Basics of Network Security

Network Security Group

Basics of Network Security

Network Security Group

Index
 Objective
 Networking-At Its Primitive
– Evolution of LAN & WAN
– Resource Access-The Main Criteria
 The New Age Networks
– Popular Networks (UUCP/Internet)
– Resource Access – The Main Criteria????
 ‘Security’ – The New Economy Buzzword
– Evolution of “Threats”
– Use of Resource Access Criterion for mounting attacks
 TCP/IP – The Language of Internet
– Open Design
– IP
• Understanding IP
• Attacks against IP
Index
– TCP
• Guaranteed Packet Delivery
– UDP
• Lower Overhead than TCP
 Risk Management – The Game of Security
 Types & Sources of Network Threats
– Denial Of Service
– Unauthorized Access
– Eavesdropping
– Where Do They Come From?
 Building Blocks of Network Security
– Security Policies
– Perimeter Security
• Firewall
• Authentication
Index
• Intrusion Detection
• Content Filtering
• URL Filtering
– Encryption
• Link Layer Encryption
• Layer 2 Encryption
• Layer 3 Encryption
• Application Layer Encryption
– Host Security
• Operating System Security
• Application Security
– Reporting & Logging
 Common Hacking Attacks – Demonstration (Planned)
– Password Attacks
– SYN Flood
– Denial Of Service (DoS)
Objective
 What Security?
 Why Security?
 How Security?
Networking-At Its Primitive
 Computers replace Papers
 Stand-alone Computer – A Norm
 Floppies as resource sharing mechanism
 Resource Sharing across geographical locations
– A Problem
 What is a Network?
 Evolution of networks
– LAN (Local Area Network)
– MAN (Metropolitan Area Network)
– WAN (Wide Area Network)
Networking-At Its Primitive Contd.
 Advantages of Networks
– Copy files
– Application Execution
– Printing
– File System mounting
– ….more & more
 Resource Access – The Main Criteria
– File Access
– Printing
The New Age Networks
 UUCP
– Unix to Unix Copy
– Connects Unix hosts
– Batch Oriented Processing
– Public Network
– Not flexible (not many applications can be run)
– E-Mail & Net News are most widely used
applications
The New Age Networks Contd.
 Internet
– Network of Networks
– Public Network
– No ownership
– Most popular
– Any application can be run
– Interactive & Multimedia Applications
– Business on the Net
 How do they access these resources?
The New Age Networks Contd.
 Resource Access – Still the main criteria?
– Yes…..but…..!!!!!
– Impending dangers
TCP/IP Basics
 The Language of Internet
 Protocol Stack developed much before the ISO 7
layer model
 Open Design
 Works at Layer 4 (TCP) and Layer 3 (IP) of ISO
model
 IP provides identification of each of the host in
the network
 Multiple higher layer protocols built on this stack
TCP/IP Basics Contd.
 TCP (Transmission Control Protocol)
– Designed to ride atop IP
– Guaranteed Packet Delivery
– Acknowledgements for packets sent
– Suited for applications like Telnet, FTP,DNS
– Not suitable for real-time applications like
interactive / multimedia applications
– Delays because of acknowledgements
TCP/IP Basics Contd.
 UDP (User Datagram Protocol)
– Transport Layer Protocol,rides atop IP
– Does not provide Guaranteed Packet Delivery
– Unreliable Protocol
– Developed under the assumption of availability
of very efficient physical media and no
network congestion
– Suitable for real-time, delay sensitive
applications
– Less overheads when compared to TCP
Security Threats
 Security – The New Economy Buzzword
 Evolution of Security Threats
– Using resource access criterion
– By Accident
– For Fun
– Practical Jokes
– Intentional
 Few facts
– 80% of Security Threats are from within the organization
and the rest 20% are from external agencies
Types & Sources of Threats
 You draw an analogy to your real life
 You use a dog to ‘protect’ your house from
thieves
 You use a Guard to man your
house/building
 Dogs, Guards are mechanisms that you
use to ‘secure’ your assets like house,
building from thieves
Types & Sources of Threats Contd.
 World is changing…even for what you steal…
Types & Sources of Threats Contd.
 Did you hear complaints such as…
Types & Sources of Threats Contd.
 And how often you have felt this….
Types & Sources of Threats Contd.
 Types of Threats
– Disruption of Operations
• Network Operations would come to a halt
• It can be due to malfunctioning/shutdown/clogging of the
network equipment facilitating network operation
– Internal Network Access
• Unauthorized access to your internal network resources
• Would result in theft of confidential business information
or erasure of critical data
• It is due to misconfiguration of your network equipment or
the loopholes built in the application protocol
Types & Sources of Threats Contd.
– Eavesdropping
• Internet is a public domain
• Packets can be captured using Protocol Analyzers
and critical information can be used for destructive
purposes
• Becomes a major threat for Businesses on the Net
Types & Sources of Threats Contd.
 Sources of Threats
– Hacker
– Disgruntled Employee
– Competitor
– Cyber Terrorists
– Ignorant Employee
– Natural Threats
• Fire
• Flood
• Earthquake
Types & Sources of Threats Contd.
 How do the Threat Agents mount attacks?
 Loopholes or Vulnerabilities
 Vulnerabilities arise due to
– Due to improper configuration of equipment
– Employee Ignorance on security awareness
– No physical access control mechanism to the
critical equipment
– Application design that gives away too much
information than required
– And more…..
Attacks against IP
 Business on the Net
 TCPIP – The Language of the Net
 IP Layer Concerns
– Does not provide robust mechanism for authentication
– Soft IP Addresses ( Assigned in software)
• Facilitates IP Spoofing and Session Hijacking
– Router Trust for Routing information packets
• Facilitates reconfiguration of routers
– Source Routing
• Allows the sender to determine the route
Application Layer Protocols as a Key
Element of Risk
 Ports below 1024 are privileged ports
– They cannot be created except by the server
process unless that process has root access
 Server applications with flaws may expose
root privileges
 Most intrusions take advantage of
programming flaws in service applications
Why an Organization needs Security
 Results of these Security Threats are
– Business Loss
– Financial Loss
– Loss of Reputation
 Can you estimate the losses in dollars if these
threats strike?
 The recent I LOVE YOU e-mail Virus has resulted
in Billions of Dollars loss across the globe
 Would you watch these attacks happening
without taking any preventive measures?
Risk Management – The Game of
Security
 What’s the best method for Security?
 There are only two extremes
– Absolute Security
– Absolute Access
 The closest for Absolute Security is to unplug it
from the network,power supply,lock it in a safe
and throw it in the Bermuda Triangle
 Absolute Access makes the computer to do
whatever it is asked to do,but the Internet being a
bad neighborhood,would make it useless
Risk Management – The Game of
Security Contd.
 An analogy to the real life
“When we use a car to drive to work, it’s possible
that something gets completely goes out of
control and get involved in an accident. When we
get in an aeroplane, we are accepting the level of
risk at the price of convenience”
 Best method for securing an organization
depends on the level of risk it can accept
Building Blocks-Network Security
 Security Policy
– A must for an organization
– Foundation for Organization’s Security
– Provides guidelines to the organization on
• ‘HOW’ Security
• ‘WHAT’ Security
• ‘WHO’ Security
– Enforcement of Security Policies is as important as it’s
Design
– Management’s Involvement in Design & Enforcement
key to its success
Building Blocks-Network Security
Contd.

 Various Security Policies

– Password Policies
– Logon Policies
– Internet Access Policies
– Physical Security Policies
– Human Resources Policies
– Organizational Structure Policies
– Communications Security Policies
– And more….
 Building Blocks-Network Security

Routers/ AAA
Firewalls Switches Encryption
Mechanism
Content
Source
Perimeter Security Data Privacy Filtering
Identification

Security Policy

Host Security Virus wall Intrusion/Detection

Application OS Security
Security
Building Blocks-Network Security
Contd.

 Perimeter Security
– Firewall
– Intrusion Detection
– Authentication
– Content Filtering
– URL Filtering
 Encryption
– Link Encryption
– Network Layer Encryption
– Application Layer Encryption
– Public Key Infrastructure
Building Blocks-Network Security
Contd.

 Host Security
– Operating System Hardening
– Application Security
 Reporting & Logging Tools
Perimeter Security-Firewall
 A Network Security interface between two
networks (logical & physical)
 External Firewalls
– May be multi-layered
– Outside to protect DMZ (De-militarized Zone)
– Inside to protect the balance of the organization
 Internal Firewalls
– Used to create Security Domains
– Protection for sensitive departments or applications
– Used to add Security Layers
– Forcing an external intruder to breach several firewalls
to get the sensitive information
Perimeter Security-Firewall Contd.
 Can also filter Non-TCP/IP Protocols
– Multi-protocol Firewalls can filter TCP/IP, IPX/SPX,SNA
and many others
 Firewalls cannot protect against
– Any intrusions that bypasses the Firewall
– Employee Misconduct
– Employee Ignorance
• Sharing Passwords
• Responding to Social Engineering Probes without
verification
• Running downloaded software without Virus Checks
Perimeter Security-Firewall Contd.
 Improper Firewall selection and usage
 Firewalls are not forever and may be
defeated in the best of the environments
 No one Firewall is ideal for all applications
 Different vendors use different design
criteria
 Commercial Firewalls are often
combinations of firewall technologies
Perimeter Security-Intrusion Detection
 Detects Intruders into the network
 Available as
– Network based IDS
– Host based IDS
– Hybrid IDS
 IDS = Sniffer + Signature Verification &
Corrective action
 400+ signatures are available currently
Perimeter Security-Authentication
 Identifies the source
 Authorizes the source for accessing specified
network resources
 Accounts for the duration the specified resource
was accessed
 Authentication can be done at Layer 2 of OSI
model also
 Specifically for WAN PPP authentication
– PAP
– CHAP
Perimeter Security-Authentication Contd.
 Standard Application layer Protocols used
are
– RADIUS
– TACACS
– KERBEROS
Perimeter Security-Content Filtering
 Internet is the biggest source of Computer
Viruses
 Content Filtering protects internal network
resources for
– SMTP (Virus file as mail attachment)
– FTP (Downloaded file infected with virus)
– HTTP (Pages/files infected with virus)
 Content Filtering solution can be
integrated with Firewall solution
Perimeter Security-URL Filtering
 70% Internet Porn is downloaded between 9 to 5
(during office hours)
 40% of workplace Internet surfing is not business
related
 The top 3 Internet word searches in the world are
MP3,SEX & HOTMAIL
 URL Filtering helps an organization to enforce
proper Internet Access policies
 Specific Sites that are not business related can
be blocked from access
Encryption
 Link Encryption
– Encrypts all the packets that goes onto the link
– Normally connected between the CSU/DSU and
Router/Multiplexer
– Uses DES/3DES encryption
 Layer 2 Encryption
– Encrypts all the packets upto Layer 3
– Standard Layer 2 Tunneling mechanisms are
• L2F
• L2TP
• PPTP
Encryption Contd.,
 Network Layer Encryption
– Encrypts data upto Transport Layer
– Generally termed as VPN (Virtual Private Network) when
encryption done for Internet data
– Standard L3 Tunneling mechanisms are
• GRE
• IPSec
 Application Layer Encryption
– Encrypts data at Application Layer
– Standard Application layer Encryption Protocols is
Secure Socket Layer (SSL)
Encryption Contd.,
 Public Key Infrastructure
– Symmetric & Asymmetric Encryption
– Symmetric Encryption
• Uses Pre-shared keys for authentication & encryption
• Suitable for a small network with a maximum of 10 nodes
participating in encryption
• Configuration complexities and hence administrative
overheads
– Asymmetric Encryption
• Uses combination of Public and Private keys for
encryption and authentication
• Public keys will be transmitted on the network whereas
Private keys are never transmitted out of the node
• Much secure than Symmetric encryption
Encryption Contd.,
– Digital Certificates
• Certificate for Authentication
• A Central certifying authority provides Digital Certificates
to all nodes participating in the PKI domain
• Nodes need to exchange the digital certificates before data
communication
• Contains information of Node/Certificate Authority
– Certificate Authorities
• Provides Digital Certificates to all the nodes in the same
PKI Domain
• Central authority certifying the nodes’ authenticity
• All Nodes in the same PKI domain need to get authorized
by the same Root CA
Host Security
 Perimeter Security provides first level of Security
 Providing Perimeter Security only is not sufficient
 Perimeter Security provides security mechanisms
until the server/desktop
 Second Level of Security is obtained by ensuring
the server/desktop security
 Host involves two basic software components
– Operating System
– Application
 All Operating Systems fall under Windows or
Unix
 Windows has various OS I.e Win95/98/NT/2000/XP
Host Security Contd.
 Unix has multiple flavors I.e. Solaris/HP-
UX/Linux/AIX/Irix/Sco-Unix/Unix Ware
 By default all Operating Systems provide
Absolute Access to its resources
 Generally Security configuration is done for
Authentication and Authorization purposes only
 Tools are available that exploit any of the
services/ports left open in OS
 To run services that use privileged ports (<1024)
root access privileges are necessary
 Hardening or Fine Tuning the Operating System
is essential and necessary
Host Security Contd.
 Most of the vulnerabilities are due to
improper application design &
configuration
 Hardening/Fine tuning (patch upgrades)
the application is essential
Reporting & Logging
 Most of the Security Devices do not provide
proper reporting mechanisms
 Logs provided are very difficult to analyze
 Logs are helpful for investigating any security
breach and helps to ensure proper
countermeasures are taken
 Reporting & Logging applications help in
presenting these logs in GUI format
 R & L applications can log the events for various
security devices like Firewall,IDS and VPNs