Department of Computer Science Institute for System Architecture, Chair for Computer Networks
Dr.-Ing. Stephan Groß
Room: INF 3099
E-Mail: [email protected]
Internet Services & Protocols
Why is security crucial for the Internet?
• Internet = Network of networks
• Wide-spread use of the Internet for transportation of sensitive
informations, e.g.
– Online Banking – E-Commerce – E-Government
• Problem: The Internet's roots were based on the academic world
and the free exchange of information
– If at all, security was only a secondary design goal
Today's Agenda
• What is to be protected?
– Protection Goals
• Against what to protect?
– Threats and fundamental problems of the Internet
• How to protect?
– Firewalls
– Virtual Private Networks (VPN) – Secure E-Mail
Basic Protection Goals
• Confidentiality
information only known to entitled users.
• Integrity
– Data integrity
information are correct, complete and up-to-date or that is recognizably not the case.
– Authenticity
The quality or condition of being authentic, trustworthy, or genuine.
• Availability
• Address Spoofing
– Attacking the authenticity, integrity and availability – Attacker sends IP packets with forged source address – Problem: no authentication of IP addresses
– Objective: impersonation, Denial-of-Service, avoid access control
• Sniffing
– Attacking the confidentiality
– Everyone within a subnet can “listen” to the whole network communications
• Routing attacks
– Attacking the confidentiality and availability
– “Loose Source Routing” to specify a packets route
Fundamental Security Problems in IP (or at least IPv4)
• Authentication based on IP addresses
• No protection of integrity
• No protection of confidentiality
• No protection against malicious attacks against availability
➔
IPv4 alone is by no means usable for security critical
One goal, several defence lines
Application
layer
Transport
layer
Network
layer
Link
layer
Physical
layer
IPSec, Packet FilterThe assumptions made
imply the weakest link!
SSL/TLS
Proxies & Secure Apps Secure Programming,
One goal, several ways of defence
• Prevention:
Do not allow an attacker to succeed! E.g. confidentiality cannot be restored!
• Monitoring:
Security is not a tool but a process!
How good is your protection performing?
• Reaction:
Exemplary approaches for protecting your networks
Prevention
• Firewalls
• Virtual Private Networks
• Secure Email
Monitoring
Firewall
What is an Internet Firewall?
– Restricts people to entering at a carefully controlled point – Restricts people to leaving at a carefully controlled point
Firewall
What Can a Firewall Do?
– A firewall is a focus for security decisions – A firewall can enforce security policy
– A firewall can log Internet activity – A firewall limits your exposure
What a Firewall Can’t Do:
– A firewall can't protect against malicious insiders
– A firewall can't protect against connections that don't go through it – A firewall can't protect against completely new threats
Some Firewall Definitions
Bastion hostA computer system that must be highly secured because it is exposed to the Internet and thus, it is vulnerable to attack.
Dual-homed host
A general-purpose computer system that has at least two network interfaces (or homes)
Perimeter network
A network added between a protected network and an external network, in order to provide an additional layer of security. A perimeter network is sometimes called a DMZ, which stands for De-Militarized Zone.
Packet filtering
The action a device takes to selectively control the flow of data to and from a network. Packet filters allow or block packets, usually while routing them from one network to another (most often from the Internet to an internal network, and vice versa).
Packet Filtering
• Filtering is based on IP header
information
• Pros and Cons:
– Cheap and easy
– Authenticity and Integrity of IP header
– Stateless filtering versus dynamically assigned port numbers (FTP, H.323, ...)
Proxy Services
• Also known as Application-Level
Gateways
• Control application-level data
flows
• Pros and Cons:
– Intrusion Detection using stateful inspection
– Accounting
– Performance issues
Firewall Architectures
• Dual-Homed Host
– Isolating network segments (no routing/forwarding)
– Based on Bastion host (Proxy + packet filter)
– Scalability issues and single-point-of-failure
• Screened Host
– Bastion host connected to the internal network
– Additional packet filter (critical component)
– Circumvent proxy for specific
Firewall Architectures (continued)
• Screened Subnet
– Today's state of the art
– Additional net segment for exposed systems isolated from both, internal and external network
– Hides internal network structure from external view
– Circumvent proxy for specific
applications but do not allow access to interior from exterior network
Problems with Firewalls
• Complexity → Expert knowledge necessary for the definition of
security policies, configuration and administration
• Open standard ports, e.g. 80
– increasing dissemination of web services
• Tunnelling
• Mobile devices
Virtual Private Networks (VPNs)
VPN Characteristics
• Interconnection of (physically) secured private networks using
tunnelling techniques
– Company headquarters and branch office – Business partners
– Mobile worker – Telecommuter
Extends geographic connectivity
• Connection completely transparent for the end-user
– Appears to be a separate physical network, but is not – VPN maintains addressing and routing
– VPN has to enforce local security restrictions
Types of VPNs
• Site-to-Site
– Connecting two local networks – VPN-Gateway (aka
concentrator)
• Site-to-End
– Connecting single host with local network
– VPN Client Software
connecting to a VPN-Gateway – Also used to secure WLAN
• Secure VPNs
– use cryptographic protocols to provide confidentiality,
authentication, and message integrity
– e.g. L2TP, PPTP, IPSec, SSL
• Trusted VPNs
– do not use cryptographic tunnelling
BGP/MPLS VPN Network Components
• Customer Edge (CE) deviceProvides customer access to the service provider network over a data link to one or more PE routers
• Provider Edge (PE) device
Exchanges routing information with CE routers using static routing, RIP, OSPF or EBGP
• Provider (P) device
Secure VPNs
✍
Secure Email
X.509
• Hierarchical public key
infrastructure
• Certificates issued by
certification authorities (CA)
OpenPGP (Pretty Good Privacy)
• Distributed public key
infrastructure
• Certificates within web of trust
• Public key encryption and signatures -> confidentiality & non-repudiation
• Certificates to verify a key’s authenticity
Intrusion Detection Systems
• Used to monitor (networked) systems
• Check so-called audit data for indications of an attack
• Classification based on audit source:
– Host IDS: locally generated data by applications & operating system e.g. log files, system calls, ...
– Network IDS: analysis of on-going network traffic e.g. network protocol analysis
• Classification based on analysis approach:
General IDS Architecture
Intrusion Detection System
Agent Event Director Alarm Notifier
