Upload
steven-jenkins
View
227
Download
2
Tags:
Embed Size (px)
Citation preview
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 2
ObjectivesUnderstand the many processes involved
with the development of a comprehensive security policy and security architecture.
Understand the importance of a well-developed and implemented security policy and associated people processes to effective security technology implementation.
Understand the concepts, protocols, etc. related to Virus Protection, firewalls, authentication, and encryption.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 3
Business Impact
Impact on business when network security is violated by on-line thieves ?According to federal law enforcement estimates
in USA, more than $ 10 billion worth of data is stolen annually in the US only.
In a single incident, 60,000 credit and calling card numbers were stolen.
50 % of computer crimes are committed by a company’s current or ex-employees.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 4
Security Policy Development Life Cycle
Identify business related security issues
Analyze security risks, threats, and
vulnerabilities
Design the security architecture and the
associated processes
Implement security technology and
processes
Audit impact of security technology and
processes
Evaluate effectiveness of current architectures
and policies
A method for the development of a comprehensive network security policy is known as SPDLC.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 5
Identification of Business-related security issues
It is security requirement assessment.What do we have to lose?What do we have worth stealing?Where are the security holes in our business processes?
How much can we afford to lose?How much can we afford to spend on network security?
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 6
Analysis of Risks, Threats, Vulnerabilities
Information asset evaluation – what is worth protecting ?
Network architecture documentation – What is the current state of the network?
How many unauthorized modems are dialing in?
Identify all assets, threats and vulnerabilities.Determine risks and create protective measures.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 7
Architecture and Process Design
Logical design of security architecture and
associated processes.
What must be the required functionality of the
implemented technology?
What business processes implemented and
monitored by people must match this security
architecture?
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 8
Security Technology and Process Implementation
Choose security technology based on logical design requirements.
Implement all security technology with complementary people process.
Increase overall awareness of network security and implement training.
Design ongoing education process for all employees including senior management.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 9
Audit Impact of Security Technology & Processes
Ensure that implemented policy and
technology are meeting initial goals.
Institute a method to identify exceptions to
security policy standards and deal with these
exceptions swiftly.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 10
Evaluate effectiveness of Current Architecture and Processes
Based on results of ongoing audits,
evaluate effectiveness of current policy and
architecture of meeting high-level goals.
Adjust policy and architecture as required
and renew the cycle.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 11
Security Requirements Assessment (SRA)
Proper SRA implies that appropriate security
processes and technology have been applied
for any given users or group’s access to or
from any potential corporate information
resource.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 12
Scope Definition and Feasibility Studies
Before proceeding blindly with a security policy development project, it is important to properly define the scope or limitations of the project.
The feasibility study provides an opportunity to gain vital information on the difficulty of the security policy development process as well as the assets (human and financial) required to maintain such a process.
One of the key issues is deciding on the balance between security and productivity.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 13
Security vs. Productivity Balance
High risk
Low cost
Open access
No productivity loss
Open access may lead to data
loss or data integrity problems
which may lead to productivity
loss.
Lack of security may
ultimately have
negative impact on
productivity
No productivity loss
occurs from access
restrictions
SECURITYPRODUCTIVITY
Lack of Security
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 14
Security vs. Productivity Balance
High cost
Low risk
Restrictive access
Productivity loss
Over restrictive security may
lead to noncompliance with
security processes which may
lead to loss of security
SECURITYPRODUCTIVITY
Over restrictive
security causes
productivity decline
Security needs take
priority over user
access
Over Restrictive Security
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 15
Security vs. Productivity Balance
Balanced risk and costs
Restrictiveness of security
policy balanced by people's
acceptance of those policies
SECURITYPRODUCTIVITY
Minimize negative
impact on
productivity
Maximize security
processes
BALANCE
Optimal Balance of Security and Productivity
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 17
Security vs. Productivity Balance
How to define the balance between security
and productivity?
Identify assets
Identify threats
Identify vulnerabilities
Consider the risks
Identify risk domains
Take protective measures
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 18
Data/Information ClassificationUnclassified/Public
Information having no restrictions as to storage, transmission, or distribution.
SensitiveInformation whose release could not cause
damage to corporation but could cause potential embarrassment or measurable harm to individuals, e.g. salaries & benefits of employees.
ConfidentialInformation whose release could cause
measurable damage to the corporation, e.g. corporate strategic plans, contracts.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 19
Data/Information Classification
SecretInformation whose release could cause serious
damage to a corporation. E.g., trade secrets, engineering diagrams, etc.
Top secretInformation whose release could cause severe
or permanent damage. Release of such information could literally put a company out of business. Secret formulas for key products would be considered top secret.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 20
Assets
Corporate property of some value that require varying degrees of protection.
Assets needed network security are:Corporate data (highest priority)Network hardwareSoftwareMedia to transport data
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 21
ThreatsProcesses or people that pose a potential
danger to identified assets, can be:Intentional or unintentional, natural, or man-made.
Network related threats include:HackersFiresFloodsPower failuresEquipment failuresDishonest employeesIncompetent employees
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 22
Vulnerabilities Manner or path by which threats are able to attack
assets. Can be thought of as weak links in overall security
architecture and should be identified for every potential threat/asset combination.
Vulnerabilities that have been identified can be blocked.
After identifying vulnerabilities, the questions are: How should a network analyst proceed in developing
defenses to these vulnerabilities? Which vulnerabilities should be dealt with first? How can a network analyst determine an objective means
to prioritize vulnerabilities?
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 23
RisksProbability of a particular threat successfully
attacking a particular asset in a given amount of time via particular vulnerability.
By considering the risk, network analysts are able to quantify/calculate the relative importance of threats and vulnerabilities.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 24
ASSET THREAT
VULNERABILITY
RISK
PROTECTIVE MEASURES
GOLDMAN & RAWLES: ADC3e FIG. 13-07
Assets, Risks, ProtectionMultiple protective measures
may need to be established between given threat/asset combinations.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 25
Protective measures
There might exist multiple vulnerabilities (paths) between a given asset and a given threat So multiple protective measures need to be established
between given threat/asset combinations
Major categories of potential protective measures Virus protection Firewalls Authentication Encryption Intrusion Detection
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 26
Threats and Protective Measures
camouflage
Spying/listen in
A common technique spammers use is to configure the From line in an e-mail message to hide the sender's identity.
Modification of data through unauthorized means (e.g., while entering the data)
Trying every word in dictionary as a possible password.
attacker is able to read, insert and modify messages b/w two parties
Computer program masquerading as a game or any “cute” program. However, when it runs it does something else - like erasing the hard drive or blocking the screen with a graphic that will not go away.
Form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed by someone who intercepts the data and retransmits it, possibly as part of a masquerade attack
A generic class of attacks where a host, or a segment, or an entire network is brought down and becomes unusable by legitimate users.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 27
Once policies have been developed, it is up to everyone to support those policies in their own way.
Having been included in the policy development process, users should also be expected to actively support the implemented acceptable use policies.
Threats and Protective Measures
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 32
Virus Protection
Virus protection is often the first area of network security addressed by individuals or corporations.
A comprehensive virus protection plan must combine policy, people, processes, and technology to be effective.
Too often, virus protection is thought to be a technology-based quick fix.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 33
Most common microcomputer security violation.
90% of the organizations surveyed with 500 or more
PCs experience at least one virus incident per month.
Complete recovery from a virus infections costs and
average of $8300 and over a period of 22 working
days.
In Jan 1998, there were over 16,000 known viruses,
with as many as 200 new viruses appearing per month.
Virus Protection
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 34
Virus Categories Virus symptoms, methods of infection, and outbreak mechanisms can vary widely, but all viruses share a few common behaviors.
Most viruses work by infecting other legitimate programs and causing them to become destructive or disrupt the system.
Most viruses use some type of replication method to get the virus to spread and infect other programs, systems, or networks.
Most viruses need some sort of trigger or activation mechanism to set them off. Viruses may remain dormant and undetected for long periods.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 35
Virus Categories Some viruses have a delayed action, which is sometimes called a bomb. E.g., a virus might display a message on a specific day or wait until it has infected a certain number of hosts.
Two main typesTime bombs: A time bomb occurs during a
particular date or time.Logic bombs: A logic bomb occurs when the user
of a computer takes an action that triggers the bomb. E.g., run a file, etc.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 36
Virus CategoriesFile infectors: attack the executable, or program files.
System/boot infectors: changes the MBR-Master Boot Record an area containing all statements to load the operating system.
Multipartite viruses: also multi-part, attack both the boot sector and the executable, or program files at the same time.
Hostile applets: Java applets that consume resources in rude or malicious ways, so that either all the CPU or memory resources of the computer are consumed.
E-mail viruses: e-mail attachments with spam.
Cluster/File system viruses: changes the system's FAT-File Allocation Table an index of names and addresses of files.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 37
Antivirus Strategies (AS) Effective AS must include
PolicyProceduresTechnology
AS Policies and Procedures Identify virus infection vulnerabilities and design protective
measures. Install virus scanning software at all points of attacks.All diskettes must be scanned at a stand-alone scanning
PC before being loaded onto network attached clients or servers.
All consultants and third party contractors should be prohibited from attaching their notebook computers to the corporate network without scanning.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 38
All vendors must run demos on their own
equipment.
Shareware/downloaded software should be
prohibited or controlled and scanned.
All diagnostic and reference diskettes must be
scanned before use.
Write protect all diskettes with .exe, .com files.
Create a master boot record that disables write to
hard drive when booting from a diskette, etc.
AS Policies and Procedures
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 39
AS Antivirus Technology
Viruses can attack Locally or remotely attached client platforms
Server platforms
Entrance to the corporate network via the
Internet
At each entrance point, viruses must be
detected and removed.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 40
AS Antivirus Technology
Virus Scanning is the primary method for successful
detection and removal.
Software most often works off a library of known
viruses.
Purchase antivirus software which updates virus
signatures at least twice per month.
Typically, vendors update virus signatures files every
4 hours, with hourly updates expected in near future.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 41
AS Antivirus Technology Emulation technology attempts to detect as yet
unknown viruses by running programs with a software emulation program known as a virtual PC.
Execution program can be examined in a safe environment for any unusual behavior of other tell-tale symptoms of resident viruses.
Proactive rather than reactive. Advantage: identification of potentially unknown
viruses based on their behavior rather than by relying on identifiable signatures of known viruses.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 42
AS Antivirus Technology
Such programs are also capable of trapping encrypted or polymorphic viruses that are capable of constantly changing their identities or signatures.
Some of these programs are also self-learningKnowledge of virus-like activity increases with
experience.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 43
AS Antivirus Technology CRC checkers or Hashing checkers create and save
unique cyclical redundancy check character or hashing number for each file to be monitored.
Each time the file is saved, the new CRC is checked against the reference CRC.
If CRCs are different file has changed A program evaluates changes to determine a
likelihood that changes were caused by a viral infection.
Disadvantage: able to detect viruses after infection, which may already be too late.
Decoys: files that are allowed to be infected to detect and report on virus activity.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 44
AS Antivirus Technology
Active content monitor to identify viruses and malicious content such as
Java applets or Active X controls that may be introduced via Internet connectivity.
Able to examine transmission from the Internet in real time and identify known malicious content based on definition librariescontents of reference
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 45
Router
Point of Attack: Client PC Vulnerabilities
Infected diskettes Groupware conferences with infected documents
Protective Measures Strict diskette scanning policy Autoscan at system start-up
Point of Attack: Internet Access Vulnerabilities
Downloaded viruses Downloaded hostile agents
Protective Measures Firewalls User education about the dangers of downloading
Point of Attack: Server Vulnerabilities
Infected documents stored by attached clients Infected documents replicated from other groupware servers
Protective Measures Autoscan run at least once a day Consider active monitoring virus checking before allowing programs to be loaded onto server Rigorous backup in case of major outbreak Audit logs to track down sources
Point of Attack: Remote Access Users Vulnerabilities
Frequent up/downloading of data and use of diskettes increase risk Linking to customer sites increases risk
Protective Measures Strict diskette scanning policy Strict policy about the connection to corporate networks after linking to other sites.
INTERNET
hub
Client PC
Remote Access Users
Server
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 46
Firewalls When a company links to the Internet, a two-way
access point, out of as well as into that company’s confidential information is created.
To prevent unauthorized access from the Internet to company’s confidential data, firewall is deployed.
Firewall runs on dedicated server that is connected to, but outside of, the corporate network.
All network packets are filtered/examined for authorized access.
Firewall provides a layer of isolation between inside network and the outside network.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 47
FirewallsDoes it provide full protection? No !!, if
Dial-up modems access remains uncontrolled or unmonitored.
Incorrectly implemented firewalls may introduce new loopholes.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 48
Firewall Architectures
No standards for firewall functionality, architectures, or interoperability.
As a result, user must be especially aware of how firewalls work to evaluate potential firewall technology purchase.
Three architectures Packet FilteringApplication Gateways
Circuit-level Gateways
Internal Firewalls
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 49
Packet Filtering Every packet of data on the Internet is uniquely
identified by the source and destination addresses. E.g., addresses in the header
Filter is a program that examines the source and destination addresses of all incoming packets to the firewall server.
Filter tables are list of addresses whose data packets and embedded messages are either allowed or prohibited from proceeding through the firewall server and into the corporate network.
It is based on user-defined rules. Also called as port level filter or network level filter.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 50
Packet Filtering Routers are also capable of filtering packets-means
an existing piece of technology can be used for dual purposes.
Dedicated packet-filtering firewalls are usually easier to configure and require less in-depth knowledge of protocols to be filtered or examined.
But maintaining filter tables and access rules on multiple routers is not a simple task.
Packet filtering has limitations in terms of level of security it provides. IP spoofing is used by hackers to breach packet filters. Since packet filters make all filtering decisions based on IP
source and destination addresses, if a hacker can make a packet appear to come from an authorized or trusted IP address, then it can pass through the firewall.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 52
Application Level Filters (ALFs) Also known as
Application gateways Assured pipelines Proxies
Go beyond port level filters in their attempts to prevent unauthorized access.
Port level filters determine the legality of the party asking for information.
ALFs ensure the validity of what they are asking for in addition to who is making that request.
Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 53
Circuit Level Filters Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Socks creates a proxy data channel to the application server on behalf of the application client.
Socks can control traffic by disabling or enabling communication according to TCP port numbers. Sock4 – allows outgoing firewall applications. Sock5 – supports both incoming and outgoing firewall
applications as well as authentication.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 55
Dual-Homed Gateway Both application gateway & packet-filtering router are
used in dual-homed gateway for increased security . Application gateway is physically connected to the
private secure network & the packet-filtering router is connected to the non-secure network or the Internet.
Between the application gateway and the packet-filtering router is an area known as the screened subnet.
Also attached to this screened subnet are information servers, WWW servers, or other servers that the company may wish to make available to outside users. However, all outside traffic still goes through the application gateway first, and then to the information servers.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 57
Trusted Gateway
In this, certain applications are identified as trusted and are able to bypass the application gateway entirely and establish connections directly rather than be executed by proxy.
In this way, outside users can access information servers and WWW servers without tying up the proxy applications on the application gateway.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 59
Internal Firewalls Internal firewalls – the need
60% of the network attacks are made by internal users. Dissatisfied employees, former employees etc. are
responsible for different incidents of network hacking. 30% of Internet sites that reported breaches had firewalls in
place.
Internal firewalls are a new category of software to handle internal attacks.Packet filtering works primarily at the network layer. Circuit filtering works at the transport layer. Application filtering works at the application layer.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 60
DMZ There are times that an organization wants remote
users to have access to items on their network. E.g., Web site Online business FTP download and upload area
In cases like this, better to create a (Demilitarized Zone) DMZ. It is really just an area that is outside the firewall.
Think of DMZ as the front yard of your house. It belongs to you and you may put some things there, but you would put anything valuable inside the house where it can be properly secured.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 64
Proxy Server The word “proxy” means “one who is authorized to act on
behalf of another”. A proxy server is a special type of firewall which acts on behalf
of many individual users in screening network traffic into, and out of, a company's network.
Typically, an Internet proxy server is used to gather all user requests, forward them out to the Internet, receive the responses, and in turn forward them to the originating requester.
To the individual user, the proxy server is invisible, that is, all Internet requests and returned responses appear to be directly with the Internet server addressed via a specified URL. To the external world, a proxy server appears as a single network user submitting requests, and advertises only one network address on behalf of many local users.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 65
Proxy Server A proxy server provides two distinct firewall services. First, it limits the Internet services to which users of a
company's network may access. E.g., a company's security policy may dictate that corporate network users are allowed e-mail and web access, while prohibiting file transfer capabilities.
Second, the proxy server limits a company's network appearance to the outside world by masking internal address schemes, thereby minimizing hacker access to a company's internal resources.
Proxy servers can also make Internet access more efficient. If a page is accessed on a Web site, it is cached (stored) on the proxy server. This means that the next time when that page is accessed again, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 66
Authentication and Access Control The overall purpose of Authentication is to ensure that
users attempting to gain access to networks are really who they claim to be.
Password protection was the traditional means to ensure authentication.
Password protection is no longer sufficient. More is needed.
A wide variety of Authentication Technology (AT) has been developed to ensure that users really are who they say they are.
Products fall into three main categories.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 67
Three categories are:1. What you know: AT that delivers single sign-on
(SSO) access to multiple network-attached servers and resources via passwords. PassGo SSO from Axent Technologies Global Sign On from IBM
2. What you have: AT that uses one-time or one-session passwords to authenticate user. This AT requires the user to possess some type of smart card or other token authentication device to generate these single use passwords.
3. What you are: AT that validates users based on some physical characteristic such as finger prints, hand geometry, retinal scans etc.
Authentication and Access Control
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 68
1. Single Sign-On (SSO) Single sign-on (SSO) - also sometimes known as
secure single sign-on (SSSO), allows users to log into the enterprise network and authenticated from their client PC location.
It is not necessary for users to remember a variety of different user Ids and passwords to the numerous different enterprise servers from which they may request services.
Since this is the single entry point onto the enterprise network for users, log auditing software can be used to keep non-repudiable records of all activities and transactions.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 69
Single Point of Registration (SPR) Single point of registration (SPR) - allows a
network security manager to enter a new user (or delete a terminated user) from a single centralized location.
He can assign all associated rights, privileges, and access control to enterprise resources from this single point rather than having to enter this new user's information on multiple resources distributed throughout the enterprise.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 70
Secure HTTP (SHTTP) Secure HTTP is a secure version of HTTP that
requires both client and server S-HTTP versions to be installed for secure end-to-end encrypted transmission.
Based on public key encryption, providing security at the document or application level since it works with the actual HTTP applications to secure documents and messages.
Uses digital signature encryption to assure that the document possesses both authenticity and message integrity.
SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 71
Secure Sockets Layer (SSL) Described as wrapping an encrypted envelope around HTTP
transmissions. Whereas S-HTTP can only be used to encrypt web documents, SSL can be wrapped around other Internet service transmissions such as FTP, and Telnet as well as HTTP.
SSL is a connection-level encryption method providing security to the network link itself.
Used for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
Many web sites use it to obtain confidential user information, such as credit card numbers, etc.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 72
Single Access Control View
Single access control view - allows the user's access from their client workstation to only display those resources that the user actually has access to.
Any differences between server platforms should be shielded from the user. The user should not need to memorize different commands or control interfaces for the variety of enterprise servers that a user may need to access.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 73
2.Token Authentication (TAu)–Smart Cards This technology provides one-time-use session
passwords that are authenticated by associated
server software. TAu may be of multiple forms: Hardware based smart cards that are about the size of a
credit card with a numeric keypad.
In-line TAu devices that connect to the serial port of a
computer for dial-in authentication through a modem.
Software tokens that are installed on client PC and
authenticate with the server portion of the token
authentication product transparently to the end user. PIN is
required to activate authentication process.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 74
Challenge & Response
Terminal Challenges the Smart Card
1. Terminal generates a random number
2. Smart card encrypts it with its key and sends it back to the terminal
3. Terminal decrypts it with its own key. If the number is same as it is generated by the terminal’s random number generator,It will authenticate the smart card.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 75
Challenge & Response (contd.)
Smart Card Challenges the Terminal 1. Smart card generates a random number2. Terminal
encrypts it with its key and sends it back to the smart card 3. Smart card decrypts it with its own key.
If the number is same as it is generated by the smart card’s random number generator,It will authenticate the terminal.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 76
3. Biometric Authentication (BA) BA can authenticate users based on
finger prints palm prints retinal patterns hand geometry facial geometry voice recognition Other physical characteristics
Not yet perfect or fool proof. False rejects – BA device comparison algorithm configured
very sensitive. False Accepts - BA device comparison algorithm not detailed
enough.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 77
AuthorizationCan be seen as a subset of authentication.Authorization ensures that only properly
authorized users are able to access particular network resources or corporate information resources.
The authorization security software can be either:Server based – also known as brokered
authorization.Work-station based – also known as trusted node.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 78
EncryptionEncryption involves the changing of data into
an impossible to read form before transmission.
If the transmitted data are somehow intercepted, that cannot be interpreted.
The changed, unmeaningful data is known as ciphertext.
Encryption must be accompanied by decryption, or changing the unreadable text back into its original form.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 79
RADIUS (Remote Authentication Dial-In User Service) RADIUS allows network managers to centrally manage remote
access users, access methods, and logon restrictions. A client/server protocol that enables remote access servers to
communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
AAA protocol (Authentication, Authorization and Accounting) The RADIUS protocol improves network security by providing a
mechanism for authenticating remote users connecting to the network. It does this by carrying authentication, authorization and configuration information between a Network Access Server (NAS) and a RADIUS server.
A NAS, also known as a Remote Access Server (RAS), is a device that provides an access point to a network for remote users connecting through remote access protocols such as telnet, ftp or PPP.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani
Logical System View
PPP IP
RemoteServer
InformationProvider
Workstation Modem
CustomerNAS / RAS
ROUTER
RADIUS AAA SERVER
USER DB
ISP POP
PSTN
Internet
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 82
VPN (Virtual Private Network) VPN is a private network that uses a public network
(usually the Internet) to connect remote sites or users together. Instead of using a dedicated connection such as leased line, a VPN uses “virtual” connections routed though the internet.
Tunneling is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.
A
C
D
E
F
G
H IB
Tunnel
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 83
Tunneling Protocols and VPN To provide VPN capabilities using the Internet as an enterprise network
backbone, specialized tunneling protocols were developed that could establish private, secure channels between connected systems.
Point-to-Point Tunneling Protocol
Layer 2 Forwarding protocol
Layer 2 Tunneling Protocol
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 84
Tunneling Protocols and VPNs
A VPN creates an encrypted tunnel across a public network and passes the data destined for the remote location across the tunnel.
The remote workstation gets a local IP address and appears to all computers on the local network as if it were local.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 85
Kerberos A well-known combination authentication/authorization system
developed at MIT & marketed commercially by many. The name Kerberos comes from Greek mythology; it is the three-
headed dog that guarded the entrance.
Kerberos is designed to enable two parties to exchange private information across an open network.
It works by assigning a unique key, called a ticket, to each user that logs on to the network.
The ticket is then embedded in messages to identify the sender of the message.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 86
Kerberos Architecture consists of three key components
Kerberos client software Kerberos authentication server software Kerberos application server software
To be able to ensure that only authorized users are able to access a particular application, Kerberos must be able to communicate directly with that application.
The source code of the application must be modified to make it compatible with Kerberos. If source code is not available, perhaps software vendors sells Kerberized versions of their software.
Kerberos is not able to offer authorization protection to applications with which it cannot communicate.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 87
Kerberos Users are first authenticated by the Kerberos authentication
server, which consults its database & issue a ticket for the valid user to communicate with the ticket granting software (TGS). This ticket is known as a ticket-granting ticket.
Using this ticket, the user sends an encrypted request to the ticket granting software (TGS) requesting a ticket for access to a particular applications server.
If the TGS determines that the request is valid, a ticket is issued that will allow the user to access the requested server. This ticket is known as a service-granting ticket.
The user presents this ticket to the application server, which evaluates the ticket’s validity. If the application determines that the ticket is valid, a client/server session is established.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 89
Security Design Strategies
Make sure that router operating system software has been patched.
Identify those information assets that are most critical to the corporation, and protect those servers first.
Implement physical security constraints to hinder physical access to critical resources such as servers.
Monitor system activity logs carefully.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 90
Security Design Strategies Develop a simple, effective, and enforceable
security policy and monitor its implementation. Consider installing a proxy server or applications
layer firewall. Block incoming DNS queries and requests for zone
transfers. Don’t publish the corporation’s complete DNS map
on DNS servers that are outside the firewall. Disable all non essential TCP ports and services.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 91
Security Design Strategies
Install only software and hardware that you really need on the network.
Allow only essential traffic into and out of the corporate network and eliminate all other types by blocking with routers or firewalls.
Investigate the business case for outsourcing Web-hosting services so that the corporate Web server is not physically on the same network as the rest of the corporate information assets.
Use routers to filter traffic by IP address.
Modified by: Masud-ul-Hasan and Ahmad Al-Yamani 92
Government ImpactGovernment agencies play a major role in the
area of network security. The two primary functions of these various
government agencies are:Standards-making organizations that set
standards for the design, implementation, and certification of security technology and systems.
Regulatory agencies that control the export of security technology to a company’s international locations.