Network security and firewalls
5,080 views
61 slides
Jun 15, 2021
Slide 1 of 61
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
About This Presentation
UG E-Commerce
about Network Security and Firewalls
Slide Content
Network Security and Firewalls
Complex issues of security, privacy, authentication and anonymity have been thrust into the forefront as confidential information increasingly traverses modern networks. Confidence, reliability and protection of information against security threats is a crucial prerequisite for the functioning of electronic commerce.
Security Threat Security threat is defined as a circumstance, condition or event with the potential to cause economic hardship to data or network resources in the form of destruction, disclosure, modification of data, denial of service and/or fraud, waste and abuse The discussion of security concerns in electronic commerce can be divided into two broad types: Client Server Security Data and Transaction Security
Security Concerns in electronic commerce Client-server security Uses authorization methods to make sure that only valid users and programs have access to information resources such as databases Access control mechanisms must be employed. Such as Password protection, encrypted smart cards, biometrics and firewalls Data and transaction security Ensures privacy and confidentiality in electronic messages. The goal is to defeat any attempt to assume another identity while involved with electronic mail or other forms of data communication.
Client-Server Network Security The biggest tasks system administrators face as they balance the opposing goals of user maneuverability and easy access and site security and confidentiality of local information. Network security on the internet is a major concern for commercial organizations. Use of internet for business purpose has raised many new security concerns now a days.
Client-Server Network Security
Client-Server Network Security By connecting to the internet, a local network organization may be exposing itself to the entire population on the Internet. An internet connection opens itself to access from other networks comprising the public internet. They need to audit all access to the network. A system that records all log-on attempts- particularly the unsuccessful ones, can alert managers to the need for stronger measures. Hackers can use password guessing, password trapping, security holes in programs, or common network access procedures to impersonate users and thus pose a threat to the server.
Client-Server Network Security problems Physical Security holes results when individuals gain unauthorized physical access to a computer. Eg : on the network, a hacker can gain access to network system by guessing passwords of various users. Software Security holes when badly written programs or “privileged” software are “compromised” into doing things they shouldn’t. Eg : rlogin hole in the IBM RS-6000 workstations, which enabled a hacker to create a “root” shell or super user access mode. Inconsistent usage holes result when a system administrator assembles a combination of hardware and software such that the system is seriously flawed from a security point of view.
Protection Methods At the file level , operating systems typically offer mechanisms such as access control lists that specify the resources various users and groups are entitled to access. Protection also called authorization or access control grants privileges to the system or resource by checking user-specific information such as passwords. If consumers connect a computer to the Internet, they can easily log into it from anywhere that the network reaches, but without proper access control, anyone else can too.
Protection methods Trust Based Security Means to trust everyone and do nothing extra for protection. This approach assumes that no one ever makes an expensive breach such as getting root access and deleting all files. This approach worked in the past, when the system administrator had to worry about a limited threat. Today, this is no longer the case.
Protection methods Security through Obscurity The notion that any network can be secure as long as nobody outside its management group is allowed to find out anything about its operational details and users are provided information on a need-to-know basis. Hiding account passwords in binary files or scripts with the presumption that “nobody will ever find them”. This method was quite successful with stand-alone systems . But its usefulness is minimal in the UNIX world, where users are free to move around the file system, have a great understanding of programming techniques, and have immense computing power at their fingertips. Many users have advanced knowledge of how their operating system works and through experience can guess at the bits of knowledge considered confidential. This bypasses the whole basis of STO and makes this method of security useless.
Protection methods Password Schemes First level barrier to accidental intrusion. Password schemes do little about deliberate attack, especially when common words or proper names are selected as passwords. The simplest method used by most hackers is dictionary comparison, comparing a list of encrypted user passwords against a dictionary of encrypted common words.
Protection methods Biometric Systems The most secure level of authorization which involve some unique aspect of a person’s body. Eg : fingerprints, palm prints, retinal patterns, voice recognition, etc., One biometric unit can serve for many workers than for network or workstation access.
Emerging Client-Server Security Threats Most common Threats Malicious code Phishing Hacking and cybervandalism Credit card fraud/theft Spoofing (pharming) Denial of service attacks Sniffing Insider jobs Poorly designed server and client software
Vulnerable points in the Client server Environment
Malicious Code Viruses: computer program that has ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses, and script viruses Worms: designed to spread from computer to computer Trojan horse: appears to be benign, but then does something other than expected Bots: can be covertly installed on computer; responds to external commands sent by the attacker
Phishing Any deceptive, online attempt by a third party to obtain confidential information for financial gain Most popular type: e-mail scam letter One of fastest growing forms of e-commerce crime
Hacking and Cybervandalism Hacker: Individual who intends to gain unauthorized access to computer systems Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) Cybervandalism : Intentionally disrupting, defacing or destroying a Web site Types of hackers include: White hats Black hats Grey hats
Credit Card Fraud Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms
Spoofing (Pharming) Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Threatens integrity of site; authenticity
DoS and dDoS Attacks Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of service ( dDoS ) attack: hackers use numerous computers to attack target network from numerous launch points
Other Security Threats Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network Insider jobs: Single largest financial threat Poorly designed server and client software: Increase in complexity of software programs has contributed to an increase is vulnerabilities that hackers can exploit
Tools Available to Achieve Security
What is a Firewall? A firewall is a barrier placed between the private network and the outside world. All incoming and outgoing traffic most pass through it. Can be used to separate address domains. Controls TCP protocols http, smtp, ftp, telnet etc Only one of many different security tool’s to control and regulate network traffic
What do Firewalls Protect? Data Proprietary corporate information Financial information Sensitive employee or customer data Resources Computing resources Time resources Reputation Loss of confidence in an organization Intruder uses an organization’s network to attack other sites
Who do Firewalls Guard Against? Internal Users Hackers Corporate Espionage Terrorists Common Thieves
Basic Firewall Components Policy Advanced authentication Packet inspection Application gateways
Firewall-secured Internet Connection
What are the types of Firewalls? A firewall can be either hardware-based or host-based. A hardware-based firewall usually means specialized network boxes, such as routers or switches, containing customized hardware and software. This kind of firewall is often expensive, complicated and difficult to configure. A host-based firewall is easier to use for individuals or small organizations. A host-based firewalls can be understood as a piece of software running on an individual’s PC, notebook or host. It is designed to allow or restrict data transferred on a network based on a set of rules. Windows : windows defender firewall Unix: IP tables
Generally, firewalls operate by screening packets and/or the applications that pass through them, provide controllable filtering of network traffic, allow restricted access to certain applications, and block access to everything else. The actual mechanism that accomplishes filtering varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one to block incoming traffic and the other to permit outgoing traffic . Some firewalls place a greater emphasis on blocking traffic, and others emphasize permitting traffic.
Firewalls range from simple traffic logging systems that record all network traffic flowing through the firewall in a file or database for auditing purposes to more complex methods such as IP packet screening routers, hardened fire-wall hosts, and proxy application gateways. The simplest firewall is a packet-filtering gateway or screening router. Configured with filters to restrict packet traffic to designated addresses, screening routers also limit the types of services that can pass through them. More complex and secure are application gateways.
IP Packet Screening Routers This is a static traffic routing service placed between the network service provider's router and the internal network. The traffic routing service may be implemented at an IP level via screening rules in a router or at an application level via proxy gateways and services.
The firewall router filters incoming packets to permit or deny IP packets based on several screening rules. These screening rules, implemented into the router are automatically performed. Rules include target interface to which the packet is routed, known source IP address, and incoming packet protocol (TCP, UDP, ICMP ) ICMP stands for Internet Control Message Protocol, a network management tool of the TCP/IP protocol suite.
Disadvantages Although properly configured routers can plug many security holes, they do have several disadvantages. First, screening rules are difficult to specify, given the vastly diverse needs of users. Second, screening routers are fairly inflexible and do not easily extend to deal with functionality different from that preprogrammed by the vendor. Lastl y , i f the scree n ing router i s circu m vented by a hacke r , the rest of the network is open to attack.
Proxy Application Gateways A proxy application gateway is a special server that typically runs on a firewall machine. Their primary use is access to applications such as the World Wide Web from within a secure perimeter as shown in figure below. Instead of talking directly to external WWW servers, each request from the client would be routed to a proxy on the firewall that is defined by the user.
The proxy knows how to get through the firewall. An application-Level proxy makes a firewall safely permeable for users in an organization, without creating a potential security hole through which hackers can get into corporate networks. The proxy waits for a request from inside the firewall, forwards the request to the remote server outside the firewall, reads the response, and then returns it to the client. In the usual case, all clients within a given subnet use the same proxy. This makes it possible for the proxy to execute efficient caching of documents that are requested by a number of clients. The proxy must be in a position to filter dangerous URLs and malformed commands.
Proxy servers on the World Wide Web
Hardened Firewall Host: A hardened firewall host is a stripped-down machine that has been configured for increased security. This type of f irewall requires i nside or outside users to connect to the trusted applicat i ons on the firewall machine before co n necting fu r the r . Generally, these firewalls are configured to protect against unauthenticated interactive log-ins from the external world. Thi s , m o re t han an y thing, helps prev e nt unauthor i zed users from logg i ng i nto machines on the network. The hardened firewall host method can provide a greater level of audit and security, in return for increased configuration cost and decreased 'level of service (because a proxy needs to be developed for each desired service).
Data and Message Security
Historically, computer security was provided by the use of account passwords and limited physical access to a facility to bonafide users. Password schemes are not sufficient to prevent attacks from sophisticated hackers. A growing threat on public and sometimes on even private networks is the theft of information passes over them. Unsuspecting and amateur users logging into remote hosts are the most vulnerable.
Data security Data security is of top importance at a time when people are considering banking and financial transactions. Packet Sniffing (unauthorized network monitoring) is major threat to data security. Sniffer attacks begin when a computer is compromised and the cracker installs a packet sniffing program, which finds the log-in ID, Password and username of the person logging into another machine from the network traffic typically Telnet, FTP. If the compromised system is on a backbone network, intruders can monitor any transit traffic traversing in the network.
Message security Messaging security is a program that provides protection for companies messaging infrastructure. It protects all the personal message of the company which are related to company’s vision and mission.
Types of Message Security Confidentiality The environment must protect all message traffic. After successful delivery to their destination gateways, messages must be removed from the public environment. Integrity Business transactions require that their contents remain unmodified during transport. Authentication It is a mechanism whereby the receiver of a transaction or message can be confident of the identity of the sender and /or the integrity of the message.
Tools Available to Achieve Security
Encryption as the basis for Data and Message Security Encryption: is the mutation of information in any form (text, video, and graphics) into a representation unreadable by anyone without a decryption key.
Goals of Encryption Security Goals: Privacy (Secrecy, confidentiality) : Only the intended recipient can see the communication Authenticity(Integrity) : the communication is generated by the alleged sender
Encryption Methods Secret Key Cryptography use of a shared key Public Key Cryptography Pair of Public key and private key
Cryptography : The science of secret writing Plaintext= means the message Encryption=encoding(hiding the contents from outsiders) the message Ciphertext= the encrypted message Decryption=the process of retrieving the plaintext from the ciphertext “Encryption” and “Decryption” makes use of a “key and a coding method”.
Symmetric Key Encryption Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt message Requires a different set of keys for each transaction Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
Public Key Encryption Public key cryptography solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt message For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
Advantages No one can figure out the private key from the corresponding public key. Hence, the key management problem is confined to the management of private keys. This ensures confidentiality. The need for sender and receiver to share secret information over public channels is completely eliminated.
RSA and Public-key Cryptography RSA is the most commonly used public key algorithm, although it is vulnerable to attack. Named after its inventors, Ron Rivest, AdiShamir and Len Adleman, of the MIT, RSA was first published in 1978. It is used for encryption as well as for electronic signatures (discussed later). RSA lets you choose the size of your public key. The 512-bit keys are considered insecure or weak. The 768-bit keys are secure from everything but 1024-bit keys are secure from virtually anything.
Digital Signatures is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key , and one for verifying signatures which involves the user's public key . The output of the signature process is called the "digital signature.“ Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
Transmit via the Internet User Use A’s Private key to sign the document User B received the doc u ment w ith signature att a c h ed Verify the signature by A ’ s public key at the directory ed User B
E-mail Security flaws E-mail is the most widely used application in the Internet. Email is sent in plain text. Email uses outdated protocol, SMTP. Includes a header full of revealing metadata. Can easily become intercepted.
Encrypted Documents and Electronic Mail E-mail is typically encrypted for the reason that all network correspondence is open for eavesdropping. Examination of encrypted information is non-trivial; each file must be decrypted even before it cant be examined. The E-mail encryption schemes are Privacy Enhanced Mail (PEM) Pretty Good Privacy (PGP)
Privacy Enhanced Mail(PEM) It is designed to work with current Internet e-mail formats. It includes Encryption, authentication, and key management and allows use of both public-key and secret-key cryptosystems.
Pretty Good Privacy (PGP) Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. Developed by Phil Zimmermann Selected the best available cryptographic algorithms as building blocks. Integrated these algorithms into a general-purpose applications that is independent of operating system and processor and that is based on a small set of easy-to-use commands. Made the package and its documentation, including the source code, freely available via the internet, bulletin boards, and commercial networks. Entered into an agreement with a company to provide a fully compatible, low cost commercial version of PGP.
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 5,080
- Slides 61
- Favorites 6
- Age 1631 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
29 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
29 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
28 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
31 views