1 / 45

Chapter 10 Network Security

Chapter 10 Network Security. Introduction. Look at: Principles of Security (10.1) Threats (10.2) Encryption and Decryption (10.3) Firewalls (10.4). Introduction. Look at: IP Security (IPSec) (10.5) Web Security (10.6) E-mail Security (10.7) Best Internet Security Practices (10.8).

ingo
Download Presentation

Chapter 10 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 10 Network Security

  2. Introduction • Look at: • Principles of Security (10.1) • Threats (10.2) • Encryption and Decryption (10.3) • Firewalls (10.4)

  3. Introduction • Look at: • IP Security (IPSec) (10.5) • Web Security (10.6) • E-mail Security (10.7) • Best Internet Security Practices (10.8)

  4. Principles of Security • The concept of security within the network environment includes: • All aspects of operating systems • Software packages • Hardware • Networking configurations • Network sharing connectivity • Physical security is also linked to IT security

  5. Principles of Security • Security is not just a policy or a plan • It is a mindset • You must properly train and cultivate employees to be security aware • Remember that your network is only as strong as its weakest link, which is usually a human being

  6. Threats • Humans pose probably the greatest threat to a network because their behavior cannot be controlled • Because an environment can’t be made completely threat-proof, you must be constantly attentive to be sure that it is as secure as possible • The first step to sound security is establishing a security policy

  7. Threats • A back door is a program that allows access to a system without using security checks • Programmers will put back doors in programs so they can debug and change code during test deployments of software • A back door can also be installed through applications that are hidden inside of games or software such as screen savers • Another type of back door comes in the form of a privileged user account

  8. Threats • Brute force is a term used to describe a way of cracking a cryptographic key or password • It involves systematically trying every conceivable combination until a password is found, or until all possible combinations have been exhausted • Brute force is a method of pure guessing • Password complexity plays an important role when dealing with brute force programs • The more complex the password, the longer it takes to crack

  9. Threats • The most popular attacks are buffer overflow attacks • More data is sent to a computer’s memory buffer than it is able to handle causing it to overflow • The system is left in a vulnerable state or arbitrary code can be executed • Buffer overflows are probably the most common way to cause disruption of service and lost data

  10. Threats • The purpose of a denial of service (DoS) attack is to disrupt the resources or services that a user would expect to have access to • These types of attacks are executed by manipulating protocols and can happen without the need to be validated by the network • Many of the tools used to produce this type of attack are readily available on the Internet

  11. Threats • The man-in-the-middle attack takes place when an attacker intercepts traffic and then tricks the parties at both ends into believing that they are communicating with each other • The attacker can also choose to alter the data or merely eavesdrop and pass it along • A man-in-the-middle attack can be compared to inserting a receptive box between two people having a conversation • This attack is common in Telnet and wireless technologies

  12. Threats • Session hijacking is a term given to an attack that takes control of a session between the server and a client • A hijacker waits until the authentication cycle is completed and then generates a signal to the client • This causes the client to think it has been disconnected • Then the hijacker begins to transact data traffic, pretending to be the original client

  13. Threats • Spoofing is making data appear to come from somewhere other than where it really originated • This is accomplished by modifying the source address of traffic or source of information • Spoofing bypasses IP address filters by setting up a connection from a client and using an IP address that is allowed through the filter

  14. Threats • Social engineering plays on human behavior and how we interact with one another • The attack doesn’t feel like an attack at all • We teach our employees to be customer service oriented so often they think they are being helpful and doing the right thing • Each attack plays on human behavior and our willingness to help and trust others

  15. Threats • Software exploitation is a method of searching for specific problems, weaknesses, or security holes in software code • Improperly programmed software can be exploited • It takes advantage of a program’s flawed code

  16. Threats • A program or piece of code that is loaded onto your computer without your knowledge is a virus • It is designed to attach itself to other code and replicate • It replicates when an infected file is executed or launched • It attaches to other files, adding its code to the application’s code and continues to spread

  17. Threats • Trojan horses are programs disguised as useful applications • Trojan horses do not replicate themselves like viruses but they can be just as destructive • Code hidden inside the application can attack your system directly or allow the system to be compromised by the code’s originator • It is typically hidden so its ability to spread is dependent on the popularity of the software and a user’s willingness to download and install the software

  18. Threats • Worms are similar in function and behavior to a virus, Trojan horse, or logic bomb • Worms are self-replicating • A worm is built to take advantage of a security hole in an existing application or operating system, find other systems running the same software, and automatically replicate itself to the new host • The process repeats with no user intervention

  19. Threats • Other types of malware are: • Logic bombs • Spyware • Sniffers • Keystroke loggers • As with anything, the intent and use of some of these can be good or bad

  20. Encryption and Decryption • Cryptosystem or cipher system provides a way to protect information by disguising it into a format that can be read only by authorized systems or individuals • The use of these systems is called cryptography and the disguising of the data is called encryption

  21. Encryption and Decryption • Encryption is the transformation of data into a form that cannot be read without the appropriate key to decipher it • It is used to ensure that information is kept private • Decryption is the reverse of encryption • Decryption deciphers encrypted data into plain text that can easily be read

  22. Encryption and Decryption • There are two basic types of encryption where one letter is replaced with another by a scheme • This is called a cipher • The two basic types are: • substitution • transposition

  23. Encryption and Decryption • A substitution cipher replaces characters or bits with different characters or bits, keeping the order in which the symbols fall the same • In a transposition cipher, the information is scrambled by keeping all of the original letters intact, but mixing up their order • This is called permutation

  24. Encryption and Decryption • The Data Encryption Standard (DES) suggests the use of a certain mathematical algorithm in the encrypting and decrypting of binary information • The system consists of an algorithm and a key • It is a block cipher using a 56-bit key on each 64-bit chuck of data • In a block cipher, the message is divided into blocks of bits

  25. Encryption and Decryption • Rivest-Shamir-Adleman (RSA) is an Internet encryption and a digital signature authentication system that uses an algorithm • This encryption system is currently owned by RSA Security • The RSA key length may be of any length, and it works by multiplying two large prime numbers

  26. Encryption and Decryption • Public-key cryptosystems use different keys to encrypt and decrypt data • The public key is readily available whereas the private key is kept confidential • There are two major types of algorithms used today: • symmetric, which has one key that is private at all times • asymmetric, which has two keys: a public one and a private one

  27. Encryption and Decryption • Besides RSA, some of the more popular asymmetric encryption algorithms are: • Diffie-Hellman Key Exchange • El Gamal Encryption Algorithm • Elliptic Curve Cryptography (ECC) • The environments where public-key encryption is very useful include unsecured networks where data is vulnerable to interception and abuse

  28. Encryption and Decryption • Public Key Infrastructure (PKI) allows you to bring strong authentication and privacy to the Internet • Public-key cryptographic techniques and encryption algorithms allow you to provide authentication and ensure that only the intended recipients have access to data • PKI is comprised of several standards and protocols that are necessary for interoperability among different security products

  29. Encryption and Decryption • The system consists of digital certificates and the certificate authorities (CAs) that issue the certificates • Certificates identify sources that have been verified as authentic and trustworthy • The CA’s job is to verify the holder of a digital certificate and ensure that the holder of the certificate is who they claim to be

  30. Encryption and Decryption • Digital signatures are used to authenticate the identity of the sender, as well as ensure that the original content sent has not been changed • Non-repudiation is intended to provide a method in which there is no way to refute where data has come from • Non-repudiation is unique to asymmetric systems because private keys are not shared

  31. Encryption and Decryption • A virtual private network (VPN) is a network connection that allows you secure access through a publicly accessible infrastructure • VPN technology is based on tunneling • Tunneling uses one network to send its data through the connection of another network • It works by encapsulating a network protocol within packets carried by a public network

  32. Encryption and Decryption • The protocol that is wrapped around the original data is the encapsulating protocol such as: • IP Security (IPSec) • Point-to-Point Tunneling Protocol (PPTP) • Layer Two Tunneling Protocol (L2TP) • Layer 2 Forwarding (L2F) • Tunneling is not a substitute for encryption

  33. Firewalls • A firewall is a component placed between computers and networks to help eliminate undesired access by the outside world • It can be comprised of: • hardware • software • a combination of both

  34. Firewalls • There are four broad categories that firewalls fall into: • packet filters • circuit level gateways • application level gateways • stateful inspection • These four categories can be grouped into two general categories

  35. Firewalls • A packet-filtering firewall is typically a router • Packets can be filtered based on IP addresses, ports, or protocols • They operate at the Network layer (Layer 3) of the Open System Interconnection (OSI) model • Packet filtering is based on the information contained in the packet header

  36. Firewalls • An Application-level gateway is known as a proxy • Proxy service firewalls act as go betweens for the network and the Internet • The firewall has a set of rules that the packets must pass to get in or out of the network • They hide the internal addresses from the outside world anddon’t allow the computers on the network to directly access the Internet

  37. IP Security (IPSec) • IPSec is a set of protocols developed by the IETF that operates at the Transport Layer (Layer 3) to support the secure exchange of packets • The IPSec protocol suite adds an additional security layer in the TCP/IP stack • The IPSec suite attains a higher level of support for data transport by using a set of protocols and standards together

  38. IP Security (IPSec) • These include: • Authenticated Header (AH) • Encapsulated Secure Payload (ESP) • Internet Key Exchange (IKE) • AH provides integrity, authentication, and anti-replay capabilities • ESP provides all that AH provides, plus data confidentiality

  39. Web Security • A Web server is used to host Web-based applications and internal or external Web sites • The best way to ensure that only necessary services are running is to do a clean install • Web servers contain large, complex programs that may have some security holes • Many protocols contain common vulnerabilities that may be manipulated to allow unauthorized access

  40. E-mail Security • E-mail has become the preferred method of communication • The public transfer of sensitive information exposes it to interception or being sent to undesired recipients • Unsolicited e-mail may contain dangerous file attachments such as viruses, trojan horses or worms

  41. E-mail Security • Pretty Good Privacy (PGP) is a specification and application which is integrated into popular e-mail packages • PGP enables you to securely exchange messages, secure files, disk volumes and network connections with both privacy and strong authentication • PGP can also be used for applying a digital signature without encrypting the message

  42. E-mail Security • Privacy-Enhanced Mail (PEM) was one of the first standards for securing e-mail messages by encrypting 7-bit text messages • PEM may be employed with either symmetric or asymmetric cryptographic key mechanisms • It works at the application layer, using a hierarchical authentication framework compatible with X.509 standards

  43. Best Internet Security Practices • Here are some best practices for being able to detect network attacks: • Assume everyday that a new vulnerability has surfaced overnight • Make it part of your daily routine to check the log files from firewalls and servers • Have a list of all the security products that you use and check vendor Web sites for updates

  44. Best Internet Security Practices • Here are some best practices for being able to detect network attacks: • Know your infrastructure • Ask questions and look for answers • Set good password policies • Install virus software and update the files on a regular basis

  45. Best Internet Security Practices • Listed below are some Web sites that offer good information on best practices: • http://csrc.nist.gov/fasp/ • http://www.cert.org/security-improvement/ • http://www.sans.org/rr/ • http://www.securityfocus.com

More Related