chapter 15 network security information technology in theory by pelin aksoy and laura denardis
Post on 14-Jan-2016
228 Views
Preview:
TRANSCRIPT
Chapter 15Network Security
Information Technology in Theory
By Pelin Aksoy and Laura DeNardis
2
Objectives
• Understand the main types of network security threats, including denial-of-service attacks, viruses, worms, identity theft, and password theft
• Examine why critical infrastructure attacks are a concern in the current economic and political context
• Understand how to significantly reduce the risk of attacks through basic security approaches like firewalls, access control software, and encryption
Information Technology in Theory
3
Objectives (continued)
• Distinguish between packet filtering and stateful inspection and application proxy firewall approaches
• Learn about public key cryptography
• Become familiar with advanced security techniques such as digital signatures and biometric identification
Information Technology in Theory
4
Understanding the Threats
• Morris Worm– The first highly publicized network security
problem
– 1988
• Network security breaches are still a daily occurrence
• The annual costs of preventing attacks and implementing reparative security measures is massive
Information Technology in Theory
5
CERT
• Respond to problems• Report incidents• Research security technologies• Educate users about security• Homeland security• International CERTs
Information Technology in Theory
6
Who is a threat?
• Hackers• Spammers• Rogue employees• Corporate or national spies• Cyberterrorists
Information Technology in Theory
7
Cyberterrorism• A terrorist attack could employ a variety of tactics to
disrupt or disable networks for hours, days, or even weeks– Financial systems
– Airline reservation systems
– Stock market networks
– ATMs
– Power grid
– Water systems
– Air traffic control
Information Technology in Theory
8
Types of Attacks
• Viruses and worms• Denial-of-service attacks• Identity and password theft• Data interception and modification• Bandwidth piracy• Critical infrastructure attacks
Information Technology in Theory
9
Viruses
• Like biological viruses spread among people, computer viruses propagate from computer to computer
• A virus is malicious code embedded within a seemingly legitimate program that only becomes active when the program is executed
• For example, a file attached to an e-mail may actually be a virus that executes when the file downloads or the user double-clicks the link
Information Technology in Theory
10
Worms
• Self-propagating and self-replicating• Autonomous—once unleashed, replicate without
any action on the part of users• Exploit existing vulnerabilities, or security holes• Modify files, launch coordinated attacks that flood
a target computer with messages, or simply overwhelm a network with debilitating amounts of traffic
Information Technology in Theory
11
Social Engineering
• Hoax viruses use social engineering techniques to make users take some action that simulates the actual effects of a virus
• For example, virus hoaxes warn users that opening any message with a certain phrase in the title would erase the users’ hard drives
• The effect of a hoax is thousands and thousands of users forwarding the e-mail warning, similar to the effects of a real worm
Information Technology in Theory
12
Denial-of-Service Attack
• Floods a targeted computer with so many requests that it cripples functionality
• Easy to perpetrate and hard to prevent • If a Web site receives too many requests, it will
not be available for other users who want access • Consumes bandwidth and system resources• Does not require a hacker to gain unauthorized
access, but simply overwhelms a system with requests
Information Technology in Theory
13
Distributed Denial-of-Service Attack
Information Technology in Theory
14
Identity and Password Theft
• Hacker technique of assuming the identity of an authorized network user, often by obtaining a network or system password
• Hackers obtain passwords in a variety of ways:– Trash cans, snooping– Solicit from help desk– Software tools
Information Technology in Theory
15
Password Interception
Information Technology in Theory
16
Data Interception & Modification
• Wire-based systems that use fiber-optic, coaxial, or twisted pair cable are susceptible to such attacks
• Wireless networks are especially vulnerable • The act of accessing unsecured wireless LAN
transmissions is known as Wi-Fi sniffing
Information Technology in Theory
17
Data Interception
Unencrypted wireless transmission is a security problem
Information Technology in Theory
18
Bandwidth Piracy
• Hackers use Wi-Fi sniffing equipment to intercept information and to gain free access to the Internet through wireless LANs and other unsecured networks
• Because wireless access points are so easy and inexpensive to establish, people set them up outside the purview of technical administrators
• These ad hoc arrangements are known as rogue access points
Information Technology in Theory
19
Critical Infrastructure Attacks
• The Internet’s DNS• Power grids• Telecommunications systems• Cell phone networks• Internet infrastructure• Stock market networks• ATM networks
Information Technology in Theory
20
Network Security Strategies
• Privacy• Access control• Authentication
Information Technology in Theory
21
Privacy
• The most effective method of protecting the privacy of network information is encryption– The scrambling of data prior to transmission
over a shared or vulnerable network• One benefit of digital technology is the ease and
effectiveness of applying encryption algorithms that scramble 0s and 1s, as opposed to scrambling frequencies in analog transmissions
Information Technology in Theory
22
Encryption
• To encrypt data, a transmitting computer mathematically manipulates data according to a predetermined algorithm called a cipher
• If someone accesses this encrypted data during transmission, the message will be unreadable
• Once the data reaches its destination, a receiving computer can unscramble it; in other words, the computer can decrypt the data
Information Technology in Theory
23
Simplified Encryption Example
Information Technology in Theory
24
Public Key Encryption
Information Technology in Theory
25
Generating an Encrypted Message
Information Technology in Theory
26
Access Control
• Physical security• Passwords• Firewalls
Information Technology in Theory
27
Firewall
• An access control device • Installed between a secure private network and a
nonsecure public network to regulate access to and from the private network
• Can be implemented in hardware or software • Users can configure access control requirements
that must be met before the firewall will permit access to a network or system
Information Technology in Theory
28
Function of a Network Firewall
Information Technology in Theory
29
Typical Firewall Implemenation
Information Technology in Theory
30
Packet Filtering
• One way that firewalls can restrict access is through packet inspection
• Intercepts packets and inspects header contents, including the source IP address, destination IP address, source port, and destination port
• The firewall then either permits or blocks the packet from entering the network
• One downside: firewall must inspect every packet that traverses it
Information Technology in Theory
31
Stateful Packet Filtering
• A more intelligent form of packet filtering that notes when an incoming response is expected after an outgoing request is made
• The stateful packet filtering firewall knows to expect traffic transmitted from a certain IP address or port, and can allow this traffic to go through
• If an unexpected packet arrives and indicates that it is a response to an outgoing solicitation, the firewall knows to block this traffic if no such state exists
Information Technology in Theory
32
Network Address Translation
• Firewall converts the IP address of every outgoing packet into a shared IP address before the traffic is sent over a network
• Prevents bidirectional transmission – Only connections that are initiated on a local,
private network are established – Any communication that originates on a public
network is stopped by the NAT firewall, which automatically prevents malicious attacks like worms from entering the protected network
Information Technology in Theory
33
Application Proxy Firewalls
• The most complex type of firewall is the application proxy firewall
• Filters information based on the application data itself
• Rather than filtering packets based on allowing or denying HTTP traffic, an application firewall looks at the application content and distinguishes between normal and unexpected HTTP traffic
Information Technology in Theory
34
Password Strategies
• Sample guidelines for strong passwords – At least eight characters long – Include letters and numbers – Include uppercase and lowercase letters– Incorporate characters like &, $, and * – Not the same as user’s ID– Not anyone’s name, birthday, address, or Social
Security number
Information Technology in Theory
35
User ID and Password
Information Technology in Theory
36
Physical Security
• An important and sometimes overlooked form of access control
• Many security breaches involve insiders within a company, organization, university, or home
• Routine physical safeguards include door locks for rooms that house servers and network equipment (including wiring closets), and providing adequate building security
Information Technology in Theory
37
Physical Security (continued)
Server racks in a controlled environmentInformation Technology in Theory
38
Authentication
• The process of verifying a person’s identity before allowing network access
• Besides passwords and personal identification numbers, authentication methods include:– “Token-based” authentication– Biometric identification– Digital signatures
Information Technology in Theory
39
Token-Based Authentication
• Requires a computer user to physically hold a device called a token– Matchbook-sized device with a liquid crystal
display that provides a one-time password for gaining network access
• User enters the access number displayed by the token
• Number changes approximately every 10 seconds, and is completely synchronized with the network
Information Technology in Theory
40
Token-Based Authentication (continued)
Information Technology in Theory
41
Biometric Identifiers
• Biometrics can identify any of a person’s unique physical characteristics:– Fingerprints
– Facial features
– Voice patterns
– Retinal patterns
– Iris recognition
– DNA
Information Technology in Theory
42
Biometric Identifiers (continued)
Information Technology in Theory
43
Biometric Identifiers (continued)
Information Technology in Theory
44
Biometric Identifiers (continued)
Information Technology in Theory
45
Biometric Identifiers (continued)
Information Technology in Theory
46
Digital Signatures
• Reversal of public key encryption• A sender encrypts information using its private
key and transmits the information over a network to its intended destination
• Once the data is received, the destination device looks up the sender’s public key and uses it to decrypt the message
• If this decryption is successful, the data is verified as having originated with the presumptive sender
Information Technology in Theory
47
Summary• In the United States, the Department of Homeland Security
tracks security incidents, publicizes security vulnerabilities, and provides information about necessary software patches and upgrades at its US-CERT Web site, www.us-cert.gov
• The people and organizations that attack networks generally fall into the following categories: hackers, spammers, rogue employees, corporate spies, and cyberterrorists
• A virus is malicious code embedded in a seemingly legitimate program; it becomes active only when a user executes the legitimate program
Information Technology in Theory
48
Summary (continued)
• A worm is an autonomous, self-propagating, and self-replicating program that exploits existing security vulnerabilities to perpetrate attacks, such as erasing files, modifying files, or overwhelming a system
• In a distributed denial-of-service attack, numerous computer systems—some of them unwittingly—flood a targeted computer with an overwhelming and crippling number of requests
• Other types of common security attacks include identity and password theft, data interception and modification, bandwidth piracy, and critical infrastructure attacks
Information Technology in Theory
49
Summary (continued)• Three important categories of security strategies include
access control, authentication, and privacy• Important techniques for ensuring information privacy
over a network include encryption approaches such as SSL and 802.11i
• Various types of firewalls provide access control between a public and private network, including packet-filtering firewalls, stateful packet-filtering firewalls, and application-level firewalls
• Authentication is the process of ensuring that a person or system is who it claims to be; authentication is accomplished via passwords, token-based authentication, digital signatures, and biometric identification
Information Technology in Theory
top related