security lecture by pravin shetty. 2 reduce the baud rate!!
TRANSCRIPT
SECURITY LECTURE By PRAVIN SHETTY
2
Reduce the baud rate!!
3
In the last lecture
Taxonomy of security attacks Aims or services of security A Model of internetwork security
Security in Computing
5
In Today’s lecture
Computer Security - what we mean? Security goals and vulnerabilities Methods of defence Plan of attack Carrying to (inter)network security.
6
Computer Security
Computer security deals with the prevention and detection of unauthorised actions by users of a computer system.
7
The security dilemma
security deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others.
Security-unaware users have specific security requirements but (usually) no security expertise.
But
8
The security dilemma
The costs of additional resources to implement security mechanisms can be quantified.
Security mechanisms interfere with users, and can lead to loss of productivity.
Managing security also costs.
9
Principles of Security
Principle of easiest penetration an intruder will use any means of penetration
Principles of timeliness items only need to be protected until they lose
their value Principles of effectiveness
controls must work, and they should be efficient, easy to use, and appropriate.
10
Risk Analysis
Risk analysis evaluates the cost of implementing security measures as opposed to losing the data and information.
11
Vulnerabilities
The three broad computing system resources arehardware
interruption (denial of service), interception (theft)software
interruption (deletion), interception, modificationdata
interruption (loss), interception, modification and fabrication
12
Method of defence
By controlsWhat should be the focus of the controls?
For example: should protection mechanisms focus on data or operations on that data or on the users who use the data?
Since there are layers of technology, where controls should apply? Applications, services, operating systems,
kernel, hardware.
13
Controls
Can be applied at hardware, software, physical or polices.
Simple mechanisms or lots of features? Should defining and enforcing security
mechanism be a centralised function? How to prevent access to the layer below
the security mechanism?
14
Effectiveness of Conrols
Merely having controls does no good unless they are used properly. The factors that affect the effectiveness areAwareness of protectionLikelihood of usersOverlapping controlsPeriodic review
15
Different forms of control
Authentication Access control
16
Authentication
Means establishing proof (assurance) of identify.Proving that the object or the subject is what it
claims to be: (is the user the person they say they are?; is this message actually what was sent by the originator?)
Usually involves one or a combination of something you are, something you know, and something you have. (user name, password, possibly some
hardware authentication device you can have).
17
Access Control
Relates to who (or what) may have access to some object.
The object might be tangible, like a tape drive or it can be abstract like a directory in a file system, or a network service on a remote system (like print or mail server).
Concern with respect to security is how the object can be accessed; can be used locally or remotely; can it read, written or executed? If so by whom or what, and in what circumstances?
18
Access Control
Access control problem is essentially one of authorization, rights, and privileges.
There is some standard way to access computing resources (like username and password) while there is NO standard access control scheme for the internet (internetwork).
19
Security services
Authentication Access control Integrity Confidentiality Nonrepudiation Availability
20
Integrity
refers to the current condition of some data as compared to their pure and original state.
An example in internetworking: a message or file that traverses the network at risk of having data added, removed, or modified along the way.
21
Integirty
Consider the following message:
From: [email protected]: [email protected], [email protected]: hackers
temple.csse has been hacked by intruders. I am working to resolve this problem. Please check your systems for possible intrusion.
As a by-product of this email message, the attacker of temple.csse has also compromised an email server at this site (How?).
22
Integrity
By monitoring the outbound mail queue, the attacker intercepts this message and rather than deleting it, he takes the following three tacks.
Consider the ramifications of these messages that actually received by the root user of the remote sites:
23
Tack -1
From: [email protected]: [email protected],Subject: hackers
temple.csse has been hacked by intruders. I am working to resolve this problem. Please check your systems for possible intrusion.P.S. One of my co-worker will call you very soon to discuss the details with you, and to offer assistance.
The attacker can gain the access to the root (privileged) account of beast.csse.
In addition temple.csse detects and closes the former point of access, the attacker can erase all his/her old footprints!!
24
Tack-2
From: [email protected]: [email protected]: hackers
temple.csse has been hacked by intruders.
Here the intruder has left the notice of temple.csse’s intrusion intact, but removed the advice to check the other systems – to give time to cover the tracks as well another venue to intrude!!
25
Tack -3
From: [email protected]: [email protected],Subject: hackers
beast.csse has been hacked by intruders. I am working to resolve this problem. Please check your systems for possible intrusion.
The implication of this action is …
26
Confidentiality
You might not really care if a few postal employees read a postcard or two, but would you care if every piece of mail you received were paraded in plain view past each person that lives between post office and your home?
On internetworking, email, data transfer via FTP and www requests may be handled by intervening networks and devices and anyone with access to them, authorized or not, can read the data/messages.
27
Layered Protocol Models
MessageData
SenderIdentify
RecipientIdentity
MessageLength
28
A layered protocol stack
Layer N
Layer N-1
Layer 2
Layer 1
29
Protocol enveloping
Each layer in a protocol stack uses a unique and well-defined message format for communicating with its peer layers on other systems.
As message gets passed down from one layer to the next, it is enveloped inside of another message. A new envelop is added at each step.
After transmission across the network, the protocol layers on the receiving system strip off their respective envelopes (among other tasks).
The original message is passed to the highest layer.
30
Protocol enveloping
31
Layered Architecture for Networks
OSI Reference Model Internet’s TCP/IP Model
32
OSI Reference Model
OSI reference model is an abstract model, one that defines services and protocols that deliver the services.
It does not specify the following: programming language bindings operating system bindingsApplication interface issues user interface issues
33
OSI Reference Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
Applicationrelatedservices
Networkrelatedservices
34
Internet TCP/IP Model
Application
Transport(TCP, UDP)
Data Link
Physical
Network (IP)
35
Network Layer - IP
The primary protocol in use at the network layer is the internet protocol (IP)
16 bit 3 bit 13 –bit Identification flags fragment offset
Data (variable length)
32-bit Destination address
Options(if any) and padding
32-bit Source address
4-bit 4-bit 8 bit 16-bit Version header length type of service Total Length
8-bit 8-bit 16-bit time to live protocol header checksum
36
Aside - IP
Internet Control Message Protocol (ICMP) influences and somewhat controls the behavior of the IP layer, while actually using IP services to perform its tasks.
ICMP monitors and communicates network control information between network participants.
The IP layer also is impacted by special routing protocols like Routing Information Protocol (RIP), Internet Group Management Protocol (IGMP), Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP).
37
Transport layer – TCP & UDP
Transmission control protocol – connection oriented, full-duplex service
User datagram protocol – lightweight connectionless service.
38
TCP segment
Data (variable length)
16-bit 16-bit TCP Checksum Urgent pointer
Options(if any) and padding
16-bit 16-bit Source port number Destination port number
32 bit acknowledgement number
4-bit 6-bit 6-bit 16-bitHeader len Reserved Flags Window Size
32-bit Sequence number
39
UDP datagram
Date (variable length, if any)
16- bit 16-bit Source Port Number Destination Port Number
16-bit 16-bit Length Checksum
40
Application Layer
This layer’s protocol is defined by the application.
An application engages network services from the TCP or UDO transport layers through one of several APIs, such as Berkeley Sockets on BSD and Transport Layer Interface (TLI) on System V.
41
Protocol enveloping in the TCP/IP
42
TCP/IP protocol suite
Physical
TCP UDP ICMP
IP
Data LinkEthernet, Token Ring, FDDI, etc
ApplicationFTP, SMTP, HTTP, etc
43
Security in layered IP
Security at the IP layer is related to the layer’s function of end-to-end datagram delivery.
The security weakness are:Network snoopingMessage replayMessage alterationMessage delay and denialAuthentication issuesRouting attacks
44
Network Snooping
Attacker observes network traffic without disturbing the transmission (passive) – commonly known as snooping or sniffing.
Commonly snooped are user passwords. Sniffing software works by placing a
system’s network interface into promiscuous mode.
Systems like Unix require superuser or system-level privileges to access the network promiscuously.
45
Message Relay
Relaying the message to another host and it accepts as if it is trusted.Example: transfer of password files in a
networked unix systems.
46
Message alteration
Message means the payload of the IP datagram, the router performs routine modifications to the IP datagram header, and sometimes fragments a datagram into several smaller ones (when the length exceeds a limit allowed by the underlying data link layer).
No need to suspect message alteration, but techniques such as check sum are not sufficient.
47
Message Delay and Denial
By gaining authorised control of a router or routing host, then modifying executable code or routing and screening rules used by the code. need to apply proper authentication and
access mechanisms to the routing systems. By overwhelming a routing device, or one
of the communication end systems, with an inordinate amount of network traffic. easy to detect but difficult to prevent!
48
Authentication issues
Authentication at the IP layer is concerned with the identify of computer systems.
IP address are software configurable and the mere possession (or fraudulent use) of one enables communication with other systems.
Two such techniques to do this are address masquerading address spoofing
49
Address Masquerading
50
Address Spoofing
Also known as TCP sequence number attack.
First need to understand how the three-way TCP handshake protocol works. hanshake means- an assertion that indicates
one party’s readiness to send or receive data. When two systems share a hardware connection, two-way handshake is enough.
Since TCP rides on IP – an unreliable, connectionless protocol – a three-way handshake is required.
51
Handshake in TCP
Machine A Machine B
SYN+ISN A
SYN+ISN B+ ACK(ISNA)
ACK(ISNB)
Application Data
SYN – synchronize requestISN - Initial sequence numberACK – acknowledgement for the ISN