Security

Threats

Policies

Encryption

Authentication

Firewalls

2Security Threats

❚ Interception❙ If cannot read, have privacy (AKA

confidentiality)❙ If cannot modify without detection, have

message integrity

3Security Threats

❚ Impostors❙ Claim to be someone else❙ Need to authenticate the sender--prove that

they are who they claim to be

RealPerson

Impostor

4Security Threats

❚ Denial of Service Attacks❙ Overload system with a flood of messages❙ Send a single message that crashes the

machine

5Security Threats

❚ Content Threats

❙ Application layer content may cause problems❘ Viruses

❘ In many ways, most severe security problem incorporations today

❙ May log in to use one service, then sendmessages to another, unauthorized service

❙ Must examine the application PDU

6Security Policies

❚ Understand the organization’s needs❙ Too much security can hamper❙ To little security can be disastrous❙ Each business has specific needs that must

be understood to be able to set policies

❚ Policies❙ Decisions based on overall knowledge❙ Apply decisions globally in firm❙ Must be implemented in individual devices

7Policy Servers

❚ Store Policies❙ Distribute them to all security devices❙ Security policies are implemented uniformly❙ Security policies can be changed rapidly to

respond to new threats

PolicyServer

Policy

SecurityDevices

8Encryption

❚ Encryption: Scramble Message so thatInterceptor Cannot Read it❙ Plaintext (message)❙ Ciphertext (scrambled) for transmission❙ Encryption and Decryption Method and Key

Plaintext Encryption Ciphertext Decryption Plaintext

IBM HAL IBM

MethodKey

MethodKey

Transmitted

9Encryption

❚ Encryption Method and Key❙ Method is algorithm: Add N letters❙ Key is specific value: N=-1 (I=H, B=A, M=L)❙ Method cannot be kept secret❙ Key must be kept secret

Plaintext Encryption Ciphertext Decryption Plaintext

IBM HAL IBM

MethodKey

MethodKey

Transmitted

10Encryption: Key Length

❚ Key can be “guessed” by exhaustive search❙ Try all combinations

❚ Key length makes exhaustive search difficult❙ Key is a string of bits (11000100010101)❙ If length is n bits, 2n tries may be needed❙ If 8 bits, only 256 tries❙ Weak security: up to 40 bits❙ Strong security: 128 bits or longer❙ Restrictions on export of strong security

11Single Key Encryption Methods

❚ Both sides use a single key to encrypt & decrypt❙ Encryption: add N letters❙ Decryption: subtract N letters❙ N is the key

A B

Single Key

12Single Key Encryption Methods

❚ Simple enough for fast encryption/decryption❙ Can be used even with long messages

A B

Single Key

13Single Key Encryption

❚ Also called secret key encryption❙ The single key must be kept secret❙ Anyone learning the key can read the

messages

A B

Single Key(Secret Key)

14Single Key Encryption

❚ Problem: Key must be distributed secretly

❚ Problem: Need a different single key for eachbusiness partner❙ Or other partners could read messages❙ Complicates key distribution

Key A

Key B

A

B

15Public Key Encryption Methods

❚ Different keys for encryption and decryption❙ Encryption with receiver’s public key❙ Decryption with receiver’s private key❙ Once encrypted, sender cannot decrypt

unless has receiver’s private key (should not)

Plaintext Encryption Ciphertext Decryption Plaintext

IBM IBM

Public Key Private Key

100101

16Public Key Encryption

❚ Everyone has a public and private key

❙ Keep the private key secret

❙ Distribute the public key to everybodywithout security

PublicKey

PublicKey

PrivateKey

17Public Key Encryption

❚ Four Keys❙ Each side has a public and a private key❙ Each sends public key to other unsecurely❙ Encrypt with other party’s public key❙ Decrypt with own private key

A BB’sPub Key

B’sPriv Key

A’sPriv Key

A’sPub Key

18Public Key Encryption

❚ No need for separate secret key with eachbusiness partner❙ Greatly simplifies key management

❚ Unfortunately, highly processing-intensive❙ Can only encrypt small messages❙ Exchanging single keys securely (later)❙ Authentication (later)

19Combining Public, Single Key

❚ Not competitors--Used Together in Practice❙ Public key is easy and very secure but can

only be used for small messages❙ Single key has key distribution problems but

can be used for long messages

SingleSessionKey

Public Key EncryptionA B

20Combining Public, Single Key

❚ Begin communicating via public key encryption❙ Including initial authentication

❚ Then one sides randomly generates a single key❙ Sends the single key to other partner with

public key encryption

SingleSessionKey

Public Key EncryptionA B

21Combining Public, Single Key

❚ Afterward, both sides communicate with thesingle “session” key good only for this session--single flow of communications

❚ If communicate again, generate a new singlesession key

Single Session KeyA B

22Authentication

❚ The Problem of Impostors

❚ Authentication: proving the sender’ identity

❚ Authentication methods❙ Passwords: weak❙ Biometrics

❘ Fingerprint analysis, iris analysis

❙ Public key authentication❘ Prove that sender holds their private key, which

only they should know

23Public Key Authentication

❚ Solution: Send a digital signature with eachpacket❙ First create a message digest (MD)

❘ A small binary string calculated on the basis of thebits in the message

Message MessageDigest

Calculation

24Public Key Authentication

❚ Solution: Send a digital signature with eachpacket❙ Next create a digital signature

❘ Encrypt message digest with sender’s private key,which only the sender should be able to do

❘ Message digest is short, so public key encryptionis not too burdensome

DigitalSignature

Encrypt withSender’s

Private KeyMessageDigest

25Public Key Authentication

❚ Solution: Send a digital signature with eachpacket❙ Add digital signature to plaintext message❙ Encrypt combined message and digital

signature with the single session key andsend to the receiver

DigitalSignature Message

Encrypt with single session key

26Public Key Authentication

❚ Solution: Send a digital signature with eachpacket❙ Receiver decrypts ciphertext with single

session key❙ Then decrypts digital signature with sender’s

public key to get the original message digests

DigitalSignature

Decrypt withSender’s

Public KeyMessageDigest

27Public Key Authentication

❚ Solution: Send a digital signature with eachpacket❙ Receiver recomputes message digest based

on decrypted message❙ If matches decrypted digital signature, the

digital signature was created with sender’sprivate key

❙ Sender is authenticated

Message Digestfrom Digital Signature

Message DigestComputed from Message

28Digital Certificates

❚ Created by a Certificate Authority

❙ Given to an organization

❙ In other words, a third party providesauthentication for the sender

CertificateAuthority

CertificateAuthority

AuthenticatedParty

DigitalCertificate

29Digital Certificates

❚ Authenticated party adds the digital certificateto each outgoing message

❙ Still need a digital signature

DigitalSignature

DigitalCertificate

PlaintextMessage

30Digital Certificates

❚ Problem of Certificate Authorities❙ There is no public regulation of CAs❙ Some CAs offer various levels of certification

❘ The weakest levels only require an e-mail address❘ Receivers may not realize this

❚ Internal Certification Avoids these Problems❙ Company acts as its own CA for internal

devices, software, and users❙ Creates the strength of certification it requires

31Security Process

❚ When two parties communicate …❙ Their software usually handles the details❙ First, negotiate security methods

❘ Authentication method❘ Encryption method

❙ Then, authenticate one another

❙ Then, exchange single session key

❙ Then can communicate securely using singlesession key

F From Module F

32Firewalls

❚ Sit between the corporate network and theInternet❙ Prevent unauthorized access from the

Internet❙ Facilitate internal users’ access to the

Internet

OKNo

Firewall

Access only ifAuthenticated

33Firewalls

❚ IP Firewalls❙ Examine IP addresses of incoming packets❙ Permit only packets from approved hosts❙ Easy to defeat by placing an acceptable

internet address in the IP packet’s sourceaddress (spoofing)

IPFirewall

IP Packet

34Firewalls

❚ Application (Proxy) Firewalls❙ Work at the application layer❙ Filter based on application behavior

❘ In HTTP, for example, do not accept a responseunless an HTTP request has just gone out to thatsite

Application

35Firewalls

❚ Application (Proxy) Firewalls❙ Hide internal internet addresses❙ Internal user sends an HTTP request❙ HTTP proxy program replaces user internet

address with a false IP address, sends to thewebserver

HTTPRequest

Request withFalse IP Address

36Firewalls

❚ Application (Proxy) Firewalls❙ Webserver sends response to proxy server, to

false IP address❙ HTTP proxy server sends the IP packet to the

originating host❙ Proxy program acts on behalf of internal user

Response toFalse IP Address

HTTPResponse

37Firewalls

❚ Application Firewalls❙ Need a separate program (proxy) for each

application❙ Not all applications have rules that allow

filtering, for instance database applications

❚ Stateful Inspection❙ Rules based on more subtle aspects of

behavior at multiple layers

Quality of Service

Beyond Best-Effort Service

Prioritization

QoS More Broadly Defined

The ATM Advantage

Tagging Ethernet and IP

C,E N

39Best-Effort Service

❚ Ethernet and IP are Best-Effort Services

❙ Sender submits IP packets or Ethernet frames

❙ Network does its best to get them through

❙ No guarantee of latency or jitter (variablelatency)

❙ No guarantee of security, etc.

❙ Done because best-effort is inexpensive

❙ Works well if capacity far exceeds demand

40Prioritization

❚ Some Services are More Sensitive to Latencythan Others❙ Voice is more sensitive than e-mail

❚ Solution: Prioritization

❙ Give higher priority to time-sensitiveapplications

❙ If two frames or packets arrive at a switch orrouter simultaneously, process the one withhigher priority on first

41Prioritization

❚ Prioritization versus Bandwidth

❚ If have enough transmission capacity, all framesor packets will get through with very low latency

❚ Bandwidth (transmission capacity) may becheaper to add than the logic needed forprioritization

❚ It’s an issue of bandwidth costs versus logiccosts.

42QoS More Broadly Defined

❚ Controlling Latency is One Service Goal

❚ There are others❙ Security❙ Reliability (downtime, error rates, etc.)❙ Etc.

❚ Quality of Service (QoS)❙ Guarantees of service quality for several

parameters

43The ATM Advantage

❚ Strong Intrinsic QoS Guarantees for Latency❙ Originally created for voice, which his highly

sensitive to latency and timing❙ Priority for overall latency

❘ Voice and other critical services guaranteed❘ Small cell means low latency at each switch

❙ Guarantee of no jitter (variable latency)❘ Especially important for voice and video❘ Without it, sound and picture will be jittery

44Tagging Ethernet and IP

❚ Efforts Now Underway to add Tags to Ethernetand IP

❙ Tag will have a priority of service field

❙ If possibilities are 0-7, higher values will gethigher priority

❙ Not full QoS, but improves general latency

Body HeaderTag

45Tagging Ethernet and IP

❚ Efforts Now Underway

❚ IEEE❙ Adding tags to all LAN MAC Layer Frames❙ Priority level❙ Virtual LAN identifier to standardize VLANs

❚ IETF❙ Differentiated Services initiative❙ Adding features to IP, including security❙ Prioritization is one feature being added

46Filtering

❚ Filtering is examining an incoming frame orpacket

❚ Purposes❙ Effective, efficient, reliable delivery❙ Access control❙ Quality of Service (QoS)❙ Translation between networks with different

standardsPPPH

IPH

TCPH

ApplicationPDU

47Filtering

❚ Layer of Filtering❙ Frame (data link)

❘ Switches

❙ Packet (internet)❘ Routers, Firewalls

❙ Transport❘ Identity of application layer program❘ Prioritization, access control

❙ Application❘ Content filtering (viruses, etc.)

❚ For best results, filter at all layers

PPPH

IPH

TCPH

ApplicationPDU

48Filtering

❚ Now many devices: routers, firewalls, etc.

❚ In future, integrated transmission networks❙ Comprehensive policy servers will store and

distribute policies for central control

Policies

ComprehensivePolicy Server

49Filtering

❚ In future, integrated transmission networks❙ Comprehensive relay devices will route and

control simultaneously, filtering at all layers

❚ However, security may limit ability to filter byencrypting layers

ComprehensiveRelay

Devices

50Recap: Servers

❚ Needs of Enterprise Servers

❚ Intel-based Servers

❚ Workstation Servers

❚ Symmetric Multiprocessing (SMP)

❚ Server Clusters

❚ Load Balancing

51Recap: Directory Servers

❚ Store Information on Locations of Resources

❚ Allow users to look up information

❚ Allow users to log in once to get access to anyauthorized resource

❚ Prevents unauthorized access to resources

52Recap: Network Management

❚ Network Management System

❙ Network management console

❙ Network management program

❙ Managed devices

❙ Network management agents

❙ Management information bases (MIBs) atboth the agent and console

❙ RMON probes

53Recap: Network Management

❚ Network Management Standards❙ Govern communication between the network

management program and networkmanagement agent

❙ Requests, responses, and alarms❙ SNMP dominates❙ CMIS/CMIS, carrier standards, proprietary

standards important❙ Comprehensive network management

programs work with multiple types of agents

54Recap: Network Management

❚ Levels of Management❙ Applications❙ Systems management (computers)❙ Transmission

❚ Concerns (Cut Across Levels)❙ Fault management❙ Configuration management❙ Performance management❙ Security❙ Accounting management

55Recap: Security

❚ Threats❙ Interception (privacy, confidentiality,

integrity)❙ Impostors (authentication)❙ Denial-of-Service attacks

❚ Need Central Policy

❚ Encryption for privacy (AKA confidentiality)❙ Plaintext and ciphertext❙ Encryption method and key

56Recap: Security

❚ Single Key Encryption❙ Both sender and receiver use a single key❙ Processing is not intensive❙ Key distribution with each pair of business

partners is difficult

57Recap: Security

❚ Public Key Encryption

❙ Four keys: private and public key for eachparty

❙ Sender always encrypts with receiver’s publickey

❙ Only the receiver can decrypt the message

❙ Processing is very intensive: can only be usedfor small messages

58Recap: Security

❚ Combining Single and Public Key Methods

❙ One party creates a single key session key

❙ Creator encrypts the session key with theother part’s public key and sends it

❙ Other partner decrypts the message

❙ Now both parties have the session key

❙ They use it for the remainder of the session

59Recap: Security

❚ Authentication❙ Proving your identity❙ Passwords, other methods

❚ Public Key Authentication❙ Prove that you hold your private key, which

only you should know❙ Digital signatures❙ Digital certificates

60Recap: Security

❚ Firewalls❙ Prevent access to internal corporate network

from unauthorized people on the Internet

❚ Levels of Firewall❙ IP❙ Application (proxy)❙ Stateful inspection

61Recap: QoS

❚ QoS is a Broad Concept. Can Guarantee❙ Maximum latency and variable latency (jitter)❙ Security❙ Etc.❙ If no QoS, only best effort service

❘ IP and Ethernet

❚ Priority❙ Allow latency-sensitive applications to go first❙ Being added to Ethernet, IP in tag fields❙ May be cheaper to buy more bandwidth

62Recap: Filtering

❚ Filtering: Examine Contents of a Header❙ For delivery (efficient, effective, QoS)❙ For access control❙ Translation between networks

❚ Now, different devices filter at different layersand do different things❙ Switches: Filter MAC addresses for delivery❙ Switches: Filter MAC address for VLANs❙ Routers: Filter internet addresses for delivery❙ Firewalls: Filter for access control

63Recap: Filtering

❚ In the future, integrated transmission networks

❙ Comprehensive relay devices will both deliverand control access, filtering at all layers

❙ Comprehensive policy servers will maintaincentral policies, distribute them tocomprehensive relay devices

❙ Encryption may limit ability to filter at alllayers