and Practice Fourth Edition By William Stallings and Lawrie Brown VPNs Virtual Private Network VPN A means of carrying private traffic over a public network Uses link encryption to give users sense that they are operating on a private network when they are actually transmitting over a ID: 734496
Download Presentation The PPT/PDF document "Computer Security : Principles" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Computer Security
:
Principles
and Practice
Fourth Edition
By: William Stallings and Lawrie BrownSlide2
VPNs
Virtual Private Network (VPN):
A means of carrying private traffic over a public network
Uses link encryption to give users sense that they are operating on a private network when they are actually transmitting over a public network
Communications pass through an
encrypted tunnel
Intranet VPN
: Connects two or more private networks within the same company
Extranet VPN
: Connects two or more private networks between different companies
E.g., B2B or business-to-business communication.
Remote Access VPN
: A roaming user has access to a private network via wireless, hotel room, etc.Slide3
Encryption Types
End-to-End Encryption
Link Encryption
Router
Source
DestinationSlide4
Importance of
Encryption Location: MAC
TCP
IP
LLCMACPhysicalA
P
L
ICTCPIPLLC
MACPhysicalAPL
I
C
IP
LLCMAC
Physical
LLCMAC
Physical
Wireless
Wired
MAC
LLC
IP
TCP
App - Data
CRCSlide5
Importance of
Encryption Location: IP
TCP
IPSEC/
IPLLCMACPhysicalA
P
L
ICTCPIPLLCMAC
PhysicalAPLI
C
IPSEC/IP
LLCMAC
Physical
LLC
MAC
Physical
VPN Router/Firewall
may unencrypt
MAC
LLC
IPTCP
App - DataCRCSlide6
Importance of
Encryption Location: App.
TCP
IP
LLCMACPhysicalA
P
L
ICTCPIPLLCMAC
PhysicalAPLI
C
IP
LLCMAC
Physical
LLCMAC
Physical
HTTPS
HTTPS
HTTP
HTTP
MAC
LLC
IP
TCP
App - Data
CRCSlide7
Link versus End-to-End
Encryption
Use when LINK is vulnerable: Packet sniffers & eavesdroppers
Use when Intermediate nodes may be compromised
Link-Specific: All packets transmitted on the single link are encrypted
Connection-Specific: A connection is encrypted across all its links
Encrypted for all protocol layers (at or above encryption layer)
Encrypted for upper layer protocols only
Intermediate nodes decrypt
Intermediate nodes cannot decrypt
Provides node authentication
Provides user authentication
Transparent to user: One key per link
Not user-transparent: One key per connection
One algorithm for all users
User selects encryption algorithm
Encryption done in hardware
Encryption done in hardware or software
Virtual Private Network (VPN)
IP Security (IPsec)
Secure Shell (SSH)
Secure Socket Layer (SSL)Slide8
Encryption Protocols
HTTP
FTP
SMTP
TCP or UDP
IPSec
IP
HTTP
HTTP
SSL or TLS
TCP
IP
HTTPS
VPNSlide9
Secure Sockets Layer (SSL)
transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard RFC2246: Transport Layer Security (TLS)use TCP to provide a reliable end-to-end servicemay be provided in underlying protocol suite or embedded in specific packagesSSL + HTTP used together = HTTPSHTTP
SSL or TLS
TCP
IPSlide10
Public Key Infrastructure (PKI)
Digital
Certificate
User: SuePublic Key:2456Algorithm: RSA
1. Sue registers with
CA through RA
Certificate Authority
(CA)
Register(Owner, Public Key)
2. Registration Authority
(RA) verifies owners
3. Send approved
Digital Certificates
5. Tom requests Sue’s DC
6. CA sends Sue’s DC
Sue
Tom
4. Sue sends
Tom message
signed with
Digital Signature
7. Tom confirms
Sue’s DSSlide11
PKI
Definitions
Certificate Authority
Entrust, VeriSign,
GoDaddyInternal CA:Windows Active Directory Certificate ServicesRenewal: Certs valid for limited time before renewal.Trust: 2 CAs trust each other’s certs.The CertificatePublic KeyAlgorithmRSA (1024 bit)Serial #Cert # 12345
Subject
www.uwp.edumail.uwp.eduIssuerABC
CertifiersValid From5-Dec 2016Valid To5-Dec 2020Thumbprint AlgorithmSha-1 RSAThumbprint<Hash value>Slide12
PKI Cont’d
Definitions
Certificate Revocation List:
If fraudulent cert. given, cert is revoked,
CRL published on websiteRecovery Agent: key recovery person if key person leavesKey Escrow: Give keys to gov’t/law for investigationConfiguring SSLCert Signing RequestCreate RequestSubmitRequest to CA
Download certificate
Install into SSL App
certificateSlide13
Chapter 22
Internet
Security Protocols and StandardsSlide14
MIME and S/MIME
MIME
S/MIME
Extension to the old RFC 822 specification of an Internet mail formatRFC 822 defines a simple heading with To, From, SubjectAssumes ASCII text formatProvides a number of new header fields that define information about the body of the messageSecure/Multipurpose Internet Mail ExtensionSecurity enhancement to the MIME Internet e-mail formatB
ased on technology from RSA Data Security
Provides the ability to sign and/or encrypt e-mail messagesSlide15
Table 22.1
S/MIME Content TypesSlide16
S/MIME FunctionsSlide17Slide18
Signed and Clear-Signed Data
The preferred algorithms used for signing S/MIME messages use either an RSA or a DSA signature of a SHA-256 message hash
The process works as follows:
Take the message you want to send and map it into a fixed-length code of 256 bits using SHA-256
The 256-bit message digest is unique for this message making it virtually impossible for someone to alter this message or substitute another message and still come up with the same digestS/MIME encrypts the digest using RSA and the sender’s private RSA keyThe result is the digital signature, which is attached to the messageNow, anyone who gets the message can recompute the message digest then decrypt the signature using RSA and the sender’s public RSA keySince this operation only involves encrypting and decrypting a 256-bit block, it takes up little timeSlide19
Enveloped Data
D
efault algorithms used for encrypting S/MIME messages are AES and RSA
S/MIME generates a pseudorandom secret key that is used to encrypt the message using AES or some other conventional encryption scheme
A new pseudorandom key is generated for each new message encryptionThis session key is bound to the message and transmitted with itThe secret key is used as input to the public-key encryption algorithm, RSA, which encrypts the key with the recipient’s public RSA keyOn the receiving end, S/MIME uses the receiver's private RSA key to recover the secret key, then uses the secret key and AES to recover the plaintext messageIf encryption is used alone, radix-64 is used to convert the ciphertext to ASCII formatSlide20
DomainKeys Identified Mail (DKIM)
S
pecification of cryptographically signing e-mail messages permitting a signing domain to claim responsibility for a message in the mail stream
P
roposed Internet Standard (RFC 4871: DomainKeys Identified Mail (DKIM) Signatures)Has been widely adopted by a range of e-mail providersSlide21Slide22Slide23
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
O
ne of the most widely used security services
G
eneral-purpose service implemented as a set of protocols that rely on TCPSubsequently became Internet standard RFC4346: Transport Layer Security (TLS)Slide24Slide25
TLS Concepts
TLS Session
TLS Connection
An association between a client and a server
Created by the Handshake ProtocolDefine a set of cryptographic security parametersUsed to avoid the expensive negotiation of new security parameters for each connectionA transport (in the OSI layering model definition) that provides a suitable type of servicePeer-to-peer relationshipsTransientEvery connection is associated with one sessionSlide26Slide27
Change
Cipher Spec Protocol
O
ne of
four TLS specific protocols that use the TLS Record ProtocolIs the simplestConsists of a single message which consists of a single byte with the value 1Sole purpose of this message is to cause pending state to be copied into the current stateHence updating the cipher suite in useSlide28
Alert ProtocolSlide29
Handshake Protocol
M
ost complex part of TLS
I
s used before any application data are transmittedAllows server and client to:Comprises a series of messages exchanged by client and serverExchange has four phasesSlide30Slide31
Heartbeat Protocol
A periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system
Typically used to monitor the availability of a protocol entity
Defined in 2012 in RFC 6250
Runs on top of the TLS Record ProtocolUse is established during Phase 1 of the Handshake ProtocolEach peer indicates whether it supports heartbeatsServes two purposes:Assures the sender that the recipient is still aliveGenerates activity across the connection during idle periodsSlide32
SSL/TLS AttacksSlide33Slide34
HTTPS
(HTTP over SSL)
Combination of HTTP and SSL to implement secure communication between a Web browser and a Web server
Built into all modern Web browsers
Search engines do not support HTTPSURL addresses begin with https://Documented in RFC 2818, HTTP Over TLSAgent acting as the HTTP client also acts as the TLS clientClosure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connectionSlide35
IP
Security (IPsec)
V
arious
application security mechanismsS/MIME, Kerberos, SSL/HTTPSSecurity concerns cross protocol layersWould like security implemented by the network for all applicationsAuthentication and encryption security features included in next-generation IPv6Also usable in existing IPv4Slide36
Benefits of
IPsec
W
hen implemented in
a firewall or router, it provides strong security to all traffic crossing the perimeterIn a firewall it is resistant to bypassBelow transport layer, hence transparent to applicationsCan be transparent to end usersCan provide security for individual usersSecures routing architectureSlide37
The Scope of IPsecSlide38
Security Associations
A
one-way relationship between sender
and receiver that affords security for traffic flowIf a peer relationship is needed for two-way secure exchange then two security associations are requiredIs uniquely identified by the Destination Address in the IPv4 or IPv6 header and the SPI in the enclosed extension header (AH or ESP)Slide39Slide40
Transport and Tunnel Modes
Transport Mode
Tunnel Mode
E
xtends to the payload of an IP packetTypically used for end-to-end communication between two hostsESP encrypts and optionally authenticates the IP payload but not the IP headerProvides protection to the entire IP packetThe entire original packet travels through a tunnel from one point of an IP network to anotherUsed when one or both ends of a security association are a security gateway
A number of hosts on networks behind firewalls may engage in secure communications without implementing IPsecSlide41
Summary
HTTPS
Connection institution
Connection closure
IPv4 and IPv6 securityIP security overviewThe scope of IPsecSecurity associationsEncapsulating security payloadTransport and tunnel modes
Secure E-mail and S/MIME
MIMES/MIMEDomainKeys identified mail
Internet mail architectureDKIM strategySSL and TLSTLS architectureTLS protocolsTLS attacksSSL/TLS attacksSlide42
Chapter 24
Wireless Network SecuritySlide43
IEEE 802.11 - WIFI
802.11a - Wireless network bearer operating in the 5 GHz ISM band with data rate up to 54 Mbps
802.11b - Wireless network bearer operating in the 2.4 GHz ISM band with data rates up to 11 Mbps
802.11e - Quality of service and
prioritisation 802.11f - Handover 802.11g - Wireless network bearer in 2.4 GHz ISM band with data rates up to 54 Mbps ; compatible with 802.11b, 802.11n802.11h - Power control 802.11i - Authentication and encryption 802.11j - Interworking 802.11k - Measurement reporting 802.11n - Wireless network bearer operating in the 2.4 and 5 GHz ISM bands with data rates up to 600 Mbps 802.11s - Mesh networking
802.11ac - Wireless network bearer operating below 6GHz to provide data rates of at least 1Gbps per second for multi-station operation and 500 Mbps on a single link
802.11ad - Wireless network bearer providing very high throughput at frequencies up to 60GHz 802.11af - Wi-Fi in TV spectrum white spaces (often called White-Fi) Slide44
Wireless Attacks
Eavesdrop Attacks
Accidental Association
: Connecting through the wrong Access Point
Malicious Association: Connecting through a Spoofed or Rogue Access Point (Evil Twin)Ad hoc Network: Connecting through another StationActive AttacksNontraditional Networks: Other protocols (Bluetooth, PDAs) may be insecureIdentity Theft: Impersonation of MAC addressDenial of Service: Bombarding a WLAN with messagesNetwork Injection: Attacker inject packets to affect connection or network configurationKISMET: Displays local WLANs, including no SSID broadcast. Lists characteristics, security of eachSlide45
Securing Wireless Transmissions
Hide Service Set Identifier (SSID)
SSID is network name
“Disable SSID broadcasting” = true
Assign cryptic nameReduce External Signal StrengthReduce power levelPosition AP in innermost buildingUse directional antennasUse signal-shielding techniquesEncrypt all transmissions (WPA2 best)Slide46
Wireless Security
Key factors contributing to higher security risk of wireless networks compared to wired networks include:
Channel
Wireless networking typically involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks
Wireless networks are also more vulnerable to active attacks that exploit vulnerabilities in communications protocolsMobilityWireless devices are far more portable and mobile, thus resulting in a number of risksResourcesSome wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited memory and processing resources with which to counter threats, including denial of service and malware
Accessibility
Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations, thus greatly increasing their vulnerability to physical attacksSlide47Slide48
Wireless Network ThreatsSlide49
Securing Wireless Transmissions
Principal threats are eavesdropping, altering or inserting messages, and disruption
Countermeasures for eavesdropping:
S
ignal-hiding techniquesEncryptionThe use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissionsSlide50
Securing Wireless Networks
T
he main threat involving wireless access points is unauthorized access to the network
P
rincipal approach for preventing such access is the IEEE 802.1X standard for port-based network access controlThe standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless networkUse of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoorsSlide51
Wireless Network Security TechniquesSlide52
Mobile Device Security
An organization’s networks must accommodate:
Growing use of new devices
Significant growth in employee’s use of mobile devices
Cloud-based applicationsApplications no longer run solely on physical servers in corporate data centersDe-perimeterizationThere are a multitude of network perimeters around devices, applications, users, and dataExternal business requirementsThe enterprise must also provide guests, third-party contractors, and business partners network access using various devices from a multitude of locationsSlide53
Security ThreatsSlide54Slide55Slide56
Table 24.1
IEEE 802.11 TerminologySlide57
Wireless Fidelity
(Wi-Fi) Alliance
802.11b
First 802.11 standard to gain broad industry acceptanceWireless Ethernet Compatibility Alliance (WECA)Industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperatingLater renamed the Wi-Fi AllianceTerm used for certified 802.11b products is Wi-FiHas been extended to 802.11g productsWi-Fi Protected Access (WPA)Wi-Fi Alliance certification procedures for IEEE802.11 security standards
WPA2 incorporates all of the features of the IEEE802.11i WLAN security specificationSlide58Slide59Slide60
Table 24.2
IEEE 802.11 ServicesSlide61
Distribution of Messages
Within a DS
T
he two services involved with the distribution of messages within a DS are:
DistributionIntegrationSlide62
Association-Related Services
T
ransition types, based on mobility:
N
o transitionA station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSSBSS transitionStation movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the stationESS transitionStation movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by 802.11 cannot be guaranteedSlide63
ServicesSlide64
Wireless LAN Security
Wired Equivalent Privacy (WEP) algorithm
802.11 privacy
Wi-Fi Protected Access (WPA)
Set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standardRobust Security Network (RSN)Final form of the 802.11i standardWi-Fi Alliance certifies vendors in compliance with the full 802.11i specification under the WPA2 programSlide65Slide66Slide67Slide68Slide69
MPDU Exchange
A
uthentication phase consists of three phases:
C
onnect to ASThe STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the ASEAP exchangeAuthenticates the STA and AS to each otherSecure key deliveryOnce authentication is established, the AS generates a master session key and sends it to the STASlide70Slide71
Table 24.3
IEEE 802.11i
Keys for Data Confidentiality and Integrity Protocols
(Table can be found on page 724 in the textbook.)Slide72
Temporal Key Integrity Protocol (TKIP)
D
esigned to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP
P
rovides two services:Slide73
Counter Mode-CBC MAC Protocol (CCMP)
Intended for newer IEEE 802.11 devices that are equipped with the hardware to support this scheme
P
rovides two services:Slide74Slide75
Summary
IEEE 802.11i wireless LAN security
IEEE 802.11i services
IEEE 802.11i phases of operation
Discovery phaseAuthentication phaseKey management phaseProtected data transfer phaseThe IEEE 802.11i pseudorandom functionWireless SecurityWireless network threatsWireless security measures
Mobile device security
Security threatsMobile device security strategyIEEE 802.11 wireless LAN overview
The Wi-Fi allianceIEEE 802 protocol architectureIEEE 802.11 network components and architectural modelIEEE 802.11 services