Security in Network

What is Computer Network

• Definition:
  
  • A computing network is a computing environment with more than one independent processors

• May be multiple users per system
• Distance between computing systems is not considered (a communications media problem)
• Size of computing systems is not relevant

Network Resources

• Computers
• Operating system
• Programs
• Processes
• People

Network Architecture

What network can do?

• Logical interface function
  
  • Sending messages
  • Receiving messages
  • Executing program
  • Obtaining status information
  • Obtaining status information on other network users and their status

Network Basic Terminology

• Node
  
  • Single computing system in a network.
• Host
  
  • A single computing system's processor.
• Link
  
  • A connection between two hosts.
• Topology
  
  • The pattern of links in a network.

Types of Network
Network Topologies

• Bus Topology
  
  • To provide a single communication network on which any node can place information and from which any code can retrieve information
  • Attachments to the bus do not impact the other nodes on the bus

• 

• Star Topology
  
  • Has a central switch
  • All nodes wishing to communicate do so through the central host
  • The central host receives all messages, identifies the addresses, selects the link appropriate for that addresses and forwards the messages

• Ring Topology
  
  • To connect a sequence of nodes in a loop or ring
  • Can be implemented with minimum cabling
  • Containing a token can control a “synchronous” loop

• Mesh Topology
  
  • Each node can conceptually be connected directly to each other node
  • Has integrity and routing advantages
  • Not easily subject to destructive failures
  • Routing logic can be used to select the most efficient route through multiple nodes

Open Systems Interconnection (OSI)

• Describes computer network communications.
• Developed by the International Standards Organization (ISO).
• Consists of Seven Layers.
• Model describes peer-to-peer correspondence, relationship between corresponding layers of sender and receiver.
• Each layer represents a different activity performed in the actual transmission of a message.
• Each layer serves a separate function.
• Equivalent layers perform similar functions for sender and receiver.

OSI Layer Characters
Network As System
Single System:

• Single set of security policies associated with each computing system.
• Each system concerned with:
  
  • integrity of data
  • secrecy of data
  • availability of service
• Operating system enforces its owns security policies.

Advantages of Computing Network

• Resource sharing
  
  • Reduces maintenance and storage costs
• Increased reliability (i.e. availability of service)
  
  • If one system fails users can shift to another.
• Distributing the workload
  
  • Workload can be shifted from a heavily loaded system to an underutilized one.
• Expandability
  
  • System is easily expanded by adding new nodes

People that causes Network Problem

• Hacker
• Spy
• Student
• Businessman
• Ex-employee
• Stockbroker
• Terrorist
• etc

Network Security Problem Area

• Authentication
  Deals with determining whom you are talking to before entering into a business deal or before revealing sensitive information
• Secrecy
  What usually comes to mind when people think about network security
• Non-repudiation
  Deals with signature
• Integrity control
  Keeping information is not modified, add or delete by unauthorized user

Network Security Issues

• Sharing
  
  • Access controls for a single system may be inadequate.
• Complexity
  
  • A network may combine two or more systems with dissimilar operating systems with different mechanisms for interhost connection. Complexity of this nature makes the certification process extremely difficult.
• Unknown perimeter
  
  • One host may be a node on two or more different networks
• Many points of attack
  
  • Access controls on one machine preserves the secrecy of data on that processor. However, files stored in a remote network host may pass through many host machines to get to the user.
• Unknown path
  
  • May be many paths from one host to another and users generally do not have control of how their messages are routed.
• Label formats differences
  
  • A problem which may occur in multilevel systems is that the access labels may have different formats since there is no standard.
• Anonymity
  
  • Attack can passed through many other hosts in an effort to disguise from where the attack originated
  • Attack remotely without contact the system administrator or user

Threats Exposures
Security Exposures:

• Privacy
  
  • With many unknown users on a network, concealing sensitive data becomes more difficult.
• Data Integrity
  
  • Because more nodes and more users have potential access to a computing system, the risk of data corruption is higher.
• Authenticity
  
  • It is difficult to assure the identity of a user on a remote system.
• Covert channels
  
  • Networks offer more possibilities for construction of covert channels for data flow.

Impersonating:

• Involved the use of physical keys and biometrics checks
• Cracker can configures a system to masquerade as another system, thus gaining unauthorized access to resources or information on system that ‘trust’ the system being mimicked

Eavesdropping:

• Allows a cracker to make a complete transcript of network activity
• Cracker can obtain sensitive information such as passwords, data and procedures for performing functions.
• Cracker can eavesdrops:
  
  • Using wiretapping
  • By radio
  • Via auxiliary ports on terminals
  • Using software that monitors packets sent over the network.

Packet Replay:

• Refers to recording and retransmission of message packets in the network
• Intruder could replay legitimate authentication sequence messages to gain access to a system
• Frequently undetectable

Packet modification:

• Significant with integrity threat
• Involves a system intercepting and modifying a packet destined for another system

NETWORKS SECURITY CONTROL

• Encryption
• Strong Authentication
• IPSec,VPN,SSH
• Kerberos
• Firewall
• Intrusion Detection System (IDS)
• Intrusion Prevention System (IPS)
• Honeypot

Encryption

• Link to Link VS End to End
• Link to Link
  
  • Covers layer 1 and 2 of the OSI model
  • Decryption occurs just as the communication arrives at and enters the receiving computer.
  • If we have good physical security, we may not be too concerned about this exposure.
• End to End
  
  • Provides security from one end of a transmission to the other layer 6 or 7
  • The encryption can be done by:
    
    • A hardware device between the user and the host.
    • A software running on the host computer.
  • Protect data on every layer

IPSec,SSH,SSL(application level sec.)

• IPSec
  
  • Optional in IPv4
  • Defines a standard means for handling encrypted data.
  • Implemented at IP layer, so affects all layer above it, in particular TCP and UDP.
  • Provide authentication (AH) and encryption (ESP)
• SSH
  
  • Secure remote login (encrypt data send over the network)
• Secure socket layer, encrypt data over the transport layer.
  
  • SSL interfaces between applications (such as browsers) and the TCP/IP protocols to provide server authentication, optional client authentication, and an encrypted communications channel between client and server.

Kerberos

• Supports authentication in distributed systems.
• Kerberos is based on the idea that a central server provides authentication tokens, called tickets, to requesting applications.
  
  • A ticket is an unforgeable, nonreplayable, authenticated object.
  • It is an encrypted data structure naming a user and a service that is allowed to obtain.
  • Also contain a time value and some control information.

Firewall

• What is a firewall?
• A Firewall is a network security device designed to restrict access to resources (information or services) according to a security policy.
• Firewalls are not a “magic solution” to network security problems, nor are they a complete solution for remote attacks or unauthorised access to data
• A Firewall is a network security device
• It serves to connect two parts of a network and control the traffic (data) which is allowed to flow between them
• Often installed between an entire organisation's network and the Internet
• Can also protect smaller departments
• A Firewall is always the single path of communication between protected and unprotected networks
• A Firewall can only filter traffic which passes through it
• If traffic can get to a network by other means, the Firewall cannot block it

• Intrusion Prevention Systemnetwork security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities
• Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks
• When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass
• Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology
• In addition, most IPS solutions have the ability to look at (decode) layer 7 protocols like HTTP, FTP, and SMTP which provides greater awareness

Honeypot

• Decoy systems that are designed to lure a potential attacker away from critical systems
• Design to
  
  • Divert attacker from critical system
  • Collect information on attacker’s activity
  • Encourage attacker to stay long enough for admin. to notice
• Contain fabricated info. not for normal user to used
• Simulated traffic that emulate real network

Hacking and Prevention

• motivated by thrill of access and status
  
  • hacking community a strong meritocracy
  • status is determined by level of competence
• benign intruders might be tolerable
  
  • do consume resources and may slow performance
  • can’t know in advance whether benign or malign
• IDS / IPS / VPNs can help counter
• awareness led to establishment of CERTs
  
  • collect / disseminate vulnerability info / responses

Hacker Behaviour

• select target using IP lookup tools
• map network for accessible services
• identify potentially vulnerable services
• brute force (guess) passwords
• install remote administration tool
• wait for admin to log on and capture password
• use password to access remainder of network