Upload
jason-phillips
View
221
Download
0
Tags:
Embed Size (px)
Citation preview
NETE4630 Advanced Network Security and Implementation 1
Physical Layer Security
Lecture 2Supakorn Kungpisdan
NETE4630 Advanced Network Security and Implementation 2
Roadmap
Defending the Physical Layer Attacking the Physical Layer
NETE4630 Advanced Network Security and Implementation 3
Defending the Physical Layer
The point at which protection should begin Security Controls have three primary goals:
Deter: security lighting and “Beware of Dog” sign Delay: fences, gates, locks, access controls, and mantraps Detect: intrusion detection systems (IDSes) and alarms
Higher layers focus on preventing disclosure, denial, or alteration of information
Physical security focuses on intruders, vandals, and thieves
NETE4630 Advanced Network Security and Implementation 4
Physical, Technical, and Administrative Controls
NETE4630 Advanced Network Security and Implementation 5
Design Security
Design security should begin during the design phase, not at the time of deployment
Physical security of assets and employees should be considered when designing a new facility; well-designed facilities are comfortable and secure
NETE4630 Advanced Network Security and Implementation 6
Key Issues of Design Security
Location Construction Accessibility and Transportation Climatology Utilities Access Control
NETE4630 Advanced Network Security and Implementation 7
Perimeter Security
What to examine: Natural boundaries at the
location Fences or walls around the
site The design of the outer
walls of a building Divisions and choke points
within a building
A series of mechanisms includes: Fences Perimeter Intrusion
Detection and Assessment Systems (PIDAS)
Security lighting Closed-circuit television
(CCTV) Security guards and guard
dogs Warning signs and notices
NETE4630 Advanced Network Security and Implementation 8
Fencing
A fence with proper design and height can delay an intruder and work as a psychological barrier
A risk analysis should be performed to evaluate types of physical assets to be protected 4-foot fence will deter a casual trespasser 8-foot fence will keep a determined intruder out
Need to consider gauge and mesh size of the wire The smaller the mesh, the more difficult it is to climb The heavier the gauge, the more difficult it is to cut
NETE4630 Advanced Network Security and Implementation 9
Gauge and Mesh
16G with 50mm vs 25 mm mesh
NETE4630 Advanced Network Security and Implementation 10
Fencing (cont.)
NETE4630 Advanced Network Security and Implementation 11
PIDAS
Perimeter Intrusion Detection and Assessment Systems PIDAS has sensors that detect intruders and feel vibrations
along the fence The system may produce false positives due to stray deer,
high winds, or other natural events
NETE4630 Advanced Network Security and Implementation 12
Gates, Guards, and Ground Design
UL Standard 325 details requirements for gates with 4 classifications: Residential Class 1 Commercial Class 2 Industrial Class 3 Restricted Access Class 4
Bollards are made of concrete or steel and used to block vehicle traffic or to protect areas where pedestrians are entering or leaving buildings
Security guards need to have job references and be subjected to a background check Web site operation and private investigators
NETE4630 Advanced Network Security and Implementation 13
Bollards
NETE4630 Advanced Network Security and Implementation 14
Gates, Guards, and Ground Design (cont.)
Dogs are loyal but can be unpredictable. Dogs are restricted to exterior control and should be used with caution
Lighting can discourage criminals Most standards list two candlefoot power as the norm for facilities
using nighttime security. Too much light causes over-lighting and glare. It may bleed over
adjacent property With CCTV, activities can be monitored live by a security officer or
recorded and reviewed later British government has installed over 1.5 million CCTV cameras
Warning signs or notices should be posted to deter trespassing
NETE4630 Advanced Network Security and Implementation 15
Facility Security
“Anyone with physical access has the means and the opportunity to commit a crime”
Least Privilege: providing only the minimum amount of access that is required, and restricted non-authorized individuals from entering sensitive areas
Can achieve by examining windows, doors, locks, walls, access control, intrusion detection
NETE4630 Advanced Network Security and Implementation 16
Entry Points
Doors, windows, roof access, fire escapes, delivery access, and chimneys
NETE4630 Advanced Network Security and Implementation 17
Entry Points: Doors
Door functions determine its construction, appearance, and operation
A door designed for security purpose is very solid and durable, with hardened hardware
Interior doors are made of hollow-core wood; exterior doors are made of solid-core wood
Need to perform risk assessment on interior applications
NETE4630 Advanced Network Security and Implementation 18
Entry Points: Doors (cont.)
Doors have fire rating with various configurations: Personal doors Industrial doors Vehicle access doors Bulletproof doors Vault doors
Must examine hardware used to install a door Mantrap is designed so that when the outer door opens,
the inner door locks
NETE4630 Advanced Network Security and Implementation 19
Doors (cont.)
Bullet-proof door
Vault door
NETE4630 Advanced Network Security and Implementation 20
Doors (cont.)
Industrial door Vehicle access door
NETE4630 Advanced Network Security and Implementation 21
Mantrap
NETE4630 Advanced Network Security and Implementation 22
Entry Points: Doors (cont.)
Automatic door locks: fail-safe or fail-secure Fail-safe (unlocked) state allows employees to exit, but
also allows other unauthenticated access Fail-secure (locked) configuration is when the doors
default to being locked, thereby keeping unauthorized individuals out while also preventing access
NETE4630 Advanced Network Security and Implementation 23
Entry Points: Windows
Alarms or sensors may be installed on windows Window types include:
Standard: lowest security, least expensive, easily shattered (แตกละเอี�ยด)
Polycarbonate Acrylic: more stronger than standard glass Wire Reinforced: adds shatterproof protection Laminated: similar to those used in automobiles, strengthen the
glass Solar Film: provide moderate level of security and decrease
potential for shattering Security Film: highest security
NETE4630 Advanced Network Security and Implementation 24
Windows (cont.)
NETE4630 Advanced Network Security and Implementation 25
Entry Points: Walls
A reinforced wall can keep a determined attacker from entering an area
Walls should be designed with firewalls, and emergency lighting should be in place
NETE4630 Advanced Network Security and Implementation 26
Access Control
Access control is any mechanism by which an individual is granted or denied access
Many types include: Mechanical locks Identity card technology
NETE4630 Advanced Network Security and Implementation 27
Access Control: Locks
Warded locks and tumbler locks Warded locks work by matching wards to keys, are
cheapest mechanical lock and easiest to pick Tumbler locks contain more parts and are harder to pick Another type of tumbler lock is the tubular lock, which is
used for computers, vending machines, and other high-security devices
NETE4630 Advanced Network Security and Implementation 28
Warded Locks
NETE4630 Advanced Network Security and Implementation 29
Access Control: Locks (cont.)
NETE4630 Advanced Network Security and Implementation 30
Tumbler Locks (cont.)
Tabular lock
NETE4630 Advanced Network Security and Implementation 31
Access Control: Locks (cont.)
Three basic grades of locks include: Grade 3: The weakest commercial lock (designed for 200,000
cycles) Grade 2: Light duty commercial locks or heavy duty residential
locks (designed for 400,000 cycles) Grade 1: Commercial locks of the highest security (designed for
800,000 cycles)
NETE4630 Advanced Network Security and Implementation 32
Access Control: Physical Controls
Network cabling Select the right type of cable Should be routed through the facility so that it cannot be
tampered with Unused network drop should be disabled; all cable
access points should be secured
NETE4630 Advanced Network Security and Implementation 33
Access Control: Physical Controls (cont.)
Controlling individuals: ID cards with photograph of an individual Intelligent access control devices: contact and contactless
Contact access cards come with different configurations including: Active Electronic: can transmit electronic data Electronic Circuit: has a circuit embedded Magnetic Strips: has a magnetic stripe Optical-coded: contains laser-burned pattern of encoded dots
NETE4630 Advanced Network Security and Implementation 34
Optical Card
NETE4630 Advanced Network Security and Implementation 35
Access Control: Physical Controls (cont.)
Contactless cards function by proximity e.g. RFID (Radio Frequency ID) Passive: powered by RFID reader Semi-passive: has battery only to power microchip Active: battery-powered
Multi-factor authentication is recommended Physical Intrusion Detection
Motion Detectors: audio, infrared, wave pattern, or capacitance Photoelectric sensors Pressure-sensitive devices Glass breakage sensors
Keep in mind that IDSes are not perfect
NETE4630 Advanced Network Security and Implementation 36
Intrusion Detection (cont.)
Glass break sensor
Photoelectric sensor
Motion detection sensor(photoelectric infrared)
NETE4630 Advanced Network Security and Implementation 37
Device Security
Device security addresses controls implemented to secure devices found in an organization Computers, networking devices, portable devices,
cameras, iPods, and thumb drives
NETE4630 Advanced Network Security and Implementation 38
Device Security: Identification and Authentication
Identification: the process of identifying yourself Authentication: the process of proving your identity Three categories of authentication
Something You Know Something You Have Something You Are
NETE4630 Advanced Network Security and Implementation 39
Device Security: Sth You Know
Passwords are most commonly used authentication schemes
Gartner study in 2000 found that: 90% of respondents use dictionary words or names 47% use their name, spouse’s name, or a pet’s name 9% used cryptographically strong passwords
NETE4630 Advanced Network Security and Implementation 40
Device Security: Sth You Know (cont.)
A good password policy: Passwords should not use personal information Passwords should be 8 or more characters Passwords should be changed regularly Passwords should never be comprised of common words or
names Passwords should be complex, use upper- and lower-case
letters, and miscellaneous characters (e.g. !, @, #, $, %, ^, &) Limit logon attempts to three successive attempts
NETE4630 Advanced Network Security and Implementation 41
Device Security: Sth You Have
Tokens, smart cards, and magnetic cards Two basic groups of tokens:
Synchronous token: synchronized to authentication server Asynchronous challenge-response token
NETE4630 Advanced Network Security and Implementation 42
Device Security: Sth You Are
Basic operations:1. User enrolls in the system2. User requests to be authenticated3. A decision is reached: allowed or denied
Accuracy of biometrics Type 1 Error (False Rejection Rate: FRR) Type 2 Error (False Acceptance Rate: FAR)
The point at which FRR and FAR meet is known as Crossover Error Rate (CER)
The Lower CER, the more accurate the system
NETE4630 Advanced Network Security and Implementation 43
Crossover Error Rate (CER)
NETE4630 Advanced Network Security and Implementation 44
Biometric
Finger Scan Hand Geometry Palm Scan Retina Pattern Iris Recognition Voice Recognition Keyboard Dynamics
NETE4630 Advanced Network Security and Implementation 45
Computer Controls
Session controls System timeouts Screensaver lockouts
Warning banners
NETE4630 Advanced Network Security and Implementation 46
Device Security: Mobile Devices and Media
Samsung Corporation banned employees from using Samsung’s cell phones with 8GB of storage
Sensitive media must be controlled, handled, and destroyed in an approved manner Papers can be shredded: strip-cut and cross-cut shredders CD can be destroyed Magnetic media can be degaussed Harddrive can be wiped
NETE4630 Advanced Network Security and Implementation 47
Information Classification Systems
Government Information Classification System Focuses on secrecy
Commercial Information Classification System Focuses on Integrity
NETE4630 Advanced Network Security and Implementation 48
Information Classification Systems (cont.)
NETE4630 Advanced Network Security and Implementation 49
Information Classification Systems (cont.)
NETE4630 Advanced Network Security and Implementation 50
Communications Security
Communications Security examines electronic devices and electromagnetic radiation (EMR) they produce
Original controls for these vulnerabilities were named TEMPEST, now changed to Emissions Security (Emsec)
Newer technologies that have replaced shielding are white noise and control zones
PBX must be secure Fax can be intercepted
Fax ribbons can be virtual carbon copy of original document Solved by using fax server and fax encryption
NETE4630 Advanced Network Security and Implementation 51
Comm Security: Bluetooth
To keep bluetooth secure, make sure bluetooth-enable devices are set to non-discoverable mode.
Use secure application to limit amount of cleartext transmission It no bluetooth functionality is needed, turn if off
It can be configured to access shared directories without authentication, which open it up for viruses, trojans, and information theft
In 2005, AirDefense released BlueWatch, the first commercial security tool designed to monitor bluetooth devices and identify insecure devices www.airdefense.net/products/bluewatch/index.php
NETE4630 Advanced Network Security and Implementation 52
BlueWatch
AirDefense BlueWatch can provide information such as: Identify different types of Bluetooth devices, including laptops,
PDAs, keyboards and cell phones Provide key attributes, including device class, manufacturer and
signal strength Illustrate communication or connectivity among various
devices Identify services available on each device, including network
access, fax and audio gateway
NETE4630 Advanced Network Security and Implementation 53
802.11 Wireless Protocols Retire WEP devices Change default SSID MAC filtering Turn off DHCP Limit access of wireless users Use port authentication (802.1x) Perform periodic site surveys and scan for rogue devices e.g. using
Kismet Update policies to stipulate requirements for wireless users Use encryption Implement a second layer of authentication e.g. RADIUS
NETE4630 Advanced Network Security and Implementation 54
Roadmap
Defending the Physical Layer Attacking the Physical Layer
NETE4630 Advanced Network Security and Implementation 55
Attacking Physical Layer
Several techniques to attack physical security: Stealing data Lock picking Wiretapping Hardware modification
NETE4630 Advanced Network Security and Implementation 56
Stealing Data
Abe Usher wrote a program called “pod slurp” to steal data from PC
Purpose of Slurp To create a proof-of-concept application that searches for office
documents that can be copied from a Windows computer to an iPod (or other removable storage device).
The point of this exercise is to demonstrate (quantitatively) how quickly data theft can occur with removable storage devices.
Method: Searches for the "C:Documents and Settings" directory on a
Windows computer. It then recurses through all of the subdirectories, discovering all of the documents (*.doc, *.xls, *.htm, *.url, *.pdf, etc.) on the computer that it is running from.
NETE4630 Advanced Network Security and Implementation 57
How to Use Slurp Step 0:
Stop the iPod Service in Windows (if iPod software is installed and running). Step 1:
Unzip slurp.zip Step 2:
Copy the entire "slurp-audit" directory to your removable storage device (iPod, external hard drive, etc.)
Step 3 Run the application file "slurp-audit.exe" and watch it find all of the business
files. After it is complete, check the report.html file to find out what files could have been copied to an iPod or USB thumbdrive.
For more information, check: http://www.sharp-ideas.net
NETE4630 Advanced Network Security and Implementation 58
Slurp
NETE4630 Advanced Network Security and Implementation 59
Slurp Report
NETE4630 Advanced Network Security and Implementation 60
Lock Picks
Basic components used to pick locks: Tension Wrenches: small, angled flathead screwdrivers that
come in various thicknesses and sizes Picks: small, angled, and pointed, similar to a dentist pick
NETE4630 Advanced Network Security and Implementation 61
Scrubbing
NETE4630 Advanced Network Security and Implementation 62
Lock Shim
NETE4630 Advanced Network Security and Implementation 63
Lock Shim (cont.)
NETE4630 Advanced Network Security and Implementation 64
Lock Shim (cont.)
NETE4630 Advanced Network Security and Implementation 65
Scanning and Sniffing
Phreakers are interested in making free long-distance calls Free loaders intercept free HBO. Prevented by implementing
videocipher encryption Cordless phone were attacked by tuning the same frequencies other
people to listen to active conversation Solved by switching to spread spectrum technologies
1st Gen mobile phones have been hacked by Tumbling Modify Electronic Serial Number (ESN) and mobile identification number
(MIN) after each call Also vulnerable to cloning attack
Intercept ESN and MIN from listening to active calls
NETE4630 Advanced Network Security and Implementation 66
Scanning and Sniffing (cont.)
Attacks on 2nd Gen Mobile phones: International Mobile Subscriber Identity (IMSI) catcher
Tell mobile phone that it is a base station Cellphone jammer
Transmit signals with same freq as cell phones; preventing all communication within given area
Cellphone detector Detect when a cell phone is powered on
NETE4630 Advanced Network Security and Implementation 67
Scanning and Sniffing (cont.)
Bluejacking allows an individual to send unsolicited messages over BT to other BT devices
Bluesnarfing is the theft of data, calendar information and phonebook entries
NETE4630 Advanced Network Security and Implementation 68
Tools to Attack Bluetooth
RedFang: small proof-of-concept application used to find non-discoverable devices
Bluesniff: a proof-of-concept tool for BT wardriving Btscanner: a BT scanning with the ability to do inquiry and brute
force scans, identify BT devices in range BlueBug: exploits a BT security hole on some BT-enabled phones.
Allows unauthorized downloading of phonebooks and call lists, sending and reading SMSs
Find those tools at http://www.remote-exploit.org/backtrack_download.html
NETE4630 Advanced Network Security and Implementation 69
Attacking WLANs
Eavesdropping Open Authentication Rogue Access Point DoS
NETE4630 Advanced Network Security and Implementation 70
Hardware Hacking
Hardware hacking is about using physical access to bypass control or modify the device in some manner Sometimes it is called “moding”
Bypass BIOS password Router password recovery
Prevented by issuing no service password-recovery command
Bypass Windows authentication
NETE4630 Advanced Network Security and Implementation 71
Example: Modifying Bluetooth Hardware
Objective: To extend BT range
NETE4630 Advanced Network Security and Implementation 72
Example: Modifying Bluetooth Hardware
1
2
NETE4630 Advanced Network Security and Implementation 73
Example: Modifying Bluetooth Hardware
3
4
NETE4630 Advanced Network Security and Implementation 74
Example: Modifying Bluetooth Hardware
5
6
NETE4630 Advanced Network Security and Implementation 75
To Read
Hack-The-Stack: Page 70-84
NETE4630 Advanced Network Security and Implementation 76
Question?
Next weekData Link Layer Security