1 / 90

Chapter 30

Chapter 30. Security. Credit: most slides from Forouzan, TCP/IP protocol suit. Phishing: Masquerading as a well-known site to obtain a user’ personal info. Denial of Service: Intentionally blocking a site to prevent business activities.

hedge
Download Presentation

Chapter 30

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit TCP/IP Protocol Suite

  2. Phishing: Masquerading as a well-known site to obtain a user’ personal info. Denial of Service: Intentionally blocking a site to prevent business activities. Loss of control: an intruder gains control of a system. Loss of data: Steal or delete. Criminal Expoits and Attacks TCP/IP Protocol Suite

  3. Attacks • Software Based Attackes • Malware – Malicious software – damaging or annoying software. Viruses or worms. • Hardware Based Attacks • Bios, USB devices, NAS, Cell phones • Attacks on Virtualized Systems

  4. Software based attacks: Viruses • Attaches to a legitimate software (carrier, a program or document) and then replicates through other programs, devices, emails, instant messaging, etc. • Computer crashes, destruction of HD, fill up HD, Reduce security settings allowing others to come in, reformat HD, etc. • File infecting virus attaches to executables (such as cascade virus), resident virus loaded into RAM (such as Randex, Meve, MrKlunky), Boot virus infects MBR (Polyboot.B , AntiEXE), companion virus adds program to OS replacing legitimate OS programs (Stator, Asimove.1539), Macro virus written in any macro scripting (Melissa.A, Bablas.Pc). • Polymorphic virus changes itself to avoid detection

  5. Worms Stand alone programs Takes advantage of the OS/application vulnerabilities. Worms uses networks to send copies of itself slowing down networks. While virus requires user action to start an infected program, worms do not (can start executing itself). Worms as they travel through internet can leave a payload behind on each system which can delete files or allow remote controlling of the system.

  6. Concealing malware Trojan horses, rootkits, logic bombs and privilege escalation.

  7. Trojan Horse Installed with the knowledge of the user. A program advertised as a utility but actually does something else (screen saver, calendar, player, etc.). These programs may do a legitimate activity, but also might capture credit card info, etc and send it.

  8. Rootkits Programs installed on computers that takes control of certain aspects of the computer by replacing OS utilities. Sony installed a program on their CDs (2005) preventing copying of the CD by operating system routines. Others used this idea and created their own, or added features to Sony’s program. Rootkits do not spread themselves. Very difficult to remove from HD. Boot from another device and see if problems disappear.

  9. Logic Bombs Lies Dormant until triggered by an event such as a date, person fired, etc. Usually done by employees. Very difficult to discover before triggered. Embedded in large programs.

  10. Privilege Escalation Either change own privilege to higher level, or use another employees higher privilege. Done by exploiting vulnerabilities of OS.

  11. Malware for profit • Spam, spyware and botnets • Spam • Waste of time, checking and deleting. Email lists are sold by many ISPs, and other sites.

  12. Spyware • Tracking software installed without the knowledge of the user. Advertises and Collects and distributes personal information. Harder to detect and remove than viruses. Causes the computer to slow down, freezes up, new browser toolbars or menus installed, hijacked homepage and increased popups. • Adware – a software that delivers advertising for gambling sites or pornography. Keeps track of browsing behavior and reports to give specific pop-ups for merchandize. • Keyloggers. A small hardware attached to the keyboard interface or a resident software that monitors and logs each keystroke.

  13. Botnets Programs that render your computer to be controlled remotely. The computer is called a zombie. Thousands of zombie computers under the control of a single attacker is called a botnet. Attackers use internet relay chat (IRC) to remotely control the zombies. Zombies are used for spamming, spreading malware, denying services, etc.

  14. Hardware based attacks • BIOS • BIOS can be flashed with viruses or rootkits. Flashing the bios can render the computer useless until it is replaced. You can write protect BIOS to prevent this from happening. • USB devices • NAS and SANs can get all malware discussed. • Cell phones – infected messages, launch attacks, make calls, etc.

  15. Attacks on Virtualized systems • Operating system virtualization with virtual machine • Storage virtualization • Multiple os on the same machine. However, existing anti virus/spam software do not work. • Additional concern – one existing virtual machine may infect another. • Protection approaches: • Hypervisor-runs on the physical machine and manages the virtual machines. • Run security software such as a firewall on the physical machine

  16. Wiretapping Replay – sending packets captured from previous session such as username and password. Buffer overflow: sending more data than receiver expects, thereby storing values in memory buffer. Address spoofing. Faking IP source address Name spoofing. Misspelling of a well-known name or poisoning name server. SYN flood – sending stream of TCP SYN Key breaking – guessing password Port Scanning – to find vulnerability Packet Interception – man in the middle attack. Techniques used TCP/IP Protocol Suite

  17. Hardening Operating system Encryption Digital Signatures Firewall Intrusion detection systems Packet inspection and content scanning VPN Security Techniques TCP/IP Protocol Suite

  18. Hardening Operating System • 3 pronged approach: • operating system updates, • Protect against buffer overflows, • configuring operating system protections

  19. Operating System updates • Security Patch: Covers discovered Vulnerabilities • Turn on automatic updates • Hotfix – specific to a customer situation • Service Pack – Cumulative security patches and other software updates. • Designate one server within your organization as the patch update service

  20. Buffer Overflow Protection • Corrupts system memory and causes freezing • May change the return address (from a routine) to a different one where the malware is residing. • Programmers should write defensive programming. Show the textbook to the students. • For windows based programming use: Data execution prevention(DEP) and Address Space Layout Randomization (ASLR)

  21. Defensive programming Microsoft environment • Data Execution Prevention (DEP) • DEP is available in VISTA and beyond • Designated memory only to hold data not code (No eXecute NX bit associated with the memory). Buffer overflow redirection would not work within a NX memory. • Programmers can turn on this feature. • Address Space Randomization (ASLR). • Each time Vista.. Is rebooted .EXE and .DLL are loaded randomly into 256 possible locations. Attackers find it difficult to work with unpredictable code locations.

  22. Configuring Operating System Protection • Security Policy • A document that clearly defines the defense mechanisms an organization will employ in order to keep information secure. • Configuration baseline – permissions on files, registry permissions, logins, authentications, etc. You may want to create a Security template to handle it. • Deployment – individually or by group policy

  23. Attacks through cookies, scripts, Java, ActiveX and cross-site scripting. Preventing Attacks that Target Web browser

  24. information about visits saved on user’s computer. First party cookie is created by the site that the user is currently viewing. Third-party cookies are cookies created by some one else is accessed in a current visit to a different site. Cookies do not present a security threat, but is a privacy risk. Track browsing habits, etc. Also provides IP address. Cookies

  25. Web pages containing scripts download the scripts to the computer and is executed. The program can send information about the user to a host. Scripts can’t access files on the computer, so limited risk exists. Scripts (Java, VB, etc.)

  26. Java can create applets that run on local computers. Defense against hostile jave applets is a Sandbox (a fence). Unsigned java applet does not come from a trusted source and must be run within the sandbox and gives warning to the users. If users do not read the message, or understand the risk, it can cause serious trouble. Sandbox warnings are given at the bottom left. Signed java applets are from trusted sources and have not been altered. Java

  27. framework for defining reusable software components (known as controls) that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language. A software application can then be formed from one or more of these components in order to provide its functionality. They do not run in a sandbox. It can do anything on the computer such as creating, modifying and deleting files. A signed ActiveX control is generally safe. Unsigned is riskier. ActiveX – Add-ons

  28. Scripts that extract information from victim and pass it to the attacker. Changes contents of dynamic websites and injects a script into it that asks for personal information through input validation. A web site that displays bad login screens with login name is a good one for these types of attacks. It could send a URL to click Cross Site Scripting (XSS)

  29. A user can set up a email receiving address and a sending address. Usually they are the same like pop.dia.sbc.net and smtp.dia.sbc.net. Some smpt servers are configured to sned mail through other domains (known as relays). An attacker can send spam through such relays without getting caught. SMTP Open Relays

  30. Once a user signs up with the instan message server, the client’s IP and port is sent to all buddies and communication can take place directly. With direct connection virus and worms can be spread. Attacker can also view contents of messages. Instant Messaging

  31. All types of attacks can take place through P2P networks. BitTorrent is more secure than P2P. However, both can be used to download illegal software or music. Peer-to peer

  32. Antivirus – always a step behind, update with definition files. Pop-up blockers. Now incorporated into the browser. Anti-spam. Spam filter with smtp server. Install spam filter with pop3 Personal firewals. Host Intrusion Detection systems (HIDS) monitoring files systems and logfiles. Defenses

  33. 28.1 CRYPTOGRAPHY The word cryptography in Greek means “secret writing.” The term today refers to the science and art of transforming messages to make them secure and immune to attacks. The topics discussed in this section include: Symmetric-Key Cryptography Asymmetric-Key Cryptography Comparison TCP/IP Protocol Suite

  34. Figure 28.1Cryptography components TCP/IP Protocol Suite

  35. Note: In cryptography, the encryption/decryption algorithms are public; the keys are secret. TCP/IP Protocol Suite

  36. Note: In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. TCP/IP Protocol Suite

  37. Figure 28.2Symmetric-key cryptography TCP/IP Protocol Suite

  38. Note: In symmetric-key cryptography, the same key is used in both directions. TCP/IP Protocol Suite

  39. Figure 28.3Caesar cipher TCP/IP Protocol Suite

  40. Figure 28.4Transpositional cipher TCP/IP Protocol Suite

  41. Is a block cipher Takes 64-bit plaintext and creates a 64-bit ciphertext. The cipher key is a 56-bit key. It uses 16 rounds, each round mixes and swapps (left half with right half) Data encryption Standard (DES) TCP/IP Protocol Suite

  42. Figure 28.5DES (Data Encryption Standard) TCP/IP Protocol Suite

  43. Note: The DES cipher uses the same concept as the Caesar cipher, but the encryption/ decryption algorithm is much more complex. TCP/IP Protocol Suite

  44. The secret key is personal and unshared. Symmetric key scheme would require n(n-1)/2 keys, for a million people it would require half a billion shared secret keys. Whereas, in asymmetric scheme we would only require a million secret keys. Asymmetric ciphers use two keys, private and public. Asymmetric is much slower. Both symmetric and asymmetric can be used if need to be. Think: if you want to send a secret symmetric key, you can use asymmetric. Asymmetric-key ciphers TCP/IP Protocol Suite

  45. Protocols • IPSec (internet Security Protocol) operates in the network layer. Used in VPN. • IP sec supports Authentication Header (AH) protocal and Encapsulation Security Payload (ESP) protocol • The SSL (Secure Socket Layer) protocol serves as a security for transferring encrypted data. • WEP (Wired Equivalent Privacy) standard. Data stream is encrypted with RC4 algorithm. RC4 is simple, it is not very secure. • WPA (Wi-Fi Protected Access) specification and AES (Advanced Encryption standard) I more secure for encrypting wireless data. TCP/IP Protocol Suite

  46. Figure 28.8Public-key cryptography TCP/IP Protocol Suite

  47. Note: Symmetric-key cryptography is often used for long messages. TCP/IP Protocol Suite

  48. Note: Asymmetric-key algorithms are more efficient for short messages. TCP/IP Protocol Suite

  49. Note: Digital signature can provide authentication, integrity, and nonrepudiation for a message. TCP/IP Protocol Suite

  50. 28.3 DIGITAL SIGNATURE Digital signature can provide authentication, integrity, and nonrepudiation for a message. The topics discussed in this section include: Signing the Whole Document Signing the Digest TCP/IP Protocol Suite

More Related