Beruflich Dokumente
Kultur Dokumente
OVERVIEW
Course/class policies:
Please turn off/mute your cell phones
(or put them on vibrate and dont pick up!)
Laptops , desktop switched off in class
Please refrain from reading the news or
checking emails in class
Even though it may not necessarily disrupt the
lecture, it is rude!
Course content
EXAMS
CATS 2, Assignments 6, quizzes 3, will contribute to 50% of
your results
Final written Exam will contribute to 50% of your results
If you dont attend, you will not pass this course
You wont pass this course if you dont do your
assignments, CATS, and quizzes on timely fashion
Indicative Resources
-NETWORK SECURITY ESSENTIALS: APPLICATIONS AND STANDARDSFOURTH EDITION, william stallings
William Stallings, "Cryptography and Network Security: Principles
and Practice" Prentice Hall, New Jersey. Johannes
Buchmann, "Introduction to cryptography", Springer -Verlag. Bruce
Schiener, "Applied Cryptography".
William Stallings. Network Security Essentials (2nd edition). Prentice
Hall. 2003. (ISBN: 0130351288)
Saadat Malik, Saadat Malik. Network Security Principles and
Practices (CCIE Professional Development). Pearson Education. 2002.
(ISBN: 1587050250)
Introduction
Network security consists of the provisions made in an
underlying computer network infrastructure, policies
adopted by the network administrator to protect the
network and the network-accessible resources from
unauthorized access.
The terms network security and information security
are often used interchangeably, however network
security is generally taken as providing protection at
the boundaries of an organization, keeping the bad
guys (e.g. hackers) out
..continued
What is security? Question to the class
SECURITY
What is security?
Building systems to remain dependable in the
face of malice (desire to harm others), error or
mischance(Ross Anderson)
In general, security is the quality or state of
being secureto be free from danger. Means:
protection against adversaries (opponents, third
parties), from those who would harm
..continued
Security :
Security is a process, not a product (Schneier)
Not something you can buy
Be wary of security consultants
Even though some of you may later choose that
line of work
Something you have to build/engineer into a
system
Preferably at system design time (inter-related
objects like network)
..continued
All begin with computer security. The need for
computer security: that is, the need to secure
physical locations, hardware, and software from
threats (danger, or attack)
Historically Started during World War II(1939-1945)
when the first mainframes (very big machines),
developed to aid computations for communication
code breaking (ex: enigma used by Germany
security intelligence)
..continued
old and nowadays
..continued
..continued
..continued
Security matters most!! What happened in the
history?
Enigma machine used by Germany security
services in World war 2, finally broken by
Polish cryptologist and pass the secret to
British and Germany army loose the war!!
..continued
At that time Access to sensitive military locations!
Was protected by (keys, authorized personnel)
Growing need to maintain national security led to
technological sophisticated computer/network
security safeguards that we have to day (Again all
started with the military).
Primary threats to information security was: theft
of equipment, espionage (spying) and sabotage.
..continued
Multiple layers of security for an organization:
1) Physical security, protecting physical assets,
objects, from unauthorized access and misuse
2) Personnel security, protecting individuals/group
authorized to access the organization and its
operations
3) Operations security, protecting details of
operations or series of activities
..continued
4)Communications security, protecting media,
technology and content
5)Information security, to protect the
confidentiality, integrity and availability of
information assets, whether in
storage/processing, or transmission. It is
achieved via: application of policy, education,
training/ awareness, and technology.
..continued
All of these lead to our common goal :
Network security- protect network (inter-related
objects) components, connections and content
from the danger.
This security can be classified as: protection of
information/content and its critical elements,
including the systems (h/w and s/w) that use,
store, and transmit that information/content
(CNSS- Committee on National Security Systems
US security systems (strong reference)
..continued
Reference : C.I.A Triad (Confidentiality, integrity
and availability), It is based on the three
characteristics of information that give it value to
organizations:
SECURITY OBJECTIVES
confidentiality, integrity, and availability of
information have evolved into a vast collection of
events, including accidental or intentional
damage, destruction, theft, unintended or
unauthorized modification, or other misuse from
human or nonhuman threats
..continued
Now security is known! OSI architecture has given:
Security attack: Any action that compromises the security of
information owned by an organization.
Security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or recover
from a security attack. (ex: police against criminals)
Security service: A processing or communication service that
enhances the security of the data processing systems and the
information transfers of an organization. The services are
intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service. (ex:
notion of cryptography in this course)
..continued
Types of security attacks:
-Passive attacks: Passive attacks are in the nature of
eavesdropping on, or monitoring of, transmissions. The goal of
the opponent is to obtain information that is being
transmitted.
Two types of passive attacks are the release of message
contents and traffic analysis.
The release of message contents is easily
understood/monitoring a telephone conversation, an
electronic mail message, and a transferred file may contain
sensitive or confidential information.
Goal : We would like to prevent an opponent (third party)
from learning the contents of these transmissions
..continued
..continued
A second type of passive attack, traffic
analysis, is subtler (intend, or indirect
method)Suppose that we had a way of
masking the contents of messages or other
information traffic so that opponents, even if
they captured the message, could not extract
the information from the message.
-Encryption is way of masking the message
content
..continued
Active Attacks
Active attacks involve some modification of the
data stream (data) or the creation of a false
stream and can be subdivided into four
categories: masquerade, replay, modification of
messages, and denial of service.
A masquerade (a false show) takes place when
one entity pretends to be a different entity
..continued
..continued
Replay involves the passive capture of a data
unit and its subsequent retransmission to
produce an unauthorized effect (ex: wrong
server on the net does replay attack)
..continued
Modification of messages simply means that
some portion of a legitimate message is
altered, or that messages are delayed or
reordered, to produce an unauthorized effect
Ex: For example, a message meaning Allow
John Smith to read confidential file accounts
is modified to mean Allow Fred Brown to
read confidential file accounts.
..continued
..continued
The denial of service prevents or inhibits the
normal use or management of
communications facilities
Used terms
Access: objects ability to use, manipulate, modify, or affect
another object(ex : authorized users have legal access to a
system, whereas hackers have illegal access to a system
Asset: The organizational resource that is being protected.
An asset can be logical ex: a Web site, information, or data.
Attack: An intentional or unintentional act that can cause
damage to or otherwise compromise information and/or
the systems that support it.
Examples: 1) Someone casually reading sensitive information
not intended for his or her use is a passive attack.
2) A hacker attempting to break into an information system is
an intentional attack.
3) A direct attack is a hacker using a personal computer to
break into a system.
..continued
..continued
Control, safeguard, or countermeasure: Security
mechanisms, policies, or procedures that can successfully
counter attacks, reduce risk, resolve vulnerabilities, and
otherwise improve the security within an organization.
Exploit: A technique used to compromise a system. This
term can be a verb or a noun. Threat agents may attempt
to exploit a system or other information asset by using it
illegally for their personal gain.
Exposure: A condition or state of being exposed. In
network security, exposure exists when a vulnerability
known to an attacker is present (ex: non-protected
sensitive database information)
..continued
Loss: A single instance of an information asset
suffering damage or unintended or unauthorized
modification or disclosure.(ex: When an
organizations information is stolen, it has
suffered a loss)
Protection profile or security posture: The entire
set of controls and safeguards, including policy,
education, training and awareness, and
technology, that the organization implements (or
fails to implement) to protect the asset.
LOSS of Security
Loss of confidentiality : Unauthorized
disclosure of information
Loss of Integrity: Unauthorized modification
or destruction of information
..continued
Risk: The probability that something unwanted
will happen.
Subjects and objects: A computer can be either
the subject of an attack (an agent entity used to
conduct the attackor the object of an attack).
Threat: A category of objects, persons, or other
entities that presents a danger to an asset (the
potential violation of security). Threats are always
present and can be purposeful or undirected.
For example, hackers purposefully threaten
unprotected network systems, while severe storms
incidentally threaten buildings and their contents
..continued
Threat agent: The specific instance or a component of
a threat. For example, all hackers in the world present
a collective threat,
(ex: Kevin Mitnick, who was convicted for hacking into
phone systems, is a specific threat agent. Likewise, a
lightning strike, hailstorm, or tornado is a threat agent
that is part of the threat of severe storms.
Vulnerability: A weaknesses or fault in a system or
protection mechanism that opens it to attack or
damage. Some examples of vulnerabilities are a flaw in
a software package (ex: developers fear flaws when
using Apache server or an unprotected system port
..continued
Some characteristics of network information:
Availability enables authorized userspersons or
computer systemsto access information without
interference or obstruction (obstacle, barrier) and to
receive it in the required format. (ex: queue in the library)
Accuracy Information has accuracy when it is free from
mistakes or errors and it has the value that the end user
expects, and once modified its no longer accurate (ex:
bank account)
Authenticity of information is the quality or state of being
genuine or original, rather than a reproduction or
fabrication (ex: Notification services
..continued
Confidentiality , Confidentiality ensures that only those
with the rights and privileges to access information are
able to do so.
Integrity, whole, complete, and uncorrupted (message)
Possession of information is the quality or state of
ownership or control. Information is said to be in ones
possession if one obtains it, independent of format or
other characteristics. Ex: (System admins management of
files).
..continued
Components of network information system: a
network information system (IS) is much more than
computer hardware; it is the entire set of software,
hardware, data, people, procedures, and networks
that make possible the use of information resources
in the organization.
These six critical components enable network
information to be: input, processed, output, and
stored.
..continued
Software component of IS comprises:
applications, operating systems, and assorted
command utilities- S/w is the most component of
Information system to secure!
errors in s/w programming is substantial to severe
attacks (ex: Errors in windows firewalls)
-it is in s/w that we find holes, bugs, and
weaknesses. It carries the life blood of an
organization
Hardware is the physical technology that houses
and executes the software, stores and transports
the data
..continued
Data stored, processed, and transmitted by a computer
system must be protected. Data is often the most
valuable asset possessed by an organization and it is
the main target of intentional attacks.
People Though often overlooked in computer security
considerations, people have always been a threat to
information security (ex: hackers)
Procedures Another frequently overlooked component
of an IS, is procedures. Procedures are written
instructions for accomplishing a specific task. When an
unauthorized user obtains an organizations
procedures, this poses a threat to the integrity of the
information (ex: unauthorized internal employee).
..continued
Example of a simple hierarchy of Network IS in
an organization
1st Homework-assignment
Draw a sample structure of your chosen
organization with a name (ex: hospital)
List (from your own understanding-dont loose
the opportunity of thinking big and doing
research) 15 security rules that you should
practice to maintain network security in your
organization
List 15 possible human intentional security
attacks against the network in your organization
Security properties
Goal: Secrecy, privacy and confidentiality
Keeping information secret from all but those who
are authorized to see it
Alice wants to talk to Bob without Eve or
Mallory being able to listen to the conversation
Slight differences in terminology:
Privacy = preserving own information secret
Alice protects her privacy by not revealing her age to
anyone
Security properties
Confidentiality = obligation to preserve
Security properties
When information is confidential? When it is
protected from unauthorized
individuals/systems. Confidentiality ensures
that only those with the rights and privileges
can access information
When confidentiality is breached? Ex: an
employee throwing away a doc containing
precious info without shredding it!
Security properties
Anonymity
Concealing (preventing from being known)
-keep secret identity of a protocol participant
Possibly involves concealing the path a
message uses to reach its destination,
Alice decided to use Tor to browse websites
anonymously
Security Properties
Data integrity
Ensuring that information has not been altered
by unauthorized or unknown means
Alice and Bob ensure the integrity of their
communication by using a secure physical channel
That prevents Mallory from changing the
contents of the messages they exchange
Data integrity
Many computer viruses and worms are designed with the explicit
purpose of corrupting data. For this reason, a key method for
detecting a virus or worm is to look for changes in file integrity as
shown by the size of the file
(Ex: File hashing to compute hash value) Computing the value of bits
from both original and copied file) means-file is read by a special
algorithm (ex: SHA-1) that uses the value of the bits in the file to
compute a single large number (hash value).
If a computer system performs the same hashing algorithm on a file
and obtains a different number than the recorded hash value for that
file, the file has been compromised(integrity broken)
Security properties
Identification
Corroboration(evidence which confirms or
support a statement) of the identity of an entity
By stating her mothers first name and the last
4 digits of her social security number, Alice
positively identifies herself to her banker (got
served)
Also sometimes called entity authentication
Security properties
(Message) Authentication
Corroborating the source of information , Also
known as data origin authentication
Bob authenticates that the phone call he is
receiving is from Alice by checking his caller ID
(which of course is a terrible way of enforcing
that security property given that caller ID
spoofing (tricking) is easy to do)
Security properties
Non-repudiation vs repudiation, signature
Repudiation (the denial of an entity of having
Security properties
Non-repudiation of origin (NRO) and of receipt
(NRR)-protocols
The signer cannot deny having created the
signature
Alices signature provides non-repudiation,
preventing her from denying receipt of the
document
Security properties
Signature message authentication
Signature is a mean to authenticate a message
Authentication allows the receiver to verify the
origin of a message In addition, signature can be
used to convince a third-party of the origin of
the message Signature provides authentication
Security properties
Signatures can help establish security properties
such as:
authentication
accountability/non-repudiation
integrity
verifiability by independent, public or 3rd
party
Security properties
Authorization, certification, access control, revocation,
authentication, witnessing
Authorization
process of determining which permissions a person or
system is supposed to have (ex: System admin in Active
directory)
Authentication - Authentication is the process of
determining whether someone or something is, in
fact, who or what it is declared to be.
Certification
Endorsement (Approval/seal of approval) of information
by a trusted entity
Security properties
Access control
Restricting access to resources to privileged
entities (ex: ACL)
Witnessing
Verifying the creation or existence of information
by an entity other than the creator (ex: court
witnesses)
Revocation -Retraction of certification or
authorization
Access control
The problem?
A lot of information is stored somewhere
Information may be physically shared on
systems
Resources may be physically accessible
How do we regulate access?
Saltzer-Schroeder: Access only for computer
systems
Access control
Definition
Access control is a mechanism by which
one may restrict access to a resource
How the resource is restricted is described by a policy?
Resources
Computer files, Communication channels
Database records:
Criminal
Medical
Financial
Anything on which you can act (read, write,
execute, transfer ownership)
Access control
Policies
Set of statements:
Specify who can access what
Under which conditions
e.g., time boundaries
acting as a manager?
Most common type of policy
Restrict operations available depending on the
group to which you belong ex: User, Systems
Administrator, Guest
Access control
Access control
Possible security violations
1. Unauthorized information release
2. Unauthorized information modification
3. Unauthorized denial of use
Principles for access control (1/3) (Saltzer and Schroeder,
1975)
Economy of mechanism
Keep It Simple, Stupid!
Any design or implementation error might break the entire
System:
3 lines of code are (relatively) easy to secure, 3 million lines
are
essentially bound to have bugs: 3 lines of code can (in
general) be formally verified
Access control
Principles for access control (2/3)
Complete mediation:
Every access to (each) every object must be checked for
Authority (a foolproof method of identifying the source of
every request)
Privilege separation:
Where feasible, ask two principals (or more) to unlock
the mechanism
Avoids single points of failure (A single point of
failure (SPOF) is a part of a system that, if it fails, will stop
the entire system from working)(ex: redundancy
duplicating objects)
Access control
Principles for access control (3/3)
Least privilege:
Every program and every user of the system should operate
using the least set of privileges necessary to complete the job
(giving a user account only those privileges which are essential to that
users work and nothing more !)
Least common mechanism:
Minimize the amount of shared information (give specific roles)
Every shared mechanism (e.g., shared variables) represents a
potential (untrusted) information path (always watch out!!)
Psychological acceptability:
Make it easier for users to use system properly, otherwise they are
likely to incorrectly use the protection mechanisms (ex: create user in
the OS to prevent guessing passwords with Admin user)
Access control
Access matrices
Access control is defined by a triplet:
(User, Resource, Access)
User
Can correspond to real users or to
administrative users/programs (mail, bin, )
Resource
E.g., file, device
Access
Read, write, execute (r, w, x)
Access control/List
Different types of access control
Discretionary (not-mandatory) Access Control
The user owning an object decides how other users
can access the object
Example: UNIX Access Control
Mandatory Access Control
Each object has a sensitivity level associated with it,
and users have clearances for different sensitivity levels
Example: Military security clearances (official permission
for someone to have access to classified info)
Access control/list
Role-based access control
Each user acts on objects acting in a given role
(e.g., manager, programmer) etc
Permissions are assigned to roles
Adding one level of indirection to the access control
problem
Role: set of transactions that a user can perform
Allowed transactions for each role determined by
sys admin
Each user can act in one of several roles
Possible roles determined by sys admin
Active role for a given transaction chosen by user
Homework assignment 2
Draw an access control matrix of 3 principals:
Sam, Alice and Bob. And 4 different resources
that they can access : os, medical data, audit
data, criminal data
Sam is the syadmin, has universal access except
audit data; which even he should be able to read.
Alice the manager needs to execute the os, but
she mustnt have the ability to change os
privileges. But she can read and write to other
resources. Bob can only read everything.
Submit Monday 9 2 :00 pm
Cryptographic primitives
Encryption using a key (is a piece of
information /a parameter that determines the
functional output of a cryptographic algorithm
or cipher-In encryption, a key specifies the
particular transformation of plaintext into
ciphertext without it, no result for any
algorithm being used.
vice versa during decryption
Cryptographic primitives
Symmetric key cryptography vs Asymmetric key
cryptography
Symmetric cryptography uses the same secret
(private) key to encrypt and decrypt its data
whereas,
Asymmetric uses both a public (mathematically
linked of separate keys: one public and private
key)- Encryption is done with secret key part, and
decryption is done with public key part.
Cryptographic primitives
A brief history of cryptography
Recall Anderson:
First and foremost military use
Use of crypto has been traced as far back as
the Egyptians some 4,500 years ago
Used to protect national secrets and strategies
Symmetric crypto
Caesar Cipher
Caesar cipher or Caesar shift: The earliest known,
and the simplest, use of a substitution cipher was
by Julius Caesar.
The Caesar cipher involves replacing each letter
of the alphabet with the letter standing three
places further down (forward) the alphabet.
Substitution technique: is one in which the
letters of plaintext are replaced by other letters
or by numbers or symbols
Caesar cipher
The earliest known, and the simplest, use of a
substitution cipher was by Julius Caesar.
The Caesar cipher involves replacing each
letter of the alphabet with the letter standing
three places further down (forward) the
alphabet. For example,
plain: meet me after the party
cipher: PHHW PH DIWHU WKH SDUWB
Ceasar cipher
We can define the transformation by listing all
possibilities, as follows:
plain: a b c d e f g h i j k l m n o p q r s t u v w x
yz
cipher: D E F G H I J K L M N O P Q R S T U V W
XYZABC
Caesar Cipher
Let us assign a numerical equivalent to each
letter:
Substitution techniques
Ceasar cipher belong to substitution techniques:
-Caesar Cipher
-Monoalphabetic Ciphers
-Playfair Cipher
-Hill Cipher
-Polyalphabetic Ciphers
-One-Time Pad
Read them from the book
Frequency Analysis
Another substitution technique is the
Frequency analysis.
Frequency analysis(the study of letters or
groups of letters contained in a cipher text in
an attempt to partially reveal the message)
The English language (as well as most other
languages) has certain letters and groups of
letters appear in varying frequencies.
Frequency distribution
This is a chart of the frequency distribution of
letters in the English alphabet.
As you can see, the letter e is the most
common, followed by t and a, with j, q, x,
and z being very uncommon
Example: This is a cipher message which is
transferred :
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDB
METSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZU
HSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Frequency distribution
Encryption/decryption
There are more other types of ciphers (details in
the book):
Monoalphabetic ciphers which includes:
playfair ciphers, and hill cipher
Polyalphabetic ciphers which includes:
Vigenre cipher (the most knows and simple),
vernam cipher and one-time pad
Vigenre cipher
The best known, and one of the simplest,
polyalphabetic ciphers is the Vigenre cipher.
In this scheme, the set of related monoalphabetic
substitution rules consists of the 26 Caesar
ciphers with shifts of 0 through 25.
Each cipher is denoted by a key letter, which is the
cipher text letter that substitutes for the plaintext
letter a. Thus, a Caesar cipher with a shift of 3 is
denoted by the key value d.
Homework assignment 3
From the numeric table below compute the:
-Key, plain text, and cipher text
RECAP
Prime Factorization
To factor a number n is to write it as a
product of other numbers.
n=a*b*c
Or, 100 = 5 * 5 * 2 * 2
Prime factorization of a number n is writing it
as a product of prime numbers.
143 = 11 * 13
RECAP
Relatively Prime Numbers
Two numbers are relatively prime if they have no common
divisors other than 1.
10 and 21 are relatively prime, in respect to each other, as
10 has factors of 1, 2, 5, 10 and 21 has factors of 1, 3, 7, 21.
How do you compute GCD of two +ve integers?
Ref: divisors of integers, and point the largest
The Greatest Common Divisor (GCD) of two relatively
prime numbers can be determined by comparing their
prime factorizations and selecting the least powers.
History Cont.
One of Fermats books contained a handwritten
note in the margin declaring that he had a proof
for this equation, but it would not fit in the
margin.
Recap
When we divide two integers (A/B), we will have
an equation that looks like:
A/B = Q remainder R
A= dividend, B=divisor, Q=quotient, R=remainder
Using this relation, there is an operation called
Modulo operator (abbreviated as mod), using the
same relation, A,B,Q and R, would have
A mod B =R, so we would say this as A modulo B is
Congruent to R, where B is referred to as the
Modulus.
Recap
Ex: 13/5 = 2 remainder 3. Using modulo
operator: 13 mod 5 = 3
7%5= 2 what is that means?
When we say mod 5 there are 5 integers counted
from 0,1,2,3,4.
We can use the technique to compute modulo
arithmetic by visualizing modulus with clocks
(we start at o integer position and go through n
integer numbers in a clock wise sequence) NB:
negative integer is otherwise
Recap
1) Is the symbol for congruence, which means A
and B are in the same equivalence class
ex: 26 11 (mod 5)
Message Authentication
Message Authentication
Requirements
Message Authentication must be able to verify that:
1. Message came from apparent source or author,
2. Contents have not been altered,
3. Sometimes, it was sent at a certain time or
sequence.
Approaches to Message
Authentication
Authentication Using Conventional Encryption
Only the sender and receiver should share a key
Then a correctly encrypted message should be from the sender
Usually also contains error-detection code, sequence number and time stamp
1.
2.
3.
Calculate the MAC as a function of the message and the key. MAC
= F(K, M)
MAC
A MAC is sometimes called Keyed (cryptographic)
hash function (h(x) which is only one of the
possible ways to generate MACs). Which means:
- Accepts input a secret key and this key generates
a small size-fixed block of data known as MAC
appended to the message
- The MAC value protects both a messages data
integrity and authenticity by allowing verifiers
(who possess secret key) to detect any changes to
the message content. (Sender and receiver must
agree on the same key before initiating
communication)
MAC
Message Authentication without Message
Encryption
An authentication tag is generated and appended
to each messageMessage Authentication Code
(MAC)
MAC is generated by using a secret key
Assumes both parties A,B share common secret
key KAB
Code is function of message and key MACM= F(KAB,
M)
Message plus code are transmitted
MAC
RECAP
-The values returned by a h(x) are called hash
values, hash code, hash sums, or simply
hashes.
-A very good example of h(x) in cryptography is
one-way hash function, an algorithm that turns
messages or text into a fixed string of digits, for
security or data management purposes. Oneway means that its nearly impossible to derive
the original text from the string.
Recap
-Ex: A one way hash function is used to create
digital signatures ( a digital code that can be
attached to an electronically transmitted
message that uniquely identifies the sender).
Which in turn identify and authenticate the
sender and message digitally distributed.
-In one-way hash function , the input is often
called the message digest or simply digest.
2.
3.
4.
5.
6.
Plaintext
Encryption algorithm
Public and private key
Ciphertext
Decryption algorithm
2. Diffie-Hellman
Echange a secret key securely
Compute discrete logarithms
Diffie-Hellman Algorithm
Diffie-Hellman Algorithm
DH is one of the earliest practical examples
of public key exchange implemented within
the field of cryptography.
The DiffieHellman key exchange method
allows two parties that have no prior
knowledge of each other to jointly establish
a shared secret key over an
insecure communication channel.
Diffie Hellman
Digital signatures
A digital signature is an encryption of a
document with the creators private key
It is attached to a document that validates the
creator of the document (an attachment to an
electronic message used for security purpose)
Digital signatures
Recall:
Think a number of the times youve signed your
name to a piece of paper during the last week?
You signed checks, credit card receipts, legal
documents, and letters.
You signature attests that you (as opposed to
someone else) have agreed on the documents
content. In digital world, one often wants to
indicate the owner or creator of a document or to
signify ones agreement with a documents
contents.
Digital signatures
A digital signature Is a cryptographic technique for
achieving these goals in a digital world. And just as
with handwritten signatures, digital signing should be
done in a way that is verifiable.
Lets see how we might design a digital signature
scheme:
- When Bob signs a message, Bob must put something on
the message that is unique to him. Means Bob could
consider attaching a MAC for the message where the
MAC is created by appending a key (unique to him) to the
message and then taking the Hash.
Digital signatures
In other words Digital signature is a
mathematical technique used to validate the
authenticity and integrity of a message,
software or digital document.
There have been serious concerns behind
message authentication thus required digital
signature techniques to resolve some of those
issues:
Digital signatures
Properties
Message authentication protects two parties who exchange
messages from any third party. However, it does not
protect the two parties against each other.
Several forms of dispute between the two are possible. For
example, suppose that Bob sends an authenticated
message to Alice,
1. Alice may forge a different message and claim that it came
from Bob. Alice would simply have to create a message and
append an authentication code using the key that Bob and
Alice share.
2. Bob can deny sending the message. Because it is possible
for Alice to forge a message, there is no way to prove that Bob
did in fact send the message.
Digital signatures
In situations where there is not complete trust
between sender and receiver, something more than
authentication is needed. The most attractive solution
to this problem is the digital signature. The digital
signature must have the following
properties:
It must verify the author and the date and time of the
signature.
It must authenticate the contents at the time of the
signature.
It must be verifiable by third parties, to resolve
disputes.
Key management
Distribution of public keys
Well, whats the issue?
Cant we just trust Mallory if she claims a key as
her public key?
Key Management
Public-Key Certificate Use
Certificate Authority
In cryptography, a certificate
authority or certification authority (CA) is an
entity that issues digital certificates (public key
certificate) is an electronic document used to
prove ownership of a public key.
Common Application: Trusted certificates from
trusted CAs are typically used to make secure
connections to a server over the Internet,
The client uses the CA certificate to verify the CA
signature on the server certificate, as part of the
checks before establishing a secure connection
Certificate Authority
Analogy : Internet Security means not just
making sure that data is not intercepted or
corrupted, but that a computer user is who they
say they are. Just as in real life you may need a
passport from a trusted source to prove who
you are, a Certificate Authority server can be
set up to issue certificates to prove who people
are online.
Certificate Authority
A Certificate Authority is an organization or
individual that provides certificates and a
mechanism for verifying their authenticity. Large
companies such as Microsoft issue certificates to
guarantee downloaded software, and companies
like Verisign.
Users are sometimes concerned receiving
messages that "certificates have expired",
however this just means the default valid period
for the certificate is over not that you are
suddenly at any risk attack.
Certificates
Certificates are an important component
of Transport Layer Security (TLS, sometimes
called by its older name SSL, Secure Sockets
Layer), where they prevent an attacker from
impersonating a secure website or other
server. They are also used in other important
applications, such as email encryption.
Security Practice
Authentication Applications
Authentication Applications
Authentication Overview
We are taking a network-based view of user
authentication
User authentication is the first line of defence of
a network
It aims to prevent un authorized access to a
network
It is the basis of setting access controls
It is used to provide user accountability
Means of Authentication
Something the individual knows
E.g. password, PIN
Something the individual possesses (tokens)
A security token (sometimes called an authentication token) is a small
hardware device that the owner carries to authorize access to a network
service. The device may be in the form of a smart card
E.g. cryptographic key, smartcard
Something the individual is
E.g. fingerprint, retina
Authentication Problems
Guess or steal passwords, PIN, etc
Forget passwords, PIN
Steal or forge smartcards
Lose smartcard
False positives in biometrics
False negatives in biometrics
The most common method of network
authentication uses passwords and cryptographic
keys
Password-Based Authentication
Password-based authentication is the most common
means of authentication.
It requires no special hardware.
Its typical authentication by password only,
where the user supplies a username and password
then the system looks up the username in the
relevant database table,
it checks that username, password pair exists and
finally it provides system access to the user
Password Strength
Users tend to pick weak passwords if allowed. These kinds of
passwords can be easily to cracked via dictionary attack
(A dictionary attack is a technique or method used to breach the
computer security of a password-protected machine or server. A
dictionary attack attempts to defeat an authentication mechanism
by systematically entering each word in a dictionary as a password
or trying to determine the decryption key of an encrypted message
or document)
Users should be forced to create more complex passwords.
System can also supply users with a strong password however, with
this method, many users will tend to write down a stronger
password and this can be a greater security risk.
One of the best methods of creating strong password is by using
the Challenge Response method.
Here the systems are used that request specific characters in a
password rather than the whole password. This is commonly used
in online banking
Attacks on Password-Based
authentication
Eavesdropping: Here the attacker can listen in
and gain password information. Encrypting
messages will prevent this
Offline dictionary attack: A direct attack on the
database storing passwords can be used to
discover or change passwords. Normally strong
access controls are applied to protect the
databases storing password files. However, some
hackers can bypass these control measures and
access the password files
Contd
Specific account attack: The hacker can be determined to guess a
password for a specific account until the correct password for that
specific account is discovered. The best method to prevent this is
by implementing the account lockout mechanism. This will disable
the account after a number of failed login attempts.
Contd
Workstation and session hijacking; the attacker can
monitor when the workstation is not being used or a
hacker can disconnect the session of the user and they
connect themselves. The main prevention mechanism is to
automatically logging the workstation out after a period of
inactivity. Intrusion detection schemes can be used to
detect changes in user behavior
Exploiting user mistakes: Some systems will provide
passwords to the users. These kind of passwords are very
difficult to remember, so users tend to write them
somewhere. So this would make it easier for the hackers to
read it. Prevention mechanisms include user training,
intrusion detection, and simpler passwords combined with
another authentication mechanism.
Contd
Exploiting multiple password use: Some users
use same password for different devices, so
once the attacker gets to know the password,
all the devices can be easily attacked. Never
use the same password for different
applications or devices
TOKEN-BASED AUTHENTICATION
Objects that a user possesses for the purpose
of user authentication are called tokens.
There are mainly two types of tokens that are
widely used; these are cards that have the
appearance and size of bank cards i.e.
Memory card
smart card
Smartcards
These are tamper-resistant devices that have a
small amount of memory and a small processor.
They are difficult to duplicate and are easily
transferable.
They can use the combination of PIN/password
and have Simple computations, e.g.
encryption/decryption, digital signatures.
Smartcard Examples
Bank/ATM cards
Credit cards
Travel cards
Pass cards for a workplace
SMARTCARD
Memory Cards
Memory cards have the capability to store data but cannot process
it.
BOIMETRIC AUTHENTICATION
Biometric-based authentication is the Measurement of
bodys unique characteristics or behavior.
These behaviors are of different types such as; Voice,
Signature, Facial, Palm, Eye, Fingerprint etc.
Compared to passwords and tokens, biometric
authentication is both technically complex and
expensive
Ex: Biometric palm
Contd
Hand geometry: This method involves the hand
geometry systems identify features of the hand, such
as; shape, and lengths and widths of fingers.
Retinal pattern: It is believed that the pattern formed
by the veins beneath the retinal surface is unique and
therefore suitable for identification. The biometric
system gets the digital image of the retinal by
projecting a low-intensity beam of visual or infrared
light into the eye.
Contd
Iris: This is the detailed structure of the iris. It is also
another unique feature that can be used for
identification
Signature: A signature is frequently written sequence.
Every person has a different style of handwriting and
this is reflected mainly in their signatures. So this
method can also be used as means of identification.
Voice: This is another means of identification where
voice patterns are more closely tied to the physical and
anatomical characteristics of the speaker.
At the same time, the system senses some biometric features for this
user i.e, Iris, Fingerprints, etc.
All these inputs are digitized and the system extracts a set of
characteristics that can be stored as a number or set of numbers
representing this unique biometric characteristic; this set of numbers is
referred to as the users template.
The user is now enrolled in the system, which maintains for the user a
name (ID), perhaps a PIN or password, and the biometric value.
Contd
Contd
Depending on application, user authentication
on a biometric system involves two methods:
Verification
Identification
Verification
This method is similar to a user logging on to a system by
using a memory card or smart card coupled with a
password or PIN.
For biometric verification, the user enters a PIN and also
uses a biometric sensor.
The system extracts the corresponding feature and
compares that to the template stored for this user.
Contd
Identification
In this method, the user uses the biometric
sensor with no any other additional
information presented.
Contd
Why Biometrics ?
Unique
Authentication: 1-to-1 matching
Identification: 1-to-M matching
Convenient
Non-repudiable
Fast, accurate, non-transferable
Nothing to remember and nothing to
forget
Semiconductor Sensors
User friendliness
Durability
Cost
Size
Ease of integration
Choice of application products
Third-party SW support
Biometrics Overview
Biometrics Applications
Financial Sector
Point of Sale
ATM
Online Banking
Immigration
Passport Control
Border Control
Public Sector
National ID
Correctional Facility
Computer Security
Access Control
Network Security
e-Commerce
Medical
Medical Records Mgt
Social Service
Social Security
Welfare Payment
Missing Child
Telecommunication
Mobile Phone
Call Center
Internet Phone
Door Lock
Time-Attendance
Biometrics Application
Distant Learning
Healthcare
REMOTE-USER AUTHENTICATION
The form of authentication is where an individual tends to access
the system which is locally present i.e. a stand-alone office PC or
an ATM machine.
This is one of the simplest forms of user authentication.
The more complex case is when remote user authentication,
happens over the Internet, a network, or a communications link.
Remote user authentication raises additional security threats,
such as an eavesdropper being able to capture a password, or an
adversary replaying an authentication sequence that has been
observed.
To prevent these kinds of threats, the systems normally apply
some form of challenge-response protocol
Viruses
Viruses are very sophisticated and often appear
to be harmless correspondence:
personal communication
jokes
marketing promotions
Most viruses require recipients to download
attachments in order to spread
Some are designed to launch automatically, with
no user action required
Spam
A large proportion of all corporate email is spam
Spam costs US business billions of dollars in lost
productivity and system slow-downs annually
Most spam is annoying and slows down the network
Hackers may sometimes disguise viruses, spyware, and
malware as innocent-looking spam
Phishing
Phishing is an e-mail fraud method in which the perpetrator sends
out legitimate-looking email in an attempt to gather personal and
financial information from recipients.
- (fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal personal
information, such as passwords and credit card numbers, online.)
Spyware
Enables hackers to record activities and data
from the infected computer
Done via a program that dynamically gathers
information and transmits it via an Internet
connection
Often bundled in with shareware and freeware
programs
Usually installs and runs without user knowledge
Email Authentication
Aims to provide enough information to the recipient
so that they know the nature of the email
A valid identity on an email is a vital step in stopping
spam, forgery, fraud, and other serious crimes
Blacklisting IP Addresses
The IP addresses originating spam and phishing emails can
be blacklisted so that future email from them is not
received but either quarantined or deleted
Many IP addresses are dynamic
Change frequently
An organisation has a block of IP addresses
IP addresses are allocated when needed
May get a new address every time a connection is made
Therefore, spammer will not have a permanent IP address
Controlling Traffic
Some ISPs use techniques to prevent spamming
by their customers:
Port 25 can be blocked so that port 587 is used
and that requires authentication
Limiting the number of received headers in
relayed mail
Infected computers can be cleaned and patched
Outgoing email can be monitored for any sudden
increase in flow or in content (a typical spam
signature)
Awareness
Always remember : security-related
transformation (remember encryption of your
channel-transform it into something tricky to
opponent)
to make sure that your information is secured
(secret from opponent)-ex: a network model
At Network level
Awareness
Taken as a society (because of the people who
use it) internet is now full of people proud of
vandalism like intentional hackers
Awareness
Intrusion
Intruders are now ready!
Intruders are an individual or individuals who gains or
attempt to gain unauthorized access to a computer system
(can be :Insiders, Outsiders). 3 forms of intruder:
Masquerade, misfeasor, clandestine.
The misfeasor is a legitimate user who accesses data,
programs, or resources for which such access is not
authorized for him, or who is authorized for such access but
misuses his or her privileges ( ex: A DB control user trying
to behave like system admin)
Internet security
Internet security
The Internet of today uses the Internet Protocol Version 4
(IPv4) to route and deliver packets between computers
Packets can have reliable delivery using the Transmission
Control Protocol (TCP) or non-guaranteed delivery using
the User Datagram Protocol (UDP)
Internet security
ZeuS is active trojan horse widely used to steal
banking and other financial institute information first
seen on 2007, still in use today
A virus : A program that can replicate itself and send
copies from computer to computer across network
connections with human intervention (ex: Randex,
BigBear, SoBig, Klez, SirCam, Mankex, Fizzer etc)
A worm: A program that can replicate itself and send
copies from computer to computer across network
connections without human intervention
Internet security
Worms that has cause serious loss up to know:
Cybercrimes
Cybercrimes : - Pharming and phishing
Pharming is a way hackers attempt to manipulate users on
the Internet. While phishing attempts to capture personal
information by getting users to visit a fake website,
pharming redirects users to false websites without them
even knowing it.
Cybercrimes
Phishing is similar to fishing in a lake, but instead of trying
to capture fish, phishers attempt to steal your personal
information.
They send out e-mails that appear to come from legitimate
websites such your banking institutions (ex: email from
BK).
The e-mails state that your information needs to be like
updated or ask that you enter your credentials: after
clicking a link included in the e-mail, Some e-mails will ask
that you enter even more info (ex: full name, credit card
number, address, phone) and at that time
the phisher may be able to gain access to more information
by just logging in to you account.
Phishing vs Pharming
So : Phishing and pharming are two different
ways hackers attempt to manipulate users via the
Internet.
Phishing involves getting a user to enter personal
information via a fake website (most of the time
from a wrong email link)
While Pharming involves modifying DNS entries
(routes), which causes users to be directed to the
wrong website when they visit a certain Web
address.
Phishing
Example:
Hi Junior!
We sent you an email a while ago, because you now
qualify for a new mortgage. You could get
$200,000 for as little as $500 a month!
Bad credit is not a problem, you can pull cash out or
refinance!
Please click on this link for FREE consultation
without obligations: http://cutrate-loan.info/ !
Best Regards,
Ninsiima Geoffrey
Web Security
Two-way Systems
The Web works on a client-server model that
allows communication in both directions:
Server sends files to clients
Clients send files to servers
Servers must be protected from malicious
content uploaded by clients:
Deliberate upload
Accidental upload, e.g. unwittingly uploading an
infected file
Importance to Business
Used to supply corporate information
Complex Software
Servers are relatively easy to set up and configure.
It is simple to create web content:
Even complex looking web applications are often simple to
create
This simplicity is made possible by complex underlying
software.
Complex software often has undetected security holes:
You can be sure that someone will detect them!
Multiple Connections
The Web works because there are multiple
connections to a server.
Different servers are connected to each other.
What happens if a server is subverted and a
malicious attacker gains control?
How many clients will be affected?
How many other servers will be affected?
An attack could have widespread consequences.
Untrained Users
The Web is used by many, many clients with no training or
understanding of security issues.
How many people surf the Internet without antivirus
software?
Add in the people who have out of date virus definitions
Many people do not have the tools or knowledge to deal
with threats on the Web.
Traffic Security
Maintaining the security of a server as a piece of
hardware is not fundamentally different to
general computer security.
We will concentrate on the security of Web
traffic:
At the Network level (IPSec)
At the Transport level (Secure Socket Layer
(SSL)/Transport Layer Security(TLS))
IP Security (IPSec)
Provides security services at the IP layer for
other TCP/IP protocols and applications to use
Provides the tools that devices on a TCP/IP
network need in order to communicate securely:
When two devices wish to securely
communicate, they create a secure path between
themselves that may traverse across many
insecure intermediate systems.
IPsec
IPsec sits on top of the network layer. IPSec is an
Internet Engineering Task Force (IETF) standard suite of
protocols.
it provides data authentication (origin of the packet)
integrity, and confidentiality as data is transferred
between communication points across IP networks.
IPSec provides data security at the IP packet level.
All applications are protected by default, without
requiring any change to applications or actions on
behalf of users
Can only authenticate hosts, not users
User completely unaware that IPsec is running
ESP Packet
AH & ESP
IPSec Applications
Securing a companys Virtual Private network
(VPN) over the Internet
Securing remote access over the Internet
Establishing connections with partners via an
Extranet
Enhancing eCommerce security by adding to
the security mechanism in the application
layer
IPSec Advantages
Can be applied to a firewall or router and
apply to all traffic across that boundary
It is transparent to applications.
It is transparent to end users.
SSL Architecture
SSL uses TCP to provide a reliable and secure
end to end service.
It is not a single protocol but two layers of
protocols
The Hypertext Transfer Protocol (HTTP) used
for server/client interaction on the Internet
can operate on top of the SSL Record Protocol.
SSL Architecture
SSL Connections
A connection is defined by the OSI model as a
transport that provides a suitable service.
SSL connections are peer-to-peer relationships.
These SSL connections are transient.
They only last for a certain length of time.
Each connection is associated with a session.
SSL Connections
SSL(secure socket layer)/TLS overview
Goal (ex: Perform secure e-commerce across Internet)
Secure bank transactions
Secure online purchases
Secure web login
Security requirements
Secrecy to prevent eavesdroppers to learn sensitive
information
Entity and message authentication to prevent
message alteration / injection
SSL Connections
SSL/TLS sits on top of the transport layer
End-to-end security, best for connection-oriented
sessions
User does not need to be involved
The OS does not have to be changed
If SSL rejects packet accepted by TCP, then TCP
rejects correct packet when it arrives!
SSL must then close the connection
SSL Connections
SSL Sessions
A session in SSL is an association between a client and
a server.
Confidentiality
Integrity
Transmitted data:
Fragmented into manageable blocks
Compressed (optional)
Encrypted
Header added and transmitted in a TCP segment
Messages
The series of messages are initiated by the client.
HTTPS
HTTP over SSL/TLS
Used to create secure communications between
a Web browser and Web server
Built into modern browsers
Requires server to support HTTPS
communication
For example, at the time of writing, the Google
search engine does not support connections via
HTTPS
SSL Advantages
It is independent of the applications once a
connection has been created.
After the initiating handshake, it acts as a secure
tunnel through which you can send almost
anything.
Has several implementation packages, both
commercial and freely available
SSL Disadvantages
The extra security comes with extra processing
overhead.
This overhead is largely at the server end.
Means communications using SSL/TLS are a slower
than those without it
Some sources suggest that HTTPS communication can
be up to three time slower than HTTP.
With modern browsers, servers and connection
speeds, this should not cause significant problems
People today pay for online purchases by sending their credit card details to the
merchant.
A protocol such as SSL or TLS keeps the card details safe from eavesdroppers, but
does nothing to protect merchants from dishonest customers or vice-versa.
All orders and confirmations bear digital signatures, which provide authentication
and could potentially help to resolve disputes
System Security
Intrusion Detection
IDS Types
Network based intrusion detection systems
(NIDS)
Host based intrusion detection systems (HIDS)
IDS that look for signatures of known threats
IDS that compare traffic patterns against a
network baseline and look for anomalies in the
patterns
NIDS
Positioned in strategic locations in the network
HIDS
Operate on individual hosts or network
devices
Monitors all inbound and outbound packets
but only to and from the device it operates on
If suspicious activity is detected it usually
alerts the user and/or network administrator
of that activity
Signature-based IDS
Monitors packets on the network
Anomaly-based IDS
Monitors network traffic
Compare network traffic with a baseline
Baseline is normal traffic for that network:
Bandwidth
Protocols
Ports
Devices
User and/or network administrator is alerted
if there is a significant change from the
baseline
IDS Overview
Ideal for monitoring and protecting a network
Response to an intrusion
Responding to an intrusion
Communicate with appropriate parties (trusted servicesparties) to secure the network
Once compromised by intruders (remember to back up as
usual for non-compromised systems
Isolate Compromised System from the rest of the network (
and make systems tangible files as read-only by super
useran intruder may be an internal threat agent
Install regular software patches to eliminate vulnerability
in the software ,
Response to an intrusion
Response to an intrusion:
Analysis of the attacker: How the attack has been
conducted?, there have been modifications on
the data accessed in the attack?
Search for additional intrusions: Understand that
the intrusion may expose additional
vulnerabilities in other systems and Careful
review of other systems
Credentials: Change all authentication credentials
on compromised systems (username & pwds,
certificates, and private keys)
Complexity
Complexity of the problem:
Many intrusions go undetected!!!
Because intruders may be smart than us, system
and network administrator, lack of adequate
infrastructure, Lack of time and money in
monitoring systems status.
Most intrusion can be prevented: poor
configuration (ex: windows firewall turned off),
human error (intentional unintentional) , known
software vulnerabilities (un-patched).
System Security
Specific Attacks
Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms
NB: All these listed attacks can be used to comprise a system
Network Reconnaissance
Network reconnaissance refers to the overall
act of learning information about a target
network by using publicly available
information and applications.
This is often also referred to as Footprinting.
Port scan
Port scans actually look at a machine that is
alive and scan for an open port.
Once the open port is found, it scans the port to
find the service it is running. Once it finds the
service the port is running, it gives the intruder
power and knowledge about your system.
It basically gives him/her an edge in taking over
your machine. Protecting ourselves can be very
easy.
Packet Sniffers
IP Spoofing
IP Spoofing Mitigation
The threat of IP spoofing can be reduced, but not eliminated, through the
following measures:
Resource overload:
Disk space, bandwidth, buffer, etc
Ping floods: Smurf (smurf attack is a type of denial of service attack in which a
system is flooded with spoofed ping messages )etc
Packet storms: UDP bombos, etc
DoS Mitigation
The threat of DoS attacks can be reduced through the
following three methods:
Anti-spoof featuresProper configuration of antispoof features on your routers and firewalls
Anti-DoS featuresProper configuration of anti-DoS
features on routers and firewalls
Password Attacks
Hackers can implement password attacks
using several different methods:
Brute-force attacks
Dictionary Attacks
Trojan horse programs
IP spoofing
Packet sniffers
Man-in-the-Middle Attacks
Man-in-the-Middle Mitigation
Man-in-the-middle attacks can be effectively
mitigated only through the use of
cryptography (encryption).
Monitor Security
Detects violations to the security policy
Involves system auditing and and real-time
intrusion detection
Validates the security implementation in Step
1
Test Security
Validates effectiveness of the security policy
through system auditing and vulnerability
scanning
Improve Security
Use information from the monitor and test
phases to make improvements to the security
implementation.
Adjust the security policy as security
vulnerabilities and risks are identified.
Firewalls
A firewall is a software program or piece of
hardware that helps screen out hackers,
viruses, and worms that try to reach your
computer over the Internet.
Firewalls
Network Firewall
A firewall is the first line of defence for your network
The purpose of a firewall is to keep intruders from
gaining access to your network
Usually placed at the perimeter of network to act as a
gatekeeper for incoming and outgoing traffic
It protects your computer from Internet threats by
erecting a virtual barrier between your network or
computer and the Internet
Creating Rules
Traffic blocking rules can be based upon:
Words or phrases
Domain names
IP addresses
Ports
Protocols (e.g. FTP)
While firewalls are essential, they can block
legitimate transmission of data and programs
Software Firewall
Protect only the computer on which they are
installed
Provide excellent protection against threats
(viruses, worms, etc.)
Firewall Operation
Can be divided into three main methods:
Packet filters
Application gateways
Packet inspection
Individual vendors of firewalls may provide
additional features
You should look at their products for details
Application Gateways
Application-layer firewalls can understand the
traffic flowing through them and allow or deny
traffic based on the content
Disadvantages
Needs to know how to handle traffic to and from
your specific application
If you have an application that's unique, your
application layer firewall may not be able to support it
without making some significant modifications
Application firewalls are generally much slower than
packet-filtering or packet-inspection firewalls
They run applications, maintain state for both the
client and server, and also perform inspection of traffic
Advantages
Generally much faster than application firewalls
They are not required to host client applications
Most of the packet-inspection firewalls today also
offer deep-packet inspection
The firewall can dig into the data portion of the packet
and also:
Match on protocol compliance
Scan for viruses
Still operate very quickly
Disadvantages
Open to certain denial-of-service attacks
Firewall Architecture
Firewalls are used to protect the perimeter of
a network and the perimeter of sections of
networks
A key question for a network administrator is
where firewalls should be located
The positioning of firewalls in relation to
other network elements is the firewall
architecture
Firewall Architecture
The following are common firewall
architectures:
Screening router
Screened host
Dual homed host
Screened subnet
Screened subnet with multiple Demilitarized Zone
(DMZs)
Dual firewall
Screening Router
Simplest of firewall architectures
Traffic is screened by a router
Packet filtering
Using ACLs
Traffic is screened according to:
Source or destination IP address
Transport layer protocol
Services requested
Screening Router
Untrusted Network
Packet Filter
Trusted Network
Disadvantages
No logging
No user authentication
Difficult to hide internal network structure
Traffic moving between the DMZ and other interfaces on the protected
side of the firewall still goes through the firewall
This traffic has firewall protection policies applied
Bastion Host
The bastion host is the server that connects to the unsecure network through the
router
Bastion Host
Untrusted Network
Packet Filter
Trusted Network
Dual-Homed Host
Bastion Host has no routing capabilities (Dual-homed firewalls are not able
to forward IP datagrams)
Bastion Host
Untrusted Network
Packet Filter
Packet Filter
Trusted Network
Self-Study
Go and Read on the following Advanced
Concepts of Network Security
Socket programming
Concurrent and iterative
Master and Slave Networks with algorithms
Kerberos & X.509