Logical design: Network Management and Security McCable ch.10

1
Logical design Network Management and Security
(McCable ch.10)

• Integrating Network Management and Security into
  the Design
• Defining Network Management
• Designing with Manageable Resources
• Network Management Architecture
• Security
• Security Mechanisms
• Security Examples
• Network Management and Security Plans

2
Network Management and Security

• Integrating Network Management and Security into
  the Design
• How to define and characterize management for a
  network design
• How to plan for
• monitoring,
• configuring and
• troubleshooting the network
• Examine network management protocols and
  instrumentation requirements

3
Defining Network Management

• Network management tasks
• Monitoring for event notification
• Monitoring for metrics and planning
• Configuration of network parameters
• Troubleshooting the network
• Planning

4
Defining Network Management

• Network elements and characteristics
• A network element is a component of the network
  that can be managed
• Hosts
• Routers
• Switches
• Data Service Units (DSUs)
• Hubs
• NICs
• Cable segments

5
Defining Network Management

• Network elements and characteristics
• End to end characteristics the characteristics
  that can be measured across multiple network
  elements and may be extended across the entire
  network or between hosts
• Availability
• Capacity
• Delay
• Delay variation (jitter)
• Throughput
• Error rates
• Network utilization
• Burstiness of the traffic

6
Defining Network Management

• Network elements and characteristics
• Link and element characteristics specific to the
  type of the element being managed.
• IP forwarding rates (packets/second) for
  routers
• Buffer utilization of a router
• Logs of authentication failures

7
Defining Network Management

• Monitoring and metering
• Monitoring obtaining values for the end-to-end,
  link, and element characteristics.
• Collecting data (e.g. using SNMP)
• Processing data (e.g. time averaging)
• Displaying processed data
• Archiving data

8
Defining Network Management

• Monitoring for event notification
• Event A problem or a failure in a network
  element
• Threshold may be set on end-to-end or element
  characteristics for notification of events. (real
  time analysis)
• Real time analysis usually involves short polling
  intervals capacity, CPU, memory, storage needed

9
Defining Network Management

• Example
• 100 network elements
• Each polled for 8 characteristics 800 polls and
  800 responses
• Average size of each poll and response is 64
  bytes
• We plan to poll every 5 seconds
• (800 polls 800 responses)(64 bytes/poll)(8
  bits/byte)/(5 seconds) 164 Kb/s

10
Defining Network Management

• Monitoring for metrics and planning
• Metering collecting data for long term analysis
• Metrics measured values
• Baselines can be established by monitoring for
  metrics

11
Defining Network Management

• Generating the characteristics set
• Generate a working set of end-to-end and element
  characteristics
• For each element
• Generate a table of configuration parameters
• Establish methods for adjusting these parameters
• Understand the effects of adjusting the
  parameters
• Understand the effects of problems and how to
  correct them
• Troubleshooting problem notification, isolation,
  identification, and resolution

12
Designing with manageable resources

• Network management protocols
• The requirement for management protocols and
  instrumentation
• The impact of management instrumentation on
  network design
• Instrumentation is the set of facilities provided
  by network elements for accessing element
  characteristics and configuration parameters

13
Designing with manageable resources

• Network Management Protocols
• Used to couple this instrumentation with
• Monitoring
• Display
• Processing and
• Storage
• Two major NM protocols
• The simple network management protocol (SNMP,
  SNMPv2 and SNMPv3)
• The common management information protocol
  (CMIP/CMIP over TCP/IP (CMOT))

14
Designing with manageable resources

• SNMP
• Widely used
• Provides facilities for collecting and
  configuring parameters from network elements
• Commands get, get-next, set. Users can set traps
  (thresholds) for parameters for automatic notices
  (less polling)
• Default port 161

15
Designing with manageable resources

• SNMP
• Management information Base (MIB) collection of
  parameters accessible by SNMP.
• MIBs for
• Routers
• Switches
• Circuits (e.g. T3)
• Remote monitoring (RMON) MIB provides information
  about a LAN segment

16
Designing with manageable resources

• Instrumentation methods
• SNMPv2, v3
• Ping
• Traceroute
• Pathchar
• Tcpdump
• telnet
• FTP

17
Network Management Architecture

• A network design should consider the data flows
  for management information
• In-band vs. out-of-band monitoring
• Centralized vs. distributed monitoring
• Capacity and delay requirements
• Flows of management data
• Configuration of network management

18
Network Management Architecture

• In-band vs. out-of-band monitoring
• In-band monitoring having the NM data flow over
  the same network that the user network traffic
  uses
• Simple network management architecture
• In case of network problems monitoring and
  troubleshooting may be difficult
• Out-of-band monitoring providing different paths
  for NM traffic and user network traffic
• ISDN D-channel
• Separate Frame Relay/ATM virtual circuit
• Telephone lines

19
Network Management Architecture

• Centralized/distributed monitoring
• Centralized all monitoring data are sent from
  one monitoring node using either in-band or
  out-of-band-monitoring
• Distributed local monitoring nodes
• Less NM traffic
• In-band/out-of band

20
Network Management Architecture

• Capacity and Delay Requirements
• For LANs one monitoring node per subnet
• For WAN/MAN one monitoring node at each
  WAN/MAN-LAN interface

21
Network Management Architecture

• LANs determine the
• Number of hosts and network elements to be polled
  for parameters
• Number of parameters to be collected
• Frequency of polling
• NM traffic rate
• 2-5 (Ethernet, FDDI, Token Ring)
• 0.2-0.5 (HiPPI 800 Mb/s capacity), etc.

22
Network Management Architecture

• Have more than one method to verify the accuracy
  of data collected
• SNMP
• RMON
• Avoid overloading network with NM data

23
Security

• For the development of a security plan
• User requirements for security
• Security policies
• Security risk analysis
• Protect network resources from being disabled,
  stolen, modified, or damaged
• Protect hosts, servers, users, and system data

24
Security

• Security policies
• Understand possible security breaches
• Implement policies to deal with these breaches
• Common security philosophies
• Deny specifics/permit all else
• Permit specifics/deny all else
• Example policies
• Acceptable use statements, security incident
  handling procedures, configuration-modification
  policies, and network access/firewall policies

25
Security

• Security risk analysis
• A process used to determine which components of
  the system need to be protected and the types of
  security risks they should be protected from
• Security risks may also change in time in line
  with changes in an organisation

26
Security Risk Analysis Example

• Assume a fictitious company
• Identify effect/likelihood (e.g. A/B)
• Effect A (destructive), B (Disabling), C
  (Disruptive), D (No impact)
• Likelihood A (Certain), B (Likely), C
  (Unlikely), D (Impossible)

27
Security Risk Analysis Example
28
Security Risk Analysis Example

• Outcome
• A strong user authentication mechanism needed
• Added protection for DNS and email applications
  (e.g. application firewall)
• Encryption for email messages

29
Security mechanisms

• Physical
• Security awareness
• User authentication
• Packet filters
• Application wrappers and gateways
• Encryption
• Firewalls

30
Security mechanisms

• Not all mechanisms are appropriate for any
  environment
• Degree of protection it provides
• Expertise required for installation and
  configuration
• Cost of purchasing, implementing and operating it
• Amounts of administration and maintenance required

31
Security mechanisms

• Physical security
• Protected access (e.g. to servers etc.)
• Backup power source and power conditioning,
  secondary backup storage
• Security against natural disasters

32
Security Mechanisms

• Security awareness
• User involvement in all aspects of security
• User authentication
• Packet filters (ACLs)
• Require administration and maintenance
• Take up network resources (e.g. CPU)

33
Security Mechanisms

• Application Security mechanisms
• Application wrappers similar to packet filters
  but implemented on hosts
• Application gateways relays between protected
  and unprotected systems
• Encryption
• Degrades network performance 15-85
• Administration, maintenance required
• Expensive

34
Security Mechanisms

• Firewalls
• A combination of a number of mechanisms
• May give a false sense of security
• Security and system components
• Security at the user component
• Security at the host component
• Security at the network component

35
Security Examples External firewall

• Between external and internal networks
• Recommended when
• there is a security threat from external sources
• limited /no systems and network administration
• access to external networks is needed
• will not impact connectivity to external networks

36
(No Transcript)
37
External Firewalls Trade offs

• May require knowledge of users requirements
  (telnet, ftp, etc.)
• Requires firewall construction/configuration
  expertise
• Network performance degradation up to 30
• Can complicate WAN/MAN troubleshooting
• May require address translator
• May require additional hardware e.g. routers

38
Security Examples Internal Firewall

• Between subnets
• Recommended when
• there is a security threat from within or
  external to network
• limited /no systems and network administration
• interconnectivity between subnets/connectivity to
  external networks is needed
• will not impact connectivity to internal and
  external networks

39
(No Transcript)
40
Internal Firewalls Trade offs

• May require knowledge of users requirements
  (telnet, ftp, etc.)
• Requires firewall construction/configuration
  expertise
• Network performance degradation up to 30
• Can complicate LAN/MAN/WAN troubleshooting
• May require address translator
• May require additional hardware e.g. routers

41
Security Examples Distributed Host Security

• Distributed host security
• When there is a threat from external networks
• When internal sources can be protected via system
  administration
• When connectivity to internal and external
  networks would be impacted by firewall
  performance issues
• Example TCP/IP filtering in MS Windows2000
  authentication encryption

42
(No Transcript)
43
Distributed Host Security Trade offs

• May require knowledge of users requirements
  (telnet, ftp, etc.)
• Requires consistent and thorough systems and
  network administration
• internal security may be dependent on the
  security of every host and server within the
  network
• Security holes in host operating systems or
  applications will likely affect all internal
  hosts and servers

44
Example breaches of security
45
Example Security Breaches
46
Security points
47
Example security controls

• Access control error control to prevent
  unauthorised access
• Physical access control mechanisms,
• Backup equipment and procedures,
• Physical security,
• Logging of message and transaction flow
• etc.

48
Network Management and Security Plans

• Evaluating and selecting secure, manageable
  network resources
• Evaluating trade-offs in security and network
  management architectures
• Integration with the network design
• Risk analysis and contingency planning for the
  design

49
Fundamentals of cryptography and encryption

• Confidentiality allow only authorized persons to
  access information
• Authentication guarantee of originator and of
  electronic transmission
• Integrity information that was sent is what was
  received
• non-repudiation originator of information cannot
  deny content or transmission

50
One-key and two-key systems

• One-key symmetric (secret key) cryptosystems
• conventional
• fast
• Theory well developed
• AES, DES, IDEA
• Two-key asymmetric (public key) cryptosystems
• based on difficult number theory problem
• slow
• RSA

51
Practical Security

• Firewalls
• Network Intrusion Detection
• Endpoint Security/Host Intrusion Protection
• VPN Security

52
and more specifically

• Cisco PIX Firewalls
• has received ICSA Firewall and IPsec
  certification, as well as Common Criteria EAL4
  evaluation status.
• provide a wide range of security and networking
  services including
• Network Address Translation (NAT),
• Port Address Translation (PAT),
• content filtering (Java/ActiveX),
• URL filtering,
• AAA (RADIUS/TACACS) integration,
• support for leading X.509 PKI solutions,
• DHCP client/server

53
AAA

• an architectural framework for configuring three
  different security features.
• authentication,
• authorization, and
• accounting

54
AAA Advantages

• Provides scalability
• rely on a server or group of servers to store
  usernames and passwords
• supports standardized security protocols,
• Terminal Access Controller Access Control System
  Plus (TACACS),
• Remote Authentication Dial-In User Service
  (RADIUS), and
• Kerberos
• allows you to configure multiple backup systems

55
TACACS

• A security application used with AAA that
  provides centralized validation of users
  attempting to gain access to a router or network
  access server.
• Services are maintained in a database on a
  TACACS daemon running, typically, on a UNIX or
  Windows workstation.
• Provides for separate and modular authentication,
  authorization, and accounting facilities
• Uses TCP

56
RADIUS

• A distributed client/server system used with AAA
  that secures networks against unauthorized
  access.
• e.g. RADIUS clients may run on Cisco routers and
  send authentication requests to a central RADIUS
  server that contains all user authentication and
  network service access information.
• Uses UDP

57
Kerberos

• A secret-key network authentication protocol used
  with AAA that uses the Data Encryption Standard
  (DES) cryptographic algorithm for encryption and
  authentication.

58
(No Transcript)
59
More on Security

60
Security

• Computer and Network Security Requirements
• Security Threats
• Protection
• Intruders
• Malicious Software
• Trusted Systems

61
Computer and Network Security Requirements

• Confidentiality
• Requires information in a computer system only be
  accessible for reading by authorized parties
• Integrity
• Assets can be modified by authorized parties only
• Availability
• Assets be available to authorized parties
• Authenticity
• Requires that a computer system be able to verify
  the identity of a user

62
Types of Threats

• Interruption
• Interception
• Modification
• Fabrication

63
Types of Threats

• Interruption
• An asset of the system is destroyed or becomes
  unavailable or unusable
• Attack on availability
• Destruction of hardware
• Cutting of a communication line
• Disabling the file management system

64
Types of Threats

• Interception
• An unauthorized party gains access to an asset
• Attack on confidentiality
• Wiretapping to capture data in a network
• Illicit copying of files or programs

65
Types of Threats

• Modification
• An unauthorized party not only gains access but
  tampers with an asset
• Attack on integrity
• Changing values in a data file
• Altering a program so that it performs
  differently
• Modifying the content of messages being
  transmitted in a network

66
Types of Threats

• Fabrication
• An unauthorized party inserts counterfeit objects
  into the system
• Attack on authenticity
• Insertion of spurious messages in a network
• Addition of records to a file

67
Computer System Assets

• Hardware
• Software
• Data
• Communication lines and Network

68
Computer System Assets

• Hardware
• Threats include accidental and deliberate damage
• Software
• Threats include deletion, alteration, damage
• Backups of the most recent versions can maintain
  high availability

69
Computer System Assets

• Data
• Involves files
• Security concerns for availability, secrecy, and
  integrity
• Statistical analysis can lead to determination of
  individual information which threatens privacy

70
Computer System Assets

• Communication Lines and Networks Passive
  Attacks
• Release of message contents for a telephone
  conversation, an electronic mail message, and a
  transferred file are subject to these threats
• Traffic analysis
• encryption masks the contents of what is
  transferred so even if obtained by someone, they
  would be unable to extract information

71
Computer System Assets

• Communication Lines and Networks Active Attacks
• Masquerade takes place when one entity pretends
  to be a different entity
• Replay involves the passive capture of a data
  unit and its subsequent retransmission to produce
  an unauthorized effect
• Modification of messages means that some portion
  of a legitimate message is altered, or that
  messages are delayed or reordered, to produce an
  unauthorized effect

72
Computer System Assets

• Communication Lines and Networks Active Attacks
• Modification of messages means that some portion
  of a legitimate message is altered, or that
  messages are delayed or reordered, to produce an
  unauthorized effect
• Denial of service prevents or inhibits the normal
  use or management of communications facilities
• Disable network or overload it with messages

73
Protection

• Sharing resources among users involve
• Memory
• I/O devices
• Programs
• Data
• Sharing creates a need for protection

74
Protection

• No protection
• When sensitive procedures are run at separate
  times
• Isolation
• Each process operates separately from other
  processes with no sharing or communication

75
Protection

• Share all or share nothing
• Owner of an object declares it public or private
• Share via access limitation
• Operating system checks the permissibility of
  each access by a specific user to a specific
  object
• Operating system acts as the guard

76
Protection

• Share via dynamic capabilities
• Dynamic creation of sharing rights for objects
• Limit use of an object
• Limit not only access to an object but also the
  use to which that object may be put
• Example a user may be able to derive
  statistical summaries but not to determine
  specific data values

77
Protection

• Protection of memory
• User-oriented access control
• Data oriented access control

78
Protection of Memory

• Ensure correct function of various processes that
  are active
• Virtual memory scheme
• Paging
• Segmentation
• Shareable/non-shareable
• Hardware support (mP) can be provided for memory
  protection

79
User-Oriented Access Control

• Log on
• Requires both a user identifier (ID) and a
  password
• System only allows users to log on if the ID is
  known to the system and password associated with
  the ID is correct
• Users can reveal their password to others either
  intentionally or accidentally
• Hackers are skillful at guessing passwords
• ID/password file can be obtained

80
Data-Oriented Access Control

• Associated with each user, there can be a user
  profile that specifies permissible operations and
  file accesses
• Operating system enforces these rules
• Database management system controls access to
  specific records or portions of records

81
Data-Oriented Access Control

• Access Matrix A general model of access control
  as exercised by a file or database management
  system. Its elements
• Subject
• An entity capable of accessing objects
• e.g. a process enabling a user/application to
  access an object
• Object
• Anything to which access is controlled
• Files, programs, segments of memory
• Access rights
• The way in which an object is accessed by a
  subject

82
Access Matrix
83
Access Control List

• Matrix decomposed by columns
• For each object, an access control list gives
  users and their permitted access rights

84
Access Control List
85
Capability Tickets

• Decomposition of access matrix by rows
• Specifies authorized object and operations for a
  user

86
Capability Tickets
87
Intruders

• Hacker or cracker
• Three classes
• Masquerader
• Not authorized to use the computer, penetrates
  systems access controls to exploit a legitimate
  users account
• Misfeasor
• A legitimate user accessing objects without
  authorization or misusing his/her privileges
• Clandestine user
• An individual who seizes supervisory control

88
Intrusion Techniques

• Objective of intruder is to gain access to the
  system or to increase the range of privileges
  accessible on a system
• Protected information that an intruder acquires
  is a password
• Protecting password file
• Encryption
• Access control

89
Techniques for Learning Passwords

• Try default password used with standard accounts
  shipped with computer
• Exhaustively try all short passwords
• Try words in dictionary or a list of likely
  passwords
• Collect information about users and use these
  items as passwords

90
Techniques for Learning Passwords

• Try users phone numbers, social security
  numbers, and room numbers
• Try all legitimate license plate numbers for this
  state
• Use a Trojan horse to bypass restrictions on
  access
• Tap the line between a remote user and the host
  system

91
Password protectionID Provides Security

• Determines whether the user is authorized to gain
  access to a system
• Determines the privileges accorded to the user
• Guest or anonymous accounts have more limited
  privileges than others
• ID is used for discretionary access control
• A user may grant permission to files to others by
  ID

92
Password Selection Strategies

• Computer generated passwords
• Users have difficulty remembering them
• Need to write it down
• Have history of poor acceptance

93
Password Selection Strategies

• Reactive password checking strategy
• System periodically runs its own password cracker
  to find guessable passwords
• System cancels passwords that are guessed and
  notifies user
• Consumes resources to do this
• Hacker can use this on their own machine with a
  copy of the password file

94
Password Selection Strategies

• Proactive password checker
• The system checks at the time of selection if the
  password is allowable
• With guidance from the system users can select
  memorable passwords that are difficult to guess

95
(No Transcript)
96
Intrusion Detection

• Assume the behavior of the intruder differs from
  the legitimate user
• Statistical anomaly detection
• Collect data related to the behavior of
  legitimate users over a period of time
• Statistical tests are used to determine if the
  behavior is not legitimate behavior

97
Intrusion Detection

• Rule-based detection
• Anomaly detection Rules are developed to detect
  deviation from previous usage pattern
• Penetration identification Expert system
  searches for suspicious behavior

98
Intrusion Detection

• Audit record
• Native audit records
• All operating systems include accounting software
  that collects information on user activity
• Detection-specific audit records
• Collection facility can be implemented that
  generates audit records containing only that
  information required by the intrusion detection
  system

99
Malicious Programs

• Those that need a host program
• Fragments of programs that cannot exist
  independently of some application program,
  utility, or system program
• Independent
• Self-contained programs that can be scheduled and
  run by the operating system

100
(No Transcript)
101
Trapdoor

• A secret entry point into a program that allows
  someone who is aware of trapdoor to gain access
• used by programmers to debug and test programs
• Avoids necessary setup and authentication
• Method to activate program if something wrong
  with authentication procedure
• Difficult to control take care of program
  development and software update activities

102
Logic Bomb

• Code embedded in a legitimate program that is set
  to explode when certain conditions are met
• Presence or absence of certain files
• Particular day of the week
• Particular user running application

103
Trojan Horse

• Useful program that contains hidden code that
  when invoked performs some unwanted or harmful
  function
• Can be used to accomplish functions indirectly
  that an unauthorized user could not accomplish
  directly
• User may set file permission so everyone has
  access to files on another users machine

104
Viruses

• Program that can infect other programs by
  modifying them
• Modification includes copy of virus program
• The infected program can infect other programs

105
Worms

• Use network connections to spread form system to
  system
• Electronic mail facility
• A worm mails a copy of itself to other systems
• Remote execution capability
• A worm executes a copy of itself on another
  system
• Remote log-in capability
• A worm logs on to a remote system as a user and
  then uses commands to copy itself from one system
  to the other

106
Zombie

• Program that secretly takes over another
  Internet-attached computer
• It uses that computer to launch attacks that are
  difficult to trace to the zombies creator

107
Virus Stages

• Dormant phase
• Virus is idle
• Propagation phase
• Virus places an identical copy of itself into
  other programs or into certain system areas on
  the disk

108
Virus Stages

• Triggering phase
• Virus is activated to perform the function for
  which it was intended
• Caused by a variety of system events
• Execution phase
• Function is performed

109
Types of Viruses

• Parasitic
• Attaches itself to executable files and
  replicates
• When the infected program is executed, it looks
  for other executables to infect
• Memory-resident
• Lodges in main memory as part of a resident
  system program
• Once in memory, it infects every program that
  executes

110
Types of Viruses

• Boot sector
• Infects boot record
• Spreads when system is booted from the disk
  containing the virus
• Stealth
• Designed to hide itself from detection by
  anti-virus software
• May use compression so that the infected program
  is exactly the same length as an uninfected
  version

111
Types of Viruses

• Polymorphic
• Mutates with every infection, making detection by
  the signature of the virus impossible
• Mutation engine creates a random encryption key
  to encrypt the remainder of the virus
• The key is stored with the virus

112
Macro Viruses

• Platform independent
• Most infect Microsoft Word
• Infect document, not executable portions of code
• Easily spread

113
Macro Viruses

• A macro is an executable program embedded in a
  word processing document or other type of file
• Autoexecuting macros in Word
• Autoexecute
• Executes when Word is started (Macro named
  AutoExec is in the normal.dot template)
• Automacro
• Executes when defined event occurs such as
  opening or closing a document
• Command macro
• Executed when user invokes a command (e.g., File
  Save)

114
Antivirus Approaches

• Detection
• Determining that an infection has occurred and
  locating the virus
• Identification
• Following detection of a virus identifying the
  specific virus
• Removal
• Remove all traces of the virus from the infected
  program and all infected systems

115
Antivirus Approaches

• Generic Decryption
• Digital Immune System

116
Generic Decryption

• Elements
• CPU emulator
• Instructions in an executable file are
  interpreted by the emulator rather than the
  processor
• Virus signature scanner
• Scan target code looking for known virus
  signatures
• Emulation control module
• Controls the execution of the target code

117
Digital Immune System

• Developed by IBM
• Motivation has been the rising threat of
  Internet-based virus propagation
• Integrated mail systems
• Groupware Lotus notes, MS Outlook
• Mobile-program system
• Portable Java, ActiveX

118
(No Transcript)
119
E-mail Virus

• Activated when recipient opens the e-mail
  attachment
• Activated by open an e-mail that contains the
  virus
• Uses Visual Basic scripting language
• Propagates itself to all of the e-mail addresses
  known to the infected host

120
Trusted Systems

• Multilevel security
• Information organized into categories
• A subject at a high level may not convey
  information to a subject at a lower level unless
  authorized to do so
• No read up
• A subject can only read objects of a less or
  equal security level (simple security property)
• No write down
• A subject can only write objects of greater or
  equal security level (-property star property)

121
(No Transcript)
122
Trojan Horse Defense

• Use secure, trusted operating system

123
Trojan Horse Defense
124
Trojan Horse Defense
125
Trojan Horse Defense
126
Trojan Horse Defense