ADVANCED COMPUTER AND

NETWORK SECURITY

Instructor: Henock Mulugeta (Ph.D)

1
 Outline
• What is Security?
• Security trend
• Sources and consequences of risks
• Types of Vulnerabilities
• Security criteria
• Security attack types
• Security services and mechanisms
• Security model (X.800 and X.805)

2
 Computer and Network Security
• What is Security?
 Security is about
• Threats (bad things that may happen, e.g. your
money getting stolen)
• Vulnerabilities (weaknesses in your defenses, e.g.
your front door being made of thin wood and glass)
• Attacks (ways in which the threats may be
actualized,
• e.g. a thief breaking through your weak front
door while you and the neighbors are on holiday)

3
 Computer and Network Security…

“The most secure

computers are those
not connected
to the Internet and
shielded
from any interference”

4
 Computer and Network Security…
• Computer security is about
provisions and policies adopted to
protect information and property
from theft, corruption, or natural
disaster
– while allowing the information and
property to remain accessible and
productive to its intended users.
• security of computers against
intruders (e.g.,hackers) and
malicious software (e.g., viruses).

5
 Computer and Network Security…
• Network security on the other hand deals with
provisions and policies adopted to prevent and monitor
unauthorized access, misuse, modification, or denial of
the computer network and network-accessible
resources.

Not Sufficient!!

Internet
Internet 6
 Security trends
• In 1994, the Internet Architecture Board (IAB) issued a
report entitled "Security in the Internet Architecture" (RFC
1636).
• The report stated the general consensus that the Internet
needs more and better security, and it identified key areas
for security mechanisms.
• Among these were:
– the need to secure the network infrastructure from
unauthorized monitoring and control of network traffic and
– the need to secure end-user-to-end-user traffic using
authentication and encryption mechanisms.

7
 • The trends reported by the Computer Emergency Response
Team (CERT) Coordination Center (CERT/CC)

Internet-related vulnerabilities over a 10-

year period.

These include:

• Security weaknesses in the operating

systems of attached computers
(e.g., Windows, Linux) as well as

• Vulnerabilities in Internet routers and

other network devices.

8
• The number of security-related incidents reported to CERT.
• These include:
– denial of service attacks; IP spoofing, in which intruders create packets
with false IP addresses and exploit applications that use authentication
based on IP;
– various forms of eavesdropping and packet sniffing, in which attackers read
transmitted information, including logon information and database
contents.

9
 Who are the attackers?
• Vandals (Hackers, crackers) driven by intellectual challenge.
• Insiders: employees or customers seeking revenge or gain
informal benefits
• Natural disasters: flooding, fire, storms, earthquake…
• Criminals seeking financial gain.
• Organized crime seeking gain or hiding criminal activities.
• Organized terrorist groups or nation states trying to influence
national policy.
• Foreign agents seeking information (spying) for economic,
political, or military purposes.
• Tactical countermeasures intended to disrupt military capability.
• Large organized terrorist groups
• Cyber attacks

10
 What are the vulnerabilities?
•Physical vulnerabilities (Eg. Computer can be stolen)
•Natural vulnerabilities (Eg. Earthquake)
•Hardware and Software vulnerabilities (Eg. Failures)
•Media vulnerabilities (Eg. Hard disks can be stolen)
•Communication vulnerabilities (Ex. Wires can be tapped)
•Human vulnerabilities (Eg. Insiders)
•Poorly chosen passwords
•Software bugs (non reliability of software)
– buffer overflow attacks

11
 What are the vulnerabilities?...
• Automatically running active content: active-x, scripts,
Java programs (applet)
• Open ports: telnet, mail
• Incorrect configuration
– file permissions
– administrative privileges
• Untrained users/system administrators
• Trap doors (intentional security holes)
• Unencrypted communication
• Limited Resources (i.e. TCP connections)

12
 Consequences…

• Failure/End of service
• Reduction of QoS, down to Denial of Service (DDoS)
• Internal problems in the enterprise
• Trust decrease from partners (client, providers, share-
holders)
• Technology leakage
• Human consequences (personal data, sensitive data -
medical, insurances, …)

13
 Security and privacy criteria
 Properties of Security?
• Security is expressed in terms of:
 Confidentiality (Privacy)
 Integrity
 No repudiation
 Availability (Denial of Service)

• Authentication is a foundations of security

 In its absence, security properties can be violated

14
 Security criteria (in detail)
• To understand the types of threats to security that
exist, first we need to have a definition of security
requirements.
• In this section, different security requirements are
presented.

Availability
• It requires that computer and network assets are only
available to authorized parties.
• computer and network should provide all the designated
services in the presence of all kinds of security attack.

15
 Security criteria...
Integrity
• It requires that messages should be modified or altered only
by authorized parties.
– Modification includes writing, changing, deleting, and creating the
message that is supposed to be transmitted across the network.

• Integrity guarantees that no modification, addition, or

deletion is done to the message;
• The altering of message can be malicious or accidental.

16
 Security criteria...
Confidentiality
• It requires that the message can only be accessible for reading by
authorized parties.
• It also requires that the system should verify the identity of a user.

Authentication
• It means that correct identity is known to communicating parties.
• This property ensures that the parties are genuine not impersonator.

Authorization
• This property gives access rights to different types of users.
– For example a network management can be performed by network
administrator only.

17
 Computer and Network Security
Attacks
• Categories of Attacks

– Interruption: An attack on availability

– Interception: An attack on confidentiality

– Modification: An attack on integrity

– Fabrication: An attack on authenticity

18
 Computer and Network Security
Attacks…
• Categories of Attacks/Threats
Source

Destination
Normal flow of information

Attack

Interruption Interception

Modification Fabrication 19
Examples of threats

20
 Security attack types
• The attacks can also be classified by the following criteria.
– Passive or active,
– Internal or external,
– At different protocol layers.
Passive vs. active attacks
• A passive attack attempt to learn or make use of the information
without changing the content of the message and disrupting the
operation of the communication.
• Examples of passive attacks are:
-- Eavesdropping , traffic analysis, and traffic monitoring.

21
 Security attack types…

• Active attack attempts to interrupt, modify, delete,

or fabricate messages or information thereby
disrupting normal operation of the network.

• Some examples of active attacks include:

– Jamming, impersonating, modification, denial of service
(DoS), and message replay.

22
 Passive Attacks
• Passive attacks do not affect system resources
– Eavesdropping, monitoring
– The goal of the opponent is to obtain information that is being
transmitted
• Two types of passive attacks
– Release of message contents
– Traffic analysis
• Passive attacks are very difficult to detect
– Message transmission apparently normal
• No alteration of the data
– Emphasis on prevention rather than detection
• By means of encryption
23
 Passive Attacks (1)
Release of Message Contents

24
Passive Attacks (2)
Traffic Analysis

25
 Active Attacks
• Active attacks try to alter system resources or
affect their operation
– Modification of data, or creation of false data
• Four categories
– Masquerade of one entity as some other
– Replay previous message
– Modification of messages
– Denial of service (DoS): preventing normal use
• A specific target or entire network

• Difficult to prevent
– The goal is to detect and recover
26
Active Attacks (1)
Masquerade

27
Active Attacks (2)
Replay

28
 Active Attacks (3)
Modification of Messages

29
Active Attacks (4)
Denial of Service

30
 Security attack types…
Internal vs. External attacks
• External attacks are carried out by hosts that don’t
belong to the network domain, sometimes they are
called outsider.
– E.g.it can causes congestion by sending false routing
information thereby causes unavailability of services.
• In case of internal attack, the malicious node from the
network gains unauthorized access and acts as a genuine
node and disrupts the normal operation of nodes.
• They are also known as insider.

31
 Security attack types…
• Attacks on different layers of the TCP/IP model:
• The security attacks can also be classified as according to the
TCP/IP layers. Table shows the attack types at each layer.
Layer Attacks
Application layer E-mail bombing, Repudiation, data
corruption, malicious code attack
(Trojan, maleware,virus,...)
Transport layer Session hijacking, Altering checksum,
SYN flooding.
Network layer IP spoofing, ICMP echo,Worm hole, black
hole, gray hole, Byzantine, flooding
Data link layer Traffic analysis, disruption (E.g MAC
IEEE 802.11 Wi-Fi)
Physical layer Jamming, interception, eavesdropping
Cross-layer attack DoS, impersonation, replay, man-in-the-
32

middle attack
 Security attack types…
Denial of Service attack
• This attack aims to attack the availability of message, device or
the entire network service at large.
• The attacker may use radio signal jamming and the battery
exhaustion method (e.g, in wireless networks)
Impersonation
• If the authentication mechanism is not properly implemented, a
malicious node can act as a genuine node and monitor the
network traffic.

33
 Common security attacks and their
countermeasures
• Finding a way into the network
– Firewalls
• Exploiting software bugs, buffer overflows
– Intrusion Detection Systems
• Denial of Service
– access filtering, IDS
• TCP hijacking
– IPSec
• Packet sniffing
– Encryption (SSL, HTTPS)
• Social problems
– Education

34
 Security Services
• X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”

• RFC 2828:
“a processing or communication service provided by a
system to give a specific kind of protection to
system resources”
35
 Security Services (X.800)
• Authentication - assures that communicating entity is the
one claimed
– have both peer-entity & data origin authentication
• Access Control - prevention of the unauthorized use of a
resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is as sent
by an authorized entity
• Non-Repudiation - protection against denial by one of
the parties in a communication
• Availability – resource accessible/usable
36
 Security Mechanism
• Feature designed to detect, prevent, or recover
from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies many
of the security mechanisms in use:
– Cryptographic techniques
• hence our focus on this course

37
 Security Mechanisms (X.800)
• Specific security mechanisms:
– Ciphering/deciphering, digital signatures, data integrity,
authentication exchange, routing control, …
– Firewall, proxy server
– Access control, Intrusion detection system

38
Model for Network Security

39
 Model for Network Security…
• In considering the place of encryption, its useful to use the
above model.
• Information being transferred from one party to another over an
insecure communications channel,
– in the presence of possible opponents.
• The two parties, who are the principals in this transaction, must
cooperate for the exchange to take place.
• They can use:
– an appropriate security transform (encryption algorithm),
– with suitable keys (secret information),
– possibly negotiated using the presence of a trusted third
party.
40
 Model for Network Security…

• Using this model requires to:

1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information (key)
4. specify a protocol enabling the principals to use the
transformation and secret information for a security
service

41
Model for Network Access Security…

Access control Antivirus/IDS

Firewalls/ proxy
servers

42
 Model for Network Access Security…
• This model is concerned with controlling access to information or
resources on a computer system, in the presence of possible
opponents.
– Here appropriate controls are needed on the access to and within the system,
to provide suitable security.
• The security mechanisms needed to cope with unwanted access fall
into two broad categories (as shown in the figure).
• The first category might be termed a gatekeeper function.
– It includes password-based login procedures that are designed to deny access
to all but authorized users (access control) and
– screening logic that is designed to detect and reject worms, viruses, and other
similar attacks. (firewalls/proxy server)
• Once either an unwanted user or unwanted software gains access,
• The second line of defense consists of a variety of internal controls that
monitor activity and analyze stored information in an attempt to detect the
presence of unwanted intruders. (antivirus/IDS)
43
 Model for Network Access Security…

• Using this model requires us to:

1. select appropriate gatekeeper functions to identify
users
2. implement security controls to ensure only
authorised users access designated information or
resources

44
 Eight Security Dimensions Address the
Breadth of Network Vulnerabilities
• Limit & control access to
network elements, services Access Control
& applications • Provide Proof of Identity
• Examples: password, ACL, • Examples: shared secret
firewall Authentication key, PKI, digital signature,
digital certificate
• Prevent ability to deny that
an activity on the network Non-repudiation
• Ensure confidentiality of data
occurred • Example: encryption
• Examples: system logs,
digital signatures Data Confidentiality

• Ensure data is received as

• Ensure information only Communication Security sent or retrieved as stored
flows from source to • Examples: MD5, digital
destination signature, anti-virus software
• Examples: VPN, MPLS, L2TP Data Integrity

Availability
• Ensure network elements, • Ensure identification and
services and application network use is kept private
available to legitimate users Privacy • Examples: NAT, encryption
• Examples: IDS/IPS, network
redundancy, BC/DR
45
 How the Security Dimensions
Map to the Security Threats

X.805 Security Threats

Security
Destruction Corruption Removal Disclosure Interruption
Dimension

Access Control    
Authentication  
Non-
Repudiation     
Data
Confidentiality  
Communication
Security  
Data Integrity  
Availability  
Privacy 
46
 Security
Security Objectives
Dimension
Ensure that only authorised personnel or devices are allowed access to end-user data that is
Access Control transiting a network element or communications link or is resident in an offline storage device.

Verify the identity of the person or device attempting to access end-user data that is transiting a
Authentication network element of communications link or is resident in an offline storage device.
Authentication techniques may be required as part of Access Control.
Provide a record identifying each individual or device that accessed end-user data that is transiting a
Non-Repudiation network element or communications link, or is resident in offline devices and that the action was
performed. The record is to be used as proof of access to end-user data.
Protect end-user data that is transiting a network element or communications link, or is resident in
Data
an offline storage device against unauthorised access or viewing. Techniques used to address access
Confidentiality control may contribute to providing data confidentiality for end-user data.

Communication Ensure that end-user data that is transiting a network element or communications link is not diverted
Security or intercepted as it flows between the end points (without an authorised access)
www.lucent.com/security

Protect end-user data that is transiting a network element or communications link or is resident in
Data Integrity offline storage devices against unauthorised modification, deletion, creation and replication.

Ensure that access to end-user data resident in in offline storage devices by authorised personnel
Availability and devices cannot be denied.

Ensure that network elements do not provide information pertaining to the end-users network
47 Privacy activities (eg. Users geographic location, websites visited, content etc.) to unauthorised personnel.