340 likes | 507 Vues
Email Security, Web Security and Malicious Programs Lecture 9. Email Basis. Email Infrastructure Allows a user to send a message to one or more recipients Using either single email address or a distribution list If a distribution list is used then:
E N D
Email Security, Web Security and Malicious ProgramsLecture 9
Email Basis • Email Infrastructure • Allows a user to send a message to one or more recipients • Using either single email address or a distribution list • If a distribution list is used then: • The message is sent to a site where the distribution list is maintained and that site then sends the message to each of the recipient from the list, or • The sender retrieves the list and then sends the message to each recipient from the list Information and Nework Security
Email Infrastructure • Source and destination computers are directly communicate to each other • Both machines have to be running and reachable on the network (not always work if the user machine is only occasionally connected to the network) • In general, email infrastructure consists of: • a whole mesh of mail forwarders or Mail Transfer Agents (MTA) • The mail processing at the source and destination computers is done by a program called User Agent (UA) Information and Nework Security
Email Infrastructure (e.g) MTA MTA MTA MTA UA UA MTA MTA Not authenticated path MTA Authentication between MTAs or between MTA and users Information and Nework Security
Reasons for multiple MTAs • Reasons for needing multiple MTAs along a mail path from the source to the destination: • Part of the network may be occasionally connected • MTAs may need to authenticate other MTAs or user machines • A company may want a security gateway through which all mail has to be forwarded • Different parts of the network may be using different protocol suites Information and Nework Security
Email Services and Security • Privacy: message is only for intended recipient(s) • Authentication: authentication of the source • Integrity: integrity of message • Non-repudiation: sender can’t deny her sent message • Proof of submission: verification to the sender that the message was handed to the mail delivery system Information and Nework Security
Email Services and Security • Message flow confidentiality: a third person C cannot even determine whether A sent B a mail or not • Containment: the ability of the network to keep certain security levels of information from leaking out of a particular region • Self-destruction: message can’t be forwarded or stored • Proof of delivery: verification that the recipient received the message • Anonymity: recipient can’t find out the identity of the sender Information and Nework Security
Email Security Services • Most email security services can be provided by cryptographic means • Privacy: using secret or public key • Non-repudiation: digital signature • Authentication: using secret and public key technology • Integrity: using secured hash function and secret or public key technology Information and Nework Security
Email Security Services • Proof of delivery: • Is it possible to provide a receipt if and only if the recipient got the message (Yes/No) – Yes? How? • If the recipient signs before the message is delivered, the message can be lost but the mail system has the signature. • If the recipient signs after receiving the message, the recipient may not furbish a signature at that point, but yet has the message. • Anonymity: • What for? • Is it easy? (most mail systems automatically include the sender’s name in the message) • Does it compromise mail security? Information and Nework Security
Email Security counter measures • Make sure email software is configured properly • Use wrappers to enhance security of email software • Educate and regularly remind users of the danger of malicious programs (No email system is secured) • Design and implement prevention systems to early detect and give warning message to users or stop malicious programs Information and Nework Security
Further Readings about Email Security • PEM (Private Enhanced Mail) • Additional features: encryption, source authentication, and integrity protection • Relies on certificates and uses one path of certificates • S/MIME (Secure Multipurpose Internet Mail Extensions) • Additional features: Similar to PEM • Relies on certificates and usees multiple certificate hierarchies • PGP (Pretty Good Privacy) • Certificates are an optional in PGP • Each user decides which keys to trust • Different from PEM & S/MIME by treating mails as files Information and Nework Security
Web Security • Server-side security: • Protect the server against denial of service • Need to protect against site vandalism • Protect against break-ins • Client-site security: • need to protect client’s machine against malicious programs • Limit the amount of personal information that the browser can transmit without the user’s consent • Document confidentiality: • Need to protect documents against eavesdropping • Protect against the risk of fraudulent • A user misrepresents herself to get unauthorised access to the server • A web server tricks a user into sending it confidential information Information and Nework Security
Web Security: Risks • Web and Email by their services have a high security risk • Web browsers and servers are large and complex pieces of software => vulnerable to security bugs (e.g: Internet Explorer 3.0) • Webservers allow scripts, applets & programs in many languages to run on server machines by request from clients ( browsers) => high security risk • Web servers can be easily misconfigured => provide security holes Information and Nework Security
Web Security: Risks • The server’s hardware may not be secured • Transmissions across the Internet are not secured hence web documents and interactive login session are vulnerable to eavesdropping • Remote authoring and administration tools open security holes • Many web accounts may need be created due to a high number of people involved in providing different information Information and Nework Security
Web Security (e.g) • Possible attacks: • Integrity: • Modification of message • Confidentiality: • Eavesdropping; theft; getting information about network configuration or which client talk to which server • Denial of service: • Killing of user processes; flooding servers with bogus requests; filling up memory or disk; etc. • Authentication: • Impersonation of legitimate users; data forgery Information and Nework Security
Web Security – counter measures • Integrity: cryptographic check • Confidentiality: encryption (or using Web proxies – this is not an absolute solution) • Denial of service: Difficult to prevent • Authentication: Cryptographic techniques Information and Nework Security
Web Security – counter measures • Other web security issues can be minimized by: • Carefully design and test CGI scripts and other added programs • Do the configuration carefully • Do not provide more web accounts than necessary Information and Nework Security
Danger of Malicious Programs • Systems such as Microsoft Outlook make it very simple to send anything to anyone and to work with objects that are received • Mobile-program systems such as Java based system, ActiveX based system, Mobile-agent based system, allow programs to move on their own from one system to another => malicious programs can take advantage and spread quickly (modern software systems tend to allow mobile agents and program migrations [see P.D Le, B. Srinivasan and P. Granville, "A Prototype Tool to Support Migration in Distributed Environments", Proceedings of the 2nd International Symposium on Applied and Corporate Computing, pp. 53-62, 1994. ]) Information and Nework Security
Taxonomy of Malicious Programs Independent Need Host Program Zombie Trapdoors Logic Bombs Trojan Horses Viruses Bacteria Worms Information and Nework Security 19
Malicious Programs • Logic bomb: coded embedded in some program that is set to explode when certain conditions are met • Trapdoor: a secret entry point (often for debugging purpose) in a program that allows someone to gain access without going through normal procedure • Trojan horse: instructions hidden inside an otherwise useful program that do the bad things • Bacteria: programs that replicate themselves to fill disk and memory or to take up CPU • Worm: a program that replicates itself by installing copies of itself on other machines across network Information and Nework Security
Malicious Programs • Zombie: malicious code installed on a system that can be remotely triggered to carry out some attack with less traceability. • Virus: code that, when executed, inserts copies of itself into another program – the infected program, when executed, will execute the virus Information and Nework Security
Malicious Programs - Virus • Virus can be embedded into a program in different fashion (pre-pended, post-pended, pre-defined point, etc) • Most viruses are designed to work for particular OS or environment • They are designed to take advantage of the weaknesses of a particular system or software platform • Virus can do anything a program can do – it attaches itself to a host program and executes secretly when the host program is run Information and Nework Security
Simple Structure of A Virus Do-damage (…){ do-whatever-damage-you-like } InfectedProgram { Goto virus_main; Label_for_virus; Virus_main: Infect_executable (…); if Trigger-pulled (…) Do-damage (…) } Trigger-pulled (…){ if some condition holds return true else return false } Infect_executable (…) { loop; AFile = randomly get an executable file; if there isLabel_for_virus (file already infected) goto loop; else prepend Virus to AFile } Information and Nework Security
Malicious programsImmune System Virus analysis machine Virus infected client machine Analyse virus behavior and structure Administrative machine client machine A Private Network A client machine Extract signature Administrative machine client machine Derive prescription A Private Network B client machine Individual user Information and Nework Security
Malicious programsImmune System • Each computer (client) has a monitoring program running • The monitoring program tries to find a thought-to-be infected program • If there is one, then the client forwards a copy of that program to administrative machine within the organisation • The administrative machine (AM) encrypts the suspicious program and sends it to a virus analysis machine (VAM) • The VAM creates an environment in which suspicious program can be run safely for analysis • The VAM produces a prescription for treatment and sends it back to the AM • The AM forwards the description to the client and others • With this method subscribers can receive antivirus updates Information and Nework Security
How to Protect your Systems against Malicious Programs (MP) • There are many ways to enhance your system security such as using encryption, firewall, security at different layers, etc • However, there is no absolute way to protect your system against malicious programs • Modern computer systems allow mobile programs and services via Web, Email, Internet software products and the like • MPs will be the main security concern for modern computer systems Information and Nework Security
MP and Security • How to prevent MPs from quickly spreading • Should your system provide rapid response so that MPs can be stamped out almost as soon as they are introduced? How can it be done? • Should your systems be able to automatically capture new MPs when it enters your organisation computer system? • Should your system dynamically inform other systems so that they can analyse, detect and possibly remove MPs? • Dynamically provide tools for diagnosis & treatment, etc. Information and Nework Security
Malicious Program Detection System (MPDS) – Overview Quantum machine Common Administrative machine Virtual machine 1 Virtual machine 2 Network 2 Network 1 Network 3 Virtual machine 3 Virtual machine N Information and Nework Security
Proposed Malicious Program Detection System • Reason: Modern computer systems allow mobile programs and services via Web, Email, Internet software products and the like • Such systems are more vulnerable due to the nature of the services they provide and the heavy interactions between users and the systems • Goals: • The proposed system attempts to reduce the impact of MPs attack • The idea can be applied at organisation level or larger scale Information and Nework Security
How MPDS works? • MPDS requires that if an application allows user interactions, then it must be constructed to allow corresponding non-interactive options • This requirement is reasonable since it allows automatic software testing, analysis and correction • Modern software are object-oriented and hence it facilitates both interactive and non-interactive options Information and Nework Security
Main components of MPDS • A quantum or extremely fast computer (FC) is used as a simulation and detection centre on which many different software platforms can concurrently reside • A common administrative machine (CAM) forwards all incoming messages to FC • FC delivers messages to FC for analysis and checking • If the analysis and checking says “Not O.K”, then messages are marked “unsafe” and sent back to CAM • CAM forwards unmarked messages to intended destinations or rejects marked messages Information and Nework Security
Further research reading • Security achievement is related to planning more than fixing, we encourage you to: • Discuss the trend of web, Email applications and other Internet services • Attempt to provide some conceptual models to deal with threats from MPs Information and Nework Security