Data Communications and Computer Networks: A Business User’s Approach. Chapter 13 Network Security. What we will cover. Security measures Firewalls Business on the internet - Encryption. Introduction.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Computer Networks: A
Business User’s Approach
The basic security measures for computer systems fall into eight categories:
External security Operational security
Auditing Access rights
Standard system attacks Viruses/worms
Protection from environmental damage such as floods, earthquakes, and heat.
Physical security such as locking rooms, locking down computers, keyboards, and other devices.
Electrical protection from power surges.
Noise protection from placing computers away from devices that generate electromagnetic interference.
Deciding who has access to what.
Limiting time of day access.
Limiting day of week access.
Limiting access from a location, such as not allowing a user to use a remote login during certain periods or any time.
for the setting the time of day restrictions
Proper placement of security cameras can deter theft and vandalism.
Cameras can also provide a record of activities.
Intrusion detection is a field of study in which specialists try to prevent intrusion and try to determine if a computer system has been violated.
[email protected]#$% [email protected]#$%^ [email protected]#$%^& [email protected]#$%^&* 000000 00000000 0007 007 007007 0246 0249 1022 10sne1 111111 121212 1225 123 123123 1234 12345 123456 1234567 12345678 1234qwer 123abc 123go 1313 131313 13579 14430 1701d 1928 1951 1a2b3c 1p2o3i 1q2w3e 1qw23e 1sanjose 2112 21122112 2222 2welcome 3 369 4 4444 4runner 5 5252 54321 5555 5683 654321 666666 6969 696969 777 7777 80486 8675309 888888 90210 911 92072 99999999 @#$%^& a a12345 a1b2c3 a1b2c3d4 aaa aaaaaa aaron abby abc abc123 abcd abcd1234 abcde abcdef abcdefg abigail about absolut academia access action active acura adam adams adg adidas admin adrian advil aeh aerobics after again aggies aikman airhead airplane alan alaska albany albatross albert alex alex1 alexande alexander alexandr alexis alfred algebra aliases alice alicia aliens alison all allen allison allo alpha alpha1 alphabet alpine always alyssa ama amanda amanda1 amber amelie america america7 amiga amorphous amour amy an analog anchor and anderson andre andrea andrew andromache andy angel angela angela1 angels angie angus animal animals ann anna anne annie answer anthony anthropogenic antonio anvils any anything apache apollo apollo13 apple apple1 apples april archie arctic are aria ariadne ariane ariel arizona around arrow arthur artist as asdf asdfg asdfgh asdfghjk asdfjkl asdfjkl; ashley ask aspen ass asshole asterix at ate ath athena atmosphere attila august austin
Creating a computer or paper audit can help detect wrongdoing.
Auditing can also be used as a deterrent.
Many network operating systems allow the administrator to audit most types of transactions.
Many types of criminals have been caught because of computer-based audits.
Two basic questions to access right: who and how?
Who do you give access right to? No one, group of users, entire set of users?
How does a user or group of users have access? Read, write, delete, print, copy, execute?
Most network operating systems have a powerful system for assigning access rights.
Many different types of viruses, such as parasitic, boot sector, stealth, polymorphic, and macro.
A Trojan Horse virus is a destructive piece of code that hides inside a harmless looking piece of code.
Sending an e-mail with a destructive attachment is a form of a Trojan Horse virus.
Signature-based scanners look for particular virus patterns or signatures and alert the user.
Terminate-and-stay-resident programs run in the background constantly watching for viruses and their actions.
Multi-level generic scanning is a combination of antivirus techniques including intelligent checksum analysis and expert system analysis.
HOAXES computer worm?
Standard System Attacks computer worm?
Denial of service attacks, or distributed denial of service attacks, bombard a computer site with so many messages that the site is incapable of answering valid request.
In e-mail bombing, a user sends an excessive amount of unwanted e-mail to someone.
Smurfing is a nasty technique in which a program attacks a network by exploiting IP broadcast addressing operations.
Ping storm is a condition in which the Internet Ping program is used to send a flood of packets to a server.
Standard System Attacks computer worm?
Spoofing is when a user creates a packet that appears to be something else or from someone else.
Trojan Horse is a malicious piece of code hidden inside a seemingly harmless piece of code.
Stealing, guessing, and intercepting passwords is also a tried and true form of attack.
Smurfing to cripple a web server computer worm?
www.cert.org computer worm?
Firewalls computer worm?
A system or combination of systems that supports an access control policy between two networks.
A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.
Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications such as ftp, telnet, etc.)
APPLICATION computer worm? HTTP the desired program
TRANSPORT TCP provides the
LAYER or connection
NETWORK IP locates the destination
LAYER IP address
& routes message
LINK Ethernet physical devices
TCP/IP MODEL computer worm?
A firewall as it stops certain internet and external transactions
Firewalls – 2 types transactions
A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.
A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server.
Proxy servers are more advanced but make external accesses slower.
TELNET FTP SMTP SMTP transactions
HTTP TELNET FTP FTP SMTP HTTP
SMTP FTP FTP SMTP TELNET
SMTP HTTP SMTP
Filtering Rule -
Deny everything except
Telnet & FTP
FTP FTP TELNET
Proxy Server sitting outside the protection of transactions
the corporate network
Message is reassembled transactions
Message is split into
packets and may travel
along different paths
is Point B
from Point A
Did Point B receive the message?
Was the message really sent by Point A?
Did anyone else see the message?
If Point B did in fact receive the message -
Is it exactly the same message or could it have been altered in any way?
Was it delivered promptly or could it have been stalled?
Basic Encryption and Decryption Terms interception
Cryptography is the study of creating and using encryption and decryption techniques.
Encryption vs decryption
Plaintext (sometimes called cleartext) is the the data that exists before any encryption has been performed.
Ciphertext is the data after encryption has been performed.
The key(s) is(are) the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext. Key is also called the cryptovariable.
The cipher is the algorithm for encrypting and decrypting; also called the protocol or scheme.
Basic encryption and decryption procedure interception
Monoalphabetic Substitution-based Ciphers interception
Monoalphabetic substitution-based ciphers replace a character or characters with a different character or characters, based upon some key.
With the key: POIUYTREWQLKJHGFDSAMNBVCXZ
The message: how about lunch at noon
encodes into EGVPO GNMKN HIEPM HGGH
Veni, vidi, vici
Foxs, fsns, fsms
• Decryption: shift back the same amount
rotate 13 positions
THE GOTHS COMETH
FUR TAFUE PAYRFU
SYMMETRIC ENCRYPTION METHOD
Same key for encryption and decryption.
How is key shared?
Sender – Johnny B. interception
Receiver - Professor
By encrypting his message with his Professor’s publicly
available key, Johnny B. can be assured that no one besides
that professor can read his message.
Sender - Professor interception
Receiver – Johnny B.
with Johnny B.
with Johnny B.
Because the professor encrypted the message with his private
key, Johnny B. can be assured that the message really
is from that professor by decrypting it with the professor’s public key.
Sender - Professor interception
Receiver – Johnny B.
By decrypting the message with the professor’s private key
and Johnny’s publicly available key, Johnny can be assured
that the message really is from that professor and that no one
else can read the message containing his grade.
Authenticate and confidentiality of sender
Data Encryption Standard (DES) – interceptionmaking good keys
GOT TO HAVE GOOD KEYS!
Created in 1977 and in operation into the 1990s, the data encryption standard took a 64-bit block of data and subjected it to 16 levels of encryption.
The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied.
Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked.
Larger keys is the answer to better security.
Basic operations of the data interception
A more powerful data encryption standard.
Data is encrypted using DES three times: the first time by the first key, the second time by a second key, and the third time by the first key again.
While virtually unbreakable, triple-DES is CPU intensive.
With more smart cards, cell phones, and PDAs, a faster (and smaller) piece of code is highly desirable.
Advanced Encryption Standard (AES) interception
Selected by the U.S. government to replace DES.
National Institute of Standards and Technology selected the algorithm Rijndael (pronounced rain-doll) in October 2000 as the basis for AES.
AES has more elegant mathematical formulas, requires only one pass, and was designed to be fast, unbreakable, and able to support even the smallest computing device.
Key size of AES: 128, 192, or 256 bits
Estimated time to crack (assuming one machine could try 255 keys per second (NIST)) : 149 trillion years
Very fast execution with very good use of resources
AES should be widely implemented by 2004
Pretty Good privacy interception
Public Key Infrastructure interception
Putting it all together!!
The combination of encryption techniques, software, and services that involves all the necessary pieces to support digital certificates, certificate authorities, and public key generation, storage, and management.
A certificate, or digital certificate, is an electronic document, similar to a passport, that establishes your credentials when you are performing transactions.
Public Key Infrastructure (PKI) interception
Security Policy Design Issues interception
What is the company’s desired level of security?
How much money is the company willing to invest in security?
If the company is serious about restricting access through an Internet link, what about restricting access through all other entry ways?
The company must have a well-designed security policy.
Network Security In Action: interception
Banking and PKI
If you want to perform online banking transactions, how does the system know you are a legitimate user?
ScotiaBank uses a PKI system designed by Entrust.
Each customer is assigned a digital certificate.
Whenever a customer wants to perform an online transaction, they “present” their certificate.
Confidentiality Privacy of Message Encryption
Message Integrity Detecting Message Hashing (Digest)
Authentication Origin Verification Digital Signatures
Non-repudiation Proof of Origin, Receipt, Digital Signatures
and Contents Transaction Certificates
Access Controls Limiting entry to Firewalls
authorized users Passwords