550 likes | 553 Vues
Computer Systems Security Security in Networks (Security Controls). Topic 2 Pirooz Saeidi Source: Pfleeger, Chapter 7. Network Security Controls Agenda:-. Security Threat Analysis Design, Implementation and Architecture Control types Firewalls Intrusion Detection Systems Secure Email
E N D
Computer Systems SecuritySecurity in Networks (Security Controls) Topic 2 Pirooz Saeidi Source: Pfleeger, Chapter 7 css security in Networks-css-ps2
Network Security Controls Agenda:- • Security Threat Analysis • Design, Implementation and Architecture • Control types • Firewalls • Intrusion Detection Systems • Secure Email • Summary and Conclusion css security in Networks-css-ps2
Network Security Controls • We introduce a number of defence strategies available to network security engineer. • With details of three important controls: • Firewalls, • Intrusion Detection Systems, and • Encrypted e-mail. css security in Networks-css-ps2
Security Threat Analysis • The three steps of security threat analysis are: • Scrutinise all parts of the system • Consider possible damage to confidentiality, integrity and availability. • Speculate the kind of attack. css security in Networks-css-ps2
Security Threat Analysis • The individual parts of a network: • Local nodes connected through • Local communication links to a • LAN which also contains • Local processes, storage and devices css security in Networks-css-ps2
Security Threat Analysis • LAN is also connected to a gateway that • provides access through Network communications links to • Network control resources, routers, databases, etc. css security in Networks-css-ps2
Security Threat Analysis • Possible threats and damage: • Intercepting data in traffic • Accessing or modifying data/programmes in remote hosts. • Modifying data in transit • Blocking traffic • Impersonating a user • and more… css security in Networks-css-ps2
Security Threat Analysis • The network security engineer speculates these threats and uses the defence available. • Such defence varies from design and architecture to different types of controls • We will have a close look at these defences. css security in Networks-css-ps2
Design, Implementation and Architecture • In previous lectures we elaborated on design and implementation issues. • Similarly a network architecture and design can have a considerable effect on its security. • In this context we will consider: • Segmentation • Redundancy and • Single Points of Failure css security in Networks-css-ps2
Segmented Architecture • Reduces the number of threats and limits damage. • Consider an e-commerce application with the following parts: • A web server • Application code • Database of products • Database of orders css security in Networks-css-ps2
Segmented Architecture • We don’t want to compromise the entire application by putting all of these activities in one machine. Instead we can use multiple segments. Pfleeger&Pfleeger css security in Networks-css-ps2
Other Architectural Controls • Redundancy • Example: provide more than one server and usefailover mode: • Servers communicate periodically with each other. • If one fails the other takes over processing for both. • Avoid Single Point of Failure • Example: distribute parts of a database in different segments css security in Networks-css-ps2
Controls: Encryption • Two forms: • Link Encryption • Between hosts • End-to-end Encryption • Between applications css security in Networks-css-ps2
Link Encryption • Data encrypted just before it is placed in physical link. • Takes place in layer 1 & 2 of OSI • Appropriate when transmission line is vulnerable. Pfleeger&Pfleeger css security in Networks-css-ps2
Link Encryption • Example of a typical Link Encrypted message. • Some of header/trailer information may be applied before encryption takes place. css security in Networks-css-ps2
End-to-end Encryption • Encryption can be applied by hardware as well as software at highest layers. Pfleeger&Pfleeger css security in Networks-css-ps2
End-to-end Encryption • Example: An encrypted message Pfleeger&Pfleeger css security in Networks-css-ps2
End-to-end Encryption • Messages sent to several hosts are protected and the data content is still encrypted while in transit even if it passes through potentially insecure nodes. css security in Networks-css-ps2
Virtual Private Networks (VPN) • With link encryption the users may think they are on a private network. Hence the word VPN. • The greatest exposure for a user is between his/her machine and the perimeter of the host network. • A VPN can deploy firewalls to implement an encrypted connection between a user's distributed sites over a public network. css security in Networks-css-ps2
Virtual Private Networks (VPN) • Communication passes through an encrypted tunnel. • VPN is created when the firewall interacts with an authentication service inside the perimeter. • Any communication is done through the encrypted tunnel Pfleeger&Pfleeger css security in Networks-css-ps2
Virtual Private Networks (VPN) • Firewall implements Access control on the basis of VPN. • Example of a VPN with privileged access • The firewall passes to internal server the privileged identity of User2 Pfleeger&Pfleeger css security in Networks-css-ps2
Public Key Infrastructure (PKI) and Certificates • PKI is used to implement public key cryptography. • Offers each user a set of services on access control and identification. • Integrate digital certificates, public-key cryptography, and certificate authorities into a total, enterprise-wide network security architecture. • Involves registration authority to act as an interface between user and certificate authority • More information from: http://csrc.nist.gov/pki/ css security in Networks-css-ps2
Secure Shell (SSH) Encryption • SSH is a pair of protocols originally for Unix but now available in Windows 2000 • Provides authenticated and encrypted path to shell or command line interpreter • Replaces utilities such as Telnet, rlogin and rsh for remote access • Protects against spoofing attacks and modification of data in communication. css security in Networks-css-ps2
Secure Socket Layer (SSL) Encryption • SSL designed to protect communication between a web browser and a server. • Interfaces between applications and the TCP/IP protocols to provide server authentication. • Client and server negotiate a mutually supported set of encryption for session encryption and hashing css security in Networks-css-ps2
Secure Socket Layer (SSL) Encryption • To use SSL, • The client requests an SSL session • The server responds with its public key certificate with which the client authenticates the server • Client returns part of a symmetric session key encrypted under the server’s public key • Client and server both compute the session key, and switch to encrypted communication, using the shared session key css security in Networks-css-ps2
Encryption-IP Security Protocol (IPSec) • Adopted by IPv6, addresses many shortcomings of conventional IP such as spoofing, session hijacking, … • Implemented at IP layer so it effects all layers above it, including TCP and UDP. • Works similar to SSL in terms of authentication and confidentiality and is independent of cryptographic protocols. css security in Networks-css-ps2
IP Security Protocol (IPSec) • IPSEc is based on security association, a set of security parameters for a secured communication channel. • The main data structures of IPSEc are AH (Authentication header) and ESP (Encapsulated Security Payload) css security in Networks-css-ps2
IP Security Protocol (IPSec) • ESP replaces the TCP header and data portion of a packet Packets: (a) Conventional Packet; (b) IPSec Packet. Pfleeger&Pfleeger css security in Networks-css-ps2
IP Security Protocol (IPSec) • ESP replaces the conventional TCP header and data portion of a packet and • contains both of an authenticated portion and an encrypted portion The Encapsulated Security Packet Pfleeger&Pfleeger css security in Networks-css-ps2
Content Integrity Controls • Guarding against modification in transmission. We can use methods such as: • Error Correcting Codes • Cryptographic checksums css security in Networks-css-ps2
Error Correcting Codes • Error Detection Codes • Parity checking (odd or even parity bit) • Usually used to detect non-malicious changes (e.g. noise) • Hash code: a unique signed number returned by a hash function • Huffman code • A data compression method that changes the length of the encoded token in proportion to its information content, that is the more frequently a token is used, the shorter the binary string used to represent it in the compressed stream • Error Correction • Correct without retransmission css security in Networks-css-ps2
Cryptographic Checksum • Also called message digest is a cryptographic function that produces a checksum. • The checksum is assigned to a file and used to "test" the file at a later stage to verify that the data contained in the file has not been maliciously changed. css security in Networks-css-ps2
Strong Authentication Controls • Networked environments as well as both ends of communication need authentication. • We will consider the following methods: • One-Time Password • Challenge-Response Systems • Digital Distributed Authentication • Kerberos css security in Networks-css-ps2
One-Time Password • Guards against wiretapping and spoofing • Password is effective only once • Uses a secretly maintained password list, or • each user can use a device to randomly generate new passwords every minute (computation is based on the value of current “time” interval). • Within the same “minute” the receiving computer should be able to compute the same password to match. css security in Networks-css-ps2
Challenge_Response Systems • The user authenticates to a simple device by means of say a PIN. • The system prompts the user with a new challenge for each use: • The remote system sends a random number (the “challenge”) which the user enters into the device. • The device responds to that number with another number, which the user transmits to the system and so on. css security in Networks-css-ps2
Authentication in Distributed Systems –Kerberos • Designed at MIT. • Used for authentication between clients and servers. • Based on the idea that a central server provides authenticated tokens called tickets to requesting applications. • A ticket is non-forgeable and non-replayable. css security in Networks-css-ps2
Authentication in Distributed Systems –Kerberos • Kerberos design goals was to enable systems to withstand attacks in distributed systems. The main characteristics are: • No passwords are communicated on the network. • User’s password is stored only at the Kerberos server. • It is not sent from the user’s workstation when it initiates a session. • Provides cryptographic protection against spoofing. • Each access is mediated by a ticket-granting server • Which knows the identity of the user based on the authentication performed initially by the server. css security in Networks-css-ps2
Authentication in Distributed Systems –Kerberos 3. Limited period of validity (of tickets) • Tickets contain timestamps with which the server will determine the ticket’s validity. • The attacker therefore will not have time to complete a long term attack. • Timestamps prevent replay attacks • In a replay attack a valid data transmission is maliciously or fraudulently repeated or delayed. • The server compares the timestamps of requests with current time. And accepts requests only if they are reasonably close to current time. • This time-checking prevents most replay attacks, since the attacker’s presentation of tickets will be delayed! 4. Mutual authentication • The user of a service can be assured of any server’s authenticity by requesting an authenticating response from the server. css security in Networks-css-ps2
Authentication in Distributed Systems -Kerberos • Uses public key technology for key exchange. • A central server provides authenticated tokens, called tickets to requesting applications. • Ticket is an encrypted data structure naming a user and a service the user has permission to access. css security in Networks-css-ps2
Kerberos • The user first establishes a session with Kerberos server as follows: • The user’s workstation sends user’s identity to Kerberos server. • The Kerberos server verifies that the user is authorised by sending two messages. One to the user and the other to the ticket-granting server. css security in Networks-css-ps2
Kerberos • User’s message contains: • A session key SGto communicate with ticket granting server G; and a ticket TG. • SG Is encrypted under user’s password: • E(SG+ TG, PW) • Ticket granting server’s message contains: • A copy of the session key SG and the encrypted identity of the user css security in Networks-css-ps2
Kerberos • If the workstation can decrypt E(SG+ TG, PW) using pw, then the user has been successful in authentication. • Diagram show how a Kerberos session is initiated Pfleeger&Pfleeger css security in Networks-css-ps2
Kerberos • Now the user (U) wants to access the services of the distributed system (say access file F) • Using key SG the user requests a ticket from ticket granting server to access file F. • The ticket granting server verifies U’s access permission and returns a ticket and a session key. css security in Networks-css-ps2
Kerberos • The ticket contains the following: • U’s authenticated identity • An identification of F • Access rights • A session key SF (with file server) • Ticket expiry date • Diagram shows how a Ticket can be obtained to access a file Pfleeger&Pfleeger css security in Networks-css-ps2
Access Control • Access control enforce what and How of security control policies. • Mechanisms such as: • ACLs on Routers • Firewalls • We will look at them later css security in Networks-css-ps2
ACLs on Routers • Routers can be configured with ACLs to deny access to particular hosts from particular hosts. • This is very expensive. Brings a large load to routers. • Routers inspect the source and destination addresses. But with UDP datagrams, attackers can forge source address so that their attack can not be blocked by router’s ACL.. • Limited and restricted use of ACLs is a more viable option. css security in Networks-css-ps2
Honeypots Controls • Like catching a mouse we can set a trap with an attractive bait! • A honeypot is a computer system or a network segment open to attackers to • See what the attackers do • tempt the attacker to a place so that you can learn its habits and stop future attacks • Make a playground to divert him/her from the real system css security in Networks-css-ps2
Firewalls • A firewall is a device or, software, or a combination of both designed to prevent unauthorised users from accessing a network and/or a single workstation. • Networks usually use hardware firewalls which are implemented on the router level. These firewalls are expensive, and it is difficult to configure them. • Software Firewalls are used in single workstations and are usually less expensive and it is easier to configure them css security in Networks-css-ps2
Firewalls • Inspect each individual inbound or outbound packet of data to or from the system • Check if it should be allowed to enter or otherwise it should be blocked css security in Networks-css-ps2
Types of firewalls • Packet filtering gateways or screening routers • Stateful inspection firewalls • Application proxies • Guards • Personal firewalls css security in Networks-css-ps2