Computer Security : Principles - PowerPoint Presentation

Slide1

Computer Security

:

Principles

and Practice

Fourth Edition

By: William Stallings and Lawrie BrownSlide2

VPNs

Virtual Private Network (VPN):

A means of carrying private traffic over a public network

Uses link encryption to give users sense that they are operating on a private network when they are actually transmitting over a public network

Communications pass through an

encrypted tunnel

Intranet VPN

: Connects two or more private networks within the same company

Extranet VPN

: Connects two or more private networks between different companies

E.g., B2B or business-to-business communication.

Remote Access VPN

: A roaming user has access to a private network via wireless, hotel room, etc.Slide3

Encryption Types

End-to-End Encryption

Link Encryption

Router

Source

DestinationSlide4

Importance of

Encryption Location: MAC

TCP

IP

LLCMACPhysicalA

P

L

ICTCPIPLLC

MACPhysicalAPL

I

C

IP

LLCMAC

Physical

LLCMAC

Physical

Wireless

Wired

MAC

LLC

IP

TCP

App - Data

CRCSlide5

Importance of

Encryption Location: IP

TCP

IPSEC/

IPLLCMACPhysicalA

P

L

ICTCPIPLLCMAC

PhysicalAPLI

C

IPSEC/IP

LLCMAC

Physical

LLC

MAC

Physical

VPN Router/Firewall

may unencrypt

MAC

LLC

IPTCP

App - DataCRCSlide6

Importance of

Encryption Location: App.

TCP

IP

LLCMACPhysicalA

P

L

ICTCPIPLLCMAC

PhysicalAPLI

C

IP

LLCMAC

Physical

LLCMAC

Physical

HTTPS

HTTPS

HTTP

HTTP

MAC

LLC

IP

TCP

App - Data

CRCSlide7

Link versus End-to-End

Encryption

Use when LINK is vulnerable: Packet sniffers & eavesdroppers

Use when Intermediate nodes may be compromised

Link-Specific: All packets transmitted on the single link are encrypted

Connection-Specific: A connection is encrypted across all its links

Encrypted for all protocol layers (at or above encryption layer)

Encrypted for upper layer protocols only

Intermediate nodes decrypt

Intermediate nodes cannot decrypt

Provides node authentication

Provides user authentication

Transparent to user: One key per link

Not user-transparent: One key per connection

One algorithm for all users

User selects encryption algorithm

Encryption done in hardware

Encryption done in hardware or software

Virtual Private Network (VPN)

IP Security (IPsec)

Secure Shell (SSH)

Secure Socket Layer (SSL)Slide8

Encryption Protocols

HTTP

FTP

SMTP

TCP or UDP

IPSec

IP

HTTP

HTTP

SSL or TLS

TCP

IP

HTTPS

VPNSlide9

Secure Sockets Layer (SSL)

transport layer security service

originally developed by Netscape

version 3 designed with public input

subsequently became Internet standard RFC2246: Transport Layer Security (TLS)use TCP to provide a reliable end-to-end servicemay be provided in underlying protocol suite or embedded in specific packagesSSL + HTTP used together = HTTPSHTTP

SSL or TLS

TCP

IPSlide10

Public Key Infrastructure (PKI)

Digital

Certificate

User: SuePublic Key:2456Algorithm: RSA

1. Sue registers with

CA through RA

Certificate Authority

(CA)

Register(Owner, Public Key)

2. Registration Authority

(RA) verifies owners

3. Send approved

Digital Certificates

5. Tom requests Sue’s DC



6. CA sends Sue’s DC



Sue

Tom

4. Sue sends

Tom message

signed with

Digital Signature

7. Tom confirms

Sue’s DSSlide11

PKI

Definitions

Certificate Authority

Entrust, VeriSign,

GoDaddyInternal CA:Windows Active Directory Certificate ServicesRenewal: Certs valid for limited time before renewal.Trust: 2 CAs trust each other’s certs.The CertificatePublic KeyAlgorithmRSA (1024 bit)Serial #Cert # 12345

Subject

www.uwp.edumail.uwp.eduIssuerABC

CertifiersValid From5-Dec 2016Valid To5-Dec 2020Thumbprint AlgorithmSha-1 RSAThumbprint<Hash value>Slide12

PKI Cont’d

Definitions

Certificate Revocation List:

If fraudulent cert. given, cert is revoked,

CRL published on websiteRecovery Agent: key recovery person if key person leavesKey Escrow: Give keys to gov’t/law for investigationConfiguring SSLCert Signing RequestCreate RequestSubmitRequest to CA

Download certificate

Install into SSL App

certificateSlide13

Chapter 22

Internet

Security Protocols and StandardsSlide14

MIME and S/MIME

MIME

S/MIME

Extension to the old RFC 822 specification of an Internet mail formatRFC 822 defines a simple heading with To, From, SubjectAssumes ASCII text formatProvides a number of new header fields that define information about the body of the messageSecure/Multipurpose Internet Mail ExtensionSecurity enhancement to the MIME Internet e-mail formatB

ased on technology from RSA Data Security

Provides the ability to sign and/or encrypt e-mail messagesSlide15

Table 22.1

S/MIME Content TypesSlide16

S/MIME FunctionsSlide17
Slide18

Signed and Clear-Signed Data

The preferred algorithms used for signing S/MIME messages use either an RSA or a DSA signature of a SHA-256 message hash

The process works as follows:

Take the message you want to send and map it into a fixed-length code of 256 bits using SHA-256

The 256-bit message digest is unique for this message making it virtually impossible for someone to alter this message or substitute another message and still come up with the same digestS/MIME encrypts the digest using RSA and the sender’s private RSA keyThe result is the digital signature, which is attached to the messageNow, anyone who gets the message can recompute the message digest then decrypt the signature using RSA and the sender’s public RSA keySince this operation only involves encrypting and decrypting a 256-bit block, it takes up little timeSlide19

Enveloped Data

D

efault algorithms used for encrypting S/MIME messages are AES and RSA

S/MIME generates a pseudorandom secret key that is used to encrypt the message using AES or some other conventional encryption scheme

A new pseudorandom key is generated for each new message encryptionThis session key is bound to the message and transmitted with itThe secret key is used as input to the public-key encryption algorithm, RSA, which encrypts the key with the recipient’s public RSA keyOn the receiving end, S/MIME uses the receiver's private RSA key to recover the secret key, then uses the secret key and AES to recover the plaintext messageIf encryption is used alone, radix-64 is used to convert the ciphertext to ASCII formatSlide20

DomainKeys Identified Mail (DKIM)

S

pecification of cryptographically signing e-mail messages permitting a signing domain to claim responsibility for a message in the mail stream

P

roposed Internet Standard (RFC 4871: DomainKeys Identified Mail (DKIM) Signatures)Has been widely adopted by a range of e-mail providersSlide21
Slide22
Slide23

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

O

ne of the most widely used security services

G

eneral-purpose service implemented as a set of protocols that rely on TCPSubsequently became Internet standard RFC4346: Transport Layer Security (TLS)Slide24
Slide25

TLS Concepts

TLS Session

TLS Connection

An association between a client and a server

Created by the Handshake ProtocolDefine a set of cryptographic security parametersUsed to avoid the expensive negotiation of new security parameters for each connectionA transport (in the OSI layering model definition) that provides a suitable type of servicePeer-to-peer relationshipsTransientEvery connection is associated with one sessionSlide26
Slide27

Change

Cipher Spec Protocol

O

ne of

four TLS specific protocols that use the TLS Record ProtocolIs the simplestConsists of a single message which consists of a single byte with the value 1Sole purpose of this message is to cause pending state to be copied into the current stateHence updating the cipher suite in useSlide28

Alert ProtocolSlide29

Handshake Protocol

M

ost complex part of TLS

I

s used before any application data are transmittedAllows server and client to:Comprises a series of messages exchanged by client and serverExchange has four phasesSlide30
Slide31

Heartbeat Protocol

A periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system

Typically used to monitor the availability of a protocol entity

Defined in 2012 in RFC 6250

Runs on top of the TLS Record ProtocolUse is established during Phase 1 of the Handshake ProtocolEach peer indicates whether it supports heartbeatsServes two purposes:Assures the sender that the recipient is still aliveGenerates activity across the connection during idle periodsSlide32

SSL/TLS AttacksSlide33
Slide34

HTTPS

(HTTP over SSL)

Combination of HTTP and SSL to implement secure communication between a Web browser and a Web server

Built into all modern Web browsers

Search engines do not support HTTPSURL addresses begin with https://Documented in RFC 2818, HTTP Over TLSAgent acting as the HTTP client also acts as the TLS clientClosure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connectionSlide35

IP

Security (IPsec)

V

arious

application security mechanismsS/MIME, Kerberos, SSL/HTTPSSecurity concerns cross protocol layersWould like security implemented by the network for all applicationsAuthentication and encryption security features included in next-generation IPv6Also usable in existing IPv4Slide36

Benefits of

IPsec

W

hen implemented in

a firewall or router, it provides strong security to all traffic crossing the perimeterIn a firewall it is resistant to bypassBelow transport layer, hence transparent to applicationsCan be transparent to end usersCan provide security for individual usersSecures routing architectureSlide37

The Scope of IPsecSlide38

Security Associations

A

one-way relationship between sender

and receiver that affords security for traffic flowIf a peer relationship is needed for two-way secure exchange then two security associations are requiredIs uniquely identified by the Destination Address in the IPv4 or IPv6 header and the SPI in the enclosed extension header (AH or ESP)Slide39
Slide40

Transport and Tunnel Modes

Transport Mode

Tunnel Mode

E

xtends to the payload of an IP packetTypically used for end-to-end communication between two hostsESP encrypts and optionally authenticates the IP payload but not the IP headerProvides protection to the entire IP packetThe entire original packet travels through a tunnel from one point of an IP network to anotherUsed when one or both ends of a security association are a security gateway

A number of hosts on networks behind firewalls may engage in secure communications without implementing IPsecSlide41

Summary

HTTPS

Connection institution

Connection closure

IPv4 and IPv6 securityIP security overviewThe scope of IPsecSecurity associationsEncapsulating security payloadTransport and tunnel modes

Secure E-mail and S/MIME

MIMES/MIMEDomainKeys identified mail

Internet mail architectureDKIM strategySSL and TLSTLS architectureTLS protocolsTLS attacksSSL/TLS attacksSlide42

Chapter 24

Wireless Network SecuritySlide43

IEEE 802.11 - WIFI

802.11a - Wireless network bearer operating in the 5 GHz ISM band with data rate up to 54 Mbps

802.11b - Wireless network bearer operating in the 2.4 GHz ISM band with data rates up to 11 Mbps

802.11e - Quality of service and

prioritisation 802.11f - Handover 802.11g - Wireless network bearer in 2.4 GHz ISM band with data rates up to 54 Mbps ; compatible with 802.11b, 802.11n802.11h - Power control 802.11i - Authentication and encryption 802.11j - Interworking 802.11k - Measurement reporting 802.11n - Wireless network bearer operating in the 2.4 and 5 GHz ISM bands with data rates up to 600 Mbps 802.11s - Mesh networking

802.11ac - Wireless network bearer operating below 6GHz to provide data rates of at least 1Gbps per second for multi-station operation and 500 Mbps on a single link

802.11ad - Wireless network bearer providing very high throughput at frequencies up to 60GHz 802.11af - Wi-Fi in TV spectrum white spaces (often called White-Fi) Slide44

Wireless Attacks

Eavesdrop Attacks

Accidental Association

: Connecting through the wrong Access Point

Malicious Association: Connecting through a Spoofed or Rogue Access Point (Evil Twin)Ad hoc Network: Connecting through another StationActive AttacksNontraditional Networks: Other protocols (Bluetooth, PDAs) may be insecureIdentity Theft: Impersonation of MAC addressDenial of Service: Bombarding a WLAN with messagesNetwork Injection: Attacker inject packets to affect connection or network configurationKISMET: Displays local WLANs, including no SSID broadcast. Lists characteristics, security of eachSlide45

Securing Wireless Transmissions

Hide Service Set Identifier (SSID)

SSID is network name

“Disable SSID broadcasting” = true

Assign cryptic nameReduce External Signal StrengthReduce power levelPosition AP in innermost buildingUse directional antennasUse signal-shielding techniquesEncrypt all transmissions (WPA2 best)Slide46

Wireless Security

Key factors contributing to higher security risk of wireless networks compared to wired networks include:

Channel

Wireless networking typically involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks

Wireless networks are also more vulnerable to active attacks that exploit vulnerabilities in communications protocolsMobilityWireless devices are far more portable and mobile, thus resulting in a number of risksResourcesSome wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited memory and processing resources with which to counter threats, including denial of service and malware

Accessibility

Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations, thus greatly increasing their vulnerability to physical attacksSlide47
Slide48

Wireless Network ThreatsSlide49

Securing Wireless Transmissions

Principal threats are eavesdropping, altering or inserting messages, and disruption

Countermeasures for eavesdropping:

S

ignal-hiding techniquesEncryptionThe use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissionsSlide50

Securing Wireless Networks

T

he main threat involving wireless access points is unauthorized access to the network

P

rincipal approach for preventing such access is the IEEE 802.1X standard for port-based network access controlThe standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless networkUse of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoorsSlide51

Wireless Network Security TechniquesSlide52

Mobile Device Security

An organization’s networks must accommodate:

Growing use of new devices

Significant growth in employee’s use of mobile devices

Cloud-based applicationsApplications no longer run solely on physical servers in corporate data centersDe-perimeterizationThere are a multitude of network perimeters around devices, applications, users, and dataExternal business requirementsThe enterprise must also provide guests, third-party contractors, and business partners network access using various devices from a multitude of locationsSlide53

Security ThreatsSlide54
Slide55
Slide56

Table 24.1

IEEE 802.11 TerminologySlide57

Wireless Fidelity

(Wi-Fi) Alliance

802.11b

First 802.11 standard to gain broad industry acceptanceWireless Ethernet Compatibility Alliance (WECA)Industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperatingLater renamed the Wi-Fi AllianceTerm used for certified 802.11b products is Wi-FiHas been extended to 802.11g productsWi-Fi Protected Access (WPA)Wi-Fi Alliance certification procedures for IEEE802.11 security standards

WPA2 incorporates all of the features of the IEEE802.11i WLAN security specificationSlide58
Slide59
Slide60

Table 24.2

IEEE 802.11 ServicesSlide61

Distribution of Messages

Within a DS

T

he two services involved with the distribution of messages within a DS are:

DistributionIntegrationSlide62

Association-Related Services

T

ransition types, based on mobility:

N

o transitionA station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSSBSS transitionStation movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the stationESS transitionStation movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by 802.11 cannot be guaranteedSlide63

ServicesSlide64

Wireless LAN Security

Wired Equivalent Privacy (WEP) algorithm

802.11 privacy

Wi-Fi Protected Access (WPA)

Set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standardRobust Security Network (RSN)Final form of the 802.11i standardWi-Fi Alliance certifies vendors in compliance with the full 802.11i specification under the WPA2 programSlide65
Slide66
Slide67
Slide68
Slide69

MPDU Exchange

A

uthentication phase consists of three phases:

C

onnect to ASThe STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the ASEAP exchangeAuthenticates the STA and AS to each otherSecure key deliveryOnce authentication is established, the AS generates a master session key and sends it to the STASlide70
Slide71

Table 24.3

IEEE 802.11i

Keys for Data Confidentiality and Integrity Protocols

(Table can be found on page 724 in the textbook.)Slide72

Temporal Key Integrity Protocol (TKIP)

D

esigned to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP

P

rovides two services:Slide73

Counter Mode-CBC MAC Protocol (CCMP)

Intended for newer IEEE 802.11 devices that are equipped with the hardware to support this scheme

P

rovides two services:Slide74
Slide75

Summary

IEEE 802.11i wireless LAN security

IEEE 802.11i services

IEEE 802.11i phases of operation

Discovery phaseAuthentication phaseKey management phaseProtected data transfer phaseThe IEEE 802.11i pseudorandom functionWireless SecurityWireless network threatsWireless security measures

Mobile device security

Security threatsMobile device security strategyIEEE 802.11 wireless LAN overview

The Wi-Fi allianceIEEE 802 protocol architectureIEEE 802.11 network components and architectural modelIEEE 802.11 services