chap8-slide - GEOCITIES.ws
advertisement
ADCS Chapter 8 PC And Network Security “Keys to success... Research your idea, Plan for success, Expect success, & just plain do it! It amazes me how many people skip the last step! Practice being a "doer" and success will follow you every step of the way!" -- Josh S. Hinds Prepared by: SITI ZAINAH ADNAN If you do have any feedback or comment, please feel free to email me at sitizai@hotmail.com Your cooperation is very much CS262/0602/V2 appreciated ! Chapter 8 - 1 ADCS Chapter 8 PC And Network Security TOPICS • Introduction • Contributors to Security Problems • Security Measures • Protection for File • Communication Security • Network Security Issues – Encryption in Networks – Network Access Controls – Network Firewall • Traffic Control CS262/0602/V2 Chapter 8 - 2 ADCS References • Book (available at the Informatics library) – http://www.cert.org/research/JHT hesis/Word6/ • Notes (available at IVC) CS262/0602/V2 Chapter 8 - 3 ADCS Introduction • Recently the use of personal computer and computer communication network has spread substantially. • It is very important to define the security measures at all levels viz. PC, communication media and network (both LAN and WAN). CS262/0602/V2 Chapter 8 - 4 ADCS Introduction • PC: – Small machine – Used by single person at a time – With single user system, many copies of software needed to run the program on each different machine • Mainframe: – More conventional – Multi-user machine – One copy of software is bought by computing centre, and all users can make use of the one copy of the executable code of program CS262/0602/V2 Chapter 8 - 5 ADCS Contributors to Security Problems • The major problem facing personal computer users involve secrecy, integrity and availability of programs, data and machines. • Hardware Vulnerabilities – Most PCs do not have any hardware level protection – Although PCs have simple password authentication, such features can be easily bypassed by clever users. – The controls for PCs are much less stringent than for mainframe computers – Limited memory protection CS262/0602/V2 Chapter 8 - 6 ADCS Contributors to Security Problems • Other Vulnerabilities. – Users are the source of security problems, but not PCs. – Users often do not consider the security risks when dealing with program or data within PC. CS262/0602/V2 Chapter 8 - 7 ADCS Contributors to Security Problems • Vulnerabilities in PC security: – Low awareness level - PC is just another office tool - typewriter – Few hardware controls - no restricted access to I/O – No audit trail - impossible to tell who has accessed what and when – No unique responsibility - no one will responsible for the maintenance of the PC, since PC is stored by different users – Environment attack - food, smoke, power surge CS262/0602/V2 Chapter 8 - 8 ADCS Contributors to Security Problems – Physical access - PC left unattended, anyone can access – Care of media, components diskettes are not keep properly – No backup – Questionable documentation poor documentation, leads to mistake, no guideline – Amateur quality software - they may not practice full/complete testing during program development, so possible vulnerabilities is untested – High portability - vulnerable to theft, easily moved from one place to another • Note: Amateur - one lacking the skill of a professional CS262/0602/V2 Chapter 8 - 9 ADCS Contributors to Security Problems – Magnetic retention - ERASE file doesn’t actually erase/overwrite the file, others may access it – Combination of duties - most PC application designed for user to perform all task/steps, may lead to malicious act e.g. can delete files etc CS262/0602/V2 Chapter 8 - 10 ADCS Security Measures • Although the list of vulnerabilities is long and varied, the issues involved fall into four major classes: – User responsibility – Improper procedures for use – Hardware concerns – Software concerns CS262/0602/V2 Chapter 8 - 11 ADCS Security Measures • Why PC is more vulnerable than mainframe: – No dedicated h/w protection – Lack of physical security – No audit protections – Users less aware of security – Lack of user training – PC s/w is less reliable CS262/0602/V2 Chapter 8 - 12 ADCS Security Measures • User Awareness of Responsibilities – Computer users must understand the vulnerabilities of computers. – Awareness can be developed from: • Reading • User awareness programmes • High-level assessment of the risk of computing • Unpleasant and costly experience CS262/0602/V2 Chapter 8 - 13 ADCS Security Measures • Procedures for Use – Vulnerabilities can be controlled by administrative procedures. – Sensible policies can reduce the risk associated. – Policy could include statements on: • Unattended machines • Care of media • Backups • The environment • Separation of duties CS262/0602/V2 Chapter 8 - 14 ADCS Security Measures • Procedures to improve PC security: – Do not leave PCs unattended if they contain sensitive information or are running sensitive computations – Do not leave printers unattended if they are printing sensitive output especially if it’s located in public place – Secure media as carefully as you would the equivalent confidential reports - locked up diskette and PC, turn off PC to clear volatile memory, label the disk etc CS262/0602/V2 Chapter 8 - 15 ADCS Security Measures – Do not allow eating or drinking, or smoking in any room containing a PC – Treat media with care - keep away from magnetic field – Perform periodic backups – Practice separation of authority no one person has authority to affect sensitive data e.g. 2 accounting system on 2 systems, by 2 people so that figures must balance between the 2 systems CS262/0602/V2 Chapter 8 - 16 ADCS Security Measures • Hardware Controls – Hardware controls are not effective for PCs as compared to mainframes. – PCs have no privileged mode for hardware executive or memory protection. – Some controls that depend on hardware are: • Secure the equipment through bolting/screw the PC on the desk • Consider add-on hardware access control devices such as smart card CS262/0602/V2 Chapter 8 - 17 ADCS Security Measures • Software Controls – Common software vulnerabilities include: • The lack of audit trail. • The use of software from entrusted sources - source of virus • Poor documentation - no proper guideline, lead to mistake • The lack of operating system controls, such as reuse of file space or access control - lead to sensitive data exposure to other users CS262/0602/V2 Chapter 8 - 18 ADCS Security Measures • Notes: audit trails – A chronological record of computer activity automatically maintained to trace all use of computer – For security purpose, it’s preferable that the record be maintained by the OS CS262/0602/V2 Chapter 8 - 19 ADCS Security Measures – Protection against software vulnerabilities: • Use all software with full understanding of its potential threats e.g. communication s/w can leak information, program compute incorrect answer, s/w can destroy files • Don’t use software from dubious sources - s/w from large, reliable manufacturers less likely to exhibit problems, don’t access s/w from bulletin board • Note: Dubious - not clear or obvious; questionable; doubtful CS262/0602/V2 Chapter 8 - 20 ADCS Security Measures • Be suspicious of all results many application developed by nonprogrammers, they don’t follow SE practices (design, methods, thorough testing), therefore data might be incorrect or may corrupt data from other sources • Maintain periodic complete backups of all system resources. CS262/0602/V2 Chapter 8 - 21 ADCS Protection for File • Essentially, there are four types of protection applicable to PC files: – Access controls - provide by s/w – User-invoked encryption – Copy right protection - limits someone ability to copy a file – No protection - control the environment CS262/0602/V2 Chapter 8 - 22 ADCS Protection for File • Access Controls – Provided either as a part of the operating system or as auxiliary packages. – Most PC operating systems do not provide access controls to files any user can access any file – Where these controls are available, people do not use them, this negligence results from environment and ease of use of PC CS262/0602/V2 Chapter 8 - 23 ADCS Protection for File • User-invoked Encryption – Any user can perform encryption; no complicated or expensive mechanism is required. – This technique provides protection against casual observers and for sensitive applications. CS262/0602/V2 Chapter 8 - 24 ADCS Protection for File • Copy Right Protection – There are essentially three ways to prevent a file from being copied: • One can depend solely on software. • One can use a combination of software and hardware device. • One can use hardware alone. CS262/0602/V2 Chapter 8 - 25 ADCS Protection for File • Software Techniques – Uses software magnetic media design to hide certain control features - s/w can only be run if the magnetic media is present when executing program – A program check sum is created to prevent modification e.g. use hash function to verify the s/w serial number CS262/0602/V2 Chapter 8 - 26 ADCS Protection for File • Software and Hardware Combinations – A hard token called key is used together with the software package in order for the program to run - Dongle (h/w attached to serial port) to prevent unauthorised duplicate, s/w will not operate without the key (e.g. server key) – Such feature is commonly used for expensive PC software such as CAD/CAM software. CS262/0602/V2 Chapter 8 - 27 ADCS Protection for File • Hardware Techniques – This method uses translating the program code into a micro chip. – The micro chip is then plugged into the PC and run during power-up. – Such method is commonly used for time-sensitive applications where performance is the key concern. – For example; Simple automated gate control system. • No Protection – Provide no protection at all. – However, this is freely acceptable by the public domain users – e.g. shareware - no control at all CS262/0602/V2 Chapter 8 - 28 ADCS Security Modems • Security for a single user communicating with a computer via a modem • Modem – allows anyone to call the computer • Protections: – – – – Call-back or dial-back modems Password modems Encryption modems Silent modems CS262/0602/V2 Chapter 8 - 29 ADCS Security Modems • Call-back or dial-back modems – Attached to computer – User call the computer and enter login ID – Modem then hangs up, figures out the telephone number of office or home where the authorised owner of login ID should be, then calls the number – Only then the user can log into the system CS262/0602/V2 Chapter 8 - 30 ADCS Security Modems • Password modems – User must enter a password before the modem will connect the user to the computer • Encryption modems – All information encrypted as it’s sent – Protection against wiretapping and from unauthorised users – Used in pair at both sender and receiver ends CS262/0602/V2 Chapter 8 - 31 ADCS Security Modems • Silent modems – The modem won’t signal that the connection has been made until the login process is begun – It is intended to keep crackers doing random dialling from knowing that they have found a computer CS262/0602/V2 Chapter 8 - 32 Communication Media ADCS • Wire pair and Coaxial cable: – Passive wiretapping is just listening - intercepting the communication without damaging the cable – Active wiretapping is injecting something into the communication line by cutting the jacket onto a wire – Wiretapping can be achieved at junction boxes or place where cable is exposed to public. – Other security concerns include wire interference that causes communication malfunction. CS262/0602/V2 Chapter 8 - 33 ADCS Communication Media • Microwave and Satellite: – In both cases, the signals are available in air. – Any one with appropriate equipment can retrieve information from open air signals. • Optical Fiber: – The connectors used is the most vulnerable point for most fiber optic connections. – Light signals can be reflected into multiple directions if the connection is not made properly. – Offers the best security compared to other media. CS262/0602/V2 Chapter 8 - 34 ADCS Network Security Issues • Users of computer networks have the same expectations as users of conventional computer systems: – – – – Delivery of accurate messages Delivery only to intended recipient Protection from loss Modification or observation of messages in transit – Reliable services • Several inherent security problems in networks include: – Share resources – Complexity of networking systems CS262/0602/V2 Chapter 8 - 35 ADCS Encryption in Networks • Encryption is a very powerful tool for providing privacy, authenticity, integrity and limited access to data. • Networks often secure data using encryption in combination with other controls. CS262/0602/V2 Chapter 8 - 36 ADCS • Link Encryption: – Provides encryption feature between two computer systems through a line. – Data is encrypted just before system place it on communication link (layer 1 and 2 – OSI model) – But message is plaintext inside the hosts – If the intermediate hosts are compromised – all message passing thru them are exposed – Commonly used to secure leased circuit between two companies provided their hosts are secure – Provides node authentication. CS262/0602/V2 Chapter 8 - 37 ADCS – Advantage :• Require only one key per host pair • Encryption is invisible to user – Disadvantage :• Inflexible hardware implementation • Data is not secure at sender, receiver and intermediate node. CS262/0602/V2 Chapter 8 - 38 ADCS Encrypted message CS262/0602/V2 Chapter 8 - 39 ADCS • End-to-end Encryption: – Provides security from one end of the transmission to another. – Usually done using software, therefore it is more flexible compared to other (layer 6 or 7 of OSI model) – Precedes all routing and transmission processing of the layer, the message is transmitted in encrypted form throughout the n/w – Messages sent through hosts are protected – Commonly applied to user connection to host. – Provides user authentication. CS262/0602/V2 Chapter 8 - 40 ADCS – Advantage :• Flexible software implementation • Message is encrypted in the intermediate nodes – Disadvantage :• Require one key per user pair • Encryption is apply by user CS262/0602/V2 Chapter 8 - 41 ADCS CS262/0602/V2 Chapter 8 - 42 ADCS Network Access Controls • Is concerned about protection of data within the network. • Similar to access control for computer system, but network access controls have several unique features. CS262/0602/V2 Chapter 8 - 43 ADCS Network Access Controls • Port Control: – A serious vulnerability to a network is dial-in port access. – User authentication is difficult when user dials in from a telephone. – Port protection is accomplished by several administrative and hardware techniques. CS262/0602/V2 Chapter 8 - 44 ADCS Network Access Controls • Automatic call-back: – Provide authentication to ensure that caller is the correct person for the connection. – Call forwarding feature must be implemented with careful network configuration controls. – Provide table of telephone number for authorised users (must be well protected against modification) – e.g. a user can call at 3 different location (different tel. No) provided that the user gives all 3 tel. No to the computer as legitimate no. CS262/0602/V2 Chapter 8 - 45 ADCS Network Access Controls – e.g. Callback features in Windows 2000 Server: • The Remote Access Service (RAS) server calls the remote access client after the user credentials have been verified • The server calls the caller back during the connection establishment at a telephone number set by the administrator • Other than for authentication, it can save the caller telephone charges as well CS262/0602/V2 Chapter 8 - 46 ADCS Network Access Controls • Differentiated access rights: – Sensitive data can be protected by limiting the places from which access is allowed – Access to sensitive data objects must be from direct connection (secure place e.g. office) and not thru another n/w host – Useful for sale representative: • Can transfer non sensitive data from outside • Can only access data (sales projections, pricing structure) at office CS262/0602/V2 Chapter 8 - 47 ADCS Network Access Controls • Node authentication: – Process of network nodes convincing other nodes that it is authentic. – Protocols involving encryption are used to verify the identity of nodes by using secret key and public key – E.g. SSL protocol verifies both the client and server nodes before the communication takes place CS262/0602/V2 Chapter 8 - 48 ADCS Network Firewall • A firewall is a system or group of systems that enforces an access control policy between two networks. • It filters all traffics between a protected (inside) n/w and a less trustworthy (outside) n/w • The purpose is to keep “bad” things outside a protected environment CS262/0602/V2 Chapter 8 - 49 ADCS Network Without A Firewall Internet Private Network CS262/0602/V2 Chapter 8 - 50 ADCS CS262/0602/V2 Chapter 8 - 51 ADCS Network Firewall • The firewall can be thought of as a pair of mechanisms. • One which exists: – To block traffic - prevent access from outside – To permit traffic - allow traffic to pass from inside to outside ( one way traffic) • It implements an access policy. CS262/0602/V2 Chapter 8 - 52 ADCS Network Firewall • Purpose of firewall – To allow the organisation to do business transaction over Internet. – Also to protect the sensitive or proprietary data. – To keep hackers out of the network. – Act as corporate “ambassador” to Internet e.g. to do promotion – Used to store public information on products and services, files to download etc. – As a check point through which all traffic must pass. CS262/0602/V2 Chapter 8 - 53 ADCS Network Firewall • Services provided by firewall – Some firewall permit only Email traffic through them. Thereby protecting the n/w against any attacks – Protect against unauthenticated logins from the “outside” world, to prevent vandals from logging into machines on the n/w – Provide single check point where security and audit can be imposed. CS262/0602/V2 Chapter 8 - 54 ADCS Network Firewall • The four common firewall implementations are: – Packet filtering – Single-Homed Bastion host – Dual-Homed Bastion host – Screened subnet with DMZ CS262/0602/V2 Chapter 8 - 55 ADCS Network Firewall • The Packet-Filtering Firewall – It is the simplest among other four models. – It is inexpensive. – It analyzes network header fields and get the IP addresses and Port numbers (UDP or TCP) of the incoming packet. – It can filter unwanted traffics. CS262/0602/V2 Chapter 8 - 56 ADCS Network Firewall • The Packet-Filtering Firewall – The drawback are: • It needs a good technical expertise. • It solely depends on single device • It doesn’t hide internal network IP addresses • Poor monitoring and logging capabilities • Once router compromised, then no security for internal network CS262/0602/V2 Chapter 8 - 57 ADCS Packet Filtering InterNet Routes or blocks packets, as determined by site's security policy. Screening Router Internal Network CS262/0602/V2 Chapter 8 - 58 ADCS Network Firewall Single-Homed Bastion • One computer acts as the firewall and the network interface • Information coming from an external network first goes to the bastion, then it will be forwarded to the company’s network. • Packet filtering router is configured to forward all the incoming information to the bastion host • Bastion provides application filtering. It can be configured to disallow file downloading, if the company policy prohibits downloading. CS262/0602/V2 Chapter 8 - 59 ADCS Network Firewall Single-Homed Bastion • Can hide internal network configuration using NAT (Network Address Translation) • The disadvantages are – Increased cost and reduced performance – If router’s access list is compromised the whole network can be accessed – The security of internal network solely depends on the router CS262/0602/V2 Chapter 8 - 60 ADCS Screened Host Gateway Single-Homed Bastion Bastion Host Permitted Blocked Internet Protected network Router ,w/Packet Screening CS262/0602/V2 Chapter 8 - 61 ADCS Screened Host Gateway Single-Homed Bastion InterNet Firewall Screening Router Bastion Host Internal Network CS262/0602/V2 Chapter 8 - 62 ADCS Network Firewall Dual-Homed Bastion • It uses a computer with two or more NIC (network interface card), with their IP forwarding features disabled. • Software-imposed firewall help forward valid packets between subnets e.g. can check for Telnet, Rlogin, FTP, HTTP/Web or NNTP/Usenet news • It is more secure because it creates a complete physical break between your network and any external network, such as Internet. CS262/0602/V2 Chapter 8 - 63 ADCS Network Firewall Dual-Homed Bastion • Advantages: – Can perform elaborate logging or support user authentication – It doesn’t expose internal IP addresses – Even router is compromised and access list changed to allow IP packets from outside hosts to internal network, packets are blocked by proxy since IP forwarding switched off at kernel level • Disadvantages – If the proxy is compromised, it can be used to gain access to internal network CS262/0602/V2 Chapter 8 - 64 ADCS Dual Homed Gateway Dual-Homed Bastion Proxy Services Bastion Host Protected network Internet Router CS262/0602/V2 Chapter 8 - 65 ADCS Dual Homed Gateway Dual-Homed Bastion Proxy Services InterNet External Host Real Server Firewall Proxy Server Dual homed Host Internal Network Internal Host Proxy Client CS262/0602/V2 Chapter 8 - 66 ADCS Network Firewall Screened-Subnet Firewall with DMZ • It is also known as Demilitarized Zone (DMZ) • It uses bastion host to support the circuit-level and application level gateways while defining DMZ. • The DMZ functions as a small isolated network between the Internet and the internal network. • The DMZ can be used to host publicly accessible internetworking servers, including Web and FTP servers, Mail servers or front-ends for E-commerce CS262/0602/V2 Chapter 8 - 67 ADCS Network Firewall Screened-Subnet Firewall with DMZ • Advantages: – Internal network is invisible to internet and it cannot construct direct routes to the internet CS262/0602/V2 Chapter 8 - 68 ADCS De-Militarized Zone Architecture CS262/0602/V2 Chapter 8 - 69 ADCS De-Militarized Zone Architecture CS262/0602/V2 Chapter 8 - 70 ADCS De-Militarized Zone Architecture Firewall InterNet Exterior Router Bastion Host Internal Network Perimeter Network Interior Router Choke Router CS262/0602/V2 Chapter 8 - 71 ADCS Network Firewall • Firewall Drawbacks – Cannot protect attacks that don’t go through firewall – Cannot protect against data driven attack – attacks in which something is mailed or copied to an internal host where it is then executed e.g. firewall couldn’t protect virus attack. CS262/0602/V2 Chapter 8 - 72 ADCS Traffic Controls • Interceptors can tap all blocks of message passing through network. • Can also determine who is communicating frequently with whom. • Several techniques are done to prevent interceptors from listening to active traffic, such as: • Pad Traffic • Routing control CS262/0602/V2 Chapter 8 - 73 ADCS Traffic Controls • Pad Traffic – Deters a listener monitoring messages from active links. – Network generates spurious (noise) messages to all computer links to confuse the listener – The noise will distorts the information in the covert channel – The intended host must be able to recognize the messages as false messages so that they will not interfere with communication with legitimate users CS262/0602/V2 Chapter 8 - 74 ADCS Traffic Controls • Routing Control – Routing control through specific filter technology that allows particular network address passing through the gateway: • Redirect messages – reroute messages from A-C to go thru B and ultimately to C. In this case A-B (meaningful message) and B-C (no value message) • Periodically misroute messages – changing an A-B message into an A-C message. B will experience missing message CS262/0602/V2 Chapter 8 - 75 ADCS Traffic Controls • Periodically delay a message – to destroy the synchronization between A-C. Effective if channels depends on the timing of message – Note: Gateway – a device (has processor and main memory) that operates at transport level and above of OSI model to connect more than 2 dissimilar n/w CS262/0602/V2 Chapter 8 - 76
