Presentation is loading. Please wait.

Presentation is loading. Please wait.

System and Network Security Overview

Similar presentations

Presentation on theme: "System and Network Security Overview"— Presentation transcript:

1 System and Network Security Overview

2 What is network security about ?
It is about secure communication What do we mean by secure communication? Everything is connected by the Internet We will often use Alice and Bob Alice is on a vacation and wants to send a command to her assistant—Bob—or just a computer to control the nuclear power plant, how can she do that?

3 What is it about ? There are eavesdroppers that can listen on the communication channels Information needs to be forwarded through packet switches, and these switches can be reprogrammed to listen to or modify data in transit Is it hopeless for Alice?

4 Other examples Alice sends Bob some sensitive information via Internet
Network manager remotely changes some Access Control Lists (intercepts, impersonation) On-line stock trading, customer denies that she has sent the order

5 Cryptography Cryptography allows us to disguise data so that eavesdroppers gain no information from listening Cryptography also allows us to create unforgettable message and detect if it has been modified in transit: a digital signature is often used for this purpose—a magic number

6 Network/System Security Overview
Cryptography Secret key cryptography Modes of operation Hashes and message digest Public key cryptography Some number theory, AES and elliptic curve cryptography Authentication How can Alice prove that she is Alice on networks? Standards Kerberos, PKI, IPSec, SSL The underlying philosophy for these standards, that is, intuition behind various choices, design decisions, and flaws in these standards security Firewalls and secure systems

7 Two kinds of security Computer security Network security

8 Vulnerabilities of comp sys
attacks on hardware attacks on software deletion, modification (Trojan horse, trapdoor/backdoor, covert channel), infection through computer virus, theft, copying attacks on data compromising secrecy & integrity attacks on other resources storage media, time, key people

9 Computer security The goal is to protect data and resources
How to design security mechanisms? Cost/benefits Threat model Trust model Available tools Where to use security tool Security is not only about cryptography Identify the weakest point

10 Failures of security mechanisms
Failure to understand the threat model Failure to understand what a mechanism protects against and what it does not Bad design Implementation fault Misconfiguration Bad interaction with other parts Bad user interface

11 Network security Security of data in transit Security of data at rest

12 Importance of network security
Increasing large deployment of networked computers Sensitive information/resources are coming online Personal information Financial services Military Infrastructure Large number of users, large amounts of money

13 OSI Reference Model

14 Most mentioned network terms
IP, UDP, TCP Directory services Packet switching Alice Trudy Bob R4 R1 R6 R2 R5 Token ring R3

15 Differences from systems security
Attacks come from anywhere, at any time Highly automated attacks (script kiddies) Physical security measures are inadequate Wide variety of applications, services, protocols No single authority/administrator

16 Reactions to Information Security
Active research in security & privacy (numerous conferences each year) New laws Education Collaborations between governments, industries & academia Employment of computer security specialists

17 Methods of defence (1) modern cryptography software controls
encryption, authentication code, digital signature etc software controls standard development tools (design, code, test, maintain, etc) operating system controls internal program controls (eg. database) fire-walls

18 Methods of defence (2) hardware controls physical controls
security devices smart cards, ... SecureID physical controls locks, guards, backup of data & software, thick walls, ... security policies & procedures user education law

19 Introduction to Network Security

20 Intro Network Security
To assess the security needs of an organization effectively and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. One approach is to consider 3 aspects of information security: Security attack: any action that compromises the security of informationowned by an organization Security method: a mechanism that is designed to detect, prevent, orrecover from a security attack Security service: a service that enhances the security of the dataprocessing systems and the information transfers of an organization The services are intended to counter security attacks, and they make use of one or more security methods to provide the service

21 Classification of Security Services
Confidentiality – Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties Authentication – Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false Integrity – Ensures that only authorized parties are able to modify computer systems assets and transmitted information. Nonrepudiation– Requires that neither the sender nor the receiver of a message be able to deny the transmission (nonrepudiation with proof of origin/delivery) Access control (Authorization) – Requires that access to information resources may be controlled by or for the target system Availability – Requires that computer system assets be available to authorized parties when needed

22 Threats Passive attacks Active attacks Illegal interception (secrecy)
Traffic analysis Active attacks Denial of Service / Interruption (availability) Un-authorised modification (integrity) Fabrication (authenticity) Replay Man-in-the-middle attacks Modification of messages

23 Illegal Interception also called “un-authorised access”
difficult to detect it leaves no traces example: US military Tempest program measures how far away an intruder must be before eavesdropping is impossible. The movement of electron can be measured from a surprising distance (control zone)

24 Traffic analysis Military applications (spy identification)
Zeroknowledge Inc. (anonymous web browsing and private, encrypted, untraceable for customers stopped services) AT&T Crowds project (system for protecting your anonymity while you browse the web) Anonymizer Untraceable s: Mix by David Chaum

25 Denial of Service also called “Interruption”—recent example: DDoS, tool used in that DDoS trinoo information resources (hardware, software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction

26 Un-authorized Modification
un-authorised access & tampering with a resource (data, programs, hardware devices, copy of hand-written signature, etc.) Ex. some portion of a legitimate message is altered, or that message is delayed or altered to produce an unauthorized effect

27 Fabrication and Impersonation
fabricate counterfeit objects (data, programs, devices, etc) related examples: counterfeit bank notes fake cheques impersonation/masquerading to gain access to data, services etc It takes place when one entity pretends to be a different entity. Example: by capturing authentication sequences and replaying them

28 Replay attacks Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. The attacker records a valid transaction and plays it back again later. Most often when a same shared key is used between two peers Defending against replay attacks is possible but painful as it requires maintenance of state

29 Man-in-the-middle attack
Is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. MITM attacks on SSL: Alice attackerreal site Mafia in the Middle attack Alice  coffee Jewelry

30 Modification of message
Some portion of a legitimate message is altered, or that message is delayed or altered to produce an unauthorized effect

31 How to defeat these attacks?
illegal interception secrecy mix traffic analysis un-authorised modification integrity authentication impersonation authorization re-play man-in-the-middle other mechanisms denial of service

32 Key escrow for law enforcement
Law enforcement would like to preserve its ability to wiretap otherwise secure communication Government wants to wiretap all the time, so it must prevent use of encryption, break the codes used for encryption, or somehow learn everyone’s cryptographic key Clipper proposal attempted the 3rd option (encryption is done with Clipper chip—unique key) At present, government is giving up the control of cryptography

33 Key escrow for careless users
It is prudent to keep your key in a safe place Where? Do you trust the unique key bank? Split your keys and deposit in several independent places

34 Digital Pest: Virus, Worms, Trojan Horses
No need to distinguish them.. But.. Trojan horses: instructions hidden in a useful code Virus: when executed, insert a copy in other codes Worm: self-replicating code Trap (back)-door: undocumented entry point Logic bomb: malicious instruction which triggers on some event, such as a particular time occuring Zombie: malicious code installed on a system that can be remotely triggered to do bad things

35 More on Digital Pest Is it possible to detect a digital pest in a program?– One of the famous results in computer science is that it is impossible to be able to tell what an arbitrary program will do by looking at it!– In fact it is impossible in general to discern any nontrivial property of a program by looking at it (e.g. if the program will halt) Anyway, nobody looks– Open source can help: maybe someone else will look! A virus can be installed in any program as follows:– Replace any instruction, say the instruction at location x, by a jump to some free space in memory, say location y; then– Write the virus program starting at location y; then– Place the instruction that was originally at location x at the end of the virus program, followed by a jump to x+1 Replication– Besides the delayed planned damage, the virus replicates itself silently.– If it did not wait before damaging the infected system, it would not spread as far!

36 Where do they come from ? Commercial package: malicious employee? Infected before shipping?... s Floppy disk boot CDROM start-up execution Spreading from machine to machine (scripts…guessing passwords automatically...)

37 Virus Checker Check the instruction sequences for lots of types of viruses (virus patterns) Smart virus changes its form each time (polymorphic virus), more work for virus checker to detect but still possible Using snapshots of the files (not useful for some kinds of code)

38 Best practices No perfect virus checker Some precautions:
Do not run software from unknown sources Frequently run virus checkers Run code in the most restricted environments When system tells you something is dangerous, do not try it Do frequent backups Do not boot off floppies, do not insert suspicious CDs into CDROM

39 Best Practices: How to protect a machine
Three key items would increase the security of a system and protect it from attacks: Install critical security updates / patches for the Operating System and services / programs running on the machine as soon as they become available (with Microsoft platform, sign up for Automatic Windows Updates). Those will patch backdoors, and design flows/security vulnerabilities which can be exploit. Install an Antivirus Software, and ensure it updates itself properly / constantly with latest virus definitions Install a firewall: as most attacks will come from the network, closing unused ports would substantially decreases chances of successful attack.

40 Authentication and authorization
In a network application, the first question is “who you are?” then “what you are allowed to do?” Authentication proves who you are and authorization defines what you can do Access Control Lists (ACL)—database listing who can access a certain objects Capability Model—database listing what each user can do

41 Access Control Lists S\O Operating system Accounts program
Accounting data Audit trail Sam rwx rw r Alice x - Bob rx

42 Discretionary and Nondiscretionary Access Controls (DAC & MAC)
Discretionary means that someone who owns a resource can make a decision as to who is allowed to use (access) it Nondiscretionary (mandatory) access controls enforce a policy where users might be allowed to use information themselves but might not be allowed to make copy of it available to someone else (even the owner cannot change the attribute of a data file)

43 Philosophy behind these access controls
Discretionary controls: users and programs are good guys, OS decide how to protect each user’s data Nondiscretionary: users are careless, programs may be infected. Careless users may type a wrong command and attach a secret file to an sent to the public world. The information should be confined in a security perimeter

44 Multi-level model of security
Security labels: Both subjects and objects have security labels Only subjects with the proper clearance (security label) can see the objects with the same or lower level of security labels TOP SECRET SECRET CONFIDENTIAL OPEN

45 Information Flow control
Bell LaPadula (BLP) model Simple security property: no read up *-property: no write down

46 Covert channels A covert channel is a method for a Trojan horse to circumvent the automatic confinement of information within a security perimeter (Assume the Trojan horse program has not enough privileges to directly send confidential data outside the system) Example: OS enforce the multilevel security. A bad guy tricked a “TOP SECRET” guy to run a Trojan horse.

47 Covert channels (cont.)
The timing channel – The Trojan horse program alternately loops and waits, in cycles of, say one minute per bit (of the confidential data). When the bit is 1: the program loops for one minute. When the bit is 0: the program waits for a minute. Another program running on the same computer (but without access to the sensitive data) constantly tests the loading of the Trojan horse. The storage channel – The Trojan horse program loads a (printer) queue to represent a 1, and delete its jobs to represent a 0. Easy to check the queue status and get the information. The error channel – The Trojan horse program creates a file to represent a 1, and delete it to represent a 0. The external process tries to read the file: since different error messages are reported when the file exists (but its access is not permitted) or when the file does not exist, which are used to distinguish between the 0's and 1's.

48 The Orange Book The National Computer Security Center (NCSC) published an official standard called “Trusted Computer System Evaluation Criteria” (the Orange Book) which defines a series of ratings a computer system can have based on its security features and the care that went into its design, documentation, and testing

49 Orange book (cont.) System certification D—minimal protection C1—DAC
C2---per-user access control, auditing B1---security label (MAC) B2---trusted path, security kernel B3---negative ACLs, secure crash recovery A1---verified design

Download ppt "System and Network Security Overview"

Similar presentations

Ads by Google