Download IP security - WordPress.com

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

VS/9 wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript
Virtual LAN
Virtual Local Area Network
• It is defined in IEEE 802.1q standard Technology.
• It is the method of using a single switch and
dividing the multiple broadcast doming or
multiple network segment.
Port based VLAN’S
• In this technology for the VLAN single Switch is used and VLAN is
assigned to the port.
• All the traffic will arrive at the port which is assign to the VLAN
then it will reach to the host.
Switch
MAC based VLAN’S
MAC Address ?
Media Access Control Address
• MAC is a unique value associated with a network adaptor.
• MAC is also known as Hardware address adaptor.
mm:mm:mm:ss:ss:ss
• First half address contains ID no. of the adaptor
manufacturer.
• Second half address represent the serial no. assigned by
manufacturer.
• If MAC address is 00:A0:C9:14:C8:20
Manufacturer is Intel Corporation
Serial number of the adaptor
IP security
• IT is the set of protocols developed by the
IETF (Internet Engineering Task Force).
• IP security supports secure exchange of packets at the
IP layer.
• It provides secure communication through public network.
Security to IP Addressess + data
IP security
What is the need of IP Security?
Most serious types of Attacks,
• Spoofing- (IP Spoofing by intruders with fake IP)
• Readout the message i.e. confidentiality will be lost,
• Packet sniffing,
• Hacking,
• Intruders,
• Logon information, reading database contents,
• Unauthorized traffic monitoring,
All these types attacks can be done within the transmission.
IAB (Internet Architecture Board) developed authentication &
encryption as an necessary security in the next generation IP i.e.
IPv4 and IPv6
IP security
What IP Security Provides?
• Provides secure comm. across Private LAN, WAN.
• Provides secure comm. across Internet.
• Provided authentication, confidentiality and a
secure key exchange mechanism.
• It support to encrypt and authenticate all the traffic
at the IP level.
• Provides security to all distributed applications like
Remote Login.
Client server.
E-Mail.
File transfer.
Web access.
IP security
What IP Sec overview
Sender IP sec – Encrypt and Compress all traffic
Receiver IP sec – Decompress and decrypt the data and authenticate traffic
IP sec operates in n/w devices like
Routers , Firewall and Gateways.
IP security
Advantages of IP Sec:
 IP Sec is implement in firewall, router and gateway.
 Provides strong security for all traffic crossing the boundary.
 All the traffic will pass through IP sec or Firewall.
 There is no need to train the users on security mechanism.
 IP sec can be provide security for individual users.
IP security
IP Security Architecture:
Security Policy Database: (SPD)
SPD is used to determine how to handle message / packets.
SPD has 3 legal actions1) Discarding message
2) Applying security services to all the messages.
3) Forward message with no change.
Security Association: (SA)
• Used to enhance the security to channel along with
packets.
• It uses AH (Authentication Header) or
ESP (Encapsulating Security Payload)
IP security
IP Sec
 IP Sec is developed for exchange packets at the network
layer of the OSI model security.
Modes of IP Sec
1) Transport Mode &
2) Tunneling Mode
IP security
Modes of IP Sec
1) Transport Mode
Encryption
• Encrypts the data portion of packets and not IP addresses.
• It protects the data being transmitted but allow to know the transmission.
i.e. protection of packet contents called as content protection.
IP security
2) Tunneling Mode
IP datagram
Encryption
Encrypted datagram
IP H + IPsec H = New IP H
• Encrypts the data portion of packets and source & destination IP addresses.
•Transmission is hidden.
i.e. protection of packet & headers called as context protection.
IP security
IP sec Configuration
1) Host – to - Host
Both the hosts who wants to communicate , agree on the protocols,
that are available and this agreement is referred to as security association.
IP security
2) Host using Gateway
• In this two security devices (i.e. gateways) are used.
• Gateways are relieving the hosts the calculation & encapsulation duties.
• The security association will have between to gateways.
• No IP sec is performed between Host & Gateway.
• Gateways with the tunnel across the Internet.
IP security
3) Gateway to Gateway & Host to Host
• It is the combination of previous two methods
• In this a separate SA (Security Association) between the Gateway
Devices Additionally SA between Host A & B.
• It will considered a Tunnel inside a Tunnel.
IP sec security
IP Sec Security
IP sec provides two main service protocols
IP Sec
Authentication Header
(AH)
Encapsulating Security Header
(ESP)
IP sec security
1) Authentication Header (AH):
AH can work in two modes :
1) AH Transport mode & 2) AH Tunneling mode.
Transport mode
Tunnel mode
IP sec security
2) Encapsulating Security Payload (ESP):
ESP can work in two modes :
1) ESP Transport mode & 2) ESP Tunneling mode.
Transport mode
Tunnel mode
Virtual Private Network
• A Virtual private Network is network that uses public Internet
to provide secure access to their organizations network.
• VPN is a mechanism it provides encryption, authentication and
integrity Protection, so that the public network can use as Private
Network.
• VPN provides virtual connections, and do not have any physical
presence.
VPN
Virtual Private Network between two Private Network
VPN
Steps :-
Email Security
Security for Email Transmission
• By using Email user can send a text message, pictures,
videos and sounds to other internet user.
• Email has two portions
Email
Contents
Headers
Header lines /keywords
From :
To :
Subject :
Date :
Email Security
Email Protocol SMTP
SMTP
( Simple Mail Transfer Protocol )
• SMTP protocol is used for email transport communication.
• SMPT is “Request / Response “ based protocol.
• Client will send the email message to the Email Server.
• Sender’s SMTP server send email to the receivers SMTP server.
• At the Receiver computer drags the email message from SMTP server using
other email protocols like POP (Post Office Protocol) or IMAP (Internet Mail
Access Protocol).
• POP is used to only retrieve the message.
• IMAP is combination of both i.e. SMTP & POP. It is plain text protocol.
• IMAP is allow to user to send outgoing message.
•IMAP is allows user to create directories.
Email Security
Email Security
PEM
( Privacy Enhanced Mail )
• Privacy Enhanced Mail (PEM) is an Internet Standard
• To provide secure exchange of electronic mail.
• Cryptographic techniques are used,
• To maintain confidentiality and authentication &
message integrity.
Privacy Enhanced Mail (PEM)
Encryption
Non Repudiation
Message Integrity
Email Security
PEM operations
PGP
Email Security
( Pretty Good Privacy)
• It is a popular program used to encrypt & decrypt email over the internet.
• Digital signature is also encrypted.
• Low cost commercial version, used by many corporation.
• Developed by Philip R. Zimmermann in 1991.
• PGP used for Authentication and Confidentiality.
How it works?
1) Authentication
Sender SHA-1 creates 160 bit hash code of message.
Hash code encrypted by senders private key.
Receiver –
Decrypt the received hash code.
Creates hash code by using received message. Compare both hash codes.
2)Confidentiality
Sender –
Generates a message and a random 128 bit number to be used as a session
key for this message only.
Message is encrypted with this session key.
Session key is encrypted with receiver’s public key.
Receiver by using its private key will decrypt it, and get the session key.
By using session key it will decrypt the message.
S/MIME
( Secure Multipurpose Internet Mail Extension)
• It also provides cryptographic security services to email.
• It provides security to exchange multimedia files, various
documents formats.
S/MIME
Functionality
• Similar to PGP
• It also provides digital signature & encryption of email message.
• Cryptographic algorithms used
• 1) DSS – Digital signature standard – for digital signature
•2) Diffi-Hellman – for encrypting the symmetric session keys.
•3) DES- 3 - for symmetric key encryption.
SPAM
• Type of electronic junk mail or unsolicited email.
• It waste greater amount of bandwidth
• waste user time for read and delete.
• Forged addresses
• flooding of email
• email bomb
• most spam for commercial advertisement.
•
•Types
• Cancellable Usenet spam – single message which sent to 20 or
more no. news of groups.
• Can not replay to that spam email, because fake email ID.
• Email Spam- It target individual user with direct mail message.
• refers advt. , money related, to receive bank information and
attacks
•Blocking List – contact to vendor of spam fighting companies.
How its blocking – i.e. criteria
1)
2)
3)
4)
5)
6)
Repetitive sources of addresses
Source IP is having no MX record
Recurring subjects
Recurring source IP addresses
More than one user per message
Invalid message structure
Snail Mail
• It is a term, i.e. sent with the traditional way through
Postal services rather than by email
• Snail mail is very slow. (generally takes 2-3 days.
Questions
1) What is IP Security? Describe authentication Header mode and
ESP mode of IP security.
2) Describe Kerberos with neat diagram.
3) Describe Virtual Private Network.
4) Describe Firewall. List the types of firewall.
5) What is security topology? Describe security zones in detail.
6) How PGP is used for email security.
7) Describe PEM used for email security.
8) Describe DMZ with diagram.
Chapt. No. 5:
SYSTEM SECURITY
Types of Intruders:
 Masquerader
 Misfeasor
 clandestine / Secret user
Intrusion Detection Systems (IDS)
Types:
 Host Based IDS
 Newtwork Based IDS
Password Management
 Vulnerabilities of password
 Password selection strategies
 Components of good passwords
Operating system security:
 Operating system hardening
 Windows operating system
 Unix/Linux based operating system
Updates:
 hot fix
 patch
 service pack
Intruders is the most publicized threats to security.
Types of Intruders:
 Masquerader
 Misfeasor
 clandestine / Secret user
Masquerader:
- An individual (i.e. outsider) (showing as a legal user)
- Not authorized user
- who enters in the systems & get the access controls of a legal
users account.
Misfeasor:
- authorized user (i.e. insider)
- who access data for those who are not authorized (for outsider)
- misuse of his privilege.
clandestine / Secret user :
- an individual (insider / outsider)
- who used managerial control to avoid auditing and
access controls.
Intrusion Detection Systems (IDS)
• It is the process of monitoring the events occurring in a computer system or
network .
• And analyzing them for signs of possible incidents which are violation or
imminent threats of violations of computer security policies.
• Like a burglar alarm system installed in house.
• IDS system will issue some type of warning alarm or alert.
• An operator will tag the events and send it to for investigation.
• By the incident handling team will analyze.
• It watches the surrounding activity and tries to identify undesirable activities.
• Main purpose of IDS is to identify suspicious or malicious activity.
Types of IDS:
Host Based IDS :
 Host Based IDS
 Network Based IDS
- Examine activity on individual system.
- Like email server, web server and individual PC.
- does not monitor the activities on the network.
Network Based IDS :
- Examines activity on the network itself.
- Monitor only network activities (traffic)
- it has no idea of what happening on individual system.
Components of IDS
Components of IDS
• Traffic collector
• Analysis engine
• Signature database
• User interface & reporting
Host Based IDS : It checks Log files, audit trails and network traffic
coming to individual host.
HIDS is looking certain activities
1)
2)
3)
4)
5)
6)
7)
Logins at odd hours.
Login authentication failure.
Adding new user account.
Modifications
Removal of files.
Starting or stopping processes.
Use of certain programs.
Advantages of HIDS
1) It is very specific operating system.
2) It examine data after decryption.
3) Can be used for specific applications also
Disadvantages of HIDS:
1) IDS must have a process on every system you
want to watch.
2) High cost and maintenance
3) IDS uses local system resources.
4) Can not relate to activity around it.
Network Based IDS : - It checks network traffic.
- It analyze the traffic according to protocol.
(Protocols, type, amount, source, destination,
contents)
NIDS is looking certain activities
1)
2)
3)
4)
5)
6)
7)
Denial of service attacks.
Scans ports.
Malicious contents in the data.
Vulnerability scanning
Viruses / worms, Trojan ,
Tunneling.
Brute-force-attack.
Advantages of NIDS
1) It provides IDS coverage to few systems.
2) Maintenance , deployment & upgrade cost is low.
3) NIDS monitors all network traffic & its related
attacks.
Disadvantages of NIDS:
1)
2)
3)
4)
It is ineffective when traffic is encrypted.
It can’t see the traffic that does not cross it.
It must be able to handle high volumes of traffic.
It does not know about activity on the host.
Password Management:
1)
2)
3)
4)
Password security.
Vulnerability of password.
Password selection strategies.
Components of good password.
1) Password security.
1) User ID determines the privileges according to the user.
2) Password required for authentication.
2) Vulnerability of password :
1) don’t use short password.
2) Password should not contain names, birth dates, mobile nos.
.
3) Password Selection strategy :
1) More than 8 characters.
2) combinations of characters, no’s, special char. & Symbols. Etc.
3) change it within 3 to 6 months.
4) Components of good password:
1) user should not choose easy password that hacker can easily
guess it.
2) Combination of A-Z, a-z,0-9, and symbols.
Operating system security:
 Operating system hardening
 Operating system (OS) is the basic software which handles i/p, o/p,
display, memory management, detailed tasks to support the user.
 Microsoft’s OS, windows95, 98, Windows NT, Windows 2000, Mac OS,
LINUX, UNIX, Solaris, Novell’s Networks systems are there.
 The process of securing an operating system is known as operating
system hardening.
 Removing unnecessary applications and Utilities,
 Disabling unnecessary services,
 Setting of appropriate permissions on files,
 Updating the operating system and application code to the latest
version
 Each OS has its own security but some different steps must be taken
to secure OS.
Operating system security:
 Windows operating system
 Unix/Linux based operating system
Windows operating system:
(Windows 2000 or XP operating systems)
1) Disable all unnecessary services:
Main purpose of Windows is to serve Web server, email server, DNS
server, domain/login server etc.
So system will be then disable a service which is not necessary.
2) Restrict permissions on files and access to the registry:
Restrict permissions like read, write, execute certain files.
3) Remove unnecessary programs:
Remove applications which is not required,
It will reduces the chances of an attacker to exploiting the weaknesses.
4) Apply the latest patches and fix :
Upgrade the system to fix the holes in systems.
5) Remove unnecessary accounts & ensure password guidelines:
Unix/Linux based operating system:
 UNIX systems are not completely secure by default, it also needs some
additional security configuration.
 UNIX system is very powerful and flexible system so it is very challenging for
securing.
 Disable unnecessary services, restrict permissions on files and directories,
apply password guidelines, remove unnecessary softwares, apply patches and
remove unnecessary users accounts.
Updates:
hot fix:
 hot fix
 patch
 service pack
• Hot fix is small software updates, & design to address a
particular problem.
• Hot fix discover the problem and fix it quickly.
Patch:
•
•
•
•
Patch is Large software updates.
Design to address several or many software problems.
Patches developed over a longer period of time.
Patches contains additional capabilities and fixes for known
bug.
Service Pack :
• collection of hot fix and patches.
• used to update system up to the latest known rather than
system to download several updates separately.
Questions
1) Explain any four password policies.
2) Describe the following terms
a) hot fix
b) patch
c) service pack
3) What is operating system hardening? Describe general steps for
securing Windows operating system.
4) What is Intrusion Detection System? Describe Host based IDS and
Network base IDS.
Security ? ? ? ? ?
Firewall