content or pirated software, or inappropriate use of e-mail systems).
94% detected computer viruses.
Internet Security Concerns (Y2K results continued)
Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months.
Eighty percent acknowledged financial losses due to computer breaches.
Forty-four percent (223 respondents) were willing and/or able to quantify their financial losses. These 223 respondents reported $455,848,000 in financial losses.
As in previous years, the most serious financial losses occurred through theft of proprietary information (26 respondents reported $170,827,000) and financial fraud (25 respondents reported $115,753,000).
For the fifth year in a row, more respondents (74%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (33%).
Thirty-four percent reported the intrusions to law enforcement. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.)
Forty percent detected system penetration from the outside.
Forty percent detected denial of service attacks.
Seventy-eight percent detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems)
Eighty-five percent detected computer viruses.
Internet Security Concerns: 2002 CSI Report Highlights
Classifying Potential Security Threats (From Most to Least Prevalent)
Ignorance and Accidents
Company Employees and Partners
Casual “Doorknob Twisters”
Concerted Individual Efforts
Coordinated Group Efforts
Potential Security Gaps
Lack of safeguards (no firewalls).
Poorly configured and administered systems.
Basic security problems with communication protocols (TCP, IP, UDP).
Faulty service programs.
Basic security problems with service programs (WWW. FTP, Telnet, etc.).
Madness in the Method: Tactics and Techniques to ‘Bring the System Down’
Programmed attacks including denial-of-service attacks.
E-mail bombing, spamming, and spoofing
Viruses
Most Successful Break-in Methods
Sniffer attacks (sniffer-kits & Trojan Horses included as programs smuggled in to monitor data flows and to retrieve passwords and ID’s).
IP-spoofing (attacker gives data packets addresses in the address range of the target)
Sendmail attacks (exploits security gaps in the sendmail daemon that supports SMTP).
NFS (Network File System) attacks (exploits gaps in two primary NFS daemons; nfsd & rpc.mountd).
NIS (Sun’s Network Information Service) attacks (exploits gap in NIS
Unique Security Challenges of Extranets
Shared endpoint security – with an extranet, security becomes a joint responsibility of the organizations at the endpoints that link a group of intranets or users.
Unmanaged heterogeneity- an extranet involves a population of local and remote users where it is virtually impossible to manage the types of technical heterogeneity used to access the extranet.
Politics – extranet administrators and uses must deal with the political wrangling and sensitivity of their electronic business partners.
Added costs – added layers of access for multiple business entities translate to added costs of protecting internal systems of unwanted visitors.
Cross-pollination – electronic joining of organizations increases the risk of cross-pollination and unwanted transfer of competitive information.
User anxiety – extranet security must be more extreme and apparent; administrators must always be convincing anxious users that a site is secure.
Basic Security Tenets
Authentication – validation of claimed identity.
Authorization – determining access privileges.
Integrity – assuring that the extranet information is accurate and that it cannot be altered accidentally or deliberately.
Availability – ensure immediate and continuous access to the extranet information, 24 hours per day, 7 days a week, 365 days per year.
Confidentiality – assuring that the data is seen only by authorized viewers.
Auditing – logging of all events.
Non-repudiation – preventing participants from denying roles in a transaction once it is completed.
Three Major Steps
Threat assessment Vulnerability analysis Design and implementation of security measures
Building a Security Program
Building a Security Program: Detailed Process
Identify assets including processors, data, and network components. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan identifying measures to be deployed. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security program and update it if any problems are found. Maintain security by scheduling periodic independent audits, reading
of audit logs, responding to incidents, continuing to train and test, etc.
Security Measure or Protection Mechanisms
Authentication
Authorization or Access Control
Accounting (Auditing)
Data Integrity
Data Confidentiality
Policies
Education
Security through Obscurity (If They Don’t Ask, Don’t Tell)
Widely Used Security TechniquesCertificates & Cryptography for ensuring data integrity and for authentication
Firewalls for controlling access to vital and sensitive resources.
Non-repudiation
Data Encryption
Process that scrambles data to protect it from being read by anyone but the intended receiver.
Useful for providing data confidentiality.
Has two parts:
encryption algorithm – a set of instructions to scramble and unscramble data
encryption key – a code used by an algorithm to scramble and unscramble data
Best known symmetric system is DES
Best known asymmetric system is Public/Private Key encryption
Firewalls
A set of components that function as a choke point, restricting access between a protected network and the Internet.
Provides:Authorization or Access Control
Authentication
Logging
Notification
Firewall Architectures
First consideration in designing a firewall is to meet the requirements set out in the security policy.
May include port filtering, application filtering, and user-based restrictions.
Firewalls also need to provide a system for logging that can be used to monitor the activity of internal and external users and intruders.
A good security rule of thumb is to minimize the number of access to points to the private network.
A good firewall architecture consists of an access router, a perimeter network, a dual-homed proxy server and an interior router.
The access router would be the first opportunity to prevent intruders from accessing the restricted systems.
Packet filters should be used to restrict the use of unnecessary protocols on the perimeter network.
This may include filtering for specific services such as source routing, SNMP, X windows, Telnet, RPC, and FTP.
Packet filters should also be used to allow access only to specific servers such as the proxy server and other bastion hosts.
Firewall Architectures
Firewall Architectures The perimeter network is
between the access router and the interior router.
By creating a separate network for externally accessed hosts you can minimize the probability of an intruder listening for passwords or confidential data.
Servers that provide access to external users are usually placed here.
All servers placed here should be bastion hosts with only a limited amount of services enabled.
A perimeter network is also referred to as a De-Militarized Zone (DMZ).
Firewall Essential Features Proxies - Each application that runs through the firewall needs its own proxy.
Customized kernel - Customization consists of disabling non-required services and modifying the insecure ones.
Logging -The logging feature is vital not only for analyzing attacks but also for providing legal evidence that an effort has been made to secure the network.
Authentication - The firewall should support some authentication based on the security policy.
Firewall Essential Features (continued)
Administration - The administration utilities for the system should be straight forward and provide a quick method of viewing the current configuration to reduce configuration errors.
User Transparency - Depending on the product and services supported, proxy servers may require modifications to clients and procedures.
Platform - The firewall should run on a platform the organization has experience in using.
Network Interface - With Internet traffic growing, the ability for firewalls to integrate into high speed backbones will become more important.
Throughput - Demand for faster firewalls is being driven by faster WAN links and backbones.
Non-repudiation
Non-repudiation is a security measure that provides proof of participation in a transaction for legal purposes.
Digital signature services provide strong and substantial evidence of
the identity of the signer,
the time of the message,
the context of a message, and
the message’s integrity.
Non-repudiation offers sufficient evidence to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents.
For example, if you purchase a home furnishing via the WWW, you can be assured that no one else can easily make purchases in your name.
Non-repudiation provides evidence to prevent a false denial of message creation or message receipt, and renders an added level of confidence to buyers and sellers of products and services over the Internet
Emerging Standard: IP Security Protocol (IPSec)
IPSec is a set of open standards providing data confidentiality, data integrity, and authentication between participating peers at the IP layer.
Relatively new standard.
Enables a system to select protocols and algorithms, and establishes cryptographic keys.
Uses the Internet Key Exchange (IKE) protocol to authenticate IPSec peers.
IKE uses the following technologies:
DES – encrypts packet data.
Diffie-Hellman – establishes a shared, secret, session key.
Message Digest 5 (MD5) – hash algorithm that authenticates packet data.
Secure Hash Algorithm (SHA) – hash algorithm that authenticates packet data.
RSA encrypted nonces – provides repudiation.
RSA signatures – provides non-repudiation.
Emerging Standard: IPSec (continued)
Emerging Standard: IPv6
• IPv6, also known as IPng (IP new generation).
• With the rapid growth of the Internet over the last few years, two major limitations have become evident: the routing tables are growing too fast and the address space is insufficient.
• IPv4 is based on a 32 bit address, allowing for addressing of up to about 4 billion computers. After debate address space increased from 32 to 128 bits.
• IPv6 is based on a 128 bit address scheme.
• By using 128 bits for addressing, this not only allows for addressing billions of billions of hosts, but it also allows a more hierarchical network to be built.
• IPv6 has been designed to solve these problems and also include support for security and multimedia.
• IPv6 requires IPSec. IPSec will be mandatory in IPv6 while it can be ‘transparently’ implemented on the current IPv4 Internet.
Enabling Extranets through Virtual Private Networks (VPN’s)
Key extranet systems enabling tool. VPN’s enable a customer to use a public network, such as the
Internet, to provide a secure connection between sites on the organization’s inter-network.
VPN connectivity must be secure, but still allow ease of access to key resources via the Internet.
Interconnection to service provider’s network enabled through variety of technologies including leased lines (T1/T3), frame relay, cable modems, satellite, digital subscriber line (DSL), etc.
VPN Architecture
Conceptually, constructing a virtual private network is straightforward.
Basic configuration consists of an
Internet connection,
a firewall architecture, and
a data security architecture.
The primary item that is needed by each LAN is an Internet connection.
The pipe should be large enough to service the potential traffic from VPN applications as well as regular Internet traffic.
Key Design Point: Examine the prospective ISP for connectivity, and make sure the ISP has the bandwidth to transport the potential traffic between sites.
Typical VPN Configuration - LAN/WAN to Internet
Typically, firewall software is used to protect corporate LAN resources.
Also, a separate network (commonly referred to as the ‘demilitarized zone or DMZ’ placed between Internet router and firewall.
Some firewall vendors enable integration of DMZ and firewall.
Enabling Extranets through VPN’s (continued)
Protocol tunneling is one technique used to create secure VPN.
In tunneling, data packets are encrypted and encapsulated in a clear text packet.
Layer 2 Tunneling Protocol (L2TP) is an emerging standard for tunneling private data over public networks.
Cisco, Microsoft, 3Com and Ascend Communications support standard setting efforts.
Microsoft has derived Point-to-Point Tunneling Protocol (PPTP) as built-in feature in NT & 2000 Server products.
Enabling Extranets through VPN’s (continued)
Next Session Highlights:
Firewalls, VPNs & Other Security Considerations (continued)
Read required article ‘Web Services Fundamentals’