Professional Documents
Culture Documents
Lecture 4
Security Mechanisms
Syed Naqvi
snaqvi@ieee.org
Physical Security
♦ Physical Security
– keep the machine physically secure
– ensure its connections to other machines are secure
– ensure its environment is workable
e.g. air conditioning is adequate
♦ Electromagnetic Threats
– consider computer system as a whole
– networking, peripherals, power supply
1
Physical Security
♦ Computers Operate as Systems
– only as strong as the weakest link
– highly dependent on networks
– all components in system must be functional
– power supply is an often overlooked weakness
Physical Security
♦ Computer Room Security
– Locks on doors
– Access lists and escort policy
– Maintenance personnel access and monitoring
♦ Workstation Security
– Locks on workstations in public areas
– Positioning of viewable workstations screen in public areas
2
Layering of Security Mechanisms
Machine A Machine B
Application Application
High-level
Middleware protocols Middleware
OS Services OS Services
Transport Transport
OS Kernel OS Kernel
Network Low-level Network
protocols
Datalink Datalink
Hardware Hardware
Physical Physical
Network
Malicious Code
♦ Set of instructions that causes a security policy to be
violated
– Is an unintentional mistake that violates policy malicious code?
(Tricked into doing that?)
– What about “unwanted” code that doesn’t cause a security breach?
3
Malicious Code
♦ Trojan Horse
– Trick user into executing malicious code
♦ Virus
– Spreads by making copies of itself from program to program or
disk to disk.
♦ Worm
– A program that travels independently over computer networks,
seeking uninfected sites.
♦ Logic-Time Bomb
– Set off when a specified condition is met.
Trojan Horse
4
Trojan Horse
♦ Program with an overt (expected) and covert (unexpected)
effect
– Appears normal/expected
– Covert effect violates security policy
Virus
♦ Self-replicating code
– A freely propagating Trojan horse
• some disagree that it is a Trojan horse
– Inserts itself into another file
• Alters normal code with “infected” version
5
Virus – Types
♦ Boot Sector Infectors
– Problem: How to ensure virus “carrier” executed?
– Solution: Place in boot sector of disk
• Run on any boot
– Propagate by altering boot disk creation
• Less common with few boots off floppies
♦ Executable infector
– Malicious code placed at beginning of legitimate program (.COM
.EXE files)
– Runs when application run
– Application then runs normally
Virus – Types/Properties
♦ Terminate and Stay Resident
– Stays active in memory after application complete
– Allows infection of previously unknown files
• Trap calls that execute a program
– Can be boot sector infectors or executable infectors
♦ Stealth (an executable infector)
– Conceal Infection
• Trap read to provide disinfected file
• Let execute call infected file
♦ Encrypted virus
• Prevents “signature” to detect virus
• [Deciphering routine, Enciphered virus code, Deciphering Key]
♦ Polymorphism
• Change virus code to something equivalent each time it propagates
6
Virus – Types/Properties
♦ Macro Virus
– Composed of a sequence of instructions that is interpreted rather
than executed directly
– Infected “executable” isn’t machine code
• Relies on something “executed” inside application data
Worm
♦ Replicates from one computer to another
– Self-replicating: No user action required
– Virus: User performs “normal” action
– Trojan horse: User tricked into performing action
7
Logic Time Bomb
♦ Logic bombs are malicious codes that cause some
destructive activity when a specified condition is met
♦ Unlike viruses, logic bombs do their damage right away,
then stop.
♦ The trigger can be:
– a specific data
– number of times the program is executed
– a predefined event such as a deletion of a certain record.
♦ May exist in the system for weeks or even months before it
is detected/detonated.
♦ The damage is not caused, until a specified date or until the
system has been booted a certain number of times.
8
Operating System Security
♦ Formalized procedures for software acquisition
♦ Security clearances of prospective employees
♦ Formal acknowledgment by users of their responsibilities
to the company
♦ Security group to monitor security violations
♦ Formal policy for taking disciplinary action against
security violators
♦ Use of one-time passwords
9
UNIX Security: Best Practices
♦ Remote access needs username/password
♦ Potential vulnerability depends on network path
connection flows through
♦ Many connections pass plain text
– telnet particularly bad, rlogin/ftp bad too
10
Windows Security: Best Practices
♦ Limit access of unauthorized personnel
♦ Use key-card access systems
♦ Monitor computers, files can be modified or hardware
tampered with
♦ Keep servers in a locked location
♦ Disable floppy and CD-ROM based boot
♦ Remove unneeded network cards
♦ Remove unneeded modems
♦ Lock computer case and store key separately
Web Services
♦ Web designed for application to human interactions
11
Web Services Security – 1G
♦ The TCP protocol Hypertext Transfer
provides a reliable Protocol (HTTPS)
communication
between the requestor
and the WS-provider Secure Socket Layer
supporting Protocol (SSL)
symmetric crypto key-exchange
♦ The SSL protocol algorithms algorithm
provides a secure
communication
between the requestor
and the WS-provider Transport Control
supporting Protocol (TCP)
WS-SecureConversation
WS-Security
12
Web Services Security – 2G
♦ The SOAP protocol provides a loosely-coupled, language-neutral,
platform-independent way of linking applications across the Internet
– Remote Procedure calls (RPC SOAP)
– Messaging between applications (Document-based SOAP)
www.darpa.mil = 128.9.176.20
13
DNS Query & Response
www.darpa.mil
End-user A 128.9.128.127 Caching
DNS Server mil DNS Server
DNS Vulnerabilities
♦ Original DNS design focused on data availability
– DNS zone data is replicated at multiple servers.
– A DNS zone works as long as one server is available.
• DDoS attacks against the root must take out 13 root servers.
14
A Simple DNS Attack
Easy to observe UDP DNS query sent to
well known server on well known port.
www.darpa.mil A?
Root DNS Server
www.darpa.mil
A 192.5.18.19
Doug’s
Caching
Laptop www.darpa.mil DNS Server mil DNS Server
A 128.9.128.127
Dan’s
Laptop
15
The Problem with DNS …
♦ Resolver can not distinguish between valid and invalid
data in a response.
A Solution …
♦ Each DNS zone signs its data using a private key.
– Recommend signing done offline in advance
16
Secure DNS Query & Response
Firewalls
♦ Firewalls are used to prevent intruders on the Internet from
making unauthorized access and denial of service attacks
to your network.
♦ A firewall is a router, gateway, or special purpose
computer that examines packets flowing into and out of the
organization’s network (usually via the Internet or
corporate Intranet), restricting access to that network.
♦ The two main types of firewalls are packet level firewalls
and application-level firewalls.
17
Packet Level Firewalls
♦ A packet-level firewall (or packet filter) examines the
source and destination address of packets that pass through
it, only allowing packets that have acceptable addresses to
pass.
♦ Since each packet is examined separately, the firewall
can’t understand what the sender’s goal is.
♦ Packet filters may be vulnerable to IP spoofing,
accomplished by changing the source address on incoming
packets from their real address to an address inside the
organization’s network.
♦ While packet filters have strengthened their security since
the first cases of IP spoofing, IP spoofing remains a
problem.
18
Demilitarized Zone (DMZ)
♦ DMZ (demilitarized zone) sits between perimeter network
and internal network. It is separated by firewalls on both
sides. It contains:
– InternetInformation Server (IIS)
It provides the core Web services and communicates to Internet
clients by using HTTP and HTTPS.
– DNS(Domain Naming System) services.
– All servers in the DMZ can also communicate with internal
network.
DMZ in a Network …
19
Virtual Private Network (VPN)
Virtual private networks (VPN) provide an
encrypted connection between a user's distributed
sites over a public network (e.g., the Internet). By
contrast, a private network uses dedicated circuits
and possibly encryption.
20
Virtual Private Network (VPN)
Benefits of VPN
Traditional Private Networks:
♦ High fixed cost
♦ Low variable costs
(with respect to varying capacity)
21
Requirements for VPN
♦ Opaque packet transport
– VPN traffic no relation to rest of IP backbone traffic
– VPN may use private IP address
♦ Data security
– By customer ( firewall + encryption)
– Secure managed VPN service by providers
♦ Quality of service
– Leased and dial-up lines provide guarantee on the bandwidth
and latency
♦ Tunneling mechanism
– A way to implement opaque transport and security
VPN Types
♦ Remote Access VPN
♦ Intranet VPN
♦ Extranet VPN
22
Remote Access VPN
Intranet VPN
23
Extranet VPN
24
Now some practice …
♦ Divide yourself into 2 groups.
♦ Each group is required to prepare a set of security
mechanisms for a newly established SME of 10 persons:
– 1 General Manager
– 1 Administrative Secretary
– 1 Business Manager
– 2 IT Managers
– 5 Developers
♦ Each group has to present their solutions
♦ Other group will identify the short comings and critics to
the plans
25