Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer security wikipedia , lookup
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer network wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
EE579T / CS525T Network Security 1: Course Overview and Computer Security Review Prof. Richard A. Stanley Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #1 Overview of Tonight’s Class • Administration • Is network security a problem, or just an interesting topic? • What is different between computer security and network security? • Review of computer security Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #2 Administration Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #3 Organizational Details • Prof. Stanley contact information – Office: A-K 316 – Hours: Mon/Tue 5:00-6:00 PM and by appointment – Phone: (508) 276-1060 / (508) 831-5352 – Email: [email protected] Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #4 Administrivia • Class will normally meet 6:00 - 8:50 PM every Tuesday here. Please be on time. • Break from approx. 7:15 to 7:30 PM • If class is cancelled for bad weather, you should receive notice. Double-check with ECE Dept. (5231) or with me if in doubt. • It may be necessary to cancel a class during the term. If so, you will be notified. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #5 Course Text • Network Security Essentials, 2nd Edition William Stallings, Prentice Hall, 1999 ISBN 0-13-016093-8 • Additional material will be in the form of handouts and pointers to research materials Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #6 Course Web Page • http://www.ece.wpi.edu/courses/ee579t/ • Slides will be posted to the page before class, barring any unfortunate problems Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #7 Grading • • • • • Mid-term exam (20%) Homework (10%) Class participation (10%) Final exam (30%) Course project (30%) Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #8 Course Projects Overview • Teams of 2-4 individuals, ~4 preferred • Identify, through research, a meaningful network security problem (reported on as a historical event or one you can hypothesize) • Analyze the problem – Why did it occur? – How could you have prevented or mitigated it? • Prepare report and present to the class Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #9 Policies - 1 • STUDENT CONDUCT: Students are required to adhere to the Student Conduct Policy. • There is a difference between working in teams and submitting the same work. If work is a team product, it must be clearly labeled as such. Plagiarism will not be tolerated. • “Incomplete” grades will not be given unless there is a true emergency, and only by prearrangement Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #10 Policies - 2 • Homework is due at the class following the one in which it is assigned. It will be accepted up to the second class after that in which it is assigned, but not after that, except in truly emergency situations. By definition, emergencies do not occur regularly. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #11 Getting to Know You • Your interests and expertise in this area • My interest and experience in this area • What you would like from the course Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #12 Is Network Security Really an Important Problem? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #13 Network Security: What’s the Big Deal? • • • • Not a new problem Not just a creation of the press Not just for rocket scientists As professionals, failure to understand and implement appropriate security can come back to haunt you in terms of liability and reputation Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #14 Points to Ponder • 80% of businesses surveyed reported insider attacks against their networks in 2003 • Reported financial losses totaled $201.8M -- this represents only the 251 companies willing to share this information! Decrease from 2002. • Theft of proprietary information and denial of service attacks top the list of losses • Majority of attacks now from outside, but disgruntled employees blamed for 77%. Source: "Issues and Trends: 2003 CSI/FBI Computer Crime and Security Survey" Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #15 What’s the Problem? • Financial liability – Due diligence – Simple negligence – Gross negligence • Goodwill • One bad press release cancels 1000 attaboys This is a “you bet your business” issue Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #16 Computer Security versus Network Security Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #17 Computer security involves preventing, detecting, and responding to unauthorized actions on a computer system. Network security means the same thing for a group of networked computers To understand network security, you must first understand computer security. There is no “easy” way around this. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #18 One View Network Security Computer Security Spring 2005 © 2000-2005, Richard A. Stanley WWW Security WPI EE579T/1 #19 Why Networks Matter • If computers cannot be secured individually, the network cannot be secure • Networking makes the most individually secure computer on the network only as secure as the least individually secure computer on the network. • Networking offers new vulnerabilities • Speed of mischief increases exponentially Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #20 And Most Especially... • Mobile code is a basic staple of the internet, and other networks as well – This a wholly new paradigm • Users are not usually aware of mobile code • Novelty and convenience trump security every time – Consider the dancing pigs Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #21 Analogy • One can easily define the security perimeter of a single computer. You can probably even literally “put your arms around it.” • One cannot easily define the perimeter of a group of networked computers, except under a set of trivial conditions that are meaningless in practice. • So, where to put the security? And HOW to make it happen? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #22 Role of Technology • Technology is a useful tool, not a panacea. • A clear policy, evenly enforced, is the most critical element of success. • Don’t ignore the fundamentals. – Caterpillar’s entire network was compromised by not revoking a former employee’s password. • Perfection does not exist in the real world Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #23 Why Isn’t This Topic More Theoretical? In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #24 Remember the Security Theorem • Proving a computer to be secure required: – Knowledge of the security of each state transition – An exhaustive catalog of all possible states – Knowledge of the initial conditions • Now, how do we apply this approach to a network with changing topology? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #25 Why Is A Proof Elusive? • A secure network must be secure under all conditions of operation • This demands proof that there is no condition under which it could operate that is insecure, i.e. the negative proposition. • However, formal logic teaches us it is impossible to prove a negative • Q.E.D. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #26 Networks • A network is an interconnected group of communicating devices. • Two primary network types – Circuit-switched (connection oriented) – Packet-switched (connectionless) • Span – WAN, MAN, LAN – So what? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #27 Data Networks • Almost exclusively packet switched – Higher efficiency than circuit-switched – Computationally intensive to provide – Packet loss rate is often very high • Largely due to collisions rather than circuit faults – Require extensive protocols to operate • X.25 • IP Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #28 Network Topology • The topology of a network is a view of its interconnections, as they would be seen by an observer looking down from great height • Topology is important because it has implications for security • Three major topologies: – star – buss – ring Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #29 Star Topology The orange lines depict one star -- this slide actually shows a star-star architecture. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #30 Buss Topology Buss In a buss topology, all signals pass by all terminals Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #31 Ring Topology A ring is simply a buss with the ends connected to one another. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #32 How To Get There? • Every destination on the network must have an address, just as every postal destination must have an address – Addresses must be unique – Network must know how to recognize address – Various addressing schema, e.g. • Ethernet • IP Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #33 Two Network Technologies • Token ring – Users remain silent until they receive token – Pioneered by IBM, not widely used • Ethernet – – – – Carrier-sense, multiple access/collision detect Binary exponential backoff on collision sense This is a radio network! Another vulnerability Most widely used architecture today, largely because it is less expensive than token ring Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #34 Other Network Technologies • Fiber-Distributed Data Interconnect (FDDI) – Self-healing, 100 Mbps dual ring • Frame relay – Packet data service, built on X.25 • Synchronous Optical Network (SONET) • Asynchronous Transfer Mode (ATM) – Can operate at gigabit speeds • 53 byte packets; 5 of the bytes are overhead These are of interest in networking, but not security per se; they will not be discussed further in this course Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #35 Topology Misconceptions • The physical interconnection of network elements does not necessarily reflect the logical network topology – Ethernet is logically a buss architecture – Ethernet, connected using hubs, uses a physical star interconnection – Ethernet, connected using coaxial cable, uses a physical buss interconnection Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #36 Some Network Security Issues • Users not necessarily registered at the node they are accessing – How to authenticate users? – What is basis for access control decisions? • Some options: – – – – User ID User address Service being invoked Cryptographic-based solutions Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #37 Ethernet Misconceptions • IEEE 802.3 = Ethernet – Nope! Pure Ethernet is 802.2 • All Ethernets are created equal – Vendor implementation issues • The faster the network speed, the faster I can work – Signaling speed data throughput • Ethernet maps to the internet Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #38 CSMA/CD Throughput Signaling speed ~40% Throughput Users Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #39 Ethernet Addresses • 48 bits long • Address space managed by the IEEE • Usually fixed in hardware at time of manufacture, but increasingly in EEPROM • Hardware must recognize at least it’s own physical address and the network multicast address, and possibly alternate addresses Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #40 Ethernet Frame NOTE: The proper term in this context for groups of 8 bits is an octet, not a byte. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #41 Network Size • Networks cannot grow to be arbitrarily large – – – – Address space Physical interconnection limitations Increasing collisions as users increase Protocol/OS/machine incompatibilities • So, how to extend the ability to interconnect an arbitrarily large number of computers? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #42 The ARPANET • Father of the Internet; first elements in 1969 • Began as an attempt to conduct and share research to ensure continuity of communications after nuclear war, so – Connectionless – Assured delivery – Self-reconfiguring (sort of) • Demonstrated feasibility of internetworking disparate computer networks and machines Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #43 Internetworking • Internetworking is the interconnection of networks • The Internet is an internetwork; all internetworks are not the Internet • Very few modern networks exist in isolation; most are internetworked • This has important security and legal implications Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #44 Internetworking Concepts • Networks are interconnected by routers or gateways – More about this later in the course • Routers route a packet using the destination network address, not the destination host address – Analogous to the world postal system and how letters are routed Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #45 Internetwork Architecture Net 1 Spring 2005 © 2000-2005, Richard A. Stanley R WPI Net 2 EE579T/1 #46 Extended Internetworking Net 1 Clearly, this can be extended ad infinitum, to form very large internetworks. Spring 2005 © 2000-2005, Richard A. Stanley R Net 2 R Net 3 WPI EE579T/1 #47 Some Terms • TCP = transmission control protocol • IP = internet protocol • These protocols have become widely used outside the formally-defined Internet • They have some serious flaws, but they work – They were not planned to have/need security Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #48 IP Addressing Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #49 Class Discrimination • Address space is 32 bits long (IPv4) – Therefore, at most 232 possible addresses (or 4,294,967,296 in decimal notation) • Easy to extract netid from address • There is not a one-to-one correspondence between IP addresses and physical devices – Consider the router • Address with hostid=0 refers to network Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #50 IP Addressing Weaknesses • If a host moves to another network, its IP address must change • If a network grows beyond its class size (B or C), it must get a new address of the next larger size • Because routing is by IP address, the path taken by packets to a multiple-addressed host depends on the address used Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #51 IP Address Presentation • Usually done in dotted decimal, e.g., 10000000 00001010 00000010 00011110 is usually written as 128.10.2.30 • What class of network address is this? • As you see, each notation has its uses Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #52 Consider This Address • 256.75.301.116 • What type of network is represented by this address? • Why? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #53 Address Limits Class A B C D E Spring 2005 © 2000-2005, Richard A. Stanley Lowest Address 0.1.0.0 128.0.0.0 192.0.1.0 224.0.0.0 240.0.0.0 WPI Highest Address 126.0.0.0 191.255.0.0 223.255.255.0 239.255.255.255 247.255.255.255 EE579T/1 #54 Special Purpose Addresses • 0.0.0.0 • 255.255.255.255 Addresses current host Addresses hosts on current network • Host bits zero Identifies a network • Host bits one Addresses hosts on addressed network • Network bits zero Addresses specific host on current network Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #55 Reserved Addresses • First Quad=127 is used for loopback – Traffic doesn’t leave the computer – Routed to the IP input queue – Usually see 127.0.0.1 • Unregistered addresses – Class A – Class B – Class C Spring 2005 © 2000-2005, Richard A. Stanley 10.0.0.0 thru 10.255.255.255 172.16.0.0 thru 172.31.255.255 192.168.0.0 thru 198.168.255.255 WPI EE579T/1 #56 The Future of IP • IPv4 has shortcomings that are becoming important for modern networking • The IETF’s solution is a new version of IP, Version 6, written as IPv6 – – – – Increased address space (128 vs. 32 bits) Support for network autoconfiguration Better support for routing Better security support Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #57 IPv6 Issues • It is not backwards compatible with IPv4 – Given the change in address space alone, how could it be? – Requires translator to go v4v6, vice versa • Huge investment in installed IPv4 mitigates against rapid changeover – But the Defense Department is going there now • Network address translation (NAT) helps reduce need for new address space • Some services, like IPSec, now available for IPv4 • Bottom line: changeover not likely to be quick Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #58 Ports and Sockets • Ports are associated with services, e.g., – Port 53 is usually the domain name service (DNS) – Port 80 is usually the hypertext transfer protocol service • A socket is the combination of an IP address and a port, e.g. 192.168.2.45:80 • Sockets enable multiple simultaneous services to run on a single address Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #59 Address Registration • Internet Corporation for Assigned Names and Numbers (ICANN) handles: – IP address space allocation – protocol parameter assignment – domain name system management – root server system management functions • Only essential to register addresses that appear on the global network, but registration is preferred Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #60 Routing Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #61 Protocols • A protocol is simply an agreed-upon exchange of information required to perform a given task – IP is a protocol – So is TCP • Networks utilize protocols to accomplish all the important tasks they perform • Layered protocols are common Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #62 ISO Protocol Model Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #63 Protocol Layering • Refers to a protocol running on top of another protocol • Layered protocols are designed so that layer n at the destination receives exactly the same object sent by layer n at the source Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #64 TCP/IP Layering Model Application Application-specific messages/streams Transport TCP Packets Internet IP Datagrams Network Interface Ethernet/Token Ring Hardware Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #65 Some Common Protocols • ARP maps IP addresses to physical addresses • RARP determines IP address at startup • IP provides for assured connectionless datagram delivery • ICMP handles error and control messages • UDP defines user datagrams (no assurance of delivery) • IKE handles crypto key management functions • TCP provides reliable stream transport Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #66 How Protocol Layering Works Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #67 Protocol Layering & Internet Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #68 Important Boundaries Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #69 TCP • Assumes little about underlying network • Reliable delivery characteristics: – – – – – Stream orientation Virtual circuit connection Buffered transfer Unstructured stream Full duplex connection Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #70 Positive Acknowledgement Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #71 Positive Acknowledgement With Lost Packet Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #72 Sliding Window Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #73 Positive ACK With Sliding Window Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #74 TCP • A communications protocol, NOT a piece of software • Provides – – – – Data format Data acknowledgement for reliable transfer How to distinguish multiple destinations How to set up and break down a session • Very complex Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #75 Conceptual TCP Layering Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #76 Internet Round Trip Delays This data is old, but still meaningful if you ignore the absolute values of the delays. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #77 Delays • Cannot be avoided or predicted (except statistically) – Packet delivery times will vary – Many packets will simply be lost • So, as a network designer... – – – – – How long do you wait to assume nondelivery? How do you slide the window? How do you back off on collision detect? How do you respond to congestion? …etc. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #78 Establishing a TCP Session Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #79 Ending a TCP Session This implies that a TCP session could be left “half open.” That is true. Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #80 TCP State Machine Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #81 Other Network Protocols • • • • • • NetBIOS NetBUI IPX X.25 ATM Message: TCP/IP is not the only show in town BUT...it is the most popular show in town Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #82 Network Facts • Most computers today are connected to a network (consider the Internet), at least for part of the time they are in operation • Most local networks are internetworked • How to provide authenticity, integrity, confidentiality, availability? • Cryptography can help provide all the security services except availability Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #83 Summary • Networks and internetworking have become ubiquitous • Networking allows interconnection of computers without much concern for the local OS or machine architecture • Networking raises many serious security issues, which must be solved for networks to be useful in modern business settings • The pace of network security problem development far exceeds the pace of their solution Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #84 Assignment for Next Class • Read Stallings on authentication and PGP • Review your prior class notes on cryptography – We will not study cryptography in this course; you are assumed to have a working knowledge of it, both symmetric and asymmetric – Pay attention to refreshing your memory on digital signatures and certificates Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #85 Homework - 1 1. What is the single greatest advantage of having the IP checksum cover only the datagram header and not the data? What is the disadvantage? 2. Exactly how many class A, B, and C networks can exist? How many hosts can a network in each class have? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #86 Homework - 2 3. How many IP addresses would be needed to assign a unique network number to every home (not person) in the U.S.A.? Is the address space sufficient? If not, what can be done within the existing IPv4 standard. 4. What is the chief difference between the IP addressing scheme and the North American Numbering Plan used for telephone numbers? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #87 Homework - 3 5. Complete routing tables for all routers shown on slide 61. 6. Can you think of any security issues, hardware or software, that arise from what you have studied so far? Spring 2005 © 2000-2005, Richard A. Stanley WPI EE579T/1 #88