590 likes | 937 Views
Chapter 10 Network Security. Introduction. Look at: Principles of Security (10.1) Threats (10.2) Encryption and Decryption (10.3) Firewalls (10.4). Introduction. Look at: IP Security (IPSec) (10.5) Web Security (10.6) E-mail Security (10.7) Best Internet Security Practices (10.8).
E N D
Chapter 10 Network Security
Introduction • Look at: • Principles of Security (10.1) • Threats (10.2) • Encryption and Decryption (10.3) • Firewalls (10.4)
Introduction • Look at: • IP Security (IPSec) (10.5) • Web Security (10.6) • E-mail Security (10.7) • Best Internet Security Practices (10.8)
Principles of Security • The concept of security within the network environment includes: • All aspects of operating systems • Software packages • Hardware • Networking configurations • Network sharing connectivity • Physical security is also linked to IT security
Principles of Security • Security is not just a policy or a plan • It is a mindset • You must properly train and cultivate employees to be security aware • Remember that your network is only as strong as its weakest link, which is usually a human being
Threats • Humans pose probably the greatest threat to a network because their behavior cannot be controlled • Because an environment can’t be made completely threat-proof, you must be constantly attentive to be sure that it is as secure as possible • The first step to sound security is establishing a security policy
Threats • A back door is a program that allows access to a system without using security checks • Programmers will put back doors in programs so they can debug and change code during test deployments of software • A back door can also be installed through applications that are hidden inside of games or software such as screen savers • Another type of back door comes in the form of a privileged user account
Threats • Brute force is a term used to describe a way of cracking a cryptographic key or password • It involves systematically trying every conceivable combination until a password is found, or until all possible combinations have been exhausted • Brute force is a method of pure guessing • Password complexity plays an important role when dealing with brute force programs • The more complex the password, the longer it takes to crack
Threats • The most popular attacks are buffer overflow attacks • More data is sent to a computer’s memory buffer than it is able to handle causing it to overflow • The system is left in a vulnerable state or arbitrary code can be executed • Buffer overflows are probably the most common way to cause disruption of service and lost data
Threats • The purpose of a denial of service (DoS) attack is to disrupt the resources or services that a user would expect to have access to • These types of attacks are executed by manipulating protocols and can happen without the need to be validated by the network • Many of the tools used to produce this type of attack are readily available on the Internet
Threats • The man-in-the-middle attack takes place when an attacker intercepts traffic and then tricks the parties at both ends into believing that they are communicating with each other • The attacker can also choose to alter the data or merely eavesdrop and pass it along • A man-in-the-middle attack can be compared to inserting a receptive box between two people having a conversation • This attack is common in Telnet and wireless technologies
Threats • Session hijacking is a term given to an attack that takes control of a session between the server and a client • A hijacker waits until the authentication cycle is completed and then generates a signal to the client • This causes the client to think it has been disconnected • Then the hijacker begins to transact data traffic, pretending to be the original client
Threats • Spoofing is making data appear to come from somewhere other than where it really originated • This is accomplished by modifying the source address of traffic or source of information • Spoofing bypasses IP address filters by setting up a connection from a client and using an IP address that is allowed through the filter
Threats • Social engineering plays on human behavior and how we interact with one another • The attack doesn’t feel like an attack at all • We teach our employees to be customer service oriented so often they think they are being helpful and doing the right thing • Each attack plays on human behavior and our willingness to help and trust others
Threats • Software exploitation is a method of searching for specific problems, weaknesses, or security holes in software code • Improperly programmed software can be exploited • It takes advantage of a program’s flawed code
Threats • A program or piece of code that is loaded onto your computer without your knowledge is a virus • It is designed to attach itself to other code and replicate • It replicates when an infected file is executed or launched • It attaches to other files, adding its code to the application’s code and continues to spread
Threats • Trojan horses are programs disguised as useful applications • Trojan horses do not replicate themselves like viruses but they can be just as destructive • Code hidden inside the application can attack your system directly or allow the system to be compromised by the code’s originator • It is typically hidden so its ability to spread is dependent on the popularity of the software and a user’s willingness to download and install the software
Threats • Worms are similar in function and behavior to a virus, Trojan horse, or logic bomb • Worms are self-replicating • A worm is built to take advantage of a security hole in an existing application or operating system, find other systems running the same software, and automatically replicate itself to the new host • The process repeats with no user intervention
Threats • Other types of malware are: • Logic bombs • Spyware • Sniffers • Keystroke loggers • As with anything, the intent and use of some of these can be good or bad
Encryption and Decryption • Cryptosystem or cipher system provides a way to protect information by disguising it into a format that can be read only by authorized systems or individuals • The use of these systems is called cryptography and the disguising of the data is called encryption
Encryption and Decryption • Encryption is the transformation of data into a form that cannot be read without the appropriate key to decipher it • It is used to ensure that information is kept private • Decryption is the reverse of encryption • Decryption deciphers encrypted data into plain text that can easily be read
Encryption and Decryption • There are two basic types of encryption where one letter is replaced with another by a scheme • This is called a cipher • The two basic types are: • substitution • transposition
Encryption and Decryption • A substitution cipher replaces characters or bits with different characters or bits, keeping the order in which the symbols fall the same • In a transposition cipher, the information is scrambled by keeping all of the original letters intact, but mixing up their order • This is called permutation
Encryption and Decryption • The Data Encryption Standard (DES) suggests the use of a certain mathematical algorithm in the encrypting and decrypting of binary information • The system consists of an algorithm and a key • It is a block cipher using a 56-bit key on each 64-bit chuck of data • In a block cipher, the message is divided into blocks of bits
Encryption and Decryption • Rivest-Shamir-Adleman (RSA) is an Internet encryption and a digital signature authentication system that uses an algorithm • This encryption system is currently owned by RSA Security • The RSA key length may be of any length, and it works by multiplying two large prime numbers
Encryption and Decryption • Public-key cryptosystems use different keys to encrypt and decrypt data • The public key is readily available whereas the private key is kept confidential • There are two major types of algorithms used today: • symmetric, which has one key that is private at all times • asymmetric, which has two keys: a public one and a private one
Encryption and Decryption • Besides RSA, some of the more popular asymmetric encryption algorithms are: • Diffie-Hellman Key Exchange • El Gamal Encryption Algorithm • Elliptic Curve Cryptography (ECC) • The environments where public-key encryption is very useful include unsecured networks where data is vulnerable to interception and abuse
Encryption and Decryption • Public Key Infrastructure (PKI) allows you to bring strong authentication and privacy to the Internet • Public-key cryptographic techniques and encryption algorithms allow you to provide authentication and ensure that only the intended recipients have access to data • PKI is comprised of several standards and protocols that are necessary for interoperability among different security products
Encryption and Decryption • The system consists of digital certificates and the certificate authorities (CAs) that issue the certificates • Certificates identify sources that have been verified as authentic and trustworthy • The CA’s job is to verify the holder of a digital certificate and ensure that the holder of the certificate is who they claim to be
Encryption and Decryption • Digital signatures are used to authenticate the identity of the sender, as well as ensure that the original content sent has not been changed • Non-repudiation is intended to provide a method in which there is no way to refute where data has come from • Non-repudiation is unique to asymmetric systems because private keys are not shared
Encryption and Decryption • A virtual private network (VPN) is a network connection that allows you secure access through a publicly accessible infrastructure • VPN technology is based on tunneling • Tunneling uses one network to send its data through the connection of another network • It works by encapsulating a network protocol within packets carried by a public network
Encryption and Decryption • The protocol that is wrapped around the original data is the encapsulating protocol such as: • IP Security (IPSec) • Point-to-Point Tunneling Protocol (PPTP) • Layer Two Tunneling Protocol (L2TP) • Layer 2 Forwarding (L2F) • Tunneling is not a substitute for encryption
Firewalls • A firewall is a component placed between computers and networks to help eliminate undesired access by the outside world • It can be comprised of: • hardware • software • a combination of both
Firewalls • There are four broad categories that firewalls fall into: • packet filters • circuit level gateways • application level gateways • stateful inspection • These four categories can be grouped into two general categories
Firewalls • A packet-filtering firewall is typically a router • Packets can be filtered based on IP addresses, ports, or protocols • They operate at the Network layer (Layer 3) of the Open System Interconnection (OSI) model • Packet filtering is based on the information contained in the packet header
Firewalls • An Application-level gateway is known as a proxy • Proxy service firewalls act as go betweens for the network and the Internet • The firewall has a set of rules that the packets must pass to get in or out of the network • They hide the internal addresses from the outside world anddon’t allow the computers on the network to directly access the Internet
IP Security (IPSec) • IPSec is a set of protocols developed by the IETF that operates at the Transport Layer (Layer 3) to support the secure exchange of packets • The IPSec protocol suite adds an additional security layer in the TCP/IP stack • The IPSec suite attains a higher level of support for data transport by using a set of protocols and standards together
IP Security (IPSec) • These include: • Authenticated Header (AH) • Encapsulated Secure Payload (ESP) • Internet Key Exchange (IKE) • AH provides integrity, authentication, and anti-replay capabilities • ESP provides all that AH provides, plus data confidentiality
Web Security • A Web server is used to host Web-based applications and internal or external Web sites • The best way to ensure that only necessary services are running is to do a clean install • Web servers contain large, complex programs that may have some security holes • Many protocols contain common vulnerabilities that may be manipulated to allow unauthorized access
E-mail Security • E-mail has become the preferred method of communication • The public transfer of sensitive information exposes it to interception or being sent to undesired recipients • Unsolicited e-mail may contain dangerous file attachments such as viruses, trojan horses or worms
E-mail Security • Pretty Good Privacy (PGP) is a specification and application which is integrated into popular e-mail packages • PGP enables you to securely exchange messages, secure files, disk volumes and network connections with both privacy and strong authentication • PGP can also be used for applying a digital signature without encrypting the message
E-mail Security • Privacy-Enhanced Mail (PEM) was one of the first standards for securing e-mail messages by encrypting 7-bit text messages • PEM may be employed with either symmetric or asymmetric cryptographic key mechanisms • It works at the application layer, using a hierarchical authentication framework compatible with X.509 standards
Best Internet Security Practices • Here are some best practices for being able to detect network attacks: • Assume everyday that a new vulnerability has surfaced overnight • Make it part of your daily routine to check the log files from firewalls and servers • Have a list of all the security products that you use and check vendor Web sites for updates
Best Internet Security Practices • Here are some best practices for being able to detect network attacks: • Know your infrastructure • Ask questions and look for answers • Set good password policies • Install virus software and update the files on a regular basis
Best Internet Security Practices • Listed below are some Web sites that offer good information on best practices: • http://csrc.nist.gov/fasp/ • http://www.cert.org/security-improvement/ • http://www.sans.org/rr/ • http://www.securityfocus.com