Networks and Security Monday, 10 th Week

Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing  Spyware  Denial of Service Attacks  Cookies  Spam

Viruses and Worms  Virus – a program that can spread to computer to computer by replicating itself –Often malicious –Generally associated with some host program, spreads along with the host.  Worm – Similar to a virus, but able to actively propagate itself without piggy- backing on a host.

Common Virus Types  Macro Virus – a virus written in the macro language of a program such as Microsoft word.  Virus – a virus that disguises itself as a benign attachment. –Spreads by ing copies of itself when the attachment is executed

Trojan Horse  Malicious program disguised as something else.

Phishing Schemes  Trick users into giving up passwords and other personal information.  Often replicate trusted corporate web-sites.  E.g. set up to look exactly like a visa credit card site.

Spyware  Software that collects information about you. –Web browsing habits. –Passwords and account information.  May be installed –by worms, viruses –Through security holes in browsers –Along with other software

Denial of Service Attacks  Deluge a web server with meaningless requests.  In a distributed DOS many computers attack at once.  This is accomplished by using personal computers infected with viruses.  IP spoofing – hide the true origin of packets.

Cookies  Intended to make web browsers more useful by allowing sites to store a small amount of information on your computer.  Can also be used to track you while browsing.

Spam  You know what spam is…

Network Security – Intranets and LANs  Network admin creates groups and assigns privileges to each group.  Admin assigns user names to each group.  Highest privilege – administrator group.  Lowest privilege – may just have access to shared network drive, a few printers and .  Discovering user name and password of user in low-level group does not gain much access to the entire network.

Physical Security  Attach system to desk with cable & lock, record serial numbers, attach identifying tag/inscribe name inside case.  Backup files, store in another location.  Controlling access with username & password, biometric devices, or object possession (cards with magnetic strips, devices with antennas and microchips).

Security – Internet Connections Methods for blocking intruders from network or individual computers:  Firewall  Proxy server  Browser security settings  Automatic operating system updates

Security – Internet Connections Methods for blocking intruders:  Firewall

Firewalls  A firewall is software or hardware that monitors and controls data flowing between computers.  Why is it called a firewall?  Firewalls have a set of adjustable filters that detect and block certain types of activities.  Network admins typically configure the firewall to allow only one computer (called a gateway) on the network to interact with the Internet.  Firewalls can control TCP/IP, HTTP, FTP, Telnet, SMTP, and other protocols.

Proxy Servers  A proxy server is software that acts as a go-between for computers on the network and Internet web pages. It: 1. Keeps a cache of recently downloaded web pages for quick access. 2. Makes a log of all traffic between user and Internet to help detect and trace attacks.

Browser Security Settings  Browsers have certain security settings that can block certain features that pose security risks. Some of these are: 1. Disable Java or ActiveX applets in web pages. 2. Prevent web pages from storing cookies. Unfortunately, high security settings sometimes disable user-friendly features of some web pages.

Take 10 minutes or so to examine browser settings on lab computers.

Encrypted Communications Kinds of messages we might send/receive:  HTTP requests / responses   Instant Messages  Telnet sessions  Transactions (shopping, etc.)

Privacy  Any machine (router) along the path of the message can read it. –Message more like a postcard than a letter  Is this good??? –Of course not!  What can we do??? –Encrypt the messages

Encryption/Cryptography  Need to figure out a way so that ONLY the recipient can read the message.  Most common techniques today: symmetric key encryption, public key encryption

Symmetric Key Encryption  A key is a binary number, typically 40 – 128 bits long.  Use a specific algorithm to combine the key with the message (already translated into binary) to produce an encrypted message.  The same key is used to decrypt the message.  Method is fast, but sender and receiver must have the key – how can the key be passed safely?

Public Key Encryption  Each person has a public key and a private key  The two keys ‘un-do’ each other: –Encrypt with public key, decrypt with private key  Public keys are publicly available on Key Servers (anyone can see / get them)  This method is slower, but more secure than symmetric key.

Combination of Symmetric and Public Key Encryption  Sender encrypts message using symmetric key  Sender encrypts symmetric key with the public key of the receiver.  Send encrypted key to receiver.  Receiver uses private key to decrypt symmetric key.  Receiver uses symmetric key to decrypt message.

Certificate Authority  How do you obtain someone’s public key?  Refer to a Certificate Authority (CA) – a trusted source that maintains a database of user names and their public keys. (similar to a DMV)  The CA may be used to identify merchants when making online purchases, or to verify contents of important documents and their senders.  VeriSign is a CA, charges about $15/year for generating & maintaining public/private key pairs.

How does encryption address security concerns? 4 main communication security concerns:  Eavesdropping: If a message is encrypted, it is unreadable by eavesdroppers without a key  Spoofing: Sender uses his or her private key to encrypt part of the message. Receiver uses sender’s public key to decrypt that part – if it decrypts, it confirms sender’s identity.

Encryption & Security Concerns cont.  Misrepresentation: Obtain a business’s public key from a CA and encrypt your message. Only the business identified by CA can decrypt the message.  Tampering: Use symmetric key encryption – Word & Excel can encrypt a file and require a password to decrypt it. (Password is used in making the symmetric key.) Weakness? More secure – using a digital signature.

Digital Signatures  To create a digital signature, the message is first processed by some algorithm to produce a single number (a 1-way hash).  This algorithm and the 1-way hash are then encrypted with the private key to produce the digital signature.  The message and digital signature are then transmitted.

Digital Signatures, cont.  The recipient uses the public key to decrypt the hash and its algorithm.  The recipient uses the algorithm and the transmitted message to produce a new hash. If this new hash matches the decrypted hash, recipient knows the message was not altered.