Computer Systems Security Security in Networks Security Controls

1
Computer Systems SecuritySecurity in Networks
(Security Controls)

• Topic 2
• Pirooz Saeidi
• Source Pfleeger, Chapter 7

2
Network Security Controls Agenda-

• Security Threat Analysis
• Design, Implementation and Architecture
• Control types
• Firewalls
• Intrusion Detection Systems
• Secure Email
• Summary and Conclusion

3
Network Security Controls

• We introduce a number of defence strategies
  available to network security engineer.
• With details of three important controls
• Firewalls,
• Intrusion Detection Systems, and
• Encrypted e-mail.

4
Security Threat Analysis

• The three steps of security threat analysis are
• Scrutinise all parts of the system
• Consider possible damage to confidentiality,
  integrity and availability.
• Speculate the kind of attack.

5
Security Threat Analysis

• The individual parts of a network
• Local nodes connected through
• Local communication links to a
• LAN which also contains
• Local processes, storage and devices

6
Security Threat Analysis

• LAN is also connected to a gateway that
• provides access through Network communications
  links to
• Network control resources, routers, databases,
  etc.

7
Security Threat Analysis

• Possible threats and damage
• Intercepting data in traffic
• Accessing or modifying data/programmes in remote
  hosts.
• Modifying data in transit
• Blocking traffic
• Impersonating a user
• and more

8
Security Threat Analysis

• The network security engineer speculates these
  threats and uses the defence available.
• Such defence varies from design and architecture
  to different types of controls
• We will have a close look at these defences.

9
Design, Implementation and Architecture

• In previous lectures we elaborated on design and
  implementation issues.
• Similarly a network architecture and design can
  have a considerable effect on its security.
• In this context we will consider
• Segmentation
• Redundancy and
• Single Points of Failure

10
Segmented Architecture

• Reduces the number of threats and limits damage.
• Consider an e-commerce application with the
  following parts
• A web server
• Application code
• Database of products
• Database of orders

11
Segmented Architecture

• We dont want to compromise the entire
  application by putting all of these activities in
  one machine. Instead we can use multiple
  segments.

PfleegerPfleeger
12
Other Architectural Controls

• Redundancy
• Example provide more than one server and use
  failover mode
• Servers communicate periodically with each other.
  
• If one fails the other takes over processing for
  both.
• Avoid Single Point of Failure
• Example distribute parts of a database in
  different segments

13
Controls Encryption

• Two forms
• Link Encryption
• Between hosts
• End-to-end Encryption
• Between applications

14
Link Encryption

• Data encrypted just before it is placed in
  physical link.
• Takes place in layer 1 2 of OSI
• Appropriate when transmission line is vulnerable.

PfleegerPfleeger
15
Link Encryption

• Example of a typical Link Encrypted message.
• Some of header/trailer information may be applied
  before encryption takes place.

16
End-to-end Encryption

• Encryption can be applied by hardware as well as
  software at highest layers.

PfleegerPfleeger
17
End-to-end Encryption

• Example An encrypted message

PfleegerPfleeger
18
End-to-end Encryption

• Messages sent to several hosts are protected and
  the data content is still encrypted while in
  transit even if it passes through potentially
  insecure nodes.

19
Virtual Private Networks (VPN)

• With link encryption the users may think they are
  on a private network. Hence the word VPN.
• The greatest exposure for a user is between
  his/her machine and the perimeter of the host
  network.
• A VPN can deploy firewalls to implement an
  encrypted connection between a user's distributed
  sites over a public network.

20
Virtual Private Networks (VPN)

• Communication passes through an encrypted tunnel.
• VPN is created when the firewall interacts with
  an authentication service inside the perimeter.
• Any communication is done through the encrypted
  tunnel

PfleegerPfleeger
21
Virtual Private Networks (VPN)

• Firewall implements Access control on the basis
  of VPN.
• Example of a VPN with privileged access
• The firewall passes to internal server the
  privileged identity of User2

PfleegerPfleeger
22
Public Key Infrastructure (PKI) and Certificates

• PKI is used to implement public key cryptography.
  
• Offers each user a set of services on access
  control and identification.
• Integrate digital certificates, public-key
  cryptography, and certificate authorities into a
  total, enterprise-wide network security
  architecture.
• Involves registration authority to act as an
  interface between user and certificate authority
• More information from

http//csrc.nist.gov/pki/
23
Secure Shell (SSH) Encryption

• SSH is a pair of protocols originally for Unix
  but now available in Windows 2000
• Provides authenticated and encrypted path to
  shell or command line interpreter
• Replaces utilities such as Telnet, rlogin and rsh
  for remote access
• Protects against spoofing attacks and
  modification of data in communication.

24
Secure Socket Layer (SSL) Encryption

• SSL designed to protect communication between a
  web browser and a server.
• Interfaces between applications and the TCP/IP
  protocols to provide server authentication.
• Client and server negotiate a mutually supported
  set of encryption for session encryption and
  hashing

25
Secure Socket Layer (SSL) Encryption

• To use SSL,
• The client requests an SSL session
• The server responds with its public key
  certificate with which the client authenticates
  the server
• Client returns part of a symmetric session key
  encrypted under the servers public key
• Client and server both compute the session key,
  and switch to encrypted communication, using the
  shared session key

26
Encryption-IP Security Protocol (IPSec)

• Adopted by IPv6, addresses many shortcomings of
  conventional IP such as spoofing, session
  hijacking,
• Implemented at IP layer so it effects all layers
  above it, including TCP and UDP.
• Works similar to SSL in terms of authentication
  and confidentiality and is independent of
  cryptographic protocols.

27
IP Security Protocol (IPSec)

• IPSEc is based on security association, a set of
  security parameters for a secured communication
  channel.
• The main data structures of IPSEc are AH
  (Authentication header) and ESP (Encapsulated
  Security Payload)

28
IP Security Protocol (IPSec)

• ESP replaces the TCP header and data portion of a
  packet

 Packets (a) Conventional Packet (b) IPSec
Packet.
PfleegerPfleeger
29
IP Security Protocol (IPSec)

• ESP replaces the conventional TCP header and data
  portion of a packet and
• contains both of an authenticated portion and an
  encrypted portion

The Encapsulated Security Packet PfleegerPfleege
r
30
Content Integrity Controls

• Guarding against modification in transmission. We
  can use methods such as
• Error Correcting Codes
• Cryptographic checksums

31
Error Correcting Codes

• Error Detection Codes
• Parity checking (odd or even parity bit)
• Usually used to detect non-malicious changes
  (e.g. noise)
• Hash code a unique signed number returned by a
  hash function
• Huffman code
• A data compression method that changes the
  length of the encoded token in proportion to its
  information content, that is the more frequently
  a token is used, the shorter the binary string
  used to represent it in the compressed stream
• Error Correction
• Correct without retransmission

32
Cryptographic Checksum

• Also called message digest is a cryptographic
  function that produces a checksum.
• The checksum is assigned to a file and used to
  "test" the file at a later stage to verify that
  the data contained in the file has not been
  maliciously changed.

33
Strong Authentication Controls

• Networked environments as well as both ends of
  communication need authentication.
• We will consider the following methods
• One-Time Password
• Challenge-Response Systems
• Digital Distributed Authentication
• Kerberos

34
One-Time Password

• Guards against wiretapping and spoofing
• Password is effective only once
• Uses a secretly maintained password list, or
• each user can use a device to randomly generate
  new passwords every minute (computation is based
  on the value of current time interval).
• Within the same minute the receiving computer
  should be able to compute the same password to
  match.

35
Challenge_Response Systems

• The user authenticates to a simple device by
  means of say a PIN.
• The system prompts the user with a new challenge
  for each use
• The remote system sends a random number (the
  challenge) which the user enters into the
  device.
• The device responds to that number with another
  number, which the user transmits to the system
  and so on.

36
Authentication in Distributed Systems Kerberos

• Designed at MIT.
• Used for authentication between clients and
  servers.
• Based on the idea that a central server provides
  authenticated tokens called tickets to requesting
  applications.
• A ticket is non-forgeable and non-replayable.

37
Authentication in Distributed Systems Kerberos

• Kerberos design goals was to enable systems to
  withstand attacks in distributed systems. The
  main characteristics are
• No passwords are communicated on the network.
• Users password is stored only at the Kerberos
  server.
• It is not sent from the users workstation when
  it initiates a session.
• Provides cryptographic protection against
  spoofing.
• Each access is mediated by a ticket-granting
  server
• Which knows the identity of the user based on the
  authentication performed initially by the server.

38
Authentication in Distributed Systems Kerberos

• 3. Limited period of validity (of tickets)
• Tickets contain timestamps with which the server
  will determine the tickets validity.
• The attacker therefore will not have time to
  complete a long term attack.
• Timestamps prevent replay attacks
• In a replay attack a valid data transmission is
  maliciously or fraudulently repeated or delayed.
• The server compares the timestamps of requests
  with current time. And accepts requests only if
  they are reasonably close to current time.
• This time-checking prevents most replay attacks,
  since the attackers presentation of tickets will
  be delayed!
• 4. Mutual authentication
• The user of a service can be assured of any
  servers authenticity by requesting an
  authenticating response from the server.

39
Authentication in Distributed Systems -Kerberos

• Uses public key technology for key exchange.
• A central server provides authenticated tokens,
  called tickets to requesting applications.
• Ticket is an encrypted data structure naming a
  user and a service the user has permission to
  access.

40
Kerberos

• The user first establishes a session with
  Kerberos server as follows
• The users workstation sends users identity to
  Kerberos server.
• The Kerberos server verifies that the user is
  authorised by sending two messages. One to the
  user and the other to the ticket-granting server.

41
Kerberos

• Users message contains
• A session key SG to communicate with ticket
  granting server G and a ticket TG.
• SG Is encrypted under users password
• E(SG TG, PW)
• Ticket granting servers message contains
• A copy of the session key SG and the encrypted
  identity of the user

42
Kerberos

• If the workstation can decrypt E(SG TG, PW)
  using pw, then the user has been successful in
  authentication.
• Diagram show how a Kerberos session is initiated

PfleegerPfleeger
43
Kerberos

• Now the user (U) wants to access the services of
  the distributed system (say access file F)
• Using key SG the user requests a ticket from
  ticket granting server to access file F.
• The ticket granting server verifies Us access
  permission and returns a ticket and a session key.

44
Kerberos

• The ticket contains the following
• Us authenticated identity
• An identification of F
• Access rights
• A session key SF (with file server)
• Ticket expiry date
• Diagram shows how a Ticket can be obtained to
  access a file

PfleegerPfleeger
45
Access Control

• Access control enforce what and How of security
  control policies.
• Mechanisms such as
• ACLs on Routers
• Firewalls
• We will look at them later

46
ACLs on Routers

• Routers can be configured with ACLs to deny
  access to particular hosts from particular hosts.
• This is very expensive. Brings a large load to
  routers.
• Routers inspect the source and destination
  addresses. But with UDP datagrams, attackers can
  forge source address so that their attack can not
  be blocked by routers ACL..
• Limited and restricted use of ACLs is a more
  viable option.

47
Honeypots Controls

• Like catching a mouse we can set a trap with an
  attractive bait!
• A honeypot is a computer system or a network
  segment open to attackers to
• See what the attackers do
• tempt the attacker to a place so that you can
  learn its habits and stop future attacks
• Make a playground to divert him/her from the real
  system

48
Firewalls

• A firewall is a device or, software, or a
  combination of both designed to prevent
  unauthorised users from accessing a network
  and/or a single workstation.
• Networks usually use hardware firewalls which are
  implemented on the router level. These firewalls
  are expensive, and it is difficult to configure
  them.
• Software Firewalls are used in single
  workstations and are usually less expensive and
  it is easier to configure them

49
Firewalls

• Inspect each individual inbound or outbound
  packet of data to or from the system
• Check if it should be allowed to enter or
  otherwise it should be blocked

50
Types of firewalls

• Packet filtering gateways or screening routers
• Stateful inspection firewalls
• Application proxies
• Guards
• Personal firewalls

51
Packet filtering gateways

• Control is based on packet address or a specific
  transport protocol (e.g. HTTP).
• Example a packet filter can block traffic using
  Telnet protocol but allows HTTP traffic.

52
Stateful inspection firewalls

• Keeps a history of previously seen packets to
  make better decisions about current and future
  packets.
• Useful to counter attacks which force very short
  length packets into, say a TCP packet stream.
• Remember TCP packets arrive in different order
  and firewall will not be able to detect the
  signature of an attack split across 2 or more
  packets.

53
Application Proxies

• Packet filters deal with header information but
  not data inside the message. So the SMTP example
  we sow in the tutorial last week leaves a back
  door open to anything inbound to port 25.
• Also a flawed applications that acts on behalf of
  the user (e.g. an e-mail agent), with all users
  privileges can cause damage.

54
Application Proxies

• Application Proxies have access to the entire
  range of information in the network stack. They
  can also filter harmful or disqualified commands
  in the data stream.
• The proxy controls actions through the firewall
  on the basis of the data visible inside the
  protocol, and not just on external header
  information

55
Next lecture

• Will conclude network security buy looking at two
  more controls
• Email and
• Intrusion Detection Systems