Agenda. Introduction. Security Protocols Wireless / Mobile Security. Lecture 10. Network Security I

Similar documents
... Lecture 10. Network Security I. Information & Communication Security. Prof. Dr. Kai Rannenberg

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

CIT 380: Securing Computer Systems. Network Security Concepts

Network Security. Thierry Sans

IPSec. Overview. Overview. Levente Buttyán

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

CTS2134 Introduction to Networking. Module 08: Network Security

IP Security. Cunsheng Ding HKUST, Kong Kong, China

CSE509: (Intro to) Systems Security

Virtual Private Networks (VPN)

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

HP Instant Support Enterprise Edition (ISEE) Security overview

Advanced Security and Mobile Networks

Network Encryption 3 4/20/17

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Computer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

CSC Network Security

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Creating VPN s with IPsec

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

AIT 682: Network and Systems Security

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California

CSC 6575: Internet Security Fall 2017

The IPsec protocols. Overview

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

CSC 4900 Computer Networks: Security Protocols (2)

Solved MCQ of Computer networking. Set-1

INTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

Indicate whether the statement is true or false.

BABU MADHAV INSTITUTE OF INFORMATION TECHNOLOGY, UTU 2017

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

CSCE 715: Network Systems Security

Lecture 19. Principles behind data link layer services Framing Multiple access protocols

CS 356 Internet Security Protocols. Fall 2013

CSE543 Computer and Network Security Module: Network Security

Application Firewalls

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Operating Systems CS 571

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

Data and Computer Communications. Chapter 2 Protocol Architecture, TCP/IP, and Internet-Based Applications

Network Interconnection

Network Security Fundamentals

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic

IP Security. Have a range of application specific security mechanisms

Computer Security Exam 3 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Corso di Network Security a.a. 2012/2013. Solutions of exercises on the second part of the course

Additional Material. Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Information Network I/No.

IP Security IK2218/EP2120

CSE 565 Computer Security Fall 2018

Network Reference Models

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Computer and Network Security

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

IS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006

Networks and Communications MS216 - Course Outline -

Firewalls, Tunnels, and Network Intrusion Detection

Administrator's Guide

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Chapter 8 Network Security

Layering in Networked computing. OSI Model TCP/IP Model Protocols at each layer

8. Network Layer Contents

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Wireless-G Router User s Guide

Network Security and Cryptography. December Sample Exam Marking Scheme

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Agenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Cryptography and Network Security. Sixth Edition by William Stallings

CIT 480: Securing Computer Systems

n Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort

Why Firewalls? Firewall Characteristics

CyberP3i Course Module Series

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Hands-On TCP/IP Networking

Slides for Chapter 3: Networking and Internetworking

Data Communication and Network. Introducing Networks

Time Synchronization Security using IPsec and MACsec

Innovation and Cryptoventures. Technology 101. Lee Jacobs and Campbell R. Harvey. February 22, 2017

Network Architecture Models

Defining Networks with the OSI Model. Module 2

CITADEL Series - Security and VPN Appliances

Administrator's Guide

The Applications and Gaming Tab - Port Range Forward

Networking and TCP/IP. John Kalbach November 8, 2004

Virtual Private Networks.

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Software Engineering 4C03 Answer Key

OSI Reference Model. Computer Networks lab ECOM Prepared By : Eng. Motaz Murtaja Eng. Ola Abd Elatief

Transcription:

Lecture 10 Network Security I Information and Communications Security (SS 2008) Prof. Dr. Kai Rannenberg T-Mobile Chair for Mobile Business & Multilateral Security Johann Wolfgang Goethe University Frankfurt a. M. www.whatismobile.de Agenda Introduction Network Organisation Security Protocols Wireless / Mobile Security 2

Layered Communication Ich mag Hasen J aime les lapins I like rabbits I like rabbits Fax: # I like rabbits Fax: # I like rabbits medium Based on [Ta96] 3 ISO/OSI Reference Model Application Layer Presentation Layer Session Layer Transportation Layer Network Layer Data Link Layer Physical Layer Information technology Open Systems Interconnection Basic Reference Model 7-Layer-Model First version ISO/IEC 7498-1:1984 Current version ISO/IEC 7498-1:1994 4

Internet Reference Model Application Layer Transport Layer Network Layer Data Link Layer Physical Layer [Ta96] 5 Communication Example [Ta96] 6

Physical Layer Application Layer Transport Layer Network Layer Data Link Layer Tasks: Bit transfer Mechanic (connector, medium) Electronic (signal durability of a bit, voltage) Physical Layer 7 Data Link Layer Application Layer Transport Layer Network Layer Data Link Layer Tasks: data transmission between stations in the direct neighbourhood error detection and elimination flow control Medium access control (MAC) Physical Layer 8

Example: Ethernet Bus-Network Developed by XEROX Additional nodes can easily be added. Protocol: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Example: Ethernet 9 CSMA/CD: Carrier Sense: Multiple Access: Collision Detection: Based on [Ta96, p.282] 10

Eavesdropping of all frames i.e. Ethereal: Frame-Sniffing composite packets of higher protocol layers [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 11 Network Layer Application Layer Transport Layer Network Layer Data Link Layer Tasks: Connection between endto-end systems Routing Addressing Typically connectionless For example: IP Physical Layer 12

Transport Layer Application Layer Transport Layer Network Layer Data Link Layer Physical Layer Tasks: Connection between source and target Optimisation of quality of service and service costs Flow control Connection management For example: TCP, UDP 13 Application Layer Application Layer Transport Layer Network Layer Data Link Layer Tasks: provides services to the user/applications Examples: (service/protocol): E-Mail / SMTP, WWW / HTTP, file transfer / FTP Physical Layer SMTP: Simple Mail Transfer Protocol HTTP: Hyper Text Transfer Protocol FTP: File Transfer Protocol 14

Agenda Introduction Network Organisation Firewalls Demilitarized i Zone Intrusion Detection Security Protocols Wireless / Mobile Security 15 Agenda Introduction Network Organisation Firewalls Demilitarized i Zone Intrusion Detection Security Protocols Wireless / Mobile Security 16

Firewall A firewall is an internetwork gateway that restricts data communication traffic to and from one of the connected networks (the one said to be inside the firewall) and thus protects that network s system resources against threats from the other network (the one that is said to be outside the firewall). [RFC 2828] 17 Firewall Private local network Firewall Internet 18

Agenda Introduction Network Organisation Firewalls Demilitarized i Zone Intrusion Detection Security Protocols Wireless / Mobile Security 19 Demilitarized Zone (DMZ) The DMZ is a portion of a network, that t separates a purely internal network from an external network. [Bi05] The outer firewall sits between the Internet and the internal network. The DMZ provides limited public access to various servers. The inner firewall sits between the DMZ and the subnets not to be accessed by the public. 20

Network using a DMZ [Bi05] 21 Example: WiTness DMZ Information Provider System HTTP(S) HTML R/3 App Browser Web Application Server - Corporate Access Point JAAS Mapping Service RFC/SNC DB Security Module HTTP(S) HTML Challenge Provider 22

Agenda Introduction Network Organisation Firewalls Demilitarized Zone Intrusion Detection Security Protocols Wireless / Mobile Security 23 Computer System Characteristics Computer systems that are not under attack exhibit several characteristics [Bi05] 1. The actions of users and processes generally conform to a statistically ypredictable pattern. A user who does only word processing when using the computer is unlikely to perform a system maintenance function. 2. The actions of users and processes do not include sequences of commands to subvert the security policy of the system. In theory, any such sequence is excluded; in practice, only sequences known to subvert the system can be detected. 3. The actions of processes conform to a set of specifications describing actions that the processes are allowed to do (or not allowed to do). Denning [De87] hypothesized that systems under attack fail to meet at least one of these characteristics. 24

Attack Tool An attack tool is an automated script designed to violate a security policy. Example: Rootkit [Bi05] 25 Rootkit Exists for many versions of the UNIX operating system Is designed d to sniff passwords from the network and to conceal its presence Includes tools to automate t the installation ti procedure and has modified versions of system utilities Can eliminate many errors arising from incorrect installation and perform routine steps to clean up detritus of the attack [Bi05] 26

Goals of Intrusion Detection Systems Detect t a wide variety of intrusions: i Inside and outside attacks Known and previously unknown attacks should be detected. Adapt to new kinds of attacks Detect intrusions in a timely fashion Present the analysis in a simple, easy to understand format Be accurate: False positives reduce confidence in the correctness of the results. False negatives are even worse, since the purpose of an IDS is to report attacks. [Bi05] 27 Anomaly Detection Anomaly detection analyzes a set of characteristics of the system and compares their behavior with a set of expected values. It reports when the computed statistics do not match the expected measurements. [Bi05] 28

Misuse Detection Misuse detection determines whether a sequence of instructions being executed is known to violate the site security policy being executed. If so, it reports a potential intrusion. Example: Network Flight Recorder (NFR) [Bi05] 29 Network Flight Recorder (NFR) NFR has three components The packet sucker reads packets off the network. The decision engine uses filters written in a language called N-code to extract information. The backend writes the data generated by the filters to disk. [Bi05] 30

Specification Based Detection Specification-based detection determines whether or not a sequence of instructions ti violates a specification of how a program, or system, should execute. If so, it reports a potential intrusion. Example threat t source to be controlled: The UNIX program rdist [Bi05] 31 Autonomous Agents An autonomous agent is a process that can act independently of the system of which it is a part. Example: The Autonomous Agents for Intrusion Detection (AAFID) [Bi05] 32

Intrusion Detection System [Bi05] 33 Agenda Introduction Network Organisation Security Protocols Virtual Private Networks Secure Socket Layer IPsec Wireless / Mobile Security 34

Agenda Introduction Network Organisation Security Protocols Virtual Private Networks Secure Socket Layer IPsec Wireless / Mobile Security 35 Communication without a VPN HTTP/ FTP/ TCP IP Ethernet Router IP Ethernet HTTP/ FTP/ TCP IP Ethernet [Based on: J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 36

VPN HTTP/ FTP/ TCP IP Ethernet Tunnelling Protocol UDP IP Ethernet Virtual Tunnel Router IP Ethernett Tunnelling Protocol UDP IP Ethernet HTTP/ FTP/ TCP IP Ethernet Local Network Internet Local Network [Based on: J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 37 Agenda Introduction Network Organisation Security Protocols Virtual Private Networks Secure Socket Layer IPsec Wireless / Mobile Security 38

Example: Online-Banking www.my-bank.de/kontostand.html t d Actions of the browser: 1. DNS-Request 2. http-request named get www.my-bank.de Kontostand.html 142.254.112.17 142.254. 112.17 [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 39 DNS-Spoofing Possible attacks: 1. Compromise of DNS (DNS-Spoofing) Server authentication named 142.254.112.17 www.my-bank.de 23.17.34.16 get Kontostand.html 142.254. 112.17 23.17. 34.16 [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 40

HTTP-Sniffing Possible attacks: 1. Compromise of DNS 2. Eavesdropping Encryption (SSL/TLS) named 142.254.112.17 www.my-bank.de? get Kontostand.html 142.254. 112.17 [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 23.17. 34.16 41 SSL/TLS (simplified): Hello! Server authentication SSL/TLS Key exchange data (encrypted) [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 142.254. 112.17 42

SSL/TLS SSL/TLS: Server- and client-authentication Key exchange for symmetric encryption MACs to secure integrity Security Goal http https (SSL/TLS) Authenticity (mostly server only) Non-Repudiation Confidentiality Integrity Dated [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 43 Agenda Introduction Network Organisation Security Protocols Virtual Private Networks Secure Socket Layer IPsec Wireless / Mobile Security 44

Packet-Sniffing Attacker is able to eavesdrop IP-PacketsPackets Ideal: At the sender- or recipientgateway 01 [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 45 IPsec: Encapsulated Security Payload Data Packet IP-Header IP-Payload ESP- ESP-Transport-Mode IP-Header IP-Payload Header New IP- ESP- Header Header encrypted ESP- Trailer ESP-Tunnel-Mode IP-Header IP-Payload Payload encrypted ESP- Trailer [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 46

IP-Spoofing Attacker sends IP-packets with a faked sender address. 01 [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 47 IP-Spoofing Attacker impersonates the recipient. 01 [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 48

IPsec: Authentication Header Data Packet IP-Header IP-Payload AH-Transport-Mode IP-Header authenticated AH- Header IP-Payload AH-Tunneling-Mode New IP- Header AH- Header IP-Header IP-Payload authenticated ti t [J. Buchmann: Lecture Public Key Infrastrukturen, FG Theoretische Informatik, TU Darmstadt] 49 References [Bi05] Matt Bishop: Introduction ti to Computer Security. Boston: Addison Wesley, 2005, pp. 455-516 [De87] Dorothy Denning: An Intrusion- Detection Model, IEEE Transactions on Software Engineering, 13 (2), pp. 222-232 [RFC 2828] Network Working Group: Request for Comments 2828 - Internet Security Glossary, 2000, www.faqs.org/ftp/rfc/pdf/rfc2828.txt.pdf txt pdf [Ta96] A.S. Tanenbaum: Computer Networks, 3rd Edition, 1996 [4th edition available] 50

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback