Ensuring Network Security

• Planning• Physical Security• Data Security

– Passwords– Auditing– Encryption

• Sniffing• Firewalls• Viruses

Security Planning

• Unauthorized access

• Electronic Tampering

• Theft

• Intentional damage

• Unintentional damage

Physical Security

• Access to hardware– Locked Doors– Locked Cabinets

• Access to the system console– Screen Passwords– Locked keyboards (removing keyboard)

• Access to network wiring/switches/routers

Physical Environment

• Power source

• Noise sources

• Air conditioning (temperature control)

• Dust and smoke

• Water problems (flood possible?)

Data Security

• Share Level Security vs. User Level Security• Proper passwords

– Length

– Uncommon names

– Use of non alphanumeric characters

– Controlled access (Screen/Keyboard Locks)

• Use of a Routed vs. Flat network architecture• Audit use of the system

Windows Security Permissions

• Full (all of the below)

• Read

• Execute

• Write

• Delete

• None (no access)

Auditing

• Check for:– Logon attempts– Connection to resources– Connection termination– Directory creation, modification, or deletion– Server events and modifications– Password changes

Microsoft Gotchas

• Microsoft operating systems have a tendency to store passwords on the local hard disk in the Windows registry to save time when logging in to remote services. This can be quite dangerous!

Flat Network

User 1:129.123.7.56

User 2:129.123.3.88

User 3:129.123.6.123

Hub

Monitor seessome traffic from

all 3 users

Internet

Routed Network

Router

Monitor can’t see traffic other than it’s own subnet

User 1:Subnet 7 User 2:Subnet 3

User 3:Subnet 6

Monitor onSubnet 1

Internet

Sniffers

• Sniffer, Snoop, Tcpdump

• Promiscuous mode

• Many protocols

• Interpretation

Login Security

• Usernames/Passwords may be in plain text over the network

• Email security– Netscape/Eudora leave configuration files on

each PC.– Webmail is an IMAP interface to a mail server

• can use SSL for security

Encryption

• DES (Digital Encryption Standard)

• Secure Shells

• Secure Web Pages

• Pretty Good Privacy– Private Keys– Publics– Signatures

How safe is encryption?

• 4 character password (alphabetic characters only) cracking time (maybe a minute on a 450mhz computer)

• 40 bit key (can be cracked in 24hours on a parallel computing system)

• 128 bit key (probably not able to be cracked in a millennium)

Secure Shell (SSH)

• Use of encryption based on keys/certificates

• Block undesired hosts from accessing

• All data on the wire is encrypted

• Can be used for interactive communication and copying files

Secure Web Sites

• Keys/Cookies– New key/encryption code for each access

• Encryption of data over the wire

• Keep track of trusted hosts that access the site.

Pretty Good Privacy

• Encryption of keys– 40 bit– 128 bit

• Creating your authenticated signature

• Your key ring

• Submitting your public key to a database

• Email and PGP

PGP System

PGP

User 1

International Database

PGP

Private keyPublic keys

Message can be entirely encrypted or justthe signature can be encrypted.

User 2

Key Ring Key Ring

Data

Firewalls

• Purpose• Disadvantages

– Slowdown of packets– Inconvenient for users

• Advantages– Slows down hacking attempts– Limits incoming traffic– Overcomes IP number limitations (NAT)

Firewalls (cont.)

• Setup– Addressing– Name Service– Reuse of IP numbers inside the firewall (NAT)

• Proxies– E-mail– Web– FTP

Viruses/Trojans/Macros

• Viruses spread by:– floppies– downloaded files– Email

• Viruses are removed by:– Deleting the affected file– Running a virus scanning/cleaning program

Companion Viruses

• Looks like a real program (WORD.EXE)

• Make replace a logon program and grab usernames/passwords

• Usually renames the actual executable and calls that executable from the bogus program.

Macro Viruses

• The virus infects the Macro definitions of a program (like Microsoft Word) and then infects every document created by the original program.

• These viruses are difficult to detect because they haven’t infected an executable program.

Polymorphic Viruses

• These change appearance every time they replicate. They may even change each time the computer is rebooted.

• Since they change frequently, virus checkers have a hard time determining a pattern or fingerprint of the virus.

Stealth Virus

• These hide from detection

• They may use hidden files or may modify the operating system so a standard directory scan doesn’t show the virus file.

• They also return false information to virus checkers.

Trojans

• Trojan Horses– Look like a benign game or program– After a period of time they execute the virus

• Some may be cleaned with virus protection software.

• Some masquerade as Windows programs and removal will crash the system

Back Doors

• Provide access to system through published, unused, or unpublished ports.

• Sometimes are put there by programmers, engineers, or hackers

• They are hard to protect against unless you can find their access port and firewall protect against it.

Virus Consequences

• Can’t boot

• Data is scrambled or unreadable

• Erratic or slow operation of the computer

• Excessive disk activity

• Disk drive is erased or data is lost.

• Disk is reformatted

Virus Protection

• Test each disk write for a particular pattern unique to the virus

• Test for writes to the disk boot block

• Test for code that might access PC hardware

• Scan files for virus patterns

D.O.S. Attacks

• Denial of Service

• Flood of useless packets/data

• Hard/Impossible? To track

• Good example of distributed computing

• Can a firewall protect the network?

Email Virus

• Use innocent email messages as the transport.

• Grab address book entries to spread

• Infect critical windows programs

• The user doesn’t know he is infecting others

• Can be prevented by using email front end scanners.

Backups

• What kind of backup system should we use?• Even a fault tolerant disk system can fail!• Always back up• Rotate several copies of backups in case one tape

is unreadable• Check the backups to see if they are readable• Store the tapes or removable media in a safe place

Backup Strategy

• Full Backup

• Incremental Backup

• Copy

• Daily Copy

• Logging– Date, tape-set number, type, which computer

UPS

• Handles short duration power failures• Can alert the operator of power failure• Decide how long the UPS needs to power the

system• Does the server display or printer need to be on?• How much power does the server need (load)?• Does the UPS have an RS232 control port?• Life span of the UPS battery(ies)

RAID!

• Redundant Array of Independent Disks• RAID 0

– Disk Striping– No fault tolerance

• RAID 1– Disk Mirroring– High Disk Overhead (2-2GB disks=2GB)– High Write overhead (write to both disks)

MORE RAID!

• RAID 5– disk striping– parity blocks– Requires at least 3 disk drives– Can improve disk performance– lose and replace 1 disk drive and no data is lost– overhead is 1/N n=number of disks, 5 10GB disks = 40

GB storage

• RAID 10– Mirrored across 2 identical RAID 0 disk arrays

Hot Fixing

• Identify a bad sector

• Move the data to a free good sector

• Mark the bad sector

• Update the file allocation tables

Disaster Recovery

• Prevention– What can I control?– What is the best method?– Keep updating your prevention methods– Keep up on maintenance– Training!

Disaster Preparation

• Plan ahead

• Use fault tolerance equipment

• Maintain backups

• Test your preparation plan!