1 / 22

Chapter 7 Networking & Distributed Security

Chapter 7 Networking & Distributed Security. Outline. Overview of Networking Threats Wiretapping, impersonation, message interruption/modification, DoS Controls Encryption, authentication, distributed authentication, traffic control Email privacy: PEM, PGP Firewalls Multilevel networks.

stobey
Download Presentation

Chapter 7 Networking & Distributed Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7Networking & Distributed Security

  2. Outline • Overview of Networking • Threats Wiretapping, impersonation, message interruption/modification, DoS • Controls Encryption, authentication, distributed authentication, traffic control • Email privacy: PEM, PGP • Firewalls • Multilevel networks Sawma V., Computer Security and Their Data

  3. Networking and Security • Network threats arise at different points based on different technologies. So the controls must also relate to specific technologies. • The incorporation of a new technology may bring new vulnerability into a system. • Examples: • Web (closed medium, open nature) • wireless networking (open medium, closed nature) • wireless Web (open medium, open nature) Sawma V., Computer Security and Their Data

  4. Networking Concepts • Communications, networks, distributed systems • A simple view of network: • Fig. 7-1, 7-2 Client, Server, Host Node, Link Terminal, Workstation Gateway, Router Hub, Repeater, switch Sawma V., Computer Security and Their Data

  5. Networking Concepts • Digital vs analog communications • Communication media Copper wires (coaxial, twisted pair) Optical fiber Airwave (wireless networks) Microwave Satellite communications • The underlying communication media are usually transparent to the users of a network. Sawma V., Computer Security and Their Data

  6. Networking Concepts • Communication protocols • Protocol stack: • a layered architecture for communications • composed of both s/w and h/w • Example: • ISO OSI Network Model • TCP/IP Network Model Sawma V., Computer Security and Their Data

  7. Application Presentation Application Session Transport Transport Network Data Link Internet Physical Physical Networking Concepts TCP/IP Network Model ISO/OSI Model Sawma V., Computer Security and Their Data

  8. Networking Concepts • Addressing schemes MAC addresses IP addresses Port number Sawma V., Computer Security and Their Data

  9. Networking Concepts • Types of networks: LAN WAN The Internet Intranet Extranet Wireless networks WLAN Mobile network Sawma V., Computer Security and Their Data

  10. Networking Concepts • Network topologies: Bus topology Star topology Ring topology What kind(s) of topology does Ethernet use? What network uses the ring topology? Bus Topology Ring Topology Star Topology Sawma V., Computer Security and Their Data

  11. Networking Concepts • Distributed information systems • What can be distributed? • Processing • Data • Components • Etc. • Desired features of a distributed information system? • Transparency (location, underlying communications, protocols, topology, software, hardware, …) • Reliability • Security • Etc. Sawma V., Computer Security and Their Data

  12. Threats in Networks • Unique security issues in networking • Shared asset • Complexity (interconnections, software, hardware, media) • Unknown perimeter • Multiple points of vulnerabilities • Anonymity • Multiple, dynamically selected paths Sawma V., Computer Security and Their Data

  13. Threats in Networks • What a malicious user can do in a network? The answer: A lot! Fig. 7-12 • Methods of attacks: Wiretapping Impersonation message interruption message modification hacking DoS Sawma V., Computer Security and Their Data

  14. Methods of Attacks • Wiretapping Passive vs active wiretappings • Wiretapping on different media • Cables • Airwaves: microwave, WLAN (802.11b) • Satellite communications • Optical fibers • The fiber itself is more secure than other media. • But there are other vulnerability points. • A valid assumption: All communication links can be broken. So? Sawma V., Computer Security and Their Data

  15. Methods of Attacks • Impersonation Stealing of identity Attacks at authentication mechanisms By guessing By eavesdropping By avoidance By using a trusted system An identity that requires no authentication Well-known (default) authentication Sawma V., Computer Security and Their Data

  16. Methods of Attacks • Denial of service (DoS) Flooding by spurious messages Flooding by modifying routing tables Sawma V., Computer Security and Their Data

  17. Network Security Controls: Encryptions • Host-level (link) encryption: • Link encryption occurs at layer 1 (physical) or layer 2 (data link) in the OSI model. • Data is encrypted before the system places it on the physical communication link. • Data is decrypted when entering the destination host. + Encryption is performed by efficient and reliable hardware. + Encryption is invisible to the OS and the application. • Data are “in the clear” at the higher layers (layer 3 and above). • Data need to be decrypted by the intermediate hosts. Q: How many intermediate hosts are there? Sawma V., Computer Security and Their Data

  18. Network Security Controls: Encryptions • Application-level (end-to-end) encryption: • Encryption is performed between the sending application and the receiving application. • The encryption can be done by hardware device (between the user and the host) or by software. • A message is transmitted in encrypted form throughout the network.  a secure virtual tunnel + No cleartext exposure in any host. Is this true? + No exposure in intermediate hosts. • slower than link level encryption • If symmetric keys are used, totally n * (n-1) / 2 keys are needed between every n applications. Sawma V., Computer Security and Their Data

  19. Network Security Controls: Encryptions • Comparison of link and end-to-end encryption Sawma V., Computer Security and Their Data

  20. VPN (Virtual Private Network) • There are two common types of VPNs: • Remote-Access • Also called a Virtual Private Dial-up Network (VPDN) • a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations • Typically, a corporation that wishes to set up a large remote-access VPN provides some form of Internet dial-up account to their users using an ISP. • Site-to-Site • Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. • Use of VPN to secure wireless LAN Sawma V., Computer Security and Their Data

  21. Network Security Controls: Authentication / Access Control • Two goals of access control in a network: • To protect a single system from unauthorized users • To prevent unauthorized users to access a computer by passing through another computer (distributed authentication) Sawma V., Computer Security and Their Data

  22. Network Security Controls: Distributed authentication • Two issues: • To protect a single system from unauthorized remote users distributed user authentication • To protect a network node from unauthorized access coming from other nodes  computer-to-computer authentication • Several approaches: • Distributed Authentication (by Digital, DEC) • Kerberos (by MIT) • DCE - Distributed Computing Environment (by OSF) • SESAME (a European R&D project) • CORBA –Common Object Request Broker Architecture (by OMG) Sawma V., Computer Security and Their Data

More Related