Other Security Issues - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Other Security Issues

Description:

Application layer security for database, e-mail, etc. Transport layer: SSL ... If security is broken at one layer, the communication will still be secure. However, ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 20
Provided by: x7218
Category:

less

Transcript and Presenter's Notes

Title: Other Security Issues


1
Other Security Issues
  • Multi-Layer Security
  • Firewalls
  • Total Security
  • Intrusion Detection
  • Trust

2
Multi-Layer Security
  • Security Can be Applied at Multiple Layers
    Simultaneously
  • Application layer security for database, e-mail,
    etc.
  • Transport layer SSL
  • Internet layer IPsec (Chapter 9, Module F)
  • Data link layer PPTP, L2TP (Module F)
  • Physical layer locks

3
Multi-Layer Security
  • Applying security at 2 or more layers is good
  • If security is broken at one layer, the
    communication will still be secure
  • However,
  • Security slows down processing
  • Multi-Layer security slows down processing at
    each layer

4
Firewalls
  • Firewall sits between the corporate network and
    the Internet
  • Prevents unauthorized access from the Internet
  • Facilitates internal users access to the Internet

Firewall
OK
No
Access only if Authenticated
5
Firewalls
  • Packet Filter Firewalls
  • Examine each incoming IP packet
  • Examine IP and TCP header fields
  • If bad behavior is detected, reject the packet
  • No sense of previous communication analyzes each
    packet in isolation

IP Firewall
IP Packet
6
Firewalls
  • Application (Proxy) Firewalls
  • Filter based on application behavior
  • Do not examine packets in isolation use history
  • In HTTP, for example, do not accept a response
    unless an HTTP request has just gone out to that
    site

Application
7
Firewalls
  • Application (Proxy) Firewalls
  • Hide internal internet addresses
  • Internal user sends an HTTP request
  • HTTP proxy program replaces user internet address
    with proxy servers IP address, sends to the
    webserver

Request with Proxy Servers IP Address
HTTP Request
8
Firewalls
  • Application (Proxy) Firewalls
  • Webserver sends response to proxy server, to
    proxy server IP address
  • HTTP proxy server sends the IP packet to the
    originating host
  • Overall, proxy program acts on behalf of the
    internal user

Response to Proxy Servers IP Address
HTTP Response
9
Firewalls
  • Why Hide Internal IP Addresses?
  • The first step in an attack usually is to find
    potential victim hosts
  • Sniffer programs read IP packet streams for IP
    addresses of potential target hosts
  • With proxy server, sniffers will not learn IP
    addresses of internal hosts

Sniffer
False IP Address
Host IP Address
10
Firewalls
  • Application Firewalls
  • Need a separate program (proxy) for each
    application
  • Not all applications have rules that allow
    filtering

11
Total Security
  • Network Security is Only Part
  • Server Security
  • Hackers can take down servers with
    denial-of-service attack
  • Hacker can log in as root user and take over the
    server
  • Steal data, lock out legitimate users, etc.

12
Total Security
  • Server Security
  • Occasionally, weakness are discovered in server
    operating systems
  • This knowledge is quickly disseminated
  • Known security weaknesses

13
Total Security
  • Server Security
  • Server operating system (SOS) vendors create
    patches
  • Many firms do not download patches
  • This makes them vulnerable to hackers, who
    quickly develop tools to probe for and then
    exploit known weaknesses

14
Total Security
  • Client PC Security
  • Known security weaknesses exist but patches are
    rarely downloaded
  • Users often have no passwords or weak passwords
    on their computer
  • Adversaries take over client PCs and can
    therefore take over control over SSL, other
    secure communication protocols

15
Total Security
  • Application Software
  • May contain viruses
  • Must filter incoming messages
  • Database and other applications can add their own
    security with passwords and other protections

16
Total Security
  • Managing Users
  • Often violate security procedures, making
    technical security worthless
  • Social engineering attacker tricks user into
    violating security procedures

17
Intrusion Detection
  • Intrusion detection software to detect and report
    intrusions as they are occurring
  • Needed
  • Lets organization stop intruders so that
    intruders do not have unlimited time to probe for
    weaknesses
  • Helps organization assess security threats
  • Audit logs list where intruder has been vital in
    legal prosecution

18
Trust
  • System A may trust System B
  • Not check closely for security problems
  • This reduces security processing costs
  • If trusted system is taken over, disaster
  • Can exploit systems that trust it

Trust
System B
System A
No Close Check
19
Trust
  • If System A trusts System B and System B trusts
    System C, System A often trusts system C
  • Extreme disaster if highly trusted system is
    taken over
  • Can exploit many trusting systems

B
A
C
Trust
Trust
Trust
Write a Comment
User Comments (0)
About PowerShow.com