1 / 95

SE571 Security in Computing

SE571 Security in Computing. Chap 7: Security in Networks. This Chapter Examines…. Threats against networked applications, including denial of service, web site defacements, malicious mobile code, and protocol attacks

shakti
Download Presentation

SE571 Security in Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SE571Security in Computing Chap 7: Security in Networks

  2. This Chapter Examines… Threats against networked applications, including denial of service, web site defacements, malicious mobile code, and protocol attacks Controls against network attacks: physical security, policies, procedures, and other technical controls SE571 Security in Computing Dr. Ogara

  3. This Chapter Examines… Firewalls: design, capabilities, limitations Intrusion detection systems Private e-mail: PGP and S/MIME SE571 Security in Computing Dr. Ogara

  4. Research: Top 5 Network Security Threats for 2011 • Users • Managed users • Employees/staff • Managed and unmanaged devices – Laptops, Smartphone • Unmanaged users • Guests • Contractors • Consultants • Business partners • (Source: Bradford Network, 2011) SE571 Security in Computing Dr. Ogara

  5. Research: Top 5 Network Security Threats for 2011 • Mobile device proliferation • Smartphone – different models/different companies • Tablets/iPads • EBook • IP everything – exponential growth in IP devices • Surveillance camera • Card readers (Source: Bradford Network, 2011) SE571 Security in Computing Dr. Ogara

  6. Research: Top 5 Network Security Threats for 2011 • Consumerization of IT • Consumer markets driving IT • Personal devices growing rapidly and must be supported by IT • Virtualization • Server applications in private cloud • Virtual desktop in virtual environment (Source: Bradford Network, 2011) SE571 Security in Computing Dr. Ogara

  7. Research: Consumerization of IT Survey 2011 • Study sponsored by Dell KACE • 741 IT professionals participated • Employees using personal devices (87%) • Email • Calendar • CRM/ERP • Employees using Smartphone (80%) • Employees using personal PCs (69%) https://www.kace.com/resources/Consumerization-of-IT-Survey-2011 SE571 Security in Computing Dr. Ogara

  8. Network Security What are we protecting? Why are we protecting ? What are assets? What are threats? What are the controls? SE571 Security in Computing Dr. Ogara

  9. Network Assets • Network infrastructure • Applications programs • Data SE571 Security in Computing Dr. Ogara

  10. Network Threats • Interception • Eavesdropping • Passive wiretapping • Modification • Active wiretapping • Falsification • Compromise of authenticity • Denial of service SE571 Security in Computing Dr. Ogara

  11. Network Controls • Firewalls • Intrusion detection systems • Secure email SE571 Security in Computing Dr. Ogara

  12. Terminologies Network – a collection of communicating hosts Node – single computing system in a network Link – connection between two hosts Host – single computer in a network A workstation - an end-user computing device, usually designed for a single user at a time SE571 Security in Computing Dr. Ogara

  13. Terminologies Topology - the way a network is configured, in terms of nodes and connections Protocol – standard method for transmitting data and/or establishing communications between different devices Protocol stack – isa layered architecture for communications SE571 Security in Computing Dr. Ogara

  14. Network SE571 Security in Computing Dr. Ogara

  15. Protocols Two popular protocol stacks for implementing networks Open Systems Interconnection (OSI) Transmission Control Protocol and Internet Protocol (TCP/IP) SE571 Security in Computing Dr. Ogara

  16. OSI Model Contains 7 layers Layers represent the different activities that must be performed for actual transmission of a message SE571 Security in Computing Dr. Ogara

  17. OSI Network Model SE571 Security in Computing Dr. Ogara

  18. OSI Protocol Layer Levels SE571 Security in Computing Dr. Ogara

  19. OSI Protocol Layer Levels SE571 Security in Computing Dr. Ogara • What happens when you send message to yourfriend@somewhere.net? • Physical Layer • Data link • Network layer • Router sends message to destination router • Adds 2 headers (source and destination IP address)

  20. OSI Protocol Layer Levels SE571 Security in Computing Dr. Ogara • Data link • Network Interface Card (NIC) provides physical address called MAC (Media Access Control) address • Two more headers added (source computer and router NIC address) • Structure is called frameand contains destination MAC, source MAC and data

  21. OSI Protocol Layer Levels SE571 Security in Computing Dr. Ogara Data link

  22. OSI Protocol Layer Levels SE571 Security in Computing Dr. Ogara • Network layer • Router sends message to destination router • Adds 2 headers (source and destination IP address) to data • These are called packets

  23. TCP/IP Model • Common in most wide area network communications • Defined by protocols not layers although it is seen as 4 layers • Application • Transport • Internet • Physical SE571 Security in Computing Dr. Ogara

  24. TCP/IP Model It denotes two models although used as a single acronym TCP implements a connected communications session on top of the more basic IP transport protocol SE571 Security in Computing Dr. Ogara

  25. TCP/IP Model SE571 Security in Computing Dr. Ogara

  26. TCP Protocol Records and checks correct sequencing of packets Retransmits missing or faulty packets Provides a stream of correct data in proper order to the invoking application Problem - retransmissions of faulty or missing packets take time and induce overhead SE571 Security in Computing Dr. Ogara

  27. TCP Packet • Data structure • Includes a sequence number, an acknowledgment number for connecting the packets of a communication session, flags, and source and destination port numbers Port - unique channel number by which computers can route their respective packets to each of them SE571 Security in Computing Dr. Ogara

  28. Internet Services SE571 Security in Computing Dr. Ogara

  29. Local Area Networks (LAN) • Covers a small distance typically within a single building • Connects several small computers, such as personal computers, as well as printers and perhaps some dedicated file storage devices SE571 Security in Computing Dr. Ogara

  30. Local Area Networks (LAN) SE571 Security in Computing Dr. Ogara

  31. Wide Area Networks (WAN) • Single control – usually controlled by one organization • Covers a significant distance • Physically exposed Examples, campus area networks, metropolitan area networks SE571 Security in Computing Dr. Ogara

  32. What Makes a Network Vulnerable? • Anonymity • Anonymous attackers • Many points of attack—both targets and origins • Less rigorous security • Sharing • Complexity of system • Unknown perimeter - untrustedhosts in networks SE571 Security in Computing Dr. Ogara

  33. Why do people attack networks • Fame or recognition • Money and espionage • Organized crime • Advance an ideology SE571 Security in Computing Dr. Ogara

  34. Network Vulnerabilities, Targets and Controls • What are the targets? • What are the vulnerabilities? • What are the controls? SE571 Security in Computing Dr. Ogara

  35. Vulnerabilities that target precursors to attack • Port scan • Gives external picture – open doors • Standard ports or services running? • Social engineering • Use of social skills and personal interaction to get someone to reveal security-relevant information • Reconnaissance • OS and application fingerprinting SE571 Security in Computing Dr. Ogara

  36. Control of vulnerabilities • Firewall • “Hardened” (self-defensive) applications • Programs that reply with only what is necessary • Intrusion detection system • Run few services as possible SE571 Security in Computing Dr. Ogara

  37. Control of vulnerabilities • Education, user awareness • Policies and procedures • Systems in which two people must agree to perform certain security-critical functions SE571 Security in Computing Dr. Ogara

  38. Network vulnerabilities that target authentication failures • Impersonation • Guessing • Eavesdropping • Session hijacking • Spoofing • Man-in-the-middle attack SE571 Security in Computing Dr. Ogara

  39. Control of vulnerabilities • Strong, one-time authentication • Virtual private network • Encrypted authentication channel • Education, user awareness • Virtual private network • Protocol analysis SE571 Security in Computing Dr. Ogara

  40. Network vulnerabilities that target programming flaws • Buffer overflow • Addressing errors • Parameter modification, time-of-check to time-of-use errors • Server-side include • Cookies • Malicious active code: Java, ActiveX • Malicious code: virus, worm, Trojan horse SE571 Security in Computing Dr. Ogara

  41. Control of vulnerabilities • Programming controls • Intrusion detection system • Personal firewall • Two-way authentication • Controlled execution environment • Signed code SE571 Security in Computing Dr. Ogara

  42. Network vulnerabilities that target confidentiality • Protocol flaw • Malicious code: virus, worm, Trojan horse • Eavesdropping • Passive wiretap • Misdelivery • Exposure within network • Traffic flow analysis • Cookie SE571 Security in Computing Dr. Ogara

  43. Control of vulnerabilities Firewall Encryption Intrusion detection system Controlled execution environment Programming controls SE571 Security in Computing Dr. Ogara

  44. Network vulnerabilities that target integrity • Protocol flaw • Impersonation • Active wiretap • Falsification of message • Noise • Website defacement • DNS attack SE571 Security in Computing Dr. Ogara

  45. Control of vulnerabilities Firewall Encryption Intrusion detection system Controlled execution environment Audit Protocol analysis Strong authentication Error detection code Honey pot SE571 Security in Computing Dr. Ogara

  46. Network vulnerabilities that target availability • Protocol flaw • Transmission of component failure • DNS attack • Traffic redirection • Distributed denial of service • Connection flooding SE571 Security in Computing Dr. Ogara

  47. Control of vulnerabilities Encryption Firewall Intrusion detection system Honey pot SE571 Security in Computing Dr. Ogara

  48. Encryption • Most important and versatile tool for network security expert • Important • Privacy • Authenticity • Integrity • Limited access to data • Not a silver bullet • Protects encrypted data only SE571 Security in Computing Dr. Ogara

  49. Encryption • Can be applied in two ways • Link encryption • End-to-end encryption SE571 Security in Computing Dr. Ogara

  50. Link Encryption Data is encrypted before the system places them on the physical communications link Encryption takes place in layer 1 or 2 of the OSI model Encryption protects message during transit Message is plaintext inside the hosts SE571 Security in Computing Dr. Ogara

More Related