COMPUTER SECURITY. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 1 25

Transcription

1 COMPUTER SECURITY 9. Protection of local systems (2) Goal (2) Actions to take (3) Protection by Prevention in Local Networks (LAN Protection) (4) Definitions (5) Firewall devices (corta fogos): traffic control points (10) Protection by attack detection (17) Means for attack detection: IDS, Intrusion Detection Systems (19) Intrusion response (21) Protection by attack recovery (24) Protection by field vulnerability evaluation (25) J. Magalhães Cruz Computer Security Protection of Local Systems (short) 1 25

2 9. Protection of local systems Goal Protect resources (information's integrity, confidentiality of some information, resources' availability) against intentional attacks against accidental misuse (or incompetence) Motivation Realness of external threats (somewhere from the Internet) Realness of internal threats... Realness of accidents J. Magalhães Cruz Computer Security Protection of Local Systems (short) 2 25

3 Actions to take specify the security policy enforce the policy with appropriate mechanisms for prevention e.g. control the accesses to available services detection e.g. identify ongoing suspicious operations recovery e.g. reset the original, correct information testing e.g. field vulnerability evaluation: penetration trial J. Magalhães Cruz Computer Security Protection of Local Systems (short) 3 25

4 Protection by Prevention in Local Networks (LAN Protection) Comment: only external threats will be considered! DeMilitarized Zone Wxy Mail subnet1 Control center Web Mail Inner firewall Outer firewall Internet subnet2 subnet3 Web Xyz protected LAN Enterprise LAN Fig. Diagram of a well protected (against external threats) local network. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 4 25

5 ...Protection by prevention in local networks (cont.) Definitions security perimeter firewall type devices (dispositivos corta fogo) * demilitarized zone, DMZ (zona desmilitarizada) proxy type devices (dispositivos mediadores, ou procuradores) tunnels * The Portuguese translation for firewall is problematic: corta fogo is the term most faithful to the English one; posto de controlo or barreira de segurança would be the most corrects, if the devices' functionality is considered; muralha, would also be a good alternative. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 5 25

6 ...Protection by prevention: definitions (cont.) Security perimeter (perímetro de segurança) line that spans the set of computers and local area network segments that should be protected by adequate devices (e.g. firewalls) Firewall (corta fogo) specially prepared computer that controls the network traffic between the internal network of an organization and its exterior. The control is set in accordance to the specified security policy. Comment: sometimes, the software that does the actual control is, itself, called firewall. DeMilitarized Zone, DMZ (zona desmilitarizada) part of a local network that separates the most inner part of the network (portion to protect) from the outer part (closer to where attacks are expected from). J. Magalhães Cruz Computer Security Protection of Local Systems (short) 6 25

7 ...Protection by prevention: definitions (cont.) Proxy (procurador, mediador) program that acts like a mediator between two entities, so that they cannot communicate directly. In this way, it verifies and controls the information exchanged. Security tunnel communication line between two authenticated entities that assures the integrity and, maybe, the confidentiality of the exchanged information. Usually, the tunnel goes through completely unprotected areas and can be used to directly access a machine inside the security perimeter of an organization from the exterior of its local area network. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 7 25

8 ...Protection by prevention: definitions (cont.) tunnel DeMilitarized Zone Wxy Mail subnet1 Control center Web Mail Inner firewall Outer firewall Internet subnet2 subnet3 Web Tunnel Xyz X host protected LAN Enterprise LAN Fig. Diagram of a tunnel between an external machine X and the protected Wxy. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 8 25

9 ...Protection by prevention: definitions (cont.) tunnel DeMilitarized Zone Wxy Mail subnet1 Control center Web Mail Inner firewall Outer firewall Internet a) subnet2 protected LAN subnet3 Web VPN Enterprise LAN X host DeMilitarized Zone Wxy Mail subnet1 Control center Web Mail Inner firewall Outer firewall Internet subnet2 subnet3 X host VPN X host b) protected LAN Enterprise LAN Fig. Using a VPN: a) real protected connection to VPN ; b) virtual position of remote host as part of protected LAN. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 9 25

10 Firewall devices (corta fogos): traffic control points main types location limitations solutions and complements in J. Magalhães Cruz Computer Security Protection of Local Systems (short) 10 25

11 ...Firewall devices (cont.) Firewall main types filtering (access control by the observation of the network packets' visible fields) of addresses (IP header) (FIG) of packets (other headers; contents) (FIG) proxy firewall, application gateway (dispositivos de procuração ou aplicação) access control is enforced by the mediation of the communication endpoints. Usually, deals with information interpreted from data packets, so that the conversation between two parties can be understood and exposed. Comment: a specific firewall seldom fits in a single classification's type. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 11 25

12 ...Firewall types (cont.) TCP header: Filtering of data: examples IP header: UDP datagram: IP header UDP header UDP data... leaders acknowledged the great cost in losing many of their best young men in these actions. The attacks reinforced the resolution of the World War II Allies to destroy the Imperial force, and may have had a significant effect in the decision to use atomic bombs against... J. Magalhães Cruz Computer Security Protection of Local Systems (short) 12 25

13 ...Firewall devices (cont.) Location of firewalls external (connecting to the Internet) coarse control of data flow (filtering) single address of local network visible to the outside (proxy, e.g. HTTP) internal (connecting to the protected area) control of information flow (Internet access denied; controlled administrative Wxy access to the DMZ e.g. SSH only from a specific machine) single! simplified control, without demilitarized zone subnet2 Firewall J. Magalhães Cruz Computer Security Protection of Local Systems (short) Mail subnet3 subnet1 Control center Web Enterprise LAN Internet

14 ...Firewall devices (cont.) Limitations of firewalls threats internal to the perimeter, e.g. users active information contents from the outside, e.g. javascript forbidden communications over allowed protocols, e.g. HTTP tunnels, specially from mobile users, e.g. injection of uncertified data alternate means of connection to the outside, e.g connections by modem (FIG) peer to peer system (sistemas de pares), e.g. huge file sharing between lots of machines through many means (tunneling, etc.)... see Bob Blakley's The Three Myths of Firewalls : J. Magalhães Cruz Computer Security Protection of Local Systems (short) 14 25

15 ...Limitations of firewalls (cont.) Wxy modem Mail subnet1 Control center Telecom Firewall Internet subnet2 subnet3 Web ISP Enterprise LAN Fig. Connection to the outer network, not controlled by the firewall. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 15 25

16 ...Firewall devices (cont.) Firewalls: solutions and complements take internal threats in consideration (users, covert channels...) take non technological threats in consideration (social!...) control the data in or near the s (internal and distributed firewalls) use secure internal systems (operating system, installed applications...) use devices that detect on going attacks (IDS Intrusion Detection Systems) J. Magalhães Cruz Computer Security Protection of Local Systems (short) 16 25

17 Protection by attack detection Idea verify if there are active unknown users there are non authorized activities taking place (security policy...) if any of those situations are identified, one can say that the system has been intruded can be used for protection against external as well as internal attacks J. Magalhães Cruz Computer Security Protection of Local Systems (short) 17 25

18 System in normal operation (Denning) the users (and their processes) are doing statistically routine work the users (and their processes) are doing work that comply with the security policy the users (and their processes) are not doing work that is known to violate the security policy System under intrusion there is a departure from any of the normal operation characteristics usually, there is attempted concealment of the abnormal operations given enough time, the intrusion traces are eliminated (if that is possible) J. Magalhães Cruz Computer Security Protection of Local Systems (short) 18 25

19 Means for attack detection: IDS, Intrusion Detection Systems According to Denning, an Intrusion Detection System: recognizes a great variety of intrusions recognizes intrusions in real time (or at least in time to be useful) presents the intrusions in a clear cut way is accurate in the recognition process Example of IDS: Snort open source network intrusion prevention and detection system developed by Sourcefire. URL: J. Magalhães Cruz Computer Security Protection of Local Systems (short) 19 25

20 Architecture of IDSystems agent director (coordinator) notifier Host1 agent subnet1 Host 2 notifier agent subnet2 Cntrl center director Host 3 agent Firewall agent Internet Enterprise LAN J. Magalhães Cruz Computer Security Protection of Local Systems (short) 20 25

21 Intrusion response Depends on the Intrusion detection: success level success rate Intrusion detection: success level intrusion still ongoing (good) in time detection, attack failure intrusion already finished (positive) detection timing failure: attack failure only if static defenses hold intrusion not detected (negative) detection failure, attack success J. Magalhães Cruz Computer Security Protection of Local Systems (short) 21 25

22 ...Intrusion response (cont.) Intrusion detection: success rate number of verified detections number of false alarms (false positives) detections of non occurring attacks number of failed detections (false negatives) many times unknown... Good IDSystem: Obviously, should have a high success level and rate! J. Magalhães Cruz Computer Security Protection of Local Systems (short) 22 25

23 Response to intrusions: phases of operation preparation system installation and configuration identification detection of apparent attack containment confinement of area of attack (in case of ongoing intrusion) eradication termination of attack (in case of ongoing intrusion) recovery system resetting in a secure state readjustment system reconfiguration for prevention of further similar attacks J. Magalhães Cruz Computer Security Protection of Local Systems (short) 23 25

24 Protection by attack recovery process not dependent on the use of detection means, but usually included in them see the previous topic Readjustment, last phase of Response to intrusions basically, consists of: resetting of the system in a secure state correcting the resources' permissions re enabling the control access' mechanisms rebuilding system's tables and files (backups are, here, essential) restarting the deactivated services, etc. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 24 25

25 Protection by field vulnerability evaluation Definitions vulnerability (or security flaw): specific failure of security controls exploitation: actual use of vulnerability to violate the system's security policy attacker: who attempts to exploit a vulnerability (eventually after identifying it) Detecting system's vulnerabilities Formal verification logic proof of degree of conformance of a system design (or of a real system) to requirements' specification stated by security policy Penetration testing authorized attempt to violate specific security controls usually has its leeway defined by specific goals and time constraints J. Magalhães Cruz Computer Security Protection of Local Systems (short) 25 25