Introduction to Security Technology Security in Networks Part 1 presentation

About This Presentation

Transcript and Presenter's Notes

Title: Introduction to Security Technology Security in Networks Part 1

1
Introduction to Security TechnologySecurity in
Networks (Part 1)

P. Saeidi
Source Pfleeger, Chapter 7

2
Security in Networks Agenda

Basics of networks design, development and usage
How networks differ from and are similar to
stand-alone applications and environments
Threats against networked applications, including
Controls against attacks

3
Terminology

Single point of point of failure, fault tolerance
Topology
Media
Analog/digital
Protocols
LAN/WAN
Internet
Distributed System
APIs

4
Network Concepts

Networks involve pieces and connections among
them
We can be vulnerable to single point of failure.
Redundancy provides resilience or fault tolerance
and prevents single failures

5
Environment of Use

Parts of networks can be located in protected
locations (LANs) but some parts can be exposed to
total strangers (with different ownership or
control).
Networks can be described by several
characteristics
Anonymity, Automation, Distance, Opaqueness and
Routing diversity

6
Environment of Use

Anonymity
Network removes clues such as appearance, voice..
Automation
Most intermediate points as well as end points
may be machines with minimum human intervention.
Distance
human users can not usually say how far apart the
sites are.

7
Environment of Use

Opaqueness
Location transparency
Routing Diversity
To improve reliability performance routing is
usually dynamic. i.e. every time we may use a
different path

8
Topologies Shape and Size

Two extremes
Two hosts connected by one path
A very complex network, such as the Internet.
These extremes highlight 3 aspects of networks
that have strong influence on network security
Boundary Distinguishes an element of network
from an element outside it. But-
listing all hosts connected to the Internet is
impossible!
Ownership difficult to know who owns which host
in a network
Control difficult to tell the control attributes
of an arbitrary host in a network.

9
Media Types

Cable
UTP Low bandwidth(10 Mbs), signal degrades as it
travels
Coaxial (100Mbs) widely used on Ethernet. Can be
amplified using repeaters.
Optic Fibber up to 1000Mbs. A much better medium
with less interference.
Wireless Used for short distance (home/office
networks)
Microwave travel in straight line up to 30 miles

10
Media Types

Infrared
Short distance (up to 9 miles). Used by portable
devices. It is a point-to-point signal so
difficult to intercept. But subject to in the
middle attacks in which the interceptor
functions like a repeater.
Satellite
Placed in orbits.
Naïve transponder everything it receives will be
broadcast out again, over a long path (several
hundred miles long-footprint).
The smaller the footprint, the less risk of
interception.

11
Protocols OSI Protocol Layer
SourcePfleegerPfleeger
12
Protocols TCP/IP
SourcePfleegerPfleeger
13
TCP/IP

TCP/IP defined by protocols not layers. But can
be thought of as a four layered structure.
TCP implements a connected communications session
on top of IP transport protocol.
UDP is also an essential transport protocol.
UDP is less reliable than TCP but it is a much
faster and smaller protocol.

TCP is more secure than UDP Spoofing (pretend to
be someone else) is difficult in TCP
communications. UDP spoofing is trivial since
there is no notion of connection. UDP protocols
such as SNMP, TFTP, and syslog need special
attention when deployed in a security-sensitive
environment.
14
Example of Protocols
SourcePfleegerPfleeger
15
IP addresses

32-bit expressed as four 8-bit groups
Also known by names (e.g. www.staffs.ac.uk),
parsed from right to left.
To resolve names the system performs lookups.
Local hosts maintain a cache of domain name
records.
The name resolution can be used in network
attacks.

16
TCP/IP vs. ISO/OSI

ISO/OSI Complex design, not very efficient
TCP/IP More efficientOpen
Results Internet uses TCP/IP But introduces
security issues

17
Types of Networks

LANs
Small locally controlled and physically protected
WANs
Single control, covers large distance but
physically exposed
Internetworks (Internets)
Many thousands of machines and millions of users
Heterogeneous
Physically and logically exposed.

18
Threats in Networks

Network vulnerabilities
Who are the attackers
Examples of threat types.
In transit
Protocol flaws
Impersonation
Spoofing
Message Confidentiality / Integrity threats
Denial of Service (DOS)
In-depth details of these examples will be
explained in related modules later on.

19
What makes a Network Vulnerable?

A network differs from a stand-alone environment
in the following ways
Anonymity
Many points of attacks
Sharing
Complexity of system
Unknown perimeter
Unknown path

20
What makes a Network Vulnerable?

Anonymity
The attacker can disguise its origin by passing
through many other hosts which do not necessarily
have a host to host authentication.
Many points of attacks
Not all hosts administrators enforce the same
rigorous security policies
Sharing
Access controls for single systems may be
inadequate.

21
What makes a Network Vulnerable?

Complexity of system
A network control or operating system is more
complex than single one
Ordinary desktops are getting very powerful
Most users do not know what their computers are
really doing at any moment.
The attacker takes advantage of this and makes
the victims computer to perform some of the
computation.

22
What makes a Network Vulnerable?

Unknown Perimeter
One host may be shared between two networks.

A user on a host in network D may be unaware of
Potential connections from users of networks A
and B.
A host in the middle of A and B belongs also
to A,B,C and E.
These networks may have different security rules.
So which rule is the for shared hosts?!

SourcePfleegerPfleeger
23
What makes a Network Vulnerable?

Unknown Path
Network users usually do not have control over
the routing of their messages.
All these network characteristics increase
security risks.

SourcePfleegerPfleeger
24
Who Attacks Networks?

The three components of attack are method,
opportunity, and motive.
The motives are varied and can give an idea who
might attack the network. Examples are
Challenge
Fame
Money and Espionage
Ideology Cyberterrorism and hactivism (hacking
against network targets)

25
Who Attacks Networks?Some Threat Precursors

Methods of attack are varied. The attacker begins
perpetration by finding out as much as possible
about the target. Popular methods are
Port Scan
Social Engineering
Reconnaissance
Operating system Application Fingerprinting
Bulletin Boards Chats
Open documentations

26
Who Attacks Networks?Some Threat Precursors

Port Scan
A program that reports for a given IP address,
which ports respond to messages and which known
vulnerabilities are present. It tells the
attacker three things
Which standard services (ports) are running and
responding.
What OS is installed
What applications and which versions are present.

27
Who Attacks Networks?Some Threat Precursors

Social Engineering
Port scan gives the outside view of the network.
Social skills can be used to learn about the
inside of networks.
For example the attacker can impersonate someone
in high position. Humans like to help if asked
politely!

28
Threats in Transit

leaving confidential information at risk of
compromise while in transit. Examples of methods
and media
Eavesdropping
Intercepting messages via phone, email, instant
messaging,
Packet Sniffing
aka network analyzer a software or hardware that
intercepts and logs traffic
Capturing packets and decoding (analyzing) their
content
Wiretapping
Eg. Email in transit being wiretapped by mail
service providers!
Wireless

29
Expanding on some of these Threat Types

Impersonation
Spoofing
Message Confidentiality
Denial of Service
Traffic Redirection
DNS Attacks

30
Threats- ImpersonationTaking advantage of
vulnerabilities

Guessing (default passwords GUST, ADMIN, etc)
Stealing authentication when they are passed and
exposed in a network.
Wiretapping
Eavesdropping
Avoid authentication when a flaw can be exploited
(e.g. password buffer overflow)
Nonexistent authentication (e.g. anonymous or
guest password)
Well-Known authentication (e.g. SNMP uses a
community string password)
http//www.cisco.com/warp/public/477/SNMP/12.html
Trusted authentication
Delegation of identification to other trusted
sources
Unix .rhosts, .login, and etc/hosts/equiv
indicate hosts or users that are trusted to other
hosts
MSN Passport
MSN phishing attack attempts to steal MSN
Passport and Hotmail login information by
contacting users through email and notifying them
that their account will be disabled unless they
update their password. www.websense.com/

31
Threats Spoofing

When attacker falsely carries on one end of
network interchange. Examples are
Masquerade
One host pretends to be another-
URL confusion lack of URL standard creates
confusion
Different URLs representing same site
domain name confusion
DNS is case-insensitive, and some names may be
misinterpreted
Session hijacking
Intercepting and carrying on a session by another
entity. E.g. hijacking a remote telnet session
that was initiated by system administrator.
Man-in-the Middle attack

32
Threats- Message ConfidentialityCan be
compromised by

Misdelivery
Human errors in destination names
Exposure
In temporary buffers, routers , etc
Traffic Flow Analysis
The high volume traffic between two nodes may
infer speculations (politics, price fixing, etc.)
Both content and header information must be
protected

33
Threats- Denial of Service (DoS)

Availability attacks are often called Denial of
Service and are significant in networks. DoS
takes many forms such as
Transmission Failure
Connection Flooding
Send as much data as connection can handle.
Traffic Redirection
DNS Attacks

34
Traffic redirection

Compromised router may advertise the best path
to every other address in the network.
All traffic redirected to it, flooding it,
disrupting communication.

Introduction to Security Technology Security in Networks Part 1 PowerPoint PPT Presentation