7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security?

7.1 Introduction Security of Communications data transport e.g. risk of eavesdropping Security of End Systems data storage and manipulation e.g. risk of unauthorized use risk introduced/increased by network connectivity Security of the Communication Network data transport e.g. risk of unauthorized use

Security of Communications Confidentiality no eavesdropping no unauthorized access to information Encryption digital signature Data Integrity no unauthorized manipulation of information recipient receives data identical to what the originator sent Data authenticity originator cannot claim fake identity Guaranteed delivery of messages intruder cannot remove messages completely all of the above: with or without detection by originator or recipient

Security of End Systems Access to confidential data e.g. leaking of credit card account information Manipulation of data change or delete information Change of system manipulation of configuration e.g. authorization or account information unauthorized running of programs import of foreign (malicious) programs Denial of Service (DoS) attacks cause system overload cause system to hang or crash

Security of Communication Networks Unauthorized network usage use network without paying Modification of network configuration change of DNS entries change of routing information Denial of Service (DoS) attacks like end system attacks, directed to network elements DNS servers, routers, network management stations impact availability of network service access service packet delivery to selected destinations

Passive Attacks eavesdropping on transmissions to obtain information release of possibly sensitive/confidential message contents traffic analysis which h monitors frequency and length of messages to get info on senders difficult to detect t can be prevented using encryption

Active Attacks masquerade pretending to be a different entity replay modification of messages denial of service easy to detect detection may lead to deterrent hard to prevent focus on detection and recovery

Examples of Attacks Eavesdropping (Passive Attacks) data user identity traffic flows Denial of Service (Active Attacks) Spoofing (Passive Attacks) gain network access by taking on a trusted machine s address Physical compromise access to hard disk access to computer in stand-alone state access to communication line some switches and most operating systems allow capturing packet contents and copying to remote destinations Replay attack (Active Attacks) record communication and replay at a later time time stamps can limit reusable time Trojan horses / virus programs (Active Attacks)

7.2 Improving Security Data manipulation methods encryption digital signatures signature checking on configuration files and programs packet filtering, protocol filtering Physical methods physical access control backup strategy separation of networks, hosts without network connectivity Logistic methods auditing and log evaluation double passwords selection of operating personnel

7.2.1Confidentiality and Integrity Authentication use encrypted communication for authentication also Cryptography (Encryption) symmetric key cryptography asymmetric key cryptography hybrid trust center Digital Signature check integrity of data check identification of originator Steganography g

Encryption use keys to encrypt and decrypt a plain text message P Symmetric key methods ( Private Key methods) fast operation, suitable for mass data encryption one key needed for any pair of communication partners risk of key being revealed Example is DES

Public Key Encryption Asymmetric key methods ( Public Key methods) generate pairs of keys where one cannot (easily) be computed from the other use public key and secret key Trust Centre gives access to all public keys Hybrid method generate random key for symmetric encryption use public key method to transfer symmetric key following communication encrypted using symmetric key (more efficient)

Digital Signature Ensure message authentication The receiver needs to sure of the sender s identification. Message Integrity the data must arrive at the receiver exactly as they are sent. Non repudiation a receiver must be able to prove that a received message came from specific sender. Digital signature can provide authentication, g g p integrity and no repudiation for a message.

Digital Signature A can generate a signature from P using A s As secret key anyone can check the signature using A s public key for encryption + signature, sign with secret key (A) and encrypt with public key (B) only B can read the message

Stegonagraphy Information hiding instead of encryption hide texts e.g. in large inconspicuous audio or video files set the least significant bits of some pixels or audio samples according to the information to be hidden not as efficient as encryption not as obvious as encryption hard to find in a data stream hard to track even where encryption is illegall also used for digital signatures for copyright digital watermark

Location of Encryption Devices

Link Encryption each communication link equipped at both ends all traffic secure high level of security requires lots of encryption devices message must be decrypted at each switch to read address (virtual circuit number) security vulnerable at switches particularly on public switched network

End to End Encryption encryption done at ends of system data in encrypted form crosses network unaltered destination shares key with source to decrypt host can only encrypt user data otherwise switching nodes could not read header or route packet hence traffic pattern not secure solution is to use both link and end to end

7.2.2 System Security Protect systems by firewalls Intrusion Detection logging, auditing plus checking of logs alarm generation and notification automatic effect recognition, pattern recognition Authentication plus Authorization concept Restrict system administrator access ensure trackability of actions do not allow anonymous administrator access e.g. force use of tools like su or sudo Install security patches e.g. against buffer overflows State-of-the-Art the System Scanning

7.3 Internet Security Frameworks Definition of key formats Selection of algorithms Definition iti of protocols key exchange key management Different frameworks for Authentication security (login) Network Layer security Transport Layer security Application Layer security

7.3.2 Network Layer: IPsec IP Security extensions (IPSec) for IPv4/v6 developed in response to observed weaknesses to stop unauthorized traffic monitoring, secure user traffic with authentication ti ti & encryption example uses: secure branch office connectivity over Internet secure remote access over Internet extranet and intranet connectivity enhanced electronic commerce security can encrypt / authenticate ti t all traffic at IP level l Two modes Transport mode-ipsec in between payload and IP header Tunnel mode- IPsec in between old IP header and new IP header

IPsec Authentication Header (AH) authentication only service to detect manipulation signature of header and payload (hash function) Encapsulated Security Payload (ESP) combined authentication & encryption service generally used for virtual private networks

7.3.3 Transport Layer Security: SSL/TLS S Transparent layer between TCP and application Netscape: Secure Socket Layer IETF: Transport Layer Security Secure Sockets Layer (SSL) is a widely used set of general purpose security protocols use TCP to provide reliable end-to-end service Transport Layer Security (TLS) in RFC 2246 two implementation options incorporated in underlying protocol suite embedded in specific packages minor differences between SSLv3 and TLS Negotiation of encryption algorithm (e.g. RC2, RC4, DES, Triple-DES, IDEA) cryptographic hash function (e.g. SHA, MD5) key exchange protocol (e.g. RSA, Diffie-Hellman) signature method (e.g. RSA, DSA; only for authentication)

SSL Protocol Stack

7.3.4 Application Layer Security: PGP Encryption and signature for e-mails hybrid method: symmetric session key transmitted by public key encryption special problem: offline communication public keys mostly from Web of trust Web pages finger information business cards certify a key yourself or trust somebody to certify keys

7.4 Firewalls Secure a whole enterprise network Common point of trust reduces effort in securing many computers reduces risk of a misconfigured computer compromising i others security only one system to verify and observe only few services need to go across

Firewalls Functions Network Layer Access Control which hosts are allowed to communicate (inside + outside) User Level Access Control user authentification tifi ti Access Control Management Application Level Access Control limit applications and their functionality to a basic necessary level Isolation of internal services implementation errors in servers are less critical Logging, auditing and alarming Hide internal network structure Firewalls must resist attacks preferred targets

Firewall Design Rules as simple as possible easy to implement easy to understand implementation as little functionality as possible (per module) as little trust as possible (between modules) no trust in unprotected modules no trust in any WAN user consider attacks from both sides only provide minimum services block the rest protect firewall configuration restrict configuration access audit changes

Network and Application layer Functions Packet Filtering rules specify what to do with a packet on the basis of IP addresses (local and remote) and / or port numbers block access to unwanted servers and services locally compiled lists or lists from service providers actions: pass through / translate network address / translate port /drop Application Gateway restriction to basic functionality of application level protocols proxy server for http, ftp relay service for smtp, nntp Combination of both can increase security

Firewall Concepts : Simple Packet Filter

WiFi Protected Access WiFi Protected Access (WPA) extensions to address 802.11 security issues based on current 802.11i standard addresses authentication, key management, data transfer privacy uses authentication server and a more robust protocol encryption with AES or 104-bit RC4

WiFi Protected Access

802.11i Privacy & Integrity IEEE802 11i defines two schemes: IEEE802.11i defines two schemes: Temporal Key Integrity Protocol (TKIP) or WPA-1 Counter Mode CBC MAC (CCMP) or WPA-2 TKIP or WPA-1 s/w only changes to existing equipment using same RC4 algorithm as older WEP CCMP or WPA-2 using AES encryption both add message integrity code (MIC) generated using Michael algorithm

Absolute Security? Most, if not all methods have a residual error probability can be made arbitrarily small, but never zero Simple Examples chance of guessing a parity bit right is 0.5 good chance of manipulating an original text to fit a given 10 bit digital signature brute force attacks are always possible attacks that use little or no knowledge of the security mechanisms simply rely on probability e.g. (parallel and distributed) cracking of encryption keys try every possible key until you can decrypt the message try every possible password until you find one that matches the encrypted text