Security Issues

1
Security Issues

• Onno W. Purbo
• Computer Network Research Group
• Institute of Technology Bandung
• yc1dav_at_itb.ac.id

2
Perspective ...

• less then 200 security incident in 1989.
• about 400 in 1989.
• about 1400 in 1993.
• estimated more than 2241 in 1994.
• Nobody knows the correct statistics on how many
  attacks are actually detected by the sites broken
  into.

3
Layout Firewall
4
What are you trying to protect?

• Your Data.
• Your Resources.
• Your Reputation.

5
What Are You Trying To Protect Against?

• Type of attacks
• Intrusion.
• Denial of Service.
• Information Theft.

6
Type of Attackers

• Joyriders.
• Vandals.
• Score Keepers.
• Spies (Industrial Otherwise).
• Stupidity Accidents.

7
How Can You Protect Your Site

• No Security.
• Security Through Obscurity.
• Host Security.
• Network Security.
• No Security Model Can Do It All.

8
What Can A Firewall Do?

• A firewall is a focus for security decisions.
• A firewall can enforce security policy.
• A firewall can log Internet activity efficiently.
• A firewall limits your exposure.

9
What Cant A Firewall Do?

• A firewall cant protect you against malicious
  insiders.
• A firewall cant protect you against connections
  that dont go through it.
• A firewall cant protect against completely new
  threats.
• A firewall cant protect against viruses.

10
List of A Must Secure Internet Services

• Electronic mail (SMTP).
• File Transfer (FTP).
• Usenet News (NNTP).
• Remote Terminal Access (Telnet).
• World Wide Web Access (HTTP).
• Hostname / Address lookup (DNS).

11
Security Strategies.

• Least Privilege.
• Defense in Depth (multiple security mechanism).
• Choke Point forces attackers to use a narrow
  channel.
• Weakest Link.
• Fail-Safe Stance.
• Diversity of Defense.
• Simplicity.

12
Building Firewalls
13
Some Firewall Definitions

• Firewall
• A component or set of components that restricts
  access between a protected network and the
  Internet, or between other sets of networks.
• Host
• A computer system attached to a network.

14
Firewall Defs Cont ..

• Bastion Host
• A computer system that must be highly secured
  because it is vulnerable to attack, usually
  because it is exposed to the Internet and is a
  main point of contact for users of internal
  networks.
• Dual-homed host
• A general-purpose computer system that has at
  least two network interfaces (or homes).

15
Firewall Defs Cont ...

• Packet.
• The fundamental unit of communication on the
  Internet.
• Packet filtering.
• The action a device takes to selectively control
  the flow of data to and from a network.
• Perimeter network.
• a network added between a protected network and
  external network, to provide additional layer of
  security.

16
Firewall Defs Cont ...

• Proxy Server
• A program that deals with external servers on
  behalf of internal clients. Proxy client talk to
  proxy servers, which relay approved client
  requests on to real servers,and relay answer back
  to clients.

17
Packet Filtering
18
Proxy Services
19
Screened Host Architecture
20
De-Militarized Zone Architecture
21
DMZ With Two Bastion Hosts
22
Its OK

• Merge Interior Exterior Router
• Merge Bastion Host Exterior Router
• Use Mutiple Exterior Router
• Have Multiple Perimeter Network
• Use Dual -Homed Hosts Screened Subnets

23
Its Dangerous

• Use Multiple Interior Router
• Merge Bastion Host and Interior Router

24
Private IP Address

• Use within Internal Network
• Reference RFC 1597
• IP address alocation
• Class A 10.x.x.x
• Class B 172.16.x.x - 172.31.x.x
• Class C 192.168.0.x - 192.168.255.x

25
Bastion Host

• It is our presence in Internet.
• Keep it simple.
• Be prepared for the bastion host to be
  compromised.

26
Special Kinds of Bastion Hosts

• Nonrouting Dual-Homed Hosts.
• Victim Machine.
• Internal Bastion Hosts.

27
Choosing A Bastion Host

• What Operating System?
• Unix
• How Fast a Machine?
• 386-based UNIX.
• MicroVAX II
• Sun-3

28
Proxy Systems

• Why Proxying?
• Proxy systems deal with the insecurity problems
  by avoiding user logins on the dual-homed host
  and by forcing connections through controlled
  software.
• Its also impossible for anybody to install
  uncontrolled software to reach Internet the
  proxy acts as a control point.

29
Proxy - Reality Illusion
30
Advantages of Proxying

• Proxy services allow users to access Internet
  services directly
• Proxy services are good at logging.

31
Disadvantages of Proxying

• Proxy services lag behind non-proxied services.
• Proxy services may require different servers for
  each service.
• Proxy services usually require modifications to
  clients, procedures, or both.
• Proxy services arent workable for some services.
• Proxy services dont protect you from all
  protocol weaknesses.

32
Proxying without a Proxy Server

• Store-and-Forward services naturally support
  proxying.
• Examples
• E-mail (SMTP).
• News (NNTP).
• Time (NTP).

33
Internet Resources on Security Issues
34
WWW Pages

• http//www.telstra.com.au/info/security.html
• http//www.cs.purdue.edu/coast/coast.html

35
Mailing Lists

• firewalls_at_greatcircle.com
• ftp//ftp.greatcircle.com/pub/firewalls/
• http//www.greatcircle.com/firewalls/
• fwall-users_at_tis.com
• academic-firewalls_at_net.tamu.edu
• ftp//net.tamu.edu/pub/security/lists/academic-fir
  ewalls
• bugtraq_at_fc.net

36
Newsgroups

• comp.security.announce.
• comp.security.unix.
• comp.security.misc.
• comp.security.firewalls.
• alt.security.
• comp.admin.policy.
• comp.protocols.tcp-ip.
• comp.unix.admin.
• comp.unix.wizards

37
Summary

• In these dangerous times, firewalls are the best
  way to keep your site secure.
• Although youve got to include other tipes of
  security in the mix, if youre serious about
  connecting to the Internet, firewall should be at
  the very center of your security plans.