SECURITY LECTURE By PRAVIN SHETTY

2

Reduce the baud rate!!

3

In the last lecture

Taxonomy of security attacks Aims or services of security A Model of internetwork security

Security in Computing

5

In Today’s lecture

Computer Security - what we mean? Security goals and vulnerabilities Methods of defence Plan of attack Carrying to (inter)network security.

6

Computer Security

Computer security deals with the prevention and detection of unauthorised actions by users of a computer system.

7

The security dilemma

security deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others.

Security-unaware users have specific security requirements but (usually) no security expertise.

But

8

The security dilemma

The costs of additional resources to implement security mechanisms can be quantified.

Security mechanisms interfere with users, and can lead to loss of productivity.

Managing security also costs.

9

Principles of Security

Principle of easiest penetration an intruder will use any means of penetration

Principles of timeliness items only need to be protected until they lose

their value Principles of effectiveness

controls must work, and they should be efficient, easy to use, and appropriate.

10

Risk Analysis

Risk analysis evaluates the cost of implementing security measures as opposed to losing the data and information.

11

Vulnerabilities

The three broad computing system resources arehardware

interruption (denial of service), interception (theft)software

interruption (deletion), interception, modificationdata

interruption (loss), interception, modification and fabrication

12

Method of defence

By controlsWhat should be the focus of the controls?

For example: should protection mechanisms focus on data or operations on that data or on the users who use the data?

Since there are layers of technology, where controls should apply? Applications, services, operating systems,

kernel, hardware.

13

Controls

Can be applied at hardware, software, physical or polices.

Simple mechanisms or lots of features? Should defining and enforcing security

mechanism be a centralised function? How to prevent access to the layer below

the security mechanism?

14

Effectiveness of Conrols

Merely having controls does no good unless they are used properly. The factors that affect the effectiveness areAwareness of protectionLikelihood of usersOverlapping controlsPeriodic review

15

Different forms of control

Authentication Access control

16

Authentication

Means establishing proof (assurance) of identify.Proving that the object or the subject is what it

claims to be: (is the user the person they say they are?; is this message actually what was sent by the originator?)

Usually involves one or a combination of something you are, something you know, and something you have. (user name, password, possibly some

hardware authentication device you can have).

17

Access Control

Relates to who (or what) may have access to some object.

The object might be tangible, like a tape drive or it can be abstract like a directory in a file system, or a network service on a remote system (like print or mail server).

Concern with respect to security is how the object can be accessed; can be used locally or remotely; can it read, written or executed? If so by whom or what, and in what circumstances?

18

Access Control

Access control problem is essentially one of authorization, rights, and privileges.

There is some standard way to access computing resources (like username and password) while there is NO standard access control scheme for the internet (internetwork).

19

Security services

Authentication Access control Integrity Confidentiality Nonrepudiation Availability

20

Integrity

refers to the current condition of some data as compared to their pure and original state.

An example in internetworking: a message or file that traverses the network at risk of having data added, removed, or modified along the way.

21

Integirty

Consider the following message:

From: root@temple.csse.monsah.edu.auTo: root@beast.csse.monash.edu.au, root@pluto.csse.monash.edu.auSubject: hackers

temple.csse has been hacked by intruders. I am working to resolve this problem. Please check your systems for possible intrusion.

As a by-product of this email message, the attacker of temple.csse has also compromised an email server at this site (How?).

22

Integrity

By monitoring the outbound mail queue, the attacker intercepts this message and rather than deleting it, he takes the following three tacks.

Consider the ramifications of these messages that actually received by the root user of the remote sites:

23

Tack -1

From: root@temple.csse.monsah.edu.auTo: root@beast.csse.monash.edu.au,Subject: hackers

temple.csse has been hacked by intruders. I am working to resolve this problem. Please check your systems for possible intrusion.P.S. One of my co-worker will call you very soon to discuss the details with you, and to offer assistance.

The attacker can gain the access to the root (privileged) account of beast.csse.

In addition temple.csse detects and closes the former point of access, the attacker can erase all his/her old footprints!!

24

Tack-2

From: root@temple.csse.monsah.edu.auTo: root@pluto.csse.monash.edu.auSubject: hackers

temple.csse has been hacked by intruders.

Here the intruder has left the notice of temple.csse’s intrusion intact, but removed the advice to check the other systems – to give time to cover the tracks as well another venue to intrude!!

25

Tack -3

From: root@beast.csse.monsah.edu.auTo: root@pluto.csse.monash.edu.au,Subject: hackers

beast.csse has been hacked by intruders. I am working to resolve this problem. Please check your systems for possible intrusion.

The implication of this action is …

26

Confidentiality

You might not really care if a few postal employees read a postcard or two, but would you care if every piece of mail you received were paraded in plain view past each person that lives between post office and your home?

On internetworking, email, data transfer via FTP and www requests may be handled by intervening networks and devices and anyone with access to them, authorized or not, can read the data/messages.

27

Layered Protocol Models

MessageData

SenderIdentify

RecipientIdentity

MessageLength

28

A layered protocol stack

Layer N

Layer N-1

Layer 2

Layer 1

29

Protocol enveloping

Each layer in a protocol stack uses a unique and well-defined message format for communicating with its peer layers on other systems.

As message gets passed down from one layer to the next, it is enveloped inside of another message. A new envelop is added at each step.

After transmission across the network, the protocol layers on the receiving system strip off their respective envelopes (among other tasks).

The original message is passed to the highest layer.

30

Protocol enveloping

31

Layered Architecture for Networks

OSI Reference Model Internet’s TCP/IP Model

32

OSI Reference Model

OSI reference model is an abstract model, one that defines services and protocols that deliver the services.

It does not specify the following: programming language bindings operating system bindingsApplication interface issues user interface issues

33

OSI Reference Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Applicationrelatedservices

Networkrelatedservices

34

Internet TCP/IP Model

Application

Transport(TCP, UDP)

Data Link

Physical

Network (IP)

35

Network Layer - IP

The primary protocol in use at the network layer is the internet protocol (IP)

16 bit 3 bit 13 –bit Identification flags fragment offset

Data (variable length)

32-bit Destination address

Options(if any) and padding

32-bit Source address

4-bit 4-bit 8 bit 16-bit Version header length type of service Total Length

8-bit 8-bit 16-bit time to live protocol header checksum

36

Aside - IP

Internet Control Message Protocol (ICMP) influences and somewhat controls the behavior of the IP layer, while actually using IP services to perform its tasks.

ICMP monitors and communicates network control information between network participants.

The IP layer also is impacted by special routing protocols like Routing Information Protocol (RIP), Internet Group Management Protocol (IGMP), Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP).

37

Transport layer – TCP & UDP

Transmission control protocol – connection oriented, full-duplex service

User datagram protocol – lightweight connectionless service.

38

TCP segment

Data (variable length)

16-bit 16-bit TCP Checksum Urgent pointer

Options(if any) and padding

16-bit 16-bit Source port number Destination port number

32 bit acknowledgement number

4-bit 6-bit 6-bit 16-bitHeader len Reserved Flags Window Size

32-bit Sequence number

39

UDP datagram

Date (variable length, if any)

16- bit 16-bit Source Port Number Destination Port Number

16-bit 16-bit Length Checksum

40

Application Layer

This layer’s protocol is defined by the application.

An application engages network services from the TCP or UDO transport layers through one of several APIs, such as Berkeley Sockets on BSD and Transport Layer Interface (TLI) on System V.

41

Protocol enveloping in the TCP/IP

42

TCP/IP protocol suite

Physical

TCP UDP ICMP

IP

Data LinkEthernet, Token Ring, FDDI, etc

ApplicationFTP, SMTP, HTTP, etc

43

Security in layered IP

Security at the IP layer is related to the layer’s function of end-to-end datagram delivery.

The security weakness are:Network snoopingMessage replayMessage alterationMessage delay and denialAuthentication issuesRouting attacks

44

Network Snooping

Attacker observes network traffic without disturbing the transmission (passive) – commonly known as snooping or sniffing.

Commonly snooped are user passwords. Sniffing software works by placing a

system’s network interface into promiscuous mode.

Systems like Unix require superuser or system-level privileges to access the network promiscuously.

45

Message Relay

Relaying the message to another host and it accepts as if it is trusted.Example: transfer of password files in a

networked unix systems.

46

Message alteration

Message means the payload of the IP datagram, the router performs routine modifications to the IP datagram header, and sometimes fragments a datagram into several smaller ones (when the length exceeds a limit allowed by the underlying data link layer).

No need to suspect message alteration, but techniques such as check sum are not sufficient.

47

Message Delay and Denial

By gaining authorised control of a router or routing host, then modifying executable code or routing and screening rules used by the code. need to apply proper authentication and

access mechanisms to the routing systems. By overwhelming a routing device, or one

of the communication end systems, with an inordinate amount of network traffic. easy to detect but difficult to prevent!

48

Authentication issues

Authentication at the IP layer is concerned with the identify of computer systems.

IP address are software configurable and the mere possession (or fraudulent use) of one enables communication with other systems.

Two such techniques to do this are address masquerading address spoofing

49

Address Masquerading

50

Address Spoofing

Also known as TCP sequence number attack.

First need to understand how the three-way TCP handshake protocol works. hanshake means- an assertion that indicates

one party’s readiness to send or receive data. When two systems share a hardware connection, two-way handshake is enough.

Since TCP rides on IP – an unreliable, connectionless protocol – a three-way handshake is required.

51

Handshake in TCP

Machine A Machine B

SYN+ISN A

SYN+ISN B+ ACK(ISNA)

ACK(ISNB)

Application Data

SYN – synchronize requestISN - Initial sequence numberACK – acknowledgement for the ISN