1 / 206

Security in Computing Chapter 7, Security in Networks

Security in Computing Chapter 7, Security in Networks. Summary created by Kirk Scott. 7.1, Network Concepts 7.2, Threats in Networks 7.3, Network Security Controls 7.4, Firewalls 7.5, Intrusion Detection Systems 7.6, Secure E-mail. 7.1 Network Concepts. No lecture on this

franz
Télécharger la présentation

Security in Computing Chapter 7, Security in Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in ComputingChapter 7, Security in Networks Summary created by Kirk Scott

  2. 7.1, Network Concepts • 7.2, Threats in Networks • 7.3, Network Security Controls • 7.4, Firewalls • 7.5, Intrusion Detection Systems • 7.6, Secure E-mail

  3. 7.1 Network Concepts • No lecture on this • No specific test questions on this • If you haven’t had a networks course, you may want to read this for background

  4. 7.2 Threats in Networks

  5. What Makes a Network Vulnerable?

  6. Anonymity • The attacker is remote • The attack may pass through multiple intermediary systems • Not only is there the question of verifying the identity of the person involved (unlikely) • There is the additional question of verifying the software/data of computers along the way

  7. Many points of attack • The attacker is in a target rich environment • The target is in a “threat rich” environment • Once again, any given attack may pass through multiple machines • The potential target is dependent in part on the security or lack of security of all other sites

  8. Sharing • Networks enable resource and workload sharing • By definition, more users have access to resources which are intended to be shared • This implies that more systems have access • It is the security controls on the connected systems that are a point of concern • Non-networked systems are insulated from the whole class of network attacks

  9. Complexity of system • Networks combine machines with varying operating systems • The network enables the offloading of attack code onto multiple systems • The victim may itself perform part of the attack code • Individual machines have become sufficiently complex that users don’t know what their own machines are doing at any given time • (Just take a look at the task manager)

  10. Unknown perimeter • By definition, networked machines are interconnected • One machine may be the link or gateway between different networks • Where is the boundary between one network and another? • Who is responsible for different areas, and which areas can be trusted? • How does the addition of a machine in one place affect the security of a machine in another place?

  11. Unknown path • This general idea has already come up • An attack can come from a remote machine through a path consisting of multiple steps • There may also be multiple paths from one machine to another • Technical tools exist for tracing paths • However, life is complicated by the fact that for any given communication, the route is not necessarily known/clear

  12. Who Attacks Networks? (Reasons Why) • Challenge (individual actors) • Fame (individual actors) • Money and Espionage (organizational actors in the interests of the organization) • Organized Crime (group, possibly crossing national boundaries, where the sole purpose of the group is criminal profit from the Web)

  13. Ideology • Can be individuals or groups • Can also be state actors • “Hactivism” = online agitation and propaganda • This may be disruptive, but is not intended to do lasting damage, except in a convenience or PR sense

  14. Cyberterrorism • Hacking that can lead to: • Economic damage • Military damage • Loss of life • And so on

  15. Recent Articles (as of the fall of 2011) • Within the last year outside parties have gained temporary control of some U.S. satellites, like LandSat • The government asserts that these exploits probably originated in China • Likewise, a report has been circulated that the control systems of 19 chemical plants worldwide have been breached by outsiders • Again, the claim has been made that the exploits originated in China

  16. Reconnaissance (for Attacks) • The book’s attention now turns to how and what • Reconnaissance is part of the how • This has value beyond being an informative list of some things attackers do • You may detect reconnaissance and other things happening on your system • These may be precursors to attack, and their presence should motivate you to try and protect yourself

  17. Port Scan • Programs can query systems to find out the following: • What O/S is installed • What applications are installed • Which standard communication ports or services are running • The user id (implies privilege level) that the service runs under

  18. See the book or the course Web site for links to sites where port scanning code can be downloaded • Note that allowing outsiders to get this information over the Internet is normal • If you provide some services and not others, potential clients need to know or will find out by simply requesting

  19. This is the two-edged nature of the Internet • Legitimate users have a need to know • Illegitimate users want to identify the following: • Are you running versions of software with known security flaws? • Have you mistakenly left services open on your system which should have been removed or closed? • Do these services provide a security hole?

  20. Social Engineering • Network scans provide a view of the system from the outside • A view from the inside is very useful to the attacker • Social engineering basically means tricking people to get this information

  21. Intelligence • General intelligence about system may help an attacker • Dumpster diving • Simple eavesdropping • Blackmail, coercion of employees • Theft • Combining information from various sources can lead to the basis for a security attack

  22. Operating System and Application Fingerprinting • This refers to one step beyond a simple port scan • The attacker would like to know the precise version of things like the O/S, which vendor provided software service, etc. • A system may respond with a version number

  23. It may be possible to test for the presence of specific features and determine a vendor and version number • Slight differences in performance or response to input point to different implementations • This may indicate which vendor’s software and version is present

  24. Bulletin Boards and Chats • The course Web site contains links to some “legitimate” sources on the dark side of computing • These Web sites give information on security that should be enough to frighten the legitimate user into taking the topic seriously • There are other Web sites where the information is provided with the apparent intent of enabling security attacks

  25. Availability of Documentation • Openness, again, is two-edged • A system without any documentation is a black box, and its usefulness is limited • A system that is fully documented is more useful both to a legitimate user and an attacker • Technical documentation aimed at developers is even more useful to an attacker than end user documentation

  26. Reconnaissance: Concluding Remarks • A serious attacker will gather information and lay the groundwork for an attack over time • You might monitor for things like the occurrence of port scans • Some attack may arise quickly afterwards • Some other attack may not come until much later, as part of a larger, well-planned, coordinated attack • The book advises providing as little information about systems to outsiders as possible as the best defense

  27. Threats in Transit: Eavesdropping and Wiretapping • The book now goes from planning an attack to the kinds of attacks that can occur • Eavesdropping implies that communications are such that no effort is needed to intercept them • Passive wiretapping means listening • Active wiretapping includes the possibility of inserting, modifying, or deleting communications

  28. Cable (wires) • Every device on a network has potential access to every communication on the network • A packet sniffer can copy all packets, whoever they might be addressed to • Given access, an outsider might also physically tap a wire • An alternative is to install a device which can detect the electromagnetic radiation from a wire

  29. Microwave and Satellite Communications • These are broadcast media • Therefore, transmissions are open to interception • On the other hand, commercial carriers have large amounts of traffic • Isolating only the messages of interest would be a big challenge for an attacker

  30. Optical Fiber • This medium has two security advantages • Light doesn’t radiate electromagnetically beyond the fiber • Also, due to its characteristics, any illegitimate physical tap will be detected • On the other hand, legitimate taps, splices, repeaters, and equipment connections may be points of vulnerability

  31. Wireless • Wireless technology is based on radio waves • By definition, this is a broadcast medium • It is available to any potential user, legitimate or illegitimate, within its rated radius of service • It is also available outside of this radius to someone using a specialized reception antenna

  32. The most obvious problem is simple interception • Some wireless networks are not password protected • Some have security that is easily circumvented • Some may have encryption • However, the encryption may not be as strong as one might hope

  33. Less concretely dangerous, but probably more common than interception is illegitimate use of a network (theft of service) • If the network doesn’t have good authentication (or any) anyone within range can use it

  34. The book points out that for networks not intentionally made freely available, this may be illegal • I have mixed feelings about this • If you’re running an Internet café, you’d like everyone who comes in to have access without doling out id’s • On the other hand, are you surprised when someone next door turns on their computer and finds that they can log in and use your network without buying a cup of coffee?

  35. Summary of Wiretapping • Assume that all network traffic is exposed • One solution to this is to encrypt all traffic • An intermediate solution is to encrypt all WAN traffic • Since encryption impinges on performance, don’t encrypt LAN traffic • Instead, maintain high physical and administrative security for the LAN and attached devices

  36. Protocol Flaws • TCP connections are established through sequence numbers • Guessing a client’s next protocol number would allow impersonation • All protocols have had, do have, and will have weaknesses of one kind or another • This type of thing will come up again under other headings

  37. Impersonation • Impersonation is based on flawed authentication: • Guess authentication information • “Lift” authentication information • Circumvent or disable authentication • Use a target that doesn’t have authentication • Make use of systems with known authentication

  38. Authentication Foiled by Guessing • Guess logins and passwords • Not that hard in lots of cases • Use default passwords for system supplied accounts • Administrators forget to remove or change these when installing a system • Note that weak passwords may be OK in a trusted environment • A problem arises when the system with weak passwords is connected to the wider world

  39. Authentication Thwarted by Eavesdropping or Wiretapping • Users may have accounts on multiple networked machines • Moving from one machine to the other may be transparent • Authentication information is transmitted from one machine to the other • If transmitted in the clear, this is a security problem • The book gives a nice example of a (MS) system that hashed passwords, but transmitted them in such a way that the strength of the security was severely reduced

  40. Authentication Foiled by Avoidance • The book gives an example • Operating system login systems have been implemented with this flaw: • If the password entered overflowed the password buffer, authentication was not done… • If sites are still running operating systems with flaws like these, this is candy for hackers

  41. Nonexistent Authentication • The book cites another example • Unix supports the concept of trusted users and trusted hosts • The idea is that there is no need for authentication when a userid requests access to another host • From a security standpoint, this is a bad idea • The userid might have been subverted on the first host, or the remote user might simply be a guest login on the remote host

  42. Well-Known Authentication • This idea has already been mentioned • Operating systems and network operating systems may ship with default passwords on the administrator account, guest accounts, etc. • Application vendors may do similar things • System network management protocol (SNMP) devices have a “community string” which is essentially a password • Forgetting to change these things at installation time is a security breach

  43. Trusted Authentication • This is also essentially a repetition • If a system maintains a file of trusted hosts/logins, authentication is effectively delegated to whoever or whatever is responsible for those files • In particular, this may mean that security is offloaded to other machines • This can be a convenience to some users, but it is a potential security problem

  44. Attacks Based on Mis-Identifcation • Spoofing is a general term for using a false identity • Spoofing attacks include: • Phishing • Masquerade • Session hijacking • Man-in-the-Middle Attack

  45. Phishing • No one here needs an explanation of this • Any stories of the strangest phishing email you’ve ever received?

  46. Masquerade • One host pretends to be another • For example, fake Web sites at deceptive Web addresses • Traffic can be directed to the fakes with ads, direct email, phishing email, and so on • The goal may be to obtain customer login information • It may also be to intercept things like orders and steal business

  47. Session Hijacking • An outsider replaces one end of a two-way communication • Take an Internet purchase for example • An outsider may monitor the traffic between a potential buyer and an e-commerce site • When the buyer is ready to buy, the outsider intercepts the order, replacing the seller in the communication • To the seller this just looks like a customer who “went away” without completing a purchase

  48. Man-in-the-Middle • Conceptually, this isn’t too different from session hijacking • An outsider is able to intercept messages • The book gives an example of how this kind of attack may work even in an environment with encryption • Let S, M, and R stand for the sender, the man-in-the-middle and the receiver

  49. S and R want to set up secure communication with an asymmetric key based system • S needs R’s public key • R sends a message to S containing R’s public key • M intercepts R’s public key • M then sends M’s own public key to S instead of R’s

  50. When S sends an encrypted message, M intercepts it and decrypts it with M’s own private key • This is simple interception, or violation of confidentiality • The message is now also open to modification or fabrication, a violation of integrity • M may now send what it chooses to R, using R’s public key which it intercepted at the beginning

More Related