firewalls authentication encryptionsignoril/mc363/security.pdf · 2001-12-05 · filtering layer of...
TRANSCRIPT
Security
Threats
Policies
Encryption
Authentication
Firewalls
2Security Threats
❚ Interception❙ If cannot read, have privacy (AKA
confidentiality)❙ If cannot modify without detection, have
message integrity
3Security Threats
❚ Impostors❙ Claim to be someone else❙ Need to authenticate the sender--prove that
they are who they claim to be
RealPerson
Impostor
4Security Threats
❚ Denial of Service Attacks❙ Overload system with a flood of messages❙ Send a single message that crashes the
machine
5Security Threats
❚ Content Threats
❙ Application layer content may cause problems❘ Viruses
❘ In many ways, most severe security problem incorporations today
❙ May log in to use one service, then sendmessages to another, unauthorized service
❙ Must examine the application PDU
6Security Policies
❚ Understand the organization’s needs❙ Too much security can hamper❙ To little security can be disastrous❙ Each business has specific needs that must
be understood to be able to set policies
❚ Policies❙ Decisions based on overall knowledge❙ Apply decisions globally in firm❙ Must be implemented in individual devices
7Policy Servers
❚ Store Policies❙ Distribute them to all security devices❙ Security policies are implemented uniformly❙ Security policies can be changed rapidly to
respond to new threats
PolicyServer
Policy
SecurityDevices
8Encryption
❚ Encryption: Scramble Message so thatInterceptor Cannot Read it❙ Plaintext (message)❙ Ciphertext (scrambled) for transmission❙ Encryption and Decryption Method and Key
Plaintext Encryption Ciphertext Decryption Plaintext
IBM HAL IBM
MethodKey
MethodKey
Transmitted
9Encryption
❚ Encryption Method and Key❙ Method is algorithm: Add N letters❙ Key is specific value: N=-1 (I=H, B=A, M=L)❙ Method cannot be kept secret❙ Key must be kept secret
Plaintext Encryption Ciphertext Decryption Plaintext
IBM HAL IBM
MethodKey
MethodKey
Transmitted
10Encryption: Key Length
❚ Key can be “guessed” by exhaustive search❙ Try all combinations
❚ Key length makes exhaustive search difficult❙ Key is a string of bits (11000100010101)❙ If length is n bits, 2n tries may be needed❙ If 8 bits, only 256 tries❙ Weak security: up to 40 bits❙ Strong security: 128 bits or longer❙ Restrictions on export of strong security
11Single Key Encryption Methods
❚ Both sides use a single key to encrypt & decrypt❙ Encryption: add N letters❙ Decryption: subtract N letters❙ N is the key
A B
Single Key
12Single Key Encryption Methods
❚ Simple enough for fast encryption/decryption❙ Can be used even with long messages
A B
Single Key
13Single Key Encryption
❚ Also called secret key encryption❙ The single key must be kept secret❙ Anyone learning the key can read the
messages
A B
Single Key(Secret Key)
14Single Key Encryption
❚ Problem: Key must be distributed secretly
❚ Problem: Need a different single key for eachbusiness partner❙ Or other partners could read messages❙ Complicates key distribution
Key A
Key B
A
B
15Public Key Encryption Methods
❚ Different keys for encryption and decryption❙ Encryption with receiver’s public key❙ Decryption with receiver’s private key❙ Once encrypted, sender cannot decrypt
unless has receiver’s private key (should not)
Plaintext Encryption Ciphertext Decryption Plaintext
IBM IBM
Public Key Private Key
100101
16Public Key Encryption
❚ Everyone has a public and private key
❙ Keep the private key secret
❙ Distribute the public key to everybodywithout security
PublicKey
PublicKey
PrivateKey
17Public Key Encryption
❚ Four Keys❙ Each side has a public and a private key❙ Each sends public key to other unsecurely❙ Encrypt with other party’s public key❙ Decrypt with own private key
A BB’sPub Key
B’sPriv Key
A’sPriv Key
A’sPub Key
18Public Key Encryption
❚ No need for separate secret key with eachbusiness partner❙ Greatly simplifies key management
❚ Unfortunately, highly processing-intensive❙ Can only encrypt small messages❙ Exchanging single keys securely (later)❙ Authentication (later)
19Combining Public, Single Key
❚ Not competitors--Used Together in Practice❙ Public key is easy and very secure but can
only be used for small messages❙ Single key has key distribution problems but
can be used for long messages
SingleSessionKey
Public Key EncryptionA B
20Combining Public, Single Key
❚ Begin communicating via public key encryption❙ Including initial authentication
❚ Then one sides randomly generates a single key❙ Sends the single key to other partner with
public key encryption
SingleSessionKey
Public Key EncryptionA B
21Combining Public, Single Key
❚ Afterward, both sides communicate with thesingle “session” key good only for this session--single flow of communications
❚ If communicate again, generate a new singlesession key
Single Session KeyA B
22Authentication
❚ The Problem of Impostors
❚ Authentication: proving the sender’ identity
❚ Authentication methods❙ Passwords: weak❙ Biometrics
❘ Fingerprint analysis, iris analysis
❙ Public key authentication❘ Prove that sender holds their private key, which
only they should know
23Public Key Authentication
❚ Solution: Send a digital signature with eachpacket❙ First create a message digest (MD)
❘ A small binary string calculated on the basis of thebits in the message
Message MessageDigest
Calculation
24Public Key Authentication
❚ Solution: Send a digital signature with eachpacket❙ Next create a digital signature
❘ Encrypt message digest with sender’s private key,which only the sender should be able to do
❘ Message digest is short, so public key encryptionis not too burdensome
DigitalSignature
Encrypt withSender’s
Private KeyMessageDigest
25Public Key Authentication
❚ Solution: Send a digital signature with eachpacket❙ Add digital signature to plaintext message❙ Encrypt combined message and digital
signature with the single session key andsend to the receiver
DigitalSignature Message
Encrypt with single session key
26Public Key Authentication
❚ Solution: Send a digital signature with eachpacket❙ Receiver decrypts ciphertext with single
session key❙ Then decrypts digital signature with sender’s
public key to get the original message digests
DigitalSignature
Decrypt withSender’s
Public KeyMessageDigest
27Public Key Authentication
❚ Solution: Send a digital signature with eachpacket❙ Receiver recomputes message digest based
on decrypted message❙ If matches decrypted digital signature, the
digital signature was created with sender’sprivate key
❙ Sender is authenticated
Message Digestfrom Digital Signature
Message DigestComputed from Message
28Digital Certificates
❚ Created by a Certificate Authority
❙ Given to an organization
❙ In other words, a third party providesauthentication for the sender
CertificateAuthority
CertificateAuthority
AuthenticatedParty
DigitalCertificate
29Digital Certificates
❚ Authenticated party adds the digital certificateto each outgoing message
❙ Still need a digital signature
DigitalSignature
DigitalCertificate
PlaintextMessage
30Digital Certificates
❚ Problem of Certificate Authorities❙ There is no public regulation of CAs❙ Some CAs offer various levels of certification
❘ The weakest levels only require an e-mail address❘ Receivers may not realize this
❚ Internal Certification Avoids these Problems❙ Company acts as its own CA for internal
devices, software, and users❙ Creates the strength of certification it requires
31Security Process
❚ When two parties communicate …❙ Their software usually handles the details❙ First, negotiate security methods
❘ Authentication method❘ Encryption method
❙ Then, authenticate one another
❙ Then, exchange single session key
❙ Then can communicate securely using singlesession key
F From Module F
32Firewalls
❚ Sit between the corporate network and theInternet❙ Prevent unauthorized access from the
Internet❙ Facilitate internal users’ access to the
Internet
OKNo
Firewall
Access only ifAuthenticated
33Firewalls
❚ IP Firewalls❙ Examine IP addresses of incoming packets❙ Permit only packets from approved hosts❙ Easy to defeat by placing an acceptable
internet address in the IP packet’s sourceaddress (spoofing)
IPFirewall
IP Packet
34Firewalls
❚ Application (Proxy) Firewalls❙ Work at the application layer❙ Filter based on application behavior
❘ In HTTP, for example, do not accept a responseunless an HTTP request has just gone out to thatsite
Application
35Firewalls
❚ Application (Proxy) Firewalls❙ Hide internal internet addresses❙ Internal user sends an HTTP request❙ HTTP proxy program replaces user internet
address with a false IP address, sends to thewebserver
HTTPRequest
Request withFalse IP Address
36Firewalls
❚ Application (Proxy) Firewalls❙ Webserver sends response to proxy server, to
false IP address❙ HTTP proxy server sends the IP packet to the
originating host❙ Proxy program acts on behalf of internal user
Response toFalse IP Address
HTTPResponse
37Firewalls
❚ Application Firewalls❙ Need a separate program (proxy) for each
application❙ Not all applications have rules that allow
filtering, for instance database applications
❚ Stateful Inspection❙ Rules based on more subtle aspects of
behavior at multiple layers
Quality of Service
Beyond Best-Effort Service
Prioritization
QoS More Broadly Defined
The ATM Advantage
Tagging Ethernet and IP
C,E N
39Best-Effort Service
❚ Ethernet and IP are Best-Effort Services
❙ Sender submits IP packets or Ethernet frames
❙ Network does its best to get them through
❙ No guarantee of latency or jitter (variablelatency)
❙ No guarantee of security, etc.
❙ Done because best-effort is inexpensive
❙ Works well if capacity far exceeds demand
40Prioritization
❚ Some Services are More Sensitive to Latencythan Others❙ Voice is more sensitive than e-mail
❚ Solution: Prioritization
❙ Give higher priority to time-sensitiveapplications
❙ If two frames or packets arrive at a switch orrouter simultaneously, process the one withhigher priority on first
41Prioritization
❚ Prioritization versus Bandwidth
❚ If have enough transmission capacity, all framesor packets will get through with very low latency
❚ Bandwidth (transmission capacity) may becheaper to add than the logic needed forprioritization
❚ It’s an issue of bandwidth costs versus logiccosts.
42QoS More Broadly Defined
❚ Controlling Latency is One Service Goal
❚ There are others❙ Security❙ Reliability (downtime, error rates, etc.)❙ Etc.
❚ Quality of Service (QoS)❙ Guarantees of service quality for several
parameters
43The ATM Advantage
❚ Strong Intrinsic QoS Guarantees for Latency❙ Originally created for voice, which his highly
sensitive to latency and timing❙ Priority for overall latency
❘ Voice and other critical services guaranteed❘ Small cell means low latency at each switch
❙ Guarantee of no jitter (variable latency)❘ Especially important for voice and video❘ Without it, sound and picture will be jittery
44Tagging Ethernet and IP
❚ Efforts Now Underway to add Tags to Ethernetand IP
❙ Tag will have a priority of service field
❙ If possibilities are 0-7, higher values will gethigher priority
❙ Not full QoS, but improves general latency
Body HeaderTag
45Tagging Ethernet and IP
❚ Efforts Now Underway
❚ IEEE❙ Adding tags to all LAN MAC Layer Frames❙ Priority level❙ Virtual LAN identifier to standardize VLANs
❚ IETF❙ Differentiated Services initiative❙ Adding features to IP, including security❙ Prioritization is one feature being added
46Filtering
❚ Filtering is examining an incoming frame orpacket
❚ Purposes❙ Effective, efficient, reliable delivery❙ Access control❙ Quality of Service (QoS)❙ Translation between networks with different
standardsPPPH
IPH
TCPH
ApplicationPDU
47Filtering
❚ Layer of Filtering❙ Frame (data link)
❘ Switches
❙ Packet (internet)❘ Routers, Firewalls
❙ Transport❘ Identity of application layer program❘ Prioritization, access control
❙ Application❘ Content filtering (viruses, etc.)
❚ For best results, filter at all layers
PPPH
IPH
TCPH
ApplicationPDU
48Filtering
❚ Now many devices: routers, firewalls, etc.
❚ In future, integrated transmission networks❙ Comprehensive policy servers will store and
distribute policies for central control
Policies
ComprehensivePolicy Server
49Filtering
❚ In future, integrated transmission networks❙ Comprehensive relay devices will route and
control simultaneously, filtering at all layers
❚ However, security may limit ability to filter byencrypting layers
ComprehensiveRelay
Devices
50Recap: Servers
❚ Needs of Enterprise Servers
❚ Intel-based Servers
❚ Workstation Servers
❚ Symmetric Multiprocessing (SMP)
❚ Server Clusters
❚ Load Balancing
51Recap: Directory Servers
❚ Store Information on Locations of Resources
❚ Allow users to look up information
❚ Allow users to log in once to get access to anyauthorized resource
❚ Prevents unauthorized access to resources
52Recap: Network Management
❚ Network Management System
❙ Network management console
❙ Network management program
❙ Managed devices
❙ Network management agents
❙ Management information bases (MIBs) atboth the agent and console
❙ RMON probes
53Recap: Network Management
❚ Network Management Standards❙ Govern communication between the network
management program and networkmanagement agent
❙ Requests, responses, and alarms❙ SNMP dominates❙ CMIS/CMIS, carrier standards, proprietary
standards important❙ Comprehensive network management
programs work with multiple types of agents
54Recap: Network Management
❚ Levels of Management❙ Applications❙ Systems management (computers)❙ Transmission
❚ Concerns (Cut Across Levels)❙ Fault management❙ Configuration management❙ Performance management❙ Security❙ Accounting management
55Recap: Security
❚ Threats❙ Interception (privacy, confidentiality,
integrity)❙ Impostors (authentication)❙ Denial-of-Service attacks
❚ Need Central Policy
❚ Encryption for privacy (AKA confidentiality)❙ Plaintext and ciphertext❙ Encryption method and key
56Recap: Security
❚ Single Key Encryption❙ Both sender and receiver use a single key❙ Processing is not intensive❙ Key distribution with each pair of business
partners is difficult
57Recap: Security
❚ Public Key Encryption
❙ Four keys: private and public key for eachparty
❙ Sender always encrypts with receiver’s publickey
❙ Only the receiver can decrypt the message
❙ Processing is very intensive: can only be usedfor small messages
58Recap: Security
❚ Combining Single and Public Key Methods
❙ One party creates a single key session key
❙ Creator encrypts the session key with theother part’s public key and sends it
❙ Other partner decrypts the message
❙ Now both parties have the session key
❙ They use it for the remainder of the session
59Recap: Security
❚ Authentication❙ Proving your identity❙ Passwords, other methods
❚ Public Key Authentication❙ Prove that you hold your private key, which
only you should know❙ Digital signatures❙ Digital certificates
60Recap: Security
❚ Firewalls❙ Prevent access to internal corporate network
from unauthorized people on the Internet
❚ Levels of Firewall❙ IP❙ Application (proxy)❙ Stateful inspection
61Recap: QoS
❚ QoS is a Broad Concept. Can Guarantee❙ Maximum latency and variable latency (jitter)❙ Security❙ Etc.❙ If no QoS, only best effort service
❘ IP and Ethernet
❚ Priority❙ Allow latency-sensitive applications to go first❙ Being added to Ethernet, IP in tag fields❙ May be cheaper to buy more bandwidth
62Recap: Filtering
❚ Filtering: Examine Contents of a Header❙ For delivery (efficient, effective, QoS)❙ For access control❙ Translation between networks
❚ Now, different devices filter at different layersand do different things❙ Switches: Filter MAC addresses for delivery❙ Switches: Filter MAC address for VLANs❙ Routers: Filter internet addresses for delivery❙ Firewalls: Filter for access control
63Recap: Filtering
❚ In the future, integrated transmission networks
❙ Comprehensive relay devices will both deliverand control access, filtering at all layers
❙ Comprehensive policy servers will maintaincentral policies, distribute them tocomprehensive relay devices
❙ Encryption may limit ability to filter at alllayers