COM347 Computer Networking Notes - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

COM347 Computer Networking Notes

Description:

It's a maxim in system security circles that buggy software opens ... It's a maxim in software development circles that large, complex programs contain bugs. ... – PowerPoint PPT presentation

Number of Views:88
Avg rating:3.0/5.0
Slides: 23
Provided by: kevinc3
Category:

less

Transcript and Presenter's Notes

Title: COM347 Computer Networking Notes


1
Network Security
2
Introduction
  • introduction
  • cryptography
  • authentication
  • key exchange
  • intruder may
  • eavesdrop
  • remove, modify, and/or insert messages
  • read and playback messages
  • important issues
  • cryptography secrecy of info being transmitted

3
Security - Encryption
  • user resources
  • login passwords often transmitted unencrypted in
    TCP packets between applications (e.g., telnet,
    ftp)
  • passwords provide little protection
  • network resources
  • often completely unprotected from intruder
    eavesdropping, injection of false messages
  • mail spoofs, router updates, ICMP messages,
    network management messages
  • bottom line
  • intruder attaching his/her machine onto network
    can override many system-provided security
    measures
  • Encryption
  • Plaintext unencrypted message
  • ciphertext encrypted form of message
  • Intruder may
  • intercept ciphertext transmission
  • intercept plaintext/ciphertext pairs
  • obtain encrypt/decryption algorithms

4
A Simple Encryption Example
substitution cipher
  • abcdefghijklmnopqrstuvwxyz
  • poiuytrewqasdfghjklmnbvczx
  • replace each plaintext character in message with
    matching ciphertext character
  • plaintext Charlotte, my love
    --------------- ciphertext iepksgmmy, dz
    sgby
  • key is pairing betweenb plaintext characters and
    ciphertext characters
  • symmetric key sender and receiver use same key
  • 26! (approx 1026) different possible keys
    unlikely to be broken by random trys
  • substitution cipher subject to decryption using
    observed frequency of letters
  • 'e' most common letter, the' most common word

5
Des Data Encryption Standard
  • Encrypts data in 64-bit chunks . The
    encryption/decryption algorithm is a published
    standard - everyone knows how to do it
  • Substitution cipher over 64-bit chunks 56-bit
    key determines which of 56! Substitution ciphers
    used. Substitution 19 stages of
    transformations, 16 involving functions of key
  • Decryption done by reversing encryption steps
    and sender and receiver must use same key

Key Distribution Problem
  • How do communicant agree on symmetric key?
  • as N communicants implies N keys..
  • trusted agent distribution
  • keys distributed by centralised trusted agent
  • any communicant need only know key to
    communicate with trusted agent
  • for communication between I and j, trusted agent
    will provide a key

6
Public Key Cryptography
  • Separate encryption/decryption keys
  • receiver makes known (!) its encryption key
  • receiver keeps its decryption key secret
  • to send to receiver B, encrypt message M
    using B's publicly available key, EB
  • send EB(M)
  • to decrypt, B applies its private decrypt
    key DB to receiver message
  • compute DB( EB(M) ) gives M
  • Knowing encryption key does not help with
    decryption decryption is a non-trivial inverse
    of encryption
  • only receiver can decrypt message

7
Public key encryption
  • Public key encryption uses a combination of a
    private key and a public key. The private key is
    known only to your computer while the public key
    is given by your computer to any computer that
    wants to communicate securely with it.
  • To decode an encrypted message, a computer must
    use the public key provided by the originating
    computer and it's own private key. The key is
    based on a hash value.
  • This is a value that is computed from a base
    input number using a hashing algorithm.
  • The important thing about a hash value is that it
    is nearly impossible to derive the original input
    number without knowing the data used to create
    the hash value.

8
Public Key
  • You can see how hard it would be to determine
    that the value of 1525381 came from the
    multiplication of 10667 and 143.
  • But if you knew that the multiplier was 143, then
    it would be very easy to calculate the value of
    10667. Public key encryption is much more complex
    than this example but that is the basic idea.
  • Public keys generally use complex algorithms and
    very large hash values for encrypting 40-bit or
    even 128-bit numbers. A 128-bit number has a
    possible 2128 different combinations.
  • That's as many combinations as there are water
    molecules in 2.7 million olympic size swimming
    pools. Even the tiniest water droplet you can
    image has billions and billions of water
    molecules in it!

9
Advantages Disadvantages
  • Advantages The private key must be kept secret
    only by the holder of the key and does not need
    to be sent to anyone else.
  • A public/private key pair can remain unchanged
    for a long time.
  • Public-key encryption methods also can be used to
    develop efficient digital signature systems.
  • Disadvantages Public-key encryption can be used
    to send a symmetric key from a sender to a set of
    receivers. The computational complexity of
    public-key systems is several orders of magnitude
    higher than most symmetric-key systems.
  • The key length of public-key systems must be much
    higher than symmetric-key systems. This is
    because public-key cryptography relies upon the
    presumed difficulty of solving some
    number-theoretic problems..
  • No public-key system has been shown to be secure
    (also true of block ciphers).
  • In fact, some future mathematician may be able to
    solve the number theory problems utilized by some
    of these systems, thereby rendering those systems
    useless and permitting the decryption of all
    messages sent using those systems

10
Digital Signatures using Public Keys
  • Goals of digital signature sender can not
    repudiate message never sent ("I never sent
    that") gt receiver can not fake a received
    message
  • Suppose A wants B to "sign" a message M
  • B sends DA(M) to A
  • If A computes if EA ( DA(M)) M then A has
    signed M
  • Digital certificates - To implement public key
    encryption on a large scale, such as a secure Web
    server might need, requires a different approach.
    This is where digital certificates come in. A
    digital certificate is essentially a bit of
    information that says the Web server is trusted
    by an independent source known as a Certificate
    Authority.
  • The Certificate Authority acts as the middleman
    that both computers trust. It confirms that each
    computer is in fact who they say they are and
    then provides the public keys of each computer to
    the other.
  • The Digital Signature Standard (DSS) is based on
    a type of public key encryption method that uses
    the Digital Signature Algorithm (DSA). DSS is the
    format for digital signatures that has been
    endorsed by the US government. The DSA algorithm
    consists of a private key that only the
    originator of the document knows and a public key.

11
Protection against Intruders Firewalls
  • firewall network components (host/routersoftware
    ) sitting between inside ("us") and outside
    ("them)
  • packet filtering firewalls drop packets on
    basis of source or destination address (i.e., IP
    address, port)
  • application gateways application specific code
    intercepts, processes and/or relays
  • application specific packets
  • e.g., email of telnet gateways
  • Application gateway code can be security hardened
  • Can log all activity

12
Finally.Internet Activity
  • IP layer
  • Authentication of header receiver can
    authenticate sender using message authentication
    code (MAC)
  • Encryption of contents DES, RFC 1829
  • API
  • SSL - secure socket layer support for
    authentication and encryption
  • port numbers 443 for http with SSL, 465 for
    smtp with SSL
  • Application Layer
  • Privacy Enhanced Mail
  • Secure http supports many authentication,
    encryption schemes
  • A good reason for security Check out
    http//www.youtube.com/watch?vkH8cS1AkqiI

13
WWW Server Security
  • The moment you install a Web server at your
    site, you've opened a window into your local
    network that the entire Internet can peer
    through.
  • Most visitors are content to window shop, but a
    few will try to peek at things you don't intend
    for public consumption
  • Others, not content with looking without
    touching, will attempt to force the window open
    and crawl in. executed on the server's side of
    the connection in response to remote requests.
  • Any CGI script installed at your site may
    contain bugs, and every such bug is a potential
    security hole.
  • Misconfigured databases will also be risky
  • Strive to keep OS updated and patcheddaily almost
  • Content extracted from the WWW FAQ at
    http//www.w3.org/Security/faq/wwwsf1.htmlGEN-Q1

14
Results of Intrusion
  • The results can range from the merely
    embarrassing, for instance the discovery one
    morning that your site's home page has been
    replaced by an obscene parody, to the damaging,
    for example the theft of your entire database of
    customer information.
  • It's a maxim in system security circles that
    buggy software opens up security holes. It's a
    maxim in software development circles that large,
    complex programs contain bugs. Unfortunately, Web
    servers are large, complex programs that can (and
    in some cases have been proven to) contain
    security holes.
  • Furthermore, the open architecture of Web servers
    allows arbitrary CGI scripts to be executed on
    the server's side of the connection in response
    to remote requests. Any CGI script installed at
    your site may contain bugs, and every such bug is
    a potential security hole.

15
Poor Configuration
  • From the point of view of the network
    administrator, a Web server represents yet
    another potential hole in your local network's
    security.
  • The general goal of network security is to keep
    strangers out. Yet the point of a Web site is to
    provide the world with controlled access to your
    network.
  • A poorly configured Web server can punch a hole
    in the most carefully designed firewall system. A
    poorly configured firewall can make a Web site
    impossible to use.
  • Things get particularly complicated in an
    intranet environment, where the Web server must
    typically be configured to recognize and
    authenticate various groups of users, each with
    distinct access privileges.

16
Active Content
  • Active content, such as ActiveX controls and Java
    applets, introduces the possibility that Web
    browsing will introduce viruses or other
    malicious software into the user's system.
  • Active content also has implications for the
    network administrator, insofar as Web browsers
    provide a pathway for malicious software to
    bypass the firewall system and enter the local
    area network. Even without active content, the
    very act of browsing leaves an electronic record
    of the user's surfing history, from which
    unscrupulous individuals can reconstruct a very
    accurate profile of the user's tastes and habits.
  • Finally, both end-users and Web administrators
    need to worry about the confidentiality of the
    data transmitted across the Web.
  • The TCP/IP protocol was not designed with
    security in mind hence it is vulnerable to
    network eavesdropping.
  • When confidential documents are transmitted from
    the Web server to the browser, or when the
    end-user sends private information back to the
    server inside a fill-out form, someone may be
    listening in.

17
Risk 1 Bugs
  • There are basically 3 overlapping types of risk
  • 1. Bugs or misconfiguration problems in the
    Web server that allow unauthorized remote users
    to
  • Steal confidential documents not intended for
    their eyes.
  • Execute commands on the server host machine,
    allowing them to modify the system.
  • Gain information about the Web server's host
    machine that will allow them to break into the
    system.
  • Launch denial-of-service attacks, rendering the
    machine temporarily unusable.

18
Risks 2 3
  • Browser-side risks, including
  • Active content that crashes the browser, damages
    the user's system, breaches the user's privacy,
    or merely creates an annoyance.
  • The misuse of personal information knowingly or
    unkowingly provided by the end-user.
  • Interception of network data sent from browser to
    server or vice versa via network eavesdropping.
    Eavesdroppers can operate from any point on the
    pathway between browser and server including
  • The network on the browser's side of the
    connection.
  • The network on the server's side of the
    connection (including intranets).
  • The end-user's Internet service provider (ISP).
  • The server's ISP.
  • Either ISPs' regional access provider.

19
Securing Both Sides.
It's important to realize that "secure" browsers
and servers are only designed to protect
confidential information against network
eavesdropping. Without system security on both
browser and server sides, confidential documents
are vulnerable to interception.
  • As a rule of thumb, the more features a server
    offers, the more likely it is to contain security
    holes.
  • Simple servers that do little more than make
    static files available for requests are probably
    safer than complex servers that offer such
    features as on-the-fly directory listings, CGI
    script execution, server-side include processing,
    and scripted error handling.
  • Servers also vary in their ability to restrict
    browser access to individual documents or
    portions of the document tree.
  • Some servers provide no restriction at all,
    while others allow you to restrict access to
    directories based on the IP address of the
    browser or to users who can provide the correct
    password.
  • A few servers, primarily commercial ones provide
    data encryption as well.
  • CGI scripts are a major source of security
    holes. Although the CGI (Common Gateway
    Interface) protocol is not inherently insecure,
    CGI scripts must be written with just as much
    care as the server itself.

20
CGI Scripts
  • Server side includes, snippets of server
    directives embedded in HTML documents, are
    another potential hole.
  • A subset of the directives available in
    server-side includes instruct the server to
    execute arbitrary system commands and CGI
    scripts.
  • Unless the author is aware of the potential
    problems it's easy to introduce unintentional
    side effects. Unfortunately, HTML files
    containing dangerous server-side includes are
    seductively easy to write.
  • Some servers, including Apache and NCSA, allow
    the Web master to selectively disable the types
    of includes that can execute arbitrary commands.

21
Written Security Policy
  • The single most important step one can take to
    increase a site's security is to create a written
    security policy. This security policy should
    succinctly lay out the organization's policies
    with regard to
  • who is allowed to use the system
  • when they are allowed to use it
  • what they are allowed to do (different groups may
    be granted different levels of access)
  • procedures for granting access to the system
  • procedures for revoking access (e.g. employee
    leaving)
  • what constitutes acceptable use of the system
  • remote and local login methods
  • system monitoring procedures
  • protocols for responding to suspected security
    breaches

22
Written Security Policy
  • This policy need not be complicated. It need only
    be a concise summary of how the information
    system work, reflecting your organization's
    technological and political realities. There are
    several benefits to having a written security
    policy
  • You yourself will understand what is and is not
    permitted on the system. If you don't have a
    clear picture of what is permitted, you can never
    be sure when a violation has occurred.
  • Others in your organization will understand what
    the security policy is. The written policy raises
    the level of security consciousness, and provides
    a focal point for discussion.
  • The security policy serves as a requirements
    document against which technical solutions can be
    judged. This helps guard against the "buy first,
    ask questions later" syndrome.
  • The policy may help bolster your legal case
    should you ever need to prosecute for a security
    violation.
Write a Comment
User Comments (0)
About PowerShow.com