Network Security

1
Chapter 10

• Network Security

2
Topics

• Principles of Security
• Threats
• Encryption and Decryption
• Firewalls
• IP Security (IPSec)
• Web Security
• E-mail Security
• Best Internet Security Practices

3
Principles of Security

• Network Security includes
• All aspects of operating systems
• Software packages
• Hardware
• Networking configurations
• Network sharing connectivity
• Physical security is also linked to IT security

4
Security is a Mindset

• Security is mindset, not simply a policy or a
  plan
• Employees to be trained to become security aware
• A network is only as strong as its weakest link,
  which is usually a human being

5
Threats

• Humans pose probably the greatest threat to a
  network because their behavior cannot be
  controlled
• Networks cannot be made completely threat-proof
• Establishing a security policy is the first step

6
Backdoor

• A program that bypasses system security measures
• Programmers add back doors for debugging to
  change code during test deployments of software
• A back door can also be installed through
  applications that are hidden inside of games or
  software such as screen savers
• Another type of back door comes in the form of a
  privileged user account

7
Brute Force

• Involves systematically trying every conceivable
  combination until a password is found, or until
  all possible combinations have been exhausted
• Brute force is pure guessing
• Password complexity plays an important role when
  dealing with brute force programs
• The more complex the password, the longer it
  takes to crack

8
Buffer Overflows

• Buffer overflows are probably the most common way
  to cause disruption of service and lost data
• More data is sent to a computers memory buffer
  than it is able to handle causing it to overflow
• The system is left in a vulnerable state so
  arbitrary code can be executed

9
Denial of Service

• DoS attacks disrupt the resources or services
  that users expect to have access to
• are executed by manipulating protocols and can
  happen without being validated by the network
• Many of the tools used to produce this type of
  attack are readily available on the Internet

10
Man-in-the-Middle

• takes place when an attacker intercepts traffic
  and then tricks the parties at both ends into
  believing that they are communicating with each
  other
• The attacker can also choose to alter the data or
  merely eavesdrop and pass it along
• This attack is common in Telnet and wireless
  technologies

11
Session Hijacking

• An attack that takes control of a session between
  the server and a client
• A hijacker waits until the authentication cycle
  is completed and then generates a signal to the
  client
• This causes the client to think it has been
  disconnected
• Then the hijacker begins to transact data
  traffic, pretending to be the original client

12
Spoofing

• Spoofing is making data appear to come from
  somewhere other than where it really originated
• This is accomplished by modifying the source
  address of traffic or source of information
• Spoofing bypasses IP address filters by using an
  IP address that is allowed through the filter

13
Social Engineering

• Attacker preys upon gullible individuals by
  pretending to be an insider
• By doing so the attacker obtains authentication
  information and cracks into a system
• Dumpster diving is a form of Social Engineering

14
Software Exploitation

• A method of searching for specific problems,
  weaknesses, or security holes in software code
• Improperly programmed software can be exploited
• It takes advantage of a programs flawed code

15
Viruses

• Piece of code that is loaded without user
  knowledge
• Designed to attach itself to other code and
  replicate
• It replicates when an infected file is executed
  or launched
• It attaches to other files, adding its code to
  the applications code and continues to spread

16
Trojan Horses

• Programs disguised as useful applications
• Trojan horses do not replicate themselves like
  viruses
• Code hidden inside the application attack system
  directly or allow the system to be compromised by
  the codes originator
• ability to spread is dependent on the popularity
  of the software and a users willingness to
  download and install the software

17
Worms

• Worms are similar in function and behavior to a
  virus, Trojan horse, or logic bomb
• Worms are self-replicating
• A worm is built to take advantage of a security
  hole in an existing application or operating
  system, find other systems running the same
  software, and automatically replicate itself to
  the new host
• The process repeats with no user intervention

18
Other Malware

• Other types of malware are
• Logic bombs
• Spyware
• Sniffers
• Keystroke loggers
• some of these have useful purposes

19
Encryption and Decryption

• Cryptography - the use of these systems is
  protect data by encoding and decoding it
• Cryptography protects information so that it can
  be read only by authorized systems or individuals
• Disguising of the data is called encryption

20
Encryption and Decryption

• Encrypted data requires a key to decipher it
• Decryption is the reverse of encryption
• Decryption deciphers encrypted data into plain
  text that can easily be read

21
Encryption and Decryption

• The two basic types of encryption
• substitution
• transposition
• one letter is replaced with another using a rule
• This is called a cipher

22
Encryption and Decryption

• A substitution cipher keeps the order but changes
  the characters
• a transposition cipher changes (or permutes) the
  order of original characters

23
DES

• The Data Encryption Standard (DES) uses a
  mathematical algorithm in the encrypting and
  decrypting of binary information
• DES consists of an algorithm and a key
• It is a block cipher using a 56-bit key on each
  64-bit chunk of data
• In a block cipher, the message is divided into
  blocks of bits

24
RSA

• Rivest-Shamir-Adleman (RSA) is an algorithm that
  uses encryption and a digital signature
  authentication system
• This encryption system is currently owned by RSA
  Security
• The RSA key may be of any length, and involves
  the multiplying two large prime numbers

25
Public Key

• uses public and private keys to encrypt and
  decrypt data
• The public key is readily available whereas the
  private key is kept confidential
• There are two major types of algorithms used
  today
• symmetric, which has one key that is private at
  all times
• asymmetric, which has two keys a public one and
  a private one

26
Other Algorithms

• Besides RSA, some of the more popular asymmetric
  encryption algorithms are
• Diffie-Hellman Key Exchange
• El Gamal Encryption Algorithm
• Elliptic Curve Cryptography (ECC)
• Public-key encryption is very useful for
  unsecured networks where data is vulnerable to
  interception and abuse

27
PKI

• Public Key Infrastructure (PKI) provides strong
  authentication and privacy for the Internet
• Public-key cryptographic techniques and
  encryption algorithms provide authentication and
  ensure that only the intended recipients have
  access to data
• PKI is comprised of several standards and
  protocols that are necessary for interoperability
  among different security products

28
Certificates

• PKI consists of digital certificates and the
  certificate authorities (CAs) that issue the
  certificates
• Certificates identify sources that have been
  verified as authentic and trustworthy
• The CAs job is to verify the holder of a digital
  certificate and ensure that the holder of the
  certificate is who they claim to be

29
Non-repudiation

• Digital signatures are used to authenticate the
  identity of the sender, as well as ensure that
  the original content sent has not been changed
• Non-repudiation is intended to provide a method
  for verifying the origin of data
• Non-repudiation is unique to asymmetric systems
  because private keys are not shared

30
VPN

• A virtual private network (VPN) is a network
  connection that allows you secure access through
  a publicly accessible infrastructure
• VPN technology is based on tunneling
• Tunneling encapsulates packets carried by a
  public network

31
Tunneling Protocols

• the encapsulating protocol may be
• IP Security (IPSec)
• Point-to-Point Tunneling Protocol (PPTP)
• Layer Two Tunneling Protocol (L2TP)
• Layer 2 Forwarding (L2F)
• Tunneling is not a substitute for encryption

32
Firewalls

• A firewall is a component placed between
  computers and networks to help eliminate
  undesired access by the outside world
• It can be comprised of
• hardware
• software
• a combination of both

33
Firewalls Types

• There are four broad categories that firewalls
  fall into
• packet filters
• circuit level gateways
• application level gateways
• stateful inspection
• These four categories can be grouped into two
  general categories Packet filters and Proxies

34
Packet-Filters

• A packet-filtering firewall is typically a router
• Packets can be filtered based on IP addresses,
  ports, or protocols
• They operate at the Network layer (Layer 3) of
  the Open System Interconnection (OSI) model
• Packet filtering is based on the information
  contained in the packet header

35
Proxies

• Proxies act on behalf of a private network host
  when it uses the Internet
• Proxies hide internal addresses from the outside
  world and dont allow the computers on the
  private network to directly access the Internet

36
IP Security (IPSec)

• IPSec is a set of protocols developed by the IETF
  that operates at the Transport Layer to support
  the secure exchange of packets
• The IPSec protocol suite adds an additional
  security layer in the TCP/IP stack

37
IP Security (IPSec)

• The IPSec protocols
• Authenticated Header (AH)
• Encapsulated Secure Payload (ESP)
• Internet Key Exchange (IKE)
• AH provides integrity, authentication, and
  anti-replay capabilities
• ESP provides all that AH provides, plus data
  confidentiality

38
Web Security

• A Web server is used to host Web-based
  applications and sites
• The best way to ensure that only necessary
  services are running is to do a clean install
• Web servers contain large, complex programs that
  may have some security holes
• Many protocols contain common vulnerabilities
  that may be manipulated to allow unauthorized
  access

39
E-mail Security

• E-mail has become the preferred method of
  communication
• The public transfer of sensitive information
  exposes it to interception and delivery to
  undesired recipients
• Unsolicited e-mail may contain attachments with
  viruses, trojan horses or worms

40
PGP

• Pretty Good Privacy (PGP) is an application
  integrated into popular e-mail packages
• PGP enables you to securely exchange messages,
  secure files, disk volumes and network
  connections with both privacy and strong
  authentication
• PGP can also be used for applying a digital
  signature without encrypting the message

41
PEM

• Privacy-Enhanced Mail (PEM) was one of the first
  standards for securing e-mail messages by
  encrypting 7-bit text messages
• PEM may be employed with either symmetric or
  asymmetric cryptographic key mechanisms
• It works at the application layer, using a
  hierarchical authentication framework compatible
  with X.509 standards

42
Best Internet Security Practices

• Here are some best practices for being able to
  detect network attacks
• Assume everyday that a new vulnerability has
  surfaced overnight
• Check the firewall and server log files daily
• Keep a list of all the security products used and
  check vendor Web sites for updates on a daily
  basis

43
More Best Practices

• Know network infrastructure
• Ask questions and look for answers
• Set good password policies
• Install virus software and update the files on a
  regular basis

44
Web sites

• Listed below are some Web sites that offer good
  information on best practices
• http//csrc.nist.gov/fasp/
• http//www.cert.org/security-improvement/
• http//www.sans.org/rr/
• http//www.securityfocus.com