• No results found

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

1

CS 665: Computer System

Security

Bojan Cukic

Lane Department of Computer Science and Electrical Engineering West Virginia University

Network Security

1 - 2

Usage environment



Anonymity



Automation, minimal human supervision



Distance



Opaqueness, hidden distance



Routing diversity and fault tolerance

1 - 3

Sources of vulnerabilities



Anonymity



Many points of attack



Sharing



Complexity



Unknown perimeter, expandability



Unknown paths

(2)

1 - 4

Threat Precursors



Port Scans

“open” ports send responses to inquires.

Depicts services, OS versions.

Application fingerprinting (HTTP-80, SMTP-25,

POP-110, FTP-21,…).



Social engineering, reconnaissance.



Eavesdropping, wiretapping.

1 - 5

Interesting Threats



Protocol flaws

Not as common any longer.



Impersonation



Spoofing

Masquerade: host pretends to be a similar named one.

Session hijacking: Intercepting and stealing the session.

Man-in-the-middle: A third entity intrudes from the

beginning of the session.

Foiled by asymmetric cryptography.

1 - 6

Interesting Threats (2)

 Denial of Service (DOS)

Transmission failure, connection flooding.

Syn flood (losing handshake packets).

 Traffic redirection

A corrupted router advertises “best path”.

 DNS attacks (Domain Name Server)

BIND programs suffer from flaws, allowing for

incorrect name-address mappings).

 Distributed DOS

Trojan horses planted in multiple computers, each

(3)

1 - 7

Threats to active code

 Cookies: What do they contain?

 Scripts

CGI scripts encode communicated data.

For example, %OA (EOL) instructs interpreter to accept next line as a new command

 http://www.t1.com/cgi-bin/qu?%OA/bin/cat/%20/etc/passwd

 Active Code

 Java 1.1 disabled code from writing on the disk. Subsequent versions relaxed the “sandbox” security.

 Hostile applets.

 Active X (Microsoft’s response to Java).  Crypto signatures of code.

1 - 8

Network Security Controls

 Architecture (segmentation)

 Encryption

Virtual Private Networks

Session keys established between the user and the target system’s firewall.

Encryption provides an encrypted tunnel.

 PKI and certificates

 SSH and SSL (secure sockets layer)

encryption

 IP Sec, IP security protocol.

Supports encryption in Internet traffic.

1 - 9

Distributed System Security

 Encryption valuable within the system

boundaries.

 In a distributed system, secure access to

data, programs and other resources is needed.

 Seamless access, regardless of the physical

location.

 Access control mechanism must:

Protecting access points.

(4)

1 - 10

Port Protection

 Authentication far more difficult for dial-ups.

Any phone in the world is an access point.

 Automatic call-back

Upon user identification, the line is broken.

Computer calls back the user, using the table

lookup for the number.

Works for multiple registered numbers too.

An easy way to establish 2-way authentication.

1 - 11

Port Protection (2)



Differentiated access rights.

Access to sensitive data allowed from “safe

houses (numbers) only.



Silent modems

Solve the systematic dial-up problem.

Waits for the caller’s modem to send the

first tone.

Authentication is still not addressed.

1 - 12

Firewalls



Appeared in 90’s, but reflect reference

monitor concepts from the 70’s.



A firewall filters traffic at the network

boundary.

For performance reasons, usually runs on a

dedicated device.



Default deny vs. default permit.

(5)

1 - 13

Firewalls

1 - 14

Types of firewalls



Packet filtering gateway (screening

router).



Statefull inspection firewall



Application proxy



Personal firewall



Screening is simpler than proxying.

1 - 15

Packet filtering gateways

 Filters packets based on address or transport

protocol information.

 Only IP address or port information screened.

Packet filtering (screening) gateway

Blocked network 1

Accepted network 2

telnet

Forged (inside) address

(6)

1 - 16

Packet Filters

 A packet coveys the

following information

Source IP address and

port

Destination IP address

and port

Information about the

protocol

Error checking

information

1 - 17

Statefull inspection firewall



Can track the sequence of packages

Instead of just individual ones.



Can prevent unusual traffic patterns

from unknown sites.

1 - 18

Application proxy

(7)

1 - 19

Application proxy (2)



Implementation example

1 - 20

Personal firewalls

 Suitable for broadband home users.

Protecting single workstation or small networks.

Runs on the workstation itself (not in isolation).

 Blocks unwanted network traffic.

Java applets, Active X, leakage of personal data,

closes ports.

 Usually generate activity and access logs.

 May be combined with virus scanners.

 Provide reasonableprotection.

1 - 21

Rules of use



Firewall needs to control entire network

perimeter, no unmediated connections.



Protection for internal network only.



Firewall is visible to outside world.

Target to attacks.

Provide layers of firewalls.

(8)

1 - 22

Defense in depth

Internet • Multiple LAN configurations

Screening router

Outmost network Intermediate LAN

References

Download now ( PDF - 8 Page - 166.03 KB )

Related documents

Lesson 5: Network perimeter security

security to the perimeter of an internal network from other networks like the Internet:..

Network Security Firewall

The DFL-210 is a powerful security solution that provides integrated Network Address Translation (NAT), SPI Firewall, advanced content filtering features, IDS protection,

2016 Los Angeles County s List of Approved Self-Initiated Programs

Computer and Mathematical Programs (continued) Computer Network and Information System Security Computer Network and Security Management Computer Network Engineer. Computer

ATINER's Conference Paper Series SME2015-1749: What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

The hypothesis that SMEs have a negative attitude towards information security is only partly supported by this research. Indeed, in the majority of aspects

M.Sc in Information Technology Revised Syllabus (ISM)

• A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.. • A firewall typically establishes

Minnesota State Community and Technical College Detroit Lakes Campus

Computer Network Security Computer Network Security..

Web Application Security 101

By exploiting simple vulnerabilities in Web applications, an attacker can pass through perimeter security undetected accessing data and even the network your traditional firewall

Is your business prepared for Cyber Risks in 2016

Firewall security reviews are important because they identify vulnerabilities that cannot normally be detected through network penetration tests and black box.