1 / 49

Chapter 15 Network Security

Chapter 15 Network Security. Information Technology in Theory By Pelin Aksoy and Laura DeNardis. Objectives. Understand the main types of network security threats, including denial-of-service attacks, viruses, worms, identity theft, and password theft

jacques
Download Presentation

Chapter 15 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 15Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis

  2. Objectives • Understand the main types of network security threats, including denial-of-service attacks, viruses, worms, identity theft, and password theft • Examine why critical infrastructure attacks are a concern in the current economic and political context • Understand how to significantly reduce the risk of attacks through basic security approaches like firewalls, access control software, and encryption Information Technology in Theory

  3. Objectives (continued) • Distinguish between packet filtering and stateful inspection and application proxy firewall approaches • Learn about public key cryptography • Become familiar with advanced security techniques such as digital signatures and biometric identification Information Technology in Theory

  4. Understanding the Threats • Morris Worm • The first highly publicized network security problem • 1988 • Network security breaches are still a daily occurrence • The annual costs of preventing attacks and implementing reparative security measures is massive Information Technology in Theory

  5. CERT • Respond to problems • Report incidents • Research security technologies • Educate users about security • Homeland security • International CERTs Information Technology in Theory

  6. Who is a threat? • Hackers • Spammers • Rogue employees • Corporate or national spies • Cyberterrorists Information Technology in Theory

  7. Cyberterrorism • A terrorist attack could employ a variety of tactics to disrupt or disable networks for hours, days, or even weeks • Financial systems • Airline reservation systems • Stock market networks • ATMs • Power grid • Water systems • Air traffic control Information Technology in Theory

  8. Types of Attacks • Viruses and worms • Denial-of-service attacks • Identity and password theft • Data interception and modification • Bandwidth piracy • Critical infrastructure attacks Information Technology in Theory

  9. Viruses • Like biological viruses spread among people, computer viruses propagate from computer to computer • A virus is malicious code embedded within a seemingly legitimate program that only becomes active when the program is executed • For example, a file attached to an e-mail may actually be a virus that executes when the file downloads or the user double-clicks the link Information Technology in Theory

  10. Worms • Self-propagating and self-replicating • Autonomous—once unleashed, replicate without any action on the part of users • Exploit existing vulnerabilities, or security holes • Modify files, launch coordinated attacks that flood a target computer with messages, or simply overwhelm a network with debilitating amounts of traffic Information Technology in Theory

  11. Social Engineering • Hoax viruses use social engineering techniques to make users take some action that simulates the actual effects of a virus • For example, virus hoaxes warn users that opening any message with a certain phrase in the title would erase the users’ hard drives • The effect of a hoax is thousands and thousands of users forwarding the e-mail warning, similar to the effects of a real worm Information Technology in Theory

  12. Denial-of-Service Attack • Floods a targeted computer with so many requests that it cripples functionality • Easy to perpetrate and hard to prevent • If a Web site receives too many requests, it will not be available for other users who want access • Consumes bandwidth and system resources • Does not require a hacker to gain unauthorized access, but simply overwhelms a system with requests Information Technology in Theory

  13. Distributed Denial-of-Service Attack Information Technology in Theory

  14. Identity and Password Theft • Hacker technique of assuming the identity of an authorized network user, often by obtaining a network or system password • Hackers obtain passwords in a variety of ways: • Trash cans, snooping • Solicit from help desk • Software tools Information Technology in Theory

  15. Password Interception Information Technology in Theory

  16. Data Interception & Modification • Wire-based systems that use fiber-optic, coaxial, or twisted pair cable are susceptible to such attacks • Wireless networks are especially vulnerable • The act of accessing unsecured wireless LAN transmissions is known as Wi-Fi sniffing Information Technology in Theory

  17. Data Interception Unencrypted wireless transmission is a security problem Information Technology in Theory

  18. Bandwidth Piracy • Hackers use Wi-Fi sniffing equipment to intercept information and to gain free access to the Internet through wireless LANs and other unsecured networks • Because wireless access points are so easy and inexpensive to establish, people set them up outside the purview of technical administrators • These ad hoc arrangements are known as rogue access points Information Technology in Theory

  19. Critical Infrastructure Attacks • The Internet’s DNS • Power grids • Telecommunications systems • Cell phone networks • Internet infrastructure • Stock market networks • ATM networks Information Technology in Theory

  20. Network Security Strategies • Privacy • Access control • Authentication Information Technology in Theory

  21. Privacy • The most effective method of protecting the privacy of network information is encryption • The scrambling of data prior to transmission over a shared or vulnerable network • One benefit of digital technology is the ease and effectiveness of applying encryption algorithms that scramble 0s and 1s, as opposed to scrambling frequencies in analog transmissions Information Technology in Theory

  22. Encryption • To encrypt data, a transmitting computer mathematically manipulates data according to a predetermined algorithm called a cipher • If someone accesses this encrypted data during transmission, the message will be unreadable • Once the data reaches its destination, a receiving computer can unscramble it; in other words, the computer can decrypt the data Information Technology in Theory

  23. Simplified Encryption Example Information Technology in Theory

  24. Public Key Encryption Information Technology in Theory

  25. Generating an Encrypted Message Information Technology in Theory

  26. Access Control • Physical security • Passwords • Firewalls Information Technology in Theory

  27. Firewall • An access control device • Installed between a secure private network and a nonsecure public network to regulate access to and from the private network • Can be implemented in hardware or software • Users can configure access control requirements that must be met before the firewall will permit access to a network or system Information Technology in Theory

  28. Function of a Network Firewall Information Technology in Theory

  29. Typical Firewall Implemenation Information Technology in Theory

  30. Packet Filtering • One way that firewalls can restrict access is through packet inspection • Intercepts packets and inspects header contents, including the source IP address, destination IP address, source port, and destination port • The firewall then either permits or blocks the packet from entering the network • One downside: firewall must inspect every packet that traverses it Information Technology in Theory

  31. Stateful Packet Filtering • A more intelligent form of packet filtering that notes when an incoming response is expected after an outgoing request is made • The stateful packet filtering firewall knows to expect traffic transmitted from a certain IP address or port, and can allow this traffic to go through • If an unexpected packet arrives and indicates that it is a response to an outgoing solicitation, the firewall knows to block this traffic if no such state exists Information Technology in Theory

  32. Network Address Translation • Firewall converts the IP address of every outgoing packet into a shared IP address before the traffic is sent over a network • Prevents bidirectional transmission • Only connections that are initiated on a local, private network are established • Any communication that originates on a public network is stopped by the NAT firewall, which automatically prevents malicious attacks like worms from entering the protected network Information Technology in Theory

  33. Application Proxy Firewalls • The most complex type of firewall is the application proxy firewall • Filters information based on the application data itself • Rather than filtering packets based on allowing or denying HTTP traffic, an application firewall looks at the application content and distinguishes between normal and unexpected HTTP traffic Information Technology in Theory

  34. Password Strategies • Sample guidelines for strong passwords • At least eight characters long • Include letters and numbers • Include uppercase and lowercase letters • Incorporate characters like &, $, and * • Not the same as user’s ID • Not anyone’s name, birthday, address, or Social Security number Information Technology in Theory

  35. User ID and Password Information Technology in Theory

  36. Physical Security • An important and sometimes overlooked form of access control • Many security breaches involve insiders within a company, organization, university, or home • Routine physical safeguards include door locks for rooms that house servers and network equipment (including wiring closets), and providing adequate building security Information Technology in Theory

  37. Physical Security (continued) Server racks in a controlled environment Information Technology in Theory

  38. Authentication • The process of verifying a person’s identity before allowing network access • Besides passwords and personal identification numbers, authentication methods include: • “Token-based” authentication • Biometric identification • Digital signatures Information Technology in Theory

  39. Token-Based Authentication • Requires a computer user to physically hold a device called a token • Matchbook-sized device with a liquid crystal display that provides a one-time password for gaining network access • User enters the access number displayed by the token • Number changes approximately every 10 seconds, and is completely synchronized with the network Information Technology in Theory

  40. Token-Based Authentication (continued) Information Technology in Theory

  41. Biometric Identifiers • Biometrics can identify any of a person’s unique physical characteristics: • Fingerprints • Facial features • Voice patterns • Retinal patterns • Iris recognition • DNA Information Technology in Theory

  42. Biometric Identifiers (continued) Information Technology in Theory

  43. Biometric Identifiers (continued) Information Technology in Theory

  44. Biometric Identifiers (continued) Information Technology in Theory

  45. Biometric Identifiers (continued) Information Technology in Theory

  46. Digital Signatures • Reversal of public key encryption • A sender encrypts information using its private key and transmits the information over a network to its intended destination • Once the data is received, the destination device looks up the sender’s public key and uses it to decrypt the message • If this decryption is successful, the data is verified as having originated with the presumptive sender Information Technology in Theory

  47. Summary • In the United States, the Department of Homeland Security tracks security incidents, publicizes security vulnerabilities, and provides information about necessary software patches and upgrades at its US-CERT Web site, www.us-cert.gov • The people and organizations that attack networks generally fall into the following categories: hackers, spammers, rogue employees, corporate spies, and cyberterrorists • A virus is malicious code embedded in a seemingly legitimate program; it becomes active only when a user executes the legitimate program Information Technology in Theory

  48. Summary (continued) • A worm is an autonomous, self-propagating, and self-replicating program that exploits existing security vulnerabilities to perpetrate attacks, such as erasing files, modifying files, or overwhelming a system • In a distributed denial-of-service attack, numerous computer systems—some of them unwittingly—flood a targeted computer with an overwhelming and crippling number of requests • Other types of common security attacks include identity and password theft, data interception and modification, bandwidth piracy, and critical infrastructure attacks Information Technology in Theory

  49. Summary (continued) • Three important categories of security strategies include access control, authentication, and privacy • Important techniques for ensuring information privacy over a network include encryption approaches such as SSL and 802.11i • Various types of firewalls provide access control between a public and private network, including packet-filtering firewalls, stateful packet-filtering firewalls, and application-level firewalls • Authentication is the process of ensuring that a person or system is who it claims to be; authentication is accomplished via passwords, token-based authentication, digital signatures, and biometric identification Information Technology in Theory

More Related