Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis

Chapter 15Network Security

Information Technology in Theory

By Pelin Aksoy and Laura DeNardis

2

Objectives

• Understand the main types of network security threats, including denial-of-service attacks, viruses, worms, identity theft, and password theft

• Examine why critical infrastructure attacks are a concern in the current economic and political context

• Understand how to significantly reduce the risk of attacks through basic security approaches like firewalls, access control software, and encryption


3

Objectives (continued)

• Distinguish between packet filtering and stateful inspection and application proxy firewall approaches

• Learn about public key cryptography

• Become familiar with advanced security techniques such as digital signatures and biometric identification


4

Understanding the Threats

• Morris Worm– The first highly publicized network security

problem

– 1988

• Network security breaches are still a daily occurrence

• The annual costs of preventing attacks and implementing reparative security measures is massive


5

CERT

• Respond to problems• Report incidents• Research security technologies• Educate users about security• Homeland security• International CERTs


6

Who is a threat?

• Hackers• Spammers• Rogue employees• Corporate or national spies• Cyberterrorists


7

Cyberterrorism• A terrorist attack could employ a variety of tactics to

disrupt or disable networks for hours, days, or even weeks– Financial systems

– Airline reservation systems

– Stock market networks

– ATMs

– Power grid

– Water systems

– Air traffic control


8

Types of Attacks

• Viruses and worms• Denial-of-service attacks• Identity and password theft• Data interception and modification• Bandwidth piracy• Critical infrastructure attacks


9

Viruses

• Like biological viruses spread among people, computer viruses propagate from computer to computer

• A virus is malicious code embedded within a seemingly legitimate program that only becomes active when the program is executed

• For example, a file attached to an e-mail may actually be a virus that executes when the file downloads or the user double-clicks the link


10

Worms

• Self-propagating and self-replicating• Autonomous—once unleashed, replicate without

any action on the part of users• Exploit existing vulnerabilities, or security holes• Modify files, launch coordinated attacks that flood

a target computer with messages, or simply overwhelm a network with debilitating amounts of traffic


11

Social Engineering

• Hoax viruses use social engineering techniques to make users take some action that simulates the actual effects of a virus

• For example, virus hoaxes warn users that opening any message with a certain phrase in the title would erase the users’ hard drives

• The effect of a hoax is thousands and thousands of users forwarding the e-mail warning, similar to the effects of a real worm


12

Denial-of-Service Attack

• Floods a targeted computer with so many requests that it cripples functionality

• Easy to perpetrate and hard to prevent • If a Web site receives too many requests, it will

not be available for other users who want access • Consumes bandwidth and system resources• Does not require a hacker to gain unauthorized

access, but simply overwhelms a system with requests


13

Distributed Denial-of-Service Attack


14

Identity and Password Theft

• Hacker technique of assuming the identity of an authorized network user, often by obtaining a network or system password

• Hackers obtain passwords in a variety of ways:– Trash cans, snooping– Solicit from help desk– Software tools


15

Password Interception


16

Data Interception & Modification

• Wire-based systems that use fiber-optic, coaxial, or twisted pair cable are susceptible to such attacks

• Wireless networks are especially vulnerable • The act of accessing unsecured wireless LAN

transmissions is known as Wi-Fi sniffing


17

Data Interception

Unencrypted wireless transmission is a security problem


18

Bandwidth Piracy

• Hackers use Wi-Fi sniffing equipment to intercept information and to gain free access to the Internet through wireless LANs and other unsecured networks

• Because wireless access points are so easy and inexpensive to establish, people set them up outside the purview of technical administrators

• These ad hoc arrangements are known as rogue access points


19

Critical Infrastructure Attacks

• The Internet’s DNS• Power grids• Telecommunications systems• Cell phone networks• Internet infrastructure• Stock market networks• ATM networks


20

Network Security Strategies

• Privacy• Access control• Authentication


21

Privacy

• The most effective method of protecting the privacy of network information is encryption– The scrambling of data prior to transmission

over a shared or vulnerable network• One benefit of digital technology is the ease and

effectiveness of applying encryption algorithms that scramble 0s and 1s, as opposed to scrambling frequencies in analog transmissions


22

Encryption

• To encrypt data, a transmitting computer mathematically manipulates data according to a predetermined algorithm called a cipher

• If someone accesses this encrypted data during transmission, the message will be unreadable

• Once the data reaches its destination, a receiving computer can unscramble it; in other words, the computer can decrypt the data


23

Simplified Encryption Example


24

Public Key Encryption


25

Generating an Encrypted Message


26

Access Control

• Physical security• Passwords• Firewalls


27

Firewall

• An access control device • Installed between a secure private network and a

nonsecure public network to regulate access to and from the private network

• Can be implemented in hardware or software • Users can configure access control requirements

that must be met before the firewall will permit access to a network or system


28

Function of a Network Firewall


29

Typical Firewall Implemenation


30

Packet Filtering

• One way that firewalls can restrict access is through packet inspection

• Intercepts packets and inspects header contents, including the source IP address, destination IP address, source port, and destination port

• The firewall then either permits or blocks the packet from entering the network

• One downside: firewall must inspect every packet that traverses it


31

Stateful Packet Filtering

• A more intelligent form of packet filtering that notes when an incoming response is expected after an outgoing request is made

• The stateful packet filtering firewall knows to expect traffic transmitted from a certain IP address or port, and can allow this traffic to go through

• If an unexpected packet arrives and indicates that it is a response to an outgoing solicitation, the firewall knows to block this traffic if no such state exists


32

Network Address Translation

• Firewall converts the IP address of every outgoing packet into a shared IP address before the traffic is sent over a network

• Prevents bidirectional transmission – Only connections that are initiated on a local,

private network are established – Any communication that originates on a public

network is stopped by the NAT firewall, which automatically prevents malicious attacks like worms from entering the protected network


33

Application Proxy Firewalls

• The most complex type of firewall is the application proxy firewall

• Filters information based on the application data itself

• Rather than filtering packets based on allowing or denying HTTP traffic, an application firewall looks at the application content and distinguishes between normal and unexpected HTTP traffic


34

Password Strategies

• Sample guidelines for strong passwords – At least eight characters long – Include letters and numbers – Include uppercase and lowercase letters– Incorporate characters like &, $, and * – Not the same as user’s ID– Not anyone’s name, birthday, address, or Social

Security number


35

User ID and Password


36

Physical Security

• An important and sometimes overlooked form of access control

• Many security breaches involve insiders within a company, organization, university, or home

• Routine physical safeguards include door locks for rooms that house servers and network equipment (including wiring closets), and providing adequate building security


37

Physical Security (continued)

Server racks in a controlled environmentInformation Technology in Theory

38

Authentication

• The process of verifying a person’s identity before allowing network access

• Besides passwords and personal identification numbers, authentication methods include:– “Token-based” authentication– Biometric identification– Digital signatures


39

Token-Based Authentication

• Requires a computer user to physically hold a device called a token– Matchbook-sized device with a liquid crystal

display that provides a one-time password for gaining network access

• User enters the access number displayed by the token

• Number changes approximately every 10 seconds, and is completely synchronized with the network


40

Token-Based Authentication (continued)


41

Biometric Identifiers

• Biometrics can identify any of a person’s unique physical characteristics:– Fingerprints

– Facial features

– Voice patterns

– Retinal patterns

– Iris recognition

– DNA


42

Biometric Identifiers (continued)


43



44



45



46

Digital Signatures

• Reversal of public key encryption• A sender encrypts information using its private

key and transmits the information over a network to its intended destination

• Once the data is received, the destination device looks up the sender’s public key and uses it to decrypt the message

• If this decryption is successful, the data is verified as having originated with the presumptive sender


47

Summary• In the United States, the Department of Homeland Security

tracks security incidents, publicizes security vulnerabilities, and provides information about necessary software patches and upgrades at its US-CERT Web site, www.us-cert.gov

• The people and organizations that attack networks generally fall into the following categories: hackers, spammers, rogue employees, corporate spies, and cyberterrorists

• A virus is malicious code embedded in a seemingly legitimate program; it becomes active only when a user executes the legitimate program


48

Summary (continued)

• A worm is an autonomous, self-propagating, and self-replicating program that exploits existing security vulnerabilities to perpetrate attacks, such as erasing files, modifying files, or overwhelming a system

• In a distributed denial-of-service attack, numerous computer systems—some of them unwittingly—flood a targeted computer with an overwhelming and crippling number of requests

• Other types of common security attacks include identity and password theft, data interception and modification, bandwidth piracy, and critical infrastructure attacks


49

Summary (continued)• Three important categories of security strategies include

access control, authentication, and privacy• Important techniques for ensuring information privacy

over a network include encryption approaches such as SSL and 802.11i

• Various types of firewalls provide access control between a public and private network, including packet-filtering firewalls, stateful packet-filtering firewalls, and application-level firewalls

• Authentication is the process of ensuring that a person or system is who it claims to be; authentication is accomplished via passwords, token-based authentication, digital signatures, and biometric identification


Documents

Chapter 15 Network Security Information Technology in Theory By Pelin Aksoy and Laura DeNardis