Jom Belajar Keselamatan Rangkaian

1Rangkaian!,Kebolehcapaian didahulukan,Keselamatan diutamakan!!

Thursday, October 29, 2009

Security in Network

What is Computer Network
  • Definition:
    • A computing network is a computing environment with more than one independent processors
  • May be multiple users per system
  • Distance between computing systems is not considered (a communications media problem)
  • Size of computing systems is not relevant
Network Resources
  • Computers
  • Operating system
  • Programs
  • Processes
  • People
Network Architecture

What network can do?
  • Logical interface function
    • Sending messages
    • Receiving messages
    • Executing program
    • Obtaining status information
    • Obtaining status information on other network users and their status
Network Basic Terminology
  • Node
    • Single computing system in a network.
  • Host
    • A single computing system's processor.
  • Link
    • A connection between two hosts.
  • Topology
    • The pattern of links in a network.
Types of Network
Network Topologies
  • Bus Topology
    • To provide a single communication network on which any node can place information and from which any code can retrieve information
    • Attachments to the bus do not impact the other nodes on the bus

  • Star Topology
    • Has a central switch
    • All nodes wishing to communicate do so through the central host
    • The central host receives all messages, identifies the addresses, selects the link appropriate for that addresses and forwards the messages

  • Ring Topology
    • To connect a sequence of nodes in a loop or ring
    • Can be implemented with minimum cabling
    • Containing a token can control a “synchronous” loop

  • Mesh Topology
    • Each node can conceptually be connected directly to each other node
    • Has integrity and routing advantages
    • Not easily subject to destructive failures
    • Routing logic can be used to select the most efficient route through multiple nodes

Open Systems Interconnection (OSI)

  • Describes computer network communications.
  • Developed by the International Standards Organization (ISO).
  • Consists of Seven Layers.
  • Model describes peer-to-peer correspondence, relationship between corresponding layers of sender and receiver.
  • Each layer represents a different activity performed in the actual transmission of a message.
  • Each layer serves a separate function.
  • Equivalent layers perform similar functions for sender and receiver.
OSI Layer Characters
Network As System
Single System:
  • Single set of security policies associated with each computing system.
  • Each system concerned with:
    • integrity of data
    • secrecy of data
    • availability of service
  • Operating system enforces its owns security policies.
Advantages of Computing Network
  • Resource sharing
    • Reduces maintenance and storage costs
  • Increased reliability (i.e. availability of service)
    • If one system fails users can shift to another.
  • Distributing the workload
    • Workload can be shifted from a heavily loaded system to an underutilized one.
  • Expandability
    • System is easily expanded by adding new nodes
People that causes Network Problem
  • Hacker
  • Spy
  • Student
  • Businessman
  • Ex-employee
  • Stockbroker
  • Terrorist
  • etc
Network Security Problem Area
  • Authentication
    Deals with determining whom you are talking to before entering into a business deal or before revealing sensitive information
  • Secrecy
    What usually comes to mind when people think about network security
  • Non-repudiation
    Deals with signature
  • Integrity control
    Keeping information is not modified, add or delete by unauthorized user
Network Security Issues
  • Sharing
    • Access controls for a single system may be inadequate.
  • Complexity
    • A network may combine two or more systems with dissimilar operating systems with different mechanisms for interhost connection. Complexity of this nature makes the certification process extremely difficult.
  • Unknown perimeter
    • One host may be a node on two or more different networks
  • Many points of attack
    • Access controls on one machine preserves the secrecy of data on that processor. However, files stored in a remote network host may pass through many host machines to get to the user.
  • Unknown path
    • May be many paths from one host to another and users generally do not have control of how their messages are routed.
  • Label formats differences
    • A problem which may occur in multilevel systems is that the access labels may have different formats since there is no standard.
  • Anonymity
    • Attack can passed through many other hosts in an effort to disguise from where the attack originated
    • Attack remotely without contact the system administrator or user
Threats Exposures
Security Exposures:
  • Privacy
    • With many unknown users on a network, concealing sensitive data becomes more difficult.
  • Data Integrity
    • Because more nodes and more users have potential access to a computing system, the risk of data corruption is higher.
  • Authenticity
    • It is difficult to assure the identity of a user on a remote system.
  • Covert channels
    • Networks offer more possibilities for construction of covert channels for data flow.
  • Involved the use of physical keys and biometrics checks
  • Cracker can configures a system to masquerade as another system, thus gaining unauthorized access to resources or information on system that ‘trust’ the system being mimicked
  • Allows a cracker to make a complete transcript of network activity
  • Cracker can obtain sensitive information such as passwords, data and procedures for performing functions.
  • Cracker can eavesdrops:
    • Using wiretapping
    • By radio
    • Via auxiliary ports on terminals
    • Using software that monitors packets sent over the network.
Packet Replay:
  • Refers to recording and retransmission of message packets in the network
  • Intruder could replay legitimate authentication sequence messages to gain access to a system
  • Frequently undetectable
Packet modification:
  • Significant with integrity threat
  • Involves a system intercepting and modifying a packet destined for another system
  • Encryption
  • Strong Authentication
  • Kerberos
  • Firewall
  • Intrusion Detection System (IDS)
  • Intrusion Prevention System (IPS)
  • Honeypot
  • Link to Link VS End to End
  • Link to Link
    • Covers layer 1 and 2 of the OSI model
    • Decryption occurs just as the communication arrives at and enters the receiving computer.
    • If we have good physical security, we may not be too concerned about this exposure.
  • End to End
    • Provides security from one end of a transmission to the other layer 6 or 7
    • The encryption can be done by:
      • A hardware device between the user and the host.
      • A software running on the host computer.
    • Protect data on every layer
IPSec,SSH,SSL(application level sec.)
  • IPSec
    • Optional in IPv4
    • Defines a standard means for handling encrypted data.
    • Implemented at IP layer, so affects all layer above it, in particular TCP and UDP.
    • Provide authentication (AH) and encryption (ESP)
  • SSH
    • Secure remote login (encrypt data send over the network)
  • Secure socket layer, encrypt data over the transport layer.
    • SSL interfaces between applications (such as browsers) and the TCP/IP protocols to provide server authentication, optional client authentication, and an encrypted communications channel between client and server.
  • Supports authentication in distributed systems.
  • Kerberos is based on the idea that a central server provides authentication tokens, called tickets, to requesting applications.
    • A ticket is an unforgeable, nonreplayable, authenticated object.
    • It is an encrypted data structure naming a user and a service that is allowed to obtain.
    • Also contain a time value and some control information.
  • What is a firewall?
  • A Firewall is a network security device designed to restrict access to resources (information or services) according to a security policy.
  • Firewalls are not a “magic solution” to network security problems, nor are they a complete solution for remote attacks or unauthorised access to data
  • A Firewall is a network security device
  • It serves to connect two parts of a network and control the traffic (data) which is allowed to flow between them
  • Often installed between an entire organisation's network and the Internet
  • Can also protect smaller departments
  • A Firewall is always the single path of communication between protected and unprotected networks
  • A Firewall can only filter traffic which passes through it
  • If traffic can get to a network by other means, the Firewall cannot block it
  • Intrusion Prevention Systemnetwork security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities
  • Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks
  • When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass
  • Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology
  • In addition, most IPS solutions have the ability to look at (decode) layer 7 protocols like HTTP, FTP, and SMTP which provides greater awareness
  • Decoy systems that are designed to lure a potential attacker away from critical systems
  • Design to
    • Divert attacker from critical system
    • Collect information on attacker’s activity
    • Encourage attacker to stay long enough for admin. to notice
  • Contain fabricated info. not for normal user to used
  • Simulated traffic that emulate real network
Hacking and Prevention
  • motivated by thrill of access and status
    • hacking community a strong meritocracy
    • status is determined by level of competence
  • benign intruders might be tolerable
    • do consume resources and may slow performance
    • can’t know in advance whether benign or malign
  • IDS / IPS / VPNs can help counter
  • awareness led to establishment of CERTs
    • collect / disseminate vulnerability info / responses
Hacker Behaviour
  • select target using IP lookup tools
  • map network for accessible services
  • identify potentially vulnerable services
  • brute force (guess) passwords
  • install remote administration tool
  • wait for admin to log on and capture password
  • use password to access remainder of network


Post a Comment

Subscribe to Post Comments [Atom]

<< Home