Computer Systems Security

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 4 μήνες)

56 εμφανίσεις

css security in Networks
-
css
-
ps2

1

Computer Systems Security


Security in Networks


(Security Controls)


Topic 2

Pirooz Saeidi


Source: Pfleeger, Chapter 7



2

css security in Networks
-
css
-
ps2

Network Security Controls


Agenda:
-


Security Threat Analysis


Design, Implementation and Architecture


Control types


Firewalls


Intrusion Detection Systems


Secure Email


Summary and Conclusion


3

css security in Networks
-
css
-
ps2

Network Security Controls


We introduce a number of defence strategies
available to network security engineer.


With details of three important controls:

1.
Firewalls,

2.
Intrusion Detection Systems, and

3.
Encrypted e
-
mail.

4

css security in Networks
-
css
-
ps2

Security Threat Analysis


The three steps of security threat analysis are:

1.
Scrutinise all parts of the system

2.
Consider possible damage to confidentiality,
integrity and availability.

3.
Speculate the kind of attack.

5

css security in Networks
-
css
-
ps2

Security Threat Analysis


The individual parts of a network:


Local nodes connected through


Local communication links to a


LAN which also contains


Local processes, storage and devices

6

css security in Networks
-
css
-
ps2

Security Threat Analysis


LAN is also connected to a gateway that


provides access through Network communications links
to


Network control resources, routers, databases, etc.


7

css security in Networks
-
css
-
ps2

Security Threat Analysis


Possible threats and damage:


Intercepting data in traffic


Accessing or modifying data/programmes in remote
hosts.


Modifying data in transit


Blocking traffic


Impersonating a user


and more…

8

css security in Networks
-
css
-
ps2

Security Threat Analysis


The network security engineer speculates these
threats and uses the defence available.


Such defence varies from design and
architecture to different types of controls


We will have a close look at these defences.

9

css security in Networks
-
css
-
ps2

Design, Implementation and
Architecture


In previous lectures we elaborated on design and
implementation issues.


Similarly a network architecture and design can
have a considerable effect on its security.


In this context we will consider:


Segmentation


Redundancy and


Single Points of Failure

10

css security in Networks
-
css
-
ps2

Segmented Architecture


Reduces the number of threats and limits
damage.


Consider an e
-
commerce application with the
following parts:


A web server


Application code


Database of products


Database of orders

11

css security in Networks
-
css
-
ps2

Segmented Architecture


We don’t want to
compromise the entire
application by putting all
of these activities in one
machine. Instead we can
use multiple segments.


Pfleeger&Pfleeger

12

css security in Networks
-
css
-
ps2

Other Architectural Controls


Redundancy


Example: provide more than one server and use

failover

mode:


Servers communicate periodically with each other.


If one fails the other takes over processing for both.


Avoid Single Point of Failure


Example: distribute parts of a database in different
segments


13

css security in Networks
-
css
-
ps2

Controls: Encryption


Two forms:


Link Encryption


Between hosts


End
-
to
-
end Encryption


Between applications

14

css security in Networks
-
css
-
ps2

Link Encryption


Data encrypted just
before it is placed in
physical link.


Takes place in layer 1 &
2 of OSI


Appropriate when
transmission line is
vulnerable.


Pfleeger&Pfleeger

15

css security in Networks
-
css
-
ps2

Link Encryption



Example of a typical
Link Encrypted message.


Some of header/trailer
information may be
applied before
encryption takes place.

16

css security in Networks
-
css
-
ps2

End
-
to
-
end Encryption


Encryption can be
applied by hardware as
well as software at
highest layers.


Pfleeger&Pfleeger

17

css security in Networks
-
css
-
ps2

End
-
to
-
end Encryption


Example: An encrypted
message

Pfleeger&Pfleeger

18

css security in Networks
-
css
-
ps2

End
-
to
-
end Encryption


Messages sent to several
hosts are protected and
the data content is still
encrypted while in
transit even if it passes
through potentially
insecure nodes.

19

css security in Networks
-
css
-
ps2

Virtual Private Networks (VPN)


With link encryption the users may think they
are on a private network. Hence the word VPN.


The greatest exposure for a user is between
his/her machine and the perimeter of the host
network.


A VPN can deploy firewalls to implement
an
encrypted connection between a user's
distributed sites over a public network.

20

css security in Networks
-
css
-
ps2

Virtual Private Networks (VPN)


Communication passes
through an encrypted
tunnel.


VPN is created when the
firewall interacts with an
authentication service
inside the perimeter.


Any communication is
done through the
encrypted tunnel



Pfleeger&Pfleeger

21

css security in Networks
-
css
-
ps2

Virtual Private Networks (VPN)


Firewall implements
Access control on the
basis of VPN.


Example of a VPN with
privileged access


The firewall passes to
internal server the
privileged identity of
User2


Pfleeger&Pfleeger

22

css security in Networks
-
css
-
ps2

Public Key Infrastructure (PKI) and
Certificates


PKI is used to implement public key cryptography.


Offers each user a set of services on access control and
identification.


Integrate digital certificates, public
-
key cryptography,
and certificate authorities into a total, enterprise
-
wide
network security architecture.


Involves registration authority to act as an interface
between user and certificate authority


More information from:

http://csrc.nist.gov/pki/

23

css security in Networks
-
css
-
ps2

Secure Shell (SSH) Encryption


SSH is a pair of protocols originally for Unix but now
available in Windows 2000


Provides authenticated and encrypted path to shell or
command line interpreter


Replaces utilities such as
Telnet, rlogin and rsh

for remote access


Protects against spoofing attacks and modification of data in
communication.

24

css security in Networks
-
css
-
ps2

Secure Socket Layer (SSL) Encryption


SSL designed to protect communication
between a web browser and a server.


Interfaces between applications and the TCP/IP
protocols to provide server authentication.


Client and server negotiate a mutually supported
set of encryption for session encryption and
hashing

25

css security in Networks
-
css
-
ps2

Secure Socket Layer (SSL) Encryption


To use SSL,


The client requests an SSL session


The server responds with its public key certificate with
which the client authenticates the server


Client returns part of a symmetric session key
encrypted under the server’s public key


Client and server both compute the session key, and
switch to encrypted communication, using the shared
session key

26

css security in Networks
-
css
-
ps2

Encryption
-
IP Security Protocol
(IPSec)


Adopted by IPv6, addresses many shortcomings
of conventional IP such as spoofing, session
hijacking, …


Implemented at IP layer so it effects all layers
above it, including TCP and UDP.


Works similar to SSL in terms of authentication
and confidentiality and is independent of
cryptographic protocols.

27

css security in Networks
-
css
-
ps2

IP Security Protocol (IPSec)


IPSEc is based on
security association,
a set of
security parameters for a secured
communication channel.


The main data structures of IPSEc are
AH

(
Authentication header
) and
ESP

(
Encapsulated Security Payload
)

28

css security in Networks
-
css
-
ps2

IP Security Protocol (IPSec)


ESP replaces the TCP
header and data portion
of a packet



Packets: (a) Conventional Packet; (b) IPSec Packet.

Pfleeger&Pfleeger

29

css security in Networks
-
css
-
ps2

IP Security Protocol (IPSec)


ESP replaces the
conventional TCP
header and data
portion of a packet and


contains both of an
authenticated portion
and an encrypted
portion

The Encapsulated Security Packet


Pfleeger&Pfleeger

30

css security in Networks
-
css
-
ps2

Content Integrity Controls


Guarding against modification in transmission.
We can use methods such as:


Error Correcting Codes


Cryptographic checksums

31

css security in Networks
-
css
-
ps2

Error Correcting Codes


Error Detection Codes



Parity checking (odd or even parity bit)


Usually used to detect non
-
malicious changes (e.g. noise)


Hash code: a unique signed number returned by a hash
function


Huffman code


A data compression method that changes the length of the encoded
token in proportion to its information content, that is the more
frequently a token is used, the shorter the binary string used to
represent it in the compressed stream


Error Correction


Correct without retransmission

32

css security in Networks
-
css
-
ps2

Cryptographic Checksum


Also called message digest is a cryptographic
function that produces a checksum.


The checksum is assigned to a file and used to
"test" the file at a later stage to verify that the
data contained in the file has not been
maliciously changed.

33

css security in Networks
-
css
-
ps2

Strong Authentication Controls


Networked environments as well as both ends
of communication need authentication.


We will consider the following methods:


One
-
Time Password


Challenge
-
Response Systems


Digital Distributed Authentication


Kerberos

34

css security in Networks
-
css
-
ps2

One
-
Time Password


Guards against wiretapping and spoofing


Password is effective only once


Uses a secretly maintained password list, or


each user can use a device to randomly generate
new passwords every minute (computation is
based on the value of current “time” interval).


Within the same “minute” the receiving
computer should be able to compute the same
password to match.

35

css security in Networks
-
css
-
ps2

Challenge_Response Systems


The user authenticates to a simple device by
means of say a PIN.


The system prompts the user with a new
challenge for each use:




The remote system sends a random number (the
“challenge”) which the user enters into the device.


The device responds to that number with another
number, which the user transmits to the system and
so on.

36

css security in Networks
-
css
-
ps2

Authentication in Distributed Systems

Kerberos


Designed at MIT.


Used for authentication between clients and servers.


Based on the idea that a central server provides
authenticated tokens called
tickets

to requesting
applications.


A ticket is non
-
forgeable and non
-
replayable.

37

css security in Networks
-
css
-
ps2

Authentication in Distributed Systems

Kerberos


Kerberos design goals was to enable systems to
withstand attacks in distributed systems. The main
characteristics are:

1.
No passwords are communicated on the network.


User’s password is stored only at the Kerberos server.


It is not sent from the user’s workstation when it initiates a
session.

2.
Provides cryptographic protection against spoofing.


Each access is mediated by a ticket
-
granting server


Which knows the identity of the user based on the authentication
performed initially by the server.

38

css security in Networks
-
css
-
ps2

Authentication in Distributed Systems

Kerberos

3.

Limited period of validity (of tickets)


Tickets contain timestamps with which the server will determine the
ticket’s validity.


The attacker therefore will not have time to complete a long term
attack.


Timestamps prevent replay attacks


In a
replay attack

a valid data transmission is maliciously or fraudulently
repeated or delayed.


The server compares the timestamps of requests with current time. And
accepts requests only if they are reasonably close to current time.


This time
-
checking prevents most replay attacks, since the attacker’s
presentation of tickets will be delayed!

4.

Mutual authentication


The user of a service can be assured of any server’s authenticity by
requesting an authenticating response from the server.


39

css security in Networks
-
css
-
ps2

Authentication in Distributed
Systems
-
Kerberos


Uses public key technology for key exchange.


A central server provides authenticated tokens,
called
tickets

to requesting applications.


Ticket is an encrypted data structure naming a
user and a service the user has permission to
access.

40

css security in Networks
-
css
-
ps2

Kerberos


The user first establishes a session with
Kerberos server as follows:


The user’s workstation sends user’s identity to
Kerberos server.


The Kerberos server verifies that the user is
authorised by sending two messages. One to the
user and the other to the ticket
-
granting server.

41

css security in Networks
-
css
-
ps2

Kerberos


User’s message contains:


A session key
S
G

to communicate with ticket
granting server G; and a ticket
T
G
.


S
G

Is encrypted under user’s password:


E(S
G+
T
G
, PW)


Ticket granting server’s message contains:


A copy of the session key
S
G
and the encrypted
identity of the user

42

css security in Networks
-
css
-
ps2


Kerberos


If the workstation can
decrypt
E(S
G+
T
G
, PW)
using
pw
, then the user has
been successful in
authentication.


Diagram show how a
Kerberos session is initiated

Pfleeger&Pfleeger

43

css security in Networks
-
css
-
ps2

Kerberos


Now the user (U) wants to access the services of
the distributed system (say access file F)


Using key
S
G
the user requests a ticket from ticket
granting server to access file F.


The ticket granting server verifies U’s access
permission and returns a ticket and a session key.

44

css security in Networks
-
css
-
ps2

Kerberos


The ticket contains the
following:


U’s authenticated identity


An identification of F


Access rights


A session key S
F

(with file
server)


Ticket expiry date


Diagram shows how a
Ticket can be obtained to
access a file

Pfleeger&Pfleeger

45

css security in Networks
-
css
-
ps2

Access Control


Access control enforce
what

and
How

of security
control policies.


Mechanisms such as:


ACLs on Routers


Firewalls


We will look at them later

46

css security in Networks
-
css
-
ps2

ACLs on Routers


Routers can be configured with ACLs to deny access to
particular hosts from particular hosts.


This is very expensive. Brings a large load to routers.


Routers inspect the source and destination addresses.
But with UDP datagrams, attackers can forge source
address so that their attack can not be blocked by
router’s ACL..


Limited and restricted use of ACLs is a more viable
option.

47

css security in Networks
-
css
-
ps2

Honeypots

Controls


Like catching a mouse we can set a trap with an
attractive bait!


A
honeypot
is a computer system or a network
segment open to attackers to


See what the attackers do


tempt the attacker to a place so that you can learn its
habits and stop future attacks


Make a playground to divert him/her from the real
system

48

css security in Networks
-
css
-
ps2

Firewalls


A firewall is a device or, software, or a combination of
both designed to prevent unauthorised users from
accessing a network and/or a single workstation.


Networks usually use hardware firewalls which are
implemented on the router level. These firewalls are
expensive, and it is difficult to configure them.


Software Firewalls are used in single workstations and
are usually less expensive and it is easier to configure
them

49

css security in Networks
-
css
-
ps2

Firewalls


Inspect each individual inbound or outbound
packet of data to or from the system



Check if it should be allowed to enter or
otherwise it should be blocked

50

css security in Networks
-
css
-
ps2

Types of firewalls


Packet filtering gateways or screening routers


Stateful inspection firewalls


Application proxies


Guards


Personal firewalls


51

css security in Networks
-
css
-
ps2

Packet filtering gateways


Control is based on packet address or a specific
transport protocol (e.g. HTTP).


Example: a packet filter can block traffic using
Telnet protocol but allows HTTP traffic.

52

css security in Networks
-
css
-
ps2

Stateful inspection firewalls


Keeps a history of
previously seen packets

to
make better decisions about current and future
packets.


Useful to counter attacks which force very
short length packets into, say a TCP packet
stream.


Remember TCP packets arrive in different order
and firewall will not be able to detect the signature
of an attack split across 2 or more packets.

53

css security in Networks
-
css
-
ps2

Application Proxies


Packet filters deal with header information but
not data inside the message. So the SMTP
example we sow in the tutorial last week
leaves a back door open to anything inbound to
port 25.


Also a flawed applications that acts on behalf
of the user (e.g. an e
-
mail agent), with all
user’s privileges can cause damage.

54

css security in Networks
-
css
-
ps2

Application Proxies



Application Proxies have access to the entire
range of information in the network stack. They
can also filter harmful or disqualified
commands in the data stream.


The proxy controls actions through the firewall
on the basis of the data visible
inside

the
protocol, and not just on external header
information

55

css security in Networks
-
css
-
ps2

Next lecture


Will conclude network security buy looking at
two more controls:


Email and


Intrusion Detection Systems