Upload
cameron-griffin
View
251
Download
5
Tags:
Embed Size (px)
Citation preview
Cryptography
Encrypt before sending, decrypt on receiving (plain text and cipher text)
Cryptography & Secure Transactions
CryptographyAll cryptosystems are based only on three Cryptographic All cryptosystems are based only on three Cryptographic
Algorithms:Algorithms:
Cryptography & Secure Transactions
Message Digest Message Digest (MD2-4-5, SHA, SHA-1, …)(MD2-4-5, SHA, SHA-1, …)
Private KEY Private KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)(Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)
PUBLIC KEY PUBLIC KEY (DSA, RSA, …)(DSA, RSA, …)
Maps variable length plaintext into fixed length ciphertextMaps variable length plaintext into fixed length ciphertextNo key usage, computationally infeasible to recover the plaintextNo key usage, computationally infeasible to recover the plaintext
Encrypt and decrypt messages by using the same Secret KeyEncrypt and decrypt messages by using the same Secret Key
Encrypt and decrypt messages by using two different Keys: Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)Public Key, Private Key (coupled together)
CryptographyTwo components: key, and the algorithmAlgorithms are publicly known and Secrecy is in the KeyKey distribution must be secure
Cryptography & Secure Transactions
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
KeyKey KeyKeyHello WorldHello World &$*£(“!273&$*£(“!273 Hello WorldHello World
CryptographySymmetric Key Cryptography (DES, Triple DES, RC4): KE = KD
Asymmetric Key Cryptography (RSA): KE KD
Cryptography & Secure Transactions
Private Key CryptographyThe Sender and Receiver share the same Key which is private
Cryptography & Secure Transactions
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
Sender/Receiver’sSender/Receiver’s Private Key Private Key
Sender/Receiver’s Sender/Receiver’s Private KeyPrivate Key
Public Key CryptographyBoth the Sender and Receiver have their Private Key and Public Key
Messages are encrypted using receiver’s Public Key and the receiver decrypts it using his/her Private Key
Cryptography & Secure Transactions
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
Receiver’s Public KeyReceiver’s Public Key Receiver’s Private KeyReceiver’s Private Key
Digital Signature
Cryptography & Secure Transactions
Hash Function Hash Function
MessageMessage
SignatureSignature
Private KeyPrivate Key EncryptionEncryption
DigestDigest
MessageMessage
DecryptionDecryption
Public KeyPublic Key
ExpectedExpectedDigestDigest
ActualActualDigestDigest
Hash Function Hash Function DigestDigest
AlgorithmAlgorithm
DigestDigest
AlgorithmAlgorithm
Digital CertificateSecure HTTP (HTTPS) communication is done using Public Key Cryptography
The public Keys are distributed using Digital Certificates
Digital Certificates contain the Public Key and is digitally signed by a trusted Certificate Authority (CA) like Verisign or Thawte
Cryptography & Secure Transactions
Digital Certificate
Cryptography & Secure Transactions
CERTIFICATE
IssuerIssuer
SubjectSubject
IssuerIssuerDigitalDigitalSignatureSignature
Subject Public KeySubject Public Key
SET Architecture
Cryptography & Secure Transactions
End End UserUser
PaymentPaymentGatewayGateway
Web SiteWeb Site
CreditCreditCard Card CompanyCompany
INTERNET Security ThreatsHacking
DoS
Reconnaissance
Malware
Mail SPAM
Phishing
Botnets
INTERNET Security
HackingUnauthorized Access: From a small few thousand Rupees fraud using somebody’s Credit Card to Bringing down the economy by hacking into share market online trading servers
Intruders will take advantage of hidden features or bugs to gain access to the system.
Common types of Hacking attacks include:Buffer Overflow attack to get root access
SSH Dictionary attack to get root access
Defacing website using apache vulnerabilities
Installing malicious codes
INTERNET Security
DoSDenial of Service (DoS) attempts to collapse the service or resource to deny access to anyone.
Common types of DoS attacks:ICMP Flooding
TCP SYN Flooding
UDP Flooding
Distributed Denial Of Service Attacks (DDOS) can be defined as a denial of service attack with several sources distributed along the Internet that focuses on the same target.
INTERNET Security
ReconnaissanceReconnaissance attacks include
Ping SweepsDNS zone transfersTCP or UDP port scansIndexing of public web servers to find cgi holes
INTERNET Security
MalwareThe Wikipedia definition of Malware is:
“Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a blend of the words “malicious” and “software”. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.”
Different types of Malware are Viruses, Worms, Trojan Horses, Adwares, Spywares and any other malicious and unwanted software.
INTERNET Security
Malware: Virus
INTERNET Security
A computer virus is a self-replicating Computer Program written to alter the way a computer operates, without the permission or knowledge of the user.
It can damage the computer by damaging programs, deleting files, or reformatting the hard disk. It is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce by attaching to other programs and wreak havoc.
Viruses usually need human action to replicate and spread.
Malware: Worms
INTERNET Security
A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other systems
and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an
existing program. Worms always harm the network (if only by consuming
bandwidth), whereas viruses always infect or corrupt files on a targeted computer.
Today, worms are most commonly written for the Windows OS, although a small number are also written for Linux and Unix systems.
Worms work in the same basic way: they scan the network for computers with vulnerable network services, break in to those computers, and copy themselves over.
Malware: Trojan
INTERNET Security
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload.
The payload may take effect immediately and can lead to many undesirable effects, such as deleting all the user's files, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals.
Malware: Spyware
INTERNET Security
Spyware is a general term used for software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent.
Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.
Other kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash.
There are a number of ways spyware or other unwanted software can get on your system. A common trick is to covertly install the software during the installation of other software you want such as a music or video file sharing program.
Mail Spam
Email that has been unsolicited, with no meaningful content to the receiver– Advertising– Research– Fraud / Schemes– Viruses
(40% email is spam)Spam are generated using– Open Mail Relays– Spammer Viruses & Trojans– Botnets
INTERNET Security
PhishingScam to steal valuable information such as credit cards, social security numbers, user IDs and passwords. Official-looking e-mail sent to potential victims
Pretends to be from their ISP, retail store, etc., Due to internal accounting errors or some other pretext, certain information must be updated to continue the service.
Link in e-mail message directs the user to a Web page
Asks for financial informationPage looks genuine
Easy to fake valid Web siteAny HTML page on the real Web can be copied and modifiedThe location of the page is changed regularly
INTERNET Security
BotnetsBots are compromised machines which are executing malicious codes installed in them
A botnet is a collection of compromised computers—bots
They have become the major sources of Spam, Malwares, DoS attacks etc.
INTERNET Security
Prevention TechniquesSome of the prevention tools include:
Network Firewall
Host Firewall
IDS/IPS
Mail Antispam and Antivirus Appliances
UTM Appliances
Application and OS Hardening
INTERNET Security
Firewall RulesIP Address of Source (Allow from Trusted Sources)
IP Address of Destination (Allow to trusted Destinations)
Application Port Number (Allow Mail but restrict Telnet)
Direction of Traffic (Allow outgoing traffic but restrict incoming traffic)
Firewall
Firewall Rules
Linux Security
To allow incoming and outgoing SMTP traffic:
Direction Prot Src Dest Dest Src Action
Addr Addr Port Port
1. outbound TCP internal external 25 >=1024 allow
2. inbound TCP external internal >=1024 25 allow
3. inbound TCP external internal 25 >=1024 allow
4. outbound TCP internal external >=1024 25 allow
5. * * * * * * deny
Firewall ImplementationHardware Firewall: Dedicated Hardware Box (Cisco PIX, Netscreen )
Software Firewall: Installable on a Server (Checkpoint)
Host OSs (Windows XP/Linux) also provide software firewall features to protect the host
Firewall
LINUX Firewall
Linux Security
Use GUI (Applications ->System Settings-> Security Level) to activate the firewall
Allow standard services and any specific port based application
All other services and ports are blocked
IDS
IDS/IPS
An intrusion detection system is used to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall.
It detects network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).
IDS/IPS – What They Will Do
IDS/IPS
IDS/IPS use intrusion signatures to identify the intrusion.
Detect and Block Network and Application Scans Against a Network - Powerful Capability in Anticipating an Attack
Block Nearly all Forms of Denial of Service Attacks in Real Time
Completely Stop Brute Force, Password Cracks, Dictionary Attacks, etc.
Block Virus & Worm Propagation
Provide URL filtering and block Spyware
Antispam Firewall
IDS/IPS
Antispam Techniques includeDNS Black List
DNS Reverse Lookup (PTR) check
Subject & Body content
SMTP Callback
Rate Limiting
Personal Whitelist and Blacklist
UTM
UTM
UTM incorporates firewall, intrusion detection and prevention, Anti Spam and Anti Virus in one high-performance appliance
Host Hardening
Host Hardening
Web application hardening
Outbound filtering
Host hardening
Application and OS Patching
WLAN Security
INTERNET Security
WLANs create a new set of security threats to enterprise networks such as – Sniffing– Rogue APs – Mis-configured APs – Soft APs– MAC Spoofing – Honeypot APs – DoS– Ad hoc Networks
WLAN Security
INTERNET Security
Techniques used to secure WLANs include – Do not broadcast SSID, – Use encryption (WEP, 802.1x) – Use WLAN Firewalls