Business Data Communications and Networking - Chapter 11: Network Security

Business Data Communications and Networking 8th Edition Jerry Fitzgerald and Alan DennisJohn Wiley & Sons, Inc Prof. M. UlemaManhattan CollegeComputer Information Systems1Copyright 2005 John Wiley & Sons, IncChapter 11Network Security 2Copyright 2005 John Wiley & Sons, IncOutlineIntroductionRisk assessmentControlling disruption, destruction and disaster Controlling unauthorized accessPreventing, detecting, and correcting Unauthorized AccessBest practice recommendations3Copyright 2005 John Wiley & Sons, IncIntroductionSecurity - always a major business concernProtection of physical assets with locks, barriers, guards, etcProtection of information with passwords, codingIntroduction of computers and InternetRedefined the nature of information securityLaws and enforcementSlow to catch-upNow a federal crime in the U.S. (breaking into a computer)New laws against cyberborder crimes; difficult to enforce4Copyright 2005 John Wiley & Sons, IncComputer Security IncidentsGrowing at a rate of 100% per year 1988: a virus shut down 10% of the computers on the Internet Establishment of Computer Emergency Response Team (CERT) with US DoD support Number of Incidents Reported to CERT5Copyright 2005 John Wiley & Sons, IncFinancial Impact of Security2003 Computer Security Institute/FBI Computer Crime and Security Survey90% of the respondents reported security breaches in the last 12 months75% reported a financial loss due to security breachesAverage loss: $2 millionWorldwide total annual cost of security lossesExceeds $2 trillionReason for the increase in security problemsAvailability of sophisticated tools to break into networks6Copyright 2005 John Wiley & Sons, IncWhy Networks Need SecurityOrganizations becoming vulnerableBecoming increasingly dependent on computers, networksBecoming increasingly vulnerable to due widely available Internet access to its computers and networksHuge losses due to security breaches$2 M average loss + losses related to less consumer confidence as a result of publicity of breachesPotential losses from disruption of applications (Bank of America estimates $50 M per day)Protecting consumer privacyStrong laws against unauthorized disclosures (California: $250 K for each such incident)Protecting organizations’ data and application swValue of data and applications >> network cost7Copyright 2005 John Wiley & Sons, IncPrimary Goals in Providing SecurityConfidentialityProtection of data from unauthorized disclosures of customers and proprietary dataIntegrityAssurance that data have not been altered or destroyedAvailabilityProviding continuous operations of hardware and software so that parties involved can be assured of uninterrupted service8Copyright 2005 John Wiley & Sons, IncTypes of Security ThreatsBusiness continuity planning related threatsDisruptionsLoss or reduction in network serviceCould be minor or temporary (a circuit failure)Destructions of dataViruses destroying files, crash of hard diskDisasters (Natural or manmade disasters )May destroy host computers or sections of networkUnauthorized accessHackers gaining access to data files and resourcesMost unauthorized access incidents involve employeesResults: Industrial spying; fraud by changing data, etc.9Copyright 2005 John Wiley & Sons, IncExample of Some Threats10Copyright 2005 John Wiley & Sons, IncExample of Some Threats (Cont.)11Copyright 2005 John Wiley & Sons, IncNetwork ControlsMechanisms that reduce or eliminate the threats to network securityTypes of controls:Preventative controlsMitigate or stop a person from acting or an event from occurring (e.g., locks, passwords, backup circuits)Act as a deterrent by discouraging or retrainingDetective controlsReveal or discover unwanted events (e.g., auditing)Documenting events for potential evidenceCorrective controlsRectify an unwanted event or a trespass (e.g., reinitiating a network circuit)12Copyright 2005 John Wiley & Sons, IncNetwork Controls (Cont.)Also require personnel designated to:Develop controlsEnsure that controls are operating effectivelyUpdate or replace controls when necessaryNeed to be reviewed periodicallyEnsure that the control is still present (verification)Determine if the control is working as specified (testing)13Copyright 2005 John Wiley & Sons, IncRisk AssessmentA key step in developing a secure networkAssigns level of risks to various threatsBy comparing the nature of threats to the controls designed to reduce themUse a control spreadsheetList down network assets on the sideList threats across the topList the controls that are currently in use to address each threat in the corresponding cells14Copyright 2005 John Wiley & Sons, Inc Sample Control SpreadsheetThreats Assets (with Priority)Disruption, Destruction, DisasterFire Flood Power Circuit Virus Loss FailureUnauthorized AccessExternal Internal Eaves-Intruder Intruder drop(92) Mail Server  (90) Web Server (90) DNS Server  (50) Computers on 6th floor  (50) 6th floor LAN circuits  (80) Building A Backbone  (70) Router in Building A  (30) Network Software   (100) Client Database  (100) Financial Database  (70) Network Technical staff  15Copyright 2005 John Wiley & Sons, IncNetwork AssetsIdentify the assets on the networkOrganization’s data files (most important)Mission critical applications (also very important)Programs critical to survival of businessHardware, software componentsImportant, but easily replaceableEvaluate assets based on their importanceValue of an assetIts replacement costPersonnel time to replace the assetLost revenue due to the absence of the assete.g., lost sales because a web server is down16Copyright 2005 John Wiley & Sons, Inc HardwareServers, such as mail servers, web servers, DNS servers, DHCP servers, and LAN file serversClient computersDevices such as hubs, switches, and routersCircuitsLocally operated circuits such LANs and backbonesContracted circuits such as MAN and WAN circuitsInternet access circuitsNetwork SoftwareServer operating systems and system settingsApplications software such as mail server and web server softwareClient SoftwareOperating systems and system settingsApplication software such as word processorsOrganizational DataDatabases with organizational recordsMission critical applicationsFor example, for an Internet bank, the Web site is mission criticalTypes of Assets17Copyright 2005 John Wiley & Sons, IncSecurity ThreatsIdentify threatsAny potentially adverse occurrence that canHarm or interrupt the systems using the network, or Cause a monetary loss to an organizationRank threats according to Their probability of occurrenceLikely cost if the threat occursTake the nature of business into accountExample: Internet banking vs. a restaurantBank’s web site: has a higher probability of attack and much bigger loss if happensRestaurant web site: much less likely and small loss18Copyright 2005 John Wiley & Sons, IncLikelihood and Costs of Threats>>>> Fig 11.5 goes here19Copyright 2005 John Wiley & Sons, IncCommon Security ThreatsVirus infection – most likely eventUnauthorized access By internal and external hackersHigh cost to recover (both in $ and publicity)Device failure (not necessarily by a malicious act)Device theft, Natural DisasterDenial of Service attacksExternal attacks blocking access to the networkBig picture messages:Viruses: most common threat with a fairly high costUnauthorized access by employees: greater threat20Copyright 2005 John Wiley & Sons, IncIdentify and Document Controls Identify current in-place controls and list them in the cell for each asset and threatFor each asset and the specific threatDescribe each control thatPrevents,Detects and/or Corrects that threatPlace each control and its role in a numeric list (without any ranking)Place the number in the cell (in the control spreadsheet)Each cell may have one or more controls21Copyright 2005 John Wiley & Sons, IncThreats Assets (with Priority)Disruption, Destruction, DisasterFire Flood Power Circuit Virus Loss FailureUnauthorized AccessExternal Internal Eaves-Intruder Intruder drop(92) Mail Server  (90) Web Server (90) DNS Server  (50) Computers on 6th floor  (50) 6th floor LAN circuits  (80) Building A Backbone  (70) Router in Building A  (30) Network Software   (100) Client Database  (100) Financial Database  (70) Network Technical staff   1,2 1,3 4 5, 6 7, 89, 10, 11 9, 101,2 1,3 4 5, 6 7, 89, 10, 11 9, 101,2 1,3 4 5, 6 7, 89, 10, 11 9, 101,2 1,3 7, 810, 11 101,2 1,3  1,2 1,3 6  1,2 1,3 9 9 7, 89, 10, 11 9, 10 7, 89, 10, 11 9, 10 7, 89, 10, 11 9, 101 1 Sample Control Spreadsheet 22Copyright 2005 John Wiley & Sons, IncList of Controls  Disaster Recovery PlanHalon fire system in server room. Sprinklers in rest of buildingNot on or below ground levelUninterruptible Power Supply (UPS) on all major network serversContract guarantees from inter-exchange carriersExtra backbone fiber cable laid in different conduits Virus checking software present on the networkExtensive user training on viruses and reminders in monthly newsletterStrong password softwareExtensive user training on password security and reminders in monthly newsletterApplication Layer firewall23Copyright 2005 John Wiley & Sons, IncEvaluate the Network’s SecurityEvaluate adequacy of the controls and resulting degree of risk associated with each threatEstablish priorities for dealing with threats to network securityWhich threats to be addressed immediately?Assessment can be done by Network manager, orA team of experts (better approach, a.k.a., Delphi team)Chosen (3-9 people) for their in-depth knowledge about the network and environment being reviewedIncludes key managers (important for implementing final results)24Copyright 2005 John Wiley & Sons, IncBusiness Continuity PlanningMake sure that organization’s data and applications will continue to operate even in the face of disruption, destruction, or disasterContinuity Plan includesDevelopment of controlsTo prevent these events from having a major impactDisaster recovery planTo enable the organization to recover if a disaster occurs25Copyright 2005 John Wiley & Sons, IncSpecifics of Continuity PlanPreventing Disruption, Destruction, and DisasterUsing Redundant HardwarePreventing Natural DisasterPreventing TheftPreventing VirusesPreventing Denial of ServiceDetecting Disruption, Destruction, and DisasterCorrecting Disruption, Destruction, and DisasterDisaster Recovery PlanDisaster Recovery Outsourcing26Copyright 2005 John Wiley & Sons, IncUsing Redundant HardwareA key principal in preventing disruption, destruction and disasterExamples of components that provide redundancyUninterruptible power supplies (UPS)A separate battery powered power supplyCan supply power for minutes or even hoursFault-tolerant servers (with redundant components)Disk mirroring A redundant second disk for every disk on the serverEvery data on primary disk is duplicated on mirrorDisk duplexing (redundant disk controllers)Can apply to other network components as wellCircuits, routers, client computers, etc., 27Copyright 2005 John Wiley & Sons, IncPreventing Natural DisastersMore difficult to doSince the entire site can be destroyed by a disasterFundamental principle:Decentralize the network resources Store critical data in at least two separate locations (in different part of the country)Best solutionHave a completely redundant network that duplicates every network component, but in a different locationOther stepsDepend on the type of disaster to be preventedFlood: Locate key components away from riversFire: Install Halon fire suppression system28Copyright 2005 John Wiley & Sons, IncPreventing TheftSecurity plan must include:An evaluation of ways to prevent equipment theftProcedures to execute the plan Equipment theft A big problemAbout $1 billion lost each year to theft of computers and related equipmentAttractive good second hand marketMaking the m valuable to steal29Copyright 2005 John Wiley & Sons, IncPreventing Computer VirusesViruses (Macro viruses)Attach themselves to other programs (documents) and spread when the programs are executed (the files are opened)WormsSpecial type of virus that spread itself without human intervention (copies itself from computer to computer)Anti-virus software packagesCheck disks and files to ensure that they are virus-freeIncoming e-mail messagesMost common source of virusesAttachments to e-mails to be checked for virusesUse of filtering programs that ‘clean’ incoming e-mail30Copyright 2005 John Wiley & Sons, IncPreventing Denial of Service AttacksDoS attacksNetwork disrupted by a flood of messages (prevents messages from normal users)Flooding web servers, email serversDistributed DoS (DDoS)Places DDoS agents into many computersControls them by DDoS handlerExample: Issues instructions to computers to send simultaneous messages to a target computerDifficult to prevent DoS and DDoS attacksSetup many servers around the worldUse Intrusion Detection SystemsRequire ISPs to verify that all incoming messages have valid IP addresses31Copyright 2005 John Wiley & Sons, IncDetecting Disruption, Destruction, DisasterRecognize major problems quicklyInvolves alerting network managers to problems for corrective actionsRequires clear procedures describing how to report problems quicklyDetecting minor disruptionsMore difficult Bad spots on a drive remaining unnoticed until it is checkedRequires ongoing monitoringRequires fault information be routinely logged32Copyright 2005 John Wiley & Sons, IncDisaster Recovery Plans (DRPs)Identify clear responses to possible disastersProvide for partial or complete recovery of All data, Application software, Network components, and Physical facilitiesIncludes backup and recovery controls Make backup copies of all data and SW routinelyEncrypt them and store them offsiteShould include a documented and tested approach to recoveryInclude Disaster Recovery DrillsShould address what to do in situations likeIf the main database is destroyedIf the data center is destroyed, how long 33Copyright 2005 John Wiley & Sons, IncElements of a DRP Names of responsible individualsStaff assignments and responsibilitiesList of priorities of “fix-firsts”Location of alternative facilitiesRecovery procedures for data communications facilities, servers and application systemsActions to be taken under various contingenciesManual processesUpdating and Testing proceduresSafe storage of data, software and the disaster recovery plan itself34Copyright 2005 John Wiley & Sons, IncTwo-Level DRPsLevel 1: Build enough capacity and have enough spare equipmentTo recover from a minor disaster (e.g., loss of a major server or portion of the network)Could be very expensiveLevel 2: Rely on professional disaster recovery firms To provide second level support for major disasters35Copyright 2005 John Wiley & Sons, IncDisaster Recovery FirmsOffer a range of servicesSecure storage for backups A complete networked data center that clients can use in disastersComplete recovery of data and network within hoursExpensive, used by large organizationsMay be worthwhile when millions of dollars of lost revenue may be at stake36Copyright 2005 John Wiley & Sons, IncControlling Unauthorized AccessTypes of intruders Casual intrudersWith Limited knowledge (“trying doorknobs”)Script kiddies: Novice attackers using hacking toolsSecurity experts (hackers)Motivation: the thrill of the hunt; show offCrackers: hackers who cause damageProfessional hackers (espionage, fraud, etc)Breaking into computers for specific purposesOrganization employees With legitimate access to the network Gain access to information not authorized to use37Copyright 2005 John Wiley & Sons, IncPreventing Unauthorized AccessRequires a proactive approach that includes routinely testing the security systemsBest rule for high securityDo not keep extremely sensitive data onlineStore them in computers isolated from the networkSecurity PolicyCritical to controlling risk due to accessShould define clearly Important assets to be safeguarded and Controls neededWhat employees should doPlan for routinely training employees and testing security controls in place38Copyright 2005 John Wiley & Sons, IncElements of a Security Policy Names of responsible individualsIncident reporting system and response teamRisk assessment with prioritiesControls on access points to prevent or deter unauthorized external accessControls within the network to ensure internal users cannot exceed their authorized accessAn acceptable use policyUser training plan on securityTesting and updating plans39Copyright 2005 John Wiley & Sons, IncAspects of Preventing Unauthorized AccessSecuring the Network PerimeterSecuring the Interior of the networkMost ignored aspects“candy security” – security without this aspect“crunchy outside, soft and chewy inside”Authenticating usersTo make sure only valid users are allowed into the network40Copyright 2005 John Wiley & Sons, IncSecuring Network PerimeterBasic access points into a networkLANs inside the organizationDial-up access through a modemInternet (most attacks come in this way)Basic elements in preventing accessPhysical SecurityDial-in securityFirewalls and Network Address Translation (NAT) Proxy servers41Copyright 2005 John Wiley & Sons, IncPhysical SecurityMeans preventing outsiders from gaining access into offices, server rooms, equipmentSecure both main and remote facilities Implement proper access controls to areas where network equipment is locatedOnly authorized personnel to accessEach network component to have its own level of physical securityHave locks on power switches and passwords to disable keyboard and screensBe careful about distributed backup and serversGood for continuity, but bad for unauthorized access  More equipment and locations to secure42Copyright 2005 John Wiley & Sons, IncPersonnel MattersAlso important toProvide proper security educationPerform background checksImplement error and fraud controlsReduces the possibility of attackers posing as employeesExample: Become employed as janitor and use various listening devices/computers to access the networkAreas vulnerable to this type of access:Network CablingNetwork Devices43Copyright 2005 John Wiley & Sons, IncSecuring Network Cables Easiest targets for eavesdroppingOften run long distances and usually not checked regularlyEasier to tap into local cablesEasier to identify individual circuits/channelsControl physical access by employees or vendors to connectors and cablesSecure local cables behind walls and above ceilingsKeep equipment room locked and alarm controlled Choose a cable type harder to tapHarder to tap into fiber optic cablesPressurized cables: generates alarms when cut44Copyright 2005 John Wiley & Sons, IncSecuring Network Devices Should be secured in locked wiring closetsMore vulnerable: LAN devices (controllers, hubs, bridges, routers, etc.,)A sniffer (LAN listening device) can be easily hooked up to these devices Use secure hubs: requires special code before a new computers are connected45Copyright 2005 John Wiley & Sons, IncDial-in SecurityRoutinely change modem numbersUse call-back modems & automatic number identification (ANI)Only users dialing in from authorized locations are granted accessUser dials-in and logs into his/her accountModem (at server) hangs-up and dials back user’s modem’s prespecified numberANI: allows the user to dial in from several prespecified locationsUse one-time only passwordsFor traveling employees who can’t use call-back modems and ANI46Copyright 2005 John Wiley & Sons, IncFirewallsPrevent intruders (by securing Internet connections)From making unauthorized access and denial of service attacks to your networkCould be a router, gateway, or special purpose computerExamines packets flowing into and out of the organization’s network Restricts access to that networkPlaced on every connection that network has to InternetMain types of firewallsPacket level firewalls (a.k.a., packet filters)Application-level firewalls (a.k.a., application gateway)47Copyright 2005 John Wiley & Sons, IncPacket Filters Examines the source and destination address of packets passing through Allows only packets that have acceptable addresses to passExamines IP Addresses and TCP ports onlyFirewall is unaware of applications and what the intruder is trying to doIP spoofing remains a problemDone by simply changing the source address of incoming packets from their real address to an address inside the organization’s networkFirewall will pass this packet48Copyright 2005 John Wiley & Sons, IncApplication-Level FirewallsActs as an intermediate host computer (between outside clients and internal servers)Forces anyone to login to this firewall and allows access only to authorized applications (e.g., Web site access) Separates a private network from the rest of the InternetHides individual computers on the network behind the firewallSome prohibits external users downloading executable filesSoftware modifications done via physical accessRequires more processing power than packet filters which can impact network performanceBecause of the increased complexity of what they do49Copyright 2005 John Wiley & Sons, IncNetwork Address Translation (NAT)Used, by most firewalls, to shield a private network from outside interferenceTranslates between private addresses inside a network and public addresses outside the networkDone transparently (unnoticed by external computers)Internal IP addresses remain hiddenPerformed by NAT proxy serversUses an address table to do translationsEx: a computer inside accesses a computer outsideChange source IP address to its own addressChange source port number to a unique numberUsed as an index to the original source IP addressPerforms reverse operations for response packets50Copyright 2005 John Wiley & Sons, IncUsing Illegal Addresses with NATUsed to provide additional securityAssigns illegal IP addresses to devices inside the networkEven if they are discovered, no packets (with these addresses) from Internet will be delivered (illegal IP address)Example: Assigned by ICANN: 128.192.55.xxAssign to NAT proxy server: 128.192.55.1Assign to internal computers: 10.3.3.xx10.x.x.x is reserved for private networks (never used on Internet)No problem with users: NAT proxy serverBig problem with intruders !!51Copyright 2005 John Wiley & Sons, IncUse of NAT Proxy ServersBecoming popular; replacing firewallsSlow down message transferRequire at least two separate DNS serversFor use by external users on InternetFor use by internal users (internal DNS server)Use of combined, layered approachUse layers of NAT proxy servers, packet filters and application gatewaysMaintaining online resources (for public access) in a “DMZ network” between the internal networks and the Internet52Copyright 2005 John Wiley & Sons, IncA Network Design Using FirewallsFor initial screening Permits web access Denies FTP requests53Copyright 2005 John Wiley & Sons, IncSecuring the InteriorSecurity HolesTrojan HorsesEncryption54Copyright 2005 John Wiley & Sons, IncSecurity HolesMade by flaws in network software that permit unintended access to the networkA bug that permits unauthorized accessOperating systems often contain security holesDetails can be highly technicalOnce discovered, knowledge about the security hole quickly circulated on the InternetA race can then begin betweenHackers attempting to break into networks through the security hole and Security teams working to produce a patch to eliminate the security hole CERT: major clearing house for Internet related holes55Copyright 2005 John Wiley & Sons, IncOther Security HolesFlawed policies adopted by vendorsNew computers come with preinstalled user accounts with well known passwordsManagers forgetting to change these passwordsAmerican government's OS security levelsMinimum level (C2): provided by most OSsMedium Level (B2): provided by someHighest level (A1 and A2): provided by few56Copyright 2005 John Wiley & Sons, IncOS Security: Windows vs. LinuxWindowsOriginally written for one user one computerUser with full controlApplications making changes to critical parts of the systemAdvantages: More powerful applications (without needing user to understand internals  feature rich, easy to use applicationsDisadvantages: Hostile applications taking over the systemLinuxMulti-users with various access rightsFew system administrators with full control57Copyright 2005 John Wiley & Sons, IncTrojan HorsesRemote access management consoles that enable users to access a computer and manage it from afarMore often concealed in another software that is downloaded over InternetCommon carriers: Music and video files shared on Internet sitesUndetected by antivirus softwareMajor TrojansBack Office: attacked Windows serversGives the attacker the same right as the administratorMorphed into tools such as MoSucker and Optix ProPowerful and easy to use58Copyright 2005 John Wiley & Sons, IncOptix Pro Trojan Menu>>>>Fig. 11.11 goes here59Copyright 2005 John Wiley & Sons, IncEncryptionOne of the best ways to prevent unauthorized access (more formally, cryptography)Process of disguising info by mathematical rulesMain components of encryption systems Plaintext: Unencrypted messageEncryption algorithm: Works like the locking mechanism to a safeKey: Works like the safe’s combinationCipher text: Produced from the plaintext message by the encryption functionDecryption - the same process in reverseDoesn’t always use the same key or algorithm.Plaintext results from decryption60Copyright 2005 John Wiley & Sons, IncEncryption TechniquesSymmetric (private key) encryptionUses the same algorithm and key to both encrypt and decrypt a messageMost commonAsymmetric (public key) encryptionUses two different “one way” keys:a public key used to encrypt messagesa private key used to decrypt themDigital signaturesBased on a variation of public key encryption61Copyright 2005 John Wiley & Sons, IncSymmetric EncryptionKey must be distributedVulnerable to interception (an important weakness)Key management – a challenge Strength of encryptionLength of the secret keyLonger keys more difficult to crack (more combinations to try)Not necessary to keep the algorithm secretHow to break an encryptionBrute force: try all possible combinations until the correct key is found62Copyright 2005 John Wiley & Sons, IncSymmetric Encryption TechniquesData Encryption Standard (DES) Developed by the US government and IBMStandardized and maintained by the National Institute of Standards and Technology (NIST)A 56-bit version of DES: used commonly, but can be broken by brute force (in a day)Not recommended for data needing high securityOther symmetric encryption techniquesTriple DES (3DES): DES three times, effectively giving it a 168 bit keyAdvanced Encryption Standard (AES), designed to replace DES; uses 128, 192 and 256 bit keysRC4: a 40 bit key, but can use up to 256 bits63Copyright 2005 John Wiley & Sons, IncRegulation of EncryptionsConsidered a weapon by the U.S. governmentRegulated its export the same way the weapons arePresent rule:Prohibits the export of encryption techniques with keys longer than 56 bitExemptions: Canada, European Union; American companies with foreign officesFocus of an ongoing policy debate between security agencies and the software industryMany non-American companies and researchers developing more powerful encryption software64Copyright 2005 John Wiley & Sons, IncAsymmetric Encryption Also known as Public Key Encryption (PKE)Most popular form of PKE: RSANamed (1977) after the initials of its inventors: Rivest, Shamir, and AdelmanForms the basis of Public Key Infrastructure (PKI)Patent expired in 2000; Now many companies offer itLonger keys: 512 bits or 1,024 bitsGreatly reduces the key management problemPublicized Public keys (in a public directory)Never distributed Private keys (kept secret)No need to exchange keysUse the other’s public key to encryptUse the private key to decrypt65Copyright 2005 John Wiley & Sons, IncPKE OperationsB makes its public key widely available (say through the Internet)message recipientmessage sender123No security hole is created by distributing the public key, since B’s private key has never been distributed.66Copyright 2005 John Wiley & Sons, IncDigital SignaturesProvide secure and authenticated message transmission (enabled by PKE)Provides a proof identifying the senderImportant for certain (legal) transactionsDigital Signature:Includes the name of the sender and other key contents (e.g., date, time, etc.,) Use of PKE in reverse (applied to Digital Signature part of the message only)Outgoing: Encrypted using the sender’s private keyIncoming: Decrypted using the sender’s public keyProviding evidence who the message originated from67Copyright 2005 John Wiley & Sons, IncTransmission with Digital SignaturesOrganization AOrganization BDigital Signature only68Copyright 2005 John Wiley & Sons, IncPublic Key Infrastructure (PKI)Set of hardware, software, organizations, and policies to make PKE work on InternetSolves the problem with digital signaturesHow to verify that the person sending the messageElements of PKICertificate Authority (CA)A trusted organization that can vouch for the authenticity of the person of organizationCertificateA digital document verifying the identity of a digital signature’s sourceFingerprint A unique key issued by the CA for every message sent by the user (for higher security certification)69Copyright 2005 John Wiley & Sons, IncProcess with Certificate AuthorityUser registers with a CA (e.g., VeriSign)Must provide some proof of IdentityLevels of certification: Examples:Simple confirmation of an email addressComplete police style background checkCA issues a digital certificateUser attaches the certificate to transactions (email, web, etc)Receiver authenticates transaction with CA’s public keyContact CA to ensure the certificate is not revoked or expired70Copyright 2005 John Wiley & Sons, IncPretty Good Privacy (PGP)A PKE freeware packageOften used to encrypt e-mailUsers make their public keys availableExample: Posting them on Web pagesAnyone wishing to send an encrypted message to that personCopies the public key from the Web page into the PGP softwareEncrypts (via PGP software) and sends the message using that key71Copyright 2005 John Wiley & Sons, IncSecure Sockets Layer (SSL)A protocol widely used on the WebOperates between the application and transport layers Operations of SSLNegotiation for PKIServerSend its public key and encryption technique to be used (e.g., RC4, DES)BrowserGenerates a key for this encryption technique; and sends it to the server (by encrypting with servers public key)CommunicationsEncrypted by using the key generated by browserHTTP, FTP, SMTPSSLTCPIPData LinkPhysical72Copyright 2005 John Wiley & Sons, IncIP Security Protocol (IPSec)Another widely used encryption protocolCan be used with other application layer protocols (not just for web applications)Operations of IPSec between A and BA and B generate and exchange two random keys using Internet Key Exchange (IKE)Then combine these two numbers to create encryption key to be used between A and BNext, A and B negotiate the encryption technique to be used, such as DES or 3DES.A and B then begin transmitting data using either:Transport mode: only the IP payload is encrypted Tunnel mode: entire IP packet is encrypted (needs a new header for routing in InternetHTTP, FTP, SMTPTCP, UDPIPSecIPData LinkPhysical73Copyright 2005 John Wiley & Sons, IncAuthenticating UsersDone to ensure that only the authorized users are permitted into network and into the specific resources inside the networkBasis of user authenticationUser profileUser accountsPasswordsBiometricNetwork authentication74Copyright 2005 John Wiley & Sons, IncUser ProfileAssigned to each user account by the managerDetermines the limits of what users have access to on a networkAllowable log-in day and time of dayAllowable physical locationsAllowable number of incorrect log-in attemptsSpecifies access details such as Data and network resources a user can accessType of access (e.g., read, write, create, delete)75Copyright 2005 John Wiley & Sons, IncForms of AccessPassword basedUsers gain access based on something they knowNot very secure due to poor choice of passwordsCard basedUsers gain access based on something they haveSmart cards, ATM cardsTypically used in conjunction with a passwordOne-time passwordsUsers connected to network obtains a password via:A pagerA token system (a separate handheld device)A network provided number is entered to device which generates the passwordTime-based tokens (password changes every 60 s)Generated by a device synchronized with server76Copyright 2005 John Wiley & Sons, IncBiometric based Forms of AccessUsers gain access based on something they areFinger, hand, or retina scanning by a biometric systemConvenient; no need to remember passwordsUsed in high-security applications; expensiveLow cost versions becoming availableFingerprint scanners with less than $10077Copyright 2005 John Wiley & Sons, IncManaging User AccessCreate accounts and profiles when new personnel arriveRemove user accounts when someone leaves an organizationOften forgotten, creating big security problemsMany systems allows now to set an expiration dates to the accountsWhen expires, deleted automaticallyAssign separate profiles and passwords to users using several different computersCumbersome for users and managers as well Adopt network authenticationHelps manage users automatically78Copyright 2005 John Wiley & Sons, IncNetwork AuthenticationAlso called central authentication, single sign on, directory servicesRequires user to login to an authentication serverChecks id and password against a databaseIssues a certificateCertificate used for all transactions requiring authenticationsNo need to enter passwordsEliminates passwords changing handsKerberos – most commonly used authentication protocol79Copyright 2005 John Wiley & Sons, IncManaging UsersScreen and classify both users and dataBased on “need to know”Review the effect of any security softwareFocus on restriction or control access to files, records, or data itemsProvide adequate user training on network security Use self-teaching manuals, newsletters, policy statements, and short coursesMay eliminate social engineering attacksLaunch a well publicized security campaignTo deter potential intruders80Copyright 2005 John Wiley & Sons, IncDetecting Unauthorized AccessIntrusion Detection Systems (IDSs):Network-based IDSs Install IDS sensors on network circuits and monitor packetsReports intrusions to IDS Management ConsoleHost-based IDSs Monitor all activity on the server as well as incoming server trafficApplication-based IDSs Special form of host-based IDSsMonitor just one application, such as a Web server81Copyright 2005 John Wiley & Sons, IncTechniques Used by IDSsMisuse detectionCompares monitored activities with signatures of known attacksIf an attack is recognized the IDS issues an alert and discards the packetChallenge: keep database currentAnomaly detectionOperates in stable computing environmentsLooks for major deviations from the “normal” parameters of network operatione.g., a large number of failed loginsWhen detected, an alert is issued, packets discardedProblem: false alarms (valid traffic different from normal)82Copyright 2005 John Wiley & Sons, IncUse of IDSs with Firewalls83Copyright 2005 John Wiley & Sons, IncCorrecting Unauthorized AccessMust have a clear plan to respond to breachesHave an emergency response team (CERT for Internet)Steps to take once intrusion detected:Identify where the security breach occurred and how it happenedHelps to prevents other doing it the same wayMay report the problem to policeUse Computer Forensics area techniquesUse of computer analysis techniques to gather evidence for trialsEntrapments – Use of honey potsDivert attackers to a fake server (with interesting, but fake data used as bait)Monitor access to this server; use it as a proof84Copyright 2005 John Wiley & Sons, IncBest Practice RecommendationsStart with a clear disaster recovery plan and solid security policiesTrain individuals on data recovery and social engineeringUse routinely antivirus software, firewalls, physical security, intrusion detection, and encryption>>>> Fig 11.15 goes here85Copyright 2005 John Wiley & Sons, IncPersonnel Security Recommendations>>>Fig 11.16 goes here86Copyright 2005 John Wiley & Sons, IncRecommendations (Cont.)Use of strong centralized desktop managementProhibits individual users to change settingsUse regular reimaging of computers to prevent Trojans and virusesInstall most recent security patchesProhibit al external software downloadsUse continuous content filteringScan all incoming packetsEncrypt all server files and communicationsEnforce, vigorously, all written security policiesTreat violations as “capital offense”87Copyright 2005 John Wiley & Sons, IncImplications for ManagementSecurity - fastest growing area in networkingCost of security expected to increaseMore and sophisticated security tools to encounter ever increasing attacksNetwork becoming mission criticalMore and skilled staff providing securityExpect tougher laws and better enforcementSecurity to become a major factor to consider in choosing software and equipmentMore secure OSs, more secure application software, etc. 88Copyright 2005 John Wiley & Sons, IncCopyright 2005 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the information herein. 89Copyright 2005 John Wiley & Sons, Inc