COMPUTER - PowerPoint PPT Presentation

1 / 27

About This Presentation

Title:

COMPUTER

Description:

A firewall cannot protect against attacks that bypass the firewall. ... In an application proxy firewall, every packet is stopped, examined and compared ... – PowerPoint PPT presentation

Number of Views:20

Avg rating:3.0/5.0

Slides: 28

Provided by: nc1

Category:

more less

Transcript and Presenter's Notes

Title: COMPUTER

1
COMPUTER DATA SECURITY (CSNB514)

MODULE 9
NETWORK SECURITY CONTROLS

2
Recaps..

In Module 8, we have learned about several
network security issues which lead to network
security leads.
Here, we shall look at several main network
security controls that have been applied such as
- encryption
- access control
- user authentication
- firewall etc.

3
Encryption

Encryption techniques can used to safeguard
information while it is stored
(1) within a network node AND / OR
(2) while it is in transit across communications
media between nodes
Protection within a node is generally the less
demanding of the two applications because the
confined nature of the node facilitates physical
protective measures.
For transmission between nodes, there is
generally substantial opportunity for data
interception, so encryption techniques that
provide security in the communications
environment are very crucial.

4
Encryption (cont.)

Encryption is a very powerful tool for providing
privacy and integrity to data.
In network applications, encryption can be
applied either
(i) between two hosts (link encryption)
AND / OR
(ii) between two applications (end to end
encryption)
Key distribution is a potential problem with
network encryption. Encryption keys must be
delivered to the sender and receiver in a secure
manner.

5
Link Encryption

In link encryption data is encrypted just before
it is placed on the physical communications link.
In this case, encryption occurs at layer 1 (i.e.
physical layer) or layer 2 (i.e. data link layer)
in the OSI model.
Decryption occurs just as the communication
enters the receiving computer.
An encryption key is almost always used in
encryption process in order to allow changes in
the process and/or to allow secrecy, even if
adversaries know the encryption algorithm.
Encryption protects the message as it is in
transit between two hosts, but the message is in
plaintext inside the hosts.

6
Link Encryption (cont.)
7
Link Encryption (cont.)

Link encryption is especially vulnerable when a
communication must pass through one or more
additional hosts between sender and receiver.
For example, there is no direct link between host
A and B, but there is a link between A and C, and
one between C and B. A message may be adequately
protected by hosts A and B, and encryption
protects the message along the links.
However, the message is in the clear in host C,
and that host may not be especially trustworthy.
If node C is compromised, all messages passing
through C are exposed.

8
Link Encryption (cont.)
9
Link Encryption (cont.)

Link encryption is invisible to the user.
Encryption becomes a transmission service
performed by a low-level network protocol layer,
just like message routing or transmission error
detection.
Link encryption is an easy control to use if all
hosts on a network are reasonably secure.
However, since it is not guaranteed that all
hosts provide the same level of security, and
also due to the issue that the communication
medium is shared with other users, this makes the
implementation rather not feasible.
Thus, link encryption is only recommended to be
used when the transmission line is the point of
greatest vulnerability.

10
End to End Encryption

End-to-end encryption provides security from one
end of a transmission through the other.
A hardware device between the user and the host
can apply the encryption. The encryption also can
be done by software running on the host computer.
In either case, the encryption is performed at
the highest levels, either at layer 7 (i.e.
application layer) or layer 6 (i.e. presentation
layer) of the OSI model.
The message is transmitted in encrypted form
throughout the network since the encryption
precedes all routing and transmission processing
of the layer.

11
End to End Encryption (cont.)
12
End to End Encryption (cont.)

Unlike in link encryption, in end-to-end
encryption messages sent through several hosts
remain protected since the data content of the
message is remain encrypted throughout the
network.
This means that even though a message must pass
through insecure node C on the path between A and
B, the message still remain encrypted while in C.

13
End to End Encryption (cont.)
14
Link Encrypted Message Vs. End to End Encrypted
Message

A typical link encrypted message

Where as a typical end to end encrypted message

15
Firewall

Firewall is a process that filters all traffic
between - a protected or "inside" network
and
- a less trustworthy or "outside" network.
The purpose of firewall is to keep "bad" things
outside a protected environment.
Firewalls implement a security policy, which may
includes
- to prevent any access from outside
OR
- it might be to permit accesses only for
certain users, or for certain activities.

16
Firewall (cont.)

Design goals of firewalls
- All traffic from inside to outside and vice
versa must pass through the firewall. This is
achieved by physically blocking all access to the
local network except via the firewall.
- Only authorized traffic as defined by the
local security policy will be allowed to pass.
- The firewall itself is immune to penetration.
This implies that use of a trusted system with a
secure operating system.

17
Firewall (cont.)

Firewall capabilities
- A firewall defines a single check point that
keeps unauthorized users out of the protected
network, prohibits potentially vulnerable
services from entering or leaving the network,
and provides protection from various kinds of IP
spoofing and routing attacks.
- A firewall provides a location for monitoring
security-related events. Audits and alarms can be
implemented on the firewall system.

18
Firewall (cont.)

Firewall capabilities (cont.)
- A firewall is a convenient platform for
several Internet functions that are not security
related. These include a network address
translator, which maps local addresses to
Internet addresses, and a network management
function that audits or logs Internet usage.

19
Firewall (cont.)

Firewall limitations
- A firewall cannot protect against attacks that
bypass the firewall.
- A firewall does not protect against internal
threats, such as a disgruntled employee or an
employee who unwitting cooperates with an
external attacker
- A firewall cannot protect against the transfer
of virus-infected programs or files within the
protected network

20
Firewall (cont.)

Types of firewall
(1) Screening Routers
- A Router is a network layer device that
determines the optimal path along which network
traffic should be forwarded. Routers forward
packets from one network to another based on
network layer information.
- A screening router is the simplest form of
firewall. Here, every packet is stopped, examined
and compared to the security rules, and if the
packet passes the examinations, it is sent out.
- Screening routers can perform the very
important service of ensuring the validity of
inside addresses.
- A screening router might be configured to
block all packets from the outside that claimed
their source address was an inside address.

21
Firewall (cont.)

Types of firewall
(2) Application Proxy
- A proxy is a server placed between a user's
machine and the Internet.
- A proxy device (running either on dedicated
hardware or as software on a general-purpose
machine) may act as a firewall to provide
protection to the machines it is connected to by
screening input packets (connection requests, for
example) at the application level (OSI Layer 7).
- In an application proxy firewall, every packet
is stopped, examined and compared to the security
rules, and if the packet passes the examinations,
it is re-created and sent out. This re-creation
criterion can prevent unknown attacks based upon
weaknesses in the TCP/IP protocol.

22
Intrusion Detection System

Recaps from limitation of firewall
A firewall cannot protect against attacks that
bypass the firewall
Thus, in addition to firewall that attempt to
eliminate / minimize malicious attacks from
outside (also known as preventive control), an
Intrusion Detection System often being deployed
especially to detect and to block malicious
attacks that are launched within the protected
network or that have bypassed the firewall.
An Intrusion Detection System, is a device,
typically another separate computer, that
monitors activity to identify malicious or
suspicious events.
It operates like a sensor that trigger alarm
when suspicious events occurs.

23
Intrusion Detection System (cont)

Intrusion Detection System function capabilities
include
- monitoring users and system activity
- auditing system configuration for
vulnerabilities and wrong configurations
- assessing the integrity of critical system and
data files.
- recognizing known attack patterns in system
activity
- identifying abnormal activity through
statistical analysis
- managing audit trails and highlighting user
violation of policy or normal activity
- correcting system configuration errors

24
Intrusion Detection System (cont)

Two main types of IDS are
(1) signature based IDS
This IDS perform simple pattern-matching and
report situations that match a pattern
corresponding to a known attack.
Disadvantage
- not robust, need to know specific pattern of
attacks.
- cannot raise warning of new unknown attack
- a clever hacker will try to modify existing
pattern of attack to avoid being detected

25
Intrusion Detection System (cont)

(2) heuristic IDS
This IDS study the behavior of users and system
activity, from here it builds a model of
acceptable common behavior and it flags exception
of uncommon behavior where these events will be
evaluated by the administrator in terms of their
security impacts.
Can be more dynamic and robust compared to
signature IDS.
Disadvantage accuracy is limited by the amount
of information the IDS has seen

26
COMPUTER DATA SECURITY (CSNB514)