Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Lecture 1

advertisement 
Physical Layer Security
Lecture 2
Supakorn Kungpisdan
supakorn@mut.ac.th
NETE4630
1
Roadmap
• Defending the Physical Layer
• Attacking the Physical Layer
2
NETE4630
Defending the Physical Layer
• The point at which protection should begin
• Security Controls have three primary goals:
– Deter: security lighting and “Beware of Dog” sign
– Delay: fences, gates, locks, access controls, and
mantraps
– Detect: intrusion detection systems (IDSes) and
alarms
• Higher layers focus on preventing disclosure,
denial, or alteration of information
• Physical security focuses on intruders, vandals,
and thieves
3
NETE4630
Physical, Technical, and Administrative Controls
4
NETE4630
Design Security
• Design security should begin during the design
phase, not at the time of deployment
• Physical security of assets and employees
should be considered when designing a new
facility; well-designed facilities are comfortable
and secure
5
NETE4630
Key Issues of Design Security
•
•
•
•
•
•
Location
Construction
Accessibility and Transportation
Climatology
Utilities
Access Control
6
NETE4630
Perimeter Security
• What to examine:
– Natural boundaries at the
location
– Fences or walls around the
site
– The design of the outer
walls of a building
– Divisions and choke points
within a building
• A series of mechanisms
includes:
– Fences
– Perimeter Intrusion
Detection and Assessment
Systems (PIDAS)
– Security lighting
– Closed-circuit television
(CCTV)
– Security guards and guard
dogs
– Warning signs and notices
7
NETE4630
Fencing
• A fence with proper design and height can delay
an intruder and work as a psychological barrier
• A risk analysis should be performed to evaluate
types of physical assets to be protected
– 4-foot fence will deter a casual trespasser
– 8-foot fence will keep a determined intruder out
• Need to consider gauge and mesh size of the
wire
– The smaller the mesh, the more difficult it is to climb
– The heavier the gauge, the more difficult it is to cut
8
NETE4630
Gauge and Mesh
16G with 50mm vs 25 mm mesh
9
NETE4630
Fencing (cont.)
10
NETE4630
PIDAS
• Perimeter Intrusion Detection and Assessment
Systems
• PIDAS has sensors that detect intruders and
feel vibrations along the fence
• The system may produce false positives due to
stray deer, high winds, or other natural events
11
NETE4630
Gates, Guards, and Ground Design
• UL Standard 325 details requirements for fates with 4
classifications:
–
–
–
–
Residential Class 1
Commercial Class 2
Industrial Class 3
Restricted Access Class 4
• Bollards are made of concrete or steel and used to
block vehicle traffic or to protect areas where
pedestrians are entering or leaving buildings
• Security guards need to have job references and be
subjected to a background check
– Web site operation and private investigators
12
NETE4630
Bollards
13
NETE4630
Gates, Guards, and Ground Design (cont.)
• Dogs are loyal but can be unpredictable.
– Dogs are restricted to exterior control and should be used with
caution
• Lighting can discourage criminals
• Most standards list two candlefoot power as the norm for
facilities using nighttime security.
• Too much light causes over-lighting and glare. It may
bleed over adjacent property
• With CCTV, activities can be monitored live by a security
officer or recorded and reviewed later
– British government has installed over 1.5 million CCTV cameras
• Warning signs or notices should be posted to deter
trespassing
14
NETE4630
Facility Security
• “Anyone with physical access has the means
and the opportunity to commit a crime”
• Least Privilege: providing only the minimum
amount of access that is required, and restricted
non-authorized individuals from entering
sensitive areas
• Can achieve by examining windows, doors,
locks, walls, access control, intrusion detection
15
NETE4630
Entry Points
• Doors, windows, roof access, fire escapes,
delivery access, and chimneys
16
NETE4630
Entry Points: Doors
• Door functions determine its construction,
appearance, and operation
• A door designed for security purpose is very
solid and durable, with hardened hardware
• Interior doors are made of hollow-core wood;
exterior doors are made of solid-core wood
• Need to perform risk assessment on interior
applications
17
NETE4630
Entry Points: Doors (cont.)
• Doors have fire rating with various
configurations:
–
–
–
–
–
Personal doors
Industrial doors
Vehicle access doors
Bulletproof doors
Vault doors
• Must examine hardware used to install a door
• Mantrap is designed so that when the outer
door opens, the inner door locks
18
NETE4630
Doors (cont.)
Vault door
Bullet-proof door
19
NETE4630
Doors (cont.)
Industrial door
Vehicle access door
20
NETE4630
Mantrap
21
NETE4630
Entry Points: Doors (cont.)
• Automatic door locks: fail-safe or failsecure
– Fail-safe (unlocked) state allows employees
to exit, but also allows other unauthenticated
access
– Fail-secure (locked) configuration is when
the doors default to being locked, thereby
keeping unauthorized individuals out while
also preventing access
22
NETE4630
Entry Points: Windows
• Alarms or sensors may be installed on windows
• Window types include:
– Standard: lowest security, least expensive, easily
shattered (แตกละเอียด)
– Polycarbonate Acrylic: more stronger than standard
glass
– Wire Reinforced: adds shatterproof protection
– Laminated: similar to those used in automobiles,
strengthen the glass
– Solar Film: provide moderate level of security and
decrease potential for shattering
– Security Film: highest security
23
NETE4630
Walls (cont.)
24
NETE4630
Entry Points: Walls
• A reinforced wall can keep a determined
attacker from entering an area
• Walls should be designed with firewalls, and
emergency lighting should be in place
25
NETE4630
Access Control
• Access control is any mechanism by which an
individual is granted or denied access
• Many types include:
– Mechanical locks
– Identity card technology
26
NETE4630
Access Control: Locks
• Warded locks and tumbler locks
• Warded locks work by matching wards to keys,
are cheapest mechanical lock and easiest to
pick
• Tumbler locks contain more parts and are
harder to pick
• Another type of tumbler lock is the tubular lock,
which is used for computers, vending machines,
and other high-security devices
27
NETE4630
Warded Locks
28
NETE4630
Access Control: Locks (cont.)
29
NETE4630
Tumbler Locks (cont.)
30
NETE4630
Access Control: Locks (cont.)
• Three basic grades of locks include:
– Grade 3: The weakest commercial lock (designed for
200,000 cycles)
– Grade 2: Light duty commercial locks or heavy duty
residential locks (designed for 400,000 cycles)
– Grade 1: Commercial locks of the highest security
(designed for 800,000 cycles)
31
NETE4630
Access Control: Physical Controls
• Network cabling
– Select the right type of cable
– Should be routed through the facility so that it
cannot be tampered with
– Unused network drop should be disabled; all
cable access points should be secured
32
NETE4630
Access Control: Physical Controls (cont.)
• Controlling individuals:
– ID cards with photograph of an individual
– Intelligent access control devices: contact and
contactless
• Contact access cards come with different
configurations including:
–
–
–
–
Active Electronic: can transmit electronic data
Electronic Circuit: has a circuit embedded
Magnetic Strips: has a magnetic stripe
Optical-coded: contains laser-burned pattern of
encoded dots
33
NETE4630
Optical Card
34
NETE4630
Access Control: Physical Controls (cont.)
• Contactless cards function by proximity e.g. RFID (Radio
Frequency ID)
– Passive: powered by RFID reader
– Semi-passive: has battery only to power microchip
– Active: battery-powered
• Multi-factor authentication is recommended
• Physical Intrusion Detection
–
–
–
–
Motion Detectors: audio, infrared, wave pattern, or capacitance
Photoelectric sensors
Pressure-sensitive devices
Glass breakage sensors
• Keep in mind that IDSes are not perfect
35
NETE4630
Intrusion Detection (cont.)
Photoelectric sensor
Motion detection sensor
(photoelectric infrared)
Glass break sensor
36
NETE4630
Device Security
• Device security addresses controls
implemented to secure devices found in
an organization
– Computers, networking devices, portable
devices, cameras, iPods, and thumb drives
37
NETE4630
Device Security: Identification and
Authentication
• Identification: the process of identifying
yourself
• Authentication: the process of proving your
identity
• Three categories of authentication
– Something You Know
– Something You Have
– Something You Are
38
NETE4630
Device Security: Sth You Know
• Passwords are most commonly used
authentication schemes
• Gartner study in 2000 found that:
– 90% of respondents use dictionary words or names
– 47% use their name, spouse’s name, or a pet’s name
– 9% used cryptographically strong passwords
39
NETE4630
Device Security: Sth You Know (cont.)
• A good password policy:
–
–
–
–
Passwords should not use personal information
Passwords should be 8 or more characters
Passwords should be changed regularly
Passwords should never be comprised of common
workds or names
– Passwords should be complex, use upper- and lowercase letters, and miscellaneous characters (e.g. !, @,
#, $, %, ^, &)
– Limit logon attempts to three successive attempts
40
NETE4630
Device Security: Sth You Have
• Tokens, smart cards, and magnetic cards
• Two basic groups of tokens:
– Synchronous token: synchronized to
authentication server
– Asynchronous challenge-response token
41
NETE4630
Device Security: Sth You Are
•
Basic operations:
1.
2.
3.
•
Accuracy of biometrics
–
–
•
•
User enrolls in the system
User requests to be authenticated
A decision is reached: allowed or denied
Type 1 Error (False Rejection Rate: FRR)
Type 2 Error (False Acceptance Rate: FAR)
The point at which FRR and FAR meet is known as
Crossover Error Rate (CER)
The Lower CER, the more accurate the system
42
NETE4630
Crossover Error Rate (CER)
43
NETE4630
Biometric
•
•
•
•
•
•
•
Finger Scan
Hand Geometry
Palm Scan
Retina Pattern
Iris Recognition
Voice Recognition
Keyboard Dynamics
44
NETE4630
Computer Controls
• Session controls
– System timeouts
– Screensaver lockouts
• Warning banners
45
NETE4630
Device Security: Mobile Devices and Media
• Samsung Corporation banned employees from
using Samsung’s cell phones with 8GB of
storage
• Sensitive media must be controlled, handled,
and destroyed in an approved manner
– Papers can be shredded: strip-cut and cross-cut
shredders
– CD can be destroyed
– Magnetic media can be degaussed
– Harddrive can be wiped
46
NETE4630
Information Classification Systems
• Government Information Classification System
– Focuses on secrecy
• Commercial Information Classification System
– Focuses on Integrity
47
NETE4630
Information Classification Systems (cont.)
48
NETE4630
Information Classification Systems (cont.)
49
NETE4630
Communications Security
• Communications Security examines electronic devices
and electromagnetic radiation (EMR) they produce
• Original controls for these vulnerabilities were named
TEMPEST, now changed to Emissions Security
(Emsec)
• Newer technologies that have replaced shielding are
white noise and control zones
• PBX must be secure
• Fax can be intercepted
– Fax ribbons can be virtual carbon copy of original document
– Solved by using fax server and fax encryption
50
NETE4630
Comm Security: Bluetooth
• To keep bluetooth secure, make sure bluetooth-enable
devices are set to non-discoverable mode.
• Use secure application to limit amount of cleartext
transmission
• It no bluetooth functionality is needed, turn if off
– It can be configured to access shared directories without
authentication, which open it up for viruses, trojans, and
information theft
• In 2005, AirDefense released BlueWatch, the first
commercial security tool designed to monitor bluetooth
devices and identify insecure devices
– www.airdefense.net/products/bluewatch/index.php
51
NETE4630
BlueWatch
• AirDefense BlueWatch can provide information
such as:
– Identify different types of Bluetooth devices,
including laptops, PDAs, keyboards and cell phones
– Provide key attributes, including device class,
manufacturer and signal strength
– Illustrate communication or connectivity among
various devices
– Identify services available on each device, including
network access, fax and audio gateway
52
NETE4630
802.11 Wireless Protocols
•
•
•
•
•
•
•
Retire WEP devices
Change default SSID
MAC filtering
Turn off DHCP
Limit access of wireless users
Use port authentication (802.1x)
Perform periodic site surveys and scan for rogue devices
e.g. using Kismet
• Update policies to stipulate requirements for wireless
users
• Use encryption
• Implement a second layer of authentication e.g. RADIUS
53
NETE4630
Roadmap
• Defending the Physical Layer
• Attacking the Physical Layer
54
NETE4630
Attacking Physical Layer
• Several techniques to attack physical
security:
– Stealing data
– Lock picking
– Wiretapping
– Hardware modification
55
NETE4630
Stealing Data
• Abe Usher wrote a program called “pod slurp” to steal
data from PC
• Purpose of Slurp
– To create a proof-of-concept application that searches for office
documents that can be copied from a Windows computer to an
iPod (or other removable storage device).
– The point of this exercise is to demonstrate (quantitatively) how
quickly data theft can occur with removable storage devices.
• Method:
– Searches for the "C:Documents and Settings" directory on a
Windows computer. It then recurses through all of the
subdirectories, discovering all of the documents (*.doc, *.xls,
*.htm, *.url, *.pdf, etc.) on the computer that it is running from.
56
NETE4630
How to Use Slurp
• Step 0:
– Stop the iPod Service in Windows (if iPod software is installed
and running).
• Step 1:
– Unzip slurp.zip
• Step 2:
– Copy the entire "slurp-audit" directory to your removable storage
device (iPod, external hard drive, etc.)
• Step 3
– Run the application file "slurp-audit.exe" and watch it find all of
the business files. After it is complete, check the report.html file
to find out what files could have been copied to an iPod or USB
thumbdrive.
• For more information, check: http://www.sharp-ideas.net
57
NETE4630
Slurp
58
NETE4630
Slurp Report
59
NETE4630
Lock Picks
• Basic components used to pick locks:
– Tension Wrenches: small, angled flathead
screwdrivers that come in various thicknesses and
sizes
– Picks: small, angled, and pointed, similar to a dentist
pick
60
NETE4630
Scrubbing
61
NETE4630
Lock Shim
62
NETE4630
Lock Shim (cont.)
63
NETE4630
Lock Shim (cont.)
64
NETE4630
Scanning and Sniffing
• Phreakers are interested in making free long-distance
calls
• Free loaders intercept free HBO. Prevented by
implementing videocipher encryption
• Cordless phone were attacked by tuning the same
frequencies other people to listen to active conversation
– Solved by switching to spread spectrum technologies
• 1st Gen mobile phones have been hacked by Tumbling
– Modify Electronic Serial Number (ESN) and mobile identification
number (MIN) after each call
• Also vulnerable to cloning attack
– Intercept ESN and MIN from listening to active calls
65
NETE4630
Scanning and Sniffing (cont.)
• Attacks on 2nd Gen Mobile phones:
– International Mobile Subscriber Identity (IMSI) catcher
• Tell mobile phone that it is a base station
– Cellphone jammer
• Transmit signals with same freq as cell phones; preventing
all communication within given area
– Cellphone detector
• Detect when a cell phone is powered on
66
NETE4630
Scanning and Sniffing (cont.)
• Bluejacking allows an individual to send
unsolicited messages over BT to other BT
devices
• Bluesnarfing is the theft of data, calendar
information and phonebook entries
67
NETE4630
Tools to Attack Bluetooth
• RedFang: small proof-of-concept application used to
find non-discoverable devices
• Bluesniff: a proof-of-concept tool for BT wardriving
• Btscanner: a BT scanning with the ability to do inquiry
and brute force scans, identify BT devices in range
• BlueBug: exploits a BT security hole on some BTenabled phones. Allows unauthorized downloading of
phonebooks and call lists, sending and reading SMSs
• Find those tools at
– http://www.remote-exploit.org/backtrack_download.html
68
NETE4630
Attacking WLANs
•
•
•
•
Eavesdropping
Open Authentication
Rogue Access Point
DoS
69
NETE4630
Hardware Hacking
• Hardware hacking is about using physical
access to bypass control or modify the device in
some manner
– Sometimes it is called “moding”
• Bypass BIOS password
• Router password recovery
– Prevented by issuing no service passwordrecovery command
• Bypass Windows authentication
70
NETE4630
Example: Modifying Bluetooth Hardware
• Objective:
– To extend BT range
71
NETE4630
Example: Modifying Bluetooth Hardware
1
2
72
NETE4630
Example: Modifying Bluetooth Hardware
3
4
73
NETE4630
Example: Modifying Bluetooth Hardware
5
6
74
NETE4630
To Read
• Hack-The-Stack: Page 70-84
75
NETE4630
Question?
Next week
Data Link Layer Security
NETE4630
76
Related documents
Key Device
Key Device
Lock Overview
Lock Overview
Stat 2524 Name: Quiz 6 (Take home) Due: 11/5/15 1. (10 points
Stat 2524 Name: Quiz 6 (Take home) Due: 11/5/15 1. (10 points
Chapter 12: Forcible Entry - Fundamentals of Fire Fighter Skills
Chapter 12: Forcible Entry - Fundamentals of Fire Fighter Skills
TOWNSVIEW SCHOOL Grade 7 English Prime Supply List 2015-16
TOWNSVIEW SCHOOL Grade 7 English Prime Supply List 2015-16
Multicore and parallel programming Contact information: Håkan
Multicore and parallel programming Contact information: Håkan
Curbside Drop Off - Prairie Lutheran Preschool
Curbside Drop Off - Prairie Lutheran Preschool
2 sider - Universitetet i Oslo
2 sider - Universitetet i Oslo
Download
advertisement