440 likes | 492 Views
Unit 5 Periphery Security. Chapter Outline. 1 IDS. 2 Firewalls. 3 Trusted System. 4 Access Control. For access control refer Elements of Information Securtity Unit 1 Slide. 1 Intrusion.
E N D
Unit 5 Periphery Security
Chapter Outline 1 IDS 2 Firewalls 3 Trusted System 4 Access Control For access control refer Elements of Information Securtity Unit 1 Slide
1 Intrusion • Attacker always try to intrude into privacy of network, by trying to break the security of the system & gain the access. • Access right • User-> 1. Legitimate/Internal 2.illegitimate/External • Action performed or behavior of user. • Network sniffers • A general term for programs or devices that are able to examine traffic on a LAN segment. • Snort
Topics Discussed in the Section • Types Of Intruders • Audit Records • Classification Of Intrusion Detection • Distributed Intrusion Detection • Honeypots
Types Of Intruders • Masquerader->illegitimate User-> Authorization Attack • Misfeasor-> • Legitimate User->has access->Misuse privilege. • Legitimate User->No access->but access them. • Clandestine User->May be internal or external->access the supervisor privilege->avoid auditing info being captured/record
Audit Record/Log • Important detection tool • Capture & record information about the actions of users. • Traces of illegitimate user actions can be found. • Appropriate actions can be taken for prevention in future.
Continue… • Native:- Multiuser OS, Built-in Acc S/W, collect All user actions. • Detection Specific:- collects information specific only to intrusion detection. • Advantage • More focused approach • Disadvantage • May gives duplicate information.
Fields in an Audit Record • Subject:-Terminal user, Process, etc. • Action:- login,RWX,Print,I/O.etc. • Object:-Disk file, DB record, App Prog,etc. • Exception Condition:- if any generated. • Resource Usage:- CPU time, disk space, no. of record & files RWX or Printed. • Timestamp:- Date & Time of access the same.
Intrusion Detection • Possible • Loss is directly ∞ quick detection of intruder. • If detected in early stages then we can act. • This info will strengthen DB for Prevention. • Act as deterrent to intruders.
Statistical Anomaly Detection:- • behavior of users over time is captured as statistical data & processed. rules are applied to test whether the user behavior was legitimate or not. • Threshold Detection:- define for all the users group & frequency of various events is measured against the thresholds. • Profile based:-profiles for individual users are created & they are matched against the collected statistics to see if any irregular patterns emerge.
Rule Based • A set of rules is applied to see if a given behavior is suspicious enough to be classified as an attempt to intrude. • Anomaly Detection:- usage pattern are collected to analyze deviation from these usage pattern, with help of certain rules. • Penetration Identification:-expert system that looks for illegitimate behavior.
Distributed Intrusion Detection • record audit information in different formats, this need to be uniformly processed. • Few nodes used to gather & analyze audit information & provision to share with all nodes should be their.
Honey-pots a trap… • Divert attention from critical information. • Collect information about intruder’s action. • Encourage for Detecting behavior of intruder & act accordingly. • Real looking (but fabricated) data used • Sensors & loggers used to alarm • Legitimate user don’t know about this. • Equipped with sensors & loggers,alarm
2 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others.
Topics Discussed in the Section • Packet-Filter Firewall (screening router) • Proxy Firewall (Application Gateway) • Firewall Configurations
Characteristics of good Firewall Implementation • Entry & Exit point must be firewall. • Authorized traffic as per security policy. • Robustness to sustain attack.
Figure Packet-filter firewall TCP/UDP
Advantage & Disadvantage • Advantage • Simplicity • Fast • Disadvantage • Difficulties in setting up rules correctly. • Lack Of authentication.
Attacks • IP Address Spoof • Source Routing Attacks • Tiny Fragment Attack : Ethernet, Token ring, X.25, Frame Relay, ATM. Maximum frame size (MTU)
Dynamic Or Stateful Packet Filter • An Advance Type • Allows examination of packets based on current states of the n/w. • It maintain a list of currently open connections & outgoing packets in order to deal with this rule.
Note A proxy firewall filters at the application layer.
Advantage & Disadvantage • Advantage • More Secure due to authentication. • Disadvantage • Overhead in terms of managing two connection & the traffic going between them.
Advantage & Disadvantage • Advantage • Increases the Security by performing checks at both levels. • Provides Flexibility to n/w Admin to define security Policies. • Disadvantage • Security compromised due to attack on Proxy firewall.
Advantage & Disadvantage • Advantage • No direct connection from internal host to proxy firewall. • More secure than first configuration • Disadvantage • Little bit slow due too this.
3.3. Screened subnet firewall 3 levels of security
Advantage & Disadvantage • Advantage • Access to any service on the DMZ can be restricted. E.g: Allowing 80,443 • All other traffic can be filtered E.g: block 23. • Internal Private Network (IPN) is not directly connected too DNZ. • IPN is safe & out of reach of an attacker.
Limitation Of Firewall 1.Insider’s intrusion: 2.Direct Internet traffic: bypass 3.Virus attacks: Firewall can’t scan packet/file.
3 Trusted System • A System that you have no choice but to trust. • The security of system depends on the success of the system. • If the trusted system fails, then it will compromise the security of the entire system. • Therefore, there should be minimum number of trusted components in a system. • Trusted system should provide security , integrity , reliability & privacy
Trusted System in Policy Analysis • Some conditional prediction about the behavior of users or elements within the system has been determined prior to authorising access to resources within the system. • The probability of threat or risk analysis is calculated, which is used to access trust for taking the decision before authorisation.
To insure the behaviour within the system, the deviation analysis is used.