Download - Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis
![Page 1: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/1.jpg)
Chapter 15Network Security
Information Technology in Theory
By Pelin Aksoy and Laura DeNardis
![Page 2: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/2.jpg)
2
Objectives
• Understand the main types of network security threats, including denial-of-service attacks, viruses, worms, identity theft, and password theft
• Examine why critical infrastructure attacks are a concern in the current economic and political context
• Understand how to significantly reduce the risk of attacks through basic security approaches like firewalls, access control software, and encryption
Information Technology in Theory
![Page 3: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/3.jpg)
3
Objectives (continued)
• Distinguish between packet filtering and stateful inspection and application proxy firewall approaches
• Learn about public key cryptography
• Become familiar with advanced security techniques such as digital signatures and biometric identification
Information Technology in Theory
![Page 4: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/4.jpg)
4
Understanding the Threats
• Morris Worm– The first highly publicized network security
problem
– 1988
• Network security breaches are still a daily occurrence
• The annual costs of preventing attacks and implementing reparative security measures is massive
Information Technology in Theory
![Page 5: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/5.jpg)
5
CERT
• Respond to problems• Report incidents• Research security technologies• Educate users about security• Homeland security• International CERTs
Information Technology in Theory
![Page 6: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/6.jpg)
6
Who is a threat?
• Hackers• Spammers• Rogue employees• Corporate or national spies• Cyberterrorists
Information Technology in Theory
![Page 7: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/7.jpg)
7
Cyberterrorism• A terrorist attack could employ a variety of tactics to
disrupt or disable networks for hours, days, or even weeks– Financial systems
– Airline reservation systems
– Stock market networks
– ATMs
– Power grid
– Water systems
– Air traffic control
Information Technology in Theory
![Page 8: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/8.jpg)
8
Types of Attacks
• Viruses and worms• Denial-of-service attacks• Identity and password theft• Data interception and modification• Bandwidth piracy• Critical infrastructure attacks
Information Technology in Theory
![Page 9: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/9.jpg)
9
Viruses
• Like biological viruses spread among people, computer viruses propagate from computer to computer
• A virus is malicious code embedded within a seemingly legitimate program that only becomes active when the program is executed
• For example, a file attached to an e-mail may actually be a virus that executes when the file downloads or the user double-clicks the link
Information Technology in Theory
![Page 10: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/10.jpg)
10
Worms
• Self-propagating and self-replicating• Autonomous—once unleashed, replicate without
any action on the part of users• Exploit existing vulnerabilities, or security holes• Modify files, launch coordinated attacks that flood
a target computer with messages, or simply overwhelm a network with debilitating amounts of traffic
Information Technology in Theory
![Page 11: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/11.jpg)
11
Social Engineering
• Hoax viruses use social engineering techniques to make users take some action that simulates the actual effects of a virus
• For example, virus hoaxes warn users that opening any message with a certain phrase in the title would erase the users’ hard drives
• The effect of a hoax is thousands and thousands of users forwarding the e-mail warning, similar to the effects of a real worm
Information Technology in Theory
![Page 12: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/12.jpg)
12
Denial-of-Service Attack
• Floods a targeted computer with so many requests that it cripples functionality
• Easy to perpetrate and hard to prevent • If a Web site receives too many requests, it will
not be available for other users who want access • Consumes bandwidth and system resources• Does not require a hacker to gain unauthorized
access, but simply overwhelms a system with requests
Information Technology in Theory
![Page 13: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/13.jpg)
13
Distributed Denial-of-Service Attack
Information Technology in Theory
![Page 14: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/14.jpg)
14
Identity and Password Theft
• Hacker technique of assuming the identity of an authorized network user, often by obtaining a network or system password
• Hackers obtain passwords in a variety of ways:– Trash cans, snooping– Solicit from help desk– Software tools
Information Technology in Theory
![Page 15: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/15.jpg)
15
Password Interception
Information Technology in Theory
![Page 16: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/16.jpg)
16
Data Interception & Modification
• Wire-based systems that use fiber-optic, coaxial, or twisted pair cable are susceptible to such attacks
• Wireless networks are especially vulnerable • The act of accessing unsecured wireless LAN
transmissions is known as Wi-Fi sniffing
Information Technology in Theory
![Page 17: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/17.jpg)
17
Data Interception
Unencrypted wireless transmission is a security problem
Information Technology in Theory
![Page 18: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/18.jpg)
18
Bandwidth Piracy
• Hackers use Wi-Fi sniffing equipment to intercept information and to gain free access to the Internet through wireless LANs and other unsecured networks
• Because wireless access points are so easy and inexpensive to establish, people set them up outside the purview of technical administrators
• These ad hoc arrangements are known as rogue access points
Information Technology in Theory
![Page 19: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/19.jpg)
19
Critical Infrastructure Attacks
• The Internet’s DNS• Power grids• Telecommunications systems• Cell phone networks• Internet infrastructure• Stock market networks• ATM networks
Information Technology in Theory
![Page 20: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/20.jpg)
20
Network Security Strategies
• Privacy• Access control• Authentication
Information Technology in Theory
![Page 21: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/21.jpg)
21
Privacy
• The most effective method of protecting the privacy of network information is encryption– The scrambling of data prior to transmission
over a shared or vulnerable network• One benefit of digital technology is the ease and
effectiveness of applying encryption algorithms that scramble 0s and 1s, as opposed to scrambling frequencies in analog transmissions
Information Technology in Theory
![Page 22: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/22.jpg)
22
Encryption
• To encrypt data, a transmitting computer mathematically manipulates data according to a predetermined algorithm called a cipher
• If someone accesses this encrypted data during transmission, the message will be unreadable
• Once the data reaches its destination, a receiving computer can unscramble it; in other words, the computer can decrypt the data
Information Technology in Theory
![Page 23: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/23.jpg)
23
Simplified Encryption Example
Information Technology in Theory
![Page 24: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/24.jpg)
24
Public Key Encryption
Information Technology in Theory
![Page 25: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/25.jpg)
25
Generating an Encrypted Message
Information Technology in Theory
![Page 26: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/26.jpg)
26
Access Control
• Physical security• Passwords• Firewalls
Information Technology in Theory
![Page 27: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/27.jpg)
27
Firewall
• An access control device • Installed between a secure private network and a
nonsecure public network to regulate access to and from the private network
• Can be implemented in hardware or software • Users can configure access control requirements
that must be met before the firewall will permit access to a network or system
Information Technology in Theory
![Page 28: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/28.jpg)
28
Function of a Network Firewall
Information Technology in Theory
![Page 29: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/29.jpg)
29
Typical Firewall Implemenation
Information Technology in Theory
![Page 30: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/30.jpg)
30
Packet Filtering
• One way that firewalls can restrict access is through packet inspection
• Intercepts packets and inspects header contents, including the source IP address, destination IP address, source port, and destination port
• The firewall then either permits or blocks the packet from entering the network
• One downside: firewall must inspect every packet that traverses it
Information Technology in Theory
![Page 31: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/31.jpg)
31
Stateful Packet Filtering
• A more intelligent form of packet filtering that notes when an incoming response is expected after an outgoing request is made
• The stateful packet filtering firewall knows to expect traffic transmitted from a certain IP address or port, and can allow this traffic to go through
• If an unexpected packet arrives and indicates that it is a response to an outgoing solicitation, the firewall knows to block this traffic if no such state exists
Information Technology in Theory
![Page 32: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/32.jpg)
32
Network Address Translation
• Firewall converts the IP address of every outgoing packet into a shared IP address before the traffic is sent over a network
• Prevents bidirectional transmission – Only connections that are initiated on a local,
private network are established – Any communication that originates on a public
network is stopped by the NAT firewall, which automatically prevents malicious attacks like worms from entering the protected network
Information Technology in Theory
![Page 33: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/33.jpg)
33
Application Proxy Firewalls
• The most complex type of firewall is the application proxy firewall
• Filters information based on the application data itself
• Rather than filtering packets based on allowing or denying HTTP traffic, an application firewall looks at the application content and distinguishes between normal and unexpected HTTP traffic
Information Technology in Theory
![Page 34: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/34.jpg)
34
Password Strategies
• Sample guidelines for strong passwords – At least eight characters long – Include letters and numbers – Include uppercase and lowercase letters– Incorporate characters like &, $, and * – Not the same as user’s ID– Not anyone’s name, birthday, address, or Social
Security number
Information Technology in Theory
![Page 35: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/35.jpg)
35
User ID and Password
Information Technology in Theory
![Page 36: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/36.jpg)
36
Physical Security
• An important and sometimes overlooked form of access control
• Many security breaches involve insiders within a company, organization, university, or home
• Routine physical safeguards include door locks for rooms that house servers and network equipment (including wiring closets), and providing adequate building security
Information Technology in Theory
![Page 37: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/37.jpg)
37
Physical Security (continued)
Server racks in a controlled environmentInformation Technology in Theory
![Page 38: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/38.jpg)
38
Authentication
• The process of verifying a person’s identity before allowing network access
• Besides passwords and personal identification numbers, authentication methods include:– “Token-based” authentication– Biometric identification– Digital signatures
Information Technology in Theory
![Page 39: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/39.jpg)
39
Token-Based Authentication
• Requires a computer user to physically hold a device called a token– Matchbook-sized device with a liquid crystal
display that provides a one-time password for gaining network access
• User enters the access number displayed by the token
• Number changes approximately every 10 seconds, and is completely synchronized with the network
Information Technology in Theory
![Page 40: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/40.jpg)
40
Token-Based Authentication (continued)
Information Technology in Theory
![Page 41: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/41.jpg)
41
Biometric Identifiers
• Biometrics can identify any of a person’s unique physical characteristics:– Fingerprints
– Facial features
– Voice patterns
– Retinal patterns
– Iris recognition
– DNA
Information Technology in Theory
![Page 42: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/42.jpg)
42
Biometric Identifiers (continued)
Information Technology in Theory
![Page 43: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/43.jpg)
43
Biometric Identifiers (continued)
Information Technology in Theory
![Page 44: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/44.jpg)
44
Biometric Identifiers (continued)
Information Technology in Theory
![Page 45: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/45.jpg)
45
Biometric Identifiers (continued)
Information Technology in Theory
![Page 46: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/46.jpg)
46
Digital Signatures
• Reversal of public key encryption• A sender encrypts information using its private
key and transmits the information over a network to its intended destination
• Once the data is received, the destination device looks up the sender’s public key and uses it to decrypt the message
• If this decryption is successful, the data is verified as having originated with the presumptive sender
Information Technology in Theory
![Page 47: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/47.jpg)
47
Summary• In the United States, the Department of Homeland Security
tracks security incidents, publicizes security vulnerabilities, and provides information about necessary software patches and upgrades at its US-CERT Web site, www.us-cert.gov
• The people and organizations that attack networks generally fall into the following categories: hackers, spammers, rogue employees, corporate spies, and cyberterrorists
• A virus is malicious code embedded in a seemingly legitimate program; it becomes active only when a user executes the legitimate program
Information Technology in Theory
![Page 48: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/48.jpg)
48
Summary (continued)
• A worm is an autonomous, self-propagating, and self-replicating program that exploits existing security vulnerabilities to perpetrate attacks, such as erasing files, modifying files, or overwhelming a system
• In a distributed denial-of-service attack, numerous computer systems—some of them unwittingly—flood a targeted computer with an overwhelming and crippling number of requests
• Other types of common security attacks include identity and password theft, data interception and modification, bandwidth piracy, and critical infrastructure attacks
Information Technology in Theory
![Page 49: Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis](https://reader035.vdocuments.site/reader035/viewer/2022062304/56649f495503460f94c6b9ea/html5/thumbnails/49.jpg)
49
Summary (continued)• Three important categories of security strategies include
access control, authentication, and privacy• Important techniques for ensuring information privacy
over a network include encryption approaches such as SSL and 802.11i
• Various types of firewalls provide access control between a public and private network, including packet-filtering firewalls, stateful packet-filtering firewalls, and application-level firewalls
• Authentication is the process of ensuring that a person or system is who it claims to be; authentication is accomplished via passwords, token-based authentication, digital signatures, and biometric identification
Information Technology in Theory