COMP3825: Networking and Information Assurance

1
COMP3825 Networking and Information Assurance

• Networking Ethics, Firewall, IDS
• Lan Wang
• lanwang_at_memphis.edu

Based on slides by Prabhaker Mateti (Wright
State), Chris Misra (Umass)
2
Why learning ethics?

• The study of ethics provides us with a framework
  for judgments we must make within our profession.
  
• Our code of ethics is what holds us together as a
  profession it is what we profess.
• As computer scientists, the study and teaching of
  computer security is an ethical responsibility.

3
What is ethical?

• Some likely responses
• "Ethics has to do with what my feelings tell me
  is right or wrong.???
• "Ethics has to do with my religious beliefs.???
• "Being ethical is doing what the law
  requires.???
• "Ethics consists of the standards of behavior our
  society accepts.???
• Being ethical is not the same as following the
  law.
• The law often incorporates ethical standards to
  which most citizens subscribe.
• But laws, like feelings, can deviate from what is
  ethical, e.g. American pre-Civil-War slavery laws
  and the apartheid laws of South Africa

4
What is ethical? (contd)

• Being ethical is not the same as doing "whatever
  our society accepts."
• In any society, most people accept standards that
  are, in fact, ethical.
• But standards of behavior in society can deviate
  from what is ethical. An entire society can
  become ethically corrupt. Nazi Germany is a good
  example of an ethically corrupt society.
• Ethics is defined as a set of rules that clarify
  right conduct from wrong conduct.

5
Example Questions of Ethics

• Inserting oneself into a communication link
  between two other users, without their knowledge,
  is ok to do if the two users are terrorists.
• I was looking at my professor's .emacs to learn
  how he setup his Emacs. Then, I noticed that his
  Exams/ directory was read-open. All the files
  were those of previous terms. So I made a copy
  of his directory.
• I bought a PC that came with a Windows 2000 CD.
  I don't care for Win 2000, so I reformatted my
  hard disk and installed Linux on it. I gave my
  CD to a friend who wanted to upgrade from Win 98.
• I was curious how Nessus would work. On a real
  network. So, I tried it from a lab. Unplugged a
  PC, plugged in my laptop and started the scan.
  Wow! How many alerts that it showed! Ooops! It
  also crashed a few machines.

6
More examples

• Diane is designing a database management system
  for the personnel office of'a medium-sized
  company. It is now time to make decisions about
  the kind and degree of security to build into the
  system. Diane has described several options to
  the client. Because the system is going to cost
  more than they planned, the client has decided to
  opt for a less secure system. She believes the
  information they will be storing is extremely
  sensitive. Diane feels strongly that the system
  should be much more secure. She has tried to
  explain the risks, but the CEO, director of
  computing and director of personnel all agree
  that less security will do. What should she do?
  Should she refuse to build the system as they
  request?

7
ACM Code of Ethics Our Responsibilities as
Professionals

• 1.1 ...design systems that will be used in
  socially responsibly ways, will meet social
  needs, and will avoid harmful effects to health
  and welfare.
• 2.5 Give comprehensive and thorough evaluations
  of computer systems and their impacts, including
  analysis of possible risks.
• 2.7 Improve public understanding of computing
  and its consequences... Including the impacts of
  computer systems and their limitations.

8
ACM Code of Ethics Our Responsibilities as Users

• 1.2 Avoid harm to others.
• 1.3 Be honest and trustworthy.
• 1.7 Respect the privacy of others.
• 1.8 Honor confidentiality.
• 2.3 Know and respect existing laws pertaining to
  professional work.
• 2.8 Access computing and communication resources
  only when authorized to do so.

9
IEEE Code of Ethics

• to accept responsibility in making engineering
  decisions consistent with the safety, health and
  welfare of the public, and to disclose promptly
  factors that might endanger the public or the
  environment
• to improve the understanding of technology, its
  appropriate application, and potential
  consequences

10
RFC1087 Ethics and the Internet

• http//www.ietf.org/rfc/rfc1087.txt
• ...characterized as unethical and unacceptable
  any activity which purposely
• (a) seeks to gain unauthorized access to the
  resources of the Internet
• (b) disrupts the intended use of the Internet
• (c) wastes resources (people, capacity, computer)
  through such actions
• (d) destroys the integrity of computer-based
  information, and/or
• (e) compromises the privacy of users.

11
Legalities

• Our actions as citizens are governed by
  legalities.
• The study of ethics provides us with a framework
  for judgments we must make within our profession.
  
• Our actions as computer professionals must uphold
  our common ethics.
• Laws
• Federal Computer Intrusion Laws
  http//www.usdoj.gov/criminal/cybercrime/cclaws.ht
  ml
• Federal Code Related to Cybercrime
  http//www.usdoj.gov/criminal/cybercrime/fedcode.h
  t
• U.S. Department of Justice Criminal Division
• Computer Crime Intellectual Property Section
• http//www.cybercrime.gov/

12
Other resources

• http//www.cs.wright.edu/pmateti/InternetSecurity
  /Lectures/Ethics/index.html
• Stay Safe Online http//staysafeonline.info/
• NIST Computer Security Resource Center
  http//csrc.nist.gov/index.html
• SecurityFocus http//www.securityfocus.com/
• Internet Storm Center http//isc.sans.org/
• Educause/Internet2 Computer and Network Security
  Task Force http//www.educause.edu/security/

13
Firewalls
isolates organizations internal net from larger
Internet, allowing some packets to pass, blocking
others.


public Internet
administered network




firewall


14
Firewalls Why

• prevent denial of service attacks
• SYN flooding attacker establishes many bogus TCP
  connections, no resources left for real
  connections
• prevent illegal modification/access of internal
  data.
• e.g., attacker replaces CIAs homepage with
  something else
• allow only authorized access to inside network
  (set of authenticated users/hosts)
• three types of firewalls
• stateless packet filters
• stateful packet filters
• application gateways

15
Stateless packet filtering
Should arriving packet be allowed in? Departing
packet let out?

• internal network connected to Internet via router
  firewall
• router filters packet-by-packet, decision to
  forward/drop packet based on
• source IP address, destination IP address
• TCP/UDP source and destination port numbers
• ICMP message type
• TCP SYN and ACK bits

16
Stateless packet filtering example

• example 1 block incoming and outgoing datagrams
  with IP protocol field 17 and with either
  source or dest port 23.
• all incoming, outgoing UDP flows and telnet
  connections are blocked.
• example 2 Block inbound TCP segments with ACK0.
• prevents external clients from making TCP
  connections with internal clients, but allows
  internal clients to connect to outside.

17
Stateless packet filtering more examples

18
Access Control Lists

• ACL table of rules, applied top to bottom to
  incoming packets (action, condition) pairs

19
Stateful packet filtering

• stateless packet filter heavy handed tool
• admits packets that make no sense, e.g., dest
  port 80, ACK bit set, even though no TCP
  connection established

• stateful packet filter track status of every TCP
  connection
• track connection setup (SYN), teardown (FIN) can
  determine whether incoming, outgoing packets
  makes sense
• timeout inactive connections at firewall no
  longer admit packets

20
Stateful packet filtering

• ACL augmented to indicate need to check
  connection state table before admitting packet

21
Application gateways
gateway-to-remote host telnet session
host-to-gateway telnet session

• filters packets on application data as well as on
  IP/TCP/UDP fields.
• example allow select internal users to telnet
  outside.

application gateway
router and filter
1. require all telnet users to telnet through
gateway. 2. for authorized users, gateway sets up
telnet connection to dest host. Gateway relays
data between 2 connections 3. router filter
blocks all telnet connections not originating
from gateway.
22
Limitations of firewalls and gateways

• IP spoofing router cant know if data really
  comes from claimed source
• if multiple apps. need special treatment, each
  has own app. gateway.
• client software must know how to contact gateway.
• e.g., must set IP address of proxy in Web browser

• filters often use all or nothing policy for UDP.
• tradeoff degree of communication with outside
  world, level of security
• many highly protected sites still suffer from
  attacks.

23
Intrusion detection systems

• packet filtering
• operates on TCP/IP headers only
• no correlation check among sessions
• IDS intrusion detection system
• deep packet inspection look at packet contents
  (e.g., check character strings in packet against
  database of known virus, attack strings)
• examine correlation among multiple packets
• port scanning
• network mapping
• DoS attack

24
Intrusion detection systems

• multiple IDSs different types of checking at
  different locations

application gateway
firewall

Internet

internal network
Web server
IDS sensors
DNS server
FTP server
demilitarized zone
25
Assignments

• Homework 11 due Dec. 10
• Study day (tomorrow) Wei will be in lab giving a
  review of all homeworks and the midterms
  (optional for you)
• Final exam 10am-12pm, Dec. 12