1 / 77

Network Security

Network Security. Protecting An Organization’s Network. A Note About Security. Humans are usually the most susceptible point in any security scheme A worker who is malicious, careless, or unaware of an organization’s information policy can compromise the best security William Stallings.

wilson
Télécharger la présentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Protecting An Organization’s Network

  2. A Note About Security • Humans are usually the most susceptible point in any security scheme • A worker who is malicious, careless, or unaware of an organization’s information policy can compromise the best security • William Stallings

  3. A Note About Security • If your site has multiple access points, the overall security of the site is only as strong as the security of the least secure access point • Thus, you must ensure that all points of access are secure • Again, frequently the weakest link is people • This includes such access points as E-Mail, their personal web sites, etc.

  4. A Note About Security • A recent demonstration found that 24% of passwords could be determined, by: • Searching dictionaries of names, places, and other words • Using the username • Using information about the user, such as their first name • A much higher percentage would result if variations of the above were used • e.g. marge123

  5. Security Terminology Authentication: The process of determining the identify of a client or other entity Encryption: The process of obfuscating data so that it cannot be examined in its current form Publickey: An object used in the encryption process that is publicly available Private key: An object used in the encryption process that is kept private within an organization

  6. Authentication: IPSec • Uses IP datagrams to provide security features such as authentication • Authentication is provided for each datagram • An IP datagram, such as those used for TCP connections will be assigned an authentication header (AH)

  7. Authentication: IPSec A normal TCP datagram: IPH TCPH TCP Data A TCP datagram with IPSec authentication information: IPH AH TCPH TCP Data

  8. Authentication Headers • Each authentication header contains authentication information that relates the sender of the message to the message data • If this data were static, it would be fairly simple to ‘forge’ datagrams with another entity’s authentication information • Clearly this data must be dynamic, relating to the data in the message, and difficult to reproduce by another entity

  9. Authentication Headers 1 Next Header Points to the TCP header 1 Payload Length Length of the entire header 2 Unused Reserved for future use 4 Security Parameters Index The security scheme used 4 Sequence Number A unique number for each packet ? Data Data for the security scheme

  10. Authentication Data • The data portion of the authentication header is where we place authentication information • This authentication must be difficult to forge • IPSec (and many other schemes) use message digests for this purpose

  11. Message Digests • A message digest is a small piece of information created by examining a larger piece of information • In this case, the larger bit of information is the data of the datagram • Sound familiar? • It should, a checksum is very similar to a digest • A digest normally is a larger entity so there is a higher degree of detecting changes • Various algorithms are used to create digests • E.g. SHA-1, MD5

  12. Authentication Information • A well-known algorithm is used to generate the digest • So how is that valid authentication information? • Its not, the digest ensures the data received is the same as the data sent • The digest is encrypted using the sender’s private key

  13. Public Key Encryption • Public key encryption (encrypting with pairs of public and private keys) will be discussed at a later time • Suffice it to say, that either: • The sender encrypts the data using the receiver’s public key, and the receiver decrypts the data using its own private key • The sender encrypts the data using its own private key, and the receiver decrypts the data using the sender’s public key

  14. Public Key Encryption A B A’s Private Key B’s Public Key B’s Private Key A’s Public Key

  15. Public Key Encryption A B A’s Private Key B’s Public Key B’s Private Key A’s Public Key

  16. Public Key Encryption A B A’s Private Key B’s Public Key B’s Private Key A’s Public Key

  17. Public Key Encryption A B A’s Private Key B’s Public Key B’s Private Key A’s Public Key

  18. Public Key Encryption • Clearly, each key can be used to encrypt, and each key can be used to decrypt • Thus public key encryption is bi-directional • The private key is used to encrypt when the receive wants to ensure the data comes from the correct recipient • No-one else would have the private key • The public key is used to encrypt when the data must not be seen by external entities • Only the private key can be used to decrypt

  19. Authentication Information • The private key of the sender is used to encrypt the message digest • Since only the sender would have the private key, the resulting encrypted digest is unique • Since the digest would change with even a minor change to the data, the encrypted ensures data has not been tampered with • Thus this combination of digests and public key encryption ensures data integrity and provides authentication

  20. Encryption in IPSec • IPSec also supports encryption • In IPSec, it is called Encapsulating Security Payload (ESP) • The operation is similar to how IPSec handles authentication, except that the datagram’s data portion is encrypted • The ESP header describes the technique used for encryption

  21. Encryption in IPSec • Since the sender normally would use its private key to encrypt datagrams, additional authentication is not normally required • Encryption schemes also normally include methods for ensuring data integrity

  22. VPNs • Recall that virtual private networks uses encryption to keep their data secure between sites • VPNs frequently use IPSec’s ESP feature to accomplish this • The external router for each site would employ IPSec ESP on incoming and outgoing datagrams

  23. VPNs • The advantage of using IPSec to implement VPNs is that it is a well-known technology • Thus it may be used, assuming the ubiquitous nature of IPSec on the Internet

  24. Web Security Securing the World Wide Web

  25. The Need • The World Wide Web requires certain access points • If your site is to have a world wide web server, it requires at least one port that external entities may connect to • e.g. 80 (HTTP), 443 (HTTPS), etc. • If users on your site will access the web through a client, it requires ports to do so • This may be through a single machine, called an HTTP proxy server

  26. The Threats • There are four kinds of web-related threats: • Integrity threats: Data and/or system files are modified or destroyed • Confidentiality threats: Private data is examined by the intruder • Denial of Service: Web service is disrupted, preventing other clients from using it • Authentication: The identify of an entity is forged, making it seem like a request or command is coming from someone else • Unchecked code attacks: User-supplied data is assumed to be benign, but when used it could be code which is executed (e.g. Javascript or SQL)

  27. Integrity Threats • Data integrity can be compromised in several ways: • Files stored on the server are modified • Memory, containing data, is modified • Network messages are modified • The result is the loss of data, or some compromised data • This compromised data may include such things as password files, malicious shell scripts, etc.

  28. Integrity Threats • The common theme to all of these threats is that data is changed • Checksums/digests make it possible to ensure data is not changed • If data is changed, the checksum/digest will indicate the change • That may not prevent loss of data alone, but it will (at least) alert administrators (or automatic sentry programs) of the change • Example: Nimbda virus

  29. Nimbda Virus • Nimbda virus exploited a vulnerability in Internet Information Server (a web server) to modify files • The outgoing web page was modified • Actually, Nimbda virus is also an example of a denial of service attack • It is used as an example here, because of its widespread effect and notoriety

  30. Confidentiality Threats • The types of confidentiality threats are: • Reading files from the server • Reading contents of a server’s memory • Reading network messages • The results are: • Invasion of privacy • Lost data (packets read are typically not placed back on the network)

  31. Confidentiality Threats • Encryption prevents any data from being interpreted • Encryption allows only owners of the right ‘key’ to unlock the contained data • Datagrams might be examined and removed from the network, but timeouts would allow that information to arrive, eventually • Example: Packet sniffers, Spyware

  32. Packet Sniffers • Packet sniffers allow anyone on a network to intercept any datagram passing through a machine • Instead of passing the datagram along, first the packet sniffers read the packet’s data • Examples: SpyNet, CommView, Ethereal

  33. Denial of Service Attacks • Sometimes called overload attacks, there are a few types: • Overloading a server with connections or requests • Overloading the threads of a server • Overloading the network connection to a server (buffer overload) • Overloading a disk • Overloading memory

  34. Denial of Service Attacks • Overloading a server can cause the service to become unavailable (thus ‘denial of service’) • Example: Nimbda virus • Once Nimbda virus infiltrates a site (using an integrity attack), each incoming request executes a program (part of the virus) • This program attacks a number of other sites, trying to install the virus there • Eventually, the attacks themselves can cause denial of service (DoS), even on machines where the Nimbda virus could not install itself

  35. Denial of Service Attacks • DoS attacks can be reduced/avoided in a variety of ways: • Routers can filter out duplicate packets • Reduce the effect of a request • Attempt to recognize ‘bogus’ attacks and eliminate any unnecessary processing as a result • Require authenticated access wherever possible • Although, authentication itself may be a target of DoS • However, there is no way to make DoS attacks impossible at this time

  36. Authentication Attacks • Sometimes used in combination with integrity attacks • Where data is modified and the identity of the sender is forged, so that the data is accepted • Authentication attacks typically involve users modifying source IP addresses (and things like IPSec authentication headers) to forge their identities • Although the authentication schemes used by IPSec now make this difficult

  37. Authentication Attacks • Authentication can be accomplished using techniques such as those used by IPSec • Including a message digest, encrypted with the sender’s private key allows the receiver to validate the identity of the sender • Examples: Using a packet sniffer, modifying the packets, placing them back on the network

  38. Unchecked Code Attacks • User-supplied data should always be validated • Positive validation: Checking to make sure the data meets your expectations e.g. the expected format of an E-Mail address • Negative validation: Checking for code, special characters and other enablers which might indicate that something malicious is in the user data e.g. a <script> tag

  39. Unchecked Code Attacks • Imagine a form that asks for an E-Mail address • Please enter your E-Mail address and password to log into our site • Imagine that when the form submission fails, the printed the E-Mail address in the browser for verification • Are you sure bsmith@abc.com the correct E-Mail address? • Now imagine that the user types in some nasty JavaScript code (<script>…</script>) • The code will be put into the response page, and possibly executed

  40. Guarding Against Attacks • For each type of attack, I have suggested a few examples of technologies that can be used to prevent the attacks • Of course, none of these solutions is fool proof • Recall the comment about the weakest link in the chain • e.g. A private key falls into the wrong person’s hands • e.g. A certificate is sent unencrypted via E-Mail

  41. Guarding Against Attacks • The combination of the following techniques may represent a security scheme for a given site: • Message digests • Guards against integrity attacks • Encrypting the digest with a private key • Guards against authentication attacks • Encrypting the message with a public key • Guards against confidentiality attacks • Employing duplicate-removing routers, and requiring authenticated access wherever possible • Guards against DoS attacks • User input validation • Guards against unchecked code attacks

  42. Guarding Against Attacks • One fact is always true about site security: • An ounce of prevention is worth a pound of cure • Frankly if attacks can be avoided or halted before they occur, we will not need to deal with the side-effects of intrusions • The Code Red worm gives an example: • The security hole was discovered by a popular security site, and a patch was created by them many months in advance • The security hole was made public by this site • Many clones of the Code Red worm were created given this new information, which also flourished on unpatched sites • Microsoft subsequently released an official patch for IIS more than 2 months before the code red worm became prevalent

  43. Another Attack Categorization • The previous scheme categorized attacks by their purpose • Another possibility is to categorize attacks by how messages propagate: • Interruption: Messages are removed from the network, so they are never received • Interception: Messages are read from the network without interrupting the message reaching its destination • Modification: Messages are removed from the network and replaced by another, modified version • Fabrication: Messages are created, usually in order to appear to come from a different source, for a different purpose

  44. Encryption and Authentication In Depth

  45. Authentication and Encryption • These two technologies are frequently inter-related • Both can be closely related to private keys • There are really two categories of encryption techniques: • Conventional (single-key) encryption: The same key (shared by both sides) is used to encrypt and decrypt the data • Public key encryption: One key is used for encryption (usually the private key), and another for decryption (usually the public key)

  46. Single Key Encryption • Somehow, a shared key must be distributed between both programs • Single key encryption algorithms must be symmetric: • They must provide a means to use the same key to decrypt and encrypt the data • Usually this means there are two (reverse) algorithms

  47. Single Key Encryption • To ensure security, the key exchange must occur in some secure way • If someone intercepts the key, the encrypted message can be decrypted • Assuming they have the decryption algorithm • This separation of encryption algorithm from the key is an advance in cryptography • Encryption algorithms in the 30’s and 40’s involved only an encryption algorithm

  48. Terminology • Plaintext: Data prior to the encryption process • Or data after the decryption process • Ciphertext: Data after the encryption process • Cipher: An encryption algorithm • Secret key: A piece of data used by the encryption algorithm to generate ciphertext • The secret key is also used by the decryption algorithm to generate plaintext

  49. Encryption Algorithms: Ancient • Encryption methods (not applied to data per se, but to spoken or telegraph/written messages) usually involved the replacement of common parts of the messages with other characters/words • One common example is the replacement of letters with some other letter in the alphabet • This scheme was used by Julius Caesar, and as such it is called the Caesar Cipher • Later, these schemes employed some changing factor • Such as a table containing mappings between letters • This table represents a changeable key that both parties must know

  50. Caesar Cipher Problems • If the relationship between ciphertext letters and plaintext letters follows some pattern (as they did in Caesar’s method), the key can be easily determined • One way to combat these problems is to convert groups of letters at a time • Thus AB might translate to XY, but AC might translate to WV (not XV or something like that)

More Related