Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
Why is security crucial for the Internet? Internet = Network of networks Wide-spread use of the Internet for transportation of sensitive informations, e.g. Online Banking E-Commerce E-Government Problem: The Internet's roots were based on the academic world and the free exchange of information If at all, security was only a secondary design goal The basic Internet protocols suffer from severe security holes 2
Today's Agenda What is to be protected? Protection Goals Against what to protect? Threats and fundamental problems of the Internet How to protect? Firewalls Virtual Private Networks (VPN) Secure E-Mail Intrusion Detection 3
Basic Protection Goals Confidentiality information only known to entitled users. Integrity Data integrity information are correct, complete and up-to-date or that is recognizably not the case. Authenticity The quality or condition of being authentic, trustworthy, or genuine. Availability information are accessible where and when they are used by entitled users. 4
Security Threats against IP Networks Address Spoofing Attacking the authenticity, integrity and availability Attacker sends IP packets with forged source address Problem: no authentication of IP addresses Objective: impersonation, Denial-of-Service, avoid access control Sniffing Attacking the confidentiality Everyone within a subnet can listen to the whole network communications Routing attacks Attacking the confidentiality and availability Loose Source Routing to specify a packets route 5
Fundamental Security Problems in IP (or at least IPv4) Authentication based on IP addresses No protection of integrity No protection of confidentiality No protection against malicious attacks against availability IPv4 alone is by no means usable for security critical applications! 6
One goal, several defence lines Application layer Transport layer Network layer Proxies & Secure Apps Secure Programming, OS Security SSL/TLS IPSec, Packet Filter Link layer Physical layer The assumptions made imply the weakest link! 7
One goal, several ways of defence Prevention: Do not allow an attacker to succeed! E.g. confidentiality cannot be restored! Monitoring: Security is not a tool but a process! How good is your protection performing? Reaction: Recover from an attack Respond to an attack 8
Exemplary approaches for protecting your networks Prevention Firewalls Virtual Private Networks Secure Email Monitoring Intrusion Detection Systems 9
Firewall What is an Internet Firewall? Restricts people to entering at a carefully controlled point Restricts people to leaving at a carefully controlled point A firewall is a component or set of components that restricts access between a protected network and the Internet, or between other sets of networks. 10
Firewall What Can a Firewall Do? A firewall is a focus for security decisions A firewall can enforce security policy A firewall can log Internet activity A firewall limits your exposure What a Firewall Can t Do: A firewall can't protect against malicious insiders A firewall can't protect against connections that don't go through it A firewall can't protect against completely new threats A firewall can't protect against viruses 11
Some Firewall Definitions Bastion host A computer system that must be highly secured because it is exposed to the Internet and thus, it is vulnerable to attack. Dual-homed host A general-purpose computer system that has at least two network interfaces (or homes) Perimeter network A network added between a protected network and an external network, in order to provide an additional layer of security. A perimeter network is sometimes called a DMZ, which stands for De-Militarized Zone. Packet filtering The action a device takes to selectively control the flow of data to and from a network. Packet filters allow or block packets, usually while routing them from one network to another (most often from the Internet to an internal network, and vice versa). Proxy server A program that deals with external servers on behalf of internal clients. 12
Packet Filtering Filtering is based on IP header information Pros and Cons: Cheap and easy Authenticity and Integrity of IP header Stateless filtering versus dynamically assigned port numbers (FTP, H.323,...) Severe performance issues of dynamic filtering 13
Proxy Services Also known as Application-Level Gateways Control application-level data flows Pros and Cons: Intrusion Detection using stateful inspection Accounting Performance issues Dedicated proxy for each service 14
Firewall Architectures Dual-Homed Host Isolating network segments (no routing/forwarding) Based on Bastion host (Proxy + packet filter) Scalability issues and single-pointof-failure Screened Host Bastion host connected to the internal network Additional packet filter (critical component) Circumvent proxy for specific applications more flexibility (but also more risks) 15
Firewall Architectures (continued) Screened Subnet Today's state of the art Additional net segment for exposed systems isolated from both, internal and external network Hides internal network structure from external view Circumvent proxy for specific applications but do not allow access to interior from exterior network Good balance between flexibility and security 16
Problems with Firewalls Complexity Expert knowledge necessary for the definition of security policies, configuration and administration Open standard ports, e.g. 80 increasing dissemination of web services Tunnelling Mobile devices Multimedia applications 17
Virtual Private Networks (VPNs) Network infrastructure to transparently connect private networks over a public transportation network like the Internet 18
VPN Characteristics Interconnection of (physically) secured private networks using tunnelling techniques Company headquarters and branch office Business partners Mobile worker Telecommuter Extends geographic connectivity Connection completely transparent for the end-user Appears to be a separate physical network, but is not VPN maintains addressing and routing VPN has to enforce local security restrictions Reduce operational costs versus traditional WAN and RAS Show a good economy of scale 19
Types of VPNs Site-to-Site Connecting two local networks VPN-Gateway (aka concentrator) Site-to-End Connecting single host with local network VPN Client Software connecting to a VPN-Gateway Also used to secure WLAN Secure VPNs use cryptographic protocols to provide confidentiality, authentication, and message integrity e.g. L2TP, PPTP, IPSec, SSL Trusted VPNs do not use cryptographic tunnelling rely on the security of a single provider's network to protect the traffic. e.g. BGP/MPLS VPN [RFC 2547bis] 20
BGP/MPLS VPN Network Components Customer Edge (CE) device Provides customer access to the service provider network over a data link to one or more PE routers Provider Edge (PE) device Exchanges routing information with CE routers using static routing, RIP, OSPF or EBGP Provider (P) device Any router in the provider's network that does not attach to CE devices 21
Secure VPNs 22
Secure Email Public key encryption and signatures -> confidentiality & non-repudiation Certificates to verify a key s authenticity Secure / Multipurpose Internet Mail Extensions (S/MIME) X.509 Hierarchical public key infrastructure Certificates issued by certification authorities (CA) OpenPGP (Pretty Good Privacy) Distributed public key infrastructure Certificates within web of trust 23
Intrusion Detection Systems Used to monitor (networked) systems Check so-called audit data for indications of an attack Classification based on audit source: Host IDS: locally generated data by applications & operating system e.g. log files, system calls,... Network IDS: analysis of on-going network traffic e.g. network protocol analysis Classification based on analysis approach: Anomaly-based: deviation from normal use Misuse-based: detection of known attack patterns 24
General IDS Architecture Monitored System Audit data Agent Reconfiguration Event Director Alarm Intrusion Detection System Notifier Notification Configuration User Concrete system architecture can be either centralised or distributed. 25
Conclusion Common IPv4 without any amendments is known to be vulnerable. Security is essential for the proliferation of Internet services. Security must be considered when designing new services. Security is not a product but a process! Different stakeholders may have different security requirements multilateral security 26