180 likes | 306 Views
CONTROLS & PROTECTION MECHANISMS. Today’s Reference: Whitman & Mattord, Management of Information Security , 2 nd edition, 2008 Chapter 9. Overview. Access controls Firewalls Intrusion Detection Systems (IDSs) Wireless Network Security Cryptography. Access Controls.
E N D
CONTROLS & PROTECTION MECHANISMS Today’s Reference: Whitman & Mattord, Management of Information Security, 2nd edition, 2008 Chapter 9
Overview • Access controls • Firewalls • Intrusion Detection Systems (IDSs) • Wireless Network Security • Cryptography
Access Controls • Authentication – controlling a person’s access to a system • Barrier (i.e. login sequence) versus ongoing (intrusion detection) • Something you know • Something you have • Something you are (and something you produce, e.g. voice) • Includes biometrics which authenticate a user against known personal features (fingerprints, iris patterns, voice, etc) • Something you do (user behaviour profiling) • Authorisation – controlling a person’s access to features (software, data) within the system • Scoping each user’s permitted activities • Maybe individual or group-based • Can be specific to resources
Firewalls • Generations • 1: packet filtering • 2: application-level • 3: stateful inspection • 4: dynamic packet filtering • Architectures • Packet filtering routers • Screened-host firewalls • Dual-homed host firewalls • Screened-subnet firewalls
Intrusion Detection Systems • Host-based • Alerts administrator when files or folders change • Monitor host only • Network-based • Monitor network traffic • Alerts administrator when patterns of network traffic change • Signature-based • Work like anti-virus software • Alerts administrator when ‘signature’ of attack is matched • Statistical-anomaly-based • Establishes baseline of what is ‘normal’ traffic • Alerts administrator when pattern is abnormal • Rule-based ‘never do this’ • includes honeypots
Wireless Network Security • Wired Equivalent Privacy (WEP) • basic level of security • several fundamental cryptological flaws • average home or small only • Wi-Fi Protected Access (WPA) • WPA is industry standard • increased capabilities for authentication, encryption, and throughput
Cryptography • Symmetric encryption methods • Substitution, Transposition, XOR, Vernam Cipher, One-time pad, and many others • the same key—a secret key—is used to encrypt and decrypt the message • Mono-alphabetic & poly-alphabetic ciphers • Asymmetric encryption • public key encryption (PKE) • uses two different keys. Either key can be used to encrypt or decrypt the message, but one must always be kept secret • Digital signatures • PKE used in reverse to give non-repudiation • Steganography • Hiding messages in graphics files
Encryption & Decryption Plain Text Encryption Cipher from Sender Secure Cipher Text Key Management Plain Text Decryption Cipher to Recipient
Symmetric Encryption Methods • Substitution • One letter exchanged for another • Creates confusion • Mono-alphabetic or Poly-alphabetic • Transposition • Re-arrangement of letters • Creates diffusion • XOR • If 2 values are the same, you get “0” • If not, you get “1” • Process is reversible E.g. 1 0 1 0 0 0 1 0 1 1 1 1 0 0 0 1 __________________ 0 1 0 1 0 0 1 1
Monoalphabetic cipher Random A B C D E F G H I J K L M N O P Q R S T U V W X Y Z M N B V C X Z L K J H G F D S A P O I U Y T R E W Q Keyword A B C D E F G H I J K L M N O P Q R S T U V W X Y Z S E C U R I T Y A B D F G H J K L M N O P Q V W X Z Caesar A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C plaintext is ROSTRUM ciphertext is URVWUXP
Polyalphabetic Cipher Alphabet No. 1 (offset by 3) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Alphabet No. 2 (offset by 15) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z P Q R S T U V W X Y Z A B C D E F G H I J K L M N O 1 2 1 2 1 2 1 2 1 plaintext is GO FOR GOLD ciphertext is JD IDU VRAG
Transposition Ciphers • For example, every 4th letter • Modern transposition ciphers use a network or path diversity principle, so the diffusion is not just within-file but over the network via different paths 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 THE RAIN IN SPAIN FALLS 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 MAINLY ON THE PLAIN becomes TANIL AYHAH ISNLI OEIEN PFSNN PNRIA AMLTL
Vernam Cipher • The perfect substitution cipher • The original one-time pad Plaintext V E R N A M Numerics 21 4 17 13 0 12 Random 76 48 16 82 44 3 _________________ Sum 97 52 33 95 44 15 Mod 26 19 0 7 17 18 15 Ciphertext T A H R S P
Breaking Encryption • (almost) All encryption is crackable… • Just need time and computing power • Brute force may not work because - • Number of alphabet combinations is 26 x 25 x 24 x 23 x etc which equals 4 x 1027 • 4 000 000 000 000 000 000 000 000 000 • If each alphabet takes 1 millionth of a sec (micro second) then all combinations would take 4 x 1021 secs • 4 x 1013 years !!!! • EXCEPT… • The one-time pad is provably secure (if properly used) • but it is not easy to use properly
Public Key Encryption • Known as Asymmetric encryption • 2 keys, one public, one private, linked mathematically, one to encrypt & one to decrypt • Uses large prime numbers • “mathematically infeasible” to derive private key from public key • Advantages • no need to tell anyone your private key • no need for key distribution • no need for a key for each pair of people • Not used to encrypt messages, as it is generally slower than secret-key encryption • Used to encrypt other keys (as in PGP) and to authenticate sender
Digital Signatures • Reverses the role of private & public keys • Effectively unique to the document • uses a cryptographically-robust hash function • Unforgeable (without the sender’s private key) • not re-usable (due to message-specific hash) • document unalterable • undeniable
What you Need to Know • A basic level of detail about all of the security technologies in the previous slides.