Chapter 9 Panko’s Business Data Networks and Telecommunications, 6 th edition Copyright 2006 Prentice-Hall Security

Chapter 9

Panko’s Business Data Networks and Telecommunications, 6th edition

Copyright 2006 Prentice-Hall

Security

2

Security Requirements

• Authenticity

• Confidentiality

• Integrity

• Non-repudiation

• Availability

3

Figure 9-2: Malware

• Malware (惡意軟體 )

– A general name for evil software

• Viruses

– Pieces of code that attach to other programs

– When infected programs execute, the virus executes

– Infects other programs on the computer

– Spreads to other computers by e-mail attachments, IM, peer-to-peer file transfers, etc.

– Antivirus programs are needed to scan arriving files• Also scans for other malware

4

Figure 9-2: Malware

• Worms

– Stand-alone programs that do not need to attach to other programs

– Can propagate like viruses through e-mail, etc.• But this require human gullibility, which is slow

– Vulnerability-enabled worms jump to victim hosts directly

– Can do this because hosts have vulnerabilities

– Vulnerability-enabled worms can spread with amazing speed

– Vendors develop patches for vulnerabilities but companies often fail or are slow to apply them

漏洞

5

Figure 9-2: Malware

• Payloads

– After propagation, viruses and worms execute their payloads (damage code)

– Payloads erase hard disks, send users to pornography sites if they mistype URLs

– Trojan horses: exploitation programs disguise (假裝 ) themselves as system files

6

Figure 9-2: Malware

• Attacks on Individuals

– Social engineering—tricking the victim into doing something against his or her interests

– Spam—unsolicited(未被懇求的 ) commercial e-mail

– Credit card number theft is performed by carders

– Identity theft: collect enough data to impersonate the victim in large financial transactions

– Fraud: get-rich-quick schemes( 一夜致富法 ), medical scams( 欺詐 )

Phishing

7

Figure 9-2: Malware

• Attacks on Individuals

– Adware pops up advertisements

– Spyware collects sensitive data and sends it to an attacker

– Phishing: sophisticated social engineering attack in which an authentic-looking e-mail or website entices the user to enter his or her username, password, or other sensitive information

8

Figure 9-3: Human Break-Ins (Hacking)

• Human Break-Ins

– Viruses and worms rely on one main attack method

– Humans can keep trying different approaches until they succeed

• Hacking

– Breaking into a computer

– Hacking is intentionally using a computer resource without authorization or in excess of authorization

9


• Scanning Phase

– Send attack probes to map the network and identify possible victim hosts

– Nmap programming is popular (Figure 9-4)

10

Figure 9-4: Nmap

IP Range to Scan

Type of Scan

Identified Host and

Open Ports

11


• The Exploit

– The actual break-in

– Noun: Exploit is the program used to make the break-in

– Verb: Attackers exploit the computer

(開拓 )

12


• After the Break-In

– Become invisible by deleting log files

– Create a backdoor (way to get back into the computer)

• Backdoor account—account with a known password and super user privileges

• Backdoor program—program to allow reentry; usually Trojanized

• Rootkit—stealthy backdoor that cannot be detected by the operating system

– Do damage at leisure

New

13

Figure 9-5: Distributed Denial-of-Service Flooding Attack

Victim60.168.47.47

Attacker1.34.150.37

Handler

Handler

Zombie

Zombie

Zombie

AttackCommand Attack Packet

Attack Packet

Attack Packet

AttackCommand

AttackCommand Attack

Command

AttackCommand

The attacker installs handler and zombie programs on victimsThe attacker sends an attack command to handlers.

Handlers send attack commands to zombies.The zombies overwhelm the victim with attack packets.

TCP Syn Flooding

14

Figure 9-6: Bots

BotBotSoftware

Update

Command

Human Master

Bots are like zombies,but they can be updated

by the human masterto give new functionality.

15

Figure 9-19: Cryptographic Systems

• Cryptographic Systems

– Provide security to multi-message dialogues

• At the Beginning of Each Communication Session

– The two parties authenticate each other

Party A Party B

Initial Authentication

Credentials Credentials

16


• Message-by-Message Protection

– After this initial authentication, cryptographic systems provide protection to every message

– Encrypt each message for confidentiality so that eavesdroppers cannot read it

Party A Party BMessages Encrypted for Confidentiality

17


• Message-by-Message Protection

– Adds an electronic signature to each message

– The electronic signature authenticates the sender

– It also provides message integrity: receiver can tell if a message has been changed in transit

Party A Party BElectronic Signature

18

Symmetric and Public Key EncryptionSymmetric and Public Key Encryption

Symmetric Key Encryption for Confidentiality

Message“Hello”

EncryptionMethod &

Key

SymmetricKey

Party A

Party B

Network

Encrypted Message

Encryption uses anon-secret encryption method and

a secret key

19

Figure 9-20: Symmetric and Public Key Encryption


Encrypted Message

SymmetricKey

Party A

Party B

InterceptorNetwork

Interceptor cannot readencrypted messages

Encrypted Message

20



Message“Hello”

EncryptionMethod &

Key

Encrypted Message Message“Hello”

DecryptionMethod &

Key

SymmetricKey

SameSymmetric

Key

Party A

Party B

InterceptorNetwork

Receiver decrypts the messageUsing the same encryption message

And the same symmetric key

Encrypted Message

21

Types of Symmetric Key Encryption

DES 3DES AES

Key Length (bits) 56 112 or 168 128, 192, or 256

Strength Weak Strong Strong to Very Strong

Processing Requirements

Moderate High Modest

RAM Requirements Moderate High Modest

22


Public Key Encryption for Confidentiality

EncryptedMessage

EncryptedMessage

Party A Party B

Encrypt withParty B’s Public Key

Decrypt withParty B’s Private Key

Decrypt withParty A’s Private Key

Encrypt withParty A’s Public Key

Note:Four keys are used to encryptand decrypt in both directions

23

Figure D-7: Digital Signature

SenderReceiver

DS Plaintext

Add Digital Signature to Each MessageProvides Message-by-Message Authentication

Encrypted for Confidentiality

24

Figure D-7: Digital Signature: Sender

DS

Plaintext

MD

Hash

Sign (Encrypt) MD withSender’s Private KeySender’s Private Key

To Create the Digital Signature:

1.1. HashHash the plaintext to create the plaintext to create

a brief message digesta brief message digest; This is

NOT the digital signature

2. Sign (encrypt) the message

digest with the sender’s privatesender’s private

keykey to create the digital

Signature

Hash algorithms: MD5, SHA-1http://en.wikipedia.org/wiki/MD5http://en.wikipedia.org/wiki/SHA-1

25

Figure D-7: Digital Signature

SenderEncrypts Receiver

Decrypts

Send Plaintext Plus Digital SignatureEncrypted with Symmetric Session Key

DS Plaintext

Transmission

Receiver Decrypts the Message,Getting the Plaintext Plus Digital Signature

26

Figure D-7: Digital Signature: Receiver

DSReceived Plaintext

MDMD

1.Hash

2.Decrypt withTrue Party’sPublic Key

3.Are they Equal?

1. Hash the receivedplaintext with the samehashing algorithm the

sender used. This givesthe message digest.

2. Decrypt the digitalsignature with the sender’spublic key. This also should

give the message digest.

3. If the two match, the message is authenticated;The sender has the true

Party’s private key

27

Figure D-8: Public Key Deception

Impostor

“I am the True Party.”

“Here is TP’s public key.” (Sends Impostor’s public key)

“Here is authenticationbased on TP’s private key.”

(Really Impostor’s private key)

Decryption of message from Verifierencrypted with Impostor’s public key,

so Impostor can decrypt it

Verifier

Must authenticate True Party.

Believes now has TP’s public key

Believes True Partyis authenticated

based on Impostor’s public key

“True Party,here is a message encrypted

with your public key.”

CriticalDeception

28

Digital Certificates

• Digital certificates are electronic documents that give the true party’s name and public key

• Applicants claiming to be the true party have their authentication methods tested by this public key

• If they are not the true party, they cannot use the true party’s private key and so will not be authenticated

• Digital certificates follow the X.509 Standard

29

Figure D-10: Roles of Digital Certificates and Digital Signatures in Authentication

• Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature

DS Plaintext

Applicant

Verifier

Certificate Authority

DigitalCertificate:True Party’sPublic Key

30

Figure D-10: Roles of Digital Certificates and Digital Signatures in Authentication

DigitalSignature

Authentication

Applicant

Verifier

Certificate Authority

DigitalCertificate:True Party’sName andPublic KeyMust be Tested with

True Party’sDigital Certificate

31

Figure D-9: Public Key Infrastructure (PKI)

Verifier(Brown)

Certificate AuthorityPKI Server

2.Distribute

PrivateKey

Applicant (Lee)

Verifier(Cheng)

1.Create

Public Key/Private Key

Pair

32


Verifier(Brown)

Certificate AuthorityPKI Server

4.Certificate

for Lee

Applicant (Lee)

Verifier(Cheng)

3. RequestCertificate

for Lee

33


Verifier(Brown)

Certificate AuthorityPKI Server 6. Request Certificate

Revocation List (CRL)

Applicant (Lee)

5.Certificate

for Lee

Verifier(Cheng)

7. CRL

34

Figure 9-9: Access Control

• Companies must then develop an access control plan for each asset

– The plan includes the AAA protections

– Authentication—proving the identity of the person wishing access

– Authorization—determining what the person may do if they are authenticated

– Auditing*—logging data on user actions for later appraisal

*3rd A: Accounting http://en.wikipedia.org/wiki/AAA_protocol

35

Figure 9-10: Authentication

Verifier

Applicant

Verifier

Applicant

1.Credentials

(Password, etc.)2. OK?

3. OK andAuthorizations

4. Welcome

AuthenticationServer

The applicant is the person who wishes to prove his or her identity.The verifier is the person who wants to authenticate the applicant.

The applicant sends credentials (passwords, etc.).Usually a central authentication server judges the credentials.

This provides consistency in authentication.

憑據

36

Figure 9-11: Password Authentication

• Passwords should be complex

– Mix case (A and a), digits (6), and other keyboard characters ($, #, etc.)

– Can only be cracked with brute force attacks (trying all possibilities)

• Passwords should be long

– Eight characters minimum

– Each added character increases the brute force search time by a factor of about 70

37

Figure 9-12: Digital Certificate Authentication

• Public and Private Keys

– Each party will have both a public key and a private key

– Each party makes its public key available to everybody

– Each party keeps the private key secret

• Digital Certificate

– Tamper-proof file giving a party’s public key

38


• Operation

– Applicant performs a computation with his or her private key, which only he or she should know

– Verifier tests the calculation with the public key in the digital certificate of the party the applicant claims to be

– If the test is successful, the applicant is authenticated as knowing the claimed party’s secret public key

– If the test fails, the applicant is rejected

39


Calculation Digital Certificate

Authentication

Public key ofthe person

the applicantclaims to be

Calculationcreated with the

private key ofapplicant

Verifier tests the calculation with the public key of theclaimed party. If the test succeeds, the applicant mustknow the secret private key of the claimed party, which

only the claimed party should know.

40


• Appraisal ( 評價 )

– Digital signature authentication gives extremely strong authentication

– Very expensive: must set up infrastructure for distributing public-private key pairs

– Must do the labor of creating, distributing, and installing private keys.

41

Figure 9-13: Biometric Authentication

• Biometric Authentication

– Authentication based on bodily measurements

– Promises to eliminate passwords

• Fingerprint Scanning

– Dominates biometrics use today

– Simple and inexpensive

– Substantial error rate (misidentification)

– Often can be fooled fairly easily by determined impostors

– Not a problem for low-risk situations like home computers

42


• Iris Scanners

– Scan the iris (colored part of the eye)

– Irises are complex, so very strong authentication

– Expensive

• Face Recognition

– Camera allows analysis of facial structure

– Can be done surreptitiously—without the knowledge or consent of person being scanned

– Very high error rate and easy to fool

43


• Error Rates and Deception( 欺騙 )

– Error rates are higher than vendors claim

– Deception is easier than vendors claim

– The usefulness of biometrics is uncertain

44

Figure 9-14: Firewall Operation

InternalCorporateNetwork

Attacker

AttackPacket

InternetFirewall

HardenedClient PC

AllowedLegitimate Packet

Hardened Server Internet

DeniedAttackPacket

Log File LegitimateHost

LegitimatePacket

Ingress Filtering

Egress Filtering

Firewalls inspect each packet.Legitimate packets are allowed through.

Provable attack packets are dropped and logged.

45

Figure 9-15: Stateful Firewall Filtering

• Stateful Firewall Filtering

– There are several types of firewall filtering

– Stateful inspection is the dominant methodology today

– Stateful firewalls often use other filtering mechanisms as secondary mechanisms

46


• Connection Initiation

– Some Packets Attempt to Open a Connection• Example: packets with TCP segments whose SYN bits are set

• Stateful firewalls have default rules for connection-opening attempts

Site

StatefulBorderFirewall

ExternallyInitiated

Connections areRejected

By Default

Internally Initiated ConnectionsAre Allowed by default

47

Stateful Firewalls

All Packets

Connection-OpeningAttempts

Other Packets

Default Behaviorfor Connections

ACL Exceptions

Not Part ofPreviouslyPermitted

Connection

Part ofPreviouslyPermitted

Connection

Drop Packet Accept Packet

48


• Perspective

– Simple operation leads to inexpensive stateful firewall operation

– However, stateful inspection firewall operation is highly secure

49

Figure 9-17: Ingress Access Control List (ACL) for a Stateful Inspection Firewall

• 1. If packet’s source and destination sockets are in the connection table, PASS.

– If the packet is part of an previously-established connection, pass it without further filtering.

• 2. If the packet’s source and destination sockets are not in the connection table and the packet is not a connection-opening attempt, DROP and LOG.

– Drop any packet that is not a connection-opening attempt and that is not part of an established connection.

50


• 3. If protocol = TCP AND destination port number = 25, PASS and add connection to connection table

– This rule permits external access to all internal mail servers.

• 4. If IP address = 10.47.122.79 AND protocol = TCP AND destination port number = 80, PASS and add connection to connection table.

– This rule permits access to a particular webserver, 10.47.122.79

51


• 5. Deny All AND LOG

– If earlier rules do not result in a pass or deny decision, this last rule enforces the default rule of banning all externally-initiated connection-opening attempts.

52

Figure 9-18: Firewalls, Intrusion Detection Systems, and Intrusion Prevention Systems

• Firewalls

– Drop provable attack packets

• Intrusion Detection Systems (IDSs)

– Very sophisticated filtering—better than firewalls

– Identify suspicious packets

– Cannot drop--suspicious packets may be legitimate

• Intrusion Prevention Systems (IPSs)

– Use IDS filtering mechanisms

– Drop suspicious packets highly likely to be attacks

– Ignore other suspicious packets

53


• IDS and IPS filtering

– Stream Analysis

• Analyze streams of packets to identify suspicious patterns

– Deep packet inspection

• Inspect headers and messages at the internet, transport, and application layers

54


Firewalls IDSs IPSs

Processing Power Needed

Modest Heavy Heavy

Maturity Fairly Mature Still immature. Too many false positives

Tuning reduces false positives but is labor-intensive

New.

Only used to stop attacks that can be identified fairly accurately.

Documents

Chapter 9 Panko’s Business Data Networks and Telecommunications, 6 th edition Copyright 2006 Prentice-Hall Security