Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Internet protocol suite wikipedia , lookup
Deep packet inspection wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Computer security wikipedia , lookup
DOMAIN 1 – ACCESS CONTROL Access control protects the systems and resources from unauthorized access, and, usually determines the level of authorization. Subject: Entity requiring access to an object – user, process. (Active). Object: Entity to which access is requested – file, process. (Passive). Access control consists of the following primary areas: Identification Authentication Authorization Accountability The last three of these are largely comprised of ‘logical access controls’. Identification Biometrics: Very sophisticated and accurate, but expensive. Type 1 error: Rejection on authorizated individuals – false reject rate. Type 2 error: Acceptance of invidual that should be rejected. CER : Crossover error rate – point at which false acceptance equals false rejection – expressed as a percentage. Important measurement of biometric system’s accuracy. The lower the better. Other barriers to widespread adoption of biometrics include user acceptance, enrollment time and throughput. Collected biometric images are stored in a corpus. The order of effectiveness of biometric devices is: Order of Effectiveness Palm scan Hand geometry Iris scan Retina pattern Fingerprint Voice verification Facial Recognition Signature Dynamics Keystroke Dynamics Authentication The general types of authentication are: Something a person knows. Something a person has. Order of Acceptance Iris scan Keystroke dynamics Signature dynamics Voice verification Facial recognition Fingerprint Palm scan Hand Geometry Retina Pattern Something a person is. Strong authentication requires two of these (two-factor authentication). Passwords: Passwords are the most commonly used, but also considered one of the weakest. Can use cognitive passwords instead? One-time Passwords: There are two types of one-time password – synchronous and asynchronous. One-time passwords are usually generated by a token device that communicates with an authentication service. Synchronous – Token device synchronizes with authentication server via a time based or event based synchronization. Token device and auth server share the same secret key. Asynchronous – Uses a challenge-response scheme to communication with the authentication server. Other authentication mechanisms: Private key – digitally signing a message. Passphrase – transformed into a virtual password Memory card – holds information but does not process it. ATM card. Smart card – capability of processing information. Authorization The system knows who you are (authentication) and must now decide if you can carry out the requested actions. This is where authorization comes into play. Access criteria is the crux or authorization: Access criteria types can be broken up into: Roles Groups Physical or logical (network) location Time of day Transaction type All access criteria should default to “no access”. Need to know principle: Management’s job is to determine the “need to know”. Administrator job is to configure access control and security mechanisms to fullfil the need to know requirements. Single Sign-on Mechanisms: Scripting: Batch files containing logic details. Insecure. High maintenance recording and maintaining scripts. Kerberos: Kerberos is a single sign-on system that uses symmetric key cryptography (DES) and end to end encryption. Kerberos eliminates the need for transmitting passwords over the network. In order to implement Kerberos, all software in use me be Kerberos compatible or, “kerberized”. The components of Kerberos are: KDC: Key distribution center. Holds user’s and services’ keys. The foundation of kerberos is the client and server’s trust in the KDC. The KDC actually consists of a ticket granting service and authentication server. Principals: Entities requiring KDC services – users, apps or services. The KDC and each principal share a secret key. Ticket: Tickets are created by the KDC and given to a principle when that principle needs to authenticate to another principle. Realm: A “realm” is the set of components and principles that the KDC provides services for. AS: Authentication service – this is part of the KDC. Kerberos Authentication Process: The client trusts the KDC and the services trust the KDC due to their secret keys. An overview of the process when a client wan’t to use a service via Kerberos is: 1. The client sends its user id and the name of the requested service to the KDC. 2. The KDC provides a session key for the client and service to use. One is encrypted with the user secret key and the other with the service secret key. 3. The KDC generates a service ticket containing both session keys. This ticket is sent back to the client. The user enters their password and if the password is correct, the client converts it into the necessary key to decrypt the client session key in the ticket. 4. The client decrypts the client portion of the ticket to get the session key and sends the ticket on to the service. The service uses its own private key to decrypt the session key. 5. The user and service are now authenticated to each other and communicate with encrypted data via the session key. Secret key: Shared between KDC and a principle. Session key: Shared between two principles. Kerberos weakness: Kerberos has a number of weakness that can make it vulnerable to attack. Some of these are: The KDC is a single point of failure. The secret keys are temporarily stored on user’s workstations, in memory, etc. Session keys are decrypted and reside on user’s workstations. Vulnerable to password guessing. Does not protect network traffic. When a user changes password, the KDC database needs to be updated with a new corresponding secret key. Replay attacks can be used against Kerberos. Sesame: Secure European System for Applications in a Multiuser Environment. Sesame is a single sign-on system designed to address some of the kerberos weaknesses. It uses public key cryptography for distribution of secret keys and supports MD5 and CRC32 hashing. Still vulnerable to password guessing. Sesame uses the Needham-Schroeder protocol. Thin Clients: No local processing. Thin clients for the user to login to the network just to be able to use the computer. Kryptoknight: Kryptoknight is another single sign-on protocol similar to Kerberos. The main difference is that there is a peer-to-peer relationship among parties and the KDC. ACCESS CONTROL MODELS An access control model is a framework that dictates how subjects access objects. There are three main types of access control model: mandatory access control, discretionary access control and role-based access control. Discretionary (DAC): The creator of a file is the ‘owner’ and can grant ownership to others. Access control is at the discretion of the owner. Most common implementation is through access control lists. Discretionary access control is required for the Orange Book “C” Level. Mandatory (MAC): Much more structured. Based on security labels and categories. Access decisions are based on clearance level of the data and clearance level of the user, and, classification of the object. Rules are made by management, configured by the administrators and enforced by the operating system. Mandatory access control is required for the Orange Book “B” Level. Role-Based (RBAC): Continually administered set of controls by role within organization. Access rights assigned to roles – not directly to users. Roles are tighter controlled than groups - a user can only have one role. Can use different types of RBAC: Role-based: Role within organization. Task-based: Specific task assigned to the user. Lattice-based: Access Control Techniques and Technologies: Once a company decides on the access control model to use, the technologies and techniques to implement that model need to be determined: Role-based: Can be used with DAC – NT Groups. Can be used with MAC – Labels assigned to roles. Rule-based: Router or firewall rules – user cannot change. Restricted interfaces: Menus and shells Database views Physically constrained interfaces. Access Control Matrix: Table of subjects and objects indicating access. Capability Tables: Specifies the access a certain subject has to specific objects. Corresponds to a row in the access control matrix. Bound to subject. Access Control Lists: Bound to object. List of subjects authorized to access a specific object, and, the level of access/authorization. Content-dependant: Database views are a good example – access is based on the data content itself. Conteaxt-dependant: Access is based on location, time of day, previous access history, etc. Access Control Administration: Access control administration is either centralized, decentralized or a hybrid of the two. Examples of centralized access control technologies include: RADIUS: Remote Authentication Dial-In User Service. Usually used for dialup. Access server requests user login credentials and forwards to a backend RADIUS server. Can use callback for additional security. TACACS: Terminal Access Controller Access Control System. There are several types of TACACS: o o o TACACS : Combines its authentication and authorization processes. Passwords are static. XTACACS: Seperates authentication, authorization and accounting processes. TACACS+: XTACACS with two-factor user authentication. Supports token authentication. Security Domain: A security domain is defined as a “realm of trust”. Subjects and objects share common security policies and procedures and are managed by the same system. Also used within operating systems and applications to protect system files or processes. Can also be defined as a the complete set of resources available to a user. Access Control Methods: There are three broad categories of access control layers: Administrative Technical Physical Administrative controls: Policies and procedures : Guidelines + standards + baselines Personnel controls : Hiring, firing, promotions, transfers, seperation of duties, rotation of duties, forced vacation. Supervisory structures : Clear lines of reporting. Awareness Training Security Testing : Drills, penetration testing, queries to employees, interviews, reviews. Physical controls: Network segregation. Perimeter security. Computer controls. Work area seperation. Data backups. Cabling. Logical (Technical) Controls: System Access – See previous access control mechanisms. Network architecture – Logical controls can provide segregation and protection of an environment. I/P address ranges, subnets, routing between networks, etc. Network Access – Logcal network access controls – routers, switches, NICs, bridges. Encryption and Protocols Control Zone – Technical and physical control. Surrounds and protects network devices that emit electrical signals. TEMPEST related. Auditing Access Control Types Each control method can also perform different functionality. The functionality types are: Preventative Detective Corrective Deterrant Recovery Compensating For example: Preventative-Administrative: Policies and procedures, effective hiring practices, background checks, data classification, security awareness training. Preventative-Physical: Biometrics, badges, swipe cards, guards, dogs, motion detectors, fences, mantraps, locks and alarms. Preventative-Technical: Passwords, biometrics, smart cards, encryption, call-back systems, database views, antivirus software, ACLs, firewalls, IDS Accountability: Auditing capabilities ensure that users are held accountable for their actions, verify that policies are enforced, deter improper actions and are an investigative tool. There are 3 main types of audit tool: Audit reduction Variance detection Attack-signature detection Audit data must be protected from unauthorized viewing and modification. Access Control Practices: The following tasks should be carried out regularly: Deny access to undefined or anonymous accounts Limit and monitor administration accounts Suspent access after a number of failed logins Remove accounts as soon as someone leaves an organization. Format Access Control Models: Bell LaPadula: The Bell LaPadula model is built on state machine concepts and focuses on confidentiality. The objective of this model is to ensure that the initial state is always secure and that transitions always result in a secure state. Bell LaPadula defines a secure state through 3 multilevel properties: Simple Security Policy: No read up – a lower level subject cannot read a higher level object. Protecting confidentiality. Security * (star) property: No write down – do not allow confidential information to be written to a local level, where a lower level subject will be able to view it. Discretionary Security Property: Uses a discretionary access control matrix to manage exceptions. Biba Model: The Biba model is lattice based and focuses on integrity more than confidentiality. Biba specifies the following three axioms: Simple Integrity Axiom: No read down. A higher level subject cannot read information from a lower level. This prevents higher level reports and data being corrupted by lower level (and less trustworthy) information. Integration * (Star) Axiom: No write up. A subject cannot write data above its security level – higher level data might be compromised by lower level, less trustworthy data. A subject at one integrity level cannot invoke a subject at a higher integrity level Clark-Wilson Model: This model has emphasis on integrity – both internal and external consistency. Clark-Wilson uses well formed transactions, seperation of duties and the labeling of subjects and objects with programs to maintain integrity. Security properties are partly defined through five certification rules, suggesting the check that should be conducted so that the security policy is consistent with the application requirements. CDI – Constrained Data Item: A data item whose integrity must be preserved. IVPS – Initial Verification Procedures: Confirm that all CDIs are in a valid integrity state when the IVP is run. TP – Transformation Procedure: Manipulates the CDIs through a well-formed transaction, which transforms a CDI from one valid integrity state to another. UDI – Unconstrained Data Item: Data items outside of the control area such as input information. Any TP that takes a UDI as input must either convert the UDI into a CDI or reject the UDI and perform no transaction at all. Unauthorized disclosure of information: There are several ways in which information can be inadvertently disclosed. The follow items are related to information disclosure: Object Reuse: Reassigning media to a subject when media might still contain some residual information. Make sure media is cleaned. Degaussing works best. Object reuse controls are required for TCSEC B2 and above. Emanation: Picking up radiation emitted by devices. Can use TEMPEST technology to block. TEMPEST is very expensive, some alternatives are: White Noise – Uniform spectrum of random electrical signals used to disguise real data. Zones – Control zones. Access Control Monitoring Keeping track of who attempts to access specific resources, access control monitoring is an important detective mechanism usually carried out by intrustion detection systems: Intrusion Detection Systems (IDS): Network Based: Monitors network, or a segment of the network (passive). Placement of sensors is a critical part of configuring a network based IDS. Place a sensor on the outside firewall to detect attacks and inside the firewall to detect invasions. Another factor to consider is that the network traffic should never exceed the IDS threshold, or the IDS may just start to drop packets. Host-Based: Monitors a specific system. Instrusion detection system have two main methods of operation: Knowledge / Signature based: This type of IDS looks for known attacks and is therefore weak vs new attacks. There are less false alarms. This type of IDS may also fail to detect “slow” attacks extended over a long period of time. Behaviour based / Statistical IDS: This type of IDS detects deviations from expected behaviour of users and systems. May use expert systems. Detects new attacks and doesn’t rely on a database of signatures to be updated, but, can cause more false positives. Relational Database Security Relational datbase security is a growing area of concern. The following are areas relating to database technology and security: Schema: Description of the database and its tables. Usually written using a DDL. Cardinality: Number of rows in a table. Degree: Number of colums in a table. Domain: The set of all allowable values an attribute can take. Entity Integrity & Referential Integrity: View: Virtual table defined from other tables that is used to restrict access, hide attributes and provide content-dependant access. Views help implement least privilege and need to know principles. To protect against “inference attacks”, databases may have a minimum query set size and prohibit query of “all but one” tuples. Highly secure systems may also employ context dependant access control where the tuples a user can read are based on those already read. Threats The main categories of threat to access control mechanisms are: Dictionary attack. Brute force attack. Spoofing at login – fake login screen to capture details. A “trusted path” can mitigate login spoofing. The following measures are used to compensate for internal and external access violations: Backups RAID Fault tolerance Business continuity planning Insurance DOMAIN 2 – TELECOMMUNICATIONS & NETWORK SECURITY Open Systems Interconnect (OSI) model: Developed early 1980s and introduced in 1984: OSI Model Application Presentation Session Transport Network Data Link Physical TCP/IP Model | | Application |____________ <--> Host to Host <--> Internet Layer. | | Network Access Layer. “Each protocol at a specific OSI layer communicates with a protocol that operates at the same OSI layer on another computer. This happens through encapsulation” The protocols, technologies and computers that operate within the OSI model are called open systems. Application Layer: The application layer works closest to the user and handled message exchanges, terminal sessions, etc. The application does not include the actual applications, but the protocols (APIs) that support the applications. Examples of protocols running in the application layer include: SMTP, HTTP, LPD, FTP, WWW, Telnet, TFTP Presentation Layer: The presentation layer received data from the application layer and puts it into a format that all computers using the OSI model can understand. The presentation layer is not concerned with the meaning of data, but the correct syntax and format. The presentation layer can often be considered a “translator”. This layer also handles encryption and compression. ASCII, JPEG, TIF, GIF, Encryption, Compression, MIDI, MPEG Session Layer: When two computers need to communication, or transfer information, a connection session needs to be set up between them. The session layer is responsible for establishing a connection, maintaining it during data transfer and releasing it when done. The session layer works in 3 phases: Connection establishment Data Transfer Connection release Common protocols at the session layer are: SSL, NFS, SQL, RPC Transport Layer: When two computers are going to communicate, they must first agree on how much information each will send at a time, how to deteremine if data was lost in order to retransmit and other parameters. The computers agree on these parameters through a process at the transport layer, OSI layer 4. The transport layer helps provide more reliable data transfer, error correction and flow control. It assembles data into a stream for transmitting over the network, and handled multiplexing if necessary. The transport layer also handles the teardown of virtual circuits and the multiplexing of upper layer applications. TCP, UDP, SPX Network Layer: The main responsibility of the network layer is to insert information into the packet’s header so that it can be properly routed. Routing protocols build and maintain their tables at this layer. The protocols at this layer do not ensure packet delivery – they rely on the transport layer for that. Protocols operating at this level include: IP, ICMP, RIP (Routing information protocol), OSPF (Open shortest path first), BGP (Border gateway protocol) and Internet group management protocol (IGMP) Most routers also run in the network layer. Data Link Layer: As data travels down the ISO stack it comes to a point where it needs to be translated into LAN or WAN binary format for line transmission. This happens at the data link layer. The data link layer is where the operating system knows what format the data frame must be in to transmit over Token Ring, Ethernet, FDDI, ATM, etc. Network cards bridge the data link and physical layer. The data link layer actually consists of two sublayers: 1. Media Access Control (MAC) 2. Logical Link Control (LLC) Protocols operating in the data link layer include: SLIP, PPP, RARP, L2F, L2TP, ISDN ARP Bridges operate in the data link layer. Physical Layer: The physical layer converts bits into voltage for transmission. This layer controls synchronization, data rates, line noise and phsyical medium access. Protocols operating in the physical layer include: RS232, SONET, HSSI, X.21 Repeaters operating in the physical layer. OSI Security Services and Mechanisms: OSI defines 6 basic security services to secure OSI communications: 1. 2. 3. 4. 5. 6. Authentication Access Control Data confidentiality Data integrity Non-repudiation Logging and Monitoring In addition, the OSI model defines 8 security mechanisms. A security mechanism is a control that is implemented in order to provide the 6 basic security services: 1. 2. 3. 4. 5. 6. 7. 8. Encipherment Digital Signatures Access Control Data Integrity Authentication Traffic Padding Routing Control Notarization TCP/IP I/P is a network layer protocol and provides datagram routine services. Two main protocols work at the transport layer, TCP and UDP. TCP Handshake: 1. Host -------- SYN ---------> 2. <----- SYN/ACK -----> Host B 3. --------- ACK --------> The TCP/IP model has 4 layers: Application Host to host Internet Network Access The TCP/IP model layers correspond to the ISO model layers as follows: Application Host to Host Internet Network Access Application, presentation, session. Transport Network Data Link, Physical The Host-to-host layer handles: TCP UDP - Virtual Circuit, sequenced, slower, more reliable - “Best effort”, connectionless. Internet layer: I/P ARP RARP ICMP - No guarantee of delivery, delivery in sequence or only once. - I/P to MAC - MAC to I/P Protocol Numbers: The I/P header contains a protocol field. Some common protocols are: 1 - ICMP 2 – IGMP 6 - TCP 17 – UDP Data Structures: - Within the I/P protocol suite, when an application formats data for sending over the network, it is a message. - At the transport layer, TCP works on the data and it is now a segmenti. The segment is passed to the network layer. - The network layer adds addressing and routine and the bundle is now called a datagram. - The datagram is passed off to the data link layer which frames the datagram with a header & trailer. It is now called a frame. Application Layer Transport Layer TCP Message Segment UDP Message Packet Network Layer Data Link Layer Datagram Frame Datagram Frame General Classes of Network Abuse: Class A: Unauthorized access of restricted network services. Also called “login abuse”. Refers to legitimate users accessing network services that should be restricted to them. Class B: Unauthorized use of a network for non-business purposes. Class C: Eavesdropping Class D: DOS and other disruptions Class E: Network Intrusion. Refers to the use of unauthorized access to break into the network from the outside. Classic cases are spoofing, piggybacking and backdoor exploitation. Class F: Probing. An active variation of eavesdropping. Additional Attacks: SYN attacks, Buffer Overflow, Teardrop attack and Smurf. Common Session Hi-jacking attacks: IP Spoofing attacks. TCP sequence number attacks. Other fragmentation attacks – using fragmented packets to hide true contact. NETWORKING LAN Media Access Technologies Most of the differences between LAN and WAN take place at the data link layer “Two LANs connected by a router is an internetwork, not a bigger LAN. Each LAN has its own addressing scheme and broadcast and communication mechanisms. If they are connected by different data link technologies such a frame relay of X.25 then we are looking at a WAN” Ethernet Usually a bus or star topology IEEE 802.3 standard Shared media – all devices take turns and detect collisions Uses broadcast and collision domains CSMA/CD access method (Carrier Sense Multiple Access with Collision Detection) Uses coaxial or twisted pair. Common Implementations: 10base2: ThinNet. Uses coaxial cable. Max length of 185 meters and provides up to 10mbs throughput. Uses BNC connectors. 10base5: ThickNet. Uses thicket coaxial cable. Longer cable segments and less interference. 10baseT: Twisted-pair copper wiring. RJ45 connectors, usually in a star topology with a hub or switch. Fast Ethernet: Regular ethernet running at 100mbps over twister pair wiring. Ethernet Types Table: Type 10base2, ThinNet 10base5, ThickNet 10base-T 100base-FX, Fast 1000base-T Cabling Co-Axial Co-Axial UTP UTP UTP Speed 10mbps 10mbps 10mbps 100mbps 1,000mbps Token Ring 802.5 standard, originally developed by IBM Signal travels in a logical ring Each computer is connected to a hub called a Multistation Access Unit (MAU) 16mbps capacity Active Monitor – removes frames that are continually circulating Beaconing – attempts to work around errors. FDDI – 802.8 Fiber Distributed Data Interface Developed by ANSI High speed token-passing media access technology Speed of 100mbvps – usually used as a backbone network using fiber optics. Fault tolerance – second counterrotating ring. Can be used up to 100kms, so popular in MANs CDDI (copper distributed data interface) is a version that can be used locally. 802.8 standard. CABLING LAN Media Ethernet Standard 802.3 Characteristics * Shared media * Broadcast & Collision Domains * CSMA/CD * Coaxial or twisted cable * 10mbps – 1 gbps Token Ring 802.5 * * * * Devices connect to center MAU Token-passing access method Transmission speeds of 4-16mpbs Active monitor and beaconing FDDI 802.8 * * * * * Token-passing access method Dual counter rotating ring – fault tolerance 100mbps over fiber-optic Long distance at high speed CDDI works over UTP Bandwidth Data Rate : Size of pipe : Amount of data Coaxial Copper core surrounded by shielding layer More resistant to EMI 10base2 = ThinNet (RG58), 10base5 = ThickNet (RG11/RG8) 10base2 segments can be up to 185 meters 10base5 segments can be up to 500 meters Can use baseband method (one channel) or broadband (multiple channel) 50ohms cable used for digital signaling and 75ohms for analog signaling and high speed data. Twister Paid Cable STP = Shielded Twisted Pair UTP = Unshielded Twisted Pair UTP Category CAT 1 CAT 2 CAT 3 CAT 4 CAT 5 CAT 6 CAT 7 Characteristics Usage Voice Grade Up to 4mbps 10 mbps ethernet 4mbps token 16 mpbs 100 mbps for 100-base TX and FDDI 155mbps 1gbps Not recommended for network use. Mainframe and mini connections. 10 base-T networks Token ring networks FDDI & ATM installations. New LANS Net network installations Net network installations Fiber Optics Uses a type of glass carrying light waves Glass core surrounded by protective cladding, encased in outer jacket Not affected by EMI, no attenuation Very hard to tap into, so more secure. Common Cable problems: Noise: Caused by surrounding devices or characteristics of the environment Attenuation: Loss of signal as it travels. The affect of attenuation increases at higher frequencies. Crosstalk: UTP is susceptible to crosstalk which is caused when electrical signals on one wire spill over to another wire. Plenum space is the space between the ceiling and the next floor. Often used for wiring and cabling. TYPES OF TRANSMISSION Data transmission can happen in different ways (analog or digital), use different controlling schemes (synchronous or asynchronous) and can only use one channel on a wire (baseband) or several channels (broadband). Analog Signals: Continually varying. Modulation: Combining with carrier signal of a specific frequency. Digial Signals: Discrete binary pulses. Asynchronous Two devices not synchronized in any way. Usually used for smaller amounts of data Usually includes start and stop deliniation Synchronous Transfers data as a stream of bits instead of framing it in start and stop bits. Synchronization can be via clocking mechanisms, or a signal in the data. Usually used for higher volumes of data. Baseband Transmission accomplished by applying direct current to a cable. Uses full cable for its transmission. Ethernet is baseband. Broadband Divides cable into channels so that different types of data can be transmitted at the same time. CATV is broadband. Other broadband types include T1, T3, ISDN, ATM, DSL and wireless. Unicast: From source to one computer. Multicast: From source to a specific set of systems. NIC pics up packets with a specific multicast address. Broadcast: From source to all computers on a subnet. Network Topology: The physical arrangement of computers and devices is the “Network Topology” Ring Topology Series of devices connected by unidirectional transmission links. Form a closed loop, no central hub Must provide redundancy or risk single points of failure Bus Topology In a simple bus topology, a single cable runs the entire length of the network. Each packet is looked at by all nodes. Traditional ethernet uses bus topologies. Star Topology All nodes connect to a dedicated central hub or switch Hub is a potential single point of failure Less cabling used and no termination issues Most LANs are in a physical star topology Mesh Topology All systems and resources are connected to each other in some way Greater degree of complexity Greater degree of redundancy The internet is a good example of a partial mesh. LAN Media Access Technologies: Token Passing: Only the computer the has the token can put frames onto the wire. This media access technology is used by Token Ring & FDDI and is defined in the 802.5 standard. Token passing networks are deterministic meaning it is possible to calculate the maximum time that will pass before a station can transmit. This makes token ring networks ideal for applications where delay must be predictable, such as factory automation. CSMA (Carrier Sense Multiple Access): There are two flavors are CSMA, CSMA/CA (Collision avoidance) and CSMA/CD (Collision detection). A transmission is called a “carrier”. If a computer is transmitting frames, it is performing a carrier activity. With CSMA/CD, computers listen to the wire for the absense of a carrier tone. If two computers sense this absense and transmit at the same time, contention and a collision can take place. All stations will execute a “back off” algorithm (Random retry timer). With CSMA/CA, each computer signals the intent to transmit before they actually do so. Collision Domains “The more devices there are on a contention based network, the more likely collisions are which increases latency. A collision domain is a group of resources that are competing for the same shared communication medium”. One subnet will be on the same broadcast and collision domain if it is not seperated by routers or bridges. PROTOCOLS Address Resolution Protocol: ARP The data link layer works with MAC addresses, not IP addresses. ARP resolves IP addresses to MAC addresses. ARP broadcasts a frame requesing the MAC address that corresponds to the destination IP address. The computer that has that IP address responds with its MAC address. “ARP table poisoning” is altering the ARP cache so that an attacker receives packets intended for another destination. Reverse Address Resolution Protocol: RARP Diskless workstations know their hardware address, but not the IP address. It broadcasts the MAC address information and the RARP server responds with an I/P address. BOOTP is similar to RARP but provides more functionality includeing nameserver and gateway address. Internet Control Message Protocol: ICMP ICMP delivers messages, reports errors, reports routing information and tests connectivity. PING is the most common – sends out ICMP ECHO frames and receives ICMP REPLY frames back. NETWORKING DEVICES Repeaters Repeats and amplifies signal between cable segments Works at the physical layer Also known as line conditioners Bridges Uses to connect different LAN segments Works at the data link layer and therefore works with MAC addresses. Divides overburdened networks into smaller segments for better use of bandwidth and traffic control Beware of “broadcast storms” – using bridges to echo broadcast packets. A bridge forwards data to all other network segments if the MAC address of the destination computer is not on the local network segment. There are three types of bridge: Local: Connects two or more LAN segments. Remote: Can connect two or more LANS over a long distance with telecommunications between them. Translator: Connects LANs of different types and protocols. Summary of the functions of bridges: Segment a large network into smaller, more controllable pieces Use filtering based on MAC address Join differenty types of network while retaining same broadcast domain Isolate collision domains within the same broadcast domain Some bridges translate between protocol types. Routers vs Bridges: Routers work at the network layer and are based on IP address. Bridges work at the data link layer and filter frames based on MAC addresses. Routers will not usually pass broadcast information. Bridges will pass broadcast information. Spanning tree algorithm is a bridge algorithm. If source routing is used, the packets themselves have the information within them to tell the bridge where they should go. Hubs: Hubs are used to connect multiple LAN devices into a concentrator. Hubs can be considered as multiport repeaters and operate at the physical layer. Routers: Routers work at the network layer. A router has two or more interfaces and a routing table to get packets to their destination. Routers can filter traffic based on access control lists (ACLs) and fragment packets when necessary. Routers discover information about routers and changes that take place in a network through its routing protocols (RIP, BGP and OSPF). The following outlines the stages that take place when a router receives a packet: 1. 2. 3. 4. A frame is received on one of the router’s interfaces. Destination i/p address is retrieved from the datagram The router looks at the routing table to see which port matches the destination If the router has no information on the destination, it sends an ICMP error to the sending computer. 5. The router decrements the TTL. If the MTU is diferent than the destination requires, it fragments the packet. 6. Router changes the header information on the frame so that it can go to the next correct router. 7. Frame is sent to the router’s output queue. Routing environments are based on autonomous systems. The autonomous systems are connectd to each other through routers and routing protocols. Routing takes place within an autonomous system through internal protocols like OSPF and RIP. Routing takes place between autonomous systems through exterior protocols like BGP. Switches: Switches combine the functionality of a repeater and the functionality of a bridge. Any device connected to one port communicates to any device on another port with it’s own virtual private link. “A switch is a multiport bridging device and each port provides dedicated bandwidth to the device attached to it” Basic switches work at layer 2 and forward traffic based on MAC address. Today, there are layer 3 and layer 4 switches with more enhanced functionality. There are referred to as “multilayered switches”. Virtual LANS (VLANS) are also an important part of switching networks. A switch only sends a packet to the port where the destination MAC address is located, so offer more protection against network sniffers. VLAN: VLANs (Virtual LANs) allow administrators to logically seperate and group users. VLANs also allow administrators to apply different security practices to different groups. Brouter: Hybrid device combining the functionality of a bridge and a router. A brouter can bridge multiple protocols and route packets based on some of these protocols. Gateways: Almost all gateways work at the application layer because they need to see a majority of the information within a frame and not just the address and routing information that a router or bridge requires. A popular type of gateway is an email gateway. The mail gateway will usually convert email into standard X.400 and pass it on to the destination mail server. A network connecting to a backbone (Ethernet --> FDDI for example) would need a LAN gateway. Summary of Main Devices: Device Repeater Bridge Layer Phsyical Data Link Router Network Brouter Network & Data Link Data Link & Higher Application Switch Gateway Functionality Amplifies signal and extends networks Forwards packets. Filters packets based on MAC address. Forwards broadcast but not collision traffic. Filters based on IP address. Seperates or connects LANs, creating internetworks. Bridges multiple protocols and routes some of them. Private virtual link between devices. Allows for VLANs. Impedes sniffing and reduces contention. Connects different types of network. Protocol and format translation. PBX: A Private Branch Exchange (PBX) is a telephone switch located on the company’s property. A PBX can interface with several types of device and provides a number of telephone services. Data is multiplexed onto a dedicated line connected to the telephone company’s central office. PBXs have the following issues: Often have modems attached for vendor maintenance. Come shipped with default system passwords. Vulnerable to brute force attacks. ATM Switches: Most commonly used in WANs but started to be seen in LANs. Use a cell-relay technology. FIREWALLS Firewalls are used to restrict access from one network to another network. A firewall is a device that supports and enforces the company’s network security policy. Many times companies setup firewalls to construct a “DMZ” or “buffer zone” which is a network segment located between protected and unprotected networks. Usually, two firewalls are used to construct a DMZ: LAN <-- firewall <--- DMZ <---- firewall <----- router <----- .o( Internet )o. Packet Filtering: Packet filtering firewalls use Access Control Lists to determine which packets can and cannot pass through. The filtering is based on network layer information, the device cannot look further into the packet itself. A packet filtering router is also called a screening router. Packet filtering usually takes place at the network or transport layer. Pros Scalable High Performance Application Independant Cons Does not look into packet past the header info Lower security relative to other options Does not keep track of connection state Used in first generation firstwalls. Packet filtering firewalls are often called “first generation firewalls”. Stateful Packer Filtering: Stateful filtering keeps track of which packets went where until the connection is closed. To accomplish this, the firewall maintains a state table. A packet filtering firewall may have the rule to deny UPD on port 25, while a stateful packet filtering firewall can say “allow those packets through if they are in response to an outgoing request”. Frames are analysed at all communication layers. High degree of security without the performance hit of proxy firewalls. Scalable and transparent to users. Provides data for tracking connectionless protocols like UDP and RPC Used in third generation firewall applications. Proxy Firewalls: A “proxy” is a middleman. A proxy firewall accepts messages entering or leaving the network and checks it for malicious information and if ok, passes it on to the destination. A proxy firewall breaks the communication channel – there is no direct communication to internal computers. Outside scanners will only see the proxy server. Packets are repackaged as they pass through the proxy firewall. Outbound packets will only have the I/P addrss of the firewall which means that a proxy server will be the only one with a valid I/P address- the servers behind it can all use private address ranges. A dual homed firewall has two NICs and forwarding turned off. There are two types of proxies: Application and circuit proxies. Proxy firewalls are considered second generation firewalls and are usually used with a dualhomed host. Application Level: Inspects entire packets and makes access decisions based on actual content. Understands the different protocols and usually works for just one service or protocol. Circuit-Level: Creates a circuit between client computer and server. Makes access decisions based on source and destination. Pros: Looks at information within the packet, right up to the application layer. Better security than packet filtering Aware of protocols, services and commands being used. Cons: Limited to what applications it can support Can degrade network performance Poor scalability Breaks client/server model. Dual-Homed Host Firewalls: Single computer with seperate NICs to each network Used to divide internal trusted network and external untrusted network Must disable forwarding Usually used with proxy software Users can easily and accidentally enable forwarding. Application level vs Circuit Level proxy firewalls: Application Level: Transfers a copy of each approved packet from one network to another. Different proxy required for each service. Hides network information from external attackers. Hides internal computer information and addresses. More intricate control than circuit level proxy firewalls Reduces network performance Circuit-Level: Provides a circuit between the source and destination Does not require a proxy for each service Does not provide the detailed control that the application level proxy does. Security for a wider range of protocols. SOCKS proxy server characteristics: Circuit-level proxy Requires clients to be integrated with SOCKS client software. Mainly used for outbound internet access and VPN Can be resource intensive Authentication and encryption are similar to VPN, but socks is not considered a bidirectional VPN. 1st generation : Packet filtering firewalls. 2nd generation: application (proxy) firewalls 3rd generation: stateful packet firewalls 4th generation: dynamic filtering 5th generation: kernel proxy FIREWALL ARCHITECTURE: Bastion Host: A bastion host can be thought of as the foundation for the firewall software to operate on. It is the machine that will be accessed by all entities trying to access or leave the network. Screened Host: Many times a screened host is a bastion host that communicates with a border router and the internal network. Inbound traffic is filtered by packet filtering on the router and then sent to the screened host firewall. Screened Subnet: Adds another layer of security over the screened host firewall – the bastion host housing the firewall is screened between two routers. This architecture sets up a DMZ between the two routers. Shoulds of firewalls: Firewalls should: Default to deny Block external packets inbound with internal addresses (Spoofing) Block outbound packets with external source addresses (Zombies) High security firewalls should reassemble packet fragments before sending them on to their destination. Many firewalls will deny packets with source routing information. Networking Services Network Operating Systems (NOS): Short list of some of the services that NOS systems (NT, W2K, Linux) provide that most single user (W95, W98) systems do not: Directory services Internetworking, routing and WAN support Support for dial-up users Clustering functionality File & print services Management and administration tools Fault tolerance A redirector connects local computer to rsources of the network – the local computer may not even be aware of this. DNS: Networks are split up into “zones” DNS server is said to be authoritative for the zone it serves. Directory Services: A directory service is a database containing a hierarchy of users, computers, printers and attributes of each. The directory is used mainly for lookup purposes – to allow users to break down resources. Most directory services are built on the X.500 model or use LDAP to access the directory database. Intranets and Extranets: Private I/P address ranges are: 10.0.0.0 172.16.0.0 192.168.0.0 - 10.255.255.255 172.31.255.255 192.168.255.255 Class A 16 * Class B 256 * Class C Network Address Translation: Network address translation forms a gateway between a network and the internet or another network. The gateway performs transparent routing and address translation. Some attributes of this process are: Hides true internal I/P address information from the outside world. The NAT device needs to remember the internal IP address and port to send the messages back to. Metropolitan Area Network (MAN): A MAN is usually a backbone that connects businesses to WANS, the internet and other businesses. A majority of today’s MANs are Synchronous Optical Network (SONET) or FDDI rings provided by local telephone companies. Wide Area Network (WAN): WAN technologies are used when communication needs to take place over a larger geographical area. There are several technologies in the WAN arena, several of which are discussed below. The SONET (Synchronous Optical Network) gives all the world’s carriers the ability to interconnect. ATM encapsulates data in fixed cells and can be used to deliver data over SONET. The fixed size provides better performance and reduced overhead. A quick snapshot at telecom history: Copper lnes carrying analog information T1 lines carrying up to 24 conversations T3 lines carrying up to 28 T1 lines Fiber optics and the SONET network ATM over SONET Types and speed of standard leased lines: DS0 : Single 64k channel on a T1 facilities DS1 : 1.544mbps on a T1 (2.108 on a E1 in Europe) DS3 : 44.756mbps on a T3 facility. Dedicated Links: Leased line or “point to point” link. Expensive, but secure T-Carriers: Dedicated lines that carry voice or data over trunk lines. Most common are T1 @ 1.544mbps and T3 @ 45mbps Multiplexing through TDM (Time division multiplexing) S/WAN: Secure WAN, initiative of RSA security who worked with firewall and protocol vendors to build secure firewall-to-fireall connections through the internet. S/WAN is based on VPNs that are created with IPSEC. xDSL types ADSL: More bandwidth down than up. SDSL: 1.544mbps down and up. Limited to 10,000 feet from exchange. HDSL: High-rate digitial subscriber line. 1.544mbps each way. VDSL: Very high data rate dsl – 13 to 52mbs downstream and 1.5 to 2.3 upstream. Limited to 1,000 – 4,500 feet from exchange. Packet Switching vs Circuit Switching: Circuit Switching Constant Traffic Fixed delays Connection-oriented Sensitive to loss of connection Voice oriented Packet Switching Bursty Traffic Variable delays Connectionless Sensitive to loss of data Data Oriented WAN Technologies CSU/DSU: Channel service unit / data service unit : required when digial equipment will be used to connect a LAN network to a WAN network Necessary because the frames are so different between LAN and WAN equipment. DSU converts signals from routers, bridges, etc into signals that can be transmitted over the telephone company’s digital lines CSU connects the network directly to the telephone company lines. Provides an interface for DTE and DCE devices such as the router and the carrier’s switch. Switching: There are two main types of switching, circuit switching and packet switching: Circuit Switching: Connection oriented virtual links (ISDN, telephone call) Traffic travels in a predictable and constant manner Fixed delays Usually carries voice oriented data Packet Switching: Packets can use many different dynamic paths to get to the same destination Supports traffic that is bursty Variable delays Usually carries data-oriented information. Internet, X.25 and Frame Relay are all packet switching networks. Frame Relay: Frame relay is a WAN protocol that operates at the data link layer. Frame Relay uses packet switching technology as an alternative to expensive dedicated lines. Companies that pay more to ensure a higher level of bandwidth availability pay a “commited information rate” or CIR. Virtual Circuits: Frame relay forwards frames across virtual circuits. These can be permanent meaning they are programming in advance, or switching means it is built when needed an then torn down. The PVC (Permanent Virtual Circuit) works like a private line for a customer with a CIR. A PVC is programmed to ensure bandwidth availability. X.25 X.25 is an older WAN technology that defined how networks and devices establish and maintain connections. X.25 is a switching technology. Data is divided into 128 bytes and encapsulated in HDLC frames (High-level Data Link Control). X.25 is slower than frame relay or ATM due to heavy error checking and correction that is not necessary on more modern networks. ATM – Asynchronous Transfer Mode: ATM is another switching technology that uses a cell-switching method instead of packet switching. Like frame relay, ATM is connection-oriented. Cell switching means that data is segmented into fixed size cells (53 bytes). Like Frame Relay, ATM can set up PVCs and SVCs. SMDS – Switched Multimegabit Data Service: High speed packet switched technology used to enable customers to extend their LANs across MANs and WANs. Protocol is connectionless and can provide bandwidth on demand. SDLC – Synchronous Data Link Control: Base on networks that use leased lines with permanent physical connections. SDLC is used mainly for communication to IBM hosts within the SNA architecture. HDLC – High Level Data Link Control: Bit-oriented link layer protocol used for transmission over synchronous lines, HDLC is an extension of SDLC. HDLC provides high throughput because it supports full duplex. HSSI – High Speed Serial Interface: Interface used to connect multiplexers and routers to high speed services like ATM and Frame Relay. These interfaces define the electrical and physical interfaces to be used by DTE/DCE devices, thus it works at the physical layer. Developed by CISCO and T3Plus Networking. Multi-Service Access: Multi-service acess technologies combine different types of communication categories (voice, data and video) over one transmission line. VOIP can be affectd by latency due to internet being packet oriented switching technology vs circuit switcing. This is referred to as “jittering”. H.323 Standard that deals with video, audio and data packet-based transmissions where multiple users can be involved wth the data exchange. H.323 terminals are connected to gateways or the gateways are connected to PSTN. Packet switching technologies include X.25, LAPB, FRAME RELAY, ATM and SMDS. REMOTE ACCESS Remote access covers technologies that enable remove and home users to access networks. Dial-up and RAS: Remote access is usually gained by connecting to a network access server (NAS). NAS acts as a gateway and end point for a PPP connection. ISDN: Integrated services digital network. ISDN breaks the telephone line into different channels and transmits data in a digital form vs the old analog method. There are 3 types of ISDN implementation: BRI: Basic Rate Interface : Operates over existing copper lines in the local lopp and provides digital voice and data channels. Uses two B channels and 1 D channel. PRI: Primary Rate Interface: 23 B channels and one D channel operating at 64k. Equivalent to a T1. BISDN: Broadband ISDN. Mainly used with backbones over ATM/SONET. B channels enable data to be transferred. D channel provides for call setup, error control, caller id and more. ISDN is a circuit switching point-to-point protocol. DSL – Digital Subscriber Line: Uses existing phone lines Have to be within a 2.5 mail radius of the provider’s equipment. Cable Modems: High speed internet access through coaxial and fibre lines. Bandwidth shares between users in a local area. Security concerns: Network sniffers on shared medium. VPN – VIRTUAL PRIVATE NETWORKS A virtual private network is a secure private connection through a public network or otherwise unsecure environment. VPNs are often used to provide a connection between two routers. Tunneling Protocols: VPNs use tunnelling protocols to create a virtual path across a network. There are three main tunnelling protocols used in VPN connections: PPTP, L2TP and IPSEC PPTP: Point to point tunnelling protocol. Encapsulation protocol based on PPP. PPTP works at the data link layer and encrypts and encapsulates packets. There are a few weaknesses with PPTP. Negotiation information is exchanged in clear text and can be easily snooped. PPTP is a Microsoft developed protocol. Designed for client/server connectivitiy Sets up a single point-to-point connection between two computers Works at the data link layer Transmits only over I/P networks L2F: Layer 2 Forwarding: Created before L2TP by Cisco Merged with PPTP to create L2TP Provides mutual authentication, but no encryption. L2TP: Layer 2 Tunnelling Protocol. L2TP combines L2F with PPTP. PPTP can only run on top if I/P. L2TP can use other protocols such as IPX and SNA PPTP is an encryption protocol, L2TP is not. L2TP is often used in conjunction with IPSEC for security. L2TP supports TACACS+ and RADIUS, PPTP does not. IPSEC: Handles multiple connections at the same time Provides secure authentication and encryption Supports only IP networks Focuses on LAN-LAN communication Works at network layer --> Security on top of I/P Can work in tunnel mode where both header and payload are encrypted, or transport mode where only the payload is encrypted. PPP: PPP encapsulates messages and transmits them through an IP network ove a serial line. PPP supports different authentication methods such as Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP) and Extensible Authentication Protocol (EAP). PAP, CHAP, EAP: PAP: Least secure of the three options as credentials are sent in clear text. Also vulnerable to reply attacks. CHAP: Uses a challenge/response mechanism instead of sending a username and password. Client sends host a logon request and the host returns a random “challenge” value. The challenge is encrypted with the user password and returned to the host. The server performs the same encryption and determines whether or not there was a match. CHAP is not vulnerable to “man in the middle” attacks because it continues this challenge/response activity throughout the connection. EAP: Extensible Authentication Protocol. EAP is not a specific mechanism like PAP or CHAP but is more of a framework to allow many different types of authentication mechanism. EAP extends the authentication possibilities to other methods like one-time passwords, token cards, biometrics and future mechanisms. Network and Resource Availability: Some general guidelines are: Watch out for single points of failure Use ISDN or modem backup for WANs Use UPS’ and RAID (striping and/or mirroring) Clustering provides for fault tolerance, load balancing and failover. RAID types: Raid# Level 0 Name Striping Level 1 Mirroring Level 2 Level 3 Hamming Code Parity Byte Level Parity Level 4 Block Level Parity Level 5 Interleave Parity Level 6 Second Parity Data Level 7 Level 10 Level 15 Level 1 + Level 0 Level 5 + Level 1 Description Data is striped over several drives, but there is no redundant drive. Used for performance enhancement. If one drive fails, the whole volume is unusable. Data is written to two drives at once. If one fails, the other has the same data. This is an expensive option as each drive has another whole drive with the same information. Data is striped over all drives at bit level. This array uses 39 drives, 32 for data and 7 for parity. Not used in practice. Data is striped over all drives, parity is held on just one drive. If a drive fails, it can be reconstructed from the parity drive. Same as level 3 except data is striped in disk sector units rather than blocks of bits or bytes. Data is written to disk sector units across all drives. Parity is written to all drives. There is no single point of failure because parity is written to all drives. Uses XOR algorithm. Similar to level 5 but with added fault tolerance – second set of parity data written to all drives. Variation of RAID 5 where the array functions as a single virtual disk in the hardware. Data is striped across multiple RAID1 pairs. Two complete RAID5 systems are mirrored for additional fault tolerance. WIRELESS TECHNOLOGIES Broadban wireless occupties band 2 to 24ghz. IEEE 802.16 deals with wireless MANs IEEE 802.11 deals with wireless LANs Higher frequency can carry more data, but a shorter distance WLANS work in the 2.4 & 5ghz unlicensed bands and there are two IEEE standards, 802.11a and 802.11b: 802.11a is the latest standard, works in the 5ghz range and provides up to 54mbps 802.11b is in the 2.4ghz range and providers up to 11mbps 801.11 uses Wireless Application Protocol (WAP). WAP uses WML (Wireless Markup Language) and WMLScript to present web based material. WAP has its own session and transaction protocols and a transport layer security protocol called WTLS (Wireless Transport Layer Security). A WAP gateway is required to translate WAP protocols to the internet. Encrypted data from a wireless device comes in with WTLS but must be convered into SSL or TLS by the gateway. For a second or two, the WTLS data will be decrypted for conversion into SSL – this is referred to as the gap in the wap. Wireless Technology (Prep Guide): IEEE 802.11 refers to a family of specifications for wireless LANs. The current 802.11 standard all use CSMA/CD. 802.11: Original wireless LAN standard. 1 or 2mpbs speed in the 2.4ghz band using DSS or FHSS. 802.11b: 11mpbs (autoslows to 5.5, 2 or 1mpbs based on signal strength). Uses only DSSS. Also known as wi-fi. 802.11a: Up to 54mbs in the 5ghz range. Uses orthogonal FDM. 802.l11g: 20mbps to 54mpbs in the 5ghz range. 802.11e: Draft standard to provide QOS features and multimedia support. Spread Spectrum Technology: Spread Spectrum Technology broadcasts signals over a range of frequencies. Receiving device must know the correct frequency of the spread spectrum signal being broadcast. Two spread spectrum technologies currently exist: Direct-Sequence Spread Spectrum (DSSS): Redundant bit pattern for each bit to be transmitted – spread over a wide frequency. Because it is spread over the spectrum, the number of discrete channels in the 2.4ghz band is small. Frequency-Hopping Spread Spectrum (FHSS): Uses a narrow band carrier that continually changes frequency in a known pattern. Source and destination devices must be synchronized to be on the same frequency at the same time. Both of the above appear as line noise to a non spread-spectrum device. AD-HOC mode: Access is Peer to peer. Infrastructure mode: Access is via an access point (wireless hub). Wireless Application Protocol (WAP): Wireless application protocol is a set of technologies related to HTML but tailored to small screens. The most noticeable is HDML: Handheld device markup language. WAP has 5 layers: Application, session, transaction, security and transport Application Layer: Microbrowser, WML (Wireless Markup Language), WMLScript and Wireless Telephony Applications (WTA) Session Layer: Contains the Wireless Session Protocol (WSP) which is similar to HTTP. WSP facilitates transfer of content between WAP clients and gateway. WSP provides a connection-oriented mode and a connectionless mode. Transaction Layer: Providers the Wireless Transaction Protocol (WTP). Similar functionality to TCP/TP. Reliable request and response transactions and supports unguaranteed and guaranteed psuh The transaction layer provides transaction services to WAP and handled acknowledgements. Security Layer: The security layer contains WTLS (Wireless Transport Layer Security). WTLS is based on TLS (similar to SSL) and can be invoked in a manner similar to HTTPS. WTLS provides data integrity, privacy, authentication and DOS protection. Transport Layer: The transport layer suports the Wireless Datagram Protocol (WDP) which provides an interface to bearers of transportation. The transport layer supports CDPD, GSM, CDMA, TDMA, SMS and Flex. Wired Equivalent Privacy (WEP) Encyption: WEP is an option in 802.11b. It uses a 40-bit shared key, RC4 pseudorandom number generator and a 24 bit initialization vector. WEP works in the following manner: 1. Checksum of message computed and appended to the message. 2. Shared secret key and initialization vector are fed to the RC4 algorithm to produce a keystream. 3. The keystream is XORed with the msg and checksum and produces ciphertext. 4. The initialization vector is appended to the ciphertext message and the message is sent to the recipient. 5. The recipient who has the same secret key generates the same keystream with the IV. 6. The generated keystream is XORed with the ciphertext to yield the original message. WEP is not considered secure due to the 40-bit encryption. DOMAIN 3 – SECURITY MANAGEMENT PRACTICES Security management includes: Risk management, security practices and security education. Security management practices focuses on the continual protection of company assets. Management support is one of the most important pieces of a security program. Three types of control are used to achieve managements goals: Administrative: Policies, procedures, guidelines, awareness training, personnel screening, system activity monitoring, change control and configuration management. Technical: Logical access control mechanisms, password & resource management, identification and authentication, security devices, network configuration. Physical: Physical access control, locking systems, removing unnecessary media, guards, environmental control, perimeter security. Management (the information owner) creates security directives and classifies data. The security team implements and enforces the directives. Security Definitions: Some commonly used security definitions are: Vulnerability: Softrware, hardware of procedural weakness that may provide an attacker the open door he is looking for. Absence or weakness of a safeguard. Threat: Any potential danger to information or systems. Risk: Likelihood of a threat agent taking advantage of a vulnerability. Exposure: An instance of being exposed to losses from a threat agent. Countermeasure: Hardware, software or procedure that eliminates a vulnerability, or, reduces the risk of a threat agent being able to exploit it. Is also called a safeguard. Risk Management Risk Analysis is a method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards. Risk management addresses 3 fundamental questions: Identify assets – What am I trying to protect? Identify threats – What am I trying to protect against? Calculating risks – How much time, effort & money am I willing to spend on adequate protection. The following issues should be considered when assigning value to information safeguards: Cost to acquire and develop Cost to maintain and protect Value to owners and users Value to adversaries Value of intellectual property Price that others would pay for the asset Cost to replace if lost Operational and productivty affected if asset is lost. Liability issues if assest is compromised. Usefullness of the asset. There are 4 basic elements to risk management: Quantitative risk analysis Qualitative risk analysis Asset valuation process Safeguard selection Quantitative risk analysis: Estimate value of assets to be protected. Identify each threat and corresponding risk Estimate loss potential of each risk Estimate possible frequency of threat Recognize and recommend remedial measures Quantitive risk analysis involves the following definitions and calculations: SLE – Single loss expectancy : Dollar amount of potential loss to an organization if a specific threat too place. EF – Exposure factor: Percentage of loss a realized threat could have of an asset. Asset value * Exposure factor (EF) = SLE ARO – Annualized rate of occurence: Estimated possibility of a specific threat taking place in a one year timeframe. ALE – Anualized loss expectancy: Single loss expectancy (SLE) * Annualzed rate of occurent (ARO) = ALE Safeguard value: (ALE before safeguard) – (ALE after safeguard) – (Annual cost of safeguard) = Safeguard value to the company. Residual Risk: Amount of risk remaining after a safeguard is implemented: threats * vulnerability * asset value = total risk. (threats *vulnerability * asset value) * control gap = residual risk. Asset: Resouce, process, product, infrastructure and any other object that an organization has determined should be protected. Qualitative risk analysis: Walk through different scenarions and rank seriousness of threats or sensititivy of assets. Techniques include judgement, intuition and experience. Some methods are delphi, brainstorming, story boarding, focus groups, surveys, questionnaires, one-on-one meetings and interviews. Handling Risk: Transferring Rejecting Reducing Accepting : : : : Insurance Deny or ignore the risk. Implementing countermeasures. Live with the risk. Policies, Procedures, Standards and Guidelines Security Policy: General statement produced by senior management. Issue specific: System specific: For example, email, PDA. Approved software lists, database standards. Standards: Specify how hardware and software are to be used. Usually mandatory. Baseline: Minimum level of security necessary throughout the organization. Standards are usually developed from baselines. Guidelines: Recommended actions and operational guides. Not mandatory. Provide direction in policy grey areas. Procedures: Detailed step by step actions to achieve the tasks necessary for compliance with standards. Standards as also known as “practices”. To be effective, each of these needs high visibily, which can be helped be awareness training, manuals, presentations, legal banners. Can also help with due care and diligence issues. Data Classification The primary purpose of data classification is to indicate the level of confidentiality, integrity and availability that is required for each type of information. Classifications: Commercial Confidential Private Sensitive Public Military Top Secret Secret Confidential Sensitive but unclassified Public (Note: Commercial ‘confidential’ information is exempt from FOAI). Layers of Responsibility: Data Owner: Senior management, ultimately responsible for protection and use of data. Determines data classification. Data Custodian: Responsibility for maintenance and protection of data. Usually IT department. Makes backups, performs restores, etc. User: Any individual who routinely uses the data for work related purposes. Also considered “consumer” of the data. The necessary pieces that fit together for effective security management practices are: Data classification Operational activities Safeguard selection Seperation of duties Management security responsibilities Guidelines and procedures Risk assessment Policies and standards Security awareness. The three pillars of security awareness training are: Awareness, Training, Education. Confidentiality Integrity Availability Disclosure Alteration Destruction Seperation of Duties: “The principle of seperation of duties is that an organization should carefully seperate duties, so that people involved with checking for inappropriate use are not also capable of making such inappropriate use. No person should be responsible for completing a task involving sensitive, valuable or critical information from beginning to end. Likewise, a single person must not be responsible for approving their own work”. Some examples of things that should be seperated are: development / production security / audit account payable / accounts receivable encryption key management / changing of keys 1. Name the 5 general procedures to implement change control: Applying to introduce a change Cataloging the intended change Scheduling the change Implementing the change Reporting the change to appropriate parties DOMAIN 4 – Application and System Development “The division between software security and device security deals with providing security at the beginning stages of software development versus providing devices that protect the perimeter of networks”. “If an application fails for any reason, it should resume to a safe state”. Database Management: “Database access control can be restricted by only allowing roles” Database Models: Relational Database Model: Uses attributes (columns) and tuples (rows) to contain and organize information. Presents information in the form of tables. Hierarchical Data Model: Combines records and fields that are related in a logical tree structure. Used for mapping one-to-many relationships. Distributed Data Model: Data stored in more than one database, but logically connected. Relational Database Components: Most databases contain the following core functionalities: Data Definition Language (DDL) Data Manipulation Language (DML) Query Language (QL) Report Generator. DDL defines the structure and schema of a database. Data Dictionary: The data dictionary is a central repository of data elements and their relationships. The Data Dictionary includes definitions of views, data sources, relationships, tables, indexes, etc. When new tables, new views or new schema are added, the data dictionary is updated to reflect this. Integrity: Can run into concurrency problems. Record locking prevents this. Database software performs to main types of integrity services: Semantic Integrity: Makes sure that structural and semantic rules are enforced. Referential Integrity: No record can contain a reference to a primary key of a nonexisting record or NULL value. Database must also not contain unmatched foreign key values. Database Security Issues: Two main database security issues are aggregation and inference: Aggregation: Aggregation is figuring out complete information you dont have access to by using components of that information you do have access to. The combined information has a sensitivity that is greater than the sum of the parts. Queries could be tracked and restricted based on context-dependant classification used to check what data the users has already accessed. Inference: Inference is similar to aggregation and involves the ability to derive information that is not explicitly available from information that is available. For example, a clerk does not have access to troop movements but does have access to food and tent deployment. Again, context-dependant classification rules can help prevent anything that looks like inference. Database security looks at the contents of the file rather than the file itself as an operating system could. This is content-dependant access control which increases processing overhead but provides more granular control. Polyinstantiation: Polyinstantiation enables a relation to contain multiple tuples with the same primary key but at different security classifications. System Development Security management is an important aspect of project management. The following is a typical list of lifecycle phases: Project initiation Functional design, analysis and planning System design specifications Software development Installation / Implementation Operational Maintenance Disposal. System Design Specifications: Informational, functional and behavioural model information goes into the software design as requirements. What comes out of the design is data, arhcitectural and procedural design. Installation / Implementation: Certification is the process of reviewing and evaluating security controls and is usually a task assigned to an outside independent reviewer. Accreditation is the formal acceptance of the system by key management and in implicit acceptance of risk. Once management accepts the residual risk, they should issue a formal accreditation statement. Verification – does the product match the specification? Validation – Fitness or worth of a software product for its operational mission. ”Verification is doing the job right, Validation is doing the right job” System Life Cycle Phases: Project Initiation: o Concept of project definition o Proposal and initial study Functional design analysis and planning o Requirements uncovered and defined o SYstem environment specifications determined System design specifications: o Functionality design review o Functionality broken down o Detailed planning put into place o Code design Software development: o Developing and programming software Installation o Product installation and implementation o Testing and Auditing Maintenance Support o Product changes, fixes and minor modifications Revision and Replacement o Modifying the product with revisions, or, replacing it completely. WaterFall Model: The steps of a typical waterfall model are: System feasibility Software plans and requirements Product design Detailed design Code Integration Implementation Operations and Maintenance Spiral Model: Angular dimensions represent progress made in completing the phases. Radial dimension represents cumulative project costs. The model states that each cycle of the spiral involves the same series of steps for each part of the project. Cost Estimation Models: Basic COCOMO model estimates development effort and cost as a function of the number of source instructions: MM = 2.4KDSI (MM = Man months, KDSI = K developed source instructions) TDEV = 2.5mm Maintenance: Maintenance phases can be divided into 3 sub-phases: 1. Request control 2. Change control 3. Release control Change Control: Configuration management is the process of controlling the life cycle of an application and documenting the necessary change control activities. Configuration management is used to manage changes and new versions of software products. BS7799 addresses configuration management. The following definitions are associated with Configuration Management: Configuration Item (CI): Component whose state is to be recorded. Version: A recorded specific state of a configuration item. Configuration: Collection of component configuration items that comprise a configuration item in some stage of its evolution. Can be recursive. Building: Assembling a version of a configuration item from component configuration items. Build List: Software Library: Software Capability Maturity Model (CMM): The Software CMM is based on the premise that the quality of a software product is a direct function of the quality of its associated development and maintenance processors. 5 maturity levels are: Level Level Level Level Level 1: 2: 3: 4: 5: Initiating Repeatable Defined Managed Optimizing : : : : : Good people in place. Processes performed ad-hoc. Project management processes in place. Engineering processes and organizational support. Product and process quantatively controlled. Continued process improvements. Institutionalized. The software CMM is a component that supports the concept of continuous process improvement. This concept is embodied in the SEI process improvement IDEAL model: Initiate Diagnose Establish Action Leverage | | | = IDEAL! | | Application Development Methodology Object-Oriented Concepts: A shared potion of an object is the interface. The private portion of an object facilitates data hiding. Abstraction is the capability to suppress unnecessary details so that the important, inherent properties can be examined and reviewed. Polymorphism: An object’s response to a message is defined by the class to which the object belongs. Different objects can respond to the same input in different ways. Encapsulation: Hides internal data and operations not exposed via the interface. Polyinstantiation: Multiple distinct differences between data within objects to discourage lower level subjects from learning information at a higher level of security. Inheritance: Shares properties and attributes with subclasses. Cohesion and Coupling: Modules should be self contained and perform a single logical function with as little external help as possible. This is cohesion and the goal for a module is to have high cohesion. Modules should not drastically affect the behaviour of each other. This is low coupling. ORBs and CORBAs: The OMA is the Object Management Architecture. ORB manages all communication between components and enables them to interact an a heterogenous and distributed environment. ORB is the middleware that established the clent/server relationship between objects. CORBA provides standard interface definitions between OMG compliant objects. COM and DCOM: The component object model (COM) defines how components interact and provides an architecture for simple IPC. DCOM is a distributed model based on COM. DCOM has a library that takes care of session handling, synchronization, buffering, fault identification and handling, and data format translation. OLE – Object Linking and Embedding: OLE uses COM as its base and allows objects to be embedded within documents and for linking different resources and objects. The capability for one program to call another is called linking. The capability to put a piece of data inside a foreign program or document is called embedding. DDE – Dynamic Data Exchange: DDE enables different applications to share data by providing IPC. DDE is a communication mechanism that enables direct connection between two applications. Distributed Computing Environment (DCE): DCE is a standard developed by the OSF – Open Software Foundation (also called “the open group”). DCE is middleware providing RPC service, security services, directory service, time service and distributed file support. DCE is a laye of software that sits on top of the network layer. ** DCOM uses a globally unique identifier (GUID). ** DCE uses a universal unique identifier (UUID). Expert Systems and Knowledge Based Systems: Expert systems usually consist of two parts, an inference engine and a knowledge base. The inference engine handles the user interface, external files, scheduling and programaccessing capabilities. The knowledge engine contains data pertaining to a specific problem or domain. ANN = Artificial Neural Network. Malicious Code (MALWARE): Virus: Infects applications. Main function is to reproduce. Macro viruses are easy to write and office products are in wide use. Worms: Reproduce on their own with no need for a host application. Logic Bomb: Will execute certain code when a specific event happens. Trojan Horse: Program disguised as another program. Attacks: SMURF: Requires an attacker, a victim and an amplifying network. ICMP ECHO packets are sent to the broadcast address of a large network with the return address spoofed to be that of the victim. The target network will drown the victim with responses. A counter against the smurf attack is to disable broadcast packets at the border router. Fraggle: Similar to SMURF but uses UDP instead of ICMP. SYN Flood: Repeated SYN packets that will not respond to the SYN/ACK packets. Teardrop: Send very small packets with invalid fragment offset causing the computer to freeze or crash. DOMAINS 5 – CRYPTOGRAPHY A “substitution cipher” is where one character is replaced with another. “Monoalphabetic” substitution uses only one alphabet. The papyrus around the staff is a “scytale” cipher. Enigma Machine: The crucial and secret part of the process (the key) was how the operators advanced the rotors when encrypting and decrypting a message. Cryptography Definitions: Cryptosytem: A system that provides encryption and decryption Key: The secret piece of a well known encryption algorithm Keyspace: Range of values that can be used to construct a key. Cryptography: The science of encrypting written communication. Cryptanalaysis: The process of trying to decrypt encrypted data without the key. Work Factor: Estimate of the effort it would take an attacker to penetrate an encryption method. Cryptology: Study of both cryptography and cryptanalysis. Key Clustering: When two (or more) different keys generate the same ciphertext from the same plain text, this is known as “key clustering”. Goals of CryptoSystems: Confidentiality – Unauthorized parties cannot access the information. Authenticity – Validating the source of a message. Integrity – Assurance that a message was not modified during transmission. Non Repudiation – Sender cannot layer deny sending the message and the receiver cannot deny receiving it. Types of Ciphers: Substitution : Uses a key to know how substitution should be carried out. Transposition: Permutation is used. Does not replace original text with different text – text is moved around. Simple substitution and transposition methods are vulnerable to “frequency analysis” Running and Concealment Ciphers: Running Key Cipher: Does not require a key or algorithms, but steps in the physical world. For example, references to a book. The “key” in this situation is “which book?” Concealment Cipher: A cipher that hides the message among garbage. For example, have each word appear every 5th word in a sentence. “Buy gold” might become “Product is a good buy, it has ten percent gold content”. Government Involvement with Cryptography: Harry Truman created the NSA in 1952. In 1993, government introduced the Clipper chip, based on the Skipjack algorithms. Each chip unit has a key which encrypts a copy of each user’s session key. Each chip also has a unique serial number and a copy of the unit key is stored in a database under this serial number. The transmitted message contains a Law Enforcement Access Field (LEAF) whch contains the serial number of the chip that encrypted the message. The unit key can be retrieved from the database, used to decrypt the session key which in turn can be used to decrypt the message. Weaknesses in the Clipper Chip include: SkipJack algorithm was never publicly scrutinized and tested 80 bit key is weak by current standards. 16 bit checksum can be defeated The clipper chip ID tagged and identified every communication session. Key Escrow: Unit key split in two and given to two different agencies to maintain. Officer needs a court order to request the unit key. Methods of Encryption Cryptographic algorithms can use either symmetric keys (secret keys) or asymmetric keys (public keys). Symmetric Cryptography: Both parties use the same key for encryption and decryption Each pair of users exchanging messages needs their own set of keys – key management becomes a pain. Initial key exchange needs to be out of band Because the same keys are used for encryption and decryption, it does not provide authentication and non-repudiation. Fast and hard to break when a large key size is used. The following algorithms all use Symmetric (Secret) Key Cryptography: Data Encryption Standard (DES) Triple DES (3DES) Blowfish IDEA RC4, RC5 and RC6 Asymmetric Cryptography: Each entity has different keys, a private key and a public key. The two keys are mathematically related, but cannot be derived from one another. A message can only be decrypted with the public key if it was encrypted with the private key – provides authentication. If confidentiality is most important, the sender encrypts with the receiver’s public key and the message can now only be read with the receiver’s private key. This is called a secure message format. If authentication is most important, the sender encrypts with his own private key. The receiver knows it came from the sender because it can be decrypted with the sender’s public key. This is known as open message format because anyone with the sender’s public key can read it. For a message to be A secure and signed format, the sender should encrypt with his own private key and then again with the receiver’s public key. Strengths of Asymmetric cryptography: Better key distribution than with symmetric systems. Better scalability than symmetric systems Can provide confidentiality, authentication and non-repudiation. Weaknesses: Works much slower than symmetric systems. The following are asymmetric key algorithms: RSA Ecliptical Curve Cryptosystem (EC) Diffe-Hellman El-Gamal Digital Signature Standard (DSS) Stream and Block Ciphers: There are two main types of symmetric algorithms: stream and block ciphers: Block Cipher: The message is divided into blocks and bits and the blocks are then put through transposition, substitution and other functions. Block ciphers use confusion and diffusion in their methods. The key dictates what S-boxes are used and in what order. Stream Cipher: Entire message is treated as a stream of bits or bytes. Some stram ciphers use a “keystream generator”. The key provides randomness to the keystream that is applied to the plaintext. A strong stream cipher algorithm has the following characteristics: Long periods of non-repeating patterns within keystreams. Statisitically unpredictable Keystreams are not linearly related to the key. Statistically unbiased – as many 0s as 1s. Stream ciphers are more suited to hardware encryption because they operate a bit at a time. Block ciphers are better suited to software based encryption. Types of Symmetric Encryption Systems Data Encryption Standard: DES is a block encryption algorithm using 64-bit blocks. It uses a 64 bit key: 56 bits of true key and 8 for parity. Characters ar eput through 16 rounds of transposition and substitution. Devised in 1972 as a derivation of the “Lucifer” system DES Describes the DEA (Data Encryption Algorithm) FIPS PUB 46-1 (1977) and ANSI X3.92 (1981) 64bit blocks, 56 bit key and 16 rounds of transformation Uses confusion and diffusion for encrypting plain text. Confusion: Conceals statistical connection between ciphertext and plain text. Uses non-linear substitution boxes (S-Boxes) Diffusion: Spreads the influence of a plain text character over many ciphertext characters. DES has 4 distinct modes of operation: Electronic Code Book (ECB): Native encryption method for DES. Electronic codebook literally operates like a code book. For a given block of plaintext and a given key, the same set of ciphertext is always produced. ECB uses padding to round up to a 64 bit block boundary. ECB is used for small amounts of data such as challenge-response or key management. Not good for large amounts of data as patterns would eventually show. Cipher Block Chaining (CBC) : In Cipher Block Chaining, the value of the previous block processed is a part of the algorithm and key for the next block, so, patterns are not revealed. This chaining effect means that a particular ciphertext block is dependant on all the blocks that came before it, not just the current block. Cipher Feedback Mode (CFB): Previously generated ciphertext from the last block is input to the algorithm to generate random values. Another way of chaining blocks together, but instead of using a value from the previous block, CFB uses the previous block in the ciphertext and combines it with the next block. This mode is used when encrypting individual characters is required. Output Feedback Mode (OFB): Similar to CFB but functions like a stream cipher by generating a random stream of bits to be combined with the plaintext to create ciphertext. Simulates a one time pad. Ciphertext is fed back to the algorithm to form a portion of the next input to encrypt the stream of bits. Triple DES (3DES): Encrypting plaintext with one DES key and then encrypting it with a second DES key is no more secure than using a single DES key, therefore, Triple DES is used to obtain stronger encryption: DES-EDE2: 2 keys are used. Encrypt with 1, decrypt with 2 and then encrypt with 1 again. DES-EEE2: 2 keys used. Encrypt with 1, encrypt with 2, encrypt with 1. DES-EEE3: 3 keys used. Encrypt with 1, encrypt with 2, encrypt with 3. Most secure, but requires 3 keys. Advanced Encryption Standard (AES): Uses Rjindael block cipher which can use 128, 192 or 256 bit keys. AES itself specifies fixed block size of 128 bits. AES is the government standard for encrypting SBU information. The number of rounds of transformation is a function of the key size used: 256 bit – 14 rounds. 192 bit – 12 rounds. 128 bit – 10 rounds. TwoFish: 128 bit blocks in 16 rounds. Key lengths can be up to 256 bits. BlowFish: A block cipher operating on 64 bit blocks with a key length of up to 448 bits. The blocks go through 16 rounds of crypto functions. IDEA: Ideas stands for International Data Encryption Algorithm. It operates on 64 bit blocks and uses a 128 bit key. Performs 8 rounds on 16 bit sub-blocks. Each 64 bit block is divided into 16 smaller blocks and each block has 8 rounds of mathematical functions performed on it. IDEA is harder to crack than DES for the same keysize and is used in PGP. RC5: Block cipher of variable block length. Key can be 0-2048 bits, blocks can be 32, 64 or 128 bits and the number of rounds can be 0 – 255. Created by Ron Rivest and patented by RSA data. Asymmetric Encryption Algorithms RSA: Defactor standard for public encryption. Invented by Ron Rivest, Adi Shamir and Leonard Adleman. Developed at MIT. Security comes from the difficulty of factoring large numbers. Public and private key are functions of a pair of large prime numbers. RSA is used in many web browsers with SSL. El-Gamal: Based on calculating discrete logarithms in a finite field. El-gamal extended Diffie-Hellman to apply to encryption and digital signatures. Elliptical Curve Cryptosystem (ECC): Provides much of the same functionality as RSA: Digital signatures, secure key distribution and encryption. ECC is very resource efficient – ideal for smaller devices. ECC providers higher protection with smaller keys than RSA. An ECC key of 160 bits is equivalent to a 1024-bit RSA key. Public Key Cryptography: Public key cryptography uses an asymmetric encryption for key encryption and secret key encryption for data. We use an asymmetric algorithm to encrypt the secret key. Diffie-Hellman: Used for key distribution, NOT encryption and decryption. Subjects can exchange session keys over a non-secure medium without exposing the keys. Session-Key: “Secret” key used for one data exchange only. Usually randomly generated then encrypted using public cryptography. Public Key Infrastructure (PKI): PKI is an ISO authentication framework that uses public key cryptography and X.509 standard protocols. PKI provides authentication, confidentiality, non-repudation and message integrity. The PKI infrastructure contains the pieces that will identify the user, distribute and maintain keys, distribute and maintain certificates and allow certificate recovation. Each individual taking part in PKI needs a digital signature signed by a CA. Some wellknown Certification Authorities are Entrust and VeriSign. Revocation is handled by the certification revocation list (CRL). PKI is made up of the following entities and functions: Certification Authorities Registration Authorities Certificate Repository Certificate Revocation System Key backup and recovery system Automatic key update Management of key histories Cross-certification with other Cas Time stamping Client side software LDAP is the standard format for accessing certification repositories. Availability and Integrity of LDAP servers is a concern. ISAKMP: Internet Security Association and Key Management Protocol. IKE: ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley, combined. In general: ISAKMP defined the phases for establishing a secure relationship SKEME describes a secure exchange mechanism Oakley defined the modes of operation needed to establish a secure connection. Message Integrity: One-Way Hash: A one-way hash takes a variable length input and produces a fixed-length output, or hash value. A hash value is also known as a message digest. If a sender only wants a specific person to view the hash value sent with the message, the value would be encrypted with a key. This is referred to as the message authentication code. Basically, the MAC is a oneway hash value that is encrypted with a symmetric key. Digital Signature: A digital signature is an encrypted hash value. A digital signature provides authentication because the message digest is encrypted with the sender’s private key. Overview/review: A message can be encrypted, providing confidentiality. A message can be hashed, providing integrity. A message can be digitally signed, providing authentication and integrity. A message can be encrypted and signed, providing confidentiality, authentication and integrity. Digital Signature Standard – DSS: The Federal Government requires its departments to use the DSA & SHA. SHA creates a 160-bit output which is then input to DSA which signs the message. The DSA (Digital Signature Algorithm) can only be used for signatures, not encryption. Different Hashing Algorithms Good hash functions should have the following characteristics: Computed on the entire message, not a part of it. One-way function so that messages are not disclosed by their signatures. Should be impossible, given a message and its hash value, to compute another message with the same hash value. Should be resistant to birthday attacks – should not be able to find two messages with the same hash value (collision free). Some common hashing algorithms include: MD2: 128 bit hash, slower than MD4 and MD5 MD4: 128 bit hash. MD5: 128 bit hash. More complex than MD4. Processes text in 512 bit blocks. HAVAL: Variable length hash. Haval is a modification of the MD5 algorithm with more protection from common attacks against MD5. Processes text in 1024 bit blocks. SHA: 160-bit hash value. Used with DSA. SHA-1: Updated version of SHA. Attacks against one-way hash functions: Birthday Attack: Using collusions to reverse engineer hash values. Finding two messages that produce the same hash value. One-Time Pad: A one time pad, implemented correctly, is unbreakable as each pad is used only once. A non-repeating set of bits are XORed with the message to produce ciphertext. The key is the same size at the message and the sender and receiver must be perfectly in synch. This encryption method is not practically used much. Key Management Key management causes one of the biggest headaches in encryption implementation. RSA and Diffie Hellman are key exchange protocols. General rules for keys and key management include: Key length should be enough to provide the necessary level of protection. Keys should be stored and transmitted by secure means. Keys should be extremely random and use full spectrum of the keyspace Key lifetime should correspond with the sensitivity of the data it is protecting. The more the key is used, the shorter its lifetime should be. The key should be backed up or escrowed in case of emergencies. The key should be properly destroyed once its lifetime comes to an end. Link Vs End to End Encryption Advantages of end-to-end encryption: Protects information from start to finish More flexibility for the user in choosing what gets encrypted and how Higher granularity of encryption is available because each application or user can choose a different key. Each hop on the network does not need to have a key to decrypt each packet. Disadvantages of end-to-end encryption: Headers, addresses and router information is not encrypted and therefore not protected. Destination needs to have same encryption mechanisms to properly decrypt the message. Advantages of link (lower layer) encryption: All data is encrypted, including headers, addresses and routing information. Users do not need to do anything to initiate it. Disadvantages of link encryption: Each hop must have a key, making key distribution and management more complex. Messages are decrypted at each hop, thus more points of vulnerability. Email Standards Privacy Enchanced Email (PEM): PEM is a series of message authentication and encryption procedures developed by several governing groups. Primary features are: Messages are encrypted with DES in CBC mode. Authentication is provided by MD2 or MD5 Public key management using RSA X.509 standard for certification structure and format. Message Security Protocol (MSP): MSP is the military’s PEM. It was developed by the NSA and is an X.400 compatible application layer protocol. Pretty Good Privacy (PGP): PGP uses RSA public key encryption for key management, IDEA for bulk encryption of data and MD5 for authenticity. PGP does not use Certification Authorities but relies instead on a “web of trust”. Internet Security “The web is not the internet. The web runs on top of the internet.” S-HTTP: Secure Hypertext Transport Protocol. In this protocol, the client and server agree on a protection method and then the client sends the server its public key. The server generates a session key, encrypts it with the client public key and sends it back. S-HTTP maintains an option connection for the duration of the session. SSL: SSL is similar to S-HTTP but protect the communication channel itself instead of individual messages. The server sends a message to the client that a secure session is required and the client sends its public key and security requirements back to the server. The server compares the security parameters with its own to find a match and then sends the client a digital certificate. If the client trusts the certificate, the process continues. SSL keeps the communication path open. MIME: Multipurpose Internet Mail Extension: If a message or document contains a multimedia attachment, MIME dictates how that portion of the message should be handled. S/MIME: S/MIME is a standard for encrypting and digitally signing mail that contains attachments. SET – Secure Electronic Transaction: Security technology proposed by Visa and Mastercard for more secure online credit card transactions. Suppliers never see the credit card information. Cookies: Sometimes cookies can contain login and password information that is either not encrypted or encrypted weakly. This is a vulnerability. Secure Shell (SSH): SSH functions as a type of tunneling mechanism that provides terminal like access to remote computers. IPSEC (Internet Protocol Security): The IPSEC protocol is a method of setting up a secure channel for protected data exchange between two devices. IPSEC is a widely accepted standard for secure network layer transport. It is usually used to establish VPNs. IPSEC uses two basic protocols: Authentication Header (AH) and Enscapsulating security Payload (ESP). IPSEC works on one of two modes: Tunnel Model: only the payload is encrypted. Transport Mode: payload, routing and header information are all encrypted. Each device has one security association (SA) for each session connection, one for inbound and one for outbound. The SA contains the configuration that the device needs to know about. Each device has a security parameter index that keeps track of each SA. When a packet is received, the steps are: 1. Identify appropriate SA, secret key and algorithm. 2. Calculate hash value of the packet to authenticate source and verify data integrity. 3. Authenticate the source. 4. Identify correct cryptographic algorithm (DES or 3DES) and secret key. 5. Decrypt the message. ISAKMP: Internet Security Associated and Key Management Protocol. Cryptography Attacks The following sections go over active attacks that can relate to cryptography: Ciphertext Only Attack: Attacker has the ciphertext of several messages encrypted using the same algorithm. Known Plaintext Attack: Attacker has plaintext and ciphertext of one or more messages. The goal is to discover the key used to encrypt the messages. Chosen Plaintext Attack: Attacker has plaintext and ciphertext and can choose the plaintext that gets encrypted. Chosen Ciphertext Attack: Attacker can choose ciphertext to be decrypted and has access to the decrypted plaintext. Man-in-the-middle attack: Intercepting public key and replacing it with your own, and then intercepting subsequent messages intended for someone else. Using digital signatures during session-key exchange can circumvent man in the middle attacks. Dictionary attack: Running dictionaries of words through one-way HASH functions to see if the hash value matches what you have. Common method of cracking Unix passwords. Replay attacks: When an attacker copies a ticket, breaks the encryption and tries to impersonate the client by resubmitting the ticket at a later time. Kerberos is particularly vulnerable to this type of attack. Timestamps and sequence numbers are two common counter-measures to replay vulnerabilities. Wireless Security Wireless Application Security (WAP): WAP is a set of protocols that cover layer 7 to layer 3 of the ISO model. The WAP protocol stack contains the following: Wireless Markup Language (WML) Wireless Application Environment (WAE) Wireless Wireless Wireless Wireless Session Protocol (WSP) Transport Protocol (WTP) Transport Layer Security Protocol (WTLS) Datagram Protocol (WDP) WTLS provides 3 classes of security: Class 1: Anonymous authentication. Neither client or server is certain of the identify of the other. Class 2: Server authentication. Class 3: Two-way client and server authentication. HDML: Handheld device markup language is a simple alternative to WML. C-HTML: Compact HTML, widely used in Japan. Wired Equivalent Privacy: Secret key shared between clients and access points. Must have the shared key to associate with the access point. WEP uses the RC4 variable key-size stream cipher encryption algorithm. RC4 was developed in 1987 by Ronald Rivest and operates in output feedback mode. Security of the WEB algorithm is weak, in the native 40-bit and even the 128 bit versions. Domain 6 - Security Architecture and Models A security model is a statement that outlines the requirements necessary to properly support a certain security policy. “Security is best if it is built into the foundation of operating systems and applications” Computer Architecture CPU: Contains ALU, Control Unit and primary storage. Protection Rings: Operating system concept. Inner rings have most privileges. Inner rings can directly access outer rings, but not vice versa. A typical arrangement might be: Ring Ring Ring Ring 0 1 2 3 : : : : Operating system & Kernel Remaining parts of operating system I/O drives and utilities Applications and programs. MITs MULTICS is an example of an operating system using this concept. Operating Systems Operating systems can be in one of several states: Ready : Ready to resume processing Supervisory : Executing a highly privileged routine Problem State: Executing an application (working on a problem) Wait State : Waiting for a specific event to complete or resource to become free. An operating system implements security using many mechanisms, including: Protection Rings Mapping Memory Implementing virtual machines Working in different states Assigning trust levels to each process Process Vs Thread A process is a program in execution with its own address space. Threads are pieces of code executed within a process. Memory Addressing Modes Register: Addresses registers within the CPU. Direct: Actual addresses. Usually limited to current memory page. Absolute: Address of all primary memory space. Can hit any memory address directly. Indexed: Adding contents of addresses in programs instruction to that of a memory (index) register. Implied: Operations internal to the processor, such as clearing of a carry bit. Indirect: The address specified in the instruction contains the address where the actual data can be found. Processing Methods Some methods to improve system performance at the hardware level are: Pipelining: Overlapping the steps of different instructions to run close to concurrently. CISC: Complex Instruction Set Computer. In earlier technologies, the “fetch” cycle was the slowest port. By packing instructions wtih several operations, number of fetches were reduced. RISC: Reduced instruction set computer. Instructions are simple and require fewer clock cycles. Scalar Processor: One instruction at a time. Superscalar Processor: Enabled concurrent execute of multiple instructions in some pipeline stage. Very Long Instruction Word (VLIW) Processor: A single instruction specifies more than one concurrent operation. System (Security) Architecture Some of the biggest questions in systems security architecture are: Where should the protection take place? User’s end? Where the data is stored? Restricting user activites? At which layers should mechanisms be implemented? Hardware, kernel, o/s, services or program layers? “The more complex a security mechanism becomes, the less assurance it provides” -> Functionality and Assurance Compromise. What system mechanisms need to be trusted? How can these entities interract in a secure manner? Some important terms and definitions relating to system architecture are: Trusted Computer Base: Combination of protection mechanisms within a system, including hardware, software and firmware. Not every part of a system needs to be trusted and therefore do not fall under the TCB. Reference Monitor: Abstract system concept that mediates all access the subjects have to objects. This is a concept, not a component. Security Kernel: Hardware, firmware and software that fall under the TCB and implement the reference monitor concept. The security kernal is the core of the TCB. The security kernal must: Mediate all access to objects in the system. Be protected from modification Be verified as correct. Domains: Set of objects that a subject can access. Domains have to be identified, seperated and strictly enforced. Resource Isolation: Enables each subject and object to be uniquely identified, permissions and rights to be assigned independantly, accountability to be enforceable and activities to be tracked precisely. “Security policies that prevent information from flowing from a high security level to a lower security level are multilevel security policies.” “The execution and memory space assigned to each process is called a protection domain.” Virtual Machine Monitor: Each “machine” runs at a different security level. Security Models: “A model is a symbolic representation of a policy. It maps the desires of the policy into a set of rules to be followed by a computer system.” “Security policy provides the abstract goals, the security model defines the dos and donts to achieve those goals” Bell-LaPadula Model: Developed by the military in the 1970s to address leakage of classified information. Main goal is confidentiality. A system using the Bell-LaPadula model would be classified as a multi-level security system. The Bell-LaPadula is a state machine model, and could also be categorized as an information flow model. Simple Security Rule : Cannot read data at a higher level. Star (*) Property: Cannot write data to a lower level. Bell-LaPadula also uses a discretionary access control matrix to handle exceptions. This may allow a trusted subject to violate the *-property, but not its intent. IE, a low-sensitivity paragraph in a higher level document being moved to a low-sensitivity document is ok, but might require an override of the * property. Criticisms of Bell-LaPadula: Only deals with confidentiality, not integrity. Does not adress acess control management. Does not address covert channels. Does not adress file sharing in more modern systems. Secure state transition is not explicitly defined. Only addresses multi-level security policy type. Biba Model: The Biba model is also a state machine model and similar to Bell-LaPadula, except is addresses data integrity rather than data confidentiality. The data integrity is characterized by three goals: 1. Protection from modification by unauthorized users. 2. Protection from unauthorized modification by authorized users. 3. Internally and externally consistent. The following rules of the Biba model implement these goals: Simple Integrity Axiom: No read down. Star (*) Integrity Axiom: No writing up. Subjects at one level of integrity cannot invoke an object or subject at a higher level of integrity. Clark-Wilson Model: The Clark-Wilson model takes a different approach to protecting integrity. Users cannot access objects directly, but must go through programs that control their access. “Usually in an information flow model (Bell-LaPadula and Biba), information can flow from one level to another until a restricted operation is attempted. At this point, the system checks an access control matrix to see if the operation has been explicity permitted”. The Clark-Wilson model defines the following terms: Constrained Data Item (CDI): Data item whose integrity is to be protected. Integrity Verification Procedure (IVP): Program that verifies integrity of CDI. Transformation Procedure (TP): Unconstrained Data Item: Data outside of the control of the model. For example, input data. Information Flow Models: Each object is assigned a security class or value. Information is constrained to flow only in the directions permitted by the security policy. Security Modes of Operation The “mode of operation” defines the security conditions under which the system actually functions: Dedicated Security Mode: ALL users have the clearance and the “need to know” to all the data within the system. System-High Security Mode: All users have clearance and authorization to access the information in the system, but not necessarily a need to know. Compartmented Security Mode: All users have the clearance to all information on the system but might not have need to know and formal access approvial. Users can access a compartment of data only. Multilevel Security Mode: Permits two or more classification levels of information to be processed at the same time. Users do not have clearance for all of the information being processed. Limited Access: Minimum user clearance is “not cleared” and the maximum data classification is “sensitive but unclassified”. Controlled Access: Limted amount of trust placed on system hardware and software. Trust – assurance of trust implies a much deeper knowledge of the building process, etc. Systems Evaluation Methods The “Orange” Book: The US Dept of defence developed TCSEC (Trusted Computer Systems Evaluation Criteria) to provide a graded classification for computer system security. The graded classification hierarchy is: A – Verified Protection B – Mandatory Protection C – Discretionary Protection D – Minimal Security The evaluation criteria involves 4 main area: Security, Polciy, Accountabilty and Assustance and Testing, but these break down into 7 specific areas: 1. Security policy – explicit, well defined, enforced by mechanisms in the system itself. 2. Identification – individual subjects must be uniquely identified in the system. 3. Labels – labels must be associated with individual objects. 4. Documentation – test, design and specification documentation. User guides and manuals. 5. Accountability – audit data is captured and protected. Relies on identification. 6. Life Cycle Assurance – Software, hardware and firmware can be tested individually to ensure that each enforces security policy. 7. Continuous Protection – Ongoing review and maintenance of the security. Products for evaluation under TCSEC are submitted to the National Computer Security Center (NCSC). The Trusted Products Evalation Program (TPEP) puts successfully evaluated products on the Evaluated Product List – EPL. TCSEC Ratings: Division D : Minimal Protection All systems that fail to meet the requirements of the higher divisions fall under this category. Division C : Discretionary Protection C1: Discretionary Security Protection Based on individuals and/or groups. Identification and authorization of individual entities. Protected execution domain for privileges processes. Design, test and user documentation. C2: Controlled Access Protection Security relevent events are audited. Object reuse concept must be invoked (including memory) Strict login procedures. The C2 rating is the most reasonable class for commercial applications. Division B : Mandatory Protection Division B enforces mandatory protection by the use of security labels and the reference monitor concept. B1 : Labelled Security Each object must have a classification label and each user must have a clearance label. Security labels are mandatory in class “B” B2 : Structured Protection System design and implementation are subject to a more thorough review and testing process. Well-defined interfaces between system layers. Covert stoage channels are addressed. Trusted path required for login and authentication. Seperation of operator and administrator functions. B3 : Security Domains More granularity in each protection mechanism Code not necessary to support the security policy is excluded from the system. Reference monitor component must be small enough to be isolated and tested fully. System fails to a secure state. Division A : Verified Protection Formal methods are used to ensure that all subjects and objects are controlled. A1 : Verified Design Feature and architectures are not much different than B3, the difference is in the development process. Assurance is higher because the formality in the way the system was designed and built is much higher. Stringent change and configuration management. Summary of Ratings: D – Minimal Protection C – Discretionary protection C1 : Discretionary Security Protection C2 : Controlled Access Protection B – Mandatory Protection B1 : Labelled Security B2 : Structured Protection B3 : Stuctured Domains A – Verified Protection A1 : Verified Design The Red Book: TNI (Trusted Network Interpretation). The red book is an interpretation of the Orango book for networks and network components. The Red Book TNI ratings are: None C1 – Minimum C2 – Fair B2 – Good DITSCAP Defense Information Technology Security Certification and Accreditation Process. Has 4 phases: 1. 2. 3. 4. Definition Verification Validation Post Accreditation NIACAP National Information Assurance Cerficiation and Accreditation Process. Has several types of accreditation Side Accreditation: Applications and systems at a self-contained location. Type Accreditation: An application or system distributed to a number of different locations. System Accreditation: Major application or general support system. CIAP Commercial Information Security Assessment Process – in development. ITSEC – Information Technology Security Evalation Criteria This accreditation system is used in Europe. Two main elements of a system are evaluated by ITSEC or TCSET: Functionality and Assurance. Two systems with the same functionality can have different assurance levels. ITSEC seperates these two elements and rates them seperately. In ITSEC, F1 to F10 rate the functionality and E0 through E6 rate the assurance: ITSEC E0 F1 + E1 F2 + E2 F3 + E3 F4 + E4 F5 + E5 F5 + E6 F6 F7 F8 F9 F10 TCSEC D0 C1 C2 B1 B2 B3 A1 High Integrity High Availability Data Integrity during communication High Confidentiality (encryption) Networks with high demands on confidentialy and integrity. Security products or systems are referred to as TOE – Target of Evaluation. 10 functionality classes – F 8 Assurance Levels - Q 7 correctness levels - E CTCPEC Canadian Truster Computer Product Evaluation Criteria COMMON CRITERIA Internation standard evaluation criteria, initiated by ISO in 1990 and started in 1993. One specific set of classifications, internationally recognized. Evaluates a product against a “protection profile” which is structured to address specific security problems. A product is assigned an EAL – Evaluation Insurance Level – EAL1 – EAL7. Similar to other criteria, the common criteria answers two basic questions: 1. What does it do? (funcionality) 2. How sure are you? (assurance) The protection profile contains: Descriptive elements Rationale Functional Requirements Development Assurance Requirements Evaluation Assurance Requirements Certification: Technical evaluation of security components and their compliants for the purpose of accreditation. Accreditation: Formal acceptnace of the system’s overall adequacy by management. Based partly on certification information. SSE-CMM : System Security Engineering, Capability Maturity Model Based on the premise “If you can guarantee the quality of the processes that are used by an organization, you can guarantee the quality of the products and services generated by those processes.” Two dimensions are used to measure the capability of an organization to perform specific activies. The two dimensions are domain and capability. Domain: All the practices that collectively define security engineering. Base practices: Related base practices are grouped into Process Areas (PAs) Capability: Practices that indicate process management and institutionalization capability. Generic Pratices (GPs). The GPs represent activities that should be performed as part of BPs. In the domain dimension, SSE-CMM defeined 11 security engineering process areas and 11 administrative process areas. Threats: Some threats to security models and architectures are: Covert Channels: Information flow not controlled by the security mechanism. Covert timing channel Covert storage channel. Addresses in TCSEC B2 and higher. Back Doors: Also known as maintenance hooks / trapdoors. Timing Issues: Also known as ‘asynchronous attack’. Deals with the timing different in the sequence of steps a system uses to complete a task. Time of Check vs Time of Use (TOC/TOU) – Also known as “race conditions” Buffer Overflows: “Smashing the stack”. Each of these can lead to a violation of the system security policy. Recovery Procedures: The system must recover/restart from an error in a secure state – maintenance mode: access only by privileged users from privileged terminals. Failsafe: Program execution terminated, system protected from compromise. Failsoft (resilient): Non-critical processing is terminated. Failover: Switching to duplicate (hot) backup in realtime. Cold start: System cannot be restored to a known secure state. Domain 6 - Security Architecture and Models A security model is a statement that outlines the requirements necessary to properly support a certain security policy. “Security is best if it is built into the foundation of operating systems and applications” Computer Architecture CPU: Contains ALU, Control Unit and primary storage. Protection Rings: Operating system concept. Inner rings have most privileges. Inner rings can directly access outer rings, but not vice versa. A typical arrangement might be: Ring Ring Ring Ring 0 1 2 3 : : : : Operating system & Kernel Remaining parts of operating system I/O drives and utilities Applications and programs. MITs MULTICS is an example of an operating system using this concept. Operating Systems Operating systems can be in one of several states: Ready : Ready to resume processing Supervisory : Executing a highly privileged routine Problem State: Executing an application (working on a problem) Wait State : Waiting for a specific event to complete or resource to become free. An operating system implements security using many mechanisms, including: Protection Rings Mapping Memory Implementing virtual machines Working in different states Assigning trust levels to each process Process Vs Thread A process is a program in execution with its own address space. Threads are pieces of code executed within a process. Memory Addressing Modes Register: Addresses registers within the CPU. Direct: Actual addresses. Usually limited to current memory page. Absolute: Address of all primary memory space. Can hit any memory address directly. Indexed: Adding contents of addresses in programs instruction to that of a memory (index) register. Implied: Operations internal to the processor, such as clearing of a carry bit. Indirect: The address specified in the instruction contains the address where the actual data can be found. Processing Methods Some methods to improve system performance at the hardware level are: Pipelining: Overlapping the steps of different instructions to run close to concurrently. CISC: Complex Instruction Set Computer. In earlier technologies, the “fetch” cycle was the slowest port. By packing instructions wtih several operations, number of fetches were reduced. RISC: Reduced instruction set computer. Instructions are simple and require fewer clock cycles. Scalar Processor: One instruction at a time. Superscalar Processor: Enabled concurrent execute of multiple instructions in some pipeline stage. Very Long Instruction Word (VLIW) Processor: A single instruction specifies more than one concurrent operation. System (Security) Architecture Some of the biggest questions in systems security architecture are: Where should the protection take place? User’s end? Where the data is stored? Restricting user activites? At which layers should mechanisms be implemented? Hardware, kernel, o/s, services or program layers? “The more complex a security mechanism becomes, the less assurance it provides” -> Functionality and Assurance Compromise. What system mechanisms need to be trusted? How can these entities interract in a secure manner? Some important terms and definitions relating to system architecture are: Trusted Computer Base: Combination of protection mechanisms within a system, including hardware, software and firmware. Not every part of a system needs to be trusted and therefore do not fall under the TCB. Reference Monitor: Abstract system concept that mediates all access the subjects have to objects. This is a concept, not a component. In order for a reference monitor to be trusted: It must be tamperproof (isolation) It must be invoked for all access requests to an object – there must be no path that can by bypass the reference monitory (completeness) Must be small enough for thorough validation (verifiability) Security Kernel: Hardware, firmware and software that fall under the TCB and implement the reference monitor concept. The security kernal is the core of the TCB. The security kernal must: Mediate all access to objects in the system. Be protected from modification Be verified as correct. Domains: Set of objects that a subject can access. Domains have to be identified, seperated and strictly enforced. Resource Isolation: Enables each subject and object to be uniquely identified, permissions and rights to be assigned independantly, accountability to be enforceable and activities to be tracked precisely. “Security policies that prevent information from flowing from a high security level to a lower security level are multilevel security policies.” “The execution and memory space assigned to each process is called a protection domain.” Virtual Machine Monitor: Each “machine” runs at a different security level. Security Models: “A model is a symbolic representation of a policy. It maps the desires of the policy into a set of rules to be followed by a computer system.” “Security policy provides the abstract goals, the security model defines the dos and donts to achieve those goals” Bell-LaPadula Model: Developed by the military in the 1970s to address leakage of classified information. Main goal is confidentiality. A system using the Bell-LaPadula model would be classified as a multi-level security system. The Bell-LaPadula is a state machine model, and could also be categorized as an information flow model. Simple Security Rule : Cannot read data at a higher level. Star (*) Property: Cannot write data to a lower level. Confinement property. Bell-LaPadula also uses a discretionary access control matrix to handle exceptions. This may allow a trusted subject to violate the *-property, but not its intent. IE, a low-sensitivity paragraph in a higher level document being moved to a low-sensitivity document is ok, but might require an override of the * property. Criticisms of Bell-LaPadula: Only deals with confidentiality, not integrity. Does not adress acess control management. Does not address covert channels. Does not adress file sharing in more modern systems. Secure state transition is not explicitly defined. Only addresses multi-level security policy type. Biba Model: The Biba model is also a state machine model and similar to Bell-LaPadula, except is addresses data integrity rather than data confidentiality. The data integrity is characterized by three goals: 4. Protection from modification by unauthorized users. 5. Protection from unauthorized modification by authorized users. 6. Internally and externally consistent. The following rules of the Biba model implement these goals: Simple Integrity Axiom: No read down. Star (*) Integrity Axiom: No writing up. Subjects at one level of integrity cannot invoke an object or subject at a higher level of integrity. Clark-Wilson Model: The Clark-Wilson model takes a different approach to protecting integrity. Users cannot access objects directly, but must go through programs that control their access. “Usually in an information flow model (Bell-LaPadula and Biba), information can flow from one level to another until a restricted operation is attempted. At this point, the system checks an access control matrix to see if the operation has been explicity permitted”. Unlike Biba, the Clark-Wilson model addresses all three integrity goals: Preventing unauthorized users from making modifications. Maintaining internal and external consistency Preventing authorized users from making improper modifications. The Clark-Wilson model defines the following terms: Constrained Data Item (CDI): Data item whose integrity is to be protected. Integrity Verification Procedure (IVP): Program that verifies integrity of CDI. Transformation Procedure (TP): Unconstrained Data Item: Data outside of the control of the model. For example, input data. Information Flow Models: Each object is assigned a security class or value. Information is constrained to flow only in the directions permitted by the security policy. Security Modes of Operation The “mode of operation” defines the security conditions under which the system actually functions: Dedicated Security Mode: ALL users have the clearance and the “need to know” to all the data within the system. System-High Security Mode: All users have clearance and authorization to access the information in the system, but not necessarily a need to know. Compartmented Security Mode: All users have the clearance to all information on the system but might not have need to know and formal access approval. Users can access a compartment of data only. Multilevel Security Mode: Permits two or more classification levels of information to be processed at the same time. Users do not have clearance for all of the information being processed. Limited Access: Minimum user clearance is “not cleared” and the maximum data classification is “sensitive but unclassified”. Controlled Access: Limited amount of trust placed on system hardware and software. Trust – assurance of trust implies a much deeper knowledge of the building process, etc. Systems Evaluation Methods The “Orange” Book: The US Dept of defense developed TCSEC (Trusted Computer Systems Evaluation Criteria) to provide a graded classification for computer system security. The graded classification hierarchy is: A – Verified Protection B – Mandatory Protection C – Discretionary Protection D – Minimal Security The evaluation criteria involves 4 main area: Security, Policy, Accountability and Assurance and Testing, but these break down into 7 specific areas: 8. Security policy – explicit, well defined, enforced by mechanisms in the system itself. 9. Identification – individual subjects must be uniquely identified in the system. 10. Labels – labels must be associated with individual objects. 11. Documentation – test, design and specification documentation. User guides and manuals. 12. Accountability – audit data is captured and protected. Relies on identification. 13. Life Cycle Assurance – Software, hardware and firmware can be tested individually to ensure that each enforces security policy. 14. Continuous Protection – Ongoing review and maintenance of the security. Products for evaluation under TCSEC are submitted to the National Computer Security Center (NCSC). The Trusted Products Evaluation Program (TPEP) puts successfully evaluated products on the Evaluated Product List – EPL. TCSEC Ratings: Division D : Minimal Protection All systems that fail to meet the requirements of the higher divisions fall under this category. Division C : Discretionary Protection C1: Discretionary Security Protection Based on individuals and/or groups. Identification and authorization of individual entities. Protected execution domain for privileges processes. Design, test and user documentation – life cycle assurance through security testing. Documentation to include Security feature’s user guide and trusted facility manual. C2: Controlled Access Protection Security relevant events are audited. Object reuse concept must be invoked (including memory) Strict login procedures. The C2 rating is the most reasonable class for commercial applications. Division B : Mandatory Protection Division B enforces mandatory protection by the use of security labels and the reference monitor concept. B1 : Labeled Security Each object must have a classification label and each user must have a clearance label. Security labels are mandatory in class “B” Mandatory access control for a defined subset of subjects and objects. B2 : Structured Protection System design and implementation are subject to a more thorough review and testing process. Well-defined interfaces between system layers. Covert storage channels are addressed. Trusted path required for login and authentication. Separation of operator and administrator functions (trusted facility management) Mandatory access control for all subjects and objects. Formal policy model, structured design and configuration management. B3 : Security Domains More granularity in each protection mechanism Code not necessary to support the security policy is excluded from the system. Reference monitor component must be small enough to be isolated and tested fully. System fails to a secure state. Division A : Verified Protection Formal methods are used to ensure that all subjects and objects are controlled. A1 : Verified Design Feature and architectures are not much different than B3, the difference is in the development process. Assurance is higher because the formality in the way the system was designed and built is much higher. Stringent change and configuration management. Format methods of covert channel analysis. Summary of Ratings: D – Minimal Protection C – Discretionary protection C1 : Discretionary Security Protection C2 : Controlled Access Protection B – Mandatory Protection B1 : Labeled Security B2 : Structured Protection B3 : Structured Domains A – Verified Protection A1 : Verified Design The Red Book: TNI (Trusted Network Interpretation). The red book is an interpretation of the Orange book for networks and network components. The Red Book TNI ratings are: DITSCAP None C1 – Minimum C2 – Fair B2 – Good Defense Information Technology Security Certification and Accreditation Process. Has 4 phases: 5. 6. 7. 8. Definition Verification Validation Post Accreditation NIACAP National Information Assurance Cerficiation and Accreditation Process. Has several types of accreditation Side Accreditation: Applications and systems at a self-contained location. Type Accreditation: An application or system distributed to a number of different locations. System Accreditation: Major application or general support system. CIAP Commercial Information Security Assessment Process – in development. ITSEC – Information Technology Security Evalation Criteria This accreditation system is used in Europe. Two main elements of a system are evaluated by ITSEC or TCSET: Functionality and Assurance. Two systems with the same functionality can have different assurance levels. ITSEC seperates these two elements and rates them seperately. In ITSEC, F1 to F10 rate the functionality and E0 through E6 rate the assurance: ITSEC E0 F1 + E1 F2 + E2 F3 + E3 F4 + E4 F5 + E5 F5 + E6 F6 F7 F8 F9 F10 TCSEC D0 C1 C2 B1 B2 B3 A1 High Integrity High Availability Data Integrity during communication High Confidentiality (encryption) Networks with high demands on confidentialy and integrity. Security products or systems are referred to as TOE – Target of Evaluation. 10 functionality classes – F 8 Assurance Levels - Q 7 correctness levels - E The ITSEC assurance classes are: E0 : Inadequate assurance to quality for E1. E1 : Informal definition of TOE architectural design. TOE satisfies functional testing. E2 : E1 + information description of detailed design. Configuration control and approved distribution procedure. E3 : E2 + source code and/or drawing have been evaluated. E4 : E3 + a formal model of security policy. E5 : E4 + close correspondence between detailed design and source code/drawings. E6 : E5 + Formal specification of security enforcing functions. Consistency with formal security policy model. CTCPEC Canadian Truster Computer Product Evaluation Criteria COMMON CRITERIA Internation standard evaluation criteria, initiated by ISO in 1990 and started in 1993. One specific set of classifications, internationally recognized. Evaluates a product against a “protection profile” which is structured to address specific security problems. A product is assigned an EAL – Evaluation Insurance Level – EAL1 – EAL7. Similar to other criteria, the common criteria answers two basic questions: 3. What does it do? (funcionality) 4. How sure are you? (assurance) The protection profile contains: Descriptive elements Rationale Functional Requirements Development Assurance Requirements Evaluation Assurance Requirements Certification: Technical evaluation of security components and their compliants for the purpose of accreditation. Accreditation: Formal acceptnace of the system’s overall adequacy by management. Based partly on certification information. SSE-CMM : System Security Engineering, Capability Maturity Model Based on the premise “If you can guarantee the quality of the processes that are used by an organization, you can guarantee the quality of the products and services generated by those processes.” Two dimensions are used to measure the capability of an organization to perform specific activies. The two dimensions are domain and capability. Domain: All the practices that collectively define security engineering. Base practices: Related base practices are grouped into Process Areas (PAs) Capability: Practices that indicate process management and institutionalization capability. Generic Pratices (GPs). The GPs represent activities that should be performed as part of BPs. In the domain dimension, SSE-CMM defeined 11 security engineering process areas and 11 administrative process areas. Threats: Some threats to security models and architectures are: Covert Channels: Information flow not controlled by the security mechanism. Covert timing channel Covert storage channel. Addresses in TCSEC B2 and higher. Back Doors: Also known as maintenance hooks / trapdoors. Timing Issues: Also known as ‘asynchronous attack’. Deals with the timing different in the sequence of steps a system uses to complete a task. Time of Check vs Time of Use (TOC/TOU) – Also known as “race conditions” Buffer Overflows: “Smashing the stack”. Each of these can lead to a violation of the system security policy. Recovery Procedures: The system must recover/restart from an error in a secure state – maintenance mode: access only by privileged users from privileged terminals. Failsafe: Program execution terminated, system protected from compromise. Failsoft (resilient): Non-critical processing is terminated. Failover: Switching to duplicate (hot) backup in realtime. Cold start: System cannot be restored to a known secure state. DOMAIN 7 – Operations Security Operations security is concerned with triples: threat, vulnerability, asset. Categories of Controls: Preventative Controls Detective Controls Corrective (Recovery) Controls Additional categories include: Deterrent Controls Application Controls Transaction Controls - Input Controls - Processing Controls - Output Controls - Change Controls - Test Controls Orange Book Controls: The Orange Book defined two types of assurance: operational assurance and life cycle assurance. Operational assurance requirements specified in the orange book are: System architecture System integrity Covert channel analysis Trusted facility management Trusted recovery Life cycle assurance requirements specific in the orange book are: Security testing Design specification and testing Configuration management Trusted distribution Covert Channel Analysis: Involves covert storage channels and covert timing channels. Covert Channel Requirements: B2 – Must perform covert channel analysis and protect against covert storage channels. B3/A1 – Must protect against covert storage and covert timing channels. Must perform covert channel analysis for both types. Trusted Facility Management: Trusted facility management is defined as the assignment of a specific individual to administer security related functions of a system. Trusted facility management is closely related to concepts of least privilege, need to know and seperation of duties. B2: Systems must support seperate operator and administrator roles. B3/A1: System must clearly identify the functions of the security administrator to perform the security related functions. Two-man control: Two operators review and approve the work of the other. Dual Control: Both operators are needed to complete a sensitive task. Trusted Recovery: Trusted recovery ensures that security is not breached when a system crash or other system failure (discontinuity) occurs. Trusted recovery is required only at B3 and A1 levels. System Recovery: The common criteria has a hierarchy of three recovery types: 1. Manual recovery : Sysadmin intervention required. 2. Automated recovery : Recovery after a single failure is automatic. 3. Automated recovery without undue loss. Configuration / Change control management: The primary goal of configuration management is to ensure that changes to the system do not unintentionally diminish security. Configuration management is a requirement for B2, B3 and A1 systems. Five generally accepted procedures exist to implement and support the change control process: 1. 2. 3. 4. 5. Applying to introduce a change. Cataloging the intended change. Scheduling the change. Implementing the change. Reporting the change to the appropriate parties. B2 or B3: Configuration management procedures must be enforced during development and maintenance of a system. A1 : Configuration management procedures must be enforced during the entire systems life-cycle. Administrative Controls: These controls have more to do with human resources, personnel and policy than they do with hardware or software controls. Personnel security : Background checks, mandatory vacations, etc. Seperation of duties. Least privilege. Need to know. Change control / configuration management. Record retention and documentation. Operations Controls: Operations controls embody the day-to-day procedures used to protect computer operations. The following are the most important aspects of operations controls: Resource protection: Hardware / software / data. Hardware controls: Maintenance accounts, maintenance personnel, diagnostic ports, hardware physical control. Software controls: Anti-virus managements, software testing, software utilities, safe software storage and backup controls. Privileged Entity Controls: System commands, special parameters. Media Resource Protection: Two areas: media security controls and media viability controls. Physical access controls Monitoring and Auditing: Problem identification and problem resolution are the primary goals of monitoring. DOMAIN 8 – DISASTERY RECOVERY PLANNING AND BUSINESS CONTINUITY PLANNING Disaster recovery planning has the goal of minimizing the effects of a disaster. Contingency planning deals with providing methods and procedurs for dealing with longer term outages and disasters. The most critical piece overall is management support. The Business Impact Analysis (BIA) is a crucial first step in disastery recovery and contingency planning. The goal is to see exactly how a business will be affected by different threats. Time-loss curves show the total impact over specific time periods. The main goals of disaster recovery planning is to: Improve responsiveness by the employees in different situations. Ease confusion by providing written procedures and participation in drills Help make logical decisions during a crisis Disaster Recovery Planning: A disaster recovery plan is a comprehensive statement of consistent actions to be takenb before, during, and after a disruptive event that causes a significant loss of information system resources. Phases of Development: The phases of development for a DRP/BCP program should be: Initiation Business impact analysis Strategy development Plan development Implementation Testing Maintenance The 4 primary elements of BCP are: Scope plan initiation Business impact Analysis – includes vulnerability assessment Business continuity plan development Plan approval and implementation Scope and Plan initiation: Steps involved in the scope and plan initiation include creating an account of the work required, listing the resources to be used and defining the management practices to be employed. A BCP committee should be formed and given the responsibility to create, implement and test the plan. Business Impact Analysis: The purpose of a BIA is to create a document to be used to help understand what impact a disruptive event would have on the business. The business impact analysis has 3 primary goals: Criticality Prioritization: Critical business units must be identified and prioritized. Downtime Escalation: Estimate the maximum tolerable downtime (MTD) Resource Requirements: Identify resource requirements for the critical processes. A business impact analysis generally takes 4 steps: 1. 2. 3. 4. Gathering the needed assessment materials The vulnerability assessment Analysing the information compiled Documenting the results and presenting recommendations to management. Contingency Planning There is a general 6 step approach to contingency planning: 1. 2. 3. 4. Identify critical business functions Identify the resources and systems that support these critical functions. Estimate potential disasters Select planning strategies – how to recover the critical resources and evaluate alternatives. A distaster recovery and contingency plan usually consists of emergency response, recovery and resumption activities. 5. Implementing strategies. 6. Testing and revisiting the plan. Plan Approval and Implementation: Plan approval and implementation consists of: 1. Approval by senior management. 2. Creating an awareness of the plan enterprise-wide. 3. Maintenance of the plan, including updating when needed. (APPROVAL) (AWARENESS) (MAINTENANCE) = IMPLEMENTATION! End User Environment: The first issue pertaining to users is how will they be notified of the disaster and who will tell them where to go and when? A tree structure/call list is necessary for this. Backup Alternatives: The hardware backup procedures should address on-site and off-site strategies. There are 3 main categories of disruption: Non-Disaster: Disruption in service from device malfunction or user error. Disaster: Entire facility unusable for a day or longer. Catastrophe: Major disruption that destroys the facility altogether. Requires a short term and long term solution. Off-site backup facility options are: Hot-Site: Fully configured and ready to be operating within a few hours. Expensive but the company has exclusive use. Warm-Site: Partially configured with some equipment, but not the actual computers. Cold-Site: Basic environment such as wiring, AC, plumbing is in place, but no equipment. This is the least expensive option but has much longer recovery time. Different Backup Types: Incremental: All files changed since the last backup. Removes archive attribute. Differential: All files changed since the last full backup. Does not remove archive attribute. Full: All files. Removes archive attribute. Other backup strategies include: Electronic Vaulting: Makes an immediate copy of a changed file or transaction and sents it to a remote location where the original backup is stored. Moving backup tapes off-site is also a form of electronic vaulting. Remote Journalling: Transmitting only the journal or transaction logs to the off-site facility and not the actual files. Database Shadowing: Database shadowing is similar to remote journalling, but the transactions are shadowed to multiple databases. Disk Shadowing: Mirrored disks for redundancy. Disk Duplexing: More than one disk controller is used. If one fails, another takes over. A company is not considered out of an emergency until it is back at the original site operating under normal circumstances. The least critical systems should be moved back first. Disaster Recovery Testing: Reasons for testing include: Inform management of the recovery capabilities of the enterprise. Verify accuracy of the recovery procedures and identify deficiencies. Prepare and train the personnel to execute emergency duties. Verify processing capability of the remote backup site. Disaster recovery tests should be performed at least once a year! The recovery team is used to get critical business functions running at the alternate site. The salvage team is used to return the primary site to normal processing conditions. Tests and Drills: There are a few different types of tests and drills that can take place, each with its own pros and cons: Checklist Test: Copies of the DR plan and continuity plan are distributed to each functional area for review. Strutcured Walk-Through Test: Group comes together to walk through scenarios in detail. Simulation Test: DR team or groups of employees come together to simulate a specific scenario. Parallel Test: Done to ensure that critical systems can perform adequately at the offsite facility. The systems are moved to the alternate site and processing takes place. Full Interruption Test: Original site is actually shut down and processing takes place at the alternate site. “Emergency response procedures are the prepared actions that are developed to help people in a crisis situation better cope with the disruption. They are the first line of defense when dealing with a crisis situation” DOMAIN 10 – PHYSICAL SECURITY Physical security mechanisms include site design and layout, environmental components, emergency response readiness, training, access control, intrusion detection, power and fire protection. “The value of items to be protected can be deteremined by a critical path anaylsis”. The critical path analysis lists all peices of an environment and how they interract. The CPA should include power, data, water and sewer lines, A/C, generators and storm drains. “The physical security domain addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprises’ resources and sensitive information”. These include personnel, facilities, data, equipment, support systems and media. There are seven major causes of physical loss: 1. 2. 3. 4. 5. 6. 7. Temperate: Sunlight, fire, freezing, heat. Gases: War gases, vapors, humidity, dry air, smoke, smog. Liquids: Water and chemicals Organisms: People, animals, viruses, bacteria Projectiles: Meteors, cars and trucks, bullets, tornados Movement: Collapse, shearing, shaking, earthquakes Energy Anomalies: Surges or power failures, static, radiation, magnets. Some common physical controls are: Administrative: Facility selection or construction Facility management Personnel controls Training Emergency response and procedures Technical: Access controls Intrustion detection Alarms CCTV HVAC Power supply. Fire detection Fencing Locks Lighting Facility construction Phsyical: “Load” : How much weight can be held by a building’s walls, floors & ceiling. Raised floors need to be electrically grounded. A/C Should have positive air pressure: Pushes smoke out. Water should have positive flow: flows out of the builders, not in. MTBF : Mean time between failure. MTTR: Mean time to repair. Power Supply: There are 3 main methods to protecting against power problems: UPS, Power line conditioners and backup sources. Definitions: Ground : Pathway to earth to enable excess voltage to dissipate. Noise : Electromagnetic or frequency interference that disrupts power flow and can cause fluctuations. Transient Noise : Short duration of power line disruption. Clean Power : Power that does not fluctuate. EMI is created by the different between three wires: Hot, Neutral & ground. RFI is created by components of an electrical system. For example, electrical cables and flourescent lighting. Power Excess: Spike: Momentary high voltage. Surge: Prolonged high voltage. Power Loss: Fault: Momentary power out. Blackount: Prolonged loss of power. Power Degradation: Sag: Momentary low voltage. Brownout: Prolonged supply below normal voltage. EMI is the difference betwen the charges in the hot, neutral and ground wires: Common Noise: Noise from radiation generated by the difference in hot and ground. Traverse-mode Noise: Noise from radiation generated by the difference between hot and neutral wires. RFI is generated by components of electrical systems. Environmental Issues: Water, steam and gas must have proper shutoff values. High Humidity : Corrosion. Low Humidity : Static. The ideal level of humidity is between 45% and 60%. A hygrometer measures humidity. Ideal temperate for computing devices is 70 to 74%. Fire Prevention, Detection and Suppression: Fire detectors can be activated by: Smoke: Photoelectric device detects change in electric current when there is a variation in the light intensive. Heat: Rate-of-rise temporarate sensors and fixed temperature sensors. Fixed temperature sensors have less false positives. Flame: Senses pulsation of flames or infrared energy associated with flames and combustion. Combustion Particles: Detectors should be on and above suspended ceilings – smoke usually gathers there first. Detectors should be installed below raised floors because there are many types of wire that could start an electrical fire. Detectors should be located in enclosures and air ducts. Fire Suppression: There are four main types of fire: A: Common combustibles such as wood, paper, laminated. Best fought with water or soda acid. B: Liquid fires such as petroleum products and coolants. Best fought with Gas (Halon), CO2, Soda Acid. C: Electrical equipment and wires. Best fought with Gas (Halon) or CO2. D: Combustible metals. Best fought with Dry Powder. A fire needs heat, fuel and oxygen to burn. The different fire suppression methods do the following: CO2 & Soda Acid : Remove fuel and oxygen from the fire. Water : Lowers temperature Halon (or substitute) : Interferes with chemical reaction between elements. Halon is no longer legal due to environmental issues, some replacements are: FM200 NAF-S-III FE-13 Inergen Argon Argonite Halon 1211 does not require the sophisticated pressurization system needed by Halon 1301 and tends to be used in self-pressurized portable extinguishers. Water Sprinklers “Sensors should be in place to shut down electrical power before water sprinklers activate” Wet Pipe: Water in pipe. At a preset temperature (165), a link melts to release the water. Water can freeze in the pipes in colder climates. Dry Pipe: Water is held back by a value until a specific temperature is reached, then a time delay occurs before the water is released. This can give time for shutdown in a false alarm, but not as fast response as wet pipe. Best in colder climates because water cannot freeze in the pipes. Preaction: Combination of wet and dry pipe. Water is not held in the pipes – released into the pipes when a specific temperature is reached. The water is not then released right away – a link in the pipes has to melt to release the water. This type is most the one most recommended for a computer room. Deluge: Same as dry pipe, except sprinkler heads are open. Large volume of water releases in a short period of time. Not recommended for electrical equipment. HVACR: Heating, Ventilation, Air Conditioning, Refridgeration. Administrative Controls Emergency Response and procedures: Evacuation procedures System shutdown Training and drills Integrate with disaster recovery plans Documented procedures for different types of emergencies Periodic equipment tests Perimeter Security: The first line of defense is perimeter security. Preventing access to the facility deals with : Access control, surveillance, monitoring, intrusion detection and corrective actions. Preset locks: Usually used on doors. Latches and deadbolts. Cipher Locks: Keypads, combination entry, swipe cards or both. Options on Cipher locks can include: Door delay – alarm will trigger if door is open for too long. Key Override – specific combination programmed for emergencies Master Keying – enabled supervisor personnel to change access codes and other features Hostage Alarm – special code that does not ring alarm locally, but at the monitoring site (police station or alarm company) Device Locks: Locks for specific devices such as cable locks for laptops, disk drive locks, switch control, slot locks, port controls and cable traps. Personnel Access Controls: A common problem is “piggybacking”. Magnetic Cards: Can be just a strip containing information, or “smart” cards requiring a PIN number. Wireless Proximity readers: User activated: Card transmits values to the reader. System Sensing: Three main types of system sending cards: Transponders – Card and reader both have a receiver, transmitter and battery. Passive Devices – Card uses power from the reader. Field-Powered Devices – Card and reader contain a transmitter. Card has its own power supply. External Boundary Protection: Fencing: 3 to 4 feet : Deters Casual Trespassers. 6 to 7 feet : Too high to climb easily. 8 ft + barbed wire: Deter more determined intruders. Lighting: Critical access should be illuminated 8 feet high and 2 feet out. Surveillance: There are three main categories of surveillance: 1. Patrol force and guards – costly, unreliable but provide judgement. 2. Dogs 3. Visual recording devices – CCTV. Issues with guards are availability, reliability, training and cost. Surveillance techniques are used to watch for unusual behaviours, whereas detecting devices are used to sense changes that take place in an environment. Monitoring live events is preventative, recording events is detective.