0% found this document useful (0 votes)
6 views38 pages

CS Chapter 4

Uploaded by

getuchalchisa9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
6 views38 pages

CS Chapter 4

Uploaded by

getuchalchisa9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 38

Computer Security

Department of
Computer Science
Sem. III - 2016/2023
Chapter 4
Network Security
(C oSc-4036 – 5 ECTS)
Network Security
Network Security
Security
Security Services
Services

Confidentiality
Confidentiality
Authentication
Authentication
Integrity
Integrity
Non
Non Repudiation
Repudiation
Access
Access Control
Control
Availability
Availability
Network Security
Model
Model
Trusted
Third Party

Security Security
Related Related
Transmition Transmition

Opponent
Network Security
Introduction
Introduction

In
In today’s
today’s highly
highly networked
networked world,
world, we
we can’t
can’t
talk
talk of
of computer
computer security
security without
without talking
talking of
of
network
network security
security
Focus
Focus isis on:
on:

 Internet
Internet and
and Intranet
Intranet security
security (TCP/IP
(TCP/IP based
based
networks)
networks)

 Attacks
Attacks that
that use
use security
security holes
holes of
of the
the network
network
protocol
protocol and
and their
their defenses
defenses
Does
Does not
not include
include attacks
attacks that
that use
use networks
networks
to
to perform
perform some
some crime
crime based
based onon human
human
weaknesses
weaknesses (such
(such as
as scams)
scams)
Network Security/ Types of
Attacks
Passive
Passive attacks
attacks

Listen
Listen to
to the
the network
network and
and make
make use
use of
of the
the
information
information without
without altering
altering

 Passive
Passive wiretapping
wiretappingattack
attack

 Traffic analysis
Traffic analysis
Most
Most networks
networks use
use aa broadcast
broadcast medium
medium and
and it
it is
is
easy
easy to
to access
access other
other machines
machines packets
packets

 Utilities
Utilitiessuch
such as
as etherfind
etherfindand
andtcpdump
tcpdump

 Network management utilities such as SnifferPro
Network management utilities such as SnifferPro
Defense
Defense

 Using
Using switching
switching tools
tools rather
rather than
than mere
mere repeating
repeating hubs
hubs
limits
limits this
this possibility
possibility

 Using
Using cryptography;
cryptography; does
does not
not protect
protect against
against traffic
traffic
analysis
analysis
Network Security/ Types of
Attacks
Active
Active attacks
attacks
An
An active
active attack
attack threatens
threatens the
the integrity
integrity and
and availability
availability
of
of data
data being
being transmitted
transmitted

 The
Thetransmitted
transmitteddata
datais
isfully
fullycontrolled
controlledby
bythe
theintruder
intruder

 The
Theattacker
attackercan
canmodify,
modify,extend,
extend,delete
deleteor
orplay
playany
anydata
data
This
This is
is quite
quite possible
possible in
in TCP/IP
TCP/IP since
since the
the frames
frames and
and
packets
packets areare not
not protected
protected in
in terms
terms ofof authenticity
authenticity and
and
integrity
integrity
Denial
Denial ofof service
service or
or degrading
degrading ofof service
service attack
attack

 Prevention
Preventionof
ofauthorized
authorizedaccess
accessto
toresources
resources

 Examples
Examples
 E-mail
E-mailbombing:
bombing:flooding
floodingsomeone's
someone'smailmailstore
store
 Smurf
Smurf attack:
attack: Sending
Sending aa “ping”
“ping” multicast
multicast oror broadcast
broadcast with
with aa
spoofed
spoofed IPIP of
of aa victim.
victim. The
The recipients
recipients will
will respond
respond with
with aa
“pong”
“pong”totothe
thevictim
victim
 There had been reports of incidences of distributed denial
There had been reports of incidences of distributed denial
attacks
attacks against
against major
major sites
sites such
such as
as Amazon,
Amazon, Yahoo,
Yahoo, CNN
CNN and
and
Network Security/ Types of
Attacks
Active
Active attacks
attacks …

Spoofing
Spoofing attack:
attack: aa situation
situation in in which
which
one
one person
person oror program
program successfully
successfully
imitate
imitate another
another by
by falsifying
falsifying data
data and
and
thereby
thereby gaining
gaining an
an illegitimate
illegitimate
advantage.
advantage.

 IP
IP spoofing
spoofing
 Putting
 Putting aa wrong
wrong IPIP address
address in
in the
the source
source IP
IP
address
address of
of an
an IP
IP packet
packet

 DNS
DNS spoofing
spoofing
 Changing
 Changing thethe DNS
DNS information
information so
so that
that it
it directs
directs
to
to aa wrong
wrong machine
machine

 URL
URL spoofing/Webpage
spoofing/Webpage phishing
phishing
 AA legitimate
 legitimate web
web page
page such
such as
as aa bank's
bank's site
site is
is
Network Security/ Types of
Attacks
Active
Active attacks
attacks …

Session
Session hijacking
hijacking

 When
When aa TCP
TCP connection
connection is
is
established
established between
between aa client
client and
and aa
server,
server, all
all information
information isis transmitted
transmitted
in
in clear
clear and
and this
this can
can be
be exploited
exploited to
to
hijack
hijack the
the session
session
Network Security/ Protocols and
vulnerabilities
Attacks
Attacks on
on TCP/IP
TCP/IP Networks
Networks

TCP/IP
TCP/IP was
was designed
designed toto be
be used
used by
by aa
trusted
trusted group
group of
of users
users
The
The protocols
protocols are
are not
not designed
designed to to
withstand
withstand attacks
attacks
Internet
Internet is
is now
now used
used by
by all
all sorts
sorts of
of
people
people
Attackers
Attackers exploit
exploit vulnerabilities
vulnerabilities ofof
every
every protocol
protocol to
to achieve
achieve their
their goals
goals
The
The next
next slides
slides show
show some
some attacks
attacks at
at
each
each layer
layer of
of the
the TCP/IP
TCP/IP stack
stack
Network Security/ Protocols and
vulnerabilities
Link
Link Layer:
Layer: ARP
ARP spoofing
spoofing
Request 08:00:20:03:F6:42 00:00:C0:C2:9B:26
.1 .2 .3 .4 .5

140.252.13
arp req | target IP: 140.252.13.5 | target eth: ?

Reply
08:00:20:03:F6:42 00:34:CD:C2:9F:A0 00:00:C0:C2:9B:26
.1 .2 .3 .4 .5

140.252.13

arp rep | sender IP: 140.252.13.5 | sender eth: 00:34:CD:C2:9F:A0


Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IP
IP Vulnerabilities
Vulnerabilities
IP
IP packets
packets can
can be
be intercepted
intercepted

 In
In the
the LAN
LAN broadcast
broadcast

 In
In the
the router,
router, switch
switch
Since
Since thethe packets
packets are
are not
not protected
protected they
they
can
can bebe easily
easily read
read
Since
Since IPIP packets
packets are
are not
not authenticated
authenticated they
they
can
can bebe easily
easily modified
modified
Even
Even ifif the
the user
user encrypts
encrypts his/her
his/her data
data it
it will
will
still
still be
be vulnerable
vulnerable toto traffic
traffic analysis
analysis attack
attack
Information
Information exchanged
exchanged between
between routers
routers toto
maintain
maintain their their routing
routing tables
tables isis not
not
authenticated
authenticated
Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IPv4
IPv4 Header
Header …

Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IPv6
IPv6 Header
Header …

Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security (IPSec)
(IPSec) overview
overview

IPSec
IPSec isis aa set
set of
of security
security algorithms
algorithms
plus
plus aa general
general framework
framework that
that allows
allows
aa pair
pair ofof communicating
communicating entities
entities toto
use
use whichever
whichever algorithms
algorithms provide
provide
security
security appropriate
appropriate for
for the
the
communication.
communication.
Applications
Applications of of IPSec
IPSec

 Secure
Secure branch
branch office
office connectivity
connectivity over
over the
the
Internet
Internet

 Secure
Secure remote
remote access
access over
over the
the Internet
Internet

 Establsihing
Establsihing extranet
extranet and
and intranet
intranet
Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security (IPSec)
(IPSec) overview
overview …

Benefits
Benefits of
of IPSec
IPSec

 Transparent
Transparent to
to applications
applications (below
(below
transport
transport layer)
layer) (TCP,
(TCP, UDP)
UDP)

 Provide
Provide security
security for
for individual
individual users
users
IPSec
IPSec can
can assure
assure that:
that:

AA router
router oror neighbor
neighbor advertisement
advertisement
comes
comes from
from an
an authorized
authorized router
router

A A redirect
redirect message
message comes
comes from
from the
the router
router
to
to which
which the
the initial
initial packet
packet was
was sent
sent

A A routing
routing update
update isis not
not forged
forged
Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security (IPSec)
(IPSec) services
services

Access
Access Control
Control
Connectionless
Connectionless integrity
integrity
Data
Data origin
origin authentication
authentication
Rejection
Rejection of
of replayed
replayed packets
packets
Confidentiality
Confidentiality (encryption)
(encryption)
Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IP
IP security
security scenario
scenario …

Network Security/ Protocols and
vulnerabilities
Network
NetworkLayer:
Layer:IPSec
IPSec--Security
SecurityAssociations
Associations(SA)
(SA)
SA
SA isis aa one
one wayway relationship
relationship between
between aa
sender
sender and
and aa receiver
receiver that
that provides
provides security
security
services
services (authentication
(authentication and
and confidentiality)
confidentiality)
SA
SA is
is uniquely
uniquely identified
identified by:
by:

 Security
Security Parameters
Parameters Index
Index (SPI)
(SPI) in
in the
the enclosed
enclosed
extension
extension header
header of
of AH
AH or
or ESP
ESP
 AH:
 AH: Authentication
Authentication Header
Header(Authetication)
(Authetication)
 ESP:
 ESP: Encapsulating
Encapsulating Security
Security Payload
Payload (both
(both
authentication
authenticationand
andconfidentiality)
confidentiality)

 IP
IP Destination
Destination address
address in
in the
the IPv4/IPv6
IPv4/IPv6 header
header
Both
Both AH
AH and
and ESP
ESP support
support two
two modes
modes of
of use
use

 Transport
Transport Mode:
Mode: Protection
Protection for
for upper
upper layer
layer
protocols
protocols (TCP,
(TCP, UDP)
UDP)
Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IPSec
IPSec AH
AH Authentication
Authentication

(a) Before AH
Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IPSec
IPSec AH
AH Authentication
Authentication …

(b) Transport Mode


Network Security/ Protocols and
vulnerabilities
Network
Network Layer:
Layer: IPSec
IPSec AH
AH Authentication
Authentication …

(c) Tunnel Mode


Network Security/ Protocols and
vulnerabilities
Network
NetworkLayer:
Layer:IPSec
IPSecESP
ESPEncryption
Encryptionand
andAuthentication
Authentication
Network Security/ Protocols and
vulnerabilities
Network
NetworkLayer:
Layer:IPSec
IPSecESP
ESPEncryption
Encryptionand
andAuthentication…
Authentication…
Network Security/ Protocols and
vulnerabilities
Network
NetworkLayer:
Layer:Combination
Combinationof
ofSecurity
SecurityAssociations
Associations

* Implements IPSec
Network Security/ Protocols and
vulnerabilities
Network
NetworkLayer:
Layer:Combination
Combinationof
ofSecurity
SecurityAssociations
Associations…

* Implements IPSec
Network Security/ Protocols and
vulnerabilities
Network
NetworkLayer:
Layer:Combination
Combinationof
ofSecurity
SecurityAssociations
Associations…

* Implements IPSec
Network Security/ Protocols and
vulnerabilities
Network
NetworkLayer:
Layer:Combination
Combinationof
ofSecurity
SecurityAssociations
Associations…

* Implements IPSec
Network Security/ Protocols and
vulnerabilities
IPSec
IPSecESP
ESPEncryption
Encryptionand
andAuthentication…
Authentication…Summary
Summary
IPSec
IPSec provides
provides authentication,
authentication, confidentiality,
confidentiality, and and key
key
management
management at at the
the level
level of
of IP
IP packets.
packets.
IP-level
IP-level authentication
authentication is is provided
provided by by inserting
inserting an an
Authentication
Authentication Header
Header (AH)(AH) intointo the
the packets.
packets.
IP-level
IP-level confidentiality
confidentiality is is provided
provided by by inserting
inserting an an
Encapsulating
Encapsulating Security
Security Payload
Payload (ESP) (ESP) header
header into
into the
the
packets.
packets. AnAn ESP
ESP header
header can can also
also dodo the
the job
job of
of the
the AH
AH
header
header by by providing
providing authentication
authentication in in addition
addition to to
confidentiality.
confidentiality.
Before
Before ESP
ESP cancan bebe used,
used, it it is
is necessary
necessary for for the
the two
two
ends
ends of
of aa communication
communication link link to to exchange
exchange the the secret
secret
key
key that
that will
will be
be used
used forfor encryption.
encryption. Similarly,
Similarly, AHAH
needs
needs an
an authentication
authentication key. key. Keys
Keys are
are exchanged
exchanged with
with
aa protocol
protocol named
named as as the
the Internet
Internet Key Key Exchange
Exchange (IKE).
(IKE).
IPSec
IPSec isis aa specification
specification for for thethe IP-level
IP-level security
security
features
features that
that are
are built
built into
into the
the IPv6
IPv6 internet
internet protocol.
protocol.
Network Security/ Protocols and
vulnerabilities
Transport
Transport Layer
Layer :: TCP
TCP SYNC
SYNC attack
attack
The
The use
use of
of Sequence
Sequence Number:
Number:
monotonically
monotonically increasing
increasing 32 32 bits
bits long
long
counter
counter that
that provides
provides anti-replay
anti-replay function
function
Sequence
Sequence numbers
numbers are are initialized
initialized with
with aa
“random”
“random” value
value during
during connection
connection setup
setup
The
The RFCRFC suggests
suggests that
that the
the ISN
ISN (Initial
(Initial
Sequence
Sequence Number)
Number) is is incremented
incremented by by one
one
at
at least
least every
every 44 s
s
In
In many
many implementations,
implementations, it
it is
is
computationally
computationally feasible
feasible to
to guess
guess the
the next
next
ISN
ISN number
number
If successful, an attacker can impersonate
Network Security/ Protocols and
vulnerabilities
Transport
Transport Layer
Layer :: TCP
TCP SYNC
SYNC attack
attack …

3 way handshake

client server
SYN = ISNC
SYN = ISNS, ACK(ISNC)
ISN – Initial Sequence Number
ACK(ISNS)

data transfer

attacker server
SYN = ISNX, SRC_IP = T trusted host (T)

SYN = ISNS, ACK(ISNX)

ACK(ISNS), SRC_IP = T

SRC_IP = T, nasty_data
Network Security/ Protocols and
vulnerabilities
Application
Application layer:
layer: DNS
DNS spoofing
spoofing

If
If the
the attacker
attacker has
has access
access to
to aa
name
name server
server it
it can
can modify
modify it
it so
so
that
that it
it gives
gives false
false information
information

 Ex:
Ex: redirecting
redirecting www.ebay.com
www.ebay.com to
to
map
map to
to own
own (attacker’s)
(attacker’s) IP
IP address
address
The
The cache
cache of
of aa DNS
DNS name
name server
server
can
can bebe poisoned
poisoned with
with false
false
information
information using
using some
some simple
simple
techniques
techniques
Network Security/ Protocols and
vulnerabilities
Application
Application layer:
layer: Web
Web browsers
browsers as
as threats
threats
We
We obtain
obtain most
most of
of our
our browsers
browsers on-line
on-line

 How
How do
do we
we make
make sure
sure that
that some
some Trojan
Trojan horse
horse is
is
not
not inserted
inserted
Potential
Potential problems
problems that
that can
can come
come from
from
malicious
malicious code
code within
within the
the browser
browser

 Inform
Inform the
the attacker
attacker of
of the
the activities
activities of
of the
the user
user

 Inform
Inform the
the attacker
attacker of
of passwords
passwords typed
typed inin by
by the
the
user
user

 Downgrade
Downgrade browser
browser security
security
Helper
Helper applications
applications are
are used
used by
by browsers
browsers

 Example:
Example: MS
MS Word,
Word, Ghost
Ghost view,
view, etc
etc

 The helpers can have Trojan horse code
The helpers can have Trojan horse code

 Downloaded data can exploit vulnerabilities of
Network Security/ Protocols and
vulnerabilities
Application
Applicationlayer:
layer:Web
Webbrowser
browser…

Mobile
Mobile code
code

 Java
Java applets
applets and
and ActiveX
ActiveX controls
controls
 normally
 normally runrun within
within aa controlled
controlled environment
environment
(sandbox)
(sandbox) and
and access
access toto local
local resources
resources is
is strictly
strictly
controlled
controlled byby aa security
security manager
manager
 however,
 however, anan applet
applet may
may escape
escape from
from the
the sandbox
sandbox
due
due to
to some
some bugs
bugs inin the
the implementation
implementation of of the
the
Java
Java Virtual
Virtual Machine
Machine for for example
example
Cookies
Cookies

 cookies
cookies are
are set
set by
by web
web servers
servers and
and stored
stored
by
by web
web browsers
browsers

AA cookie
cookie set
set by
by aa server
server is
is sent
sent back
back toto the
the
server
server when
when the
the browser
browser visits
visits the
the server
server
again
again
Network Security/ Protocols and
vulnerabilities
Application
Application layer:
layer: Web
Web browser
browser …

Interactive
Interactive web
web sites
sites are
are
based
based on
on forms
forms and
and scripts
scripts

By
By writing
writing malicious
malicious scripts
scripts the
the
client
client can
can

Crash the
Crash the server
server (ex.
(ex. Buffer
Buffer
overflow)
overflow)

Gain
Gain control
control over
over the
the server
server
Network Security/ Protocols and
vulnerabilities
Application
Application layer:
layer: E-mail
E-mail Security
Security

E-mails
E-mails transit
transit through
through various
various
servers
servers before
before reaching
reaching their
their
destinations
destinations
By
By default,
default, they
they areare visible
visible byby
anybody
anybody whowho hashas access
access toto the
the
servers
servers
SMTP
SMTP protocol
protocol itself
itself has
has somesome
security
security holes
holes
E-mail
E-mail security
security can
can be be improved
improved
using
using some
some tools
tools and
and protocols
protocols
Network Security/ Protocols and
vulnerabilities
Application
Applicationlayer:
layer:Security-enhanced
Security-enhancedapplication
applicationprotocols
protocols

Solution
Solution toto most
most application
application layer
layer
security
security problems
problems have
have been
been found
found by
by
developing
developing security-enhanced
security-enhanced
application
application protocols
protocols
Examples
Examples

 For
For FTP
FTP =>
=> FTPS
FTPS

 For
For HTTP
HTTP =>
=> HTTPS
HTTPS

 For
For SMTP
SMTP =>
=> SMTPS
SMTPS

 For
For DNS
DNS =>
=> DNSSEC
DNSSEC
End of Chapter
4
Thank you
any Q

You might also like