Ensuring Network Security

• Physical Security• Ciphering• Authentication• Integrity• Firewalls • Data Security

– Passwords– Auditing

• Sniffing• Viruses

Physical Security

• Access to hardware– Locked Doors– Locked Cabinets

• Access to the system console– Screen Passwords– Locked keyboards (removing keyboard)

• Access to network wiring/switches/routers

Physical Environment

• Power source

• Noise sources

• Air conditioning (temperature control)

• Dust and smoke

• Water problems (flood possible?)

Network Security

• Confidentiality

• Authentication

• Message integrity and nonrepudiation (modification, deletion, or insertion)

• Availability and access control

Cryptography/Ciphers

• Simple cipher

– ABCDEFGHIJKLMNOPQRSTUVWXYZ– MNOPQRSTUVWXYZABCDEFGHIJKL– “Secret Message” crypted “EQODQF YQEEMSQ”

• Better cipher– ABCDEFGHIJKLMNOPQRSTUVWXYZ

– FGHIJKLMNOPQRSTUVWXYZABCDE C1(k=5)

– TUVWXYZABCDEFGHIJKLMNOPQRS C2(K=19)

– Crypt Codes C1,C2,C1,C2,etc.

– “Secret Message” = “XXHKJM RXXLFZJ”

Decrypting

• Simplest– Use the frequency of characters– E 12.88 N 6.94 R 5.97 C 2.75 G 1.87– V 0.99 Q 0.11 T 9.31 I 6.92 D 4.07– M 2.56 P 1.85 K 0.61 Z 0.06 A 8.03– S 6.36 L 4.00 F 2.53 Y 1.73 X 0.22 – O 7.62 H 6.00U 2.83 W 2.06 B 1.60– J 0.13 

• Find the most commonly used character and insert it into the sentence.

Downsides

• The encryption systems are too simple (easy to crack)

• The keys must be distributed to the users

• Ciphers don’t change with time (same each day until news keys are distributed)

• Faster computing provides faster cracking algorithms.

Encryption

• DES (Digital Encryption Standard)• AES (Advanced Encryption Standard)• Secure Shells• Secure Web Pages• Pretty Good Privacy

– Private Keys– Publics– Signatures

DES/AES

• Data Encryption Standard

• Advanced Encryption Standard

How safe is encryption?

• 4 character password (alphabetic characters only) cracking time (maybe a minute on a 450mhz computer)

• 40 bit key (can be cracked in 24hours on a parallel computing system)

• 128 bit key (probably not able to be cracked in a millennium)

Pretty Good Privacy

• Encryption of keys– 40 bit– 128 bit

• Creating your authenticated signature

• Your key ring

• Submitting your public key to a database

• Email and PGP

PGP System

PGPEncryption

User 1

International Database

PGPDecryption

Private keyPublic keys

Message can be entirely encrypted or Just the signature can be encrypted.

User 2

Key RingKey Ring

Data

Authentication

• Simple: “I am Alice”, Bob believes the message

– It is very easy to lie!

• Next: Alice is on a “known” IP address, Bob believes Alice because the message header contains the address.

– Address SPOOFING

• Better: Alice gives Bob her password

– Hacker records the conversation and plays it back (playback attack)

• Best: Public Key/Private Key– “Man in the middle attack”

Man in the middle Attack

Integrity

• Digital Signatures

Key Distribution and Certification

• Trusted intermediary

• Key Distribution Center (KDC)– Repository of public keys

• Certification Authority (CA)– Certificate creation and authentication

Firewalls

• Purpose• Disadvantages

– Slowdown of packets– Inconvenient for users

• Advantages– Slows down hacking attempts– Limits incoming traffic– Overcomes IP number limitations (NAT)

Firewalls (cont.)

• Setup– IPTABLES– ZoneAlarm– Addressing– Name Service

• Proxies– E-mail– Web– FTP

Types of attacks

• Packet Sniffing• Spoofing

– Stealing and copying IP addresses

• Denial of Service (DOS)– Syn flooding

• Distributed Denial of Services (DDOS)– Numerous hosts operating concurrently

• Hijacking

Sniffers

• Sniffer, Snoop, Tcpdump, Ethereal

• Promiscuous mode

• Many protocols

• Interpretation

Data Security

• Share Level Security vs. User Level Security• Proper passwords

– Length

– Uncommon names

– Use of non alphanumeric characters

– Controlled access (Screen/Keyboard Locks)

• Use of a Routed vs. Flat network architecture• Audit use of the system

Security Planning

• Unauthorized access

• Electronic Tampering

• Theft

• Intentional damage

• Unintentional damage

Auditing

• Check for System Logs for:– Logon attempts– Connection to resources– Connection termination– Directory creation, modification, or deletion– Server events and modifications– Password changes

Microsoft Gotchas

• Microsoft operating systems have a tendency to store passwords on the local hard disk in the Windows registry to save time when logging in to remote services. This can be quite dangerous!

Flat Network

User 1:129.123.7.56

User 2:129.123.3.88

User 3:129.123.6.123

Hub

Monitor seessome traffic from

all 3 users

Internet

Routed Network

Router

Monitor can’t see traffic other than it’s own subnet

User 1:Subnet 7 User 2:Subnet 3

User 3:Subnet 6

Monitor onSubnet 1

Internet

Login Security

• Usernames/Passwords may be in plain text over the network

• Email security– Netscape/Eudora leave configuration files on

each PC.– Webmail is an IMAP interface to a mail server

• can use SSL for security

Secure Shell (SSH)

• Use of encryption based on keys/certificates

• Block undesired hosts from accessing

• All data on the wire is encrypted

• Can be used for interactive communication and copying files

Secure Web Sites

• SSL/TLS– Secure Sockets Layer, Transport Layer Security

• Keys/Cookies– New key/encryption code for each access

• Encryption of data over the wire

• Keep track of trusted hosts that access the site.

SSL Handshake

IPsec

• This is Network Layer confidentiality

• Authentication Header (AH)

• Encapsulation Security Protocol (ESP)

• Security Parameter Index (SPI)

• Security association (SA)

• Internet Key Exchange (IKE)

IPsec Headers

ESP Headers

Viruses/Trojans/Macros

• Viruses spread by:– Removable media– downloaded files– Email

• Viruses are removed by:– Deleting the affected file– Running a virus scanning/cleaning program

Companion Viruses

• Looks like a real program (WORD.EXE)

• Make replace a logon program and grab usernames/passwords

• Usually renames the actual executable and calls that executable from the bogus program.

Macro Viruses

• The virus infects the Macro definitions of a program (like Microsoft Word) and then infects every document created by the original program.

• These viruses are difficult to detect because they haven’t infected an executable program.

Polymorphic Viruses

• These change appearance every time they replicate. They may even change each time the computer is rebooted.

• Since they change frequently, virus checkers have a hard time determining a pattern or fingerprint of the virus.

Stealth Virus

• These hide from detection

• They may use hidden files or may modify the operating system so a standard directory scan doesn’t show the virus file.

• They also return false information to virus checkers.

Trojans

• Trojan Horses– Look like a benign game or program– After a period of time they execute the virus

• Some may be cleaned with virus protection software.

• Some masquerade as Windows programs and removal will crash the system

Back Doors

• Provide access to system through published, unused, or unpublished ports.

• Sometimes are put there by programmers, engineers, or hackers

• They are hard to protect against unless you can find their access port and firewall protect against it.

Virus Consequences

• Can’t boot

• Data is scrambled or unreadable

• Erratic or slow operation of the computer

• Computer is used as a distribution agent

• Excessive disk activity

• Disk drive is erased or data is lost.

• Disk is reformatted

Virus Protection

• Test each disk write for a particular pattern unique to the virus

• Test for writes to the disk boot block

• Test for code that might access PC hardware

• Scan files for virus patterns

D.O.S. Attacks

• Denial of Service

• Flood of useless packets/data

• Hard/Impossible? To track

• Can a firewall protect the network?

D.D.O.S. Attacks

• Distributed Denial of Service

• Many servers running in parallel

• Hard/Impossible? To track

• Good example of distributed computing

• How do we stop it?

Email Virus

• Use innocent email messages as the transport.

• Grab address book entries to spread

• Infect critical windows programs

• The user doesn’t know he is infecting others

• Can be prevented by using email front end scanners and filtering outgoing mail.

Backups

• What kind of backup system should we use?• Even a fault tolerant disk system can fail!• Always back up• Rotate several copies of backups in case one tape

is unreadable• Check the backups to see if they are readable• Store the tapes or removable media in a safe place

Backup Strategy

• Full Backup

• Incremental Backup

• Copy

• Daily Copy

• Logging– Date, tape-set number, type, which computer

Disaster Recovery

• Prevention– What can I control?– What is the best method?– Keep updating your prevention methods– Keep up on maintenance– Training!

Disaster Preparation

• Plan ahead

• Use fault tolerance equipment

• Maintain backups

• Test your preparation plan!

Network Security

Remember Homework 4 on the Web page!