System and Network Security Overview

1
System and Network Security Overview
2
What is network security about ?

• It is about secure communication
• What do we mean by secure communication?
• Everything is connected by the Internet
• We will often use Alice and Bob
• Alice is on a vacation and wants to send a
  command to her assistantBobor just a computer
  to control the nuclear power plant, how can she
  do that?

3
What is it about ?

• There are eavesdroppers that can listen on the
  communication channels
• Information needs to be forwarded through packet
  switches, and these switches can be reprogrammed
  to listen to or modify data in transit
• Is it hopeless for Alice?

4
Other examples

• Alice sends Bob some sensitive information via
  Internet
• Network manager remotely changes some Access
  Control Lists (intercepts, impersonation)
• On-line stock trading, customer denies that she
  has sent the order

5
Cryptography

• Cryptography allows us to disguise data so that
  eavesdroppers gain no information from listening
• Cryptography also allows us to create
  unforgettable message and detect if it has been
  modified in transit a digital signature is often
  used for this purposea magic number

6
Network/System Security Overview

• Cryptography
• Secret key cryptography
• Modes of operation
• Hashes and message digest
• Public key cryptography
• Some number theory, AES and elliptic curve
  cryptography
• Authentication
• How can Alice prove that she is Alice on
  networks?
• Standards
• Kerberos, PKI, IPSec, SSL
• The underlying philosophy for these standards,
  that is, intuition behind various choices, design
  decisions, and flaws in these standards
• Email security
• Firewalls and secure systems

7
Two kinds of security

• Computer security
• Network security

8
Vulnerabilities of comp sys

• attacks on hardware
• attacks on software
• deletion, modification (Trojan horse,
  trapdoor/backdoor, covert channel), infection
  through computer virus, theft, copying
• attacks on data
• compromising secrecy integrity
• attacks on other resources
• storage media, time, key people

9
Computer security

• The goal is to protect data and resources
• How to design security mechanisms?
• Cost/benefits
• Threat model
• Trust model
• Available tools
• Where to use security tool
• Security is not only about cryptography
• Identify the weakest point

10
Failures of security mechanisms

• Failure to understand the threat model
• Failure to understand what a mechanism protects
  against and what it does not
• Bad design
• Implementation fault
• Misconfiguration
• Bad interaction with other parts
• Bad user interface

11
Network security

• Security of data in transit
• Security of data at rest

12
Importance of network security

• Increasing large deployment of networked
  computers
• Sensitive information/resources are coming online
  
• Personal information
• Financial services
• Military
• Infrastructure
• Large number of users, large amounts of money

13
OSI Reference Model
14
Most mentioned network terms

• IP, UDP, TCP
• Directory services
• Packet switching

Alice
Bob
Trudy
R4
R6
R1
R2
R5
Token ring
R3
15
Differences from systems security

• Attacks come from anywhere, at any time
• Highly automated attacks (script kiddies)
• Physical security measures are inadequate
• Wide variety of applications, services, protocols
• No single authority/administrator

16
Reactions to Information Security

• Active research in security privacy(numerous
  conferences each year)
• New laws
• Education
• Collaborations between governments, industries
  academia
• Employment of computer security specialists

17
Methods of defence (1)

• modern cryptography
• encryption, authentication code, digital
  signature etc
• software controls
• standard development tools (design, code, test,
  maintain, etc)
• operating system controls
• internal program controls (eg. database)
• fire-walls

18
Methods of defence (2)

• hardware controls
• security devices
• smart cards, ...
• SecureID
• physical controls
• locks, guards, backup of data software, thick
  walls, ...
• security policies procedures
• user education
• law

19
Introduction to Network Security
20
Intro Network Security

• To assess the security needs of an organization
  effectively and to evaluate and choose various
  security products and policies, the manager
  responsible for security needs some systematic
  way of defining the requirements for security and
  characterizing the approaches to satisfying those
  requirements.
• One approach is to consider 3 aspects of
  information security
• Security attack any action that compromises the
  security of informationowned by an organization
• Security method a mechanism that is designed to
  detect, prevent, orrecover from a security attack
• Security service a service that enhances the
  security of the dataprocessing systems and the
  information transfers of an organization
• The services are intended to counter security
  attacks, and they make use of one or more
  security methods to provide the service

21
Classification of Security Services

• Confidentiality Ensures that the information in
  a computer system and transmitted information are
  accessible only for reading by authorized parties
• Authentication Ensures that the origin of a
  message or electronic document is correctly
  identified, with an assurance that the identity
  is not false
• Integrity Ensures that only authorized parties
  are able to modify computer systems assets and
  transmitted information.
• Nonrepudiation Requires that neither the sender
  nor the receiver of a message be able to deny the
  transmission (nonrepudiation with proof of
  origin/delivery)
• Access control (Authorization) Requires that
  access to information resources may be controlled
  by or for the target system
• Availability Requires that computer system
  assets be available to authorized parties when
  needed

22
Threats

• Passive attacks
• Illegal interception (secrecy)
• Traffic analysis
• Active attacks
• Denial of Service / Interruption (availability)
• Un-authorised modification (integrity)
• Fabrication (authenticity)
• Replay
• Man-in-the-middle attacks
• Modification of messages

23
Illegal Interception

• also called un-authorised access
• difficult to detect
• it leaves no traces
• example US military Tempest program measures how
  far away an intruder must be before eavesdropping
  is impossible.
• The movement of electron can be measured from a
  surprising distance (control zone)

24
Traffic analysis

• Military applications (spy identification)
• Zeroknowledge Inc. http//www.zeroknowledge.com/
  (anonymous web browsing and private, encrypted,
  untraceable email for customers stopped services)
• ATT Crowds project (system for protecting your
  anonymity while you browse the web)
• Anonymizer http//www.anonymizer.com/
• Untraceable E-mails Mix by David Chaum

25
Denial of Service

• also called Interruptionrecent example DDoS,
  tool used in that DDoS trinoo http//staff.washing
  ton.edu/dittrich/misc/trinoo.analysis
• information resources (hardware, software and
  data) are deliberately made unavailable, lost or
  unusable, usually through malicious destruction

26
Un-authorized Modification

• un-authorised access tampering with a resource
  (data, programs, hardware devices, copy of
  hand-written signature, etc.)
• Ex. some portion of a legitimate message is
  altered, or that message is delayed or altered to
  produce an unauthorized effect

27
Fabrication and Impersonation

• fabricate counterfeit objects (data, programs,
  devices, etc)
• related examples
• counterfeit bank notes
• fake cheques
• impersonation/masquerading
• to gain access to data, services etc
• It takes place when one entity pretends to be a
  different entity. Example by capturing
  authentication sequences and replaying them

28
Replay attacks

• Passive capture of a data unit and its subsequent
  retransmission to produce an unauthorized effect.
  The attacker records a valid transaction and
  plays it back again later.
• Most often when a same shared key is used between
  two peers
• Defending against replay attacks is possible but
  painful as it requires maintenance of state

29
Man-in-the-middle attack

• Is an attack in which an attacker is able to
  read, insert and modify at will, messages between
  two parties without either party knowing that the
  link between them has been compromised. The
  attacker must be able to observe and intercept
  messages going between the two victims.
• MITM attacks on SSL
• Alice ??attacker??real site
• Mafia in the Middle attack
• Alice ?? coffee ??Jewelry

30
Modification of message

• Some portion of a legitimate message is altered,
  or that message is delayed or altered to produce
  an unauthorized effect

31
How to defeat these attacks?
illegal interception
secrecy
mix
traffic analysis
un-authorised modification
integrity
authentication
impersonation
authorization
re-play
man-in-the-middle
other mechanisms
denial of service
32
Key escrow for law enforcement

• Law enforcement would like to preserve its
  ability to wiretap otherwise secure communication
• Government wants to wiretap all the time, so it
  must prevent use of encryption, break the codes
  used for encryption, or somehow learn everyones
  cryptographic key
• Clipper proposal attempted the 3rd option
  (encryption is done with Clipper chipunique key)
• At present, government is giving up the control
  of cryptography

33
Key escrow for careless users

• It is prudent to keep your key in a safe place
• Where?
• Do you trust the unique key bank?
• Split your keys and deposit in several
  independent places

34
Digital Pest Virus, Worms, Trojan Horses

• No need to distinguish them.. But..
• Trojan horses instructions hidden in a useful
  code
• Virus when executed, insert a copy in other
  codes
• Worm self-replicating code
• Trap (back)-door undocumented entry point
• Logic bomb malicious instruction which triggers
  on some event, such as a particular time occuring
• Zombie malicious code installed on a system that
  can be remotely triggered to do bad things

35
More on Digital Pest

• Is it possible to detect a digital pest in a
  program? One of the famous results in computer
  science is that it is impossible to be able to
  tell what an arbitrary program will do by looking
  at it! In fact it is impossible in general to
  discern any nontrivial property of a program by
  looking at it (e.g. if the program will halt)
• Anyway, nobody looks Open source can help maybe
  someone else will look!
• A virus can be installed in any program as
  follows Replace any instruction, say the
  instruction at location x, by a jump to some free
  space in memory, say location y then Write the
  virus program starting at location y then Place
  the instruction that was originally at location x
  at the end of the virus program, followed by a
  jump to x1
• Replication Besides the delayed planned damage,
  the virus replicates itself silently. If it did
  not wait before damaging the infected system, it
  would not spread as far!

36
Where do they come from ?

• Commercial package malicious employee? Infected
  before shipping?...
• emails
• Floppy disk boot
• CDROM start-up execution
• Spreading from machine to machine
  (scriptsguessing passwords automatically...)

37
Virus Checker

• Check the instruction sequences for lots of types
  of viruses (virus patterns)
• Smart virus changes its form each time
  (polymorphic virus), more work for virus checker
  to detect but still possible
• Using snapshots of the files (not useful for some
  kinds of code)

38
Best practices

• No perfect virus checker
• Some precautions
• Do not run software from unknown sources
• Frequently run virus checkers
• Run code in the most restricted environments
• When system tells you something is dangerous, do
  not try it
• Do frequent backups
• Do not boot off floppies, do not insert
  suspicious CDs into CDROM

39
Best Practices How to protect a machine

• Three key items would increase the security of a
  system and protect it from attacks
• Install critical security updates / patches for
  the Operating System and services / programs
  running on the machine as soon as they become
  available (with Microsoft platform, sign up for
  Automatic Windows Updates). Those will patch
  backdoors, and design flows/security
  vulnerabilities which can be exploit.
• Install an Antivirus Software, and ensure it
  updates itself properly / constantly with latest
  virus definitions
• Install a firewall as most attacks will come
  from the network, closing unused ports would
  substantially decreases chances of successful
  attack.

40
Authentication and authorization

• In a network application, the first question is
  who you are? then what you are allowed to do?
• Authentication proves who you are and
  authorization defines what you can do
• Access Control Lists (ACL)database listing who
  can access a certain objects
• Capability Modeldatabase listing what each user
  can do

41
Access Control Lists
42
Discretionary and Nondiscretionary Access
Controls (DAC MAC)

• Discretionary means that someone who owns a
  resource can make a decision as to who is allowed
  to use (access) it
• Nondiscretionary (mandatory) access controls
  enforce a policy where users might be allowed to
  use information themselves but might not be
  allowed to make copy of it available to someone
  else (even the owner cannot change the attribute
  of a data file)

43
Philosophy behind these access controls

• Discretionary controls users and programs are
  good guys, OS decide how to protect each users
  data
• Nondiscretionary users are careless, programs
  may be infected. Careless users may type a wrong
  command and attach a secret file to an email sent
  to the public world. The information should be
  confined in a security perimeter

44
Multi-level model of security

• Security labels
• Both subjects and objects have security labels
• Only subjects with the proper clearance (security
  label) can see the objects with the same or lower
  level of security labels

45
Information Flow control

• Bell LaPadula (BLP) model
• Simple security property no read up
• -property no write down

46
Covert channels

• A covert channel is a method for a Trojan horse
  to circumvent the automatic confinement of
  information within a security perimeter (Assume
  the Trojan horse program has not enough
  privileges to directly send confidential data
  outside the system)
• Example OS enforce the multilevel security. A
  bad guy tricked a TOP SECRET guy to run a
  Trojan horse.

47
Covert channels (cont.)

• The timing channel The Trojan horse program
  alternately loops and waits, in cycles of, say
  one minute per bit (of the confidential data).
  When the bit is 1 the program loops for one
  minute. When the bit is 0 the program waits for
  a minute. Another program running on the same
  computer (but without access to the sensitive
  data) constantly tests the loading of the Trojan
  horse.
• The storage channel The Trojan horse program
  loads a (printer) queue to represent a 1, and
  delete its jobs to represent a 0. Easy to check
  the queue status and get the information.
• The error channel The Trojan horse program
  creates a file to represent a 1, and delete it to
  represent a 0. The external process tries to read
  the file since different error messages are
  reported when the file exists (but its access is
  not permitted) or when the file does not exist,
  which are used to distinguish between the 0's and
  1's.

48
The Orange Book

• The National Computer Security Center (NCSC)
  published an official standard called Trusted
  Computer System Evaluation Criteria (the Orange
  Book) which defines a series of ratings a
  computer system can have based on its security
  features and the care that went into its design,
  documentation, and testing

49
Orange book (cont.)

• System certification
• Dminimal protection
• C1DAC
• C2---per-user access control, auditing
• B1---security label (MAC)
• B2---trusted path, security kernel
• B3---negative ACLs, secure crash recovery
• A1---verified design