Network Security

From Computing Study
Jump to: navigation, search

Introduction to Network Security

What is Security?

Security is the prevention of certain types of intentional actions from occuring. These potential actions are threats. The degree of threat depends on the attacker's skills, knowledge, resources, motives etc. Being 'at risk' is being exposed to threats. Risks are subjective - the potential to incur consequences of harm/loss of target assets. Objects of attacks are assets. Vulnerabilities are system flaws that allow a threat to become effective. Flaws can be in design, implementation and operation. Threats that are carries out are attacks.

What are the main goals of security?

Prevention

  • Prevent attackers from violating security policy

Detection

  • Detect attacker's violation of security policy

Response/Recovery

  • Stop attack, assess and repair damage

Survivability

  • Continue to function correctly even if the attack succeeds

Security Attacks At Different Layers

Link layer protocol vulnerabilities

  • ARP (Address Resolution Protocol)
    • Replace good entries with your own
      • Session hijacking
      • Man In The Middle attack
    • Solution: Smart bridges and routers that keep track of MACs

Network Layer Vulnerabilities

  • IP Protocol
    • IP spoofing
    • No source IP authentication

Transport Layer protocol's vulnerability

  • TCP SYN flood attack

Application Layer protocol's vulnerability

  • DNS
    • DNS cache poisoning
    • DNS rebinding attack
  • Denial of Service attack
    • Amplification
    • DoS attack can happen at any layer

IEEE 802.11 DoS bugs

  • Radio jamming
  • Protocol DoS bugs

TLS/SSL

TLS and SSL are secure end-to-end communications for any application running over TCP.

SSL (Secure Sockets Layer) is the older of the two.

TLS (Transport Layer Security) is newer and the current internet standard version.

What are the attacks that it can prevent and how?

Confidentiality

  • Eavesdropping
  • Threat of information from the web server or client

Data Integrity

  • Modification of user's data
  • Trojan horse browser
  • Modification of traffic in transit

Authentication

  • Impersonation of legitimate users
  • Data forgery

The SSL handshake protocol layer creates an association between client and server. It defines a set of cryptographic security parameters which are shared among multiple connections to avoid excessive negotiation of new parameters for each connection. It ensures confidentiality by defining a shared secret key that is used for conventional encryption of SSL payloads. It ensures message integrity by defining a shared secret key that is used to form a Message Authentication Code (MAC).

The role of the SSL record protocol is to use the secret keys defined in the handshake to apply the MAC, encryption, decryption and to verify integrity at the receiver.

The difference between connection and session in SSL is that the connection is when two parties first establish contact. It uses public/private key encryption to establish a session. The session uses symmetric key encryption once the two parties have verifies each other's identity because it is faster. Application data is only transmitted once the session is established.

Confidentiality is ensured in SSL by using symmetric encryption. Message integrity is ensured by using the Message Authentication Code (MAC).

The MAC is used as

Hash(key || message)

the HMAC is used as

Hash(key1 || Hash(key2 || message))

HMAC solves the collision problem with hashing.

Application data can only be transmitted after the handshake phase.

What are the major weaknesses of SSL?

  • The cost of public key cryptography
    • It takes a non-trivial amount of CPU processing, although that is not a big deal with modern processors
    • Symmetric key cryptography on modern hardware is a non-issue
  • The hassle of buying and maintaining certificates, also fairly minor and can be automated
  • Latency - the webpage takes longer to load because of extra round trips
  • TCP level denial of service - SYN flooding
  • Issues of trust - the user has to make correct trust decisions

Other application protocols that can use SSL to ensure secure communications

  • Email
  • Internet faxing
  • Instant messaging
  • VoIP

IP Security and VPN

IP is not secure. The IP protocol was designed in the late 70s to early 80s as part of the DARPA internet project. It was initially a very small network where all hosts were known, as well as all users. Therefore security was not an issue. Networks in general are not and never will be fully secure. IPSec is a protocol which is integrated directly in to the protocol stack. It is defined as an extension to the network layer, and is transparent to the above layers and applications.

What are the vulnerabilities of IP protocol?

  • IP source spoofing
  • Replay packets
  • No data integrity or confidentiality

Why is IP security needed? What are the main goals?

  • To verify the sources of IP packets
    • Authentication of the packet origin, not the user
  • Prevent replaying of old packets
  • Protect the integrity and confidentiality of packets
  • Protection against DoS attacks

What are the main functionality and features?

  • IP security operating modes
    • Transport Mode (for end-to-end)
    • Tunnel Mode (for VPN)
  • Authentication header (AH) sub-protocol
  • Encapsulating Security Payload (ESP) sub-protocol
  • Security Association

What is the main difference between Transport and Tunnel mode?

Transport Mode

  • Has end-to-end encapsulation of data
  • Protection covers the payload of a packet and it is used by IP Sec aware hosts as endpoints
  • Useful when both endpoints (hosts) are configured to use or manage IP Sec
  • IP Sec datagram emitted and received by the end system

Tunnel Mode

  • Encapsulates all of the IP data over a new IP packet
  • Useful when the device applying IP Sec to the packet is not the originating host, e.g. a gateway
  • Protects an entire IP packet, which is treated as a new payload of an 'outer' IP packet
  • Also known as IP over IP

What is the difference between AH and ESP and which is more secure?

AH - Authentication Header

  • Provides source authentication and data integrity via HMAC
  • Confidentiality of data is not preserved
  • Replay protection via AH sequence numbers

ESP - Encapsulating Security Payload

  • Provides source authentication, data integrity and confidentiality
  • Security manipulations are done only on user data
  • TCP packet is fully secured
  • TCP ports are hidden when encrypted
  • Requires more resources than AH

SA - Security Associations

  • A Security Association defines a network layer unidirectional logical connection between the sender and receiver
    • For bi-directional communication, two SAs are needed
  • Each SA defines a set of algorithms, mode (tunnel or transport) and keys to be used to secure the traffic carried on a connection
  • Security services are afforded to a SA database (SADB) on an IP Sec aware host or gateway
  • Each SA is uniquely identified by 3 parameters
    • Security Parameters Index
    • IP destination address
    • Security Protocol Identifier

What is VPN? How can it be established using IP Sec?

  • Virtual Private Network
  • Requires separate routers, links, DNS infrastructure
  • Traffic encrypted before entering the public internet
  • Traffic logically separated from other traffic
  • Enables an organisation to use public networks (internet) to provide a secure connection among the organisation's WAN

Access Control

Authorisation vs Access Control

  • Access Control comes after authentication
  • Once a client and a server have established a secure channel, the client can issue requests to the server
  • Requests can only be carried out if the client has sufficient access rights (or permissions)
  • The verification of access rights is access control, and granting these rights is authorisation

Access Control Matrix

Object 1 Object 2 Object 3
Subject 1 rw r rwx
Subject 2 - rw r-x
Subject 3 r - r-x
Subject 4 r r-x rw

ACLs and capabilities, what is the difference?

Access Control Lists are a way to simplify the access rights management by breaking the access control matrix down by columns, an implementation approach of the access control matrix. Each object is associated with an ACL indicating for each subject in the system the operations it can perform on this object.

Capabilities are the opposite of ACLs, another way to manage an access control matrix by breaking it down by rows. Each subject is associated with a list, called capability list, indicating which operations can be performed by this subject on each object in the system.

Access Control Methods

DAC - Discretionary Access Control

  • Users have discretion over who has access to which objects and when (trusted users)
  • rwx assigned by file owners
  • Their programs can pass their rights
    • Vulnerability - Trojan Horse

MAC - Mandatory Access Control

  • Environment (system) dictates and controls the level of access to an object, even a user created one
  • Access control policy defined by the environment, user has no control over access control (untrusted users)
  • Often employed in government and military facilities

RBAC - Role Based Access Control

  • Policies regulate users' access to the information based on the activities the execute in the system
  • A role is a set of actions and responsibilities associated with a particular working activity
  • Instead of specifying all the accesses each user is allowed to execute, access authorisations on objects are specified for roles
  • Users are given authorisation to adopt roles

Firewalls

A firewall is a combination of hardware and software that isolates an organisation's internal network from the internet, allowing some packets to pass and blocking others. It forms a barrier through which the traffic going in each direction must pass and be inspected. A firewall's security policy dictates which traffic is authorised to pass in each direction. It may be designed to operate as a filter at the level of IP packets, or may operate at a higher protocol layer. A firewall may be a single computer system, or a set of two or more systems that cooperate to perform the firewall function.

Firewall design goals All traffic from outside to inside and vice versa must pass through the firewall. Only authorised traffic as defined by the local security policy will be allowed to pass. The firewall itself is immune to penetration - implying the use of a hardened system with a secured operating system.

What is the difference between a firewall and MAC (Mandatory Access Control)?

  • MAC controls access to principles, subjects, objects and operations
  • Firewall controls network traffic to and from the internet

The main types of firewall

Packet filtering firewall

  • Applies rules based on information in the IP and TCP packets header

Stateful inspection firewall

  • Same as packet but records information about TCP connections which gives a higher level of protection against unauthorised users

Application layer gateway

  • Relay of application level traffic with user authentication

Circuit level gateway

  • Similar to application level gateway but does not examine contents

Application level gateway is the most secure because it has authentication and proxy code for each application. A common scenario would be to use an Application level gateway for inbound connections and circuit level gateway for outbound connections.

On which network devices or hosts can a firewall be deployed?

  • On a stand-alone machine running as OS (e.g. UNIX)
  • Implemented as a software module in a router or LAN switch
  • Deployed on a Bastion Host
    • Identified as a strong critical point in the network's security
    • A platform for an application or circuit level gateway
  • Host based firewalls
    • A software module used to secure an individual host
    • A common location for such firewalls is a server
    • Used in conjunction with stand-alone firewalls
  • Personal firewall
    • Used in the home environment and in corporate intranets
    • Much less complex than either host-based or stand-alone firewalls
    • Its main role is to deny unauthorised remote access to the computer

The different possible configurations of a firewall

Demilitarised Zone

  • A DMZ is a physical or logical subnet that hosts and exposes an organisation's external services (e.g. email, web, DNS) to a larger untrusted network (internet)
  • The purpose of a DMZ is to add an additional layer of security to an organisation's local network
  • External firewall ensures access control and protection to DMZ systems
  • Internal firewall provides more stringent filtering capability and two-way protection with respect to DMZ
  • It protects the internal network from attacks launched from the DMZ systems (worms, bots, malware lodged in a DMZ server)
  • It protects DMZ servers from insider attacks

Distributed Firewalls

  • Stand-alone firewall devices and host-based firewalls working together under a central admin control

Virtual Private Networks

Pros and cons of a firewall

Pros

  • Define a single choke point
  • Provide a location for monitoring security events
  • Convenient platform for some internet functions such as NAT, usage monitoring, IP Sec, VPNs

Cons

  • Unable to protect against attacks bypassing the firewall
  • May not fully protect against internal threats - devices infected outside then used inside

Authentication

Authentication establishes identity and evaluates the authenticity of identity proving credentials. Credentials are proof of identity, evaluation is a process that assesses the correctness of the association between credentials and claimed identity. Authentication is used so that the user can obtain the set of rights. It establishes trust between parties involved in transactions and prevents impersonation attacks.

Authentication Mechanisms

Password with one-way function Hashes are a one-way encryption. The has of the password is stored on the server. The browser hases the password and checks the hash with the one on the server.

Password salt

The goal of the password salt is to make a dictionary attack slower. An example is a 12 bit number between 0 and 4095 which is derived from the system clock and process identifier. Instead of hash(password) the system would hash(password + salt).

Vulnerabilities

  • Online dictionary attack - guess passwords and try to log in
  • Offline dictionary attack - steal password file and calculate p with hash(p)
  • Vulnerability to replay attack
  • No server authentication, which makes it easy to fool the client into sending the password to a malicious server
  • Passwords are usually quite weak, with many people using the same password in more than one place. If you can remember it then a computer can easily guess it.

One-Time Password (token)

  • A one-time password system that essentially uses a hash-chain as authenticators
  • For seed (S) and chain length (L), epoch length (x)
  • Tamper-proof token encodes S in firmware
  • Device display shows password for epoch
  • Time synchronisation allows authentication server to know what is expected ans authenticate the user

Challenge/ Response Mechanism

  • The client and server share a secret function f (in practice f is a known function with unknown parameters)
    • The nonce is a one-time random value used to determine freshness
  • This mechanism improves the password based system by preventing replay attacks

Biometric based authentication

Biometrics is the measurement and statistical analysis of people's physical and behavioural characteristics.

  • Mobile devices - fingerprint
  • Airport security - iris recognition
  • Cars and banks - voice recognition
  • Crime prevention - facial recognition

Biometrics can be extremely accurate and fast. Active biometrics authenticate, which requires user involvement. With passive biometrics the user can be unaware.

Biometrics should not be solely relied on because there have been examples of them being fooled. For example fingerprint reader activated using a fingerprint lifted from a coffee cup, and mobile phone facial recognition has been fooled using a photograph.

Cryptographic Protocols

  • Use a password (or key) in a cryptographic protocol
    • Proves possession of the key
    • Mutual authentication
  • Usually coupled with encryption of data after authentication
  • Certificates
    • PKI (Public Key Infrastructure)
    • KDC (Key Distribution Centre)
  • Share a key using a trusted third party
    • Public key based - X.509
    • Secret key based - Needham-Schroeder and Kerberos

Public Key Based (X.509)

  • PKI (Public Key Infrastructure) is the infrastructure used to make use of public keys possible. It is used to control the issue of public keys and provide authentication for public keys
  • X.509 PKI is a standard to verify that a public key belongs to the user, computer or service identity contained within the certificate

Authentication vs Authorisation Authentication is the mechanism whereby a system verifies and identifies its users. It emphasises 'who is the user?' and is the process of acertaining that user A is really who he claims to be.

Authorisation is the mechanism whereby a system determines what level of access to the resources a particular authenticated user has. E.g. they can access resource R, can perform operation O and can perform operation O on resource R.

KDC and Nonce KDC is a Key Distribution Centre. It shares a different symmetric key with each registered user.

A Nonce is a random number generated by the client. The nonce supplied by the client is returned encrypted by the server. The client checks to see if they match.

Needham Schroeder Protocol

The Needham Schroeder Protocol is based on a trusted third party. It can use public key or symmetric key encryption

Assume that A and B are within the purview of the same KDC

Needham-shroeder.png

Step 1 - A -> AS: {A, B, NA}

A sends a message in the clear with B's identity and nonce NA to AS to request a session key to communicate with B

Step 2 - AS -> A: {NA, B, KAB, {KAB, A}KB}KA

AS authenticates A and sends back a message encrypted with KA containing the session key KAB and a ticket encrypted with KB. The ticket is {KAB, A}

Step 3 - A -> B: {KAB}KB

A sends the encrypted ticket to B

Step 4 - B -> A: {NB}KAB

B generates another nonce NB and sends it to A encrypted with the session key KAB

Step 5 - A -> B: {NB - 1}KAB

A sends back an agreed function (e.g. N - 1) of the nonce NB encrypted with the session key

Needham Schroeder Vulnerability

Step 3 - A -> B: {KAB, A}KB

The vulnerability of this protocol consists in the fact that {KAB, A}KB could be used to mount a replay attack if KAB is intercepted by an intruder, since B is unaware of the freshness of the session key KAB.

Kerberos

Solves password eavesdropping and prevents replay attacks.

Kerberos Server - has the user ID and hashed passwords of all participating users and it shares a secret key with each server.

Authentication Server - has a database of all secret keys for the domain, secret keys are derived from their passwords. It also generates the ticket-granting ticket.

Ticket Granting Server - generates tickets to enable communication between users and servers.

  1. User enters their password once to be authenticated by the Authentication Server
  2. User receives a Ticket Granting Ticket from the AS, which has a fixed life span
  3. User uses this TGT to request service ticket from the Ticket Granting Server
  4. User uses service ticket to access service

Kerberos.png

Pros of Kerberos

  • User's passwords are never transmitted across the network
  • Mutual authentication of the client and server
  • Reusable authentication

Cons of Kerberos

  • Single point of failure due to the centralised model
  • Once an attacker succeeds in compromising the Kerberos server, they can impersonate any legitimate user
  • Clock syncronisation is required

Intrusion Detection Systems

What are the different types of intrusions?

Intrusion initiated by hackers

  • Damage level depends on the hacker level of competence and the security holes in the system

Intrusion initiated by criminals

  • Organised groups of hackers who share data, tips and coordinate their actions
  • Their main target is usually a credit card file at an e-commerce server

Intrusion initiated by insider attackers

  • The most difficult to detect and prevent
  • An insider attacker has access to the system and more knowledge about the structure and content of databases etc.

What are the main goals of an IDS?

Identifying and responding to intrusion activities

Detecting:

  • Unusual patterns of activity
  • Patterns of activity that are known to correlate with intrusions

A fundamental tool for intrusion detection is the audit record

  • Collects information on user activity
  • Used as an input to an IDS

A device or software that automates the intrusion detection process

AN IDS assumes that a system will not be secure, but violations of security policy (intrusions) can be detected by monitoring and analysing system behaviour

IDSs have been developed to provide early warning of an intrusion so that defensive actions can be taken to prevent or minimise damage.

IDSs fundamental assumptions:

  • That system activities are observable
  • That the behaviour of an intruder differs from that of a legitimate user in a way that can be quantified

IDS compared to forensic analysis

IDSs claim to detect adversary (i.e. attackers) when they are in the act of attack, by monitoring the operation of a network or host application events. They trigger mitigation technique(s) upon detection

A tool that discovers intrusions after the fact is called Forensic Analysis - e.g. from log files

What are the two basic models of detection techniques used in IDS?

Misuse or signature-based detection

  • Maintain data on known attacks
  • Look for activity with corresponding signatures
    • A signature is a pattern that corresponds to a known threat or attack
    • Monitor operational state for signature detection
    • Assumption: attacks of the same type have enough similarity to distinguish them from normal behaviour
    • Use pattern matching algorithms

Anomaly detection

  • Try to figure out what is 'normal' behaviour - i.e. define a pattern of normal behaviour
  • Report any abnormal behaviour - i.e. an activity that significantly deviates from normal behaviour
  • Compare the profile of normal behaviour to a monitored state (observed events)
  • Assumption: that any attack causes significant deviation from a normal behaviour (generally true?) - e.g. flooding a host with lots of packets (e.g. TCP SYN flood attacks)
  • How do you derive the profile of normal behaviour?
    • Learn operational behaviour from training data
    • Expert: construct a profile from domain knowledge
  • Is normal behaviour the same in all environments?
  • Pitfall: false learning
  • Profiles can be either static or dynamic
  • Static profile:
    • Once generated it is unchanged unless the IDS is directed to generate a new profile
  • It becomes inaccurate over time - it is required to be regenerated periodically
  • Dynamic profile:
    • Is adjusted constantly as events are observed
    • As systems and networks evolve, measures of normal behaviour also change
    • It is susceptible eo evasion attempts from attackers

Which model is more efficient on detecting novel attacks?

Only anomaly Detection can recognise novel or unknown attacks

Which model is more susceptible to generating false alarms?

Anomaly Detection is more susceptible to generating false alarms because it is having to guess what is unusual activity

Why accurately defining a profile of normal behaviour is a challenging task

There are many elements to defining a normal profile (listed in the previous chapter), which are not the same in all environments and will not remain the same over time. This could lead to a vulnerability id the administrator of the system starts to trust and believe the reports less.

What are the main metrics used to evaluate the accuracy of an IDS?

  • True positive
  • True negative
  • False positive
  • False negative

What are the two main types of IDSs?

IDSs can be classified into two main categories according to the type of event they monitor and the way in which they are deployed

Network based IDS

  • Monitors network traffic for particular network segments or devices and analyses the network and application protocols activities to identify any suspicious activity. It can identify many different types of interest
  • It is usually deployed at a boundary between networks such as in proximity to the border or firewalls or routers

Host based IDS

  • Monitors the characteristics of a single host and the events occurring within that host for suspicious activity, e.g. to monitor traffic (only for that host), system logs, running processes, application activity etc.
  • It is usually deployed on critical hosts such as publicly accessible servers and servers containing sensitive information.

Wireless Networks Security - WEP and WPA2

Security threats in WLAN

  • Back off value manipulation
  • NAV duration inflation (oversized NAV)
  • Short DIFS
  • Frame scrambling (target CTS, data, ACK)

What is WEP and how does it work?

Wired Equivalence Privacy

  • Original security protocol used in IEEE 802.11 (layer 2)
  • Designed to provide a level of security comparable to that expected in a wired LAN
  • Encrypts the data element only
  • 64 bit WEP uses 40 bit key & 24 bit Initialisation Vector (IV)
  • 128 bit is more common, which uses a 104 bit key
  • The IV will change from one frame to another, thus every frame will be encrypted with a different key

Security Goals

  • Confidentiality
  • Authentication
  • Data integrity
  • Access control

WEP Authorisation

  1. Wireless station sends authentication request to the access point
  2. AP replies with a clear text challenge (128 byte nonce value)
  3. Wireless station encrypts it using a shared symmetric key and sends it to the AP
  4. AP decrypts it using the symmetric key
  5. If the decrypted nonce matches the original nonce value then the wireless station is authenticated by the AP

Vulnerabilities

WEP is not secure due to the IV and the RC4 cipher

  • IV repeats periodically and in high-throughput networks this does not take long
  • Some cards re-initialise IV to 0 each time they are powered up
  • With random IVs the birthday effect says a repeat is expected within 5000 packets
  • WEP can be cracked in minutes using tools such as aircrack-ng