Lecture1 General Concepts 2012 Autumn
Transcript of Lecture1 General Concepts 2012 Autumn
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
1/44
31252-32548
Network Security
Welcome to Autumn 2012!
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
2/44
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
3/44
Other admin
Textbook
http://williamstallings.com/NetSec/NetSec4e.html
William Stalling, Network Security Essential, 4th Edition
http://williamstallings.com/NetSec/NetSec4e.htmlhttp://williamstallings.com/NetSec/NetSec4e.html -
8/2/2019 Lecture1 General Concepts 2012 Autumn
4/44
Why network security?
Important topic as the size of the network expands
979 jobs contains the word network security in SEEK.com on
01/08/10
1,402 jobs contains the word "network security" SEEK.com @02/03/11
1,435 jobs contains the word "network security" SEEK.com @
31/07/11
1,303 jobs contains the word "network security" SEEK.com @17/02/12
Prerequisite to many other subjects
Past student feedback
A research path in Intrusion Detection System
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
5/44
A Definition
Network Security consists of measures
to prevent, detect, and correct security violations
that involve the transmission of information.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
6/44
Pictorial representation
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
7/44
Course content
1. Security goals
2. Encryption Mathematics and Encryption Techniques
3. Symmetric Encryption and Message Confidentiality
4. Public Key Cryptography and Message Authentication
5. Authentication Applications - Kerberos and X.5096. Firewall
7. Electronic Mail Security
8. Web Security (SSL, TLS)
9. VPNs and IP Security
10.Wireless LAN Security
11.Network Management Security
12.Intruders and Viruses
13.Intrusion Detection System
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
8/44
Open Systems Interconnection (OSI) model
Will visit
again in the
last lecture
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
9/44
An alternative taxonomy
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
10/44
Todays Lecture Introduction
Security Goals (very important!)
Security Policies
Organisations and individuals involved inNetwork Security development.
Attacks, threats, vulnerabilities and
weaknesses.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
11/44
Abstract Goals of Network Security
Major Goals
Confidentiality
Integrity
Availability
Other Goals
Entity Authentication
Message Origin Authentication
Timeliness
Non-Repudiation
Authorisation
Access Control
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
12/44
Goals of Network Security
(1) Confidentiality
A and B do not want their messages read by other people.
This is the network security goal ofconfidentiality.
The general technique used to ensure confidentiality isencryption of messages.
An example of a breach of confidentiality : Someone reads
the plaintext packets being exchanged between A and Bby running a program such as Wireshark.
If the packets are securely encrypted even though they are
captured they cannot be read.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
13/44
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
14/44
Goals of Network Security
(3) AvailabilityAvailability refers to the ability for a service to be available.
A wants to be able to connect to B (ignoring considerationsof entity authentication etc.). A situation where B is
deliberately sent a large number of false requests or other
unnecessary traffic, making it difficult for a
legitimate request for a connection is a Denial of Service(DOS) attack. When a lot computers are involved in
sending the unnecessary traffic to B, it is a Distributed
Denial of Service (DDOS).
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
15/44
Goals of Network Security
(4) Entity Authentication
A wants to be sure that the entity saying it is B really is B
and not an imposter. Similarly, B wants to be sure that the
entity that says its A really is A.
The general techniques used to ensure entityauthentication are passwords, authentication protocols,
key exchange protocols and third party certificates.
Entity Authentication is also relevant in the context ofusers identifying themselves to use resources on a network
or to log on to a particular host. Entity authentication is
also called identification.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
16/44
Goals of Network Security
(5) Message Origin Authentication
A wants to be sure that the messages supposedly coming
to it from B, really are coming from B. Similarly B wants to
be sure that messages supposedly coming from A really are
coming from A. This is Message Origin Authentication. It is
sometimes called Data Origin Authentication.
Techniques used to verify the origin of a message includeMessage Authentication Codes (MACs), digital signatures
and appending an authenticator to a message before
encryption.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
17/44
Goals of Network Security
(6) TimelinessIf A and B conduct a completely secure conversation
over a network, it is conceivable that a third party may
copy the conversation and use it to masquerade as eitherA or B in a future conversation. This is known as a replay
attack.
Timeliness means that a secure conversation cannot beused as a basis for a replay attack. Some of the techniques
used to prevent a replay attack include timestamps,
nonces and random numbers.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
18/44
Goals of Network Security
(7) Non-repudiation (origin)(8) Non-repudiation (destination)
A may want to be sure that B cannot deny having sent a
particular message to A. This feature is Non-repudiation
(origin).
A wants to be sure that B really received a particular
message that A sent. This feature is Non-repudiation(destination).
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
19/44
Goals of Network Security
(9) Authorisation
Authorization is official permission to carry out certain
actions. For example, a particular computer on a networkhas resources that are available to a particular set of users.
Not all users of the network are authorised users of the
particular computer.
Authorisation allows users to do certain things.
Passwords are an authorisation technique. Upon entering
their username and password, authorised users are given
access to some resources on the computer. The concept is
related to but different from access control.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
20/44
Goals of Network Security
(10) Access Control
Access control refers to the ability to restrict access to
resources to certain users. The concept is closely relatedto authorisation but different. Access control restricts users
from doing certain things.
A good example of access control is the rights granted to
users of database systems different users are restricted inwhat tables they can read and what tables they can write to.
Only the database administrator has full rights over all
tables. The restriction of the privileges of normal database
users is an example of access control.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
21/44
Summary of Terms
The terms we have looked at as Security Goalsare widely used in Network Security literature.
The differences between some of them are
often quite subtle. You should understand each of them clearly.
They can often apply in non-computing
scenarios. Particular scenarios often involve the
interaction of a number of security goals.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
22/44
A non-computing scenario involving
security goals
A group of students doing an exam are only
allowed into the exam room after producing their
student card and being matched with the photo
(entity authentication, authorisation and accesscontrol). During the exam they are watched to
make sure there is no communication between
students (integrity of answers). Students sign the
front page of each answer book (non-repudiation
of origin). After the exam, the question papers as
well as the answers are kept by the examiners
(confidentiality ).
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
23/44
Lecture Topics
Security Goals
Security Policies
Organisations and individuals involved inNetwork Security development.
Attacks, threats, vulnerabilities and
weaknesses.
Security Architectures
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
24/44
The economic realities of Network
Security
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
25/44
Security Policy
In order to maximise the likelihood that security goals will bemet, organisations need to have a security policy.
Security Policy : A set of principles that guides decision making
processes and enables leaders in an organisation to distributeauthority confidently.
Extent and detail varies with:
business type, its size, number of users, threats to the
organisation and vulnerabilities.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
26/44
Security Policy Goals
1. Informs users, staff and management of dutiesand obligations.
2. Provides a mechanism for attaining security
goals.3. Provides a baseline to audit systems for
compliance to the policy.
4. My experience
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
27/44
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
28/44
Some of the parties involved in
Network SecurityStandards Bodies
IETF
ITU-T
Governments and their agencies
US government and others
Academics, Researchers, Civil Libertarians
Network researchers, mathematicians, cryptographers, ethicalhackers
Businesses and other organisations
Organisations specialising in network security services.
Businesses with a significant interest in network security
Malfeasors
Hackers, crackers, script kiddies
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
29/44
Parties involved in Network Security
Standards Organisations
IETF : Internet Engineering Task Force
This organisation is responsible for the protocolsthat run the internet (including those concernedwith security) e.g. ssh, IPSec, SSL/TLS and SNMP.
ITU-T : International Telecommunication UnionTelecommunication Sector
A UN specialised agency. Releases somestandards relevant to network security. Inparticular the X.509 PKI (Public KeyInfrastructure) standard and the X.800 SecurityArchitecture Standard.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
30/44
Parties involved in Network Security
Governments and their agencies
Protection of their own systems (websites,
data, etc.). Providing legal framework for enforcement of
laws concerned with network security.
Espionage and cyber-warfare. Some governments also provide encryption
and hash standards e.g. DES and AES.
Governments have a huge interest in allaspects of network security.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
31/44
Parties involved in Network Security
Academics, Researchers and Civil Libertarians
Academics (not just inside universities but in government,business and private organisations)
Academics have been active in researching all aspectsof network security. In particular, the have done most
of the mathematical work involved in the developmentof cryptographic techniques.
Researchers and Civil Libertarians
Some individual researchers (Bruce Schneier, PhillipZimmerman) and Organisations (Electronic FrontiersFoundation) have made significant contributions toNetwork Security.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
32/44
Parties involved in Network Security
Businesses and other organisations
Businesses providing Security Services
Many businesses provide security services of onesort or another and some are also active inresearch. Two well known examples are RSA
Security and Counterpane.Non profit Security Organisations
These provide free advice on computer securityand in some cases training and formalcertifications. Example organisations are CERT(Computer Emergency Response Team) and I2SC(Internet Information Security Council)
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
33/44
Parties involved in Network Security
Malfeasors
Script Kiddies : usually young. Use scripts downloaded from internet. Main
motive is curiosity. Crackers/Hackers : More knowledgeable than script kiddies. Main motive
is status with fellow crackers.
Career Criminals : May have some knowledge, but often use services ofcrackers. Main motive is making money through illegal computer relatedactivities.
Terrorists : Various terrorist groups may use cyber attacks as an adjunct tomore conventional terrorist activities. Main motive is disruption ofcomputer activities of those they are opposed to.
Governments: Governments sponsor hacking (Cyber warfare). This is morecommon than is generally thought. Naturally, all governments will deny orminimise their own activities in this area. Main motive is political e.g.attacking network resources of states or organisations they dislike.
This term refers to individuals who breach one or more of the securitygoals outlined in the first part of the lecture. It includes a wide range of
individuals, goals and motives. There is not always a clear delineation
between the different groups.
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
34/44
Attacks (threats) and Vulnerabilities
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
35/44
35
Type of Security Attacks
Security Attack: Any action that compromises the security of information.
Lets see four common type of attacks:
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
36/44
Security Attack (1): Interruption
Interruption: resources not made available
- This is an attack on
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
37/44
Security Attack (1): Interruption
Interruption: resources not made available
- This is an attack onAvailability
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
38/44
Security Attack (2): Interception
Interception: data is read by unauthorized people
- This is an attack on
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
39/44
Security Attack (2): Interception
Interception: data is read by unauthorized people
- This is an attack onconfidentiality
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
40/44
Security Attack (3): Modification
Modification: existing data is changed by
unauthorized people - This is an attack on
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
41/44
Security Attack (3): Modification
Modification: existing data is changed by
unauthorized people - This is an attack onintegrity
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
42/44
Security Attack (4): Fabrication
Fabrication: false data is created - This is an
attack on
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
43/44
Security Attack (4): Fabrication
Fabrication: false data is created - This is an
attack onmessage origin authentication
-
8/2/2019 Lecture1 General Concepts 2012 Autumn
44/44
Vulnerabilities
1. Technological Vulnerabilities : Weaknesses in
networking protocols, operating systems, softwareand network equipment.
2. Configuration Weaknesses : Weaknesses that comeabout because of human error in the configuration of
hardware and software3. Policy Weaknesses : These are shortcomings in thesecurity policy (or even a total lack of a securitypolicy) that lead to inconsistencies and weaknesses innetworks, computers and security systems.
Vulnerabilities are weaknesses in computers andnetworks that can potentially be attacked.
Vulnerabilities can be classified as :