Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 5950/6030 Network Security Class 30 (W, 11/9/05) Leszek Lilien Department of Computer Science Western Michigan University Based on Security in Computing.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 5950/6030 Network Security Class 30 (W, 11/9/05) Leszek Lilien Department of Computer Science Western Michigan University Based on Security in Computing."— Presentation transcript:

1 CS 5950/6030 Network Security Class 30 (W, 11/9/05) Leszek Lilien Department of Computer Science Western Michigan University Based on Security in Computing. Third Edition by Pfleeger and Pfleeger. Using some slides (as indicated) courtesy of: Prof. Aaron Striegel — at U. of Notre Dame Prof. Barbara Endicott-Popovsky and Prof. Deborah Frincke — at U. Washington Prof. Jussipekka Leiwo — at Vrije Universiteit (Free U.), Amsterdam, The Netherlands Slides not created by the above authors are © by Leszek T. Lilien, 2005 Requests to use original slides for non-profit purposes will be gladly granted upon a written request.

2 2 7. Security in Networks... 7.2. Threats in Networks a)Introduction b) Network vulnerabilities c) Who attacks networks? d) Threat precursors e) Threats in transit: eavesdropping and wiretapping f) Protocol flaws g) Types of attacks 1) Impersonation 2) Spoofing 3) Message confidentiality threats4) Message integrity threats 5) Web site attacks 6) Denial of service 7) Distributed denial of service 8) Threats to/by active or mobile code—PART 1 8) Threats to/by active or mobile code—PART 2 9) Scripted and complex attacks h)Summary of network vulnerabilities 7.3. Networks Security Controls a)Introduction b)Security threat analysis c)Impact of network architecture/design and implementation on security—PART 1 Class 29 © by Leszek T. Lilien, 2005

3 3 Threats to/by active or mobile code (6) 2) Script – resides on server S; when executed on S upon command of client C, allows C to invoke services on S  Legitimate interaction of browser (run on C) w/ script (run by script interpreter on S)  On C:  Browser organizes user input into script params  Browser sends string with script name + script params to S (e.g., http://eStore.com/custID=97&part=5A&qy=2&...)  On S:  Named script is executed by script interpreter using provided params, invoking services called by script  Attacker can intercept interaction of browser w/ script  Attacker studies interaction to learn about it  Once browser & script behavior is understood, attacker can handcraft string sent fr. browser to script interpreter  Falsifies script names/parameters  Cf. incomplete mediation example with false price © by Leszek T. Lilien, 2005

4 4 Threats to/by active or mobile code (10) 3) Active code (Recall: code pushed by S to C for execution on C) As demand on server S’s computing power grows, S uses client C’s computing power  S downloads code to C (for execution on C), C executes it Two main kinds of active code: (a) Java code (Sun Microsystems) (b) ActiveX controls (Microsoft) (a)Java code... (b) ActiveX controls © by Leszek T. Lilien, 2005

5 5 Threats to/by active or mobile code (15) 4) Automatic execution by type = automatic invocation of file processing program implied by file type Two kinds of auto exec by type: (a) File type implied by file extension  e.g., MS Word automatically invoked for file.doc (happens also in other cases, e.g., for ActiveX controls) (b) File type implied by embedded type  File type is specified within the file  Example:  File named „class28” without extension has embedded info that its type is „pdf”  Double-clicking on class28 invokes Adobe Acrobat Reader Both kinds of auto exec by type are BIG security risks! © by Leszek T. Lilien, 2005

6 6 7.3. Networks Security Controls  Outline a)Introduction b)Security threat analysis c)Impact of network architecture/design and implementation on security—PART 1... © by Leszek T. Lilien, 2005

7 7 c. Impact of network architecture/ design & implement. on security (1)  Security principles for good analysis, design, implementation, and maintenance (as discussed in sections on Pgm Security and OS Security) apply to networks  Architecture can improve security by: 1) Segmentation 2) Redundancy 3) Single points of failure 4) Other means © by Leszek T. Lilien, 2005

8 8 Class 29 Ended Here © by Leszek T. Lilien, 2005

9 9 7. Security in Networks... 7.2. Threats in Networks... g) Types of attacks... g-8) Threats to active or mobile code—PART 2 g-9) Scripted and complex attacks h)Summary of network vulnerabilities 7.3. Networks Security Controls a)Introduction b)Security threat analysis c)Impact of network architecture/design and implementation on security—PART 1 c)Impact of network architecture/design and implementation on security—PART 2 d)Encryption i.Link encryption vs. end-to-end (e2e) encryption ii.Virtual private network (VPN) iii.PKI and certificates —PART 1 Class 29 © by Leszek T. Lilien, 2005 Class 30

10 10 Impact of network architecture/ design & implement. on security (5) 3) Single points of failure (SPF)  Architecture should eliminate SPFs to prevent losing availability due to exploit/failure of a single network entity  Using redundancy is a special case of avoiding SPFs  Network designers must analyze network to eliminate all SPFs  Example of avoiding SPF (without using redundancy)  Distribute 20 pieces of database on 20 different hosts (so called partitioned database)  Even if one host fails, 95% of database contents (19/20=95%) still available  Elimination of SPFs (whether using redundancy or not) adds cost © by Leszek T. Lilien, 2005

11 11 Impact of network architecture/ design & implement. on security (6) 4) Other architectural means for improving security  Will be mentioned below as we discuss more network security controls © by Leszek T. Lilien, 2005

12 12 d. Encryption  Arguably most important/versatile tool for network security  We have seen that it can be used for:  Confidentiality/Privacy  Authentication  Integrity  Limiting data access  Kinds of encryption in networks: i.Link encryption vs. end-to-end (e2e) encryption ii.Virtual private network (VPN) iii.PKI and certificates iv.SSH protocol v.SSL protocol (a.k.a. TLS protocol) vi.IPsec protocol suite vii.Signed code viii.Encrypted e-mail © by Leszek T. Lilien, 2005

13 13 (i) Link vs. end-to-end encryption (1) 1)Link encryption = between 2 hosts  Data encrypted just before they are placed on physical communication links  At OSI Layer 1 (or, perhaps, Layer 2)  Fig. 7-21, p. 431  Properties of link encryption (cf. Fig. 7-21)  Msgs/pkts unprotected inside S’s/R’s host  I.e., unprotected at OSI layers 2-7 of S’s/R’s host (in plaintext)  Packets protected in transit between all hosts  Pkts unprotected inside intermediate hosts  I.e., unprotected at OSI layers 2-3 of interm. hosts => unprotected at data link and network layers at intermediate hosts (if link encryption at Layer 1)  Layers 2-3 provide addressing and routing © by Leszek T. Lilien, 2005

14 14 Link vs. end-to-end encryption (2)  Link encryption is transparent (invisible) to users, their applications, and their OSs  Encryption service provided by physical (or data) layer  Can use encryption h/w (link encryption device)  Message under link encryption  Fig. 7-22, p. 432  See which portions encrypted, which exposed  Only part of data link header & trailer created after encryption is exposed  Link encryption is useful when transmission line is most vulnerable in a network  I.e., when S’s host, intermediate hosts, R’s host are reasonably secure (so msgs/pkts at their Layers 2-7 can be exposed) © by Leszek T. Lilien, 2005

15 15 Link vs. end-to-end encryption (3) 2) End-to-end encryption = between 2 user applications  Data encrypted as „close” to app as possible  At OSI Layer 7 (or, perhaps, Layer 6)  Fig. 7-23, p. 433  Properties of e2e encryption (cf. Fig. 7-21)  Msgs/pkts protected all the way once they „exit” S’s app & before they enter R’s app  Msgs/pkts protected (in ciphertext) inside S’s/R’s host  Packets protected in transit between S’s & R’s hosts Including protection inside intermediate hosts  I.e., protected at OSI layers 1-3 of interm. hosts Layers 1-3 provide physical connectivity, addressing and routing for packets © by Leszek T. Lilien, 2005

16 16 Link vs. end-to-end encryption (4)  E2e encryption is visible either to users or their apps  Encryption service provided by app or OS Possibly provided only upon explicit user’s request => visible to user  Encryption by s/w  Message under e2e encryption  Fig. 7-24, p. 433  See which portions encrypted, which exposed  Only user’s msg (user’s data) encrypted  All headers & trailers exposed (all created after encryption)  E2e encryption is useful when transmission lines and intemediate hosts are insecure © by Leszek T. Lilien, 2005

17 17 Link vs. end-to-end encryption (5)  Comparison of link vs. e2e encryption  Encryption of msgs/packets (whether link or e2e encryption) is no silver bullet  No guarantees of msg/packet security 1) Link encryption — encrypts all traffic over physical link  Typically host H has one link into network => link encryption encrypts all H’s traffic  Every H —incl. intermediate hosts— receiving traffic via link encryption must have decryption capabilities  Either (pairs of) hosts share symmetric key OR  Hosts use asymmetric keys  All hosts along a path from S to R must provide link encryption to prevent („partial”) packet exposure => usu. link encryption provided on all network links © by Leszek T. Lilien, 2005

18 18 Link vs. end-to-end encryption (6) 2) End-to-end (e2e) encryption — encrypts traffic only between 2 apps („virtual crypto channel between 2 apps”)  Interm. hosts don’t need to decrypt-encrypt pkts => interm. hosts don’t need encryption facilities  All interm. hosts save time/processing  Encrypts only some msgs between 2 apps  If no need to encrypt all msgs => even S’s and R’s hosts save time/processing  If needed, can encrypt all msgs  Using asymmetric keys requires fewer keys than using symmetric keys (n key pairs vs. n*(n-1)/2 keys) © by Leszek T. Lilien, 2005

19 19 Link vs. end-to-end encryption (7)  Comparison conclusions  Link encryption:  Faster  Easier to use  Uses fewer keys (1 K pair per host pair vs. 1 K pair per app pair)  End-to-end (e2e) encryption:  More flexible  More selective (can select only some msgs for encryption)  User-level, can be integrated with app  Optimize whether link or e2e encryption better for you If needed for higher security, use link and e2e encryption together  E.g., user not trusting network link encryption can use app with e2e encryption © by Leszek T. Lilien, 2005

20 20 (ii) Virtual private network (VPN) (1)  Virtual private network (VPN) = connection over public network giving its user impression of being on private network  It could be viewed as „logical link” encryption Could be viewed as e2e encr. between client & server  Protecting remote user’s connection with her network  Greatest risk for remote connection via public network:  Between user’s workstation (client) and perimeter of „home” network (with server)  Firewall protects network against external traffic (more later) Physically Protected Network Perimeter Firewall Internal Server User’s Workstation (Client) © by Leszek T. Lilien, 2005

21 21 Virtual private network (VPN) (2)  Example VPN connection scenario  VPN restricts filters access to „home” server/network  Only „private” accesses allowed => public network access feels like private network 1 – C authenticates to firewall (firewall passes user’s authentic. data to authentic. server [not shown], which decides whether authentication is OK) 2 – Firewall replies with encryption key (after negotiating with C a session encryption key) 3 – C and S communicate via encrypted tunnel Physically Protected Network Perimeter Firewall 1 2 3 Internal Server User’s Workstation (Client) © by Leszek T. Lilien, 2005

22 22 (iii) PKI and certificates (1)  Public key infrastructure (PKI) = enables use of public key cryptography (asymmetric cryptography)  Usually in large & distributed environment  Elements of PKI: 1) Policies (higher level than procedures)  Define rules of operation  E.g., how to handle keys and sensitive info  E.g., how to match control level to risk level 2) Procedures (lower level than policies)  Dictate how keys should be generated, managed, used 3) Products  Implement policies and procedures  Generate, store, manage keys © by Leszek T. Lilien, 2005

23 23 PKI and certificates (2)  PKI services: 1) PKI creates certificates  Certificate binds entity’s identity to entity’s public key  Entity = user or system or applicationor... 2) PKI gives out certificates from its database 3) PKI signs certificates  Adding its credibility to certificate’s authenticity 4) PKI confirms/denies validity of a certificate  When queried about it 5) PKI invalidates certificates  For entities that are no longer certified by PKI OR  For entities whose private key has been exposed © by Leszek T. Lilien, 2005

24 24 End of Class 30 © by Leszek T. Lilien, 2005

Download ppt "CS 5950/6030 Network Security Class 30 (W, 11/9/05) Leszek Lilien Department of Computer Science Western Michigan University Based on Security in Computing."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
CS 5950/6030 Network Security Class 31 (F, 11/11/05) Leszek Lilien Department of Computer Science Western Michigan University Based on Security in Computing.

CS 5950/6030 Network Security Class 31 (F, 11/11/05) Leszek Lilien Department of Computer Science Western Michigan University Based on Security in Computing.
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
7.3 Network Security Controls 1Network Security / G.Steffen.

7.3 Network Security Controls 1Network Security / G.Steffen.

Similar presentations

Ads by Google