Advanced Security and Mobile Networks

Transcription

1 Advanced Security and Mobile Networks W.Buchanan (1)

2 3. Encryption 4. Forensic Computing Advanced Security and Mobile Networks: Learning Outcomes: 2. IDS 1. Network Security 5. Software Security 6. Network Threats To be able to analyse security systems and critically evaluate their performance. To be able to design and implement an efficient security model for given network security policies. To be evaluate mobile and ad-hoc networks, in terms of infrastructure, topology, routing, computation, security and their associated communications. To critically evaluate current research in the area of security and mobile networks, and assess current technological boundaries in the implementation of these technologies. Security Elements W.Buchanan (2)

3 9. GSM/3G Advanced Security and Mobile Networks: Module Assessment 1. Coursework 1. Security Analysis [50%] 2. Coursework 2. Mobile Networks [50%] 8. Ad-hoc WWW site Mobile Networks Recommended Software Snort 2.0 WinPCap Ethereal Security Elements W.Buchanan (3)

4 3. Encryption 2. IDS 4. Forensic Computing 5. Software Security Unit 1: Network Security. Firewalls. NAT. PIX firewall. VPN s. Transport Layer (SSL, PCT). Application Layer (HTTPS). Defence-in-depth. IPSec. 1. Network Security 6. Network Threats Unit 1: Network Security W.Buchanan (4)

5 3. Encryption 2. IDS 4. Forensic Computing 5. Software Security Unit 2: Intrusion Detection Systems. Techniques. Snort. IDS Rules. Tripwire. Audit Logs. Profiling. 1. Network Security 6. Network Threats Unit 2: Intrusion Detection Systems W.Buchanan (5)

6 3. Encryption 2. IDS 4. Forensic Computing 5. Software Security Unit 3: Encryption. Techniques. Public-key. Secure Sockets. RSA. 3DES. MD5. Authentication, security (PGP/S/MIME). 1. Network Security 6. Network Threats Unit 3: Encryption W.Buchanan (6)

7 3. Encryption 2. IDS 4. Forensic Computing 5. Software Security Unit 4: Forensic Computing. Data hiding. Covert Channel Analysis. Stenography. Information Assurance. Legal Aspects. Ethical issues. Forensic Tools. CPAR (Collection, Preservation, Analysis and Reporting). 1. Network Security 6. Network Threats Unit 4: Forensic Computing W.Buchanan (7)

8 3. Encryption 2. IDS 4. Forensic Computing 5. Software Security Unit 5 Software Security Security Goals. Weaknesses. Buffer Overflows. Java Security. CGI/API. Database Security. Client-wide security. Server-side Security. 1. Network Security 6. Network Threats Unit 5: Software Security W.Buchanan (8)

9 3. Encryption 4. Forensic Computing Unit 6: Network Threats. Secure Models. floods. DoS. Vulnerability Threats. Policies. 2. IDS 5. Software Security 1. Network Security 6. Network Threats Unit 6: Network Threats W.Buchanan (9)

10 9. GSM/3G Unit 7: Mobile Networks. Wireless. Security. Mobile IP. Mobile Agents. Spread spectrum. Military/Emergency Networks 8. Ad-hoc 7. Mobile Networks Security Elements W.Buchanan (10)

11 9. GSM/3G Unit 8: Ad-hoc Networks. Ad-hoc routing. On-demand routing. Techniques. MANET. Applications. 8. Ad-hoc 7. Mobile Networks Security Elements W.Buchanan (11)

12 9. GSM/3G Unit 9: GMS/3G networks. Operation. Location-finding techniques. Location-based services. GSM Security. Mobile Phone Network Design. Spread-spectrum. 8. Ad-hoc 7. Mobile Networks Security Elements W.Buchanan (12)

13 Internal intruders External intruders External Internal Users Systems Data Network intrusions (Internal and External) W.Buchanan (13)

14 Increasing difficulty to deal with 100billions Large-scale military 100M Government activities 10 millions 100,000s Budget: 1000s Industrial espionage Professional data mining Home user Differing budgets for intrusion W.Buchanan (14)

15 Data Data Data Data Presentation RSA, DES, PGP encryption Presentation Session S-HTTP (WWW), S-FTP Session Transport SSL (Secure Socket Layer), Proxy servers. Transport Network Data Data Link Link Physical Firewalls, NAT translation, Interior routing protocols. VLANs, WEP key for wireless Networks. Physical protection of equipment, padlocks, fiber cables, and so on. Network Data Data Link Link Physical Security at different levels of the OSI model W.Buchanan (15)

16 Data Data Data Data Presentation Session Transport The earlier that security is applied, the better for overall security. Presentation Session Transport Network Data Data Link Link Physical Network Data Data Link Link Physical Security at different levels of the OSI model W.Buchanan (16)

17 the physical protection is the most important protection for a network without it you don t have a system 1. Data protection. This is typically where sensitive or commercially important information is kept. It might include information databases, design files or source code files. One method of reducing this risk is to encrypt important files with a password and/or some form of data encryption. 2. Software protection. This involves protecting all the software packages from damage or from being misconfigured. A misconfigured software package can cause as much damage as a physical attack on a system, because it can take a long time to find the problem. 3. Physical system protection. This involves protecting systems from intruders who might physically attack the systems. Normally, important systems are locked in rooms and then within locked rack-mounted cabinets. 4. Transmission protection. This involves a hacker tampering with a transmission connection. It might involve tapping into a network connection or total disconnection. Tapping can be avoided by many methods, including using optical fibres which are almost impossible to tap into (as it would typically involve sawing through a cable with hundreds of fibre cables, which would each have to be connected back as they were connected initially). Underground cables can avoid total disconnection, or its damage can be reduced by having redundant paths (such as different connections to the Internet). Examples of Security Protection W.Buchanan (17)

18 as professionals, it is our aim to overcome external and internal hacking and we must protect users, data and systems IP spoofing. Involves a hacker stealing an authorized IP address, and using it. Packet-sniffing. Listens from TCP/IP. Password attack. Hacker runs programs which determine the password of a user. Once into the system the hacker can then move onto other, more trusted, users. Sequence number prediction attacks. In TCP communications an initial TCP sequence number is used to start the communications (based on the sender s clock). The hacker can then predict the sequence numbers that would follow the initial connection. Session hi-jacking attacks. Hacker taps into a conversation between two computers. A remote trusted user could start the conversation, but the hacker could continue it. Shared library attacks. Social engineering attacks. Typically a hacker uses social methods to determine a user s password. Technological vulnerability attack. The hacker attacks a vulnerable part of the system, such as rebooting the computer, spreading viruses, etc. Trust-access attacks. Hacker adds their system to one of the trusted systems. The hacker can then get full administrator privileges. Hacking methods W.Buchanan (18)

19 Intruder gains public information about the systems, such as DNS and IP information Intruder gains more specific Information, such as subnet layout, and network devices. Outside Outside reconnaissance reconnaissance Inside Inside reconnaissance reconnaissance From code yellow to code red Exploit Exploit Profit Profit Data stealing, system damage, user abuse, and so on. Foothold Foothold Once into the system, the Intruder can then advance up levels. Intruder finds a weakness, such as cracking a password, breaching a firewall, and so on. Steps that could be taken by an intruder W.Buchanan (19)

20 Data stealing Worms/Viruses Our trusted system Corporate access access WWW access Network perimeter F Terrorism DoS (Denial-of-Service) External hack Personal abuse Fraud External Threats W.Buchanan (20)

21 Data stealing Personal abuse Data stealing Worms/Viruses Internal hack Our trusted system Worms/Viruses Fraud Corporate access access WWW access Terrorism Network perimeter F Terrorism DoS (Denial-of-Service) External hack Personal abuse Fraud External and Internet Threats W.Buchanan (21)

22 Video/Audio Streaming Why? Wasted bandwidth Hacking Why? Data/System loss. Fraud. Chat Programmes Why? Wasted time. Porn Why? Moral/legal issues. P2P programs Why? Copyright issues. Viruses/Worms Why? Data/System loss. Non-business Why? Wasted resources. Bad Traffic Why? Wasted resources. Types of Traffic that Organisations Typically Want to Detect W.Buchanan (22)