Download presentation
Presentation is loading. Please wait.
1
Dan LI CS Department, Tsinghua University
Network Security Dan LI CS Department, Tsinghua University Today we’ll talk about Green Network. 2018/9/19
2
Today’s Lecture Overview of Network Security
Cryptographic hash functions User authentication SSL IPSec & IKE Distributed Denial of Service (DDoS) Firewall Reading List First, I will give an overview Network Security, then we will have a look at Cryptographic hash functions. After that, I will introduce User authentication, SSL, IPSec & IKE, DDOS and Firewall one by one. 2018/9/19
3
Motivation 2018/9/19
4
Excerpt From “General Terms of Use”
You acknowledge that neither wells fargo, its affiliates nor any of their respective employees, agents, third party content providers or licensors warrant that the services or the site will be uninterrupted or error free; nor do they make any warranty as to the results that may be obtained from use of the services or the site, or as to the timeliness, sequence, accuracy, reliability, completeness or content of any information, service, or merchandise provided through the services and the site. 2018/9/19
5
Privacy and Security 2018/9/19 Privacy policy for individuals
“As a Wells Fargo customer, your privacy and security always come first.” Privacy policy for individuals Online privacy policy Our commitment to online security Online and computer security tips How we protect you General terms of use 2018/9/19
6
What Do You Think What do you think should be included in “privacy and security” for an e-commerce website? So.., what do you think should be included in “privacy and security” for an e-commerce website? 2018/9/19
7
Desirable Security Properties
Authenticity Confidentiality Integrity Availability Accountability and non-repudiation Freshness Access control Privacy of collected information Integrity of routing and DNS infrastructure Here is the Desirable Security Properties: Authenticity Confidentiality Integrity Availability Accountability and non-repudiation Freshness Access control Privacy of collected information Integrity of routing and DNS infrastructure 2018/9/19
8
Peek at the Dark Side The only reason we will be learning about attack techniques is to build better defenses Don’t even think about using this knowledge to attack anyone 2018/9/19
9
What Drives the Attackers?
Put up a fake financial website, collect users’ logins and passwords, empty out their accounts Insert a hidden program into unsuspecting users’ computers, use them to spread spam Subvert copy protection, gain access to music and video files Here we have a look at what drives the attackers. Put up a fake financial website, collect users’ logins and passwords, empty out their accounts Insert a hidden program into unsuspecting users’ computers, use them to spread spam Subvert copy protection, gain access to music and video files 2018/9/19
10
What Drives the Attackers?
Stage denial of service attacks on websites, extort money Wreak havoc, achieve fame and glory in the blackhat community Moreover: Stage denial of service attacks on websites, extort money Wreak havoc, achieve fame and glory in the blackhat community 2018/9/19
11
Network Stack Only as secure as the single weakest layer…
Phishing attacks, usability people , Web, NFS Sendmail, FTP, NFS bugs, chosen-protocol and version-rollback attacks application RPC RPC worms, portmapper exploits session TCP SYN flooding, RIP attacks, sequence number prediction transport IP network IP smurfing and other address spoofing attacks Here we review the network stack. The network security is only as secure as the single weakest layer…… or interconnection between the layers 802.11 data link WEP attacks RF physical RF fingerprinting, DoS Only as secure as the single weakest layer… … or interconnection between the layers 2018/9/19
12
Network Defenses Password managers, People End uses company policies…
Implementations Systems Firewalls, intrusion detection… Protocols and policies Blueprints TLS, IPsec, access control… To make network secure, all defense mechanisms must work correctly and securely, otherwise, it may make the situation even worse…… People <-> Password managers, company policies Systems <-> Firewalls, intrusion detection Blueprints <-> TLS, Ipsec, access control Building blocks <-> RSA, DSS, SHA-1 Cryptographic primitives Building blocks RSA, DSS, SHA-1… 2018/9/19
13
Correctness versus Security
System correctness: system satisfies specification For reasonable input, get reasonable output System security: system properties preserved in face of attack For unreasonable input, output not completely disastrous Main difference: active interference from adversary Now, let’s have a look at correctness versus security. Modular design may increase vulnerability … Abstraction is difficult to achieve in security: what if the adversary operates below your level of abstraction? … but also increase security (small TCB) 2018/9/19
14
Bad News Security often not a primary consideration
Performance and usability take precedence Feature-rich systems may be poorly understood Implementations are buggy Buffer overflows are the “vulnerability of the decade” Cross-site scripting and other Web attacks Here is why we are now facing a not secure network: Security often not a primary consideration Performance and usability take precedence Feature-rich systems may be poorly understood Implementations are buggy Buffer overflows are the “vulnerability of the decade” Cross-site scripting and other Web attacks 2018/9/19
15
Bad News Networks are more open and accessible than ever
Increased exposure, easier to cover tracks Many attacks are not even technical in nature Phishing, impersonation, etc. And also: Networks are more open and accessible than ever Increased exposure, easier to cover tracks Many attacks are not even technical in nature Phishing, impersonation, etc. 2018/9/19
16
Better News There are a lot of defense mechanisms
We’ll study some, but by no means all, in this course It’s important to understand their limitations Many security holes are based on misunderstanding Security awareness and user “buy-in” help Other important factors: usability and economics But fortunately, we have some better news: “If you think cryptography will solve your problem, then you don’t understand cryptography… and you don’t understand your problem” -- Bruce Schneier 2018/9/19
17
Today’s Lecture Overview of Network Security
Cryptographic hash functions User authentication SSL IPSec & IKE Distributed Denial of Service (DDoS) Firewall Reading List Now, let’s have a look at Cryptographic hash functions. 2018/9/19
18
Communication on the Internet
network M Alice Bob Here is a picture illustrating the communication on the Internet. Alice and Bob are communicating via the Internet. The basic issue is: sending messages via untrusted intermediaries Web access, , remote login, file transfer… Learns M – attack on secrecy Changes M – attack on integrity 2018/9/19
19
Integrity vs. Secrecy Integrity: attacker cannot tamper with message
Encryption may not guarantee integrity! Intuition: attacker may able to modify message under encryption without learning what it is This is recognized by industry standards (e.g., PKCS) Many encryption schemes provide secrecy AND integrity Given one-time key K, encrypt M as MK… Perfect secrecy, but can easily change M under encryption to MM’ for any M’Online auction: halve competitor’s bid without learning its value “RSA encryption is intended primarily to provide confidentiality… It is not intended to provide integrity” 2018/9/19
20
More on Integrity BigFirm™ User
VIRUS badFile goodFile The Times hash(goodFile) BigFirm™ User Software manufacturer wants to ensure that the executable file is received by users without modification…Sends out the file to users and publishes its hash in NY Times. The goal is integrity, not secrecy The idea is: given goodFile and hash(goodFile), very hard to find badFile such that hash(goodFile)=hash(badFile Idea: given goodFile and hash(goodFile), very hard to find badFile such that hash(goodFile)=hash(badFile 2018/9/19
21
Authentication Identification and assurance of origin of information
network Authenticity is identification and assurance of origin of information We’ll see many specific examples in different scenarios Identification and assurance of origin of information 2018/9/19
22
Authentication with Shared Secrets
msg, H(SECRET,msg) Alice Bob Alice wants to ensure that nobody modifies message in transit(both integrity and authentication) The idea is: given msg, very hard to compute H(SECRET, msg) without SECRET; easy with SECRET Alice wants to ensure that nobody modifies message in transit (both integrity and authentication)
23
Hash Functions: Main Idea
Hash function H . message “message digest” x . y . . . x’’ y’ x’ bit strings of any length n-bit bit strings Here is the main idea of hash functions. H is a lossy compression function Collisions: h(x)=h(x’) for some inputs x, x’ Result of hashing should “look random” (make this precise later) Intuition: half of digest bits are “1”; any bit in digest is “1” half the time Cryptographic hash function needs a few properties… H is a lossy compression function Collisions: h(x)=h(x’) for some inputs x, x’ Result of hashing should “look random” (make this precise later) Intuition: half of digest bits are “1”; any bit in digest is “1” half the time Cryptographic hash function needs a few properties…
24
One-Way Intuition: hash should be hard to invert How hard?
“Preimage resistance” Let h(x’)=y{0,1}n for a random x’ Given y, it should be hard to find any x such that h(x)=y How hard? Brute-force: try every possible x, see if h(x)=y SHA-1 (common hash function) has 160-bit output Suppose have hardware that’ll do 230 trials a pop Assuming 234 trials per second, can do 289 trials per year Will take 271 years to invert SHA-1 on a random image One approach is one-way. The intuition is that: hash should be hard to invert! How hard will the hash be? SHA-1 (common hash function) has 160-bit output Suppose have hardware that’ll do 230 trials a pop Assuming 234 trials per second, can do 289 trials per year Will take 271 years to invert SHA-1 on a random image
25
“Birthday Paradox” T people
Suppose each birthday is a random number taken from K days (K=365) – how many possibilities? KT (samples with replacement) Here is the famous “Birthday Paradox” How many possibilities that are all different? (K)T = K(K-1)…(K-T+1) samples without replacement Probability of no repetition? (K)T/KT 1 - T(T-1)/2K Probability of repetition? O(T2)
26
Collision Resistance Should be hard to find x, x’ such that h(x)=h(x’)
Brute-force collision search is O(2n/2), not O(2n) n = number of bits in the output of hash function For SHA-1, this means O(280) vs. O(2160) Reason: birthday paradox Let T be the number of values x,x’,x’’… we need to look at before finding the first pair x,x’ s.t. h(x)=h(x’) Assuming h is random, what is the probability that we find a repetition after looking at T values? O(T^2) Total number of pairs? O(2^n) Conclusion: O(2^(n/2))
27
One-Way vs. Collision Resistance
One-wayness does not imply collision resistance Suppose g is one-way Define h(x) as g(x’) where x’ is x except the last bit h is one-way (to invert h, must invert g) Collisions for h are easy to find: for any x, h(x0)=h(x1) Collision resistance does not imply one-wayness Suppose g is collision-resistant Define h(x) to be 0x if x is n-bit long, 1g(x) otherwise Collisions for h are hard to find: if y starts with 0, then there are no collisions, if y starts with 1, then must find collisions in g h is not one way: half of all y’s (those whose first bit is 0) are easy to invert (how?); random y is invertible with probab. 1/2 So what’s the difference between One-Way and Collision Resistance? One-wayness does not imply collision resistance Suppose g is one-way Define h(x) as g(x’) where x’ is x except the last bit h is one-way (to invert h, must invert g) Collisions for h are easy to find: for any x, h(x0)=h(x1) Collision resistance does not imply one-wayness Suppose g is collision-resistant Define h(x) to be 0x if x is n-bit long, 1g(x) otherwise Collisions for h are hard to find: if y starts with 0, then there are no collisions, if y starts with 1, then must find collisions in g h is not one way: half of all y’s (those whose first bit is 0) are easy to invert (how?); random y is invertible with probab. 1/2
28
Weak Collision Resistance
Given randomly chosen x, hard to find x’ such that h(x)=h(x’) Attacker must find collision for a specific x. By contrast, to break collision resistance, enough to find any collision. Brute-force attack requires O(2n) time We also have weak collision resistance. Given randomly chosen x, hard to find x’ such that h(x)=h(x’) Weak collision resistance does not imply collision resistance (why?)
29
Which Property Do We Need?
UNIX passwords stored as hash(password) One-wayness: hard to recover password Integrity of software distribution Weak collision resistance But software images are not really random… maybe need full collision resistance Auction bidding Alice wants to bid B, sends H(B), later reveals B One-wayness: rival bidders should not recover B Collision resistance: Alice should not be able to change her mind to bid B’ such that H(B)=H(B’) So actually, which property do we need? What do you think? It depends on your requirement for real systems!
30
Common Hash Functions MD5 RIPEMD-160 SHA-1 (Secure Hash Algorithm)
128-bit output Still used very widely Completely broken by now RIPEMD-160 160-bit variant of MD-5 SHA-1 (Secure Hash Algorithm) 160-bit output US government (NIST) standard as of Also the hash algorithm for Digital Signature Standard (DSS) Here is the some common hash functions. They are widely used in the Internet. MD5: almost every software downloading site……
31
Basic Structure of SHA-1
Against padding attacks Split message into 512-bit blocks Here we have a detailed look at SHA-1. First, let’s see the basic structure. Note the compression function: Applied to each 512-bit block and current 160-bit buffer This is the heart of SHA-1! Compression function Applied to each 512-bit block and current 160-bit buffer This is the heart of SHA-1 160-bit buffer (5 registers) initialized with magic values
32
SHA-1 Compression Function
Current buffer (five 32-bit registers A,B,C,D,E) Current message block Four rounds, 20 steps in each The SHA-1 Compression Function. Let’s look at each step in more detail… It is very similar to a block cipher, with message itself used as the key for each round Fifth round adds the original buffer to the result of 4 rounds Buffer contains final hash value
33
One Step of SHA-1 (80 steps total)
B C D + Logic function for steps (BC)(BD) BCD (BC)(BD)(CD) BCD ft + 5 bitwise left-rotate Wt + Multi-level shifting of message blocks Here is one of the 80 steps of SHA-1 Compression Function. Current message block mixed in For steps 0..15, W0..15=message block For steps , Wt=Wt-16Wt-14Wt-8Wt-3 30 bitwise left-rotate Special constant added (same value in each 20-step round, 4 different constants altogether) Kt + A E B C D
34
How Strong Is SHA-1? Every bit of output depends on every bit of input
Very important property for collision-resistance Brute-force inversion requires 2160 ops, birthday attack on collision resistance requires 280 ops Some recent weaknesses (2005) Collisions can be found in 263 ops So, having understand how complex SHA-1 is, you may wonder how strong it actually is. Every bit of output depends on every bit of input Very important property for collision-resistance Brute-force inversion requires 2160 ops, birthday attack on collision resistance requires 280 ops Some recent weaknesses (2005) Collisions can be found in 263 ops
35
Authentication Without Encryption
KEY MAC (message authentication code) KEY message, MAC(KEY,message) = ? Recomputes MAC and verifies whether it is equal to the MAC attached to the message message Alice Bob Let’s see the Authentication Without Encryption. Integrity and authentication: only someone who knows KEY can compute MAC for a given message.
36
HMAC Construct MAC by applying a cryptographic hash function to message and key Could also use encryption instead of hashing, but… Hashing is faster than encryption in software Library code for hash functions widely available Can easily replace one hash function with another There used to be US export restrictions on encryption Invented by Bellare, Canetti, and Krawczyk (1996) Mandatory for IP security, also used in SSL/TLS Here we have a brief introduction to HMAC: keyed-Hash Message Authentication Code. It is Invented by Bellare, Canetti, and Krawczyk (1996). HMAC Construct MAC by applying a cryptographic hash function to message and key. It is Mandatory for IP security, and also used in SSL/TLS.
37
Today’s Lecture Overview of Network Security
Cryptographic hash functions User Authentication SSL IPSec & IKE Distributed Denial of Service (DDoS) Firewall Reading List Now, we go to User Authentication. 2018/9/19
38
Basic Problem ? How do you prove to someone that
The basic problem is that How do you prove to someone that you are who you claim to be. Any system with access control must solve this problem How do you prove to someone that you are who you claim to be? Any system with access control must solve this problem
39
Many Ways to Prove Who You Are
What you know Passwords Secret key Where you are IP address What you are Biometrics What you have Secure tokens There are many ways to prove who you are: What you know Passwords Secret key Where you are IP address What you are Biometrics What you have Secure tokens
40
Password-Based Authentication
User has a secret password. System checks it to authenticate the user. How is the password communicated? Eavesdropping risk How is the password stored? In the clear? Encrypted? Hashed? So first, I will introduce What you know: Password-Based Authentication. The basic idea is that User has a secret password. System checks it to authenticate the user. How easy is it to guess the password? Easy-to-remember passwords tend to be easy to guess Password file is difficult to keep secret
41
Other Aspects Usability Denial of service Social engineering
Hard-to-remember passwords? Carry a physical object all the time? Denial of service Stolen wallet Attacker tries to authenticate as you, account locked after three failures “Suspicious” credit card usage Social engineering And other aspects…… Usability Hard-to-remember passwords? Carry a physical object all the time? Denial of service Stolen wallet Attacker tries to authenticate as you, account locked after three failures “Suspicious” credit card usage Social engineering
42
Passwords in the Real World
From high school pranks… Student in Tyler changes school attendance records Students in California change grades Different authentication for network login and grade system, but teachers were using the same password (very common) …to serious cash English accountant uses co-workers’ password to steal $17 million for gambling …to identity theft Helpdesk employee uses passwords of a credit card database to sell credit reports to Nigerian scammers [PasswordResearch.com] From high school pranks… Student in Tyler changes school attendance records Students in California change grades Different authentication for network login and grade system, but teachers were using the same password (very common) …to serious cash English accountant uses co-workers’ password to steal $17 million for gambling …to identity theft Helpdesk employee uses passwords of a credit card database to sell credit reports to Nigerian scammers
43
Passwords and Computer Security
First step after any successful intrusion: install sniffer or keylogger to steal more passwords Second step: run cracking tools on password files Usually on other hijacked computers In Mitnick’s “Art of Intrusion”, 8 out of 9 exploits involve password stealing and/or cracking usernames and passwords stored in the clear in troubleshooting tickets “Dixie bank” hack: use default router password to change firewall rules to enable incoming connections
44
UNIX-Style Passwords user system password file hash function
“cypherpunk” system password file user t4h97t4m43 fa6326b1c2 N53uhjr438 Hgg658n53 … hash function Here is the UNIX-Style passwords. The password is encrypted using a hash function and stored in the system password file.
45
Password Hashing Instead of user password, store H(password)
When user enters password, compute its hash and compare with entry in password file System does not store actual passwords! Difficult to go from hash from password! Do you see why hashing is better than encryption here? Hash function must have some properties One-way: given H(password), hard to find password No known algorithm better than trial and error Is collision resistance needed?
46
UNIX Password System Uses DES encryption as if it were a hash function
Encrypt NULL string using password as the key Truncates passwords to 8 characters! Artificial slowdown: run DES 25 times (why?) Can instruct modern UNIXes to use MD5 hash function Problem: passwords are not truly random With 52 upper- and lower-case letters, 10 digits and 32 punctuation symbols, there are 948 6 quadrillion possible 8-character passwords Humans like to use dictionary words, human and pet names 1 million common passwords The UNIX Password System Uses DES encryption as if it were a hash function. The problem is that: passwords are not truly random With 52 upper- and lower-case letters, 10 digits and 32 punctuation symbols, there are 948 6 quadrillion possible 8-character passwords Humans like to use dictionary words, human and pet names 1 million common passwords
47
Dictionary Attack Password file /etc/passwd is world-readable
Contains user IDs and group IDs which are used by many system programs Dictionary attack is possible because many passwords come from a small dictionary Attacker can pre-compute H(word) for every word in the dictionary – this only needs to be done once!! The UNIX Password System vulnerable through Dictionary Attack With 1,000,000-word dictionary and assuming 10 guesses per second, brute-force online attack takes 50,000 seconds (14 hours) on average
48
Salt (chosen randomly when password is first set)
shmat:fURxfg,4hLBX:14510:30:Vitaly:/u/shmat:/bin/csh /etc/passwd entry salt (chosen randomly when password is first set) Password hash(salt,pwd) Salt users with the same password have different entries in the password file In this way, offline dictionary attack becomes much harder
49
Advantages of Salting Without salt, attacker can pre-compute hashes of all dictionary words once for all password entries Same hash function on all UNIX machines; identical passwords hash to identical values One table of hash values works for all password files With salt, attacker must compute hashes of all dictionary words once for each combination of salt value and password With 12-bit random salt, same password can hash to 4096 different hash values Without salt, attacker can pre-compute hashes of all dictionary words once for all password entries With salt, attacker must compute hashes of all dictionary words once for each combination of salt value and password
50
Shadow Passwords Hashed password is not
shmat:x:14510:30:Vitaly:/u/shmat:/bin/csh /etc/passwd entry Hashed password is not stored in a world-readable file Store hashed passwords in /etc/shadow file which is only readable by system administrator (root) Add expiration dates for passwords Early Shadow implementations on Linux called the login program which had a buffer overflow!
51
How People Use Passwords
Write them down Use a single password at multiple sites Do you use the same password for Amazon and your bank account? UT Direct? Do you remember them all? Make passwords easy to remember “password”, “Kevin123”, “popcorn” Some services use “secret questions” to reset passwords “What is your favorite pet’s name?” Paris Hilton’s T-Mobile cellphone hack So how people use passwords? Write them down Use a single password at multiple sites Make passwords easy to remember Some services use “secret questions”to reset passwords
52
Password Surveys Klein (1990) and Spafford (1992)
2.7% guessed in 15 minutes 21% in a week Sounds Ok? Not if passwords last 30 days or more! Much more computing power is available now! U. of Michigan: 5% of passwords were “goblue” How many passwords on this campus involve “orange”, “horns”, etc.? Here is a Password Survey. Klein (1990) and Spafford (1992) 2.7% guessed in 15 minutes 21% in a week Sounds Ok? Not if passwords last 30 days or more! Much more computing power is available now! U. of Michigan: 5% of passwords were “goblue” How many passwords on this campus involve “orange”, “horns”, etc.?
53
Memorability vs. Security
[Ross Anderson] One bank’s idea for making PINs “memorable” If PIN is 2256, write your favorite word in the grid Fill the rest with random letters Normally 9,999 choices for PIN – hard to guess Now only a few dozen possible English words – easy to guess! So how is the Memorability vs. Security?
54
Heuristics for Guessing Attacks
Dictionary with words spelled backwards First and last names, streets, cities Same with upper-case initials All valid license plate numbers in your state Room numbers, telephone numbers, etc. Letter substitutions and other tricks If you can think of it, attacker will, too Here is some Heuristics for Guessing Attacks. Dictionary with words spelled backwards First and last names, streets, cities Same with upper-case initials All valid license plate numbers in your state Room numbers, telephone numbers, etc. Letter substitutions and other tricks If you can think of it, attacker will, too
55
Social Engineering Univ. of Sydney study (1996)
336 CS students ed asking for their passwords Pretext: “validate” password database after suspected break-in 138 returned their passwords; 30 returned invalid passwords; 200 reset passwords (not disjoint) Treasury Dept. report (2005) Auditors pose as IT personnel attempting to correct a “network problem” 35 of 100 IRS managers and employees provide their usernames and change passwords to a known value Other examples: Mitnick’s “Art of Deception” We should also consider Social Engineering. Univ. of Sydney study (1996) 336 CS students ed asking for their passwords Pretext: “validate” password database after suspected break-in 138 returned their passwords; 30 returned invalid passwords; 200 reset passwords (not disjoint) Treasury Dept. report (2005) Auditors pose as IT personnel attempting to correct a “network problem” 35 of 100 IRS managers and employees provide their usernames and change passwords to a known value Other examples: Mitnick’s “Art of Deception”
56
Strengthening Passwords
Add biometrics For example, keystroke dynamics or voiceprint Revocation is often a problem with biometrics Graphical passwords Goal: increase the size of memorable password space Rely on the difficulty of computer vision Face recognition is easy for humans, hard for machines Present user with a sequence of faces, he must pick the right face several times in a row to log in So we should we do if we want to strengthening passwords? Add biometrics For example, keystroke dynamics or voiceprint Revocation is often a problem with biometrics Graphical passwords Goal: increase the size of memorable password space Rely on the difficulty of computer vision Face recognition is easy for humans, hard for machines Present user with a sequence of faces, he must pick the right face several times in a row to log in
57
Graphical Passwords Images are easy for humans to remember
Especially if you invent a memorable story to go along with the images Dictionary attacks on graphical passwords are believed to be difficult Images are very “random” (is this true?) Still not a perfect solution Need infrastructure for displaying and storing images Shoulder surfing Graphical Passwords: Images are easy for humans to remember Especially if you invent a memorable story to go along with the images Dictionary attacks on graphical passwords are believed to be difficult Images are very “random” (is this true?) Still not a perfect solution Need infrastructure for displaying and storing images Shoulder surfing
58
Today’s Lecture Overview of Network Security
Cryptographic hash functions User authentication SSL IPSec & IKE Distributed Denial of Service (DDoS) Firewall Reading List Now, let’s have a look at SSL. 2018/9/19
59
Layers of Security TCP: provides a reliable end-to-end service. TCP & SSL: provides a reliable & secure end-to-end service. HTTPS: HTTP over SSL (or TLS) Typically on port 443 (regular http on port 80) SSL originally developed by Netscape subsequently became Internet standard known as TLS (Transport Layer Security) SSL has two layers of protocols 2018/9/19
60
SSL Record Protocol Services
SSL Record Protocol provides two services. Message integrity using a MAC with a shared secret key similar to HMAC but with different padding hash functions: MD5, SHA-1 Message confidentiality using symmetric encryption with a shared secret key Encryption algorithms: AES, IDEA, RC2-40, DES-40, DES, 3DES, RC4-40, RC4-128 SSL Record Protocol provides two services: Message integrity using a MAC with a shared secret key similar to HMAC but with different padding hash functions: MD5, SHA-1 Message confidentiality using symmetric encryption with a shared secret key Encryption algorithms: AES, IDEA, RC2-40, DES-40, DES, 3DES, RC4-40, RC4-128
61
SSL Handshake Protocol
Allows server & client to: authenticate each other to negotiate encryption & MAC algorithms and keys Comprises a series of messages exchanged in phases: Establish Security Capabilities (to agree on encryption, MAC, and key-exchange algorithms) Server Authentication and Key Exchange Client Authentication and Key Exchange Finish Negotiate Cipher-Suite Algorithms Symmetric cipher to use Key exchange method Message digest function Establish and share master secret Optionally authenticate server and/or client
62
Client Hello Protocol version Random Number Session ID
SSLv3(major=3, minor=0) TLS (major=3, minor=1) Random Number 32 bytes First 4 bytes, time of the day in seconds, other 28 bytes random Prevents replay attack Session ID 32 bytes – indicates the use of previous cryptographic material Compression algorithm Server “Hello Request”- ask client to restart hello includes some random data for creating the master secret SMU
63
Client Hello - Cipher Suites
INITIAL (NULL) CIPHER SUITE SSL_NULL_WITH_NULL_NULL = { 0, 0 } SSL_RSA_WITH_NULL_MD5 = { 0, 1 } SSL_RSA_WITH_NULL_SHA = { 0, 2 } SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 } SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 } SSL_RSA_WITH_RC4_128_SHA = { 0, 5 } SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 } SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 } SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 } SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 } SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0, 10 } PUBLIC-KEY ALGORITHM SYMMETRIC ALGORITHM HASH ALGORITHM CIPHER SUITE CODES USED IN SSL MESSAGES Client Hello - Cipher Suites SMU 52
64
Server Hello Version Random Number Session ID Cipher suite
Protects against handshake replay Session ID Provided to the client for later resumption of the session Cipher suite Usually picks client’s best preference – No obligation Compression method Server Hello: Version Random Number Protects against handshake replay Session ID Provided to the client for later resumption of the session Cipher suite Usually picks client’s best preference – No obligation Compression method SMU
65
Certificates Sequence of X.509 certificates
Server’s, CA’s, … X.509 Certificate associates public key with identity Certification Authority (CA) creates certificate Adheres to policies and verifies identity Signs certificate User of Certificate must ensure it is valid PKCS standards from RSA for RSA certificates PKCS #10 cert requests PKCS #9 cert attributes PKCS #7 cert chain format application/x-pkcs7-mime used to load CA chain into browser CSE 5349/7349 SMU
66
Validating a Certificate
Must recognize accepted CA in certificate chain One CA may issue certificate for another CA Must verify that certificate has not been revoked CA publishes Certificate Revocation List (CRL) Let’s see how SSL validate a certificate: Must recognize accepted CA in certificate chain One CA may issue certificate for another CA Must verify that certificate has not been revoked CA publishes Certificate Revocation List (CRL) CSE 5349/7349 SMU
67
Client Key Exchange Premaster secret
Created by client; used to “seed” calculation of encryption parameters 2 bytes of SSL version + 46 random bytes Sent encrypted to server using server’s public key Here is the SSL Client Key Exchange: Premaster secret Created by client; used to “seed” calculation of encryption parameters 2 bytes of SSL version + 46 random bytes Sent encrypted to server using server’s public key This is where the attack happened in SSLv2 SMU
68
Change Cipher Spec & Finished Messages
Switch to newly negotiated algorithms and key material Finished First message encrypted with new crypto parameters Digest of negotiated master secret, the ensemble of handshake messages, sender constant HMAC approach of nested hashing Change Cipher Spec & Finished Messages: Change Cipher Spec Switch to newly negotiated algorithms and key material Finished First message encrypted with new crypto parameters Digest of negotiated master secret, the ensemble of handshake messages, sender constant HMAC approach of nested hashing SMU
69
SSL Encryption Master secret Key material Encryption keys
Generated by both parties from premaster secret and random values generated by both client and server Key material Generated from the master secret and shared random values Encryption keys Extracted from the key material For SSL encryption, we have: Master secret Generated by both parties from premaster secret and random values generated by both client and server Key material Generated from the master secret and shared random values Encryption keys Extracted from the key material SMU 52
70
Generating the Master Secret
SERVER’S PUBLIC KEY IS SENT BY SERVER IN ServerKeyExchange CLIENT GENERATES THE PREMASTER SECRET ENCRYPTS WITH PUBLIC KEY OF SERVER CLIENT SENDS PREMASTER SECRET IN Client Key Exchange SENT BY SERVER IN ServerHello SENT BY CLIENT IN ClientHello SERVER’S PUBLIC KEY IS SENT BY SERVER IN Server Key Exchange. CLIENT GENERATES THE PREMASTER SECRET ENCRYPTS WITH PUBLIC KEY OF SERVER. CLIENT SENDS PREMASTER SECRET IN Client Key Exchange. MASTER SECRET IS 3 MD5 HASHES CONCATENATED TOGETHER = 384 BITS MASTER SECRET IS 3 MD5 HASHES CONCATENATED TOGETHER = 384 BITS SMU 52
71
Generation of Key Material
JUST LIKE FORMING THE MASTER SECRET EXCEPT THE MASTER SECRET IS USED HERE INSTEAD OF THE PREMASTER SECRET . . . JUST LIKE FORMING THE MASTER SECRET. EXCEPT THE MASTER SECRET IS USED HERE INSTEAD OF THE PREMASTER SECRET. SMU 52
72
Obtaining Keys from the Key Material
SECRET VALUES INCLUDED IN MESSAGE AUTHENTICATION CODES SYMMETRIC KEYS INITIALIZATION VECTORS FOR DES CBC ENCRYPTION SMU 52
73
SSL Record Protocol Here is SSL Record Protocol. CSE 5349/7349 SMU 52
74
Record Header Three pieces of information Content type Content length
Application data Alert Handshake Change_cipher_spec Content length Suggests when to start processing SSL version Redundant check for version agreement There three pieces of information in SSL record header: Content type Application data Alert Handshake Change_cipher_spec Content length Suggests when to start processing SSL version Redundant check for version agreement SMU
75
Protocol (cont’d) Max. record length 214 – 1 MAC Data Headers
Sequence number To prevent replay and reordering attack Not included in the record Max. record has the length 214 – 1 And MAC contains: Data Headers Sequence number To prevent replay and reordering attack Not included in the record CSE 5349/7349 SMU
76
SSL Session and Connection
SSL was designed to work with HTTP 1.0 which tended to open a lot of TCP connections between the same client and server. SSL assumes a session is a relatively long-lived thing from which many (transient) connections can be cheaply derived. 1 session = 1 or more connections Let’s see SSL Session and Connection: SSL was designed to work with HTTP 1.0 which tended to open a lot of TCP connections between the same client and server. SSL assumes a session is a relatively long-lived thing from which many (transient) connections can be cheaply derived. 1 session = 1 or more connections
77
SSL Overhead 2-10 times slower than a TCP session
Where do we lose time Handshake phase Client does public-key encryption Server does private-key encryption (still public-key cryptography) Usually clients have to wait on servers to finish Data Transfer phase Symmetric key encryption While we can use SSL to get better security, SSL has its own overhead: 2-10 times slower than a TCP session Where do we lose time Handshake phase Client does public-key encryption Server does private-key encryption (still public-key cryptography) Usually clients have to wait on servers to finish Data Transfer phase Symmetric key encryption CSE 5349/7349 SMU
78
SSL Applications HTTP – original application Secure mail
Server to client connection SMTP/SSL? Telnet, ftp .. Resources: Here are some SSL applications: HTTP – original application Secure mail Server to client connection SMTP/SSL? Telnet, ftp .. Resources: CSE 5349/7349 SMU
79
Today’s Lecture Overview of Network Security
Cryptographic hash functions User authentication SSL IPSec & IKE Distributed Denial of Service (DDoS) Firewall Reading List And next, I will introduce IPSec and IKE. 2018/9/19
80
IPsec: Network Layer Security
IPsec = AH + ESP + IPcomp + IKE Protection for IP traffic AH provides integrity and origin authentication ESP also confidentiality Compression Sets up keys and algorithms for AH and ESP IPsec is the combination of AH + ESP + Ipcomp + IKE. AH and ESP rely on an existing security association Idea: parties must share a set of secret keys and agree on each other’s IP addresses and crypto algorithms Internet Key Exchange (IKE) Goal: establish security association for AH and ESP If IKE is broken, AH and ESP provide no protection!
81
IPsec Security Services
Authentication and integrity for packet sources Ensures connectionless integrity (for a single packet) and partial sequence integrity (prevent packet replay) Confidentiality (encapsulation) for packet contents Also partial protection against traffic analysis With IPsec, authentication and encapsulation can be used separately or together Either provided in transport or tunnel mode These services are transparent to applications above transport (TCP/UDP) layer
82
IPsec Modes Transport mode Tunnel mode
Used to deliver traffic from host to host or from host to gateway End-to-end across networks or within same network Tunnel mode Used to deliver traffic from gateway to gateway or from host to gateway Usually gateways are owned by the same organization With an insecure network in the middle There are two modes for IPsec: Transport mode Used to deliver traffic from host to host or from host to gateway End-to-end across networks or within same network Tunnel mode Used to deliver traffic from gateway to gateway or from host to gateway Usually gateways are owned by the same organization With an insecure network in the middle
83
IPsec in Transport Mode
First, let’s see IPsec in Transport Mode. End-to-end security between two hosts Typically, client to gateway (e.g., PC to remote host) Transport Mode requires IPsec support at each host End-to-end security between two hosts Typically, client to gateway (e.g., PC to remote host) Requires IPsec support at each host
84
IPsec in Transport Tunnel Mode
Implements IPsec Implements IPsec Next, let’s see IPsec in Transport Tunnel Mode IPsec protects communication on the insecure part of the network The security gateway must implement IPsec. IPsec protects communication on the insecure part of the network
85
Transport Mode vs. Tunnel Mode
Transport mode secures packet payload and leaves IP header unchanged Tunnel mode encapsulates both IP header and payload into IPsec packets IP header (real dest) IPsec header TCP/UDP header + data This slide shows the comparison of transport mode and tunnel mode. Transport mode secures packet payload and leaves IP header unchanged Tunnel mode encapsulates both IP header and payload into IPsec packets IP header (gateway) IPsec header IP header (real dest) TCP/UDP header + data
86
Security Association (SA)
One-way sender-recipient relationship Two SAs required for a two-way conversation SA determines how packets are processed Cryptographic algorithms, keys, IVs, lifetimes, sequence numbers, mode (transport or tunnel) – read textbook! SA is uniquely identified by SPI (Security Parameters Index)… Each IPsec implementation keeps a database of Sas SPI is sent with packet, tells recipient which SA to use
87
AH: Authentication Header
Sender authentication Integrity for packet contents and IP header Sender and receiver must share a secret key This key is used in HMAC computation The key is set up by IKE key establishment protocol and recorded in the Security Association (SA) SA also records protocol being used (AH) and mode (transport or tunnel) plus hashing algorithm used MD5 or SHA-1 supported as hashing algorithms AH represents Authentication Header. Sender authentication Integrity for packet contents and IP header Sender and receiver must share a secret key
88
IP Headers Version Header Length TOS Packet length Packet Id Flags
Immutable Predictable Mutable Fragment offset TTL Protocol number Checksum Source IP address Destination IP address Options Here we have a look at IP headers. AH sets mutable fields to zero and predictable fields to final value and then uses this header plus packet contents as input to HMAC
89
Prevention of Replay Attacks
When SA is established, sender initializes 32-bit counter to 0, increments by 1 for each packet If wraps around 232-1, new SA must be established Recipient maintains a sliding 64-bit window If a packet with high sequence number is received, do not advance window until packet is authenticated When SA is established, sender initializes 32-bit counter to 0, increments by 1 for each packet If wraps around 232-1, new SA must be established Recipient maintains a sliding 64-bit window If a packet with high sequence number is received, do not advance window until packet is authenticated
90
ESP: Encapsulating Security Payload
Adds new header and trailer fields to packet Transport mode Confidentiality of packet between two hosts Complete hole through firewalls Used sparingly Tunnel mode Confidentiality of packet between two gateways or a host and a gateway Implements VPN tunnels Now, let see ESP: Encapsulating Security Payload. ESP adds new header and trailer fields to packet. Transport mode Confidentiality of packet between two hosts Complete hole through firewalls Used sparingly Tunnel mode Confidentiality of packet between two gateways or a host and a gateway Implements VPN tunnels
91
ESP Security Guarantees
Confidentiality and integrity for packet payload Symmetric cipher negotiated as part of security assoc Optionally provides authentication (similar to AH) Can work in transport… …or tunnel mode encrypted Original IP header ESP header TCP/UDP segment ESP trailer ESP auth Confidentiality and integrity for packet payload Symmetric cipher negotiated as part of security assoc Optionally provides authentication (similar to AH) Can work in transport. authenticated New IP header ESP header Original IP header TCP/UDP segment ESP trailer ESP auth
92
Secure Key Establishment
Goal: generate and agree on a session key using some public initial information What properties are needed? Authentication (know identity of other party) Secrecy (generated key not known to any others) Forward secrecy (compromise of one session key does not compromise keys in other sessions) Prevent replay of old key material Prevent denial of service Protect identities from eavesdroppers Agreement (both parties agree on the value of key) Now, I will introduce Secure Key Establishment. The goal of Secure Key Establishment is to generate and agree on a session key using some public initial information. The properties which Secure Key Establishment needs are: Authentication (know identity of other party) Secrecy (generated key not known to any others) Forward secrecy (compromise of one session key does not compromise keys in other sessions) Prevent replay of old key material Prevent denial of service Protect identities from eavesdroppers Agreement (both parties agree on the value of key)
93
Key Management in IPsec
Manual key management Keys and parameters of crypto algorithms exchanged offline (e.g., by phone), security associations established by hand Pre-shared symmetric keys New session key derived for each session by hashing pre-shared key with session-specific nonces Standard symmetric-key authentication and encryption Online key establishment Internet Key Exchange (IKE) protocol Use Diffie-Hellman to derive shared symmetric key Manual key management Keys and parameters of crypto algorithms exchanged offline (e.g., by phone), security associations established by hand Pre-shared symmetric keys New session key derived for each session by hashing pre-shared key with session-specific nonces Standard symmetric-key authentication and encryption Online key establishment Internet Key Exchange (IKE) protocol Use Diffie-Hellman to derive shared symmetric key
94
IKE Overview Goal: create security association between 2 hosts
Shared encryption and authentication keys, agreement on crypto algorithms Two phases: 1st phase establishes security association (IKE-SA) for the 2nd phase Always by authenticated Diffie-Hellman (expensive) 2nd phase uses IKE-SA to create actual security association (child-SA) to be used by AH and ESP Use keys derived in the 1st phase to avoid DH exchange Can be executed cheaply in “quick” mode To create a fresh key, hash old DH value and new nonces
95
IKE Genealogy Diffie-Hellman Station-to-Station ISAKMP Photuris Oakley
1976 + authentication, identity protection Diffie, van Oorschot, Wiener 1992 + defense against denial of service ISAKMP NSA 1998 Photuris “generic” protocol for establishing security associations + defense against replay Karn, Simpson + compatibility with ISAKMP Here is the IKE Genealogy. It was first proposed in 1976, and finally became the Internet standard on December 2005. Oakley IKE Orman 1998 Cisco 1998 IKEv2 Internet standard December 2005
96
Design Objectives Shared secret Authentication Identity protection
Create and agree on a secret which is known only to protocol participants Authentication Participants need to verify each other’s identity Identity protection Eavesdropper should not be able to infer participants’ identities by observing protocol execution Protection against denial of service Malicious participant should not be able to exploit the protocol to cause the other party to waste resources The Design Objectives of IKE is as follows: Shared secret Authentication Identity protection Protection against denial of service
97
IKE: Phase One I R ga mod p, crypto proposal, Ni CookieR
Optional: refuse 1st message and demand return of stateless cookie CookieR ga mod p, crypto proposal, Ni I R CookieR, ga mod p, crypto proposal, Ni gb mod p, crypto accepted, Nr switch to K=f(Ni,Nr,crypto,gab mod p) IKE is divided into to phases. Here is phase one. Initiator reveals identity first:Prevents “polling” attacks where attacker initiates IKE connections to find out who lives at an IP asdr Instead of running 2nd phase,“piggyback” establishment of child-SA on initial exchange EncK(“I”, sigI(m1-4), [cert], child-SA) EncK(“R”, sigR(m1-4), [cert], child-SA) Initiator reveals identity first Prevents “polling” attacks where attacker initiates IKE connections to find out who lives at an IP addr Instead of running 2nd phase, “piggyback” establishment of child-SA on initial exchange
98
IKE: Phase Two (Create Child-SA)
After Phase One, I and R share key K I R EncK(proposal, Ni, [ga mod p], traffic) Crypto suites, protocol (AH, ESP or IPcomp) Optional re-key using old DH value and fresh nonces IP address range, ports, protocol id And this is phase two. After Phase One, I and R share key K Can run this phase several times to create multiple SAs EncK(proposal, Nr , [gb mod p], traffic) Can run this several times to create multiple SAs
99
Other Aspects of IKE Interaction with other network protocols
How to run IPsec through NAT (Network Address Translation) gateways? Error handling Very important! Bleichenbacher attacked SSL by cryptanalyzing error messages from an SSL server Protocol management Dead peer detection, rekeying, etc. Legacy authentication What if one of the parties doesn’t have a public key? Here is some other aspects of IKE. Interaction with other network protocols How to run IPsec through NAT (Network Address Translation) gateways? Error handling Very important! Bleichenbacher attacked SSL by cryptanalyzing error messages from an SSL server Protocol management Dead peer detection, rekeying, etc. Legacy authentication What if one of the parties doesn’t have a public key?
100
Current State of IPsec Best currently existing VPN standard
For example, used in Cisco PIX firewall, many remote access gateways IPsec has been out for a few years, but wide deployment has been hindered by complexity ANX (Automotive Networking eXchange) uses IPsec to implement a private network for the Big 3 auto manufacturers and their suppliers The current State of Ipsec is that: Best currently existing VPN standard For example, used in Cisco PIX firewall, many remote access gateways IPsec has been out for a few years, but wide deployment has been hindered by complexity ANX (Automotive Networking eXchange) uses IPsec to implement a private network for the Big 3 auto manufacturers and their suppliers
101
Today’s Lecture Overview of Network Security
Cryptographic hash functions User authentication SSL IPSec & IKE Distributed Denial of Service Attacks Firewall Reading List And next, I will introduce Distributed Denial of Service Attacks (DDOS). 2018/9/19
102
Background Information: Denial of Service Attacks
Denial of Service Attack: an attack on a computer or network that prevents legitimate use of its resources. DoS Attacks Affect: Software Systems Network Routers/Equipment/Servers Servers and End-User PCs Before we go to DDOS, let’s first understand what is DOS. Denial of Service Attack is an attack on a computer or network that prevents legitimate use of its resources. It affects: Software Systems Network Routers/Equipment/Servers Servers and End-User PCs 2018/9/19
103
DoS Shortfalls DoS attacks are unable to attack large bandwidth websites – one upstream client cannot generate enough bandwidth to cripple major megabit websites. New distributed server architecture makes it harder for one DoS to take down an entire site. New software protections neutralize existing DoS attacks quickly DoS attacks are unable to attack large bandwidth websites – one upstream client cannot generate enough bandwidth to cripple major megabit websites. New distributed server architecture makes it harder for one DoS to take down an entire site. New software protections neutralize existing DoS attacks quickly 2018/9/19
104
Distributed Denial of Service Attacks
What is a Distributed Denial of Service Attack? A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets. So what is a Distributed Denial of Service Attack? A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets. 2018/9/19
105
DDoS Architecture Client Handler Agents 2018/9/19
Here is the basic DDoS architecture. 2018/9/19
106
Why are these attacks easy?
Internet built around end-to-end principle: Most functions done by end hosts. Examples: reliable delivery. Advantages: Simplifies network core. Example: IP packet forwarding. Example: it’s easy to start an ISP. Anyone can introduce new services. Result: lots of innovation. So why are these attacks easy? Anyone can start an ISP! 2018/9/19
107
Why is defense hard? End-to-end principle conflicts with:
Centralized control. Centralized monitoring. Separation of data from control traffic. Mandatory authentication. Mandatory accounting. And why is defense hard? End-to-end principle conflicts with: Centralized control. Centralized monitoring. Separation of data from control traffic. Mandatory authentication. Mandatory accounting. 2018/9/19
108
Widely Used DDoS Programs
Trinoo Tribe Flood Network TFN2K stacheldraht (barbed wire) And these are the widely used DDoS programs: Trinoo Tribe Flood Network TFN2K stacheldraht (barbed wire) 2018/9/19
109
Common DDoS Countermeasures
Prevent Initial Hack Use of Firewalls and Demilitarized Zone Check Ingress/Egress Packets Use a server farm and load balancer to offset the effects of a DDoS attack Prevent SYN flood attacks by discarding the first SYN packet (causes delay for legitimate users) Change IP address of attacked system (problem for updating legitimate users of new system IP address) So how to protect us from DDoS attacks? Here are some common DDoS Countermeasures: Prevent Initial Hack Use of Firewalls and Demilitarized Zone Check Ingress/Egress Packets Use a server farm and load balancer to offset the effects of a DDoS attack Prevent SYN flood attacks by discarding the first SYN packet (causes delay for legitimate users) Change IP address of attacked system (problem for updating legitimate users of new system IP address) 2018/9/19
110
DDoS Protection Environment
Linux Kernal (immune to TARGA & teardrop) Linux Virtual Server (provides balancing algorithms) NAT via load balancer (translates incoming traffic before it hits the server). Direct Routing Request Dispatching (allows MAC addresses to directly communicate with the server, bypassing the load balancer). IP Tunneling Firewall – packet filtering Class Based Queuing (assigns repetitive packets to smaller queue freeing up queue space for legitimate users) Traffic Monitor And here is the DDoS Protection Environment: Linux Kernal (immune to TARGA & teardrop) Linux Virtual Server (provides balancing algorithms) NAT via load balancer (translates incoming traffic before it hits the server). Direct Routing Request Dispatching (allows MAC addresses to directly communicate with the server, bypassing the load balancer). IP Tunneling Firewall – packet filtering Class Based Queuing (assigns repetitive packets to smaller queue freeing up queue space for legitimate users) Traffic Monitor 2018/9/19
111
Conceptual Model for Defending Against DDoS Attacks
Suitable technological solutions in the Internet and suitable incentives upon the users of the Internet. Economic incentives for Internet users to cooperate Technical solutions must work together with consistent incentive. We need two things, suitable technological solutions in the Internet and suitable incentives upon the users of the Internet. The machinery and the incentives interlock and must be designed together. We also need to consider the cost-effective issue: to construct technical solutions and incentive structures in a cost-effective way. The biggest barrier in defending against DDoS attacks is the lack of economic incentives for Internet users to cooperate. Sample research by icsa.net shows that less than 15 percent of all corporate users are filtering source IP addresses. An even smaller percentage of Internet service providers – less than 8 percent – are doing this type of filtering. So the technical solutions must work together with consistent incentive. 2018/9/19
112
Protect us from DDoS Attacks
Raise the bar: Improve host security. Make it hard to fake IP addresses Experiment with RON-like and peer-to-peer architectures. Raise the bar: Improve host security. Make it hard to fake IP addresses. Experiment with RON-like and peer-to-peer architectures. 2018/9/19
113
Today’s Lecture Overview of Network Security
Cryptographic hash functions User authentication SSL IPSec & IKE Distributed Denial of Service Attacks Firewall Reading List And next, I will introduce Firewalls. 2018/9/19
114
What is a Firewall? A firewall is hardware, software, or a combination of both. Used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer First, let’s understand what is a firewall. A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer
115
Rules Determine WHO ? WHEN ? WHAT ? HOW ? INTERNET Protected Network
My PC There are a set of rules in firewall to protect our hosts from attacks. Protected Network Firewall
116
Hardware vs. Software Firewalls
Hardware Firewalls Protect an entire network Implemented on the router level Usually more expensive, harder to configure Software Firewalls Protect a single computer Usually less expensive, easier to configure As mentioned above, firewall can be either hardware or software or both. Here is a comparison of hardware firewalls and software firewalls. Hardware Firewalls Protect an entire network Implemented on the router level Usually more expensive, harder to configure Software Firewalls Protect a single computer Usually less expensive, easier to configure
117
How does a software firewall work?
Inspects each individual “packet” of data as it arrives at either side of the firewall Inbound to or outbound from your computer Determines whether it should be allowed to pass through or if it should be blocked Next, I will introduce software firewall, and leave hardware firewall for further reading. Software firewall works as follows: Inspects each individual “packet” of data as it arrives at either side of the firewall Inbound to or outbound from your computer Determines whether it should be allowed to pass through or if it should be blocked
118
Firewall Rules Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.) Block – traffic that is blocked because it has been deemed dangerous to your computer Ask – asks the user whether or not the traffic is allowed to pass through Here is the firewall rule. Typically, there three kinds of rules: Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.) Block – traffic that is blocked because it has been deemed dangerous to your computer Ask – asks the user whether or not the traffic is allowed to pass through
119
What a personal firewall can do
Stop hackers from accessing your computer Protects your personal information Blocks “pop up” ads and certain cookies Determines which programs can access the Internet So what a personal firewall can do? Stop hackers from accessing your computer Protects your personal information Blocks “pop up” ads and certain cookies Determines which programs can access the Internet
120
What a personal firewall cannot do
Cannot prevent viruses Only an antivirus product with updated definitions can prevent viruses After setting it initially, you can forget about it The firewall will require periodic updates to the rulesets and the software itself And what a personal firewall cannot do? It cannot prevent viruses Only an antivirus product with updated definitions can prevent viruses After setting it initially, you can forget about it The firewall will require periodic updates to the rulesets and the software itself
121
Considerations when using personal firewall software
If you did not initialize an action and your firewall picks up something, you should most likely deny it and investigate it It’s a learning process (Ex. Spooler Subsystem App) If you notice you cannot do something you did prior to the installation, there is a good chance it might be because of your firewall Here are some considerations when using personal firewall software: If you did not initialize an action and your firewall picks up something, you should most likely deny it and investigate it It’s a learning process (Ex. Spooler Subsystem App) If you notice you cannot do something you did prior to the installation, there is a good chance it might be because of your firewall
122
Examples of personal firewall software
ZoneAlarm < BlackICE Defender < Tiny Personal Firewall < Norton Personal Firewall < Here are some examples of personal firewall software: ZoneAlarm < BlackICE Defender < Tiny Personal Firewall < Norton Personal Firewall <
123
Windows XP Firewall Currently *not* enabled by default
Enable under Start -> Settings -> Control Panel Select Local Area Connection Select the Properties button Click the “Advanced” tab And almost everyone knows, the Windows XP Firewall: Currently *not* enabled by default Enable under Start -> Settings -> Control Panel Select Local Area Connection Select the Properties button Click the “Advanced” tab
124
Final Firewall Notes Rule Management Default Allow vs. Default Deny
Firewalls do NOT Solve the Entire Problem Now let’s have a summary about firewall: Rule Management Default Allow vs. Default Deny Firewalls do NOT Solve the Entire Problem
125
Q & A 2018/9/19
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.