Network Security Engineering: Introduction Carlo U. Nicola, SGI FHNW With extracts from publications of : Ross J. Anderson, University of Cambridge William Stallings, David A. Wheeler. and from the book of : Jim Kurose, Keith Ross: Computer Networking: A Top Down Approach, 5th edition. Addison-Wesley, 2009.
Network Security engineering s goals i. Confidentiality: The computing system s assets are accessible only by authorised parties ii. Integrity: The assets can only be modified by authorised parties in authorised ways.. iii. User identification/authentication: Ensure the identity of users; Protect the source of information (sender). iv. Access control (Authorisation) : Control the access to information/resources. v. Non repudiation: Protect from deniability. vi. Availability: Ensure info delivery to authorised parties. NS HS13 2
Security is a war on many fronts Personnel: Access Tokens (RSA), Biometrics Physical: Integrated access control Managerial: Security Education Data Networking: Encryption, Configuration control S/W & O/S: Testing, Evaluation, Certification H/W: Tempest protection, Tamper-proof, Encryption Security is not a tax on the IT budget NS HS13 3
Security is a (political) process (NSA) STATEMENT FOR THE RECORD BY LIEUTENANT GENERAL MICHAEL V. HAYDEN, USAF DIRECTOR, NATIONAL SECURITY AGENCY/ CHIEF, CENTRAL SECURITY SERVICE BEFORE THE JOINT INQUIRY OF THE SENATE SELECT COMMITTEE ON INTELLIGENCE AND THE HOUSE PERMANENT SELECT COMMITTEE ON INTELLIGENCE 17 OCTOBER 2002 NS HS13 4
Security is a process (NSA) 38.When I spoke with our workforce shortly after the September 11th attacks, I told them that free people always had to decide where to draw the line between their liberty and their security, and I noted that the attacks would almost certainly push us as a nation more toward security. I then gave the NSA workforce a challenge: We were going to keep America free by making Americans feel safe again. 39.Let me close by telling you what I hope to get out of the national dialogue that these committees are fostering. I am not really helped by being reminded that I need more Arabic linguists or by someone secondguessing an obscure intercept sitting in our files that may make more sense today than it did two years ago. What I really need you to do is to talk to your constituents and find out where the American people want that line between security and liberty to be. NS HS13 5
The answer of te USA politicians AS HS13 6
Security threats Various surveys show following distribution (apart from NSA) in security threats: 1. 55% human error 2. 10% disgruntled employees 3. 10% dishonest employees 4. 15% outsider access 5. Rest "acts of God" (fire, flood etc.) AS HS13 7
Human error (1) NS HS13 8
Small probabilities means NS HS13 9
Security attacks Interception of information-traffic flow: attacks confidentiality. Interruption of service: attacks availability (DoS). Modification of information: attacks integrity. Fabrication of information: attacks authentication. Exploit of security holes in web applications: all of the above. NS HS13 10
Sophistication s level of security threats For more information see Chap. 10 of Anderson s book. Always remember: (a) Dumb and malicious people are the major security risks. (b) High-tech scenarios are not very probable ( Ocean s eleven ). (c) Clever, unexpected use of low-tech tools is the major threat (D.B. Cooper 1971; UnaBomber; Twin Towers attack of Sept. 11, 2001). (d) Theft of Cellini s saliera in Vienna (May, 12 th 2003), theft of Der Schrei of Edvard Munch in Oslo (August, 21 st 2004) NS HS13 11
Internet users per 100 inhabitants in 2007 NS HS13 12
New Technology new Threats November, 2 nd 1988: 6,000 of ca. 60,000 Internet's nodes are attacked by a malicious program that massively overloads the systems' CPUs. Consequences:! System's administrators disconnect their networks from the Internet.! Two weeks go by until all nodes are re-established. Author: Robert Tappan Morris, a 25 years old Ph.D. student of the Cornell University. We will later on analyze the Morris worm. NS HS13 13
Trend in Security in 21. century The more sophisticated is the security the more brutal and unsophisticated the attack. Internet cyber crime is a reality and it is more profitable and unfortunately less dangerous (for the criminals themselves) than selling cocaine. NS HS13 14
Network Security The field of network security is about: how bad guys can attack computer networks how we can defend networks against attacks how to design architectures that are immune to attacks Internet was not originally designed with (much) security in mind original vision: a group of mutually trusting users attached to a transparent network Internet protocol designers playing catch-up Security considerations in all layers! NS HS13 15
Bad guys (NSA) can put malware into hosts via Internet Malware can get in host from a virus, worm, or trojan horse. Spyware malware can record keystrokes, web sites visited, upload info to collection site. Infected host can be enrolled in a botnet, used for spam and DDoS attacks. Malware is often self-replicating: from an infected host, seeks entry into other hosts NS HS13 16
Bad guys (NSA) can put malware into hosts via Internet Trojan horse! Hidden part of some otherwise useful software! Today often on a Web page (Active-X, plugin) Virus/Phishing! infection by receiving object (e.g., e-mail attachment), actively executing! self-replicating: propagate itself to other hosts, users Worm:! infection by passively receiving object that gets itself executed! self- replicating: propagates to other hosts, users Sapphire Worm: aggregate scans/sec in first 5 minutes of outbreak (CAIDA, UWisc data) Bad guys can put malware into hosts via Internet NS HS13 17
Bad guys (NSA) can attack servers and network infrastructure Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resources with bogus traffic. 1. Select target 2. Break into hosts around the network (see botnet) 3. Send packets toward target from compromised hosts target NS HS13 18
The bad guys (NSA) can sniff packets Packet sniffing: broadcast media (shared Ethernet, wireless) promiscuous network interface reads/records all packets (e.g., including passwords!) passing by A C src:b dest:a payload B The Wireshark software we use in the lab is a (free) packet-sniffer NS HS13 19
The bad guys (NSA) can falsify packets IP spoofing: send packet with false source address A C src:b dest:a payload B NS HS13 20
The bad guys (NSA) can record and playback Record-and-playback: sniff sensitive info (e.g., password), and use it later:! password holder is that user from system point of view A C src:b dest:a user: B; password: foo B NS HS13 21
General Model for Network Security Sources of security holes NS HS13 22
General Model of Network Access Security NS HS13 23