Network Security - University of Engineering and Technology
Download
Report
Transcript Network Security - University of Engineering and Technology
Network Security
Professor
Dr. Adeel Akram
Introduction to Network Security
Course Topics
►
Security basics:
services: integrity,
availability, Authentication,
etc., Basics of Cryptography
attacks: interruption,
modification
►
Vulnerabilities and Counter
Measures
Viruses, worms, Trojan
horses, backdoors,
unused services
►
Exploits
Buffer Overflow, port
scanning, NESSUS and
related tools, incident
handling and recovery
►
Applications of Security
System security, intrusion
detection, remote
authorization tools.
Secure (commerce)
Transactions over a network
slide 3
Course Outline: Basic topics
►
Security basics:
Services integrity and availability, Authentication, etc.
Attacks, Interruption, modification
►
Vulnerabilities and Counter Measures
Viruses, worms, Trojan horses, backdoors
►
Applications of Security
System security, intrusion detection, remote authorization tools.
Secure (commerce) Transactions over a network
►
Bio Authentication
Types of Bio Authentication, Finger Prints, Retina Scans, Voice, DNA
Algorithms for Bio Authentication
►
Cryptography:
Symmetric Cryptography, block ciphers, public-key cryptography, number
theory, hash functions, key exchange
slide 4
Course Outline: Network Security
Architecture
Physical and link layer
Network layer
Transport layer
Application layer: DNS, RPC, NFS
Application layer: Routing
Wireless networks
More secure protocols: DNSSEC, IPSEC, IPv6
slide 5
Course Objectives
Introduction to concepts in
► Computer and Network Security:
To understand vulnerabilities, threats, and counter
measures present in computer and network systems.
► Bio
Authentication:
To understand different types of human characteristics
and algorithms that are used for authentication
► Internet
and Web Security:
To understand TCP/IP and DNS security and have some
practical experience in attacking and defending
networked systems
slide 6
Course Objectives
►Cryptography:
To understand the formal tools available
for securing data and services
Understand fundamental algorithms in cryptology, risks
and vulnerabilities of networked systems and network
security, use existing protocols for network security to
develop secure systems.
slide 7
Text Books
► Network
Security, Private
Communication in a Public
World, 2/E by C. Kaufman, R.
Perlman, M. Speciner, Phi
Learning (2009)
►
►
Most of the topics from this book will
be followed during this course.
All relevant material will be provided
as notes or as part of the class
slides.
slide 8
Text Books
► Cryptography
and Network
Security, by William Stallings,
Prentice Hall, 4th Edition, 2006
►
►
Few topics from this book will be
followed during this course.
All relevant material will be provided
as notes or as part of the class
slides.
slide 9
Text Books
► Network
Security Essentials,
by William Stallings, Prentice
Hall, 2nd Edition, 2003
►
►
Few topics from this book will be
followed during this course.
All relevant material will be provided
as notes or as part of the class
slides.
slide 10
Other Books
► Ross
Anderson’s “Security Engineering”
Focuses on design principles for secure systems
Examples of banking, nuclear command and
control, burglar alarms
► “The
Shellcoder’s Handbook”
Practical how-to manual for hacking attacks
Not a required text, but will be extremely useful
for the practical implementation of buffer
overflow attacks
slide 11
Occasional Assigned Reading
► Kevin
Mitnick’s “The Art of Intrusion”
Real-world hacking stories
Good illustration for many concepts in this
course
► Start
reading “Smashing the Stack For Fun
and Profit” by Aleph One (from Phrack
hacker magazine)
Understanding it will provide essential
knowledge for exploiting and protecting OS
stack vulnerabilities
slide 12
Main Themes of the Course
► Vulnerabilities
of networked applications
Worms, denial of service attacks, malicious code
arriving from the network, attacks on
infrastructure
► Defense
technologies
Protection of information in transit:
cryptography, application- and transport-layer
security protocols
Protection of networked applications: firewalls
and intrusion detection
slide 13
Main Themes of the Course
► Study
a few deployed systems in detail:
from design principles to gory
implementation details
Kerberos, SSL/TLS, IPsec
slide 14
What This Course is Not About
► Not
a comprehensive course on computer
security
► Not a course on ethical, legal or economic
issues
No file sharing, DMCA, free speech issues
► Only
brief overview of cryptography
slide 15
What This Course is Not About
► Only
some issues in systems security
No access control, OS security, language-based
security
Very little about secure hardware
Will cover buffer overflow: #1 cause of remote
penetration attacks
slide 16
Syllabus (1): Security Mechanisms
► Basics
of cryptography
Symmetric and public-key encryption,
certificates, cryptographic hash functions,
pseudo-random generators
► Authentication
and key establishment
Case study: Kerberos
► IP
security
Case study: IPsec protocol suite
► Web
security
slide 17
Case study: SSL/TLS (Transport Layer Security)
Syllabus (2): Attacks and Defenses
► Buffer
overflow attacks
► Network attacks
Distributed denial of service
Worms and viruses
Attacks on routing and DNS infrastructure
► Defense
tools
Firewalls and intrusion detection systems
► Wireless
security
► Spam and phishing
slide 18
Peek at the Dark Side
The only reason we will be
learning about attack techniques
is to build better defenses
Don’t even think about using
this knowledge to attack anyone
slide 19
Motivation
https://
slide 20
Excerpt From “General Terms of Use”
YOU ACKNOWLEDGE THAT NEITHER WELLS
FARGO, ITS AFFILIATES NOR ANY OF THEIR
RESPECTIVE EMPLOYEES, AGENTS, THIRD
PARTY CONTENT PROVIDERS OR LICENSORS
WARRANT THAT THE SERVICES OR THE SITE
WILL BE UNINTERRUPTED OR ERROR FREE;
NOR DO THEY MAKE ANY WARRANTY AS TO
THE RESULTS THAT MAY BE OBTAINED FROM
USE OF THE SERVICES OR THE SITE, OR AS
TO THE TIMELINESS, SEQUENCE, ACCURACY,
RELIABILITY, COMPLETENESS OR CONTENT OF
ANY INFORMATION, SERVICE, OR
MERCHANDISE PROVIDED THROUGH THE
SERVICES AND THE SITE.
slide 21
“Privacy and Security”
“As a Wells Fargo customer, your privacy
and security always come first.”
Privacy policy for individuals
Online privacy policy
Our commitment to online security
Online and computer security tips
How we protect you
General terms of use
slide 22
What Do You Think?
What do you think should be included in
“privacy and security” for an e-commerce
website?
?
slide 24
Desirable Security Properties
► Authenticity
► Confidentiality
► Integrity
► Availability
► Accountability
and non-repudiation
► Freshness
► Access
control
► Privacy of collected information
► Integrity of routing and DNS infrastructure
slide 25
What Drives the Attackers?
► Put
up a fake financial website, collect users’
logins and passwords, empty out their accounts
► Insert a hidden program into unsuspecting
users’ computers, use them to spread spam
► Subvert copy protection, gain access to music
and video files
► Stage denial of service attacks on websites,
extort money
► Wreak havoc, achieve fame and glory in the
blackhat community
slide 26
Network Stack
Phishing attacks, usability
people
email, Web, NFS
application
session
transport
network
data link
physical
Sendmail, FTP, NFS bugs, chosenprotocol and version-rollback attacks
RPC
RPC worms, portmapper exploits
TCP
SYN flooding, RIP attacks,
sequence number prediction
IP
802.11
IP smurfing and other
address spoofing attacks
WEP attacks
RF
RF fingerprinting, DoS
Only as secure as the single weakest layer…
… or interconnection between the layers
slide 27
Network Defenses
People
End users
Password managers,
company policies…
Implementations
Firewalls, intrusion
detection…
Blueprints
Protocols and policies
TLS, IPsec, access
control…
Building
blocks
Cryptographic primitives
RSA, DSS, SHA-1…
Systems
slide 28
… all defense mechanisms must work correctly and securely
Correctness versus Security
► System
correctness:
system satisfies specification
For reasonable input, get reasonable output
► System
security:
system properties preserved in face of attack
For unreasonable input, output not completely disastrous
► Main
difference: active interference from adversary
► Modular design may increase vulnerability …
► … but also increases security (small TCB)
slide 29
Bad News
► Security
often not a primary consideration
Performance and usability take precedence
► Feature-rich
systems may be poorly understood
► Implementations are buggy
Buffer overflows are the “vulnerability of the decade”
Cross-site scripting and other Web attacks
► Networks
are more open and accessible than ever
Increased exposure, easier to cover tracks
► Many
attacks are not even technical in nature
Phishing, impersonation, etc.
slide 30
Better News
► There
are a lot of defense mechanisms
We’ll study some, but by no means all, in this course
► It’s
important to understand their limitations
“If you think cryptography will solve your problem,
then you don’t understand cryptography… and you
don’t understand your problem” -- Bruce Schneier
Many security holes are based on misunderstanding
► Security
awareness and user “buy-in” help
► Other important factors: usability and economics
slide 31
Reading Assignment
► Review
Kaufman, section 1.5
Primer on networking
► Start
reading buffer overflow materials on
the course website (CMS)
“Smashing the Stack for Fun and Profit”
► http://web.uettaxila.edu.pk/CMS/AUT2010/teNSbs
slide 32
Why study computer security?
►
►
►
►
►
(1) Computer security is fundamental to individual privacy.
Many of us keep personal data on our accounts: emails,
bookmarks, coursework.
Many of us use the network to send personal data or
retrieve personal data.
Many remote computers keep personal data for us:
financial data and accounts, medical history.
We want to protect these resources.
slide 33
Why study computer security?
►
►
►
►
(2) Our society is increasingly reliant on the proper operation of
networked computer systems, and integrity of their data.
Financial and commercial operations, medical operations,
meteorological, government, social welfare, and so one. (not to
mention the Internet itself.)
The protection of these systems is as vital as our dependence on the
services they provide.
An understanding to their limitations is vital.
Exploited systems have resulted in people’s deaths. (Unavailable
forecasts have caused a ship at sea to be lost.)
slide 34
What is cryptology?
► Greek:
“krypto” = hide
► Cryptology – science of hiding
= cryptography + cryptanalysis + steganography
► Cryptography
– secret writing
► Cryptanalysis – analyzing (breaking) secrets
Cryptanalysis is what attacker does
Decipher or Decryption is what legitimate receiver does
slide 35
Steganography
► “Covered”
messages
► Technical Steganography
Invisible ink, shaved heads, microdots
► Linguistic
Steganography
“Open code” – secret message appears innocent
► “East
wind rain” = war with USA
Hide message in low-order bits in GIF
slide 36
Cryptology and Security
Cryptology is a branch of mathematics.
Security is about people.
slide 37
Terminology
Insecure Channel
Plaintext
Alice
Encrypt
Ciphertext
C = E(P)
Eve
P = D(C)
E must be invertible
Decrypt
Plaintext
Bob
slide 38
Cryptography
► Always
involves 2 things:
Transformation
Secret
slide 39
Alice and Bob
Plaintext
Encrypt
Ciphertext
KE
Encryption Key
Alice
Decrypt
Plaintext
KD
Decryption Key
C = E(KE, P) = EKE (P)
P = D(KD, C) = DKD (C)
If KE = KD it is symmetric encryption
If KE KD it is asymmetric encryption
Bob
slide 40
Substitution Cipher
►C
= EK(p)
Ci = K[pi]
► Key is alphabet mapping:
a J, b L, ...
► Suppose
attacker knows algorithm but not key,
how many keys to try?
26!
If every person on earth tried one per second, it would
take 5B years.
slide 41
Monoalphabetic Cipher
“XBW HGQW XS ACFPSUWG FWPGWXF
CF AWWKZV CDQGJCDWA CD BHYJD
DJXHGW; WUWD XBW ZWJFX PHGCSHF
YCDA CF GSHFWA LV XBW KGSYCFW
SI FBJGCDQ RDSOZWAQW OCXBBWZA
IGSY SXBWGF.”
slide 42
Frequency Analysis
“XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA
CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF
GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW
OCXBBWZA IGSY SXBWGF.”
W: 20
C: 11
F: 11
G: 11
“Normal” English:
e
12%
t
9%
a
8%
slide 43
Pattern Analysis
“XBe HGQe XS ACFPSUeG FePGeXF CF AeeKZV CDQGJCDeA
CD BHYJD DJXHGe; eUeD XBe ZeJFX PHGCSHF YCDA CF
GSHFeA LV XBe KGSYCFe SI FBJGCDQ RDSOZeAQe
OCXBBeZA IGSY SXBeGF.”
XBe = “the”
Most common trigrams in English:
the = 6.4%
and = 3.4%
slide 44
Guessing
“the HGQe tS ACFPSUeG FePGetF CF
AeeKZV CDQGJCDeA CD hHYJD DJtHGe;
eUeD the ZeJFt PHGCSHF YCDA CF
GSHFeA LV the KGSYCFe SI FhJGCDQ
RDSOZeAQe OCthheZA IGSY StheGF.”
S = “o”
slide 45
Guessing
“the HGQe to ACFPoUeG FePGetF CF
AeeKZV CDQGJCDeA CD hHYJD DJtHGe;
eUeD the ZeJFt PHGCoHF YCDA CF
GoHFeA LV the KGoYCFe oI FhJGCDQ
RDoOZeAQe OCthheZA IGoY otheGF.”
otheGF = “others”
slide 46
Guessing
“the HrQe to ACsPoUer sePrets Cs
AeeKZV CDQrJCDeA CD hHYJD DJtHre;
eUeD the ZeJst PHrCoHs YCDA Cs
roHseA LV the KroYCse oI shJrCDQ
RDoOZeAQe OCthheZA IroY others.”
“sePrets” = “secrets”
slide 47
Guessing
“the HrQe to ACscoUer secrets Cs
AeeKZV CDQrJCDeA CD hHYJD DJtHre;
eUeD the ZeJst cHrCoHs YCDA Cs
roHseA LV the KroYCse oI shJrCDQ
RDoOZeAQe OCthheZA IroY others.”
“ACscoUer” = “discover”
slide 48
Guessing
“the HrQe to discover secrets is
deeKZV iDQrJiDed iD hHYJD DJtHre;
eveD the ZeJst cHrioHs YiDd is
roHsed LV the KroYise oI shJriDQ
RDoOZedQe OithheZd IroY others.”
slide 49
Monoalphabetic Cipher
“The urge to discover secrets is deeply
ingrained in human nature; even the least
curious mind is roused by the promise of
sharing knowledge withheld from others.”
- John Chadwick,
The Decipherment of Linear B
slide 50
Why was it so easy?
► Doesn’t
hide statistical properties of plaintext
► Doesn’t hide Higher statistics, i.e. relationships
in plaintext (EE cannot match dg)
► English (and all natural languages) are very
redundant
►
Compress English with zip – about 1:6
slide 51
How to make it harder?
► Hide
statistical properties:
Encrypt “e” with 12 different symbols, “t”
with 9 different symbols, etc.
Add nulls, remove spaces
► Polyalphabetic
cipher
Use different substitutions
► Transposition
Scramble order of letters
slide 52
Network Security
► Most
Computers require some kind of
information sharing.
► Common mode of information sharing with
other computers vary from Sneaker Nets to
High Speed Networks.
► In order to secure individual computers,
Network Security is the essential part.
slide 53
Network Layer Vulnerabilities
►We'll
discuss IPv4, although other protocols can be used at this level
►IP features
Network addresses
IP spoofing
Fragmentation
►IP
Components:
ICMP
►Transport
layer components dependent on IP:
UDP
TCP
slide 54
IP Addresses
►Format
"A.B.C.D" where each letter is a byte
►Class A network : A.0.0.0
Zeroes are used to indicate that any number could be in that position
►Class
B network: A.B.0.0
►Class C network: A.B.C.0
►Broadcast addresses:
255.255.255.255
A.B.C.255
►Special
case
0.0.0.0 and A.B.C.0 can be either treated as a broadcast or discarded
slide 55
Other IP Addresses
► Multicast
(class D)
224.0.0.0 to 239.255.255.255
► Class
E (experimental, reserved, i.e., wasted)
240.0.0.0 to 254.255.255.255
slide 56
Junctions
►Router
(gateway)
Works at the network layer (e.g., IP)
Joins subnets
Tries to send packets on the best route
► Performs
routing
►Firewall
Packet filter that enforces policies (through its filtering)
► Can
be transparent and non-addressable
A firewall is not necessarily used as a router (might have only two
interfaces), but it may
A router is not necessarily a firewall
Some configurations have firewalls behind routers
slide 57
Special Networks
►Private
non-routable networks
192.168.0.0
172.16.0.0
10.0.0.0
►Loopback
network
127.0.0.0
Typically only 127.0.0.1 is used
slide 58
CIDR Addresses
►Classless
Inter-Domain Routing
Classes A, B, C too rigid
Add flexibility on a bit level instead of byte level
►W.X.Y.Z/B
B is the number of bits that constitute the network
address
/8 is class A
/16 is class B
/24 is class C
slide 59
IP Packet
►Source
IP
►Destination IP
►Checksum
slide 60
IP Spoofing
►Any
station can send packets pretending to be from any IP address
►Replies will be routed to the appropriate subnet
Route asymmetry
So, attacker might not get replies if spoofing a host on a different subnet
► For
some attacks this is not important
►Analogy
Nothing prevents you from physically mailing a letter with an invalid return address, or
someone else’s, or your own.
Likewise, packets can be inserted in the network with invalid or other IP addresses.
slide 61
IP Spoofing with Amplification
►Use
broadcasts pretending to originate from victim
►All replies go back to victim
►This may use any IP protocol (ICMP, TCP, UDP)
Any application or service that replies using these protocols
Famous attack: Smurf (using ICMP) DoS
►CERT®
Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks
►Many others
►Smurf Amplifier Registry: http://www.powertech.no/smurf/
slide 62
ICMP
►Internet
Control Message Protocol (IP management)
►Error handling and debugging protocol
►Not authenticated!
►Encapsulated inside an IP header
►Message types:
40 assigned
255 possible
about two dozen in use
►References:
Network Intrusion Detection,
http://www.iana.org/assignments/icmp-parameters
slide 63
Basic ICMP Message Types
►0
Echo Reply
►3 Destination Unreachable
►4 Source Quench
►5 Redirect
►8 Echo
►11 Time Exceeded
►12 Parameter Problem
►13 Timestamp
►14 Timestamp Reply
►15 Information Request
►16 Information Reply
slide 64
ICMP Echo
►a.k.a.
Ping
►Destination replies (using the "source IP" of the original message) with "echo reply"
►Data received in the echo message must be returned in the echo reply
►How can this be abused?
slide 65
Scans and Recon
►If
an attacker wants to map your network, the trivial way is
to ping all the IP addresses in your network...
►Therefore, if you allow pings, your network is exposed.
slide 66
Smurf Attack
►Ping
a broadcast address, with the (spoofed) IP of a victim as source
address
►All hosts on the network respond to the victim
►The victim is overwhelmed
►Keys: Amplification and IP spoofing
►Protocol vulnerability; implementation can be “patched” by violating the
protocol specification, to ignore pings to broadcast addresses
►ICMP echo just used for convenience
All ICMP messages can be abused this way
"Fraggle" is the equivalent, using UDP instead of ICMP
slide 67
Other Ping Abuse
►Tribe,
a.k.a. The "Tribe Flood Network" distributed denial of
service attack tool
►Use ICMP echo request and reply as a secret
communication channel to issue commands to infected
computers
Attackers reversed the normal usage of reply and request messages
►Reply
messages used to issue commands and bypass firewalls
►http://staff.washington.edu/dittrich/misc/tfn.analysis
slide 68
Why Do You Need Pings?
►To
troubleshoot when something doesn’t work
►=> if everything works then you don’t need pings,
especially pings from outside your network...
►CAN-1999-0523 (under review)
ICMP echo (ping) is allowed from arbitrary hosts.
slide 69
About These Slides
►
You are free to copy, distribute, display, and perform the work; and to
make derivative works, under the following conditions.
You must give the original author and other contributors credit
The work will be used for personal or non-commercial educational uses
only, and not for commercial activities and purposes
For any reuse or distribution, you must make clear to others the terms of
use for this work
Derivative works must retain and be subject to the same conditions, and
contain a note identifying the new contributor(s) and date of modification
► Thanks
to the support of Symantec Corporation
slide 70
Questions
???????????????
???????????????
????
[email protected]