Chapter 6

Network Security

1
 Chapter 6: Network Security
Chapter goals:
 Understand principles of network security:
 Cryptography and its many uses beyond
“confidentiality”.
 Authentication.
 Message integrity and non-repudiation.
 Availability and access control.
 Key distribution.
 Security in practice:
 Firewalls and intrusion detection systems.
 Security and protocols in application, transport,
network, and link layers.
2
Chapter 6 roadmap

1 What is network security?

2 Principles of cryptography
3 Authentication
4 Integrity
5 Key distribution and certification
6 Firewalls and IDS
7 Attacks and counter measures
8 Security in many layers

3
 What is Network Security?

Confidentiality: only sender, intended receiver

should “understand” message contents
 sender encrypts message
 receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message Integrity and Non-Repudiation: sender,
receiver want to ensure message not altered
(in transit, or afterwards) without detection,
and want to be able to prove that the sender
did, in fact, send the message
Access and Availability: services must be
accessible and available to properly authorized
users 4
 Why is Network Security Difficult?
 Open and interoperable protocols, while
desirable, tend to work against security.
 Security is often sacrificed in return for
gains in performance and scalability.
 Providing good security is expensive, so it
can be difficult to get resources to support it.
 People tend to see security as a barrier to
getting useful work done, and resist it.
 Information on circumventing security is widely
available, as are software tools.
 Some people see circumventing security as a
challenge and enjoy doing it.
 Most systems and networks were not designed
with any security concerns in mind. 5
 Security Planning, Policies, and
Mechanisms
 A secure network does not come naturally.
 First, a security plan must be developed.
 Based on this plan, security policies must
be developed.
 To enforce these policies, the appropriate
security mechanisms must be put in place.
 This is not a one time effort either.
 Security plans must be reviewed and revised.
 Security policies must be assessed and updated.
 Security mechanisms must be patched, updated,
or replaced as newer technologies become
available. 6
 Security Planning, Policies, and
Mechanisms
Security planning must do the following:
 Determine what your security needs are.
 Determine what your security threats
and risks are.
 Identify who can be trusted to do what.

 Security policies are developed from this

information, so be as specific as possible.

7
 Security Planning, Policies, and
Mechanisms
Security policies that are developed must
ensure appropriate levels of security for the
activities performed in the network by:
 Making it clear what is protected and why.
 Clearly stating responsibility for providing
that protection.
 Making it clear what users are allowed to do,
and what they must or must not do.
 Providing grounds on how to interpret and
resolve conflicts in policies later on.
8
 Security Planning, Policies, and
Mechanisms
Security mechanisms are employed to ensure
that security policies are being adequately
enforced.
 Mechanisms can be based on people,
software, hardware, or other physical means
(for example, cameras, locks, cabling, and so
on).
 Choosing the right mechanisms can be
difficult.
 Can these mechanisms be trusted?
 Determining if the mechanisms fully
9
A Security Example: Alice, Bob,
Trudy
 Alice and Bob want to communicate “securely”.
 Trudy (intruder) may intercept, delete, add
messages, and so on to disrupt their
communications.

Alice Bob
data, control
channel
messages

data sender receive data

r

Trudy
10
 Who Might Alice and Bob Be?

 … well, real-life Alices and Bobs!

 Web browser/server for electronic
transactions (e.g., on-line purchases)
 On-line banking client/server
 DNS servers
 Routers exchanging routing table
updates
 Other examples?

11
 Security Threats
Q: What could Trudy do in this case?
A: Unfortunately, a lot!
 interruption: somehow disrupt the service
being provided by the network to Alice and
Bob
 interception: eavesdrop on communication
meant to be private or confidential
 modification: tamper with information or
network resources
 fabrication: counterfeit information or
network resources or services are inserted
into the network
12
 Security Threats: Interruption
 In an interruption attack, a network service
is made degraded or unavailable for
legitimate use.
 Interruption attacks are attacks against the
availability of the network.
 These attacks can take the form of:
 Overloading a server host so that it cannot
respond.
 Blocking access to a service by overloading an
intermediate network or network device.
 Redirecting requests to invalid destinations.
 Vandalizing software or hardware involved.
13

 Security Threats: Interruption

Alice Bob
data, control
channel
messages

data sender receive

r

Trudy

 Often called “Denial of Service” or

“DoS” attacks.
14
 Security Threats: Interception
 In an interception attack, an unauthorized
individual gains access to confidential or
private information.
 Interception attacks are attacks against
network confidentiality.
 These attacks can take the form of:
 Eavesdropping on communication.
 Wiretapping telecommunications networks.
 Illicit copying of files or programs.
 Obtaining copies of messages for later replay.

15
 Security Threats: Interception

Alice Bob
data, control
channel
messages

data sender receive data

r
data

Trudy

16
 Security Threats: Modification
 In a modification attack, an unauthorized
individual not only gains access to, but
tampers with information, resources, or
services.
 Modification attacks are attacks against the
integrity of the network.
 These attacks can take the form of:
 Modifying the contents of messages in the
network.
 Changing information stored in data files.
 Altering programs so they perform differently.
 Reconfiguring system hardware or network
17
 Security Threats: Modification

Alice Bob
data, control
channel
messages

different
data sender receive data
r

Trudy

18
 Security Threats: Fabrication
 In a fabrication attack, an individual inserts
counterfeit information, resources, or
services into the network.
 Fabrication attacks are attacks against the
authentication, access control, and
authorization capabilities of the network.
 These attacks can take the form of:
 Inserting messages into the network using the
identity of another individual.
 Replaying previously intercepted messages.
 Spoofing a web site or other network service.
 Taking the address of another host or service,
essentially becoming that host or service.
 Also called “masquerading” attacks. 19
 Security Threats: Fabrication
Alice
Trudy

data sender

Bob
Trudy

receive data
r
20
Security Threats: Methods of Execution
 Attacks on security can be carried out using
software or hardware tools, or by some other
physical means.
 Common software examples include:
 Tools and toolkits: programs that automatically
probe for security weaknesses or attack systems.
 Back doors and trap doors: openings (in code,
firewalls, and so on) intentionally left open to
grant access to individuals without going through
normal methods of authentication and
authorization.
 Logic bombs: code embedded in software that
lies dormant until some event triggers them to 21
Security Threats: Methods of Execution
 Additional common software examples:
 Viruses: executable code inserted into other code
or data that is executed when the other code or
data is used, and launches an attack.
 Worms: relatively independent programs that
travel from machine to machine across network
connections to carry out attacks.
 Trojan horses: programs that appear to have one
function but actually perform a hidden function
that attacks the system.
 Bacteria or rabbit programs: programs that do no
damage other than replicate themselves
exponentially to overwhelm network resources.
 Sometimes, these can work together too.
22
 Security Provisioning
How can we protect ourselves from these
attacks?
 Interruption attacks:
 Firewalls,
replication, backups, hardware
appliances
 Interception attacks:
 Encryption, traffic padding
 Modification attacks:
 Encryption, traffic padding, backups, messaging
techniques (checksums, sequence numbers,
digests, authentication codes)
 Fabrication attacks:
 Authentication and authorization, firewalls,
23
digital signatures
 Security Principles To Follow
 A 100% secure environment is a myth.
 Expect the unexpected.
 The more you know about someone else, the better
you can defend yourself from them.
 The more someone knows about you, the better
they can exploit you.
 Do unto yourself before someone does unto you.
 Never assume that all security risks are from the
outside, and not the inside.
 Never assume that your users know what they are
doing.
 Security is only as good as the weakest link in the
chain. 24
 Security Principles To Follow
 Do not forget about the simple aspects of
physical security.
 Security through obscurity doesn’t work.

 “You show me a ‘Well-designed system that is

secure even if the details are public knowledge’ and
I’ll show you a system with no power cord.” – Dale
Drew
 “If you want to REALLY be secure against data
attacks: accept no data. Anything else will entail a
compromise.” – Marcus J. Ranum
 “It is a vice to trust all, and equally a vice to trust
none.” – Seneca (4 BC – 65 AD) 25
 Security Principles To Follow
 “If you have responsibility for security, but have no
authority to set rules or punish violators, your role
in the organization is to take the blame when
something goes wrong.” – Gene Spafford

 “Technology alone won’t make you safe.”

– Winn Schwartau

 Magi’s rules to live by:

1. Policy first, access second.
2. Deny first, permit only when required.
3. Mistrust everyone.

26
 Security Principles To Follow
 Sometimes, things aren’t always black and
white. Consider the following …
 The Six Dumbest Ideas in Computer
Security?
 Default permit
• This makes sense … default deny is safer.
 Enumerating badness
• Some people like to stop the badness by identifying it,
and then making sure you can detect it and stop it.
• The problem is there is a lot more badness than
goodness. Why not just track the goodness and allow
nothing else?
• This could solve a lot of problems, like viruses,
spyware, and so on. (Just think how anti-virus, anti-
spyware, and anti-phishing works: you download the27
 Security Principles To Follow
 The Six Dumbest Ideas in Computer
Security?
 Penetrate and patch
• Instead of making things better by design, we are
toughening them by trial and error.
• We will never be able to get real security this way.
• But, what choice do we have at the moment?
 Hacking is cool
• Like it or not, this is a common perception in the
information technology industry.
• Unfortunately, it only encourages bad behaviour and
reinforces other bad ideas, like the penetrate and patch
approach to security. (What do hackers do? Exploit
existing weaknesses in systems. Once the weakness is
patched, they moved on. If only systems were 28
 Security Principles To Follow
 The Six Dumbest Ideas in Computer
Security?
 Educating users
• If it was going to work, it would have worked by now,
right?
• The real question to ask is not “can we educate our
users to be better at security?” it is “why do we need
to educate our users at all?”
• A well designed security system could tolerate the
most uneducated of users!
 Action is better than inaction
• If you can either by an “early adopter” or a “pause and
thinker”, it is safer to be a “pause and thinker”.
• Remember: “It is often easier to not do something
dumb than it is to do something smart.” 29
 Security Principles To Follow
 Other dumb ideas:
 We’re not a target …
• Yes, you are
 Everyone would be secure if they all just ran
<security-flavour-of-the-month>
• No, switching flavours is often a bad idea
 We don't need a firewall, we have good host
security
• No, you still need to secure the data packets on the
network
 We don't need host security, we have a good
firewall
• No, what about internal attacks or packets past the
firewall?
 Let's go production with it now and we can secure
it later on down the road 30