Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×


Nächste SlideShare
Wird geladen in …3

Hier ansehen

1 von 59 Anzeige

Weitere Verwandte Inhalte

Ähnlich wie ANS_Ch_04_Handouts.pdf (20)


Aktuellste (20)


  1. 1. School of Computing & Informatics M. Sc in Computer Science & Networking By Chapter-04 Dr. Ananda Kumar K S M.Tech, Ph.D Associate Professor, School of Comp & Info Email: anandgdk@du.edu.et COET, Dilla University 1 Course Number CN6122 Course Title Advanced Network Security
  2. 2. CHAPTER-04 4.1 Fire walls 4.2 Access Methods 4.3 Security Attacks 4.4 Security Mechanisms 4.5 Secure Network Protocols-SSL & TLS COET, Dilla University 2
  3. 3.  A firewall is, in essence, a barrier between your network and the outside world.  At a minimum, it will filter incoming packets based on certain parameters such as packet size, source IP address, protocol, and destination port.  Linux and Windows (beginning with Windows XP and in all subsequent Windows versions) ship with a simple firewall.  For Windows, the firewall in Windows 7 was expanded to handle filtering both inbound and outbound traffic. COET, Dilla University 3
  4. 4.  In an organizational setting, need a dedicated firewall between your network and the outside world.  This might be a router that also has built-in firewall capabilities. (Cisco Systems is one company that is well known for high-quality routers and firewalls.) Or, it might be a server that is dedicated solely to running firewall software.  A firewall protects your computer by examining each information packet that travels over the network. Clues to a packet’s purpose can be read from its destination address. Firewalls contain a list of allowed and disallowed destinations and functions COET, Dilla University 4
  5. 5. A firewall filters packets flowing between a site and the rest of the Internet 5 COET, Dilla University
  6. 6. [BELL94b] lists the following design goals for a firewall:  All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall.  Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implement various types of security policies  The firewall itself is immune to penetration. This implies the use of a hardened system with a secured operating system. Trusted computer systems are suitable for hosting a firewall and often required in government applications. COET, Dilla University 6
  7. 7. 7  Firewalls can be set up to offer security services to many TCP/IP layers. The many types of firewalls are classified based on the network layer it offers services in and the types of services offered. They include: ◦ Packet Inspection Firewalls - are routers that inspects the contents of the source or destination addresses and ports of incoming or outgoing TCP,UDP, ICMP(Internet Control Message Protocol) packets being sent between networks and accepts or rejects the packet based on the specific packet policies set in the organization’s security policy. COET, Dilla University
  8. 8. 8 Application Proxy Server: ◦ Filtering Based on Known Services - is a machine server that sits between a client application and the server offering the services the client application may want. ◦ It behaves as a server to the client and as a client to the server, hence a proxy, providing a higher level of filtering than the packet filter server by examining individual application packet data streams. COET, Dilla University
  9. 9. 9 Virtual Private Network (VPN) Firewalls  A VPN, is a cryptographic system including Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and IPSec that carry Point-to-Point Protocol (PPP) frames across an Internet with multiple data links with added security.  The advantages of a VPN over non-VPN connections like standard Internet connections are:  VN technology encrypts its connections  Connections are limited to only machines with specified IP addresses. COET, Dilla University
  10. 10. 10 ◦ Small Office or Home (SOHO) Firewalls  A SOHO firewall is a relatively small firewall connecting a few personal computers via a hub, switch, a bridge, even a router on one side and connecting to a broadband modem like DSL or cable on the other. ◦ NAT Firewalls (Network Address Translation)  In a functioning network, every host is assigned an IP address.  In a fixed network where these addresses are static, it is easy for a hacker to get hold of a host and use it to stage attacks on other hosts within and outside the network.  To prevent this from happening, a NAT filter can be used. It hides all inside host TCP/IP information.  A NAT firewall actually functions as a proxy server by hiding identities of all internal hosts and making requests on behalf of all internal hosts on the network.  This means that to an outside host, all the internal hosts have one public IP address, that of the NAT. COET, Dilla University
  11. 11.  In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links.  To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual. Access Control Methods:  An interesting problem with security is that not only must information be protected from outsiders, it must sometimes be protected from insiders as well. COET, Dilla University 11
  12. 12. The term Access Control actually refers to the control over access to system resources after a user's account credentials and identity have been authenticated and access to the system granted. Various methods that control access to network environments are described in the following sections.  Discretionary access control (DAC)  Role-based access control (RBAC)  Mandatory access control (MAC)  Attribute Based Access Control (ABAC) COET, Dilla University 12
  13. 13.  Mandatory Access Control (MAC) is the strictest of all levels of control.  The design of MAC was defined, and is primarily used by the government.  MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator.  As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings.  It is not possible under MAC enforcement for users to change the access control of a resource. COET, Dilla University 13
  14. 14.  Unlike Mandatory Access Control (MAC) where access to system resources is controlled by the operating system (under the control of a system administrator), Discretionary Access Control (DAC) allows each user to control access to their own data.  DAC is typically the default access control mechanism for most desktop operating systems.  Instead of a security label in the case of MAC, each resource object on a DAC based system has an Access Control List (ACL) associated with it.  An ACL contains a list of users and groups to which the user has permitted access together with the level of access for each user or group. COET, Dilla University 14
  15. 15.  Role Based Access Control (RBAC), also known as Non discretionary Access Control, takes more of a real world approach to structuring access control.  Access under RBAC is based on a user's job function within the organization to which the computer system belongs.  Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role.  For example, an accountant in a company will be assigned to the Accountant role, gaining access to all the resources permitted for all accountants on the system.  Similarly, a software engineer might be assigned to the developer role. COET, Dilla University 15
  16. 16.  Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization.  Additionally, there is no way to provide individual users additional permissions over and above those available for their role.  The accountant described above gets the same permissions as all other accountants, nothing more and nothing less. COET, Dilla University 16
  17. 17.  In recent years, the ABAC has become increasingly significant due to the growing popularity of large distributed systems.  One of the main drawbacks of RBAC is the difficulty of assigning privileges to an individual. ABAC provides an effective solution since user attributes are the criteria used to determine user authorization.  This access policy improves upon RBAC in the following areas: delegation of attribute authority, decentralization of attributes, and interference of attributes.  To protect the sensitivity of credentials, ABAC contains several policies for maintaining user confidentiality and data integrity. COET, Dilla University 17
  18. 18. COET, Dilla University 18
  19. 19.  In general, there is a flow of data from a source (e.g., host, file, memory) to a destination (e.g., remote host, other file, user) over a communication channel (e.g., wire, data bus).  The task of the security system is to restrict access to this information to only those parties (persons or processes) that are authorized to have access according to the security policy in use.  In the case of an automation system that is remotely connected to the Internet, the information flow is from/to a control application that manages sensors and actuators via communication lines of the public Internet and the network of the automation system (e.g., a field-bus). COET, Dilla University 19
  20. 20. COET, Dilla University 20
  21. 21. COET, Dilla University 21
  22. 22. 1. Interruption:  An asset of the system gets destroyed or becomes unavailable.  This attack targets the source or the communication channel and prevents information from reaching its intended target (e.g., cut the wire, overload the link so that the information gets dropped because of congestion).  Attacks in this category attempt to perform a kind of denial-of-service(DOS). 2. Interception: An unauthorized party gains access to the information by eavesdropping (secretly listen to a conversation) into the communication channel (e.g., wiretapping). COET, Dilla University 22
  23. 23. 3.Modification:  The information is not only intercepted, but modified by an unauthorized party while in transit from the source to the destination.  By tampering with the information, it is actively altered (e.g., modifying message content). (Attack on Integrity) 4. Fabrication:  In this type of attack a fake message is inserted into the network by an unauthorized user as if it is a valid user.  This results in the loss of confidentiality, authenticity and integrity of the message. (Attack on Authenticity) COET, Dilla University 23
  24. 24.  Different security mechanisms can be used to enforce the security properties defined in a given security policy.  Depending on the anticipated attacks, different means have to be applied to satisfy the desired properties.  Divide these measures against attacks into three different classes: attack prevention, attack avoidance, attack detection COET, Dilla University 24
  25. 25.  Attack Prevention  Attack Avoidance  Secret Key Cryptography( Symmetric Encryption)  Public Key Cryptography (Asymmetric Encryption)  Authentication  Digital Signatures  Attack and Intrusion Detection COET, Dilla University 25
  26. 26.  Attack prevention is a class of security mechanisms that contains ways of preventing or defending against certain attacks before they can actually reach and affect the target.  An important element in this category is access control, a mechanism that can be applied at different levels such as the operating system, the network, or the application layer. COET, Dilla University 26
  27. 27.  The most common form of access control used in multi-user computer systems are access control lists for resources that are based on the user identity of the process that attempts to use them.  When an attacker compromises a server machine behind a single firewall, all other machines can be attacked from this new base without restrictions.  To prevent this, one can use two firewalls and the concept of a demilitarized zone (DMZ) COET, Dilla University 27
  28. 28. COET, Dilla University 28
  29. 29.  Security mechanisms in this category assume that an intruder may access the desired resource but the information is modified in a way that makes it unusable for the attacker.  The information is preprocessed at the sender before it is transmitted over the communication channel and post processed at the receiver.  While the information is transported over the communication channel, it resists attacks by being nearly useless for an intruder. COET, Dilla University 29
  30. 30.  The most important member in this category is cryptography, which is defined as the science of keeping messages secure.  It allows the sender to transform information into a random data stream from the point of view of an attacker but to have it recovered by an authorized receiver.  The transformation rules are described by a cryptographic algorithm. COET, Dilla University 30
  31. 31.  The function of this algorithm is based on two main principles: substitution and transposition.  In the case of substitution, each element of the plain text (e.g., bit, block) is mapped into another element of the used alphabet.  Transposition describes the process where elements of the plain text are rearranged.  Most systems involve multiple steps (called rounds) of transposition and substitution to be more resistant against cryptanalysis. COET, Dilla University 31
  32. 32.  Attack Detection Systems for secure computer systems are an approach to enhancing the security of a computer system.  In the past, they aimed at only providing a trail which could be useful in determining how a system was breached and who was responsible for this breach.  More recently, attack detection systems have become automated tools which analyse audit data captured from a system, detect attacks as they take place and take measures to prevent further damage to the target system. COET, Dilla University 32
  33. 33.  Attack detection assumes that an attacker can obtain access to his desired targets and is successful in violating a given security policy.  Mechanisms in this class are based on the optimistic assumption that most of the time the information is transferred without interference.  When undesired actions occur, attack detection has the task of reporting that something went wrong and then to react in an appropriate way. COET, Dilla University 33
  34. 34.  In addition, it is often desirable to identify the exact type of attack. An important facet of attack detection is recovery.  Often, it is enough to just report that malicious activity has been found, but some systems require that the effect of the attack has to be reverted or that an ongoing and discovered attack is stopped.  Intrusion Detection is the process of identifying and responding to malicious activities targeted at computing and network resources. COET, Dilla University 34
  35. 35.  An IDS basically monitors and collects data from a target system that should be protected, processes and correlates the gathered information, and initiate responses, when evidence for an intrusion is detected.  IDS are traditionally classified as anomaly- or signature- based.  Signature-based systems act similar to virus scanners and look for known, suspicious patterns in their input data.  Anomaly-based systems watch for deviations of actual from expected behavior and classify all ―abnormal‖ activities as malicious. COET, Dilla University 35
  36. 36. COET, Dilla University 36
  37. 37. COET, Dilla University 37
  38. 38.  Anomaly Based Monitors network traffic Keeps track of patterns of traffic and information to obtain baseline If deviation in network behavior is detected, IDS will assume an attack  Signature Based Attack Signature database is maintained Compare traffic to the database If match is found, alert is sent Requires constant updates
  39. 39.  Eliminate the need to shut down a network when an attack occurs  Allows user to observe the type of attack and methods used by the attack to prevent future attacks  The security baseline defines the criteria such as used bandwidth, protocols, ports, and the types of devices that can be connected to each-other.
  40. 40.  Commercial use of the Web continues to grow at an astonishing pace, and securing Web transactions has become increasingly critical to businesses, organizations, and individual users.  Fortunately, an extremely effective and widely deployed communications protocol provides exactly that security. It is the Secure Sockets Layer protocol, more commonly known simply as SSL. The SSL protocol— along with its successor, the Transport Layer Security (TLS) protocol. COET, Dilla University 40
  41. 41.  The idea of secure network protocols is to create an additional layer between the application and the transport/network layer to provide services for a secure end-to-end communication channel.  TCP/IP are almost always used as transport/network layer protocols on the Internet and their task is to provide a reliable end-to-end connection between remote tasks on different machines that intend to communicate. COET, Dilla University 41
  42. 42.  The services on that level are usually directly utilized by application protocols to exchange data, for example, Hypertext Transfer Protocol (HTTP) for web services.  Unfortunately, the network layer transmits these data unencrypted, leaving it vulnerable to eavesdropping or tampering attacks.  In addition, the authentication mechanisms of TCP/IP are only minimal, thereby allowing a malicious user to hijack connections and redirect traffic to his machine as well as to impersonate legitimate services. COET, Dilla University 42
  43. 43.  These threats are mitigated by secure network protocols that provide privacy and data integrity between two communicating applications by creating an encrypted and authenticated channel. Separate Security Protocol:  The designers of the Secure Sockets Layer decided to create a separate protocol just for security.  In effect, they added a layer to the Internet’s protocol architecture. COET, Dilla University 43
  44. 44. COET, Dilla University 44
  45. 45.  SSL adds security by acting as a separate security protocol, inserting itself between the http application and tcp.  By acting as a new protocol, SSL requires very few changes in the protocols above and below. COET, Dilla University 45
  46. 46.  In addition to requiring minimal changes to existing implementations, this approach has another significant benefit: It allows SSL to support applications other than HTTP.  The main motivation behind the development of SSL was Web security, but, as figure 1-5 shows, SSL is also used to add security to other Internet applications, including those of the Net News Transfer Protocol (NNTP) and the File Transfer Protocol (FTP). COET, Dilla University 46
  47. 47.  Although the designers of SSL choose a different strategy, it is also possible to add security services directly in an application protocol.  Indeed, standard HTTP does include some extremely rudimentary security features; however, those security features don’t provide adequate protection for real electronic commerce.  At about the same time Netscape was designing SSL, another group of protocol designers was worked on an enhancement to http known as Secure http. COET, Dilla University 47
  48. 48. COET, Dilla University 48
  49. 49.  The separate protocol approach of SSL can be taken one step further if security services are added directly to a core networking protocol.  That is exactly the approach of the ip security (ipsec) architecture; full security services become an optional part of the Internet Protocol itself.  In most cases, the application does not need to change at all to take advantage of ipsec. COET, Dilla University 49
  50. 50.  Figure 1-7 illustrates the ipsec architecture.  The ipsec architecture has many of the same advantages as SSL. It is independent of the application protocol, so any application may use it. COET, Dilla University 50
  51. 51.  TCP: provides a reliable end-to-end service.  TCP & SSL: provides a reliable & secure end-to- end service.  HTTPS: HTTP over SSL (or TLS)  Typically on port 443 (regular http on port 80)  SSL originally developed by Netscape  subsequently became Internet standard known as TLS (Transport Layer Security)
  52. 52.  SSL Record Protocol provides two services.  Message integrity ◦ using a MAC( Message Authentication Code) with a shared secret key ◦ similar to HMAC(Hash based Message Authentication Code) but with different padding ◦ hash functions: MD5(Message Digest), SHA- 1(Secure Hash Algorithm)  Message confidentiality ◦ Using symmetric encryption with a shared secret key. ◦ Encryption algorithms: AES, DES, 3DES, RC4.
  53. 53. (optional; default: null) ≤ 214 bytes
  54. 54. SSL Roles:  The Secure Sockets Layer protocol defines two different roles for the communicating parties.  One system is always a client, while the other is a server.  The distinction is very important, because SSL requires the two systems to behave very differently.  The client is the system that initiates the secure communications; the server responds to the client’s request.  In the most common use of SSL, secure Web browsing, the Web browser is the SSL client and the Web site is the SSL server. COET, Dilla University 55
  55. 55.  SSL 1.0 ◦ Internal Netscape design, early 1994? ◦ Lost in the mists of time  SSL 2.0 ◦ Published by Netscape, November 1994 ◦ Badly broken  SSL 3.0 ◦ Designed by Netscape and Paul Kocher, November 1996  TLS 1.0 ◦ Internet standard based on SSL 3.0, January 1999
  57. 57. Reference Text Books: 1. W. Stallings, Network Security Essentials – Applications & Standards , 4th edition, Prentice Hall, 2003. 2. C.Easttom, Computer Security Fundamentals, Prentice Hall, May 2005. 3. D. Russell and G.T. Gangemi, Computer Security Basics, OReilly& Associates, 1991. 4. M. Bishop, Computer Security: Art and Science, Addison-Wesley, 2002. 5. S. A. Thomas, SSL and TLS Essentials: Securing the Web, Wiley, 2000. COET, Dilla University 58
  58. 58. THANK YOU COET, Dilla University 59