* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Internet Security
Post-quantum cryptography wikipedia , lookup
Web of trust wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Cross-site scripting wikipedia , lookup
Access control wikipedia , lookup
Proxy server wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Security-focused operating system wikipedia , lookup
Computer security wikipedia , lookup
Denial-of-service attack wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Wireless security wikipedia , lookup
Authentication wikipedia , lookup
Mobile security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Internet Security ECT 582 Robin Burke Outline Homework #5 Host security Firewalls IPsec / VPN Homework #5 solution Host security Every Internet host is vulnerable to attack Network port is a front door to the whole world How to make hosts more secure? attacks defenses Attacks on Hosts DoS flood host with requests to tie up resources Authentication breach attack authentication system to gain access Application vulnerability attack application program to inject foreign code Virus/Trojan Horse attack OS with a malicious program (malware) Social Engineering attack organization to obtain authentication or other information Denial of Service Attacks take different forms bogus requests abuse of Internet protocols Characteristics sudden change in system load services unavailable or very slow • may cause system crash particular hosts targeted Defenses Turn off unused services if bogus packets never received, fewer resources used Request throttling only accept requests at a certain rate • prevent server overload, but may hamper legitimate users Request filtering only allow requests from certain hosts allow a fixed number of requests from a given host in a certain period • doesn't work against distributed attack Most other approaches applied elsewhere in network Authentication breach Characteristics attacker tries to get access by masquerading as legitimate user Needs user id and password brute-force attack sniffing attack cracking attack Authentication: brute force Execution user ids typically easy to find (email address, user directory on web) attempt all passwords Defense request throttling lock-out • stop allowing authentication after n failed trials • can create denial of service Authentication: sniffing Execution copy all network traffic look for packets with authentication information Defense use protocols in which authentication information is encrypted • FTPS instead of FTP • SSH instead of telnet • HTTPS instead of HTTP Authentication: cracking Execution steal copy of encrypted password file attempt to decrypt passwords Defense access control measures to prevent access to password files • vary by system good passwords • more than 8 characters • combinations of numeric and non-alphanumeric, upper- and lower-case Application attack Characteristics application bug is exploited • often buffer overflow inject attacker's code into system • code executes with application privileges can be used to launch additional attacks • classic "worm" behavior Needs knowledge of application needs to know OS Often downloadable tools can be used Application attack cont'd Defenses attention to software security patches subscribe to CERT mailing list investigate vendor's coding practices incorporate security into development methodology examine application logs for unexpected activities Malware Characteristics user deceived into executing malicious code • Many avenues: ActiveX controls, binary email attachments, web scripts Many tools exist to create Worm behavior possible • email replication Malware, cont'd Defenses anti-virus software • signatures must be updated regularly email scanning • server-based best application settings • IE scripting • MS Office macros • very problematic user education better solution • less vulnerable applications / OSes • finer grainer control Social Engineering Scenario Call up individual in company (typically a secretary or switchboard person) Alice Ask for name of tech support person (Bob) Calls 2nd secretary Eve, claiming to work for Bob. Tell Eve to reset her account password to the one he will give her. Eve complies and now hacker has account access Result 2 phone calls = security hole Social Engineering, cont'd Characteristics very easy to do • Kevin Mitnick's favorite method many kinds of information are sensitive • names, job descriptions, hardware/software configuration Defense need to know • don't give information to everyone • what they don't know, they can't reveal security policies • "Let me call you back." user education Problematic fact Many avenues for host security to be compromised simple user error is enough a large organization will have many hosts Sun Tzu on firewalls "If [the enemy] sends reinforcements everywhere, he will everywhere be weak" -- The Art of War Translation enforcing perfect host security everywhere is impossible Solution force the confrontation to take place at a single known location concentrate defense at that point Firewall A dedicated gateway machine with special security precautions on it, used to service outside network, especially Internet connections and dial-in lines. The idea is to protect a cluster of more loosely administered machines hidden behind it... --- FOLDOC Firewalls Idea Build security measures into a single host Force all inbound and outbound Internet traffic to pass through Enables establishing a single security policy that all machines share machines behind the firewall have some protection firewall machine can be specially configured Firewall policies Both in-bound and out-bound what the outside world can do what local users can do Applications which applications are accessible • boils down to port numbers Hosts which hosts are accessible Users which users have access Firewall features Minimal Better port blocking host blocking configurable logging user authentication / blocking Best stateful inspection • track the progress of individual sessions • allow only legal actions Other features Often implemented at the firewall NAT network address translation internal machines can "illegal" IP addresses • can't be reached by routing firewall pretends to originate requests VPN virtual private network encrypted traffic between firewall and external host host authenticates and then is "inside" the firewall Limitations Firewall only defends the connection it is on dial-in not protected wireless LAN not protected walking out with a CD-ROM, etc. Firewall can't protect against malware Firewalls can't protect against malicious insiders Firewalls must be carefully configured and closely monitored Firewalls can lead to a false sense of security Firewall types Packet-filtering Application-level gateway Circuit-level gateway Packet-filtering Firewall inspects packets and filters according to a policy usually host- and port-based Circuit-level gateway Firewall decides whether to allow connection Then just passes packets along Application-level gateway Firewall is a proxy for all interactions TCP/IP Packet Internet communication is done through packets A packet is a fixed-size set of bytes with a specific format A typical TCP/IP packet contains: Source IP, Source Port, Destination IP, Destination Port Payload • message part Packet routing Email Port Port Browser File My Computer IP address: 140.192.32.123 Web Server Email Server Internet FTP Server Remote Computer IP Address: 207.46.249.27 Packet-Filtering Router A router applies a set of rules to each IP packet and forward or discards the packet The filter is typically set up as a list of rules based on matches to fields in the IP or TCP header The fields are source/destination IP address, port number, etc. If there is a match to one of the rules, that rules is invoked to determine whether to forward or discard the packet If there is no match, the a default action is taken • Default discard policy • Default forward policy Example Action Ourhost Port Theirhost Port comment Block * * * * Default Action Ourhost Port Theirhost Port comment Block * * 207.46.29.27 * We don't trust this host Allow 140.192.32.1 25 * * Connection to our SMTP port Action Ourhost Port Theirhost Port comment Allow 140.192.*.* * * 25 Connection to their SMTP port Windows Firewall Note this is a software firewall not a dedicated firewall machine Outbound policies Typically less restrictive than in-bound But – good citizenship make it more difficult for hackers A packet filter can reject outbound packets with illegal IP addresses could not have been legally generated inside the network Example 140.192.*.* are DePaul IP addresses if an outbound packet has a source address of 207.34.102.2 • it is probably forged Characteristics Pluses Packet-filtering routers are simple, transparent to users, and fast Minuses The router cannot prevent attacks that employ application-specific vulnerabilities or functions The logging functionality in the router is limited Most routers do not support advanced user authentication schemes The router is vulnerable to attacks and exploits that take advantage of flaws in TCP/IP The routers are susceptible to security breaches caused by improper configurations Circuit-Level Gateway It does not permit end-to-end TCP connection It can be a stand-alone system Or, it can be a specialized function performed by an application-level gateway for certain application It sets up two TCP connections One TCP connection between inner host to the gateway Another TCP connection between the gateway to outside host It relays TCP segment from one connections to the other without examining the contents Characteristics Pluses Each established connection can be logged Can protect against some DoS attacks Minuses May slow establishment of TCP connections Does not protect against attack to legal services • buffer overflow Application-level gateway Also "proxy server" The firewall relays application-level traffic external host contacts gateway gateway contacts internal host If the gateway does not support a specific application the service cannot be forwarded across the firewall Characteristics Pluses every operation can be inspected and logged user authentication can be done at the gateway identity of internal system is hidden Minuses slowest firewall hardest to configure costliest Asymmetric gateway Application-level gateway on inbound connections Circuit-level gateway on outbound connections internal users implicitly trusted lower overhead Bastion host From firewall definition "dedicated gateway machine" "special security precautions" Precondition for gateway firewalls need a computer to perform gateway operations but this computer is the first thing hackers will attack Host Secure operating system OpenBSD Minimal services installed Very restrictive authentication one-time passwords Often some type of write-once logging CD-ROM, uni-directional tape Proxy software Specialized proxy software for each service being gatewayed Relay only to specific internal hosts Each proxy process runs without disk access except for startup Each proxy process runs with minimal system privileges Each proxy process maintains detailed logs Example firewalls singled-homed screened host dual-homed screen host screened-subnet Single-homed screened host Router allows inbound IP packets only to bastion host, and outbound IP packets from bastion host Bastion host performs authentication and proxy functions Dual-homed screen host Bastion host has two network addresses one internal, one external If router is compromised, firewall host still protects internal network Screened-subnet Internal network is completely separate Internal network is invisible to Internet Tunneling Restrictive firewall is good for security bad for availability users cannot work from home Firewall F Host B X Host A Please access service S on Host B Denied. Local users only! internal service S Tunneling cont'd Tunnel encrypts original packet and creates a new packet source = tunnel entrance destination = tunnel exit Tunnel exit decrypts payload and insert packet into local network as if packet had originated locally Firewall Please deliver contents to tunnel at Host F Host A Please access service S on Host B Tunnel Host B Tunnel Please access service S on Host B internal service S Please access service S on Host B IPsec Goals authenticate packet origins provide integrity for packet contents encrypt packets tunnel packets IPsec, cont'd Two protocols Authentication Header Protocol authentication + integrity Packet Encryption Protocol authentication + integrity + confidentiality Authentication Header Protocol source IP cannot be spoofed depends on secret key agreement based on public key certificates message contents cannot be modified secure hash of payload is computed by sender verified by receiver Packet Encryption Protocol Use AHP and Symmetric encryption of packet payload Diffie-Helman key agreement is part of protocol Security association Endpoints of tunnel must agree on protocol type cryptographic algorithms keys duration of key Each packet contains an identifier labeling the particular security association used for that packet VPN Establish a tunnel between remote user (or site) local firewall Requires availability of IPsec installing VPN software on each remote client VPN server at firewall, called the gateway public key certificate for gateway VPN, cont'd Users access Internet normally (dial-up, DSL, etc.) then turn on VPN VPN has authentication procedure User's machine becomes part of the internal network • inside the firewall VPN, cont'd Need good authentication of users because once authenticated, machine becomes virtually local "trusted" Tunnel is reasonably secure IPsec cryptographic hash protects against modification DH key exchange provides mechanism to share secret keys secret key exchange prevents session hijacking server public key certificate protects against man-inthe-middle Next week Web application security online reading