Internet%20Essentials%20-%20Internet%20Security

1
Internet Essentials - Internet Security

• Marc Conrad
• D104 (Park Square Building)
• Marc.Conrad_at_luton.ac.uk

2
Objectives

• Introduction
• Web Server Security Features
• Firewalls
• Encrypted Web Servers
• Exercises

3
Introduction

• Open access leads to security risks
• Security issues are complex
• Risks include
• remote client obtaining unauthorised access to
  files
• local client obtaining access to restricted area
• remote hackers
• Man-In-the-Middle attack (TCP Hijacking)
• Web server software has a whole battery of
  methods to restrict access
• These are of no use if the host is not secured

4
Introduction

• Host machines can be secured by
• limiting host logins
• having effective passwords
• using systems logging facilities
• Unnecessary features should be tamed
• automatic directory listings
• executable scripts
• Remember a web site is only as secure as the host
  it runs on!

5
Web Server Security Features

• Web servers offer the following types of security
  features
• access restriction based on domain name
• access restriction based on IP address
• access restriction based on username/password
• documentation encryption
• server authentication
• client authentication

6
Firewalls

• What is a Firewall?
• Term borrowed from construction industry
• In computing terms, a firewall helps to protect
  the corporate network from attack (fire) by
  hackers
• Firewall allows employee access to corporate
  network internet, whilst it prevents other
  networks from accessing corporate systems
• Definition
• A system or a group of systems that enforce an
  access control policy between two networks

7
Firewalls

• Typical characteristics
• All traffic from inside corporate network to
  outside network, and vice-versa, must pass
  through it
• Only authorised traffic, as defined by the local
  security policy, is allowed to pass through it
• The system itself is immune to penetration
• Two common ways of implementing a firewall
• Dual-homed gateway
• Screened-host gateway

8
Firewalls

• Firewalls can be placed into two categories
• Static
• Dynamic
• Static
• All traffic is allowed to pass except which is
  explicitly blocked by the firewall administrator
• Default permit
• Dynamic
• All traffic is rejected except which is
  specifically allowed to pass by the firewall
  administrator
• Default deny

9
Firewalls
10
Firewalls

• Firewalls are made up from two components,
  namely
• Chokes
• Gates
• Chokes
• limit flow of packets between networks
• read and filter packets based on specified rules
• Gates
• control point for external connections

11
Encrypted Web Servers

• Web access control is important, but it is only
  part of the story
• Steps are required to ensure that when a document
  is intercepted as it travels across the Internet,
  it cannot be read
• How can we achieve this?
• Use encryption
• Encryption works by encoding the text of a
  message with a hard to guess key

12
https

• A web address starting with https
• (e.g. https//mybank.co.uk)
• indicates that the html document is transfered
  via a secure connection.
• The standard for secure connections is the SSL
  protocol.

13
Encrypted Web Servers

• Traditional methods of encryption have always
  relied on symmetrical key schemes
• Newer asymmetrical key system, however, is more
  appropriate for Internet use
• This system relies on a pair of keys, one public,
  the other private
• As the name suggest
• public key available to all
• private key kept secret

14
Encrypted Web Servers

• Consider
• A message encrypted with the recipients public
  key can only be decrypted by the recipients
  private key.

15
Encrypted Web Servers

• If you receive a message from someone over the
  Internet, how do you know who they really are?
• Public key encryption allows the creation of
  unforgeable digital signatures
• Consider

16
Encrypted Web Servers

• A signature encrypted with the senders private
  key can be validated with the senders public key
• This system works very well provided that you
  know the senders public key in advance
• With thousands of web servers, it is not wise to
  keep a record of every public key
• So, how do we overcome this problem?
• Establish certifying authorities (CA)

17
Encrypted Web Servers

• A CA is a business that vouches for the identity
  of others
• Instead of storing everyones public key, we keep
  the public keys of a few well known and trusted
  CAs
• How does it work?
• CAs takes public key of legitimate organisation
• encrypts the key with its own private key
• results in a signed certificate
• certificate is returned to the organisation
• identity of organisation verified by certificate

18
Encrypted Web Servers

• The recipient now checks the certificate by
  attempting to decrypt it with the CAs public key
• If the certificate is successfully decoded, the
  organisations public key will be revealed and
  secure communication between the two parties can
  take place.

19
Exercises

• What the issues relating to security and the
  Internet?
• What steps have been made to provide secure
  communications between networks?
• What is a firewall and how does it operate?
• What are encrypted web servers?
• Give an example of how public and private keys
  could be used to reinforce Internet security.
• What is the role played by Certificate
  Authorities?