Chapter%209%20Networking%20

1
Chapter 9Networking Distributed Security
(Part C)
2
Outline

• Overview of Networking
• Threats
• Wiretapping, impersonation, message
  interruption/modification, DoS
• Controls
• Encryption, authentication, distributed
  authentication, traffic control, integrity
  control
• Email privacy PEM, PGP
• Firewalls

3
Electronic Mails

• Security Goals vs Threats

Goals Threats
confidentiality interception
integrity interception and subsequent replay content modification content forgery by outsider content forgery by recipient origin forgery by recipient
authenticity origin modification origin forgery by outsider
nonrepudiation Threats 2 through 8 above
reliable delivery interception (blocked delivery) denial of message transmission
4
Privacy-enhanced E-Mails (PEM)

• Internet standards
• 1987 RFC989 (PEM version 1)
• 1989 RFC1113 (version 2)
• 1993 RFC1421, 1422, 1423, 1424 (Part I, II, III,
  IV), version 3
• Protection of privacy-enhanced emails occurs in
  the body of the message. The header of the
  message is not changed to ensure compatibility
  with the then existing email systems.
• Overview Fig. 9-27, 9-28 (p.424)
• 1) The message header and body is encrypted under
  a symmetric key, K ? E (message, K)
• 2) K is encrypted by the recipients public key
  ? Rpub (K)
• 3) A duplicate header is prepended to the
  message, which contains both Rpub(K) and
  E(message, K).
• Q In step 2, can symmetric key, instead of the
  recipients public key, be used to encrypt the
  message key?

5
Privacy-enhanced E-Mails (PEM)

• The answer YES. See p.425.
• Q What would be the requirements if symmetric
  key is used?
• Proc-Type field processing type
• DEK-Info field data exchange key field
• Key-Info key exchange
• Message encryption DES
• Key exchange DES or RSA
• In principle, any encryption algorithms can be
  used.

6
Privacy-enhanced E-Mails (PEM)

• Security features
• Confidentiality message encryption
• Authenticity - ?
• Nonrepudiability - ?
• Integrity - ?
• Answers p.425

7
Privacy-enhanced E-Mails (PEM)

• Advantages
• The user may choose to use PEM or not in sending
  an email.
• PEM provide strong end-to-end security for
  emails.
• Problems?
• Key management
• The end points may not be secure.
• Yet another privacy enhanced email protocol
• PGP p.426

8
Firewalls

• Q Which is more important, protection of emails
  or protection of network-connected resources?
• (see argument on p.427)
• A firewall works in a way similar to a filter,
  which lets through only desirable interactions
  while keeping all others out of the protected
  network.
• Analogy a gate keeper, a security gateway
• A firewall is a device or a process that filters
  all traffic between a protected (inside) network
  and a less trustworthy (outside) network.
• Scenarios
• Internal users sending company secrets outside
• Outside people breaking into systems inside

9
Firewalls

• Alternative security policies
• To block all incoming traffic, but allow outgoing
  traffic to pass.
• To allow accesses only from certain places
• To allow accesses only from certain users
• To allow accesses for certain activities (such as
  specific port numbers)
• Port 79 finger Port 23 telnet Port 513
  rlogin
• Port 21 ftp Port 177 X Windows
• ICMP messages the PROTOCOL field of IP header
  1
• Each of these mechanisms is a potential back door
  into the system.

10
Types of Firewalls

• Screening Routers
• The simplest, but may be the most effective type
  of firewalls.
• A router plays the role of a gateway between
  two networks. (Fig. 9-31, p.429)
• A screening router takes advantage of a routers
  ability of screening passing-through packets
  and forwards only packets that are desirable.
• Example Fig. 9-32.
• A router has a unique advantage because it sits
  between an outside and the inside network. (Fig.
  9-33)

11
Types of Firewalls

• Proxy Gateways
• proxy authority or power to act for another
• A firewall that simulates the effects of an
  application by running pseudo-applications.
• To the inside it implements part of the
  application protocol to make itself look as if it
  is the outside connection.
• To the outside it implements part of the
  application protocol to act just like the inside
  process would.
• It examines the content, not just the header, of
  a packet.
• Examples of using proxy firewalls pp.431-432

12
Types of Firewalls

• Guards
• A sophisticated proxy firewall
• A guard firewall examines and interprets the
  content of a packet.
• A guard usually implements and enforces certain
  business policies.
• Example enforcing an email quota (p.433)
• Other examples
• Trade-offs?
• Table 9-3 (p.434) Comparing the types of firewalls

13
Firewalls

• Examples of Firewall Configurations
• Screening router only Fig. 9-35
• Proxy firewall only Fig. 9-36
• A combined approach Fig. 9-37
• Q Does it make sense to reverse the position of
  the screening router and the proxy firewall in
  Fig. 9-37?

14
DMZ (Demilitarized zone)

• The segment in a network bounded by two firewalls.

15
Considerations about Firewalls

• Firewalls provide perimeter protection of a
  network, if the networks perimeter is clearly
  defined and can be controlled by the firewall.
• A firewall is a prime target to attack.
• A firewall does not solve all security problems.
  Why not?
• A firewall may have a negative effect on software
  portability. (See VM Ch. 16 Through the
  firewall)

16
Summary

• Network security is a rich area, in terms of
  complexity of the problem and research
  opportunities.
• Intrusion detection
• Honeypots
• Security versus performance
• Next
• Buffer overflow (VM Ch 7)
• Applying cryptography (VM Ch 11)