Security Credit: most slides from Forouzan, TCP/IP protocol suit

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.
Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following:  Describe the different types of.
Security+ Guide to Network Security Fundamentals, Third Edition
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Threats To A Computer Network
TCP/IP Protocol Suite 1 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Security+ Guide to Network Security Fundamentals, Third Edition
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017
Chapter Nine Maintaining a Computer Part III: Malware.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Desktop Security After completing this lesson, you should be able to do the following: Describe the different types of software and hardware attacks List.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Cryptography, Authentication and Digital Signatures
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Types of Electronic Infection
.  At least one in ten web pages are booby-trapped with malware  Just viewing an infected Web page installs malware on your computer, if your operating.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Topic 5: Basic Security.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Chapter 40 Internet Security.
Instructor Materials Chapter 7 Network Security
Security+ Guide to Network Security Fundamentals, Third Edition
Presentation transcript:

Security Credit: most slides from Forouzan, TCP/IP protocol suit Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit TCP/IP Protocol Suite

Criminal Expoits and Attacks Phishing: Masquerading as a well-known site to obtain a user’ personal info. Denial of Service: Intentionally blocking a site to prevent business activities. Loss of control: an intruder gains control of a system. Loss of data: Steal or delete. TCP/IP Protocol Suite

Attacks Software Based Attackes Hardware Based Attacks Malware – Malicious software – damaging or annoying software. Viruses or worms. Hardware Based Attacks Bios, USB devices, NAS, Cell phones Attacks on Virtualized Systems

Software based attacks: Viruses Attaches to a legitimate software (carrier, a program or document) and then replicates through other programs, devices, emails, instant messaging, etc. Computer crashes, destruction of HD, fill up HD, Reduce security settings allowing others to come in, reformat HD, etc. File infecting virus attaches to executables (such as cascade virus), resident virus loaded into RAM (such as Randex, Meve, MrKlunky), Boot virus infects MBR (Polyboot.B , AntiEXE), companion virus adds program to OS replacing legitimate OS programs (Stator, Asimove.1539), Macro virus written in any macro scripting (Melissa.A, Bablas.Pc). Polymorphic virus changes itself to avoid detection

Worms Stand alone programs Takes advantage of the OS/application vulnerabilities. Worms uses networks to send copies of itself slowing down networks. While virus requires user action to start an infected program, worms do not (can start executing itself). Worms as they travel through internet can leave a payload behind on each system which can delete files or allow remote controlling of the system.

Concealing malware Trojan horses, rootkits, logic bombs and privilege escalation.

Trojan Horse Installed with the knowledge of the user. A program advertised as a utility but actually does something else (screen saver, calendar, player, etc.). These programs may do a legitimate activity, but also might capture credit card info, etc and send it.

Rootkits Programs installed on computers that takes control of certain aspects of the computer by replacing OS utilities. Sony installed a program on their CDs (2005) preventing copying of the CD by operating system routines. Others used this idea and created their own, or added features to Sony’s program. Rootkits do not spread themselves. Very difficult to remove from HD. Boot from another device and see if problems disappear.

Logic Bombs Lies Dormant until triggered by an event such as a date, person fired, etc. Usually done by employees. Very difficult to discover before triggered. Embedded in large programs.

Privilege Escalation Either change own privilege to higher level, or use another employees higher privilege. Done by exploiting vulnerabilities of OS.

Malware for profit Spam, spyware and botnets Spam Waste of time, checking and deleting. Email lists are sold by many ISPs, and other sites.

Spyware Tracking software installed without the knowledge of the user. Advertises and Collects and distributes personal information. Harder to detect and remove than viruses. Causes the computer to slow down, freezes up, new browser toolbars or menus installed, hijacked homepage and increased popups. Adware – a software that delivers advertising for gambling sites or pornography. Keeps track of browsing behavior and reports to give specific pop-ups for merchandize. Keyloggers. A small hardware attached to the keyboard interface or a resident software that monitors and logs each keystroke.

Botnets Programs that render your computer to be controlled remotely. The computer is called a zombie. Thousands of zombie computers under the control of a single attacker is called a botnet. Attackers use internet relay chat (IRC) to remotely control the zombies. Zombies are used for spamming, spreading malware, denying services, etc.

Hardware based attacks BIOS BIOS can be flashed with viruses or rootkits. Flashing the bios can render the computer useless until it is replaced. You can write protect BIOS to prevent this from happening. USB devices NAS and SANs can get all malware discussed. Cell phones – infected messages, launch attacks, make calls, etc.

Attacks on Virtualized systems Operating system virtualization with virtual machine Storage virtualization Multiple os on the same machine. However, existing anti virus/spam software do not work. Additional concern – one existing virtual machine may infect another. Protection approaches: Hypervisor-runs on the physical machine and manages the virtual machines. Run security software such as a firewall on the physical machine

Techniques used Wiretapping Replay – sending packets captured from previous session such as username and password. Buffer overflow: sending more data than receiver expects, thereby storing values in memory buffer. Address spoofing. Faking IP source address Name spoofing. Misspelling of a well-known name or poisoning name server. SYN flood – sending stream of TCP SYN Key breaking – guessing password Port Scanning – to find vulnerability Packet Interception – man in the middle attack. TCP/IP Protocol Suite

Security Techniques Hardening Operating system Encryption Digital Signatures Firewall Intrusion detection systems Packet inspection and content scanning VPN TCP/IP Protocol Suite

Hardening Operating System 3 pronged approach: operating system updates, Protect against buffer overflows, configuring operating system protections

Operating System updates Security Patch: Covers discovered Vulnerabilities Turn on automatic updates Hotfix – specific to a customer situation Service Pack – Cumulative security patches and other software updates. Designate one server within your organization as the patch update service

Buffer Overflow Protection Corrupts system memory and causes freezing May change the return address (from a routine) to a different one where the malware is residing. Programmers should write defensive programming. Show the textbook to the students. For windows based programming use: Data execution prevention(DEP) and Address Space Layout Randomization (ASLR)

Defensive programming Microsoft environment Data Execution Prevention (DEP) DEP is available in VISTA and beyond Designated memory only to hold data not code (No eXecute NX bit associated with the memory). Buffer overflow redirection would not work within a NX memory. Programmers can turn on this feature. Address Space Randomization (ASLR). Each time Vista.. Is rebooted .EXE and .DLL are loaded randomly into 256 possible locations. Attackers find it difficult to work with unpredictable code locations.

Configuring Operating System Protection Security Policy A document that clearly defines the defense mechanisms an organization will employ in order to keep information secure. Configuration baseline – permissions on files, registry permissions, logins, authentications, etc. You may want to create a Security template to handle it. Deployment – individually or by group policy

Preventing Attacks that Target Web browser Attacks through cookies, scripts, Java, ActiveX and cross-site scripting.

Cookies information about visits saved on user’s computer. First party cookie is created by the site that the user is currently viewing. Third-party cookies are cookies created by some one else is accessed in a current visit to a different site. Cookies do not present a security threat, but is a privacy risk. Track browsing habits, etc. Also provides IP address.

Scripts (Java, VB, etc.) Web pages containing scripts download the scripts to the computer and is executed. The program can send information about the user to a host. Scripts can’t access files on the computer, so limited risk exists.

Java Java can create applets that run on local computers. Defense against hostile jave applets is a Sandbox (a fence). Unsigned java applet does not come from a trusted source and must be run within the sandbox and gives warning to the users. If users do not read the message, or understand the risk, it can cause serious trouble. Sandbox warnings are given at the bottom left. Signed java applets are from trusted sources and have not been altered.

ActiveX – Add-ons framework for defining reusable software components (known as controls) that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language. A software application can then be formed from one or more of these components in order to provide its functionality. They do not run in a sandbox. It can do anything on the computer such as creating, modifying and deleting files. A signed ActiveX control is generally safe. Unsigned is riskier.

Cross Site Scripting (XSS) Scripts that extract information from victim and pass it to the attacker. Changes contents of dynamic websites and injects a script into it that asks for personal information through input validation. A web site that displays bad login screens with login name is a good one for these types of attacks. It could send a URL to click

SMTP Open Relays A user can set up a email receiving address and a sending address. Usually they are the same like pop.dia.sbc.net and smtp.dia.sbc.net. Some smpt servers are configured to sned mail through other domains (known as relays). An attacker can send spam through such relays without getting caught.

Instant Messaging Once a user signs up with the instan message server, the client’s IP and port is sent to all buddies and communication can take place directly. With direct connection virus and worms can be spread. Attacker can also view contents of messages.

Peer-to peer All types of attacks can take place through P2P networks. BitTorrent is more secure than P2P. However, both can be used to download illegal software or music.

Defenses Antivirus – always a step behind, update with definition files. Pop-up blockers. Now incorporated into the browser. Anti-spam. Spam filter with smtp server. Install spam filter with pop3 Personal firewals. Host Intrusion Detection systems (HIDS) monitoring files systems and logfiles.

28.1 CRYPTOGRAPHY The word cryptography in Greek means “secret writing.” The term today refers to the science and art of transforming messages to make them secure and immune to attacks. The topics discussed in this section include: Symmetric-Key Cryptography Asymmetric-Key Cryptography Comparison TCP/IP Protocol Suite

Figure 28.1 Cryptography components TCP/IP Protocol Suite

Note: In cryptography, the encryption/decryption algorithms are public; the keys are secret. TCP/IP Protocol Suite

Note: In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. TCP/IP Protocol Suite

Figure 28.2 Symmetric-key cryptography TCP/IP Protocol Suite

Note: In symmetric-key cryptography, the same key is used in both directions. TCP/IP Protocol Suite

Figure 28.3 Caesar cipher TCP/IP Protocol Suite

Figure 28.4 Transpositional cipher TCP/IP Protocol Suite

Data encryption Standard (DES) Is a block cipher Takes 64-bit plaintext and creates a 64-bit ciphertext. The cipher key is a 56-bit key. It uses 16 rounds, each round mixes and swapps (left half with right half) TCP/IP Protocol Suite

Figure 28.5 DES (Data Encryption Standard) TCP/IP Protocol Suite

Note: The DES cipher uses the same concept as the Caesar cipher, but the encryption/ decryption algorithm is much more complex. TCP/IP Protocol Suite

Asymmetric-key ciphers The secret key is personal and unshared. Symmetric key scheme would require n(n-1)/2 keys, for a million people it would require half a billion shared secret keys. Whereas, in asymmetric scheme we would only require a million secret keys. Asymmetric ciphers use two keys, private and public. Asymmetric is much slower. Both symmetric and asymmetric can be used if need to be. Think: if you want to send a secret symmetric key, you can use asymmetric. TCP/IP Protocol Suite

Protocols IPSec (internet Security Protocol) operates in the network layer. Used in VPN. IP sec supports Authentication Header (AH) protocal and Encapsulation Security Payload (ESP) protocol The SSL (Secure Socket Layer) protocol serves as a security for transferring encrypted data. WEP (Wired Equivalent Privacy) standard. Data stream is encrypted with RC4 algorithm. RC4 is simple, it is not very secure. WPA (Wi-Fi Protected Access) specification and AES (Advanced Encryption standard) I more secure for encrypting wireless data. TCP/IP Protocol Suite

Figure 28.8 Public-key cryptography TCP/IP Protocol Suite

Symmetric-key cryptography is often used for long messages. Note: Symmetric-key cryptography is often used for long messages. TCP/IP Protocol Suite

Asymmetric-key algorithms are more efficient for short messages. Note: Asymmetric-key algorithms are more efficient for short messages. TCP/IP Protocol Suite

Note: Digital signature can provide authentication, integrity, and nonrepudiation for a message. TCP/IP Protocol Suite

28.3 DIGITAL SIGNATURE Digital signature can provide authentication, integrity, and nonrepudiation for a message. The topics discussed in this section include: Signing the Whole Document Signing the Digest TCP/IP Protocol Suite

Figure 28.12 Signing the whole document TCP/IP Protocol Suite

Note: Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. TCP/IP Protocol Suite

Figure 28.13 Hash function TCP/IP Protocol Suite

Figure 28.14 Sender site TCP/IP Protocol Suite

Figure 28.15 Receiver site The digest is much shorter than the message. The message itself may not lend itself to asymmetric cryptography because it is too long. TCP/IP Protocol Suite

Hash functions Message of arbitrary length is made into a fixed length message. MD2, MD4, MD5 SHA (Secure Hash Algorithm) developed by NIST. TCP/IP Protocol Suite

Non-repudiation If alice signs a message then denies it, the message can be verified. That means we have to keep the messages. A trusted center can be created. Alice send the digitally signed message to the trusted center who verifies it, saves a copy of the message, recreates the message with its own signature and send to bob. Bob can verify the trusted center’s public key. TCP/IP Protocol Suite

28.5 KEY MANAGEMENT In this section we explain how symmetric keys are distributed and how public keys are certified. The topics discussed in this section include: Symmetric-Key Distribution Public-Key Certification Kerberos TCP/IP Protocol Suite

Note: A symmetric key between two parties is useful if it is used only once; it must be created for one session and destroyed when the session is over. TCP/IP Protocol Suite

Figure 28.19 Diffie-Hellman method TCP/IP Protocol Suite

Note: The symmetric (shared) key in the Diffie-Hellman protocol is K = G xy mod N. TCP/IP Protocol Suite

Example 1 Let us give an example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume G = 7 and N = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21. 2. Alice sends the number 21 to Bob. 3. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4. 4. Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 43 mod 23 = 18. 6. Bob calculates the symmetric key K = 216 mod 23 = 18. The value of K is the same for both Alice and Bob; G xy mod N = 718 mod 23 = 18. TCP/IP Protocol Suite

Figure 28.20 Man-in-the-middle attack TCP/IP Protocol Suite

Figure 28.21 First approach using KDC TCP/IP Protocol Suite

Figure 28.22 Needham-Schroeder protocol TCP/IP Protocol Suite

Figure 28.23 Otway-Rees protocol TCP/IP Protocol Suite

Note: In public-key cryptography, everyone has access to everyone’s public key. TCP/IP Protocol Suite

Table 28.1 X.509 fields TCP/IP Protocol Suite

Figure 28.24 PKI hierarchy TCP/IP Protocol Suite

Figure 28.25 Kerberos servers TCP/IP Protocol Suite

Figure 28.26 Kerberos example TCP/IP Protocol Suite

28.6 SECURITY IN THE INTERNET In this section we discuss a security method for each of the top 3 layers of the Internet model. At the IP level we discuss a protocol called IPSec; at the transport layer we discuss a protocol that “glues” a new layer to the transport layer; at the application layer we discuss a security method called PGP. The topics discussed in this section include: IP Level Security: IPSec Transport Layer Security Application Layer Security: PGP TCP/IP Protocol Suite

Figure 28.27 Transport mode TCP/IP Protocol Suite

Figure 28.28 Tunnel mode TCP/IP Protocol Suite

Figure 28.29 AH TCP/IP Protocol Suite

Note: The AH protocol provides message authentication and integrity, but not privacy. TCP/IP Protocol Suite

Figure 28.30 ESP TCP/IP Protocol Suite

ESP provides message authentication, integrity, and privacy. Note: ESP provides message authentication, integrity, and privacy. TCP/IP Protocol Suite

Figure 28.31 Position of TLS TCP/IP Protocol Suite

Figure 28.32 TLS layers TCP/IP Protocol Suite

Figure 28.33 Handshake protocol TCP/IP Protocol Suite

Figure 28.34 Record Protocol TCP/IP Protocol Suite

Figure 28.35 PGP at the sender site TCP/IP Protocol Suite

Figure 28.36 PGP at the receiver site TCP/IP Protocol Suite

28.7 FIREWALLS A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. The topics discussed in this section include: Packet-Filter Firewall Proxy Firewall TCP/IP Protocol Suite

Figure 28.37 Firewall TCP/IP Protocol Suite

Figure 28.38 Packet-filter firewall TCP/IP Protocol Suite

A packet-filter firewall filters at the network or transport layer. Note: A packet-filter firewall filters at the network or transport layer. TCP/IP Protocol Suite

Figure 28.39 Proxy firewall TCP/IP Protocol Suite

A proxy firewall filters at the application layer. Note: A proxy firewall filters at the application layer. TCP/IP Protocol Suite

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.