Computer security and pri-

vacy
Department of Computer Sci-
ence
Admas university
Mekanisa campus

Set by:Habtamu B.
 Network Security
Security
Security Services
Services

Confidentiality
Confidentiality
Authentication
Authentication
Integrity
Integrity
Non
NonRepudiation
Repudiation
Access
AccessControl
Control
Availability
Availability
 Network Security
Model
Model
Trusted
Third Party

Security Security
Related Related
Transmition Transmition

Opponent
 Network Security
Introduction
Introduction

In
In today’s
today’s highly
highly networked
networked world,
world, we
we can’t
can’t talk
talk of
of com-
com-
puter
putersecurity
securitywithout
withouttalking
talkingof
ofnetwork
networksecurity
security
Focus
Focusisison:
on:

 Internet
Internetand
andIntranet
Intranetsecurity
security(TCP/IP
(TCP/IPbased
basednetworks)
networks)

 Attacks
Attacks that
that use
use security
security holes
holes of
of the
the network
network protocol
protocol and
and
their
theirdefenses
defenses
Does
Does not
not include
include attacks
attacks that
that use
use networks
networks to
to perform
perform
some
somecrime
crimebased
basedon
onhuman
humanweaknesses
weaknesses
 Network Security/ Types of Attacks
Passive
Passive attacks
attacks

Listen
Listento
tothe
thenetwork
networkand
andmake
makeuse
useof
ofthe
theinformation
informationwithout
withoutalter-
alter-
ing
ing
 Passive
 Passivewiretapping
wiretappingattack
attack
 Traffic
 Trafficanalysis
analysis
Most
Mostnetworks
networksuse
useaabroadcast
broadcastmedium
mediumand
andititisiseasy
easyto
toaccess
accessother
other
machines
machinespackets
packets
Defense
Defense
 Using
 Using switching
switching tools
tools rather
ratherthan
than mere
mere repeating
repeating hubs
hubs limits
limitsthis
thispossi-
possi-
bility
bility

 Using
Usingcryptography;
cryptography;does
doesnot
notprotect
protectagainst
againsttraffic
trafficanalysis
analysis
 Network Security/ Types of Attacks
Active
Active attacks
attacks
An
An active
active attack
attack threatens
threatens the
the integrity
integrity and
and availability
availability of
of data
data being
being
transmitted
transmitted
 The
 Thetransmitted
transmitteddata
dataisisfully
fullycontrolled
controlledby
bythe
theintruder
intruder
 The
 Theattacker
attackercan
canmodify,
modify,extend,
extend,delete
deleteor
orplay
playany
anydata
data
This
This isis quite
quite possible
possible in
in TCP/IP
TCP/IP since
since the
the frames
frames and
and packets
packets are
are not
not
protected
protectedin interms
termsofofauthenticity
authenticityand
andintegrity
integrity

Denial
Denialof
ofservice
serviceor
ordegrading
degradingof
ofservice
serviceattack
attack
 Prevention
 Preventionofofauthorized
authorizedaccess
accesstotoresources
resources

 Examples
Examples
 E-mail
E-mailbombing:
bombing:flooding
floodingsomeone's
someone'smail
mailstore
store
 Smurf
Smurfattack:
attack:Sending
Sendingaa“ping”
“ping”multicast
multicastororbroadcast
broadcastwith
withaaspoofed
spoofedIP
IPofofaavic-
vic-
tim. The recipients will respond with a “pong” to the victim
tim. The recipients will respond with a “pong” to the victim
 There
Therehadhadbeen
beenreports
reportsofofincidences
incidencesofofdistributed
distributeddenial
denialattacks
attacksagainst
againstmajor
major
sites such as Amazon, Yahoo, CNN and
sites such as Amazon, Yahoo, CNN and eBay eBay
 Network Security/ Types of Attacks
Active
Active attacks
attacks …
…
Spoofing
Spoofing attack:
attack: aa situation
situation in
in which
which one
one person
person oror
program
program successfully
successfully imitate
imitate another
another by
by falsifying
falsifying
data
data and
and thereby
thereby gaining
gaining anan illegitimate
illegitimate advantage.
advantage.

 IP
IPspoofing
spoofing
 Putting
 Putting aa wrong
wrong IP
IP address
address in
in the
the source
source IP
IP address
address of
of an
an IP
IP
packet
packet

 DNS
DNSspoofing
spoofing
 Changing
 Changing the
the DNS
DNS information
information so
so that
that itit directs
directs to
to aa wrong
wrong ma-
ma-
chine
chine

 URL
URLspoofing/Webpage
spoofing/Webpagephishing
phishing
 AAlegitimate
 legitimateweb
webpage
pagesuch
suchas
asaabank's
bank'ssite
siteisisreproduced
reproducedinin"look
"look
and
andfeel"
feel"on
onanother
anotherserver
serverunder
undercontrol
controlofofthe
theattacker
attacker

 E-mail
E-mailaddress
addressspoofing
spoofing
 Network Security/ Types of Attacks
Active
Active attacks
attacks …
…

Session
Session hijacking
hijacking

 When
When aa TCP
TCP connection
connection isis established
established between
between aa
client
client and
and aa server,
server, all
all information
information isis transmitted
transmitted
in
in clear
clear and
and this
this can
can be be exploited
exploited toto hijack
hijack the
the
session
session
 Network Security/ Protocols and vulnerabilities
Attacks
Attacks on
on TCP/IP
TCP/IP Networks
Networks

TCP/IP
TCP/IP waswas designed
designed to
to bebe used
used by by aa trusted
trusted
group
group of
of users
users
The
The protocols
protocols areare not
not designed
designed to to withstand
withstand at-
at-
tacks
tacks
Internet
Internet isis now
now used
used by
by all
all sorts
sorts of
of people
people

Attackers
Attackers exploit
exploit vulnerabilities
vulnerabilities of
of every
every protocol
protocol
to
to achieve
achieve their
theirgoals
goals
The
The next
next slides
slides show
show some
some attacks
attacks atat each
each layer
layer of
of
the
the TCP/IP
TCP/IPstack
stack
 Network Security/ Protocols and vulnerabilities
Network
Network Layer:
Layer: IP
IP Vulnerabilities
Vulnerabilities
IP
IPpackets
packetscan
canbe
beintercepted
intercepted

 In
Inthe
theLAN
LANbroadcast
broadcast

 In the router, switch
In the router, switch
Since
Sincethe
thepackets
packetsare
arenot
notprotected
protectedthey
theycancanbebeeasily
easilyread
read
Since
Since IP
IP packets
packets are
are not
not authenticated
authenticated they
they cancan be
be easily
easily
modified
modified
Even
Even ifif the
the user
user encrypts
encrypts his/her
his/her data
data itit will
will still
still be
be vul-
vul-
nerable
nerableto totraffic
trafficanalysis
analysisattack
attack
Information
Information exchanged
exchanged between
between routers
routers to to maintain
maintain their
their
routing
routingtables
tablesisisnot
notauthenticated
authenticated

 All
Allsort
sortof
ofproblems
problemscan
canhappen
happenififaarouter
routerisiscompromised
compromised
 Network Security/ Protocols and vulnerabilities
Network
Network Layer:
Layer: IPv4
IPv4 Header
Header …
…
 Network Security/ Protocols and vulnerabilities
Network
Network Layer:
Layer: IPv6
IPv6 Header
Header …
…
 Network Security/ Protocols and vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security (IPSec)
(IPSec) overview
overview

IPSec
IPSec isis aa set
set of
of security
security algorithms
algorithms plus
plus aa general
general
framework
framework that that allows
allows aa pair
pair of
of communicating
communicating
entities
entities to to useuse whichever
whichever algorithms
algorithms provide
provide
security
security appropriate
appropriate for forthe
the communication.
communication.
Applications
Applications of of IPSec
IPSec

 Secure
Securebranch
branchoffice
officeconnectivity
connectivityover
overthe
theInternet
Internet

 Secure
Secureremote
remoteaccess
accessover
overthe
theInternet
Internet

 Establsihing
Establsihing extranet
extranet and
and intranet
intranet connectivity
connectivity with
with
partners
partners

 Enhancing
Enhancingelectronic
electroniccommerce
commercesecurity
security
 Network Security/ Protocols and vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security (IPSec)
(IPSec) overview
overview …
…

Benefits
Benefits of
of IPSec
IPSec

 Transparent
Transparent to
to applications
applications (below
(below transport
transport layer)
layer)
(TCP,
(TCP,UDP)
UDP)

 Provide
Providesecurity
securityfor
forindividual
individualusers
users

IPSec
IPSec can
can assure
assure that:
that:

 A
A router
router or
or neighbor
neighbor advertisement
advertisement comes
comes from
from an
an
authorized
authorizedrouter
router

 AAredirect
redirect message
message comes
comes from
from the
the router
router to
to which
which the
the
initial
initialpacket
packetwas
wassent
sent

 AArouting
routingupdate
updateisisnot
notforged
forged
 Network Security/ Protocols and vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security (IPSec)
(IPSec) services
services

Access
Access Control
Control
Integrity
Integrity
Data
Data origin
origin authentication
authentication
Rejection
Rejection of
of replayed
replayed packets
packets
Confidentiality
Confidentiality (encryption)
(encryption)
 Network Security/ Protocols and vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security scenario
scenario …
…
 Network Security/ Protocols and vulnerabilities
Network
NetworkLayer:
Layer:IPSec
IPSec-- Security
SecurityAssociations
Associations(SA)
(SA)
SA
SA isis aa one
one way
way relationship
relationship between
between aa sender
sender and
and aa re-
re-
ceiver
ceiver that
that provides
provides security
security services
services (authentication
(authentication and
and
confidentiality)
confidentiality)
SA
SAisisuniquely
uniquelyidentified
identifiedby:
by:

 Security
Security Parameters
Parameters Index
Index (SPI)
(SPI) in
in the
the enclosed
enclosed extension
extension header
header
of
ofAH
AHor
orESP
ESP
 AH:
 AH:Authentication
AuthenticationHeader
Header(Authetication)
(Authetication)
 ESP:
 ESP:Encapsulating
EncapsulatingSecurity
SecurityPayload
Payload(both
(bothauthentication
authenticationand
andconfi-
confi-
dentiality)
dentiality)

 IP
IPDestination
Destinationaddress
addressin
inthe
theIPv4/IPv6
IPv4/IPv6header
header
Both
BothAH
AHand
andESP
ESPsupport
supporttwo
twomodes
modesof
ofuse
use

 Transport
TransportMode:
Mode:Protection
Protectionfor
forupper
upperlayer
layerprotocols
protocols(TCP,
(TCP,UDP)
UDP)

 Tunnel Mode: Protection to the entire IP packet
Tunnel Mode: Protection to the entire IP packet
 Network Security/ Protocols and vulnerabilities
IPSec
IPSecESP
ESPEncryption
Encryptionand
andAuthentication…
Authentication…Summary
Summary
IPSec
IPSec provides
provides authentication,
authentication, confidentiality,
confidentiality, and
and key
key management
management at at
the
thelevel
levelofofIP
IPpackets.
packets.
IP-level
IP-level authentication
authentication isis provided
provided by by inserting
inserting an an Authentication
Authentication
Header
Header(AH)(AH)intointothe
thepackets.
packets.
IP-level
IP-levelconfidentiality
confidentialityisisprovided
providedby byinserting
insertingananEncapsulating
EncapsulatingSecur-
Secur-
ity
ity Payload
Payload (ESP)
(ESP) header
header intointo the
the packets.
packets.An An ESP
ESPheader
header can
can also
also do
do
the
thejob
jobofofthe
theAHAHheader
headerby byproviding
providingauthentication
authenticationin inaddition
additiontotocon-
con-
fidentiality.
fidentiality.
Before
BeforeESPESPcan canbe beused,
used,ititisisnecessary
necessaryfor forthe
thetwo
twoends
endsofofaacommunica-
communica-
tion
tionlink
linktotoexchange
exchangethe thesecret
secretkeykeythat
thatwill
willbe
beused
usedfor
forencryption.
encryption.Sim-
Sim-
ilarly,
ilarly,AHAHneeds
needsan an authentication
authenticationkey. key.Keys
Keysare
areexchanged
exchangedwithwithaapro-
pro-
tocol
tocolnamed
namedas asthe
theInternet
InternetKey KeyExchange
Exchange(IKE).
(IKE).
IPSec
IPSec isis aa specification
specification forfor the
the IP-level
IP-level security
security features
features that
that are
are built
built
into
intothe
theIPv6
IPv6internet
internetprotocol.
protocol.These
Thesesecurity
securityfeatures
featurescan
canalso
alsobe
beused
used
with
withthetheIPv4
IPv4internet
internetprotocol.
protocol.
IPSec
IPSecisistransparent
transparentto toapplications
applications(functions
(functionsbelow
belowtransport
transportlayer)
layer)
 Network Security/ Protocols and vulnerabilities
Transport
Transport Layer
Layer :: TCP
TCP SYNC
SYNC attack
attack
The
The useuse of
of Sequence
Sequence Number:
Number: monotonically
monotonically increasing
increasing
32
32bits
bitslong
longcounter
counterthat
thatprovides
provides anti-replay
anti-replayfunction.
function.
Sequence
Sequence numbers
numbers areare initialized
initialized with
with aa “random”
“random”
value
valueduring
duringconnection
connectionsetup.
setup.
The
The RFCRFC suggests
suggests that
that the
the ISN
ISN (Initial
(Initial Sequence
Sequence Num-
Num-
ber)
ber)isisincremented
incrementedby byone
oneat atleast every44 ms
leastevery ms
In
In many
many implementations,
implementations, itit isis computationally
computationally feasible
feasible
to
toguess
guessthethenext
nextISN
ISNnumber.
number.
IfIfsuccessful,
successful,ananattacker
attackercan can impersonate
impersonateaatrusted
trustedhost
host
 Network Security/ Protocols and vulnerabilities
Application
Application layer:
layer: DNS
DNS spoofing
spoofing

If
If the
the attacker
attacker has
has access
access to to aa name
name server
server itit
can
can modify
modify itit so
so that
that itit gives
gives false
false informa-
informa-
tion
tion

 Ex:
Ex: redirecting
redirecting www.ebay.com
www.ebay.com to
to map
map to
to own
own
(attacker’s)
(attacker’s) IP
IPaddress
address
The
The cache
cache ofof aa DNS
DNS name
name server
server can
can be
be poi-
poi-
soned
soned with
with false
false information
information using
using some
some
simple
simple techniques
techniques
 Network Security/ Protocols and vulnerabilities
Application
Application layer:
layer: Web
Web browsers
browsers as
as threats
threats
We
Weobtain
obtainmost
mostof
ofour
ourbrowsers
browserson-line
on-line

 How
Howdo
dowe
wemake
makesure
surethat
thatsome
someTrojan
Trojanhorse
horseisisnot
notinserted
inserted
Potential
Potential problems
problems that
that can
can come
come from
from malicious
malicious code
code
within
withinthe
thebrowser
browser

 Inform
Informthe
theattacker
attackerof
ofthe
theactivities
activitiesof
ofthe
theuser
user

 Inform the attacker of passwords typed in by the user
Inform the attacker of passwords typed in by the user
 Network Security/ Protocols and vulnerabilities
Application
Applicationlayer:
layer: Web
Webbrowser
browser…
…
Cookies
Cookies

 cookies
cookies are
are set
set by
by web
web servers
servers and
and stored
stored by
by web
web
browsers
browsers

 AA cookie
cookie set
set by
by aa server
server isis sent
sent back
back to
to the
the server
server when
when
the
thebrowser
browservisits
visitsthe
theserver
serveragainagain

 Cookies
Cookies can
can bebe used
used toto track
track what
what sites
sites the
the user
user visits
visits
(can
(canlead
leadtotoserious
seriousprivacy
privacyviolation!)
violation!)
 Network Security/ Protocols and vulnerabilities
Application
Application layer:
layer: Web
Web browser
browser …
…

Interactive
Interactive web
web sites
sites are
are based
based on
on
forms
forms and
and scripts
scripts

 By
By writing
writing malicious
malicious scripts
scripts the
the client
client can
can

 Crash
Crash the
the server
server(ex.
(ex. Buffer
Bufferoverflow)
overflow)

 Gain
Gain control
control over
overthe
the server
server
 Network Security/ Protocols and vulnerabilities
Application
Application layer:
layer: E-mail
E-mail Security
Security

E-mails
E-mails transit
transit through
through various
various servers
servers before
before
reaching
reaching their
theirdestinations
destinations
By
By default,
default, they
they are
are visible
visible by
by anybody
anybody whowho has
has
access
access to
to the
the servers
servers
SMTP
SMTP protocol
protocol itself
itself has
has some
some security
security holes
holes
E-mail
E-mail security
security can
can be
be improved
improved using
using some
some tools
tools
and
and protocols
protocols

 Example:
Example:PGP,
PGP,S-MIME
S-MIME
PGP:
PGP:Pretty
PrettyGood
GoodPrivacy
Privacy
S-MIME:
S-MIME:Secure
SecureMulti-Purpose
Multi-PurposeInternet
InternetMail
MailExtension
Extension
 Network Security/ Protocols and vulnerabilities
Application
Applicationlayer:
layer:Security-enhanced
Security-enhancedapplication
applicationprotocols
protocols

Solution
Solution to
to most
most application
application layer
layer security
security prob-
prob-
lems
lems have
have been
been found
found by
by developing
developing security-en-
security-en-
hanced
hanced application
application protocols
protocols
Examples
Examples

 For
ForFTP
FTP=>
=>FTPS
FTPS

 For
ForHTTP
HTTP=>
=>HTTPS
HTTPS

 For
ForSMTP
SMTP=>
=>SMTPS
SMTPS

 For
ForDNS
DNS=>
=>DNSSEC
DNSSEC
END