Presentation is loading. Please wait.

Presentation is loading. Please wait.

System and Network Security Overview. 2 What is network security about ? It is about secure communication It is about secure communication What do we.

Similar presentations


Presentation on theme: "System and Network Security Overview. 2 What is network security about ? It is about secure communication It is about secure communication What do we."— Presentation transcript:

1 System and Network Security Overview

2 2 What is network security about ? It is about secure communication It is about secure communication What do we mean by secure communication? What do we mean by secure communication? Everything is connected by the Internet Everything is connected by the Internet We will often use Alice and Bob We will often use Alice and Bob Alice is on a vacation and wants to send a command to her assistant—Bob—or just a computer to control the nuclear power plant, how can she do that? Alice is on a vacation and wants to send a command to her assistant—Bob—or just a computer to control the nuclear power plant, how can she do that?

3 3 What is it about ? There are eavesdroppers that can listen on the communication channels There are eavesdroppers that can listen on the communication channels Information needs to be forwarded through packet switches, and these switches can be reprogrammed to listen to or modify data in transit Information needs to be forwarded through packet switches, and these switches can be reprogrammed to listen to or modify data in transit Is it hopeless for Alice? Is it hopeless for Alice?

4 4 Other examples Alice sends Bob some sensitive information via Internet Alice sends Bob some sensitive information via Internet Network manager remotely changes some Access Control Lists (intercepts, impersonation) Network manager remotely changes some Access Control Lists (intercepts, impersonation) On-line stock trading, customer denies that she has sent the order On-line stock trading, customer denies that she has sent the order

5 5 Cryptography Cryptography allows us to disguise data so that eavesdroppers gain no information from listening Cryptography allows us to disguise data so that eavesdroppers gain no information from listening Cryptography also allows us to create unforgettable message and detect if it has been modified in transit: a digital signature is often used for this purpose—a magic number Cryptography also allows us to create unforgettable message and detect if it has been modified in transit: a digital signature is often used for this purpose—a magic number

6 6 Network/System Security Overview Cryptography Cryptography Secret key cryptography Secret key cryptography Modes of operation Modes of operation Hashes and message digest Hashes and message digest Public key cryptography Public key cryptography Some number theory, AES and elliptic curve cryptography Some number theory, AES and elliptic curve cryptography Authentication Authentication How can Alice prove that she is Alice on networks? How can Alice prove that she is Alice on networks? Standards Standards Kerberos, PKI, IPSec, SSL Kerberos, PKI, IPSec, SSL The underlying philosophy for these standards, that is, intuition behind various choices, design decisions, and flaws in these standards The underlying philosophy for these standards, that is, intuition behind various choices, design decisions, and flaws in these standards security security Firewalls and secure systems Firewalls and secure systems

7 7 Two kinds of security Computer security Computer security Network security Network security

8 8 Vulnerabilities of comp sys attacks on hardware attacks on hardware attacks on software attacks on software deletion, modification (Trojan horse, trapdoor/backdoor, covert channel), infection through computer virus, theft, copying deletion, modification (Trojan horse, trapdoor/backdoor, covert channel), infection through computer virus, theft, copying attacks on data attacks on data compromising secrecy & integrity compromising secrecy & integrity attacks on other resources attacks on other resources storage media, time, key people storage media, time, key people

9 9 Computer security The goal is to protect data and resources The goal is to protect data and resources How to design security mechanisms? How to design security mechanisms? Cost/benefits Cost/benefits Threat model Threat model Trust model Trust model Available tools Available tools Where to use security tool Where to use security tool Security is not only about cryptography Security is not only about cryptography Identify the weakest point Identify the weakest point

10 10 Failures of security mechanisms Failure to understand the threat model Failure to understand the threat model Failure to understand what a mechanism protects against and what it does not Failure to understand what a mechanism protects against and what it does not Bad design Bad design Implementation fault Implementation fault Misconfiguration Misconfiguration Bad interaction with other parts Bad interaction with other parts Bad user interface Bad user interface

11 11 Network security Security of data in transit Security of data in transit Security of data at rest Security of data at rest

12 12 Importance of network security Increasing large deployment of networked computers Increasing large deployment of networked computers Sensitive information/resources are coming online Sensitive information/resources are coming online Personal information Personal information Financial services Financial services Military Military Infrastructure Infrastructure Large number of users, large amounts of money Large number of users, large amounts of money

13 13 OSI Reference Model

14 14 Most mentioned network terms IP, UDP, TCP IP, UDP, TCP Directory services Directory services Packet switching Packet switching Alice Trudy R1 R2 R3 R4 R5 R6 Token ring Bob

15 15 Differences from systems security Attacks come from anywhere, at any time Attacks come from anywhere, at any time Highly automated attacks (script kiddies) Highly automated attacks (script kiddies) Physical security measures are inadequate Physical security measures are inadequate Wide variety of applications, services, protocols Wide variety of applications, services, protocols No single authority/administrator No single authority/administrator

16 16 Reactions to Information Security Active research in security & privacy (numerous conferences each year) Active research in security & privacy (numerous conferences each year) New laws New laws Education Education Collaborations between governments, industries & academia Collaborations between governments, industries & academia Employment of computer security specialists Employment of computer security specialists

17 17 Methods of defence (1) modern cryptography modern cryptography encryption, authentication code, digital signature etc encryption, authentication code, digital signature etc software controls software controls standard development tools (design, code, test, maintain, etc) standard development tools (design, code, test, maintain, etc) operating system controls operating system controls internal program controls (eg. database) internal program controls (eg. database) fire-walls fire-walls

18 18 Methods of defence (2) hardware controls hardware controls security devices security devices smart cards,... smart cards,... SecureID SecureID physical controls physical controls locks, guards, backup of data & software, thick walls,... locks, guards, backup of data & software, thick walls,... security policies & procedures security policies & procedures user education user education law law

19 Introduction to Network Security

20 20 Intro Network Security To assess the security needs of an organization effectively and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. To assess the security needs of an organization effectively and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. One approach is to consider 3 aspects of information security: One approach is to consider 3 aspects of information security: Security attack: any action that compromises the security of informationowned by an organization Security attack: any action that compromises the security of informationowned by an organization Security method: a mechanism that is designed to detect, prevent, orrecover from a security attack Security method: a mechanism that is designed to detect, prevent, orrecover from a security attack Security service: a service that enhances the security of the dataprocessing systems and the information transfers of an organization Security service: a service that enhances the security of the dataprocessing systems and the information transfers of an organization The services are intended to counter security attacks, and they make use of one or more security methods to provide the service The services are intended to counter security attacks, and they make use of one or more security methods to provide the service

21 21 Classification of Security Services Confidentiality – Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties Confidentiality – Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties Authentication – Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false Authentication – Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false Integrity – Ensures that only authorized parties are able to modify computer systems assets and transmitted information. Integrity – Ensures that only authorized parties are able to modify computer systems assets and transmitted information. Nonrepudiation– Requires that neither the sender nor the receiver of a message be able to deny the transmission (nonrepudiation with proof of origin/delivery) Nonrepudiation– Requires that neither the sender nor the receiver of a message be able to deny the transmission (nonrepudiation with proof of origin/delivery) Access control (Authorization) – Requires that access to information resources may be controlled by or for the target system Access control (Authorization) – Requires that access to information resources may be controlled by or for the target system Availability – Requires that computer system assets be available to authorized parties when needed Availability – Requires that computer system assets be available to authorized parties when needed

22 22 Threats Passive attacks Passive attacks 1. Illegal interception (secrecy) 2. Traffic analysis Active attacks Active attacks 1. Denial of Service / Interruption (availability) 2. Un-authorised modification (integrity) 3. Fabrication (authenticity) 4. Replay 5. Man-in-the-middle attacks 6. Modification of messages

23 23 Illegal Interception also called “un-authorised access” also called “un-authorised access” difficult to detect difficult to detect it leaves no traces it leaves no traces example: US military Tempest program measures how far away an intruder must be before eavesdropping is impossible. example: US military Tempest program measures how far away an intruder must be before eavesdropping is impossible. The movement of electron can be measured from a surprising distance (control zone) The movement of electron can be measured from a surprising distance (control zone)

24 24 Traffic analysis Military applications (spy identification) Military applications (spy identification) Zeroknowledge Inc. (anonymous web browsing and private, encrypted, untraceable for customers stopped services) Zeroknowledge Inc. (anonymous web browsing and private, encrypted, untraceable for customers stopped services)http://www.zeroknowledge.com/ AT&T Crowds project (system for protecting your anonymity while you browse the web) AT&T Crowds project (system for protecting your anonymity while you browse the web) Anonymizer Anonymizer Untraceable s: Mix by David Chaum Untraceable s: Mix by David Chaum

25 25 Denial of Service also called “Interruption”—recent example: DDoS, tool used in that DDoS trinoo o.analysis also called “Interruption”—recent example: DDoS, tool used in that DDoS trinoo o.analysis o.analysis o.analysis information resources (hardware, software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction information resources (hardware, software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction

26 26 Un-authorized Modification un-authorised access & tampering with a resource (data, programs, hardware devices, copy of hand-written signature, etc.) un-authorised access & tampering with a resource (data, programs, hardware devices, copy of hand-written signature, etc.) Ex. some portion of a legitimate message is altered, or that message is delayed or altered to produce an unauthorized effect Ex. some portion of a legitimate message is altered, or that message is delayed or altered to produce an unauthorized effect

27 27 Fabrication and Impersonation fabricate counterfeit objects (data, programs, devices, etc) fabricate counterfeit objects (data, programs, devices, etc) related examples: related examples: counterfeit bank notes counterfeit bank notes fake cheques fake cheques impersonation/masquerading impersonation/masquerading to gain access to data, services etc to gain access to data, services etc It takes place when one entity pretends to be a different entity. Example: by capturing authentication sequences and replaying them It takes place when one entity pretends to be a different entity. Example: by capturing authentication sequences and replaying them

28 28 Replay attacks Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. The attacker records a valid transaction and plays it back again later. Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. The attacker records a valid transaction and plays it back again later. Most often when a same shared key is used between two peers Most often when a same shared key is used between two peers Defending against replay attacks is possible but painful as it requires maintenance of state Defending against replay attacks is possible but painful as it requires maintenance of state

29 29 Man-in-the-middle attack Is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. Is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. MITM attacks on SSL: MITM attacks on SSL: Alice  attacker  real site Alice  attacker  real site Mafia in the Middle attack Mafia in the Middle attack Alice  coffee  Jewelry Alice  coffee  Jewelry

30 30 Modification of message Some portion of a legitimate message is altered, or that message is delayed or altered to produce an unauthorized effect Some portion of a legitimate message is altered, or that message is delayed or altered to produce an unauthorized effect

31 31 How to defeat these attacks? illegal interception traffic analysis denial of service un-authorised modification impersonation re-play man-in-the- middle secrecy integrity authentication mix other mechanisms authorization

32 32 Key escrow for law enforcement Law enforcement would like to preserve its ability to wiretap otherwise secure communication Law enforcement would like to preserve its ability to wiretap otherwise secure communication Government wants to wiretap all the time, so it must prevent use of encryption, break the codes used for encryption, or somehow learn everyone’s cryptographic key Government wants to wiretap all the time, so it must prevent use of encryption, break the codes used for encryption, or somehow learn everyone’s cryptographic key Clipper proposal attempted the 3 rd option (encryption is done with Clipper chip—unique key) Clipper proposal attempted the 3 rd option (encryption is done with Clipper chip—unique key) At present, government is giving up the control of cryptography At present, government is giving up the control of cryptography

33 33 Key escrow for careless users It is prudent to keep your key in a safe place It is prudent to keep your key in a safe place Where? Where? Do you trust the unique key bank? Do you trust the unique key bank? Split your keys and deposit in several independent places Split your keys and deposit in several independent places

34 34 Digital Pest: Virus, Worms, Trojan Horses No need to distinguish them.. But.. Trojan horses: instructions hidden in a useful code Trojan horses: instructions hidden in a useful code Virus: when executed, insert a copy in other codes Virus: when executed, insert a copy in other codes Worm: self-replicating code Worm: self-replicating code Trap (back)-door: undocumented entry point Trap (back)-door: undocumented entry point Logic bomb: malicious instruction which triggers on some event, such as a particular time occuring Logic bomb: malicious instruction which triggers on some event, such as a particular time occuring Zombie: malicious code installed on a system that can be remotely triggered to do bad things Zombie: malicious code installed on a system that can be remotely triggered to do bad things

35 35 More on Digital Pest Is it possible to detect a digital pest in a program?– One of the famous results in computer science is that it is impossible to be able to tell what an arbitrary program will do by looking at it!– In fact it is impossible in general to discern any nontrivial property of a program by looking at it (e.g. if the program will halt) Is it possible to detect a digital pest in a program?– One of the famous results in computer science is that it is impossible to be able to tell what an arbitrary program will do by looking at it!– In fact it is impossible in general to discern any nontrivial property of a program by looking at it (e.g. if the program will halt) Anyway, nobody looks– Open source can help: maybe someone else will look! Anyway, nobody looks– Open source can help: maybe someone else will look! A virus can be installed in any program as follows:– Replace any instruction, say the instruction at location x, by a jump to some free space in memory, say location y; then– Write the virus program starting at location y; then– Place the instruction that was originally at location x at the end of the virus program, followed by a jump to x+1 A virus can be installed in any program as follows:– Replace any instruction, say the instruction at location x, by a jump to some free space in memory, say location y; then– Write the virus program starting at location y; then– Place the instruction that was originally at location x at the end of the virus program, followed by a jump to x+1 Replication– Besides the delayed planned damage, the virus replicates itself silently.– If it did not wait before damaging the infected system, it would not spread as far! Replication– Besides the delayed planned damage, the virus replicates itself silently.– If it did not wait before damaging the infected system, it would not spread as far!

36 36 Where do they come from ? Commercial package: malicious employee? Infected before shipping?... Commercial package: malicious employee? Infected before shipping?... s s Floppy disk boot Floppy disk boot CDROM start-up execution CDROM start-up execution Spreading from machine to machine (scripts…guessing passwords automatically...) Spreading from machine to machine (scripts…guessing passwords automatically...)

37 37 Virus Checker Check the instruction sequences for lots of types of viruses (virus patterns) Check the instruction sequences for lots of types of viruses (virus patterns) Smart virus changes its form each time (polymorphic virus), more work for virus checker to detect but still possible Smart virus changes its form each time (polymorphic virus), more work for virus checker to detect but still possible Using snapshots of the files (not useful for some kinds of code) Using snapshots of the files (not useful for some kinds of code)

38 38 Best practices No perfect virus checker No perfect virus checker Some precautions: Some precautions: Do not run software from unknown sources Do not run software from unknown sources Frequently run virus checkers Frequently run virus checkers Run code in the most restricted environments Run code in the most restricted environments When system tells you something is dangerous, do not try it When system tells you something is dangerous, do not try it Do frequent backups Do frequent backups Do not boot off floppies, do not insert suspicious CDs into CDROM Do not boot off floppies, do not insert suspicious CDs into CDROM

39 39 Best Practices: How to protect a machine Three key items would increase the security of a system and protect it from attacks: Three key items would increase the security of a system and protect it from attacks: 1. Install critical security updates / patches for the Operating System and services / programs running on the machine as soon as they become available (with Microsoft platform, sign up for Automatic Windows Updates). Those will patch backdoors, and design flows/security vulnerabilities which can be exploit. 2. Install an Antivirus Software, and ensure it updates itself properly / constantly with latest virus definitions 3. Install a firewall: as most attacks will come from the network, closing unused ports would substantially decreases chances of successful attack.

40 40 Authentication and authorization In a network application, the first question is “who you are?” then “what you are allowed to do?” In a network application, the first question is “who you are?” then “what you are allowed to do?” Authentication proves who you are and authorization defines what you can do Authentication proves who you are and authorization defines what you can do Access Control Lists (ACL)—database listing who can access a certain objects Access Control Lists (ACL)—database listing who can access a certain objects Capability Model—database listing what each user can do Capability Model—database listing what each user can do

41 41 Access Control Lists S\O Operating system Accounts program Accounti ng data Audit trail Samrwxrwxrwr Alicexxrw- Bobrxrrr

42 42 Discretionary and Nondiscretionary Access Controls (DAC & MAC) Discretionary means that someone who owns a resource can make a decision as to who is allowed to use (access) it Discretionary means that someone who owns a resource can make a decision as to who is allowed to use (access) it Nondiscretionary (mandatory) access controls enforce a policy where users might be allowed to use information themselves but might not be allowed to make copy of it available to someone else (even the owner cannot change the attribute of a data file) Nondiscretionary (mandatory) access controls enforce a policy where users might be allowed to use information themselves but might not be allowed to make copy of it available to someone else (even the owner cannot change the attribute of a data file)

43 43 Philosophy behind these access controls Discretionary controls: users and programs are good guys, OS decide how to protect each user’s data Discretionary controls: users and programs are good guys, OS decide how to protect each user’s data Nondiscretionary: users are careless, programs may be infected. Careless users may type a wrong command and attach a secret file to an sent to the public world. The information should be confined in a security perimeter Nondiscretionary: users are careless, programs may be infected. Careless users may type a wrong command and attach a secret file to an sent to the public world. The information should be confined in a security perimeter

44 44 Multi-level model of security Security labels: Security labels: Both subjects and objects have security labels Both subjects and objects have security labels Only subjects with the proper clearance (security label) can see the objects with the same or lower level of security labels Only subjects with the proper clearance (security label) can see the objects with the same or lower level of security labels TOP SECRET SECRET CONFIDENTIAL OPEN

45 45 Information Flow control Bell LaPadula (BLP) model Bell LaPadula (BLP) model Simple security property: no read up Simple security property: no read up *-property: no write down *-property: no write down

46 46 Covert channels A covert channel is a method for a Trojan horse to circumvent the automatic confinement of information within a security perimeter (Assume the Trojan horse program has not enough privileges to directly send confidential data outside the system) A covert channel is a method for a Trojan horse to circumvent the automatic confinement of information within a security perimeter (Assume the Trojan horse program has not enough privileges to directly send confidential data outside the system) Example: OS enforce the multilevel security. A bad guy tricked a “TOP SECRET” guy to run a Trojan horse. Example: OS enforce the multilevel security. A bad guy tricked a “TOP SECRET” guy to run a Trojan horse.

47 47 Covert channels (cont.) The timing channel – The Trojan horse program alternately loops and waits, in cycles of, say one minute per bit (of the confidential data). When the bit is 1: the program loops for one minute. When the bit is 0: the program waits for a minute. Another program running on the same computer (but without access to the sensitive data) constantly tests the loading of the Trojan horse. The timing channel – The Trojan horse program alternately loops and waits, in cycles of, say one minute per bit (of the confidential data). When the bit is 1: the program loops for one minute. When the bit is 0: the program waits for a minute. Another program running on the same computer (but without access to the sensitive data) constantly tests the loading of the Trojan horse. The storage channel – The Trojan horse program loads a (printer) queue to represent a 1, and delete its jobs to represent a 0. Easy to check the queue status and get the information. The storage channel – The Trojan horse program loads a (printer) queue to represent a 1, and delete its jobs to represent a 0. Easy to check the queue status and get the information. The error channel – The Trojan horse program creates a file to represent a 1, and delete it to represent a 0. The external process tries to read the file: since different error messages are reported when the file exists (but its access is not permitted) or when the file does not exist, which are used to distinguish between the 0's and 1's. The error channel – The Trojan horse program creates a file to represent a 1, and delete it to represent a 0. The external process tries to read the file: since different error messages are reported when the file exists (but its access is not permitted) or when the file does not exist, which are used to distinguish between the 0's and 1's.

48 48 The Orange Book The National Computer Security Center (NCSC) published an official standard called “Trusted Computer System Evaluation Criteria” (the Orange Book) which defines a series of ratings a computer system can have based on its security features and the care that went into its design, documentation, and testing The National Computer Security Center (NCSC) published an official standard called “Trusted Computer System Evaluation Criteria” (the Orange Book) which defines a series of ratings a computer system can have based on its security features and the care that went into its design, documentation, and testing

49 49 Orange book (cont.) System certification System certification D—minimal protection D—minimal protection C1—DAC C1—DAC C2---per-user access control, auditing C2---per-user access control, auditing B1---security label (MAC) B1---security label (MAC) B2---trusted path, security kernel B2---trusted path, security kernel B3---negative ACLs, secure crash recovery B3---negative ACLs, secure crash recovery A1---verified design A1---verified design


Download ppt "System and Network Security Overview. 2 What is network security about ? It is about secure communication It is about secure communication What do we."

Similar presentations


Ads by Google