Introduction to Network Security

1
Introduction to Network Security

• Dr. Khaled M. Elleithy
• University of Bridgeport

2
Outline

• What is Security
• Scenarios
• Cryptography
• Firewalls
• Example Electronic Cash
• Final remarks

3
Security
4
What is Security and Why do we need it ?

• Security is a concern of organizations with
  assets that are controlled by computer systems.
  By accessing or altering data, an attacker can
  steal tangible assets or lead an organization to
  take actions it would not otherwise take. By
  merely examining data, an attacker can gain a
  competitive advantage, without the owner of the
  data being any wiser.
• Computers at Risk Safe Computing in the
  Information Age
• U.S. National
  Research Council, 1991.

5
Attacks, Services, and Mechanisms

• Security Attack Any action that compromises the
  security of information.
• Security Mechanism A mechanism that is
  designed to detect, prevent, or recover from a
  security attack.
• Security Service A service that enhances the
  security of data processing systems and
  information transfers. A security service makes
  use of one or more security mechanisms.

6
(No Transcript)
7
Viruses, Worms, and Trojan Horses

• Virus - code that copies itself into other
  programs
• Payload - harmful things it does, after it has
  had time to spread.
• Worm - a program that replicates itself across
  the network (usually riding on email messages or
  attached documents (e.g., macro viruses).
• Trojan Horse - instructions in an otherwise good
  program that cause bad things to happen (sending
  your data or password to an attacker over the
  net).
• Logic Bomb - malicious code that activates on an
  event (e.g., date).
• Trap Door (or Back Door) - undocumented entry
  point written into code for debugging that can
  allow unwanted users.

8
Scenarios
9
Scenarios

• Some of the techniques that hackers use to break
  into computers in the Internet are
• Password attacks
• IP spoofing
• Attacks aimed at Sendmail, the mail handler in
  Unix
• Network scanning

10
Sniffing Out Passwords

• Troubleshooting, tweaking performance, and
  assessing security measures tools
• Sniffer used to evaluate the performance of a
  LAN
• Collecting passwords while checking the flow of
  packets
• A hacker breaks into a machine and installs a
  packet sniffer designed to collect user names and
  passwords

11
Protecting Passwords

• Shut off services require authentication
• Monitoring and scanning files.
• Encryption of passwords
• Running a Crack facility is sanctioned by the
  organization

12
IP Spoofing

• Internet Protocol (IP) addresses
• Trusted connections
• Forging a connection

13
Sendmail Attacks

• A number of loopholes have been exposed in
  Sendmail in recent years.
• The goal is to trick Sendmail in some way that
  enables the intruder to get in the system and
  take control
• The debug option can be used to get root access
• A loophole in the error message header option can
  be used to read any file on the system.

14
Network Scanning

• SATAN Security Administrator Tool for Analyzing
  Networks, freeware.
• ISS Internet Security Scanner , commercial
  version of SATAN
• SATAN scans several computers within a
  predetermined range of IP addresses, looking for
  certain types of configurations that are known to
  make these systems vulnerable to attack.

15
Go Figure Configure

• Use a scanning tool such as Satan, ISS to
  identify potential trouble areas.
• Use monitoring tools such as Tripwire
  (www.tripwire.com) that flag files that have
  changed without explanation

16
Cryptography
17
Encryption

• It is the process of scrambling a message so that
  only the people you want to read the message are
  able to do so.
• Encryption can be done by hardware, software, or
  a combination of both.
• Encryption/decryption using hardware is faster

18

• Encryption Data is transformed into
  unreadable form.
• Decryption Transforming the encrypted data
• back into its original
  form.

Encryption
Plaintext
Ciphertext
Decryption

19
Basic objectives

• Privacy
• Identification
• Authentication
• Verification
• Non-repudiation

20

• Privacy protecting the confidentiality of
  transactions and other sensitive data in event
  they are intercepted
• Identification proving that the sender and the
  recipient of important information are indeed who
  they claim to be and not impostors

21

• Authentication ensuring that critical
  information and instructions has not been
  tampered with
• Verification affirming the trustworthiness of a
  message by positively identifying the message
  sender
• Non-repudiation preventing the sender of an
  encrypted message from denying having sent a
  message or claiming that the message was sent by
  someone else.

22
Types of crypto schemes

• Symmetric algorithms
• Asymmetric algorithms
• Longer keys vs. shorter keys

23
Common Crypto Systems

• Data Encryption Standard (DES)
• RSA
• PGP

24
DES

• Developed by IBM in 1977
• Symmetric algorithm
• 56 bit key
• IDEA 128 bit key
• Is it suitable for business?

25
Cracking DES

• Attacker Budget Time to crack 56-bit Key
• Hacker 400 38 years
• Small business 10,000 556 days
• Big company 10 million 6 minutes
• Intelligence agency 300 million 12 seconds

26
RSA

• Rivest, Shamir, and Adelelmen from MIT developed
  RSA in 1977
• Asymmetric algorithm
• Private key
• Public key
• Slower than DES
• 100 times in software implementation
• 1000 times in hardware implementation
• Key can be of any length
• Widely used in business

27
Electronic Mail Security

• E-mail is the most widely used application in the
  Internet.
• Who wants to read your mail ?
• Business competitors
• Reporters,Criminals
• Friends and Family
• Two approaches are used
• PGP Pretty Good Privacy
• PEM Privacy-Enhanced Mail

28
E-mail Security(PGP contd)

• Where to get PGP
• Free from FTP site on the Internet
• Licensed version from ViaCrypt in USA
• Example
• pgp -kg ID-A Signature
• pgp esa m.txt ID-B Encryption
• pgp message Decryption

29
Other Crypto Schemes

• RIPEM
• based on RSA and DES
• Kerbores
• based on DES
• Clipper
• a chip not a crypto standard

30
Firewalls
31
Firewalls

• A firewall is a barrier placed between the
  private network and the outside world.
• All incoming and outgoing traffic must pass
  through it.
• Can be used to separate address domains.
• Control network traffic.
• Cost ranges from no-cost (available on the
  Internet) to 100,000 hardware/software system.
• Types
• Router-Based
• Host Based
• Circuit Gateways

32
Firewall

Filter
Filter
Outside
Inside
Gateway(s)
Schematic of a firewall
33
Free tools

• Available at
• http//www.ciac.org/
• COPS
• Crack Cracklib
• Passwdplus
• SATAN
• Tiger
• TIS
• Tripwire

34

• COPS checks the system for known security holes
• Crack looks for goofy and vulnerable passwords
• Cracklib bars employees from creating passwords
  that crack can guess
• Passwdpluspassword checking against those in a
  dictionary

35

• SATAN network scanning
• Tiger scans Unix systems for known security
  holes
• TIS authenticate visitors and control access.
  Set up proxy servers, and protect the system
  against common attacks
• Tripwire checks files and directories in Unix
  against changes

36
Firewall Types(Router-Based)

• Use programmable routers
• Control traffic based on IP addresses or port
  information.
• Examples
• Bastion Configuration
• Diode Configuration
• To improve security
• Firewall routers should never advertise their
  presence to outside users.

37
Bastion Firewalls
Secured Router
External Router
Host PC
Private Internal Network
Internet
38
Diode Firewalls
Secured Router
External Router
Host PC
Private Internal Network
Internet
39
Firewall Types(Host-Based)

• Uses a computer instead of router.
• More flexible (ability to log all activities)
• Works at application level
• Use specialized software applications and service
  proxies.
• Need specialized programs, only important
  services will be supported.

40
Firewall Types Host-Based (Contd)

• Example Proxies and Host-Based Firewalls

Proxies and Host-Based Firewalls
Host running only proxy versions of FTP,Telnet
and so on.
Internal Network
Filtering Router (Optimal)
Internet
41
Products
42
Example Electronic Cash
43
Cash

• Characteristics
• Anonymity
• Liquidity
• Weaknesses
• High risk of robbery
• Expensive to store and move
• 60 billion a year in USA for transportation

44
Electronic Payments

• Agents buyer, seller, intermediary
• Steps
• buyer initiate transaction with the seller,
• seller demands payment,
• buyer obtains a certification from intermediary,
• buyer gives the certification to the seller,
• the seller gives the certification to intermediary

45
Advantages of Electronic Fund Transfer

• Saved time
• Reduced costs for paper handling
• Flexibility
• ATM

46
Disadvantages of Electronic Fund Transfer

• Non-anonymity
• Low Liquidity

47
Digital Cash

• Steps
• Withdrawal of the digital cash from clients
  digi-cash account
• Transfer of the digi-cash to client and storing
  it in an electronic format
• Transfer of digi-cash from client to seller using
  Internet services (ftp, e-mail, ..)
• All transferred digit-cash should be encrypted

48
Merits

• Advantages
• Anonymity (cash)
• Security (ETF)
• Low risk of robbery (ETF)
• Non Expensive to store and move (ETF)

49

• Problems
• Liquidity
• more people should have access to the Internet
• US. Export restrictions on advanced encrypted
  systems.

50
Final Remarks
51
Organization Security Policy

• Permission
• Responsibilities
• Passwords and accounts confidentiality
• Unauthorized access of files and directories
• Unauthorized use of software
• Use For-profit activity
• Electronic mail

• Harassment
• Attacking the system
• Theft
• Waste and abuse
• Networks
• Enforcement

52
Challenges to Security

• Internet was never designed with electronic
  commerce in mind. It is inherently insecure.
• The Internet has grown rapidly. The number of
  crimes are increasing with the number of people
  and companies that attach themselves to the
  Internet.
• Technical ability has grown, too. Hackers and
  intruders are knowledgeable and proficient at
  breaking into computer sites.

53

• Many organizations fail to take adequate measures
  to protect their internal systems from attacks.
• Security precautions are expensive firewalls,
  secure web servers, encryption mechanisms

54

• Security is difficult to achieve.
• Organizations are adopting new technologies
  without regard to whether they are adequately
  protected against attack.