Network Security

1
Network Security
2
Security Attacks
3
Security Attacks

• Interruption This is an attack on availability
• Interception This is an attack on
  confidentiality
• Modification This is an attack on integrity
• Fabrication This is an attack on authenticity

4
Security Goals
Confidentiality
Integrity
Availability
5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8

• Electronic mail security

9
Pretty Good Privacy (PGP)

• Philip R. Zimmerman is the creator of PGP.
• PGP provides a confidentiality and authentication
  service that can be used for electronic mail and
  file storage applications.

10
Why Is PGP Popular?

• It is availiable free on a variety of platforms.
• Based on well known algorithms.
• Wide range of applicability
• Not developed or controlled by governmental or
  standards organizations

11
Compression

• PGP compresses the message after applying the
  signature but before encryption
• The compression algorithm used is ZIP

12
Segmentation and Reassembly

• Often restricted to a maximum message length of
  50,000 octets.
• Longer messages must be broken up into segments.
• PGP automatically subdivides a message that is
  too large.
• The receiver strip of all e-mail headers and
  reassemble the block.

13

• IP Security

14
IP Security Overview

• IPSec is not a single protocol. Instead, IPSec
  provides a set of security algorithms plus a
  general framework that allows a pair of
  communicating entities to use whichever
  algorithms provide security appropriate for the
  communication.

15
IP Security Overview

• Applications of IPSec
• Secure branch office connectivity over the
  Internet
• Secure remote access over the Internet
• Establsihing extranet and intranet connectivity
  with partners
• Enhancing electronic commerce security

16
IP Security Scenario
17
IP Security Overview

• Benefits of IPSec
• Transparent to applications (below transport
  layer (TCP, UDP)
• Provide security for individual users
• IPSec can assure that
• A router or neighbour advertisement comes from an
  authorized router
• A redirect message comes from the router to which
  the initial packet was sent
• A routing update is not forged

18
IPSec Services

• Access Control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets
• Confidentiality (encryption)
• Limited traffic flow confidentiality

19
Before applying AH
The IPv6 header includes extensions that allow
a packet to specify a mechanism for
authenticating its origin, for ensuring data
integrity, and for ensuring privacy
20
Transport Mode (AH Authentication)
21
Tunnel Mode (AH Authentication)
22

• WEB Security

23
Web Security Considerations

• The WEB is very visible.
• Complex software hide many security flaws.
• Web servers are easy to configure and manage.
• Users are not aware of the risks.

24
Security facilities in the TCP/IP protocol stack
25
SSL and TLS

• Secure Sockets Layer (SSL) was originated by
  Netscape
• Transport Layer Security (TLS) working group was
  formed within IETF
• First version of TLS can be viewed as an SSLv3.1

26
SSL Architecture
27
SSL Record Protocol Operation
28
SSL Record Format
29
Handshake Protocol

• The most complex part of SSL.
• Allows the server and client to authenticate each
  other.
• Negotiate encryption, MAC algorithm and
  cryptographic keys.
• Used before any application data are transmitted.

30
Handshake Protocol Action
31
Transport Layer Security (TLS)

• The same record format as the SSL record format.
• Defined in RFC 2246.
• Similar to SSLv3.
• Differences in the
• version number
• message authentication code
• alert codes
• cipher suites
• client certificate types
• certificate_verify and finished message
• cryptographic computations

32
Secure Electronic Transactions (SET)

• An open encryption and security specification.
• Protect credit card transaction on the Internet.
• Companies involved
• MasterCard, Visa, IBM, Microsoft, Netscape, RSA,
  Terisa and Verisign
• Not a payment system.
• Set of security protocols and formats.

33
SET Services

• Provides a secure communication channel in a
  transaction.
• Provides trust by the use of X.509v3 digital
  certificates.
• Ensures privacy.

34
SET Overview

• Key Features of SET
• Confidentiality of information
• Integrity of data
• Cardholder account authentication
• Merchant authentication

35
SET Participants
36
Sequence of events for transactions

1. The customer opens an account.
2. The customer receives a certificate.
3. Merchants have their own certificates.
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant request payment authorization.
8. The merchant confirm the order.
9. The merchant provides the goods or service.
10. The merchant requests payments.

37
The Stages of a Network Intrusion

• 1. Scan the network to
• locate which IP addresses are in use,
• what operating system is in use,
• what TCP or UDP ports are open (being
  listened to by Servers).
• 2. Run Exploit scripts against open ports
• 3. Get access to Shell program which is suid
  (has root privileges).
• 4. Download from Hacker Web site special versions
  of systems files that will let Cracker have free
  access in the future without his cpu time or disk
  storage space being noticed by auditing programs.
• 5. Use IRC (Internet Relay Chat) to invite
  friends to the feast.

37
38
Virus Structure
39
Advanced Antivirus Techniques