1. Network security Cs634 IS 605 1

2.  Course Content  Materials  Assessment 2 Agenda

3.  Introduction of computer security  Cryptology  Public key infrastructure  Authentication and Authorization  Search Topics 3 Course Content

4.  Lecture note :http://scholar.cu.edu.eg/?q=nermin-hamza/http://scholar.cu.edu.eg/?q=nermin-hamza/  Research Documents  Book1 :  Jie Wang, “Computer Network Security -Theory and Practice”, @2009 Higher Education Press  Book2  S.K.PARMAR, Cst,“INFORMATION RESOURCE GUIDE- Computer, Internet and Network Systems Security”,  Book3  William Stallings, “ Cryptography and Network Security - principles and practice”, 5 th edition 4 Materials

5.  Mid term Exam 20 %  Research Assignment 10 %  Final- Term Examination70 %  Or  Research Assignment 20 %  Final- Term Examination80 % 5 Assessment

6. Let’s start Introduction 6

7.  Attacks, services and mechanisms  Security attacks  Security services  Methods of Defense  A model for Internetwork Security 7

8.  Security Attack: Any action that compromises the security of information.  Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.  Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms 8 Attacks, Services and Mechanisms

9. Definition:  Any action that compromises the security of information owned by an organization  Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems 9 Security Attack

10.  Threats تهديد mean anything that can interrupt the operation, functioning, integrity, or availability of a network or system, these can take any forms.  Vulnerabilities ثغره are inherent weakness in the design, configuration, implementation, or management of the network or the system that renders it to be susceptible to threats.  Attacks هجوم are a specific technique used to exploit the vulnerabilities 10 Security Attack

11.  Sometimes the damage is done on purpose  Malicious attacks from disgruntled people (e.g. ex-employees)  Snoop attacks from nosey co-workers  Acts of vandalism  Espionage تجسس 11 Purpose of attacking?

12.  What do they hope to gain?  bragging rights, simply to say “I did it!”  theft of information  theft of service  theft of real assets/money  defacement/vandalism  destruction of data  corruption of data 12 Purpose of attacking?

13.  corruption of operational systems controlled by computers (phone system, TV systems, etc.)  denial of service  plant ‘bots which can be remotely activated and controlled to accomplish any of the attacks listed above using your machine as the host 13 Purpose of attacking?

14. 14 General Attacks

15.  ™ Insider attack  The insider is already an authorized user  Insider acquires privileged access  exploiting bugs in privileged system programs  Install backdoors/Trojan horses to facilitate subsequent acquisition of privileged access  Outsider attack  ™ Acquire access to an authorized account  ™ Perpetrate an insider attack 15 Insider and ousider

16.  Passive Attack: when the attacked entity is unaware of the attack, hence called PASSIVE e.g. the attacker is just trying to listen or observer you.  Active attack: is an attack which the attacked entity gets aware of when attacked. That is the interruption from the attacker is of such kind that he gets aware of the attack, hence called active attack. For example trying to steal some info 16 Passive and Active Attack

17. 17 Passive Attacks

18. 18 Example: Release of message contents

19.  Release of message contents A telephone conversation, an E-mail messages, and file transfer can be easily accessed without effecting the message.  Traffic analysis To observe pattern of messages from sender and receiver. 19 Passive Attacks

20. 20 Active Attacks

21.  Replay Attack: A hacker executes a replay attack by intercepting and storing a legitimate transmission between two systems and retransmitting it at a later time.  Denial-of-Service (DoS) Attacks: attempt to exhaust the network or server resources in order to render it useless for legitimate hosts and users.  Masquerading server attack in which an attacker pretends to be as a legal server by creating a valid responding message from an eavesdropped communication between the remote server S and a user A 21 Active Attacks

22.  Interception هجوم التصنت على الرسائل : An unauthorized party gains access to an asset. This is an attack that violates confidentiality. The unauthorized party could be a person, a program, or a computer. Examples include wiretapping to capture data in a network, and the illicit copying of files or programs  Interruption هجوم الإيقاف : An asset of the system is destroyed or becomes unavailable. This is an attack that violates availability. Examples include destruction of a piece of hardware, such as a hard disk, or cutting off a communication line. 22 Functionality of attacks

23.  Modification هجوم يعدل على محتوى الرسالة : An unauthorized party does not only gain access to the asset, but also tampers it. This is an attack that violates integrity. Examples include value manipulation in the date file, and modifying the content of messages being transmitted in a network.  Fabrication لهجوم المزور أو المفبرك : An unauthorized party installing a malicious object or program on the system. This is an attack that violates authenticity. Examples include the insertion of spurious messages in a network or the addition of records to a file. 23 Active Attacks

24. 24 Security Attacks

25.  Denial of Service (DoS) attacks  DoS attacks have one goal – to knock your service off the net.  Crash your host  Flood your host  Flood the network connecting to your host 25 What are the kinds of attacks?

26.  Viruses  A computer virus attaches itself to files on the target machine  Master Boot Sector/Boot Sector viruses  File viruses, Macro viruses  Stealth viruses, Polymorphic viruses  Hoax Viruses 26 What are the kinds of attacks?

27.  Trojans, Worms and Backdoors  Trojans are programs that appear to perform a desirable and necessary function that perform functions unknown to (and probably unwanted by) the user.  Worms are memory resident viruses. Unlike a virus, which seeds itself in the computer's hard disk or file system, a worm will only maintain a functional copy of itself in active memory. 27 What are the kinds of attacks?

28.  Worms frequently “sleep” until some event triggers their activity - send password file to hacker, send copy of registry to hacker.  Worms and Trojans are frequently methods by which Backdoors are enabled on a system.  Backdoors allow hidden access and control of a system (e.g. Back Orifice, BO2K, SubSeven). 28 What are the kinds of attacks?

29.  Scanners  Programs that automatically detect security weaknesses in remote or local hosts.  Tells the hacker:  What services are currently running  What users own those services  Whether anonymous logins are supported  Whether certain network services require authentication 29 What are the kinds of attacks?

30.  Password Crackers  Some actually try to decrypt....  Most simply try “brute force” or intelligent “brute force”  Dictionary words, days of year, initials 30 What are the kinds of attacks?

31.  Sniffers  Sniffers monitor network data.  Devices that capture network packets  Extremely difficult to detect because they are passive 31 What are the kinds of attacks?

32. 32 Security Goals

33.  Enhance security of data processing systems and information transfers of an organization  Intended to counter security attacks  Using one or more security mechanisms  Often replicates functions normally associated with physical documents  Which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 33 Security Service

34.  Authentication  Concerned with assuring that a communication is authentic.  Confidentiality : ◦ Preventing the sensitive information from unauthorized user.  Integrity : ◦ Preventing the information from modification by unauthorized users.  Availability: ◦ Assuring that the authorized users have timely access to the information in the system and to the network.  Access Control: ◦ Ability to limit and control the access to the host systems and applications via communication links.  Non-repudiation: ◦ Preventing either sender or receiver from denying a transmitted message. 34 Security Services:

35.  A process that is designed to detect, prevent or recover from a security attack  No single mechanism that will support all services required  However one particular element underlies many of the security mechanisms in use:  cryptographic techniques 35 Security Mechanism

36.  Encryption  Software Controls (access limitations in a data base, in operating system protect each user from other users)  Hardware Controls (smartcard)  Policies (frequent changes of passwords)  Physical Controls 36 Methods of Defense

37.  1. Encryption is the formal name for the scrambling process. We take data in their normal, unscrambled state, called cleartext, and transform them so that they are unintelligible to the outside observer; the transformed data are called enciphered text or ciphertext. Using encryption, security professionals can virtually nullify the value of an interception and the possibility of effective modification or fabrication. 37 Methods of Defense

38.  2. Software Controls  If encryption is the primary way of protecting valuables, programs themselves are the second facet of computer security. Programs must be secure enough to prevent outside attack. They must also be developed and maintained so that we can be confident of the programs' dependability. 38 Methods of Defense

39. Program controls include the following:  internal program controls: parts of the program that enforce security restrictions, such as access limitations in a database management program  operating system and network system controls: limitations enforced by the operating system or network to protect each user from all other users  independent control programs: application programs, such as password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities  development controls: quality standards under which a program is designed, coded, tested, and maintained to prevent software faults from becoming exploitable vulnerabilities. 39 Methods of Defense

40.  3. Hardware Controls Numerous hardware devices have been created to assist in providing computer security. These devices include a variety of means, such as  hardware or smart card implementations of encryption  locks or cables limiting access or deterring theft  devices to verify users' identities  firewalls  intrusion detection systems 40 Methods of Defense

41.  4. Policies and Procedures  Sometimes, we can rely on agreed-on procedures or policies among users rather than enforcing security through hardware or software means.  In fact, some of the simplest controls, such as frequent changes of passwords, can be achieved at essentially no cost but with tremendous effect. Training and administration follow immediately after establishment of policies, to reinforce the importance of security policy and to ensure their proper use. 41 Methods of Defense

42.  5. Physical Controls  Some of the easiest, most effective, and least expensive controls are physical controls. Physical controls include locks on doors, guards at entry points, backup copies of important software and data, and physical site planning that reduces the risk of natural disasters. Often the simple physical controls are overlooked while we seek more sophisticated approaches. 42 Methods of Defense

43. 43 Model for Network Security

44.  Using this model requires us to: 1.design a suitable algorithm for the security transformation 2.generate the secret information (keys) used by the algorithm 3.develop methods to distribute and share the secret information 4.specify a protocol enabling the principals to use the transformation and secret information for a security service 44 Model for Network Security

45. 45 Model for Network Access Security

46.  Using this model requires us to: 1.select appropriate gatekeeper functions to identify users 2.implement security controls to ensure only authorised users access designated information or resources  trusted computer systems may be useful to help implement this model 46 Model for Network Access Security

47.  Summary of the first Lecture First Assignment