Cir 1634

INFORMATION AND NETWORK SECURITY
(Common to CSE & ISE)
Subject Code: 10CS835 I.A. Marks : 25

Hours/Week : 04 Exam Hours: 03
Total Hours : 52 Exam Marks: 100
PART – A
UNIT 1 6 Hours
Planning for Security: Introduction; Information Security Policy, Standards, and Practices;
I
The Information Security Blue Print; Contingency plan and a model for contingency plan
R
UNIT 2 6 Hours
Security Technology-1: Introduction; Physical design; Firewalls; Protecting Remote
Connections
YS
UNIT 3 6 Hours
Security Technology–2: Introduction; Intrusion Detection Systems (IDS); Honey Pots,
Honey Nets, and Padded cell systems; Scanning and Analysis Tools
UNIT 4 8 Hours
SB
Cryptography: Introduction; A short History of Cryptography; Principles of Cryptography;
Cryptography Tools; Attacks on Cryptosystems.
PART – B
UNIT 5 8 Hours
Introduction to Network Security, Authentication Applications: Attacks, services, and
TE
Mechanisms; Security Attacks; Security Services; A model for Internetwork Security;
Internet Standards and RFCs Kerberos, X.509 Directory Authentication Service.
UNIT 6 6 Hours
Electronic Mail Security: Pretty Good Privacy (PGP); S/MIME
O
UNIT 7 6 Hours
IP Security: IP Security Overview; IP Security Architecture; Authentication Header;
Encapsulating Security Payload; Combining Security Associations; Key Management.
N
UNIT 8 6 Hours
Web Security: Web security requirements; Secure Socket layer (SSL) and Transport layer
Security (TLS); Secure Electronic Transaction (SET)
U
Text Books:
1. Michael E. Whitman and Herbert J. Mattord: Principles of Information Security, 2nd
Edition, Thomson, 2005. (Chapters 5, 6, 7, 8; Exclude the topics not mentioned in the
VT
syllabus)
2. William Stallings: Network Security Essentials: Applications and Standards, Pearson
Education, 2000. (Chapters: 1, 4, 5, 6, 7, 8)
TABLE OF CONTENTS
UNIT 2: FIREWALLS AND VPNS
UNIT 3: IDPS AND OTHER SECURITY TOOLS
UNIT 4: CRYPTOGRAPHY
I
R
UNIT 5: INTRODUCTION TO NETWORK SECURITY KEY
DISTRIBUTION AND USER AUTHENTICATION
YS
UNIT 6: ELECTRONIC MAIL SECURITY
SB
TE
O
N
U
VT
2.1 Firewall
2.1.1 Firewall Processing Modes
2.1.1.1 Packet-Filtering Firewall
2.1.1.2 Application Gateway
2.1.1.3 Circuit Gateway
I
2.1.1.4 MAC Layer Firewall
2.1.1.5 Hybrid Firewall
R
2.1.2 Firewalls Categorized by Generation
2.1.3 Firewalls Categorized by Structure
2.1.3.1 Commercial-Grade Firewall Appliance
YS
2.1.3.2 Commercial-Grade Firewall System
2.1.3.3 Small Office/Home Office (SOHO) Firewall Appliance
2.1.3.4 Residential-Grade Firewall Software
2.1.4 Firewall Architecture
2.1.4.1 Packet-Filtering Router
2.1.4.2 Screened Host Firewall
2.1.4.3 Dual-Homed Firewall
SB
2.1.4.4 Screened Subnet Firewall (with DMZ)
2.1.5 Selecting the Right Firewall
2.1.6 Configuring and Managing Firewall
2.1.6.1 Best Practices for Firewall
2.1.7 Content Filter
2.2 Protecting Remote Connections
TE
2.2.1 Remote Access
2.2.1.1 RADIUS, Diameter and TACACS
2.2.1.1.1 RADIUS
2.2.1.1.2 Diameter Protocol
2.2.1.1.3 TACACS
2.2.1.2 Securing Authentication with Kerberos
2.2.1.2.1 Kerberos
O
2.2.1.2.2 SESAME
2.2.2 Virtual Private Network
2.2.2.1 Transport Mode
2.2.2.2 Tunnel Mode
N
U
VT
2-1
2.1 Firewall
• A firewall is an information-security-program similar to a building’s firewall.
• Firewall prevents specific types of info. from moving b/w untrusted-network & trusted-network.
Example for untrusted-network: Internet (outside world)
Example for trusted-network: Intranet or private network (inside world)
I
• The firewall may be
→ separate computer
R
→ separate network containing a no. of supporting devices or
→ software running on an existing router/server
• Firewall can be categorized by 1) processing mode, 2) development era, or 3) structure.
YS
2.1.1 Firewall Processing Modes
• Firewall fall into 5 major processing-mode categories:
1) Packet-filtering firewall 2) Application gateway
3) Circuit-gateway 4) Layer firewall and 5) Hybrid firewall
2.1.1.1 Packet Filtering Firewall

SB
• It operates at the network-layer of the OSI-model. (Figure 2-1).
• It examines the header of packets that come into a network.
• It determines whether to drop or forward a packet based on the rules programmed into the firewall.
• The rules are based on a combination of the following:
→ IP source and destination address
→ Direction (inbound or outbound)
TE
→ Protocol
→ TCP/UDP source and destination port
• The rules are created and modified in the ACL (Access Control List) by the network-administrators.
O
N
Figure 2-1 Packet-Filtering-router

U
VT
Table 2-1 Sample Firewall-rule and Format
• As shown in Table 2-1, any connection attempt made by an external-device in the 192.168.x.x
address-range (192.168.0.0–192.168.255.255) is allowed.
2-2
• It can be further classified into 3 types:
1) Static Filtering
 Here, the filtering-rules must be developed and installed with the firewall.
 The rules are created and sequenced by a person directly editing the rule-set.
2) Dynamic Filtering
 It can
→ react to an emergent event and
→ update/create rules to deal with that event.
Static vs Dynamic Firewall
 In static firewall, entire sets of one type of packet is allowed to enter into trusted-network.
 In dynamic firewall, only a particular packet with a particular source, destination, and port
I
address is allowed to enter into trusted-network.
R
3) Stateful Inspection
 It monitors network-connection between internal and external systems using state-tables.
 A state-table records information like
→ source and destination address of devices
YS
→ what & when packet is sent (Table 2-2).
2.1.1.2 Application Gateway

SB
Table 2-2 State-table Entries
• It operates at the application-layer of the OSI-model.

• It is frequently installed on a dedicated computer which is separate from the filtering-router.
• It is commonly used in conjunction with a filtering-router.
• It is also known as a proxy-server because
TE
it runs special software that acts as a proxy for a service-request.
• The proxy-server
→ receives requests for Web-pages
→ accesses the Web-server on behalf of the external client and
→ returns the requested-pages to the users.
• It is also known as a cache-server because
O
it stores the most recently accessed pages in the internal cache.

• Advantage:
For any external-attack to happen, two separate systems has to be compromised.
Thus, the proxy-server can placed in an unsecured-network, thereby protecting the Web-server
N
• Disadvantage:
It is designed for a specific type of protocols (e.g., FTP, Telnet, HTTP & SNMP).
So, it cannot be re-configured to protect against attacks on other protocols.
U
2.1.1.3 Circuit Gateway

• It operates at the transport-layer of the OSI-model.
• It does not usually look at traffic flowing between one network and another network.
VT
• Rather, it prevents direct connection between one network and another network.
• It
→ creates tunnel connecting specific processes/systems on each side of the firewall, and
→ allow only authorized traffic in the tunnels
2.1.1.4 MAC Layer Firewall

• It operates at the data-link-layer of the OSI-model.
• It determines whether to drop or forward a packet based on the MAC source and destination address.
2-3
2.1.1.5 Hybrid Firewall
• It combines the elements of above 4 types of firewalls.
• For ex:
The elements of packet-filtering and proxy services.
The elements of packet-filtering and circuit-gateways.
• It may consist of 2 separate firewalls which are connected so that they work in tandem.
• Advantage:
An organization can make a security improvement w/o completely replacing its existing firewall.
2.1.2 Firewall Categorized by Generation

1) First Generation Firewall
I
• It is a static packet-filtering firewall.
R
• It determines whether to drop or forward a packet based on the rules programmed into the firewall.
2) Second Generation Firewall
• It is a application-level firewall.
YS
• It is frequently installed on a dedicated computer which is separate from the filtering-router.
• It is commonly used in conjunction with a filtering-router.
• It is also known as a proxy-server because
this runs special software that acts as a proxy for a service-request.
3) Third Generation Firewall
• It is a stateful inspection firewall.
SB
• It monitors network-connection between internal and external systems using state-tables.
• A state-table records information like
→ source and destination address of devices involved in the conversation
→ what & when packet is sent
4) Fourth Generation Firewall
• It is a dynamic packet-filtering firewall.
• Here, only a particular packet with a particular source, destination, and port address is allowed to
TE
enter into trusted-network.
5) Fifth Generation Firewall
• It includes the kernel-proxy.
• The kernel-proxy works under Windows NT Executive, which is the kernel of Windows NT.
• It evaluates packets at multiple layers of the OSI-model.
• For example: Cisco's security-kernel
O
 The security-kernel contains 3 components:

1) Interceptor/Packet-Analyzer
2) Security Verification ENgine (SVEN), and
3) Kernel Proxies.
N
 Interceptor
→ captures packets arriving at the firewall and
→ passes the packets to the Packet-Analyzer.
 Packet-Analyzer
U
→ reads the header

→ extracts signature-data, and
→ passes both the data and the packets to the SVEN.
VT
 SVEN
→ receives both the data and the packets
→ determines whether to drop the packet and
→ creates a new session.
2-4
2.1.3 Firewall Categorized by Structure
• Firewall can also be categorized by the structure used to implement them.
1) Commercial-Grade Firewall Appliance
2) Commercial-Grade Firewall System
3) Small Office/Home Office (SOHO) Firewall Appliance
4) Residential-Grade Firewall-software
• Most commercial-grade firewall is dedicated appliance.
• Specifically,
It is a stand-alone unit running on fully customized computing-platforms.
It provides both the physical network-connection and firmware programming necessary to
perform their function.
I
R
2.1.3.1 Commercial Grade Firewall Appliance
• It is stand-alone, self contained combinations of computing hardware and software.
• Normally, it has many features of a general-purpose computer with the addition of firmware based
instruction.
YS
• Firmware based instruction
→ increases reliability/performance of the system and
→ minimizes the likelihood of the system being compromised.
• The OS that drives the device can be periodically upgraded.
• The firewall-rule-sets are stored in non-volatile memory.
Thus, the rule-sets can be changed by technical-staff.
2.1.3.2 Commercial Grade Firewall System

SB
• The OS is tuned to meet the type of firewall-activity built into the application-software.
• It consists of application-software that is configured for the firewall-application.

• The application-software run on a general-purpose computer.
• Organizations can either
1) install firewall-software on an existing general-purpose-computer or
TE
2) purchase hardware that runs firewall-application.
2.1.3.3 SOHO Firewall Appliance

• It is used for protecting the residential-user and small businesses using DSL or cable-modem.
• Both DSL or cable-modem are more vulnerable to attacks.
• It is also known as DSL-router or broadband-gateway.
O
• It connects the user’s LAN/computer to the DSL-router provided by the ISP.

• It serves first as a stateful firewall to enable inside-to-outside access.
• It can also be configured to allow
→ limited TCP/IP port forwarding and
N
→ screened subnet capabilities. (DSL → Digital Subscriber Line ISP → Internet service-
provider)
• It include packet-filtering, port filtering, and IDPS.
U
2.1.3.4 Residential Grade Firewall Software

• It is also used for protecting the residential-user.
• A software-firewall is installed directly on the user’s computer.
VT
• For example: antivirus

• The most commonly used antivirus are McAfee, Norton, AVG, Kaspersky etc.
• Many people have implemented free version of antivirus but, unfortunately, these are not fully
protected. (As the proverb says “you get what you pay for”).
2-5
2.1.4 Firewall Architecture
• The configuration that works best for a particular organization depends on 3 factors:
1) The objectives of the network.
2) The organization’s ability to develop and implement the architectures, and
3) The budget available for the function.
• There are four common architectural implementations:
1) Packet-filtering-router
2) Screened host firewall
3) Dual-homed firewall and
4) Screened subnet firewall.
I
2.1.4.1 Packet Filtering Router
R
• It is placed at the boundary between
→ organization’s internal-networks and
→ external service-provider.
• It can be programmed to reject packets if the organization does not want to allow into the network.
YS
• Advantage:
Reduces the organization’s risk from external-attack.
• Disadvantages:
1) Lack of auditing and strong authentication.
2) Complexity of the ACLs used to filter the packets can degrade network-performance.
2.1.4.2 Screened Host Firewall

• It combines
→ packet-filtering-router and
SB
→ dedicated firewall such as proxy-server. This separate host is referred to as a bastion-host.
• The router pre-screens the packets to minimize the network-traffic and load on the internal proxy.
• The proxy-server
→ receives requests for Web-pages
TE
→ accesses the Web-server on behalf of the external client, and
→ returns the requested-pages to the users (Figure 2-3).
• If the bastion-host is compromised, the attacker will get information about the configuration of
internal-networks.
• The bastion-host is commonly referred to as the sacrificial host because
the bastion-host stands as a sole defender on the network perimeter.
O
N
U
VT
Figure 2-3 Screened Host Firewall
2-6
• Advantage:
For any external-attack to happen, two separate systems has to be compromised.
Thus, the bastion-host can placed in an unsecured-network, thereby protecting the Web-server.
• Disadvantage:
It is designed for a specific type of protocols (e.g., FTP, Telnet, HTTP & SNMP).
So, it cannot be re-configured to protect against attacks on other protocols.
2.1.4.3 Dual Homed Firewall

• The bastion-host contains two NICs rather than one.
1) One NIC is connected to the external-network and
2) Another NIC is connected to the internal-network.
I
• Two NICs provide an additional layer of protection. (NIC → network interface card)
R
• All traffic must physically go through the firewall to move b/w the internal and external-networks.
YS
SB
Figure 2-4 Dual-Homed Host Firewall
TE
• NAT is used for implementation of this architecture (Figure 2-4).

• NAT is a method of mapping external IP-addresses to non-routable internal IP-addresses.
• NAT can be used to create yet another barrier to intrusion from external-attackers.
• The internal-addresses consist of 3 different ranges (Table 2-3).
1) Organizations that need a large group of addresses will use the Class A address-range.
O
2) Organizations that need a medium group of addresses will use the Class B address-range.
3) Organizations that need a small group of addresses will use the Class C address-range.
N
U
Table 2-3 Reserved Non-routable Address-ranges

VT
• Advantages:
1) NAT prevents external-attacks from reaching internal-computers.
2) Can translate between different protocols such as Ethernet, token ring, FDDI, and ATM.
• Disadvantages:
1) If dual-homed host is compromised, it can disable the connection to the external-network.
2) As traffic volume increases, the dual-homed host can become overloaded.
2-7
2.1.4.4 Screened Subnet Firewall (with DMZ)
• It is the most popular architecture used today (Figure 2-5).
• It provides a DMZ (demilitarized zone).
• DMZ refers to an intermediate-area between a trusted-network and an untrusted-network.
• As shown in figure 2-5,
DMZ consist of two or more internal bastion-hosts behind a packet-filtering-router, with each
host protecting the trusted-network.
• The connections are routed as follow:
1) Connections from the untrusted-network are routed into an external filtering-router.
2) Then, connections from the untrusted-network are routed into the DMZ.
3) Finally, connections from the untrusted-network are routed into the trusted-network via DMZ
I
bastion-host.
R
• It performs two functions:
1) Protects the DMZ systems and information from outside threats by providing a network of
intermediate-security.
2) Protects the internal-networks by limiting how external-connections can gain access to them.
YS
SB
TE
Figure 2-5 Screened Subnet (DMZ)

O
• Disadvantages:
1) Expensive to implement.
2) Complex to configure and manage.
N
• Advantage:
1) DMZ allows the creation of an area known as an extranet.
In extranet, additional authentication and authorization controls are provided.
(For example: In an online retailer,
U
i) Anybody can browse the product catalog and place items into a shopping cart.
ii) But additional authentication and authorization is required when the customer is ready
to check out and place an order).
VT
2-8
2.1.5 Selecting the Right Firewall
• To determine the best firewall for an organization, following questions can be considered:
1) Which type of firewall technology offers the right balance between protection and cost for the
needs of the organization?
2) What features are included in the base price?
What features are available at extra cost?
Are all cost factors known?
3) How easy is it to set up and configure the firewall?
How accessible are the staff technicians who can competently configure the firewall?
4) Can the candidate firewall adapt to the growing network in the target organization?
I
2.1.6 Configuring and Managing Firewall
R
• After the firewall architecture is selected, the organization must provide the initial configuration of
the firewall.
• Good policy dictates that each firewall must have its own set of configuration-rules.
• Each configuration-rule must be carefully crafted, debugged, tested, and placed into the ACL.
YS
• A good configuration-rules ensure that the actions taken comply with the organization’s policy.
• In fact, the configuration of firewall-rules can be complex and difficult.
• Programmable IT professionals can easily deal with debugging both syntax-errors and logic-errors.
• Syntax-errors are usually easy to identify, as the systems alert the administrator.
2.1.6.1 Best Practices for Firewall

SB
1) All traffic from the trusted-network is allowed out.
• Thus, members of the organization can access the required services.
• Filtering and logging of outbound-traffic can be implemented when required by organization policy.
2) The firewall is never directly accessible from the public-network for configuration or
management purposes.
• Even internal-users must be denied to access the firewall.
• Only authorized administrator must be allowed to access the firewall.
TE
• The access method can be based on cryptographically strong authentication.
3) SMTP-data is allowed to enter through the firewall, but is routed to a well-configured
SMTP-gateway to filter and route messaging traffic securely.
4) All ICMP data should be denied.
• ICMP is Known as the ping service.
• ICMP is a common method used by hacker for snooping the internal-network.
O
• So, ICMP should be turned off to prevent snooping.

5) Telnet access to all internal servers from the public-networks should be blocked.
• Telnet access to the organization’s DNS-server should be blocked
→ to prevent illegal zone transfers and
N
→ to prevent attackers from taking down the organization’s entire network.

• If internal-users want to access an organization’s network from outside, the organization should use
a VPN.
6) When Web-services are offered outside the firewall, HTTP-traffic should be blocked from
U
internal-networks through the proxy server or DMZ.

• The restriction can be accomplished using NAT or proxy-server.
i) If the Web-servers only contain critical data, they should be placed inside the network.
VT
ii) If the Web-servers only contain advertising, they should be placed in the DMZ.
7) All data that is not verifiably authentic should be denied.
• When attempting to convince packet-filtering firewall to permit malicious traffic, attackers frequently
put an internal-address in the source field.
• To avoid this problem, set rules so that the firewall blocks all inbound traffic with an organizational
source-address.
2-9
2.1.7 Content Filter
• It is a software-filter that allows administrators to restrict access to content from within a network.
• It can help protect an organization’s systems from misuse and unintentional DOS problems.
• It is restricts user access to
→ networking protocols (eg: ftp, http) and
→ Internet content (eg: facebook, youtube, amazon).
• It is also called reverse-firewall because
it is mainly used to restrict internal-access to external material.
• It has two components: rating and filtering.
1) Rating
 It is like a set of firewall-rules for Web-sites.
I
 It is most common in residential content-filters.
R
 It can be
→ complex, with multiple access control settings for different levels of organization or
→ simple, with a basic allow/deny scheme like that of a firewall.
2) Filtering
YS
 It is a method used to restrict specific access-requests to the identified resources.
 The resources may be Web-sites or servers.
• Two ways to configure:
1) Exclusive Mode
 Certain sites are specifically excluded to access (eg: facebook, youtube, amazon).
 Disadvantage:
2) Inclusive Mode
SB
There may be thousands of Web-sites that an organization wants to exclude.
 Certain sites are specifically permitted to access (eg: ieee, springer, elsevier).
• Advantages:
1) The assurance that employees are not distracted by non-business material.
2) The assurance that employees cannot waste time and resources of organization.
• Disadvantage:
TE
Requires extensive configuration and ongoing maintenance to keep the blacklist up-to-date.
O
N
U
VT
2-10
2.2 Protecting Remote Connections
• In past, organizations provided the remote-connections exclusively through dial-up services like RAS
• Since the Internet has become more widespread in recent years, other options such as VPNs have
become more popular. (RAS → Remote Authentication Service VPN → Virtual Private Network).
2.2.1 Remote Access

• The connections b/w company-networks and the Internet use firewall to safeguard that interface.
• The unsecured, dial-up connection-points represent a substantial exposure to attack.
• An attacker who suspects that an organization has dial-up lines can use a war-dialer.
• A war-dialer is an automatic phone-dialing program used to locate the connection-points.
• A war-dialer
I
→ dials every number in a configured-range (e.g.,555-1000 to 555-2000), and
R
→ checks to see if a person, answering machine, or modem picks up.
• If a modem answers, the war-dialer program
→ makes a note of the number and
→ moves then to the next target number.
YS
• Finally, the attacker attempts to hack into the network via the identified modem-connection.
2.2.1.1 RADIUS, Diameter and TACACS

2.2.1.1.1 RADIUS
• RADIUS stands for Remote Authentication Dial-In User Service (Figure 2-6).
• It is an remote-access authorization-system that is based on a client/server configuration.
SB
• It is used to authenticate the credentials of users who are trying to access an organization’s network
via a dial-up connection.
TE
O
Figure 2-6 RADIUS Configuration

2.2.1.1.2 Diameter Protocol
N
• It is an emerging alternative derived from RADIUS.

• It defines the minimum requirements for a system that provides authentication, authorization, and
accounting (AAA) services.
• It security uses existing encryption standards such as IPSec or TLS.
U
• Diameter based devices are emerging into the marketplace.

• It is expected to become the dominant form of AAA services. (TLS → Transport-layer Security).
VT
2.2.1.1.3 TACACS
• TACACS stands for Terminal Access Controller Access Control System.
• It is another remote-access authorization-system that is based on a client/server configuration.
• There are three versions of TACACS:
1) TACACS
 It combines authentication and authorization services.
2) Extended TACACS
 It separates the steps needed to authenticate the individual/system from the steps needed to
verify the authenticated individual/system.
3) TACACS+
 It uses dynamic passwords and incorporates two-factor authentication.
2-11
2.2.1.2 Securing Authentication with Kerberos
• Two authentication-systems can provide secure third-party authentication:
1) Kerberos and
2) SESAME.
2.2.1.2.1 Kerberos
• It uses symmetric-key encryption to validate an individual client to various servers.
i) Server provides network-service. (eg: vtu server containing result-sheets)
ii) Client uses network-services. (eg: students requesting result-sheets)
• It consists of 3 interacting-servers (Figure 2-7 & 2-8):
1) Authentication-server (AS) or Kerberos-Server
I
 It is used to authenticate clients and servers.
R
2) Key Distribution Center (KDC)
 It is used to generate and issue session-keys.
3) Ticket Granting Service (TGS)
 It is used to provide tickets to clients who request services.
YS
 A ticket is an identification card for a particular client.
(eg: Ticket is similar to token issued in bank).
 The ticket confirms that the client is authorized to receive services from the server.
• It is based on the following 4 principles:
1) KDC keeps a database containing the secret-keys of all clients and servers on the network.
2) Initially, KDC exchanges information with the client and server by using these secret
keys. SB
3) Kerberos authenticates a client to a requested service on a server through TGS.
 Kerberos also generates temporary session-keys.
 Session-keys are private keys given to the two parties for communication purpose.
 The session-keys are used to encrypt all communications between two parties.
 For example:
i) client and KDC
TE
ii) server and KDC
iii) client and server.
4) Communications then take place between the client and server using these temporary
session-keys.
O
N
U
VT
Figure 2-7 Kerberos Login
2-12
I
R
YS
2.2.1.2.2 SESAME
SB
Figure 2-8 Kerberos Request for Services
• SESAME stands for Secure European System for Applications in a Multivendor Environment.
• It is similar to Kerberos.
1) Firstly, the user is authenticated to an Authentication-server.
TE
2) Then, the user receives a token.
3) Finally, the token is presented to a privilege attribute server as proof of identity to gain a
privilege attribute certificate (PAC). (The PAC is like the ticket in Kerberos).
• It uses public-key encryption to distribute secret-keys.
• It also builds on the Kerberos model by adding
→ more sophisticated access control features
O
→ more scalable encryption systems

→ improved manageability and
→ auditing features
N
U
VT
2-13
2.2.2 Virtual Private Network (VPN)
• It is defined as a private-network that makes use of the public telecommunication infrastructure.
• It maintains privacy through the use of a tunneling-protocol and security-procedures.
• It is commonly used to securely extend an organization’s internal-network-connections to remote-
locations.
• There are three VPN technologies:
1) Trusted VPN (or Legacy VPN)
 It uses leased-circuits from a service-provider (e.g.: BSNL lines).
 It forwards packet over these leased-circuits without encryption.
 The organization must trust the service-provider.
 The service-provider provides assurance that the circuits are properly maintained and
I
protected. Hence, the name trusted VPN.
R
2) Secure VPN
 It uses security-protocols.
 It encrypts and forwards packet over unsecured public-networks like the Internet.
3) Hybrid VPN
YS
 It combines the above two technologies.
 It encrypts and forwards packet over some or all of a trusted VPN network.
• It provides three services:
1) Encapsulation of incoming and outgoing data. (For ex: IPv6-packet within IPv4-packet).
2) Encryption of incoming and outgoing data. (For ex: RSA, DES).
3) Authentication of the remote-computer or remote-user.
2.2.2.1 Transport Mode

SB
• Two ways to implement a VPN: 1) Transport mode and 2) Tunnel mode.
• The data within an IP-packet is encrypted, but the header is not encrypted (Figure 2-9).
• Advantages:
1) Eliminates the need for special servers and tunneling-software.
2) Allows the end-users to transmit traffic from anywhere.
TE
3) Especially useful for traveling employees.
• Disadvantage:
Attacker can still identify the destination-computer.
O
N
U
VT
Figure 2-9 Transport Mode VPN
• There are two popular uses for transport mode VPNs:

1) End-to-end transport of encrypted data.
 Here, two end-users can communicate securely using encryption and decryption.
 Each machine acts as the 1) end-node VPN server and 2) end-node VPN client.
2) A teleworker (or remote-access worker) connects to an company-network over the Internet.
 Thus, teleworker’s system can work as if it were part of the LAN.
2-14
2.2.2.2 Tunnel Mode
• A connection is set up between two perimeter tunnel-servers (Figure 2-10).
• These 2 tunnel-servers encrypt all traffic that will traverse an unsecured-network.
• Both data & header within an IP-packet are encrypted.
• The entire IP-packet is encapsulated within another packet. (For ex: IPv6-packet within IPv4-packet).
• The new packet is addressed from one tunneling server to another.
• Advantage:
An intercepted packet reveals nothing about the true destination system.
I
R
YS
SB
Figure 2-10 Tunnel Mode VPN
TE
O
N
U
VT
2-15
UNIT 3: INTRUSION-DETECTION AND PREVENTION SYSTEMS,

AND OTHER SECURITY TOOLS
3.1 Intrusion-detection and Prevention Systems

3.1.1 IDPS Terminology
3.1.2 Why Use an IDPS?
3.1.3 Types of IDPS
I
3.1.4 IDPS Detection Methods
R
3.1.4.1 Signature-Based IDPS
3.1.4.2 Statistical Anomaly-Based IDPS
3.1.4.3 Stateful Protocol Analysis IDPS
3.1.5 IDPS Response Behavior
YS
3.1.5.1 IDPS Response Options
3.1.6 Selecting IDPS Approaches and Products
3.1.6.1 Technical and Policy Considerations
3.1.6.2 Organizational Requirements and Constraints
3.1.6.3 IDPSs Product Features and Quality
3.1.7 Strengths and Limitations of IDPSs
3.1.7.1 Strengths of IDPS
SB
3.1.7.2 Limitations of IDPS
3.1.8 Deployment and Implementation of an IDPS
3.1.8.1 IDPS Control Strategies
3.1.8.1.1 Centralized Control-Strategy
3.1.8.1.2 Fully Distributed Control-Strategy
3.1.8.1.3 Partially Distributed Control-Strategy
TE
3.1.8.2 IDPS Deployment
3.1.8.2.1 Deploying Network-Based IDPSs
3.1.8.2.2 Deploying Host-Based IDPSs
3.1.9 Measuring the Effectiveness of IDPSs
3.2 Honeypots, Honeynets, and Padded-cell Systems
3.2.1 Trap-and-Trace Systems
3.2.2 Active Intrusion-prevention
O
3.3 Scanning and Analysis Tools

3.3.1 Port Scanners
3.3.2 Firewall Analysis Tools
N
3.3.3 Operating System Detection Tools

3.3.4 Vulnerability Scanners
3.3.5 Packet Sniffers
3.3.6 Wireless Security Tools
U
VT
3-1
UNIT 3: INTRUSION-DETECTION AND PREVENTION SYSTEMS,

AND OTHER SECURITY TOOLS
3.1 Intrusion-detection and Prevention System (IDPS)

• An intrusion occurs when an attacker attempts to
→ gain entry into the trusted-network or
I
→ disrupt the normal operation of the trusted-network.
R
• Main motive for intrusion: to harm an organization.
• Example includes: virus attack or DOS attack
• Intrusion-prevention consists of activities that prevent an intrusion.
• Some important intrusion-prevention activities are
YS
→ implementing good security-policy
→ executing effective security-programs and
→ installing technology-based countermeasures (such as firewalls and IDPS)
• Intrusion-detection consists of procedures used to identify intrusions.
• Intrusion-reaction consists of actions taken by organization when an intrusion is detected.
• These actions seek to
→ limit the loss from an intrusion and
SB
→ return operations to a normal-state as quickly as possible.
• Intrusion-correction consists of restoration of operations to a normal-state.
• These actions seek to identify the source and method of the intrusion in order to ensure that the
same type of attack cannot occur again.
• Like a burglar alarm, an IDS detects a violation and activates an alarm.
• This alarm can be
TE
→ audible or visual or
→ silent an e-mail or pager alert.
• System-admins can choose
→ configuration of the various alerts and
→ alarm-levels associated with each type of alert.
• A current extension of IDS technology is the IPS, which can detect and prevent intrusion by means of
an active response.
O
• Because the two systems often coexist, the combined term Intrusion-detection and prevention
system (IDPS) is generally used.
(IPS --> intrusion-prevention system IDS --> Intrusion-detection systems)
N
U
VT
3-2
3.1.1 IDPS Terminology
1) Alert or Alarm
• An indication that a system has just been attacked or is under attack.
• Different forms of alarms are
→ audible-signals → e-mail messages
→ pager notifications or → pop-up windows.
2) Evasion
• The process by which attackers change the format and timing of their activities to avoid being
detected by the IDPS.
3) False Attack Stimulus
• An event that triggers an alarm when no actual attack is in progress.
I
• During testing phase, false attack stimuli can be used to check whether the IDPSs can distinguish
R
between 1) false attack stimuli and 2) real attacks.
4) False Negative
• An alert does not occurs in the presence of an actual attack.
• It is the most serious failure, since the purpose of an IDPS is to detect and respond to attacks.
YS
5) False Positive
• An alert occurs in the absence of an actual attack.
• A false positive may be produced when an IDPS mistakes normal system activity for an attack.
6) Noise
• Alarm events that are accurate and noteworthy but that do not pose significant threats to information
security.
SB
• Unsuccessful attacks are the most common source of noise.
• Some of the alarms may be triggered by scanning-tools deployed by admins without intent to do
harm.
7) Site Policy
• The rules and guidelines governing the operation of IDPSs within the organization.
8) Site Policy Awareness
• An IDPS’s ability to dynamically modify its rules in response to environmental activity.
TE
• A smart IDPS can adapt its reactions in response to admin guidance over time and circumstances of
the current local environment.
• A smart IDPS logs events that fit a specific profile instead of minor events, such as file modification
or failed user logins.
9) True Attack Stimulus
• An event that triggers alarms and causes an IDPS to react as if a real attack is in progress.
O
• The event
→ may be an actual attack, in which an attacker has gained entry into the trusted-network or
→ may be a drill, in which security personnel are using hacker tools to conduct tests
10) Tuning
N
• The process of adjusting an IDPS to maximize its efficiency in detecting true positives, while
minimizing both false positives and false negatives.
11) Confidence Value
• The measure of an IDPS’s ability to correctly detect and identify certain types of attacks.
U
• The confidence value is based on experience and past performance measurements.

• The confidence value helps an admin determine how likely it is that an alarm indicates an actual
attack in progress.
VT
• For example,
if a system has confidence value of 90% for reporting a DOS attack, then there is a high
probability that an actual attack is occurring.
12) Alarm Filtering
• The process of classifying IDPS alerts so that they can be more effectively managed.
• An admin can set up alarm filtering by running the system for a while to track what types of false
positives it generates and then adjusting the alarm classifications.
• For example, the admin may set the IDPS to discard alarms produced by false attack stimuli or
normal network operations.
• Like a packet filter, an alarm filter are used to filter traffic based on operating systems, confidence
values, alarm type, or alarm severity
3-3
13) Alarm Clustering and Compaction
• A process of grouping almost identical alarms that happen at close to the same time into a single
higher-level alarm.
• This consolidation reduces the number of alarms generated, thereby reducing administrative
overhead.
• This clustering may be based on
→ similarity in attack signature or
→ similarity in attack target
3.1.2 Why Use an IDPS?

1) The attackers avoid breaking into a trusted-network that has an IDPS.
I
• Because, they are afraid of getting caught and punished.
R
(For e.g., criminals avoid breaking into a house that has an burglar alarm).
2) To detect attacks and other security violations that are not prevented by other security
measures.
• IDPS can be used when trusted-network
YS
→ cannot protect itself against known security-holes or
→ cannot respond to a rapidly changing threat environment.
3) To detect and deal with the preambles to attacks.
• IDPSs can also help admins detect the preambles to attacks.
• Most attacks begin with an organized and thorough probing of the organization’s network
environment and its defenses.
SB
• This initial estimation of the defensive state of an organization’s networks and systems is called
doorknob rattling and is accomplished by means of footprinting and fingerprinting
4) To document the existing threat to an organization.
• The implementation of security technology usually requires that project proponents document the
threat from which the organization must be protected.
• IDPSs are one means of collecting such data.
5) To act as quality control for security design and administration, especially in large
TE
enterprises.
• Data collected by an IDPS can also help management with quality assurance and continuous
improvement.
• IDPSs consistently pick up information about attacks that have successfully compromised the outer
layers of information security controls such as a firewall.
• This information can be used to identify and repair emergent or residual flaws in the security and
O
network architectures.
6) To provide information about intrusions that occurred.
• The information can be used for improved diagnosis, recovery, and correction.
• IDPS can still assist in the after-attack review by providing information on
N
→ how the attack occurred

→ what the attacker accomplished and
→ which methods the attacker employed.
• This information can be used
U
→ to remedy deficiencies and

→ to prepare the trusted-network for future attacks.
• The IDPS can also provide forensic information.
VT
• This information may be used to catch the attacker for punishment.
(footprinting refers to activities that gather information about the organization and its network
activities and assets)
(fingerprinting refers to activities that scan network locales for active systems and then identify the
network services offered by the host systems)
3-4
3.1.3 Types of IDPS
• Two types of IDPSs are 1) network- based and host-based (Figure 3-1).
1) A network-based IDPS is focused on protecting network-assets.
• Two subtypes of network-based IDPS: i) wireless IDPS and ii) network behavior analysis (NBA) IDPS.
i) Wireless IDPS is focused on protecting wireless-networks.
ii) NBA IDPS examines traffic-flow on a network in an attempt to identify attacks like DDoS,
virus and worm.
2) A host-based IDPS is focused on protecting information-assets of a server(or host).
I
R
YS
SB
TE
Figure 3-1 Intrusion-detection and Prevention Systems
O
N
U
VT
3-5
3.1.3.1 Network-Based IDPS (NIDPS)
• It is focused on protecting network-assets.
• It resides on a network-segment of an organization.
• It monitors a specific group of computers on a specific network-segment
• It looks for indications of ongoing or successful attacks.
• When it identifies an attack, it sends an alert to the admin.
• When placed next to a network-device (hub/switch), NIDPS may use that device’s monitoring-port.
• A monitoring-port is a connection on a network-device that is capable of viewing all of the traffic that
moves through the entire device.
• To check for an attack, NIDPS compares measured activity to known signatures in their knowledge
base.
I
• In protocol stack verification, the NIDPS looks for invalid data-packets.
R
• In application protocol verification, the higher-order protocols (HTTP, FTP) are examined for
unexpected packet behavior.
• Advantages:
1) Few NIDPs can be used to monitor a large network.
YS
2) It is passive device.
So, they can be deployed into existing networks without disturbing normal operations.
3) It is not susceptible to direct attack.
So, they are not be detectable by attackers.
4) It can detect many more types of attacks than a HIDPS.
• Disadvantages:
SB
1) NIDPS can be overloaded by network volume.
So, they may fail to recognize actual attacks
2) It requires access to all traffic to be monitored.
3) It cannot analyze encrypted packets.
4) It cannot reliably confirm if an attack was successful or not.
5) It cannot detect attacks involving fragmented packets.
6) It requires a much more complex configuration and maintenance program.
TE
3.1.3.1.1 Wireless NIDPS(WIDPS)

• It is focused on protecting wireless-networks.
• It monitors and analyzes wireless-network-traffic.
• It looks for potential problems with the wireless protocols.
O
• It can be built into a device that provides a wireless access-point. (eg base station)
• It can also detect:
→ Unauthorized WLANs and WLAN devices
→ Poorly secured WLAN devices
N
→ Unusual usage patterns

→ Use of wireless-network scanners
→ DoS attacks and conditions
→ Impersonation and man-in-the-middle attacks
U
• Some issues associated with the implementation of WIDPS:

1) Physical Security
• Many wireless sensors are deployed in public places to obtain the widest possible network range.
VT
• Public areas includes conference rooms, assembly areas, and highways.

• So, additional security configuration and monitoring must be provided.
2) Sensor Range
• A wireless device’s range can be affected by
→ atmospheric conditions
→ building construction and
→ quality of the network card
• Some IDPS can be used to identify the optimal location for sensors by using the footprint based on
signal strength.
• Sensors are most effective when their footprints overlap.
3-6
3) Access-point and wireless switch locations
• Wireless-components containing IDPS must be carefully deployed to optimize the sensor detection
grid.
• The thumb rule:
you must guard against the possibility of an attacker connecting to an access-point from a
range far beyond the minimum.
4) Wired-network-connections
• Wireless-network components work independently of the wired-network when sending and receiving
between stations and access-points.
• However, a network-connection eventually integrates wireless traffic with the organization’s wired
network.
I
• Where there is no available wired-network-connection, it may be impossible to deploy a sensor.
R
5) Cost
• The more sensors deployed, the more expensive the configuration.
• Wireless-components typically cost more than their wired counterparts.
• Thus, the total cost of ownership of IDPS of both wired and wireless varieties should be carefully
YS
considered.
3.1.3.1.2 Network Behavior Analysis System(NBA IDPS)

• It examines traffic-flow on a network in an attempt to identify attacks like DDoS, virus and worm.
• It uses a version of the anomaly detection method to identify excessive packet flows.
• It typically monitors internal-networks but occasionally monitors connection between internal and
external networks.
• Typical traffic-flow includes:
SB
→ Source and destination IP-addresses
→ Source and destination TCP or UDP ports
→ ICMP types and codes
→ Number of packets and bytes transmitted in the session
→ Starting and ending timestamps for the session
TE
• It can detect following types of attacks:
→ DoS attacks (including DDoS attacks)
→ Scanning
→ Worms
→ Unexpected application services (e.g., tunneled protocols, back doors)
→ Policy violations
O
N
U
VT
3-7
3.1.3.2 Host-Based IDPS (HIDPS)
• It is focused on protecting information-assets of a server(or host).
• It resides on a particular host, and monitors activity only on that host.
• It is also known as system integrity verifiers because they
→ monitor the status of system-files and
→ detect when an attacker creates, modifies, or deletes files.
• It is also capable of monitoring system configuration database.
• It triggers an alert when one of the following occurs:
→ file-attributes change
→ new files are created or
→ existing files are deleted.
I
• It can also monitor systems logs for predefined events.
R
• It examines the log files to determine if an attack is underway or the attack has occurred.
• Advantages:
1) HIDPS can
→ detect local events on host systems and
YS
→ detect attacks that may escape a network-based IDPS.
2) It can process encrypted traffic.
3) It is not affected by the use of switched-network protocols.
4) It can detect inconsistencies in how applications were used by examining the records
stored in audit logs. This enables to detect Trojan horse attacks.
• Disadvantages:
SB
1) It requires more management effort to install, configure, and operate.
2) It is vulnerable both to direct attacks and to attacks against the host operating
3) It is not optimized to detect multi-host scanning.
system.
Also, it is not able to detect the scanning of non-host network-devices such as routers or
switches.
4) It is susceptible to some DOS attacks.
5) It requires a large amount of disk space to store audit logs.
TE
6) It can impose a performance overhead on its host systems. Thus, system performance may
be reduced.
O
N
U
VT
3-8
3.1.4 IDPS Detection Methods
• IDPSs use a variety of detection methods to monitor and evaluate network-traffic.
• Three popular methods are: 1) signature-based approach, 2) statistical-anomaly approach, and 3)
stateful packet inspection approach.
3.1.4.1 Signature-Based IDPS (Sig IDPS)

• It examines network-traffic in search of patterns that match known signatures.
• Signature refers to preconfigured, predetermined attack patterns.
• It is widely used because many attacks have clear and distinct signatures.
• For example:
1) Footprinting and fingerprinting activities use ICMP and DNS querying.
I
2) Exploits use a specific attack sequence designed to take advantage of a security-holes to
R
gain access to a system.
3) DoS attacks. The attacker tries to prevent the normal usage of a system by overloading.
• Disadvantages:
1) New attack strategies must be continuously added into the database of signatures.
YS
2) A slow, methodical attack might escape detection if the attack signature has a shorter time
frame.
Solution: Collect and analyze data over longer periods of time.
Use additional processing capacity and large data storage capability.
3.1.4.2 Statistical Anomaly-Based IDPS (Stat IDPS)

SB
• It collects statistical summaries by observing traffic that is known to be normal.
• This normal period of evaluation establishes a performance baseline.
• Once the baseline is established, it periodically
→ samples network activity and
→ compares the sampled network activity to this baseline.
• When the measured activity is outside the baseline parameters, it sends an alert to the admin.
• The baseline parameters can include
TE
→ host memory or CPU usage
→ network packet types, and
→ packet quantities.
• Advantage:
1) It can detect new types of attacks, since it looks for abnormal activity of any type.
• Disadvantages:
O
1) It requires much more overhead and processing capacity than sig-IDPSs.

2) It may not detect minor changes to system variables and may generate many false positives.
2) Due to its complexity, it is less commonly used than the sig-IDPSs.
N
U
VT
3-9
3.1.4.3 Stateful Protocol Analysis IDPS (SPA IDPS)
• It compares
→ predetermined profiles of generally accepted definitions of benign activity &
→ observed events to identify deviations.
• It relies on vendor-developed universal profiles that specify how particular protocols should and
should not be used.
• This is how it works:
1) Firstly, it stores relevant data detected in a session
2) Then, it uses this data to identify intrusions that involve multiple requests and responses
3) Finally, it detects multisession attacks. This process is known as deep packet inspection.
• It can also examine authentication sessions for suspicious activity.
I
• Disadvantages:
R
1) It requires heavy processing overhead to track multiple simultaneous connections.
2) It may interfere with the normal operations of the protocol.
YS
SB
TE
O
N
U
VT
3-10
3.1.5 IDPS Response Behavior
• IDPS responds to external stimulation in a different way, depending on its configuration and function.
3.1.5.1 IDPS Response Options
• IDPS responses can be classified as active or passive.
1) Active Response
 Active response is a definitive action automatically initiated when certain types of alerts are
triggered.
 It can include
→ collecting additional information
→ modifying the environment and
→ taking action against the attackers.
I
2) Passive Response
R
 Passive response
→ alerts the admin about attack and
→ waits for the admin to respond.
• Some of the responses include the following:
YS
1) Audible/visual Alarm
• IDPS can trigger a siren to alert the admin of an attack.
• For example: Computer pop-up can be configured with color indicators and specific messages.
2) SNMP Traps and plug-ins
• SNNP contains trap functions.
• A network-devices can use trap to send an alert to the SNMP management console.
3) E-mail message
SB
• An alert indicates that a certain threshold has been crossed, either positively or negatively.
• IDPS can send e-mail to notify admins of an event.

• The admins use smartphones to check for alerts and other notifications.
4) Page or Phone Message
• IDPS can dial a phone number and produce a modem noise.
5) Log entry
TE
• IDPS can enter information about the event into a log file. (e.g., addresses, time, systems involved,
protocol information).
• These files can be stored on separate servers to prevent skilled attackers from deleting entries about
their intrusions.
6) Evidentiary Packet Dump
• Organizations can to record all log data.
O
• Thus, the organization can

→ perform further analysis on the data and
→ submit the data as evidence in a civil or criminal case.
7) Take action against the attacker
N
• This response option involves configuring IDPS to trace the data from the target system to the
attacking system in order to initiate a counterattack. This is also known as trap-and-trace, back-
hacking, or traceback.
8) Launch program
U
• An IDPS can be configured to execute a specific program when it detects specific types of attacks.
9) Reconfigure firewall
• An IDPS can send a command to the firewall to filter out suspected packets by IP-address, port, or
VT
protocol.
• IDPS can block or deter intrusions via one of the following methods:
1) Establishing a block for all traffic from the suspected attacker’s IP-address.
2) Establishing a block for specific TCP or UDP port traffic from the suspected attacker’s.
3) Blocking all traffic to or from a network interface in case of the suspected attack.
4) Terminating the session by using the TCP/IP protocol specified packet.
5) Terminating the organization’s internal or external connections.
3-11
3.1.6 Selecting IDPS Approaches and Products
3.1.6.1 Technical and Policy Considerations
• What Is Your Systems Environment?
1) What are the technical specifications of your systems environment?
2) What are the technical specifications of your current security protections?
3) What are the goals of your enterprise?
4) How formal is the system environment and management culture in your organization?
• What Are Your Security Goals and Objectives?
1) Is primary concern of your organization protecting from threats originating from outside?
2) Is your organization concerned about insider attack?
3) Does your organization want to use the output of your IDPS to determine new needs?
I
4) Does your organization want to maintain managerial control over network usage?
R
• What Is Your Existing Security-policy?
1) How is it structured?
2) What are the general job descriptions of your system users?
3) Does the policy include reasonable use policies or other management provisions?
YS
4) Has your organization defined processes for dealing with specific policy violations?
3.1.6.2 Organizational Requirements and Constraints

• What Requirements Are Levied from Outside the Organization?
1) Is your organization subject to oversight or review by another organization?
2) Are there requirements for public access to information on your organization’s systems?
SB
3) Are there other security-specific requirements levied by law? Are there legal requirements for
protection of personal information stored on your systems?
4) Are there internal audit requirements for security best practices or due diligence?
5) Is the system subject to accreditation?
6) Are there requirements for law enforcement investigation of security incidents?
• What Are Your Organization’s Resource Constraints?
1) What is the budget for acquisition and life cycle support of Intrusion-detection hardware,
TE
software, and infrastructure?
2) Is there sufficient existing staff to monitor an Intrusion-detection system full time?
3) Does your organization have authority to instigate changes based on the findings of an
Intrusion-detection system?
3.1.6.3 IDPSs Product Features and Quality

O
• Is the Product Sufficiently Scalable for Your Environment?

• How Has the Product Been Tested?
1) Has the product been tested against functional requirements?
2) Has the product been tested against attack?
N
• What Is the User Level of Expertise Targeted by the Product?

• Is the Product Designed to Evolve as the Organization Grows?
1) Can the product adapt to growth in user expertise?
2) Can the product adapt to growth and change of the organization’s systems infrastructure?
U
3) Can the product adapt to growth and change in the security threat environment?
• What Are the Support Provisions for the Product?
1) What are the commitments for product installation and configuration support?
VT
2) What are the commitments for ongoing product support?

3) Are subscriptions to signature updates included?
4) How often are subscriptions updated?
5) How quickly after a new attack is made public will the vendor ship a new signature?
6) Are software updates included?
7) How quickly will software updates be issued after a problem is reported to the vendor?
8) Are technical support services included? What is the cost?
9) What are the provisions for contacting technical support (e-mail, telephone, online chat)?
10) Are there any guarantees associated with the IDPS?
11) What training resources does the vendor provide?
12) What additional training resources are available from the vendor and at what cost?
3-12
3.1.7 Strengths and Limitations of IDPSs
3.1.7.1 Strengths of IDPS
1) Monitoring and analysis of system events and user behaviors.
2) Testing the security states of system configurations.
3) Baselining the security state of a system, then tracking any changes to that baseline.
4) Recognizing patterns of system events that correspond to known attacks.
5) Recognizing patterns of activity that statistically vary from normal activity.
6) Managing operating system audit and logging mechanisms and the data they generate.
7) Alerting appropriate staff by appropriate means when attacks are detected.
8) Measuring enforcement of security policies encoded in the analysis engine.
9) Providing default information security policies.
I
10) Allowing non-security experts to perform important security monitoring functions.
R
3.1.7.2 Limitations of IDPS
1) Compensating for weak or missing security mechanisms in the protection infrastructure, such as
→ firewalls
YS
→ identification and authentication systems
→ link encryption systems
→ access control mechanisms, and
→ virus detection and eradication software
2) Instantaneously detecting, reporting & responding to an attack when there is a heavy network load.
3) Detecting newly published attacks or variants of existing attacks.
SB
4) Effectively responding to attacks launched by sophisticated attackers.
5) Automatically investigating attacks without human intervention.
6) Resisting all attacks that are intended to defeat or circumvent them.
7) Compensating for problems with the fidelity of information sources.
8) Dealing effectively with switched-networks.
TE
O
N
U
VT
3-13
3.1.8 Deployment and Implementation of an IDPS
3.1.8.1 IDPS Control Strategies
• A Control-Strategy determines how an organization supervises and maintains the configuration of an
IDPS.
• It also determines how the input and output of the IDPS is managed.
• The three commonly used control strategies are
1) Centralized
2) Partially distributed and
3) Fully distributed.
3.1.8.1.1 Centralized Control-Strategy
I
• All control functions are implemented and managed in a central location called IDPS Console.
R
• IDPS console includes the management software which (Figure 3-2).
→ collects information from the remote sensors
→ analyzes the systems or networks, and
→ determines whether the current situation has deviated from the preconfigured baseline.
YS
• Advantage:
Less cost and control compared to other 2 control strategies.
• With one central implementation,
→ there is one management system
→ there is one place to monitor the status of the network
→ there is one location for reports and
SB
→ there is one set of administrative management.
• It supports task specialization, since all managers are located near the IDPS management console.
• It means that each person can focus specifically on an assigned task.
TE
O
N
U
VT
Figure 3-2 Centralized IDPS Control
3-14
3.1.8.1.2 Fully Distributed Control-Strategy
• All control functions are applied at the physical location of each IDPS component. (Figure 3-3).
• Each monitoring site uses its own paired sensors to perform its own control functions to achieve the
necessary detection, reaction, and response functions.
• Thus, each sensor/agent is best configured to deal with its own environment.
• Advantage:
Better response time. This is because IDPSs do not have to wait for a response from a
centralized control facility
I
R
YS
SB
TE
O
N
Figure 3-3 Fully Distributed IDPS Control1

U
VT
3-15
3.1.8.1.3 Partially Distributed Control-Strategy
• It combines the best of the other two strategies. (Figure 3-4).
• The individual admins can analyze and respond to local threats.
• In addition, they can also report to a hierarchical central facility.
It enables the organization to detect widespread attacks.
• Advantage:
This approach is useful when attackers probe an organization at multiple points of entry.
• The organization can optimize for economy of scale in the implementation of key management
software and personnel.
• A pool of security managers can evaluate reports from multiple distributed IDPS systems.
Thus, they are able to detect various distributed attacks.
I
R
YS
SB
TE
O
N
U
Figure 3-4 Partially Distributed IDPS Control1

VT
3-16
3.1.8.2 IDPS Deployment
3.1.8.2.1 Deploying Network-Based IDPSs
Location 1: Behind each external firewall, in the network DMZ (See Figure 3-5, location 1)
• Advantages:
1) IDPS sees attacks that originate from the outside the trusted-network.
2) It identifies problems with the firewall policy or performance.
3) It sees attacks on the Web server which commonly reside in this DMZ.
4) Even if incoming attack is not detected, the IDPS can recognize attack via outgoing traffic.
Location 2: Outside an external firewall (See Figure 3-5, location 2)
• Advantages:
1) IDPS documents the number of attacks that originate from the Internet.
I
2) It documents the types of attacks that originate from the Internet.
R
Location 3: On major network backbones (See Figure 3-5, location 3)
• Advantages:
1) IDPS monitors a large amount of a network’s traffic, thus increasing its chances of spotting
attacks.
YS
2) It detects unauthorized activity by authorized users within the organization.
Location 4: On critical subnets (See Figure 3-5, location 4)
• Advantages:
1) IDPS detects attacks targeting critical systems and resources.
2) The organizations can protect these resources as the most valuable network-assets.
SB
TE
O
N
U
Figure 3-5 Network IDPS Sensor Locations

VT
3-17
3.1.8.2.2 Deploying Host-Based IDPSs
• The proper implementation of HIDPSs can be a time-consuming task.
Since, each HIDPS must be custom configured to its host systems.
• Deployment begins with implementing the most critical systems first.
• Practice
→ helps the installation team gain experience and
→ helps determine if the installation might trigger any unusual events.
• Gaining an edge on the learning curve by raining on nonproduction systems benefits the overall
deployment process by reducing the risk of unforeseen complications.
• Installation continues until all systems are installed.
• To provide ease of management, control, and reporting, each HIDPS should be configured to interact
I
with a central management console.
R
• During the system testing process, training scenarios can be developed that will enable users to
recognize and respond to common attack situations.
• To ensure effective and efficient operation, the management team can establish policy for the
operation and monitoring of the HIDPS.
YS
3.1.9 Measuring the Effectiveness of IDPSs
1) Thresholds
• It is a value that sets the limit between normal and abnormal behavior.
• It usually specifies a maximum acceptable level.
For ex: 30 failed connection attempts in 60 seconds
• It is most commonly used in
→ anomaly-based detection and
→ stateful protocol analysis.
2) Blacklist and Whitelist
SB
Blacklist
• It is a list of discrete entities which are associated with abnormal activity.
• For example:
TE
Applications (say telnet, FTP)
File extensions (say mpeg, mp4)
URLs (say facebook, amazon)
TCP or UDP port numbers (say 23:telnet, 21:FTP)
• IDPS uses blacklist
→ to block the abnormal activity and
O
→ to assign a higher priority to alerts that match blacklist entries.

• Some IDPSs generate dynamic blacklists that are used to temporarily block recently detected threats.
Whitelist
• It is a list of discrete entities that are known to be benign.
N
• It is used to reduce or ignore false positives involving known benign activity from trusted hosts.
• Whitelists and blacklists are most commonly used in
→ signature-based detection and
→ stateful protocol analysis.
U
3) Alert Settings
• Most IDPS allow admins to customize each alert type.
• For example:
VT
→ Toggling it on or off
→ Setting a default priority or severity level
→ Specifying what information should be recorded
→ Specifying what notification methods should be used
→ Specifying which prevention capabilities should be used
• Some products also suppress alerts if an attacker generates many alerts in a short period of time. It
is to prevent the IDPS from being overwhelmed by alerts.
4) Code Viewing and Editing
• Some IDPS permit admins to see some or all of the detection-related code.
• Some IDPS allow admins to see additional code, such as programs used to perform stateful protocol
analysis.
3-18
3.2 Honeypots, Honeynets, and Padded-Cell Systems
• Honeypot refers to a trapping-system used to tempt potential attackers into committing an attack.
• Honeynet refers to an interconnection of several honeypots on a subnet.
• A honeypot contains pseudo-services that imitate well-known services.
• But, these services are configured in such a way that it looks vulnerable to attacks.
• Honeypot is designed to do the following:
1) Divert an attacker from critical systems.
2) Collect information about the attacker’s activity.
3) Encourage the attacker to stay on the system for longer time, so that admins can
respond.
• Honeypot pretends like holding a valuable information.
I
• So, any unauthorized access to honeypot can be considered as suspicious activity.
R
• Honeypots are equipped with sensitive monitors and event loggers that
→ detect attempts to access the system and
→ collect information about the potential attacker’s activities.
• Padded-Cell refers to a honeypot that is protected so that that it cannot be easily compromised.
YS
• A padded-cell operates in tandem with a traditional IDPS.
• When the IDPS detects an attacker, the attacker will be diverted to a dummy-systems where they
cause no harm.
• Advantages:
1) Attackers can be diverted to dummy-systems that they cannot damage.
2) Attackers’ actions can be monitored.
SB
The records can be used to refine threat models and improve system protections.
3) Honeypots may be effective at catching insiders who are snooping around a network.
4) Admins have time to respond to an attacker.
• Disadvantages:
1) An expert attacker, once diverted into a dummy-system, may become angry and launch a
more aggressive attack.
2) The legal implications of using such devices are not well understood.
TE
3) Honeypot/padded-cell have not yet been shown to be useful security technologies.
4) Admins must have a high level of expertise to manage these systems.
O
N
U
VT
3-19
3.2.1 Trap-and-Trace Systems
• These systems use a combination of techniques to
→ detect an intrusion and
→ trace back the attacker to find his location.
• The trap feature consists of a honeypot/padded-cell and an alarm.
• When the attackers are trapped, the system alerts the admin.
• Admins should be careful not to cross the line between enticement and entrapment.
1) Enticement is the act of attracting attention to a system by placing tempting information in
key locations.
2) Entrapment is the act of tempting an individual into committing a crime to get a conviction.
• Enticement is legal and ethical, whereas entrapment is not.
I
• Admins should also be cautious of the wasp trap syndrome.
R
• In this syndrome, a concerned homeowner installs a wasp trap in his back yard to trap the few
insects he sees flying about.
• The trace feature is an extension to the honeypot/padded-cell approach.
• The trace is a process by which the organization attempts to identify an attacker discovered in the
YS
trusted-network. (Trace is similar to caller ID).
1) If the attacker is inside the organization, the admins can
→ track the individual and
→ hand him over to their boss.
2) If the attacker is outside the organization, then numerous legal issues arise.
3.2.2 Active Intrusion-Prevention SB

• LaBrea is an example for active intrusion-prevention tool.
• It is a combination of honeypot and IDPS.
• It works by taking up the unused IP-address space within a network.
• When LaBrea notes an ARP request, it checks to see if the requested IP-address is valid or not.
• If the IP-address is not valid, LaBrea
→ pretends to be a computer at that IP-address and
TE
→ allows the attacker to complete the connection.
• After connection is setup, LaBrea
→ reduces the sliding window size and
→ keeps connection open for many hours, days, or even months.
• Holding the connection open but inactive greatly slows down network-based worms and other
attacks.
O
• LaBrea can notify the admin about the anomalous behavior on the network.
N
U
VT
3-20
3.3 Scanning and Analysis Tools
• Scanning-tools are used by an attacker to collect information needed to launch a successful attack.
• The attack protocol is a set of steps used by an attacker to launch an attack against a target
system/network.
• Main goal of attack protocol is to the collect publicly available information about a potential target.
This process is known as footprinting.
• Footprinting is the organized research of the Internet addresses owned or controlled by a target
organization.
• By performing keyword searches on Internet, the attacker identifies the network addresses of the
organization.
• The attacker browses the organization’s Web pages.
I
• Web pages contain information about
R
→ internal systems and
→ individuals developing Web pages
• On Web browser, the view source option can be used to see the source code behind the Web page.
• The attacker can get clues about following things in the source code:
YS
→ locations and directories for CGI script bins and
→ names or possibly addresses of computers and servers.
3.3.1 Port Scanners

• These are tools used by both attackers and defenders to identify
→ computers that are active on a network (fingerprinting)
SB
→ ports and services active on those computers, and
→ functions and roles the machines are fulfilling.
• These tools either
→ scans for specific types of computers, protocols, or resources, or
→ scans for generic types
• The more specific the scanner is, the more useful the information it provides to attackers and
defenders.
TE
• A port is a network channel or connection point in a data communications system.
• Within TCP/IP model,
Each application has a unique port number.
Port numbers are used to differentiate the multiple network services provided to the same
computer.
• There are 2 types of ports:
O
1) Reserved Ports
 Services with reserved ports generally run on ports 1–1023.
 For example:
TCP Port Numbers TCP Service
N
20 and 21 File Transfer Protocol (FTP)

23 Telnet
25 Simple Mail Transfer Protocol (SMTP)
53 Domain Name Services (DNS)
U
80 Hypertext Transfer Protocol (HTTP)

2) Ephemeral Ports
 Ports greater than 1023 are referred to as ephemeral ports.
VT
 These ports may be randomly allocated to server and client processes.

• Question: Why secure open ports?
Ans:  An open port can be used by an attacker to gain access to a server, and gain control
over a networking device.
 The thumb rule is
"Remove those service which are not absolutely necessary for conducting business".
 For example, if a business doesn’t host Web services, then don't make port 80 available on its
servers.
3-21
3.3.2 Firewall Analysis Tools
• These are tools used by security-admin to identify
→ location of organization’s firewall
→ existing rule sets on the firewall
• By analyzing the rules, the admin can determine what type of traffic firewall permits and rejects.
• Three popular tools to analyze firewalls:
1) Nmap
 The Nmap tool has option called idle scanning.
 Using Idle scanning, the user can scan across a firewall.
 One of the idle DMZ hosts is used as the initiator of the scan.
2) Firewalk
I
 It uses incrementing TTL packets to determine the path into a network
R
 Running Firewalk against a target machine reveals where routers and firewalls are filtering
traffic to the target host.
3) HPING
 It is a modified ping client.
YS
 It supports multiple protocols.
 It has a command-line method of specifying nearly any of the ping parameters.
 For instance,
HPING with modified TTL values can be used to determine the infrastructure of a DMZ.
HPING with specific ICMP flags can be used to bypass poorly configured firewalls.
• The admins should remember two important points:
SB
1) It is user intent that dictates how the information gathered is used.
2) To defend a computer/network, it is necessary to understand the ways it can be attacked.
3.3.3 Operating System Detection Tools

• These are tools used by an attacker to detect the operating system of target host.
• Once OS is known, all security-holes in the OS can easily be determined.
XProbe
TE
 It is a popular tool to detect OS.
 It uses ICMP to determine the remote OS.
 It sends many different ICMP queries to the target host.
 Then, it matches the responses from the target host with its own internal database of known
responses.
 Solution: The admins must restrict the use of ICMP through their organization’s firewalls.
O
N
U
VT
3-22
3.3.4 Vulnerability Scanners
• These tools scan networks for highly detailed information.
• There are types: 1) Active-scanner 2) Passive-scanner
3.3.4.1 Active-scanner
• It is used to initiate traffic on the network in order to determine security-holes.
• It can be used to
→ identify usernames and groups
→ expose configuration problems and
→ identify other security-holes in servers.
Nessus
I
 It is a popular active-scanner.
R
 It uses IP packets to
→ identify the hosts available on the network
→ services of the hosts
→ OS of the hosts and
YS
→ type of firewall used
 The Nessus has a class of attacks called destructive.
 If enabled, Nessus attempts common overflow techniques against a target host.
Blackbox Scanner or Fuzzer
• It is a class of vulnerability scanner.
• Fuzz testing looks for security-holes in a program/protocol by feeding random input.
3.3.4.2 Passive-scanner
• It is used to
SB
• Security-holes can be detected by measuring the outcome of the random inputs.
→ listen in on the network and

→ determine vulnerable versions of both server and client software.
• Two popular tools:
TE
1) Tenable Network Security with its Passive Vulnerability Scanner (PVS) and
2) Sourcefire with its RNA product.
• Advantages
1) Do not require security analysts to get approval prior to testing.
2) Simply monitors the network-connections to and from a server to obtain a list of vulnerable
applications.
O
3) Ability to find client-side security-holes that are typically not found by active-scanners.
N
U
VT
3-23
3.3.5 Packet Sniffers
• It can be used to
→ collect copies of packets from the network and
→ analyze those copies of packets.
• It can provide a admin with valuable information for diagnosing and resolving networking issues.
• In the wrong hands, however, a sniffer can be used to eavesdrop on network-traffic.
• There are both commercial and open-source sniffers.
• More specifically,
Sniffer is a commercial product.
Snort is open-source software.
Wireshark
I
 It is a popular packet sniffer.
R
 It allows the admin to examine data from both live network-traffic and captured traffic.
 It also provides a language filter and TCP session reconstruction utility.
• To use a packet sniffer legally, the admin must
1) be on a network that the organization owns
YS
2) be under direct authorization of the owners of the network and
3) have knowledge and consent of the content creators.
• If all 3 conditions are met, the admin can collect and analyze packets to identify problems on the
network.
• Many admins feel that they are safe from sniffer attacks when their computing environment is
primarily a switched-network environment.
SB
• There are a 2 open-source sniffers that support alternate networking approaches:
1) ARP-spoofing and 2) session hijacking
3.3.6 Wireless Security Tools

• A wireless connection has many potential security-holes.
• An organization that spends all of its time securing the wired-network and leaves wireless-networks
to operate in any manner is opening itself up for a security breach.
TE
• As a security professional, you must assess the risk of wireless-networks.
• A wireless security toolkit should include
→ ability to sniff wireless traffic
→ scan wireless hosts, and
→ assess the level of privacy.
AirSnare
O
 It is a free tool that can be run on a low-end wireless workstation.

 It monitors the airwaves for any new devices or access-points.
 When it finds a new devices, it sends alert to the admin.
N
U
VT
3-24
4.1 Introduction
4.2 Foundations of Cryptology
4.2.1 Terminology
4.3 Cipher Methods
4.3.1 Substitution Cipher
I
4.3.2 Transposition Cipher .
4.3.3 Exclusive OR
R
4.3.4 Vernam Cipher
4.3.5 Book or Running Key Cipher
4.3.6 Hash Functions
YS
4.4 Cryptographic Algorithms
4.4.1 Symmetric Encryption
4.4.2 Asymmetric Encryption
4.5 Cryptographic Tools
4.5.1 Public-Key Infrastructure (PKI)
4.5.2 Digital Signatures
4.5.3 Digital-certificates
4.5.5 Steganography
4.6 Attacks on Cryptosystems
4.6.1 Man-in-the-Middle Attack
SB
4.5.4 Hybrid Cryptography Systems
4.6.2 Correlation Attacks

4.6.3 Dictionary Attacks
TE
4.6.4 Timing Attacks
4.6.5 Defending Against Attacks
O
N
U
VT
4-1
4.1 Introduction
• The science of encryption, known as cryptology, encompasses cryptography and cryptanalysis.
• Cryptography, which comes from the Greek words kryptos, meaning “hidden,” and graphein,
meaning “to write,” is the process of making and using codes to secure the transmission of
information.
I
• Cryptanalysis is the process of obtaining the original message (called the plaintext) from an
encrypted-message (called the ciphertext) without knowing the algorithms and keys used to perform
R
the encryption.
• Encryption is the process of converting an original message into a form that is unreadable to
unauthorized individuals—that is, to anyone without the tools to convert the encrypted-message back
YS
to its original format.
• Decryption is the process of converting the ciphertext message back into plaintext.
4.2 Foundations of Cryptology

4.2.1 Terminology
1) Algorithm
• The programmatic-steps used to convert an unencrypted-message into an encrypted-message.
2) Cipher or cryptosystem SB
• An encryption-method used to perform encryption and decryption.
• The encryption-method includes
→ algorithm
→ key(s) and
→ procedures.
TE
3) Ciphertext
• The encrypted-message resulting from an encryption.
4) Code
• The process of converting an unencrypted-message into encrypted-message.
5) Decipher
• To decrypt, ciphertext into the equivalent plaintext.
6) Encipher
O
• To encrypt, plaintext into the equivalent ciphertext.

7) Key
• The information used along with an algorithm
→ to create the ciphertext from the plaintext or
N
→ to derive the plaintext from the ciphertext.

8) Keyspace
• The entire range of values that can be used to construct an individual key.
U
9) Link Encryption
• A series of encryptions and decryptions between a number of systems.
• In a network, each system
→ decrypts the message and
VT
→ then re-encrypts the message using different keys and

→ sends the message to the next neighbor.
This process continues until the message reaches the final destination.
10) Plaintext
• The original unencrypted-message resulting from a decryption.
11) Steganography
• The hiding of messages—for example, within the digital encoding of a picture or graphic.
12) Work factor
• The amount of effort required to perform cryptanalysis to decrypt an encrypted-message when the
key or algorithm are unknown.
4-2
4.3 Cipher Methods
• Two methods of encrypting plaintext:
1) Bit stream method or
2) Block cipher method.
1) Bit Stream method
• Each plaintext-bit is transformed into a ciphertext-bit, one bit at a time.
• It uses algorithm functions like the XOR.
2) Block Cipher method
• The message is divided into blocks.
• Then, each block of plaintext-bits is transformed into a block of ciphertext-bits using an algorithm
and a key.
I
• It can use substitution, transposition, XOR, or some combination of these operations.
R
YS
SB
TE
O
N
U
VT
4-3
4.3.1 Substitution Cipher
Monoalphabetic Substitution
• To perform encryption, you substitute one alphabet for another alphabet. This type of substitution is
called a monoalphabetic substitution because of one to one mapping.
• For example:
Here, we can substitute a letter in the alphabet with the letter three values to the right.
Here, the first row is the plaintext, and the second row is the ciphertexts.
For example: The plaintext "MOON" will be encrypted into the ciphertext "PRRP".
I
Polyalphabetic Substitutions
• To perform encryption, you substitute two or more alphabets for another value. This type of
R
substitution is called a polyalphabetic substitution because of one to many mapping.
• For example:
Here, the first row is the plaintext, and the next four rows are four sets of ciphertexts.
YS
For example: The plaintext "MOON" will be encrypted into the ciphertext "PUXZ".
Vigenere Cipher SB
• This is an advanced form of a polyalphabetic substitutions.
• The ciphertext is found using the Vigenere table, which is made up of 26 distinct cipher alphabets.
• Table 4-1 illustrates the setup of the Vigenere table.
TE
O
N
U
VT
Table 4-1 The Vigenère Square
4-4
• Here, we use a keyword to represent the shift.
• For example,
keyword: ITALY
plaintext: SACK GAUL SPARE NO ONE
Thus we have,
plaintext S A C K G A U L S P A R E N O O N E
keyword I T A L Y I T A L Y I T A L Y I T A
ciphertext A T C V E I N L D N I K E T M W G E
• To perform the substitution,
Start with the first combination of plaintext and keyword letters i.e. SI.
Use the plaintext letter 'S' to find the row.
I
Use the keyword letter 'I' to locate the column.
R
Then, look for the letter at intersection of row & column i.e. A. This is the ciphertext-letter.
• Disadvantage:
Any keyword-message letter combination containing an “A.” row or column reproduces the
plaintext-message letter.
YS
For example,
The third letter in the plaintext i.e. the C has a combination of AC, and thus is
unchanged in the ciphertext.
4.3.2 Transposition Cipher (or Permutation Cipher)

• It rearranges the values within a block to create the ciphertext.
• Assume key-pattern is as follows

SB
• It can be applied at the bit level or at the byte (character) level.
The bit in position 1 moves to position 4,

The bit in position 2 moves to position 8, and so on.
• Example for bit level:
TE
• Example for bit level:

O
4.3.3 Exclusive OR
• XOR is a function of Boolean algebra in which two bits are compared.
N
1) If the two bits are identical, the result is a binary 0. (Table 4-2).
2) If the two bits are not the same, the result is a binary 1.
U
VT
Table 4-2 XOR Truth Table
Table 4-3 Example XOR Encryption
4-5
4.3.4 Vernam Cipher (or One-Time Pad)
• It uses a set of characters only one time for each encryption-process. Hence, the name one-time
pad.
• To perform encryption, the pad-values are added to numeric-values that represent the plaintext.
• Each letter of the plaintext is converted into a number & a pad-value for that position is added to it.
• The resulting sum for that character is then converted back to a ciphertext-letter for transmission.
• If the sum of the two values exceeds 26, then 26 is subtracted from the total.
• Consider following example:
 The encryption-process works as follows:
The letter “S” is converted into the number 19 (because it is the 19th letter of the alphabet).
I
R
YS
 The pad-value is derived from the position of each pad text letter in the alphabet; thus
the pad text letter “F” is assigned the position number 06.
 This conversion process is repeated for the entire one-time pad text.
SB
 Next, the plaintext value & the one-time pad-value are added together.
 The first sum is 25, so the ciphertext-letter is “Y,”
 The decryption process works as follows:
The letter “Y” becomes the number 25, from which we subtract the pad-value for the
first letter of the message i.e. 06. This yields a value of 19, or the letter “S.”
TE
4.3.5 Book or Running Key Cipher
• The ciphertext consists of a list of codes representing the page number, line number, and word
number of the plaintext word.
• The algorithm is the mechanical process of looking up the references from the ciphertext and
converting each reference to a word by using the ciphertext’s value and the key (the book).
O
N
U
VT
4-6
4.3.6 Hash Functions
• Hash algorithms are public functions that create a hash value, also known as a message digest.
• Hash algorithms converts variable-length messages into a single fixed-length value.
1) The message digest is a fingerprint of the author’s message that is compared with the
recipient’s locally calculated hash of the same message.
2) If both hashes are identical after transmission, the message has arrived without modification.
• Hashing functions do not require the use of keys, but it is possible to attach a message
authentication code (MAC) that allows only specific recipients (symmetric key holders) to access the
message digest.
• Because hash functions are one-way, they are used in password verification systems to confirm the
identity of the user.
I
• The number of bits used in the hash algorithm is a measurement of the strength of the algorithm
R
against collision attacks.
• For example:
SHA-1 produces a 160-bit message digest, which can be used as an input to a digital signature
algorithm.
YS
• A recent attack method called rainbow cracking has generated concern about the strength of the
processes used for password hashing.
• In general, if attackers gain access to a file of hashed passwords, they can use a combination of
brute force and dictionary attacks to reveal user passwords.
• Passwords that are dictionary words or poorly constructed can be easily cracked.
• Well-constructed passwords take a long time to crack even using the fastest computers, but by using
version, no brute force required.

SB
a rainbow table, the rainbow cracker simply looks up the hashed password and reads out the text
• This type of attack is more properly classified as a time–memory tradeoff attack.

• Salting is the process of providing a non-secret, random piece of data to the hashing function when
the hash is first calculated.
• The use of the salt value creates a different hash and when a large set of salt values are used,
rainbow cracking fails
TE
O
N
U
VT
4-7
4.4 Cryptographic Algorithms
• In general, cryptographic algorithms are often grouped into two broad categories—symmetric and
asymmetric.
• Symmetric and asymmetric algorithms are distinguished by the types of keys they use for encryption
and decryption operations.
4.4.1 Symmetric Encryption (private key encryption)

• The same secret key is used to encrypt and decrypt the message.
• It uses mathematical operation that can be programmed into extremely fast computing algorithms.
Thus, the encryption and decryption processes are executed quickly.
• Main challenges: Both the sender and the recipient must have the secret key prior communication.
I
R
YS
SB
TE
Figure 4-1 Example of Symmetric Encryption
• Popular methods are:

1) Data Encryption Standard (DES)
O
 It uses a 64-bit block size and a 56-bit key.

2) Triple DES (3DES)
 It was created to provide a more security than DES.
N
3) Advanced Encryption Standard (AES)

 It is the successor to 3DES.
 It uses a block size of variable length and a key length of 128, 192, or 256 bits
U
VT
4-8
4.4.2 Asymmetric Encryption (Public-key encryption)
• Two different keys are used to encrypt and decrypt the message.
• Either of 2 keys can be used to encrypt or decrypt the message.
1) If key A is used to encrypt the message, only key B can decrypt it.
2) If key B is used to encrypt a message, only key A can decrypt it.
• It can be used to provide a solution to problems of secrecy and verification.
• Two different keys are
1) private key is kept secret, known only to the owner and
2) public-key is stored in a public location where anyone can use it.
• It is a one-way function.
i.e. A one-way function is simple to compute in one direction, but complex to compute in the
I
opposite direction.
R
• Popular method is: RSA
• Disadvantages:
1) The problem is holding a single conversation between two parties requires four keys.
2) Not efficient in terms of CPU computations when compared to symmetric Encryption.
YS
SB
TE
O
Figure 4-2 Example of Asymmetric Encryption

N
U
VT
4-9
4.5 Cryptographic Tools
4.5.1 Public-Key Infrastructure (PKI)
• PKI is an integrated system of software, encryption-methods, protocols, legal agreements, and third-
party services that enables users to communicate securely.
• It is based on public-key cryptosystem.
• It includes
→ Digital-certificates and
→ certificate authorities (CAs).
• Digital-certificates contain the user name, public-key, and other identifying information.
• Digital-certificates allow computer-programs
→ to validate the key and
I
→ to identify the owner of the key.
R
• The security-services includes:
1) Authentication
 Individuals, organizations, and Web-servers can validate the identity of each parties in an
Internet transaction.
YS
2) Integrity
 Content signed by the certificate is known to not have been altered while in transit from host
to host or server to client.
3) Privacy
 Information is protected from being intercepted during transmission.
4) Authorization
SB
 The validated identity of users and programs can enable authorization rules that remain in
place for the duration of a transaction.
5) Nonrepudiation
 Customers can be held accountable for transactions, such as online purchases, which they
cannot later dispute.
• It contains following components:
1) Certificate authority (CA) issues, manages, authenticates, signs, and revokes users’
TE
digital-certificates.
2) Registration authority (RA) operates under the trusted collaboration of the certificate
authority.
 The registration authority (RA) can handle day-to-day certification functions, such as
→ verifying registration information
→ generating end-user keys
O
→ revoking certificates, and

→ validating user certificates.
3) Certificate directories are central locations for certificate storage that provide a single
access point for administration and distribution.
N
4) Management protocols organize and manage the communications among CAs, RAs, and
end users.
5) Policies and procedures assist an organization in the management of certificates, in the
formalization of legal liabilities.
U
4.5.2 Digital Signatures

• Digital signatures were created in response to the rising need to verify information transferred via
VT
electronic systems.
• Asymmetric encryption-processes are used to create digital signatures.
• The sender’s private key is used to encrypt a message.
The sender’s public-key must be used to decrypt the message.
• When the decryption is successful, the process verifies that the message was sent by the sender and
thus cannot deny having sent. This process is known as non-repudiation.
• Digital signatures are encrypted-messages that can be mathematically proven authentic.
• The management of digital signatures is built into most Web browsers.
• Digital signatures should be created using processes and products that are based on the Digital
Signature Standard (DSS).
4-10
4.5.3 Digital-Certificates
• A Digital-certificate is an electronic document(or container file) that contains a key value and
identifying information about the owner of the key.
• The certificate is issued and certified by a third party called as a certificate authority.
• A digital signature attached to the certificate’s container file certifies the file’s origin and integrity.
• This verification process often occurs when you download or update software via the Internet.
• Digital-certificates authenticate the cryptographic key that is embedded in the certificate.
• Different client-server applications use different types of Digital-certificates:
1) The CA application suite issues and uses certificates (keys) that identify and establish a trust
relationship with a CA.
2) Mail applications use Secure/Multipurpose Internet Mail Extension (S/MIME) certificates for
I
signing and encrypting e-mail.
R
3) Development applications use object-signing certificates to identify signers of object oriented
code and scripts.
4) Web-servers use Secure Sockets Layer (SSL) certificates to authenticate servers.
5) Web clients use SSL certificates to authenticate users.
YS
• Two popular certificate types are those created using
1) Pretty Good Privacy (PGP) and
2) those created using applications that conform to International Telecommunication Union’s
(ITU-T) X.509 version 3 (Table 4-4).
SB
TE
O
N
U
Table 4-4 X.509 v3 Certificate Structure

VT
4.5.4 Hybrid Cryptography Systems

• The most common hybrid system is based on the Diffie-Hellman key exchange.
• Diffie-Hellman key exchange is a method for exchanging private keys using public-key encryption.
• It uses asymmetric encryption to exchange session keys.
• It allows two entities to conduct quick, efficient, secure communications based on symmetric
encryption.
• It protects data from exposure to third parties, which is sometimes a problem when keys are
exchanged out-of-band.
4-11
4.5.5 Steganography
• The word steganography is derived from the Greek words steganos, meaning “covered” and
graphein, meaning “to write.”
• While steganography is technically not a form of cryptography, it is another way of protecting the
confidentiality of information in transit.
• The steganography involves hiding information within files that contain digital pictures or other
images.
4.6 Attacks on Cryptosystems

• In general, attacks on cryptosystems fall into four general categories: man-in-the-middle,
correlation, dictionary, and timing.
I
R
4.6.1 Man-in-the-Middle Attack
• An attacker tries
→ to intercept a public-key or
→ to insert a known key structure in place of the requested public-key.
YS
• The attackers place themselves in between the sender and receiver.
When they’ve intercepted the request for key exchanges, they send each participant a valid
public-key, which is known only to them.
• The victims (participants) thinks that the communication is secure but the attacker is will be
→ receiving and decrypting the encrypted-message, and
→ encrypting and sending the message to the intended recipient.
SB
• Possible solution: Establishing public-keys with digital signatures can prevent this attack. This is
because the attacker cannot duplicate the signatures.
4.6.2 Correlation Attacks

• The attack is a collection of brute-force methods that try to deduce statistical relationships between
→ the structure of the unknown key and
→ the ciphertext generated by the cryptosystem.
TE
• Differential and linear cryptanalysis have been used to perform successful attacks on block cipher
encryptions such as DES.
• Possible solution: Selection of strong cryptosystems that have
→ stood the test of time
→ thorough key management, and
→ best practices in the frequency of key changes.
O
4.6.3 Dictionary Attacks

• An attacker encrypts every word in a dictionary using the same cryptosystem as used by the target
in an attempt to locate a match between the target-ciphertext and the list of encrypted-words.
N
• This attack can be successful when the ciphertext consists of relatively few characters.
For example: Files containing encrypted usernames and passwords.
• After getting password-file, an attacker can run hundreds of potential passwords from the dictionary
he has prepared against the stolen list.
U
• After a match is found, the attacker has essentially identified a potential valid password for the
system.
VT
4.6.4 Timing Attacks

• An attacker
→ listens on the victim’s session and
→ uses statistical-analysis of patterns and inter-keystroke timings to determine the info.
• This attack can be used to gain information about the encryption-key and the cryptosystem.
• After getting encryption-key, an attacker can launch a replay attack.
• Replay attack tries to resubmit a recording of the deciphered authentication to gain entry into a
secure source.
4-12
4.6.5 Defending Against Attacks
• Encryption is a very useful tool in protecting the confidentiality of information that is in transmission.
• However, it is just that another tool of the administrator against threats to information-security.
• If the attacker can discover the key and encryption-method, he can read the message.
• Thus, key-management is not so much the management of technology but rather the management
of people.
• Thus, main concern in key-management is not the management of technology but rather the
management of people.
I
R
YS
SB
TE
O
N
U
VT
4-13
UNIT 5: INTRODUCTION TO NETWORK SECURITY

KEY DISTRIBUTION AND USER AUTHENTICATION
5.1 Computer Security Concepts

5.2 The OSI Security Architecture
5.3 Security Attacks
5.3.1 Passive Attack
I
5.3.2 Active Attacks
R
5.4 Security Services
5.5 Security Mechanisms
5.6 A Model for Network Security
5.7 Standards
YS
5.8 Kerberos
5.8.1 Kerberos protocol Terminology
5.8.2 Kerberos Version-4
5.8.2.1 A Simple Authentication Dialogue
5.8.2.2 A More Secure Authentication Dialogue
5.8.2.3 Version 4 Kerberos Authentication Dialogue
5.8.3 Kerberos Version-5

SB
5.8.2.4 Kerberos realms and multiple kerberi
5.8.2.1 Differences between Kerberos version 4 and version 5.

5.8.2.2 The Version 5 Authentication Dialogue
5.9 X.509 Certificates
5.9.1 Certificates
5.9.2.1 Authentication Procedures
TE
5.9.2.2 Obtaining Certificates in X.509
5.9.2.3 Revocation of Certificates
5.9.2 X.509 Version-3
5.9.2.1 Key and Policy Information
5.9.2.2 Certificate Subject and Issuer Attributes
5.9.2.3 Certification Path Constraints
O
N
U
VT
5-1
UNIT 5: INTRODUCTION TO NETWORK SECURITY
5.1 Computer Security Concepts

5.1.1 A Definition of Computer Security
• In daily life, we use information for various purposes and use network for communication and
exchange information between different parties.
• In many cases these information are sensitive so we need to take care that only authorized party can
I
get that information.
• For maintaining such privacy we require some mechanism or physical device which ensures that it is
R
safe. Such mechanism or physical devices are known as security system.
• Computer Security: The protection afforded to an automated information system in order to attain
the applicable objectives of preserving the integrity, availability, and confidentiality of information
YS
system resources.
(System resources includes hardware, software, firmware, information/data & telecommunications).
• Three key objectives are of computer security:
1) Confidentiality: It covers two concepts
i) Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
ii) Privacy: Assures that individuals control or influence what information related to
disclosed.
SB
them may be collected and stored and by whom and to whom that information may be
2) Integrity: It covers two concepts

i) Data integrity: Assures that information and programs are changed only in a
specified and authorized manner.
ii) System integrity: Assures that a system performs its intended function in an
TE
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of
the system.
3) Availability: Assures that systems work promptly and service is not denied to authorized
users.
• These three concepts form what is often referred to as the CIA triad (Figure 5.1).
• The three concepts embody the fundamental security objectives for both data and for information
and computing services.
O
N
U
VT
Figure 5.1 The Security Requirements Triad
5-2
5.2 The OSI Security Architecture
• The security-manager is responsible
→ to assess the security needs of an organization and
→ to evaluate and choose various security products and policies.
• The security-manager needs some systematic way of defining the requirements for security.
• ITU-T Recommendation X.800 named "OSI Security Architecture" defines such a systematic
approach.
• OSI Security architecture focuses on security attacks, mechanisms, and services.
1) Security Attack
• Any action that compromises the security of information owned by an organization.
2) Security Mechanism
I
• A process that is designed to detect, prevent, or recover from a security attack.
R
3) Security Service
• A communication service that is provided by a system to give a specific kind of protection to system
resources.
YS
SB
TE
O
N
U
VT
5-3
5.3 Security Attack
• Security attack refers to any action that compromises the information or network security.
• It can be divided into two categories: 1) passive attack and 2) active attack.
5.3.1 Passive Attack
• The attacker tries to learn or make use of information from the system.
• The attacker does not affect system resources.
• The attack can be in the form of eavesdropping on, or monitoring of, transmissions.
• Goal of the opponent: To obtain information that is being transmitted.
• Disadvantage (Problem):
Passive attacks are very difficult to detect, because they do not involve any alteration of the
data.
I
Solution: Use encryption.
R
• It can be subdivided into two categories: 1) release of message contents and 2) traffic analysis.
1) Release of Message Contents
• For example:
 A telephone conversation, an electronic mail message, and a transferred file may contain
YS
sensitive or confidential information. (Figure 5.2).
 We would like to prevent an opponent from learning the contents of these transmissions.
SB
TE
Figure 5.2: Release of message contents

2) Traffic Analysis
• Encryption is the most common technique for hiding the contents of a message.
O
• Even if we have encryption protection in place, an opponent may be able to observe the pattern of
these messages.
• The opponent can
→ determine the location and identity of communicating hosts and
N
→ observe the frequency and length of messages being exchanged. (Figure 5.3).
• This information may be useful in guessing the nature of the communication that was taking place.
U
VT
Figure 5.3 : Traffic analysis
5-4
5.3.2 Active Attacks
• The attacker tries to alter system resources or affect their operation.
• For example:
→ modification of the data stream
→ creation of a false stream
• Goal of the active attack:
To detect active attacks and to recover from any disruption or delays caused by them.
• It can be subdivided into four categories: 1) masquerade, 2) replay, 3) modification of messages,
and 4) denial of service.
1) Masquerade
• This attack takes place when one entity pretends to be a different entity (Figure 5.4).
I
• For example:
R
Authentication sequences can be captured and replayed after a valid authentication sequence
has taken place
2) Replay
• This attack involves the passive capture of a data unit and its subsequent retransmission to produce
YS
an unauthorized effect (Figure 5.5).
3) Modification of Messages
• For example:
→ some portion of a legitimate message is altered
→ messages are delayed or reordered (Figure 5.6).
4) Denial of Service
SB
• This attack prevents the normal use of communications facilities (Figure 5.7).
i) This attack may have a specific target.
 For example:
An entity may suppress all messages directed to a particular destination
ii) This attack may involve the disruption of an entire network.
 For example:
Overloading the network to degrade performance.
TE
• Disadvantage:
 Difficult to prevent active attacks because of the wide variety of potential physical,
software, and network vulnerabilities.
O
N
U
VT
Figure 5.4: Masquerade
5-5
I
R
YS
Figure 5.5: Replay
SB
TE
Figure 5.6: Modification of messages

O
N
U
VT
Figure 5.7: Denial of service
5-6
5.4 Security Services
• A security service refers to a communication service that can prevent or detect the various security
attacks.
• Security services are implemented by one or more security mechanisms.
• Various security services are described in Table 5.1.
I
R
YS
SB
TE
O
N
U
VT
Table 5.1 Security Services (X.800)
5-7
5.5 Security Mechanisms
• Table 5.2 lists the security mechanisms defined in X.800
I
R
YS
SB
TE
O
N
Table 5.2, based on one in X.800, indicates the relationship between security services and security
mechanisms.
U
VT
Table 5.3 Relationship Between Security Services and Mechanisms
5-8
5.6 A Model for Network Security
• A message is to be transferred from one party to another across the channel (Figure 5.8).
• The two parties must cooperate for the exchange to take place.
• A channel is established by
→ defining a route from source to destination and
→ cooperative use of protocols (e.g., TCP/IP) by the two parties.
• Security techniques have two components:
1) A security-related transformation on the information to be sent.
For Example: encryption of the message.
2) Some secret information shared by the two principals unknown to the opponent.
For Example: secret key used for encryption.
I
R
YS
SB
Figure 5.8 Model for Network Security
TE
• A trusted third party may be needed to achieve secure transmission.

For example: a third party may be responsible for distributing the secret key to the two parties
while keeping it from any opponent.
• Four basic tasks in designing a particular security service:
1) Design an algorithm for performing the security-related transformation.
O
The algorithm should be such that an opponent cannot defeat its purpose.
2) Generate the secret key to be used with the algorithm.
3) Develop methods for the distribution and sharing of the secret key.
4) Specify a protocol to be used by the two parties that makes use of the security algorithm
N
and the secret key to achieve a particular security service.

• Figure 5.9 shows a general model for protecting an information system from unwanted access.
• The security mechanisms fall into two broad categories.
U
1) The first category is termed as a gatekeeper function.

 It includes
→ password-based login procedure that is designed to deny access to all but authorized
users &
VT
→ screening logic that is designed to detect and reject worms, viruses, and other
similar attacks.
2) The second category consist of a variety of internal controls that monitor activity in an
attempt to detect the presence of unwanted intruders.
5-9
I
Figure 5.9 Network Access Security Model
R
• An opponent can be human or software.
1) Example for human:
1) The hacker can be someone who gets satisfaction from breaking and entering a
YS
computer system.
2) The intruder can be a disgruntled employee who wishes to do damage or a criminal
who seeks to exploit computer assets for financial gain (e.g., obtaining credit card
numbers or performing illegal money transfers).
2) Example for software:
Viruses and worms.
5.7 Standards SB
• Various organizations have been involved in the development or promotion of the internet standards.
• The most important organizations are as follows.
1) National Institute of Standards and Technology (NIST)
• NIST is a U.S. federal agency that deals with measurement science, standards, and technology
related to U.S. government use and to the promotion of U.S. private-sector innovation.
2) Internet Society (ISOC)
TE
• ISOC is a professional membership society with worldwide organizational and individual membership.
• It provides leadership in addressing issues that confront the future of the Internet.
• It is the organization home for the groups responsible for Internet infrastructure standards, including
IETF and IAB.
• These organizations develop Internet standards and related specifications, all of which are published
as RFCs.
O
( IETF → Internet Engineering Task Force

IAB → Internet Architecture Board
RFC →Requests for Comment )
N
U
VT
5-10
UNIT 5 (CONT.): KEY DISTRIBUTION AND USER

AUTHENTICATION
5.8 Kerberos
• Kerberos is a key distribution and user authentication service developed at MIT.
• Three threats exist in an open distributed environment:
1) A user may gain access to a particular workstation and pretend to be another user operating
I
from that workstation.
R
2) A user may alter the network address of a workstation so that the requests sent from the
altered workstation appear to come from the impersonated workstation.
3) A user may eavesdrop on exchanges and use a replay attack to gain entrance to a server or
to disrupt operations.
YS
• Kerberos provides a centralized authentication server whose function is to authenticate
→ users to servers and
→ servers to users.
• Kerberos uses symmetric encryption.
• Two versions of Kerberos are in use.
1) Version 4 implementations still exist, although this version is being phased out.
5.8.1 Kerberos Terminology

SB
2) Version 5 corrects some of the security deficiencies of version 4.
1) Authentication Server (AS): A server that issues tickets for a desired service which are in turn
given to users for access to the service.
2) Client: An entity on the network that can receive a ticket from Kerberos.
3) Credentials: A temporary set of electronic credentials that verify the identity of a client for a
TE
particular service. It also called a ticket.
4) Key: Data used when encrypting or decrypting other data.
5) Key distribution center (KDC): A service that issue Kerberos tickets and which usually run on
the same host as the ticket-granting server (TGS).
6) Realm: A network that uses Kerberos composed of one or more servers called KDCs and a
potentially large number of clients.
O
7) Ticket-granting server (TGS): A server that issues tickets for a desired service which are in turn
given to users for access to the service. The TGS usually runs on the same host as the KDC.
8) Ticket-granting ticket (TGT): A special ticket that allows the client to obtain additional tickets
without applying for them from the KDC.
N
U
VT
5-11
5.8.2 Kerberos Version 4
• Version 4 of Kerberos makes use of DES to provide the authentication service.
5.8.2.1 A Simple Authentication Dialogue

• In an unprotected network environment, any client can apply to any server for service.
• Problem: The obvious security risk is impersonation.
i.e. an opponent can
→ pretend to be another client and
→ obtain unauthorized privileges on server machines
Solution: Use an authentication server (AS).
• An authentication server (AS) knows the passwords of all users and stores these in a centralized
I
database.
R
• In addition, the AS shares a unique secret key with each server.
• These keys have been distributed physically or in some other secure manner.
• Consider the following hypothetical dialogue:
YS
SB
TE
Here is how it works:
1) C → AS
The client C requests a service-granting ticket to the AS.
• The request contains
→ user’s ID
→ server’s ID, and
O
→ user’s password.
• Server ID indicates a request to use the service. (printing, mailing and file transfer)
2) AS → C
• AS checks its database to see
N
i) if the user has supplied the correct credential and

ii) whether the user has right to access the server.
• If both conditions are satisfied, AS accepts the user as authentic.
• Then, the AS sends a service-granting ticket to the client.
U
• The ticket is encrypted using the secret key shared by the AS and the server.
3) C → V
• The client sends a request to the server.
VT
• The server decrypts the ticket.

• Then, server verifies that the user ID in the ticket is the same as the unencrypted user ID in the
request.
If these 2 match, the server grants the requested service to the client.
• Disadvantages (Problems):
1) A user needs a new ticket for every different service.
For example: If a user want to access a print server, a mail server and a file server, then new
ticket has to be generated for each service.
2) Password attack: An eavesdropper can capture the password and use any service accessible
to the victim.
Solution: Use a new server known as the ticket-granting server (TGS).
5-12
5.8.2.2 A More Secure Authentication Dialogue
• Consider the following hypothetical dialogue:
I
R
YS
• Here is how it works:
1) C → AS
• The client C requests a ticket-granting ticket to the AS.
→ user’s ID and
→ TGS’s ID,
• TGS ID indicates a request to use the TGS service.
2) AS → C SB
• The AS sends a ticket-granting ticket to the client.
• The ticket is encrypted using the secret key that is derived from the user’s password (KC).
3) C → TGS
• The client requests a service-granting ticket to the TGS.
→ user’s ID
TE
→ server’s ID, and
→ ticket-granting ticket
• Server ID indicates a request to use the service. (printing, mailing and file transfer)
4) TGS → C
• TGS decrypts the ticket using a key shared only by the AS and the TGS (Ktgs)
• TGS checks its database to see
O
i) whether the user has right to access the server.

• If this condition is satisfied, TGS accepts the user as authentic.
• Then, the AS sends a service-granting ticket to the client.
• The ticket is encrypted using the secret key shared by the TGS and the server.
N
5) C → V
• The client sends a request to the server.
• The server decrypts the ticket.
U
• Then, server verifies that the user ID in the ticket is the same as the unencrypted user ID in the
request.
If these 2 match, the server grants the requested service to the client.
• Disadvantages (Problems):
VT
1) Lifetime of the ticket-granting ticket.

i) If the lifetime is very short, then the user will be repeatedly asked for a password.
ii) If the lifetime is long, then an opponent has a greater opportunity for replay.
2) There may be a requirement for servers to authenticate themselves to users.
Solution: Use Version 4 Kerberos.
5-13
5.8.2.3 Version 4 Kerberos Authentication Dialogue
Table 5.4 Summary of Kerberos Version 4 Message Exchanges
I
R
YS
SB
TE
O
N
U
VT
5-14
I
R
YS
SB
TE
O
N
U
VT
5-15
I
R
YS
SB
TE
C
Table 5.5 Rationale for the Elements of the Kerberos Version 4 Protocol
O
N
U
VT
Figure 5.10 Provides a simplified overview of the action.
5-16
5.8.2.4 Kerberos Realms and Multiple Kerberi
• A full-service Kerberos environment consisting of a Kerberos server, a number of clients, and a
number of application servers requires the following:
1) The Kerberos server must have the user ID and hashed passwords of all participating users
in its database.
All users are registered with the Kerberos server.
2) The Kerberos server must share a secret key with each server.
All servers are registered with the Kerberos server.
3) The Kerberos server in each interoperating realm shares a secret key with the server in the
other realm.
The two Kerberos servers are registered with each other.
I
• The details of the exchanges illustrated in Figure 5.11 are as follows
R
YS
SB
TE
O
N
U
VT
Figure 5.11 Request for Service in Another Realm
5-17
5.8.2 Kerberos Version 5
• Kerberos version 5 provides a number of improvements over version 4.
5.8.2.1 Differences between Kerberos version 4 and version 5.

• Version 5 is intended to address the limitations of version 4 in two areas:
1) Environmental shortcomings and
2) Technical deficiencies
Environmental Version 4 Version 5

Shortcomings
Encryption system DES is used for encryption. Ciphertext is tagged with an encryption-
I
dependence type identifier so that any encryption
R
technique may be used.
Encryption key is tagged with a type and
a length, so that the same key can be
used in different algorithms (RSA,
YS
DES).
Addressing Only IP address is used for Network addresses are tagged with type
addressing. and length, so that any network address
type may be used.
Message byte The sender of a message uses a byte All message structures are defined using
ordering ordering of its own choosing and tags ASN.1 and BER, which provide an
the message SBto indicate least
significant byte in lowest address or
most significant byte in lowest
address.
unambiguous byte ordering.
(ASN.1 → Abstract Syntax Notation One
BER → Basic Encoding Rules)
Ticket lifetime Lifetime values are encoded in an 8- Tickets include an explicit start time and
bit quantity in units of five minutes. end time, so that tickets with arbitrary
Thus, the maximum lifetime that can lifetimes may be used.
TE
be expressed is 28×5=1280 minutes
(21 hours).
This may be inadequate for some
applications.
Authentication Credentials issued to one client cannot Credentials issued to one client can be
forwarding be forwarded to some other host and forwarded to some other host and used
O
used by some other client. by some other client.

This capability enables a client to
access a server and have that server
access another server on behalf of the
N
client.
For example: a client issues a request
to a print server that then accesses
U
the client’s file from a file server,

using the client’s credentials for
access.
Inter-realm interoperability among N realms Interoperability among N realms requires
VT
authentication requires on the order of N2 Kerberos- fewer relationships.

to-Kerberos relationships.
5-18
Technical Deficiencies
1) Double Encryption
• In Version 4, tickets provided to clients are encrypted twice.
i) First time with the secret key of the target server. and
ii) Second time with a secret key known to the client.
• The second encryption is not necessary and is computationally wasteful.
2) PCBC Encryption
• In Version 4,
 A nonstandard mode of DES known as propagating cipher block chaining (PCBC) is used.
 This mode is vulnerable to an attack involving the interchange of ciphertext blocks.
 PCBC was intended to provide an integrity check as part of the encryption operation.
I
• Version 5 provides explicit integrity mechanisms, allowing the standard CBC mode to be used for
R
encryption.
In particular, a checksum or hash-code is attached to the message prior to encryption using CBC.
3) Session Keys
• Each ticket includes a session key that is used by the client to encrypt the authenticator sent to the
YS
service associated with that ticket.
• Because the same ticket may be used repeatedly to gain service from a particular server, there is the
risk that an opponent will replay messages from an old session to the client or the server.
• In version 5, it is possible for a client and server to negotiate a sub-session key, which is to be used
only for that one connection.
4) Password Attacks
SB
• Both versions are vulnerable to a password attack.
• The message from the AS to the client includes material encrypted with a key based on the client’s
password.
• An opponent can capture this message and attempt to decrypt it by trying various passwords.
• Version 5 does provide a mechanism known as pre-authentication, which should make password
attacks more difficult, but it does not prevent them.
TE
O
N
U
VT
5-19
5.8.2.2 Version 5 Authentication Dialogue
• Table 5.6 summarizes the basic version 5 dialogue.
I
R
YS
SB
Table 5.6 Summary of Kerberos Version 5 Message Exchanges
1) Authentication Service Exchange

• Message (1) is a client request for a ticket-granting ticket. The request includes the ID of the user
TE
and the TGS.
• The following new elements are added:
 Realm: Indicates realm of user.
 Options: Used to request that certain flags be set in the returned ticket.
 Times: Used by the client to request the following time settings in the ticket:
from: the desired start time for the requested ticket
O
till: the requested expiration time for the requested ticket

rtime: requested renew-till time
 Nonce: A random value to be repeated in message (2) to assure that the response is fresh
and has not been replayed by an opponent.
N
• Message (2) returns a ticket-granting ticket, identifying information for the client, and a block
encrypted using the encryption key based on the user’s password.
2) Ticket-granting service exchange

U
• We see that message (3) for both versions includes an authenticator, a ticket, and the name of the
requested service.
• Message (4) has the same structure as message (2). It returns a ticket plus information needed by
VT
the client, with the information encrypted using the session key now shared by the client and the TGS.
3) Client/Server Authentication Exchange

• Finally, for the client/server authentication exchange, several new features appear in version 5.
In message (5), the client may request as an option that mutual authentication is required.
• The authenticator includes several new fields:
1) Subkey: The client’s choice for an encryption key to be used to protect this specific
application session. If this field is omitted, the session key from the ticket (KC,V) is used.
2) Sequence number: An optional field that specifies the starting sequence number to be used
by the server for messages sent to the client during this session. Messages may be sequence
numbered to detect replays.
5-20
5.9 X.509 Certificates
• X.509 provides authentication services and defines authentication protocols.
• X.509 uses X.500 directory which contains:
→ Public key certificates
→ Public key of users signed by certification authority
• X.509 is based on the use of public-key cryptography and digital signatures.
5.9.1 Certificates
• Figure 5.12 shows the general format of a certificate, which includes the following elements.
I
R
YS
SB
TE
O
Figure 5.12 X.509 certificate

1) Version
• This field is used to differentiate among successive versions of the certificate format.
N
i) Default version = 1.
ii) version=2 , if the Issuer Unique Identifier or Subject Unique Identifier are present.
iii) version=3 , if one or more extensions are present.
2) Serial Number
U
• This field is an unique integer value that is unambiguously associated with this certificate.
3) Signature Algorithm Identifier
• This field indicates the algorithm used to sign the certificate, together with any associated
VT
parameters.
4) Issuer Name
• This field indicates X.500 name of the CA that created and signed this certificate.
5) Period of Validity
• This field consists of two dates: the first and last on which the certificate is valid.
6) Subject Name
• This field indicates the name of the user to whom this certificate refers.
7) Subject’s public-key Information
• This field contains
→ the public key of the subject,
→ an identifier of the algorithm.
5-21
8) Issuer Unique Identifier
• This field is an optional bit string field used to identify uniquely the issuing CA in the event the X.500
name has been reused for different entities.
9) Subject Unique Identifier
• This field is an optional bit string field used to identify uniquely the subject in the event the X.500
name has been reused for different entities.
10) Extensions
• This field contains a set of one or more extension fields.
• Extensions were added in version 3.
11) Signature
• This field covers all of the other fields of the certificate; it contains the hash code of the other fields
I
encrypted with the CA’s private key.
R
• This field includes the signature algorithm identifier.
YS
SB
TE
O
N
U
VT
5-22
5.9.2.1 Authentication Procedures
• X.509 supports three types of authenticating using public key signatures. The types of authentication
are (Figure 5.13):
1) One-way authentication
2) Two- way authentication
3) Three- way authentication
I
R
YS
SB
TE
O
N
Figure 5.13: Authentication Procedures
1) One-way Authentication
• It involves single transfer of information from one user (say A) to other (B).
U
• This method authenticates the identity of A to B and the integrity of message.

• Here, message in the {} is signed by A.
• sgnData is the information that needs to be conveyed.
VT
• tA is timestamp and rA is the nonce.

2) Two-way Authentication
• Two-way authentication allows both parties to communicate and verify the identity of each other.
3) Three-way Authentication
• Three- way authentication is used where synchronized clocks are not available.
• This method includes an additional message from A.
5-23
5.9.2.2 Obtaining Certificates in X.509
• Any user can verify a certificate if he has the public key of the CA that issued the certificate.
• Since certificates are unforgeable, they are simply stored in the directory.
• The directory entry for each CA includes two types of certificates:
1) Forward certificates: Certificates of X generated by other CAs.
2) Reverse certificates: Certificates generated by X that are the certificates of other CAs.
• Users subscribed to same CA can obtain certificate from the directory.
• A user may directly send the certificate to the user.
• However, multiple CAs are there and users subscribed to different CAs may want to communicate
with each other.
I
R
YS
SB
TE
Figure 5.14 X.509 Hierarchy: A Hypothetical Example
• Suppose, A has obtained a certificate from certification authority X1 and B has obtained a certificate
from CA X2. (Figure 5.14)
O
• If A does not know the public key of X2, then B's certificate, issued by X2, is useless to A because A
can read B's certificate, but A cannot verify the signature.
• But if the two CAs have securely exchanged their own public keys, the following procedure will enable
A to obtain B's public key:
N
• A obtains the certificate of X2 signed by X1 from the directory. A securely knows X1's public key, so
A can obtain X2's public key from its certificate and verify X1's signature on the certificate.
• A then obtains the certificate of B signed by X2. A now has a copy of X2's public key, so A can verify
U
the signature and securely obtain B's public key.

• In this case, A has used a chain of certificates to obtain B's public key. In the notation of X.509, this
chain is expressed as:
VT
• Any level of hierarchy can be followed to produce a chain in this way. For example, in the figure
given below, A can establish a certification path to B in the following way:
• When A has obtained these certificates, it can decrypt the certification path in sequence to recover a
copy of B's public key.
• Using this public key, A can send encrypted messages to B.
• If B requires A's public key, it can be obtained in the similar way.
5-24
5.9.2.3 Revocation of Certificates
• The certificates have an expiry time.
• However, certificates need to be revoked if,
1) The user’s private key has been compromised.
2) The user’s certificate has been compromised.
3) The user is no longer certified by the CA.
• Each CA must maintain a list consisting of all revoked but not expired certificates issued by that CA,
including both those issued to users and to other CAs.
• Each certificate revocation list (CRL) posted to the directory is signed by the issuer and includes
1) the issuer’s name (Figure 5.15)
2) the date the list was created
I
3) the date the next CRL is scheduled to be issued, and
R
4) an entry for each revoked certificate.
• The certificate revocation list is shown in the figure.
• Every user must check the CRL before using other user’s public key.
YS
SB
TE
O
Figure 5.15 Certificate revocation list of X.509

N
U
VT
5-25
5.9.2 X.509 Version 3
• Following requirements are not satisfied by version 2:
1) The Subject field is inadequate to convey the identity of a key owner to a public key user.
X.509 names may be relatively short and lacking in obvious identification details that may be
needed by the user.
2) The Subject field is also inadequate for many applications, which typically recognize entities
by an Internet e-mail address, a URL, or some other Internet-related identification.
3) There is a need to indicate security policy information.
This enables a security application or function, such as IPSec, to relate an X.509 certificate to a
given policy.
4) There is a need to limit the damage that can result from a faulty or malicious CA by setting
I
constraints on the applicability of a particular certificate.
R
5) It is important to be able to identify different keys used by the same owner at different
times.
5.9.2.1 Key and Policy Information
YS
• This area includes:
1) Authority Key Identifier
 Identifies the public key to be used to verify the signature on this certificate or CRL.
2) Subject Key Identifier
 Identifies the public key being certified.
 Useful for subject key pair updating.
3) Key Usage SB
 May indicate one or more of the following: digital signature, non-repudiation, key encryption,
data encryption, key agreement, CA signature verification on certificates, and CA signature
verification on CRLs.
4) Private-key Usage Period
 Indicates the period of use of the private key corresponding to the public key.
5) Certificate policies
TE
 Certificates may be used in environments where multiple policies apply.
6) Policy Mappings
 Used only in certificates for CAs issued by other CAs.
5.9.2.2 Certificate Subject and Issuer Attributes

The extension fields in this area include:
O
1) Subject Alternative Name

 Contains one or more alternative names, using any of a variety of forms.
 This field is important for supporting certain applications, such as electronic mail, EDI, and
IPSec, which may employ their own name forms.
N
2) Issuer Alternative Name

 Contains one or more alternative names, using any of a variety of forms.
3) Subject Directory Attributes
 Conveys any desired X.500 directory attribute values for the subject of this certificate.
U
5.9.2.3 Certification Path Constraints

• The extension fields in this area include:
VT
1) Basic Constraints
 Indicates if the subject may act as a CA.
 If so, a certification path length constraint may be specified.
2) Name Constraints
 Indicates a name space within which all subject names in subsequent certificates in a
certification path must be located.
3) Policy Constraints
 Specifies constraints that may require explicit certificate policy identification or inhibit policy
mapping for the remainder of the certification path.
5-26
6.1 PRETTY GOOD PRIVACY

6.1.1 NOTATION
6.1.2 OPERATIONAL DESCRIPTION
6.1.2.1 AUTHENTICATION
6.1.2.2 CONFIDENTIALITY
I
6.1.2.3 CONFIDENTIALITY AND AUTHENTICATION
6.1.2.4 COMPRESSION
R
6.1.2.5 E-MAIL COMPATIBILITY
6.1.2.6 SEGMENTATION AND REASSEMBLY
6.1.3 CRYPTOGRAPHIC KEYS AND KEY RINGS
YS
6.1.3.1 SESSION KEY GENERATION
6.1.3.2 KEY IDENTIFIERS
6.1.3.3 KEY RINGS
6.1.4 PUBLIC-KEY MANAGEMENT
6.1.4.1 THE USE OFTRUST
6.1.4.2 REVOKING PUBLIC KEYS
6.2 S/MIME
6.2.1 RFC 5322 SB
6.2.2 MULTIPURPOSE INTERNET MAIL EXTENSIONS
6.2.2.1 OVERVIEW
6.2.2.2 MIME CONTENT TYPES
6.2.2.3 MIME TRANSFER ENCODINGS
6.2.2.4 CANONICAL FORM
TE
6.2.3 S/MIME FUNCTIONALITY
6.2.3.1 FUNCTIONS
6.2.3.2 CRYPTOGRAPHIC ALGORITHMS
6.2.4 S/MIME MESSAGES
6.2.4.1 SECURING A MIME ENTITY
6.2.4.2 ENVELOPED DATA
6.2.4.3 SIGNEDDATA
O
6.2.4.4 CLEAR SIGNING

6.2.4.5 REGISTRATION REQUEST
6.2.4.6 CERTIFICATES-ONLY MESSAGE
6.2.5 S/MIME CERTIFICATE PROCESSING
N
6.2.5.1 USER AGENT ROLE

6.2.5.2 VERISIGN CERTIFICATES
6.2.6 ENHANCED SECURITY SERVICES
U
VT
6-1
6.1 PGP
• PGP is an open-source, freely available software package for e-mail security.
• It provides
→ authentication using digital signature
→ confidentiality using symmetric block encryption
I
→ compression using ZIP algorithm, and
→ e-mail compatibility using radix-64 encoding scheme.
R
• The properties of PGP:
1) Free
• PGP is available free worldwide in versions that run on a variety of platforms, including Windows,
YS
UNIX, Macintosh, and many more.
2) Uses Best algorithms
• PGP is based on algorithms that
→ have survived extensive public review and
→ are considered extremely secure.
• Specifically, the package includes
RSA, DSS, and Diffie-Hellman for public-key encryption
SHA-1 for hash coding.

3) Variety of users
SB
CAST-128, IDEA, and 3DES for symmetric encryption and
• PGP has a wide range of applicability.

• For example:
→ corporations who wish to select and enforce a standardized scheme for encrypting files
TE
→ individuals who wish to communicate securely with others worldwide over the Internet
4) Open source
• It was not developed by, nor is it controlled by, any governmental or standards organization.
5) Internet standard
• PGP is now on an Internet standards track (RFC 3156).
6.1.2 NOTATION
O
N
U
VT
6-2
6.1.2 OPERATIONAL DESCRIPTION
• Basically, PGP provides 4 services (Table 6.1):
1) Authentication
2) Confidentiality
3) Compression
4) E-mail compatibility and
5) Segmentation.
Function Algorithms Used Description

Digital DSS/RSA With SHA A hash code(or message digest) of a message is created
signature using SHA-1.
I
Then, the hash code is encrypted using RSA(or DSS) with
R
the sender's private-key and included with the message.
Message CAST/IDEA/Triple DES A message is encrypted using 3DES (or CAST-128 or
encryption with RSA/Diffie-Hellman IDEA) with a one-time session key generated by the
sender.
YS
The session key is encrypted using RSA (or Diffie-
Hellman) with the receiver's public-key and included with
the message.
Compression ZIP A message is compressed using ZIP for storage or
transmission.
Email Radix 64 conversion An encrypted message is converted to an ASCII string
compatibility
Segmentation
SB using radix 64 conversion.
Radix provides transparency for email applications.
To deal with maximum message size limitations, PGP
performs segmentation and reassembly.
Table 6.1 Summary of PGP Services
TE
O
N
U
VT
6-3
6.1.2.1 AUTHENTICATION
• Figure 6.1 illustrates the digital signature service provided by PGP.
• The sequence of operation is as follows (Figure 6.1):
At Sender
1) A message is created.
2) A hash code of a message is created using SHA-1.
3) The hash code is encrypted using RSA with the sender’s private-key.
4) The encrypted hash code is appended to the message.
At Receiver
1) The received message is decrypted using RSA with the sender’s public-key. Thus, the hash code is
recovered.
I
2) A new hash code for the received message is created using SHA-1.
R
3) The new hash code is compared with the decrypted hash code.
4) If the two match, the message is accepted as authentic.
YS
SB
Figure 6.1 Authentication only
• The combination of SHA-1 and RSA provides an effective digital signature scheme.
1) Because of the strength of RSA, the receiver is assured that only the possessor of the
TE
matching private-key can generate the signature.
2) Because of the strength of SHA-1, the receiver is assured that no one else could generate
→ a new message that matches the hash code and
→ the signature of the original message.
• Normally, signatures are attached to the message (or file). But here, detached signatures are
supported.
O
• A detached signature may be transmitted separately from the message.

• Three benefits of detached signature:
1) A user may wish to maintain a separate signature log of all messages sent or received.
2) A detached signature of an executable program can detect subsequent virus infection.
N
3) Detached signatures can be used when more than one party must sign a document, such as
a legal contract.
U
VT
6-4
6.1.2.2 CONFIDENTIALITY
• Confidentiality is provided by encrypting messages to be transmitted.
• For encryption, 3DES(or CAST) can be used.
• The 64-bit cipher feedback (CFB) mode is also used.
• Each symmetric key is used only once. This is called a session key. The session key is attached to the
message and transmitted with it.
• To protect the session key, it is encrypted with the receiver’s public-key.
• The sequence of operation is as follows(Figure 6.2):
At Sender
1) A message is created. A session key is used for this message only.
2) The message is encrypted using 3DES (or CAST) with the session key.
I
3) The session key is encrypted using RSA with the receiver’s public-key.
R
4) The encrypted session key is appended to the message.
At Receiver
1) The received message is decrypted using RSA with the receiver’s private-key. Thus, the
session key is recovered.
YS
2) The received message is decrypted using 3DES (or CAST) with the session key.
• As an alternative to RSA, Diffie-Hellman can be used.
• Diffie-Hellman is a key exchange algorithm.
• PGP uses a variant of Diffie-Hellman known as ElGamal.
SB
TE
Figure 6.2 Confidentiality only
• Three benefits of this approach:

1) To reduce encryption time, the combination of symmetric and public-key encryption is used in
preference to simply using RSA. The symmetric algorithms are faster than RSA.
O
2) The use of the public-key algorithm solves the problem of session-key distribution.
This is because only the receiver is able to recover the session key that is attached to the message
3) The use of one-time symmetric keys strengthens this approach.
N
U
VT
6-5
6.1.2.3 CONFIDENTIALITY AND AUTHENTICATION
• Both authentication and Confidentiality can be provided for the same message.
• The sequence of operation is as follows (Figure 6.3):
At Sender
1) First, a signature is generated for the plaintext message and appended to the message.
2) Then, the plaintext message plus signature is encrypted using 3DES (or CAST).
3) Finally, the session key is encrypted using RSA (or ElGamal).
I
R
YS
Figure 6.3 Authentication and Confidentiality
6.1.2.4 COMPRESSION
SB
• PGP compresses the message after applying the signature but before encryption.
• This has the benefit of saving space both for
→ e-mail transmission and
→ file storage.
• Compression is denoted by Z.
Decompression is denoted by Z–1.
1) The signature is generated before compression. This is done for following two reasons:
TE
a) It is preferable to sign an uncompressed message. For future verification, we can store only
the uncompressed message together with the signature.
 On the other hand, if we signed a compressed message, then it will be necessary to
recompress the message for future verification.
b) The algorithms are not deterministic.
 Various implementations of the algorithm achieve different tradeoffs in running speed versus
O
compression ratio.
 As a result, the algorithm produces different compressed forms.
2) Message encryption is applied after compression to strengthen cryptographic security.
• Because the compressed message has less redundancy than the original plaintext, cryptanalysis is
N
more difficult.
U
VT
6-6
6.1.2.5 E-MAIL COMPATIBILITY
• An encrypted message consists of a stream of arbitrary 8-bit octets.
• Radix64 is used for converting a stream of arbitrary 8-bit octets to a stream of printable ASCII
characters.
• Each group of 3 octets is mapped into 4 ASCII characters.
• CRC is also appended for detecting errors.
• The use of radix64 expands a message by 33%.
• radix64 blindly converts the input stream to radix-64 format regardless of content, even if the input
happens to be ASCII text.
• Thus, if a message is signed but not encrypted, the output will be unreadable to the casual observer,
which provides a certain level of confidentiality.
I
R
YS
SB
TE
Figure 6.4 Transmission and Reception of PGP Messages

O
• Figure 6.4 shows the relationship among the four services.

• On transmission:
1) A signature is generated using a hash code of the uncompressed plaintext.
2) Then, the plaintext (plus signature if present) is compressed.
N
3) Next, if confidentiality is required, the block (compressed plaintext or compressed signature

plus plaintext) is encrypted and appended with the public-key encrypted symmetric encryption
key.
U
4) Finally, the entire block is converted to radix-64 format.

• On reception:
1) the incoming block is first converted back from radix-64 format to binary.
2) Then, if the message is encrypted, the receiver recovers the session key and decrypts the
VT
message.
3) The resulting block is then decompressed.
4) If the message is signed, the receiver recovers the transmitted hash code and compares it
to its own calculation of the hash code.
6-7
6.1.2.6 SEGMENTATION AND REASSEMBLY
• E-mail facilities often are restricted to a maximum message length.
• For example, Internet impose a maximum length of 50,000 octets.
• Any message longer than that must be broken up into smaller segments, each of which is mailed
separately.
• The segmentation is done after all of the other processing, including the radix-64 conversion.
• Thus, the session key component and signature component appear only once, at the beginning of the
first segment.
• At the receiving end, PGP must strip off all e-mail headers and reassemble the entire original block.
6.1.3 CRYPTOGRAPHIC KEYS AND KEY RINGS
I
• PGP makes use of four types of keys:
R
1) one-time session symmetric keys
2) public-keys
3) private-keys, and
4) passphrase-based symmetric keys.
YS
• Three reasons for using four keys:
1) A means of generating unpredictable session keys is needed.
2) To allow a user to have multiple public-key/private-key pairs. This is because
→ the user may wish to change his key pair from time to time.
→ the user may wish to have multiple key pairs at a given time to interact with different
groups of correspondents
3) Each PGP entity must maintain SB
→ a file of its own public/private-key pairs and
→ a file of public-keys of correspondents.
6.1.3.1 SESSION KEY GENERATION

• Each session key is associated with a single message.
• Each session key is used only for the purpose of encrypting and decrypting that message.
TE
• The message encryption/decryption is done with a symmetric encryption algorithm.
For example:
CAST-128 and IDEA use 128-bit keys
3DES uses a 168-bit key.
• Random 128-bit numbers are generated using CAST-128.
• The input to the random number generator consists of
O
→ a 128-bit key and

→ two 64-bit blocks that are treated as plaintext to be encrypted.
• Using cipher feedback mode, the encrypter produces two 64-bit cipher text blocks, which are
concatenated to form the 128-bit session key.
N
U
VT
6-8
6.1.3.2 KEY IDENTIFIERS
• An encrypted message is accompanied by an encrypted form of the session key that was used for
message encryption.
• The session key itself is encrypted with the receiver’s public-key.
• Hence, only the receiver will be able to recover the session key and therefore recover the message.
• If each user employed a single public/private-key pair, then the receiver would automatically know
which key to use to decrypt the session key: the receiver’s unique private-key.
• However, we have stated a requirement that any given user may have multiple public/private-key
pairs.
• Q: How does the receiver know which of its public-keys was used to encrypt the session key?
Ans: The solution is to assign a key ID to each public-key that is, with very high probability, unique
I
within a user ID.
R
• The key ID associated with each public-key consists of its least significant 64 bits.
• A message consists of three components (Figure 6.5):
1) message component
2) signature (optional) and
YS
3) session key component (optional).
SB
TE
O
N
U
VT
Figure 6.5 General Format PGP Message (from A to B)
1) The message component includes

→ actual data to be transmitted and
→ filename and
→ timestamp.
6-9
2) The signature component includes the following.
i) Timestamp
 The time at which the signature was made.
ii) Message digest
The 160-bit SHA-1 digest encrypted with the sender’s private-key.
 The digest is calculated over the timestamp concatenated with the data portion of the
message component.
 The inclusion of the timestamp in the digest prevents replay attacks.
 The exclusion of the filename and timestamp ensures that detached signatures are exactly
the same as attached signatures appended to the message.
iii) Leading two octets of message digest
I
 Enables the receiver to determine if the correct public-key was used to decrypt the message
R
digest for authentication by comparing this plaintext copy of the first two octets with the first
two octets of the decrypted digest.
 These octets also serve as a 16-bit frame check sequence for the message.
iv) Key ID of sender’s public-key
YS
 Identifies the public-key that should be used to decrypt the message digest.
 Hence, identifies the private-key that was used to encrypt the message digest.
• The message component and optional signature component may be compressed using ZIP and may
be encrypted using a session key.
3) The session key component includes
→ session key and
SB
→ identifier of the receiver’s public-key
• The entire block is usually encoded with radix-64 encoding.
TE
O
N
U
VT
6-10
6.1.3.3 KEY RINGS
• Two key IDs are included in a message that provides both confidentiality and authentication.
• A pair of data structures (DS) is provided at each node:
1) First DS is used to store the public/private-key pairs owned by that node. This data structure
is referred to as private-key ring
2) Second DS is used to store the public-keys of other users known at this node. This data
structure is referred to as public-key ring.
• Figure 6.6 shows the general structure of a private-key ring.
• In the ring(or table), each row represents one of the public/private-key pairs owned by the user.
• Each row contains the following entries(Figure 6.6):
i) Timestamp
I
 The date/time when this key pair was generated.
R
ii) Key ID
 The least significant 64 bits of the public-key for this entry.
iii) Public-key
 The public-key portion of the pair.
YS
iv) Private-key
 The private-key portion of the pair; this field is encrypted.
v) User ID
 Typically, this will be the user’s e-mail address.
SB
TE
O
N
U
VT
Figure 6.6 General Structure of Private- and Public-Key Rings
• The procedure is as follows:

1) The user selects a passphrase to be used for encrypting private-keys.
2) When the system generates a new public/private-key pair using RSA, it asks the user for the
passphrase.
Using SHA-1, a hash code is generated from the passphrase, & the passphrase is discarded
3) The system encrypts the private-key using CAST with the hash code as the key.
The hash code is then discarded.
The encrypted private-key is stored in the private-key ring.
6-11
• Subsequently, when a user accesses the private-key ring to retrieve a private-key, he must supply
the passphrase.
• PGP will
→ retrieve the encrypted private-key,
→ generate the hash code of the passphrase, and
→ decrypt the encrypted private-key using CAST with the hash code.
• Figure 6.7 also shows the general structure of a public-key ring.
• Each row contains the following entries:
i) Timestamp
 The date/time when this entry was generated.
ii) Key ID
I
 The least significant 64 bits of the public-key for this entry.
R
iii) Public-key
 The public-key for this entry.
iv) User ID
 Identifies the owner of this key. Multiple user IDs may be associated with a single public-key.
YS
SB
TE
O
N
Figure 6.7 PGP Message Generation (from User A to User B: no compression or radix-64 conversion)
U
• The sending entity performs the following steps (Figure 6.7).

1) Signing the message.
a) PGP retrieves the sender’s private-key from the private-key ring using your_userid as an
VT
index.
b) PGP prompts the user for the passphrase to recover the unencrypted private-key.
c) The signature component of the message is constructed.
2) Encrypting the message.
a) PGP generates a session key and encrypts the message.
b) PGP retrieves the receiver’s public-key from the public-key ring using her_userid as an
index.
c) The session key component of the message is constructed.
6-12
• The receiving entity performs the following steps (Figure 6.8).
1) Decrypting the message:
a) PGP retrieves the receiver’s private-key from the private-key ring using the Key ID field in
the message as an index.
b) PGP prompts the user for the passphrase to recover the unencrypted private-key.
c) PGP
→ recovers the session key and
→ decrypts the message.
2) Authenticating the message:
a) PGP retrieves the sender’s public-key from the public-key ring using the Key ID field in the
the message as an index.
I
b) PGP recovers the transmitted message digest.
R
c) PGP
→ computes the message digest for the received message and
→ compares the message digest to the transmitted message digest to authenticate.
YS
SB
TE
O
N
Figure 6.8 PGP Message Reception (from User A to User B; no compression or radix-64 conversion)
U
VT
6-13
6.1.4 PUBLIC-KEY MANAGEMENT
• PGP contains a set of functions to provide an effective confidentiality and authentication service.
• To complete the system, one final area needs to be addressed, that of public-key management.
• The PGP documentation captures the importance of this area:
"This whole business of protecting public-keys from tampering is the single most difficult
problem in practical public-key applications. It is the “Achilles heel” of public-key cryptography,
and a lot of software complexity is tied up in solving this one problem".
• PGP provides a structure for solving this problem with several suggested options that may be used.
• Because PGP is intended for use in a variety of formal and informal environments, no rigid public-key
management scheme is set up.
• The following methods are used for public-key management are
I
1) The Use of Trust and
R
2) Revoking Public-keys.
6.1.4.1 THE USE OF TRUST

• PGP provide a convenient means of using trust, associating trust with public-keys, and exploiting
YS
trust information.
• Each entry in the public-key ring is a public-key certificate.
• Associated with each such entry is a key legitimacy field that indicates the extent to which PGP will
trust that this is a valid public-key for this user; the higher the level of trust, the stronger is the
binding of this user ID to this key.
• This field is computed by PGP.
sign this certificate.

SB
• Also associated with the entry are zero or more signatures that the key ring owner has collected that
• In turn, each signature has associated with it a signature trust field that indicates the degree to
which this PGP user trusts the signer to certify public-keys.
• The key legitimacy field is derived from the collection of signature trust fields in the entry.
• Finally, each entry defines a public-key associated with a particular owner, and an owner trust field
is included that indicates the degree to which this public-key is trusted to sign other public-key
TE
certificates; this level of trust is assigned by the user.
• The above three fields are each contained in a structure referred to as a trust flag byte.
• The content of this trust flag for each of these three uses is shown in Table 6.2.
• Figure 6.9 provides an example of the way in which signature trust and key legitimacy are related.
• The figure shows the structure of a public-key ring.
• The user has acquired a number of public-keys—some directly from their owners and some from a
O
third party such as a key server.

N
U
VT
Figure 6.9 PGP Trust Model Example
6-14
I
R
YS
Table 6.2 Contents of Trust Flag Byte
6.1.4.2 REVOKING PUBLIC-KEYS

SB
• A user may wish to revoke his or her current public-key either because compromise is suspected or
simply to avoid the use of the same key for an extended period.
• Note that a compromise would require that an opponent somehow had obtained a copy of your
unencrypted private-key or that the opponent had obtained both the private-key from your private-key
TE
ring and your passphrase.
• The convention for revoking a public-key is for the owner to issue a key revocation certificate, signed
by the owner.
• This certificate has the same form as a normal signature certificate but includes an indicator that the
purpose of this certificate is to revoke the use of this public-key. Note that the corresponding private-
key must be used to sign a certificate that revokes a public-key. The owner should then attempt to
disseminate this certificate as widely and as quickly as possible to enable potential correspondents to
O
update their public-key rings.

N
U
VT
6-15
6.2 Secure/Multipurpose Internet Mail Extension (S/MIME)
• S/MIME is a security enhancement to the MIME Internet e-mail format standard based on technology
from RSA Data Security.
• Both PGP and S/MIME are IETF standards.
• S/MIME is the industry standard for commercial and organizational use, while PGP is the choice for
personal e-mail security for many users.
• S/MIME is defined in a number of documents—most importantly RFCs 3370, 3850, 3851, and 3852.
6.2.1 RFC 5322

• RFC 5322 defines a format for text messages that are sent using electronic mail.
• It has been the standard for Internet-based text mail messages.
I
• The messages are viewed as having an envelope and contents.
R
• The envelope contains information needed to accomplish transmission and delivery.
• The contents compose the object to be delivered to the receiver.
• The RFC 5322 standard applies only to the contents.
• However, the content standard includes a set of header fields that may be used by the mail system
YS
to create the envelope, and the standard is intended to facilitate the acquisition of such information by
programs.
• A message consists of some number of header lines (the header) followed by unrestricted text (the
body).
• The header is separated from the body by a blank line.
• A message is ASCII text, and all lines up to the first blank line are assumed to be header lines used
SB
by the user agent part of the mail system.
• A header line usually consists of a keyword, followed by a colon, followed by the keyword’s
arguments; the format allows a long line to be broken up into several lines.
• The most frequently used keywords are From, To, Subject, and Date. Here is an example message
TE
O
6.2.2 MULTIPURPOSE INTERNET MAIL EXTENSIONS

• MIME is an extension to the RFC5322 that is intended to address some of the limitations of SMTP.
• The following are the limitations of the SMTP:
1) SMTP cannot transmit executable files or other binary objects.
N
2) SMTP cannot transmit text data that includes national language characters.
This is because these are represented by 8-bit codes with values of 128 decimal or higher, and
SMTP is limited to 7-bit ASCII.
U
3) SMTP servers may reject mail message over a certain size.

4) SMTP gateways that translate between ASCII and the character code EBCDIC do not use a
consistent set of mappings, resulting in translation problems.
5) SMTP gateways to X.400 electronic mail networks cannot handle non-textual data included in X.400
VT
messages.
6) Some SMTP implementations do not adhere completely to the SMTP standards.
Common problems include:
→ Deletion, addition, or reordering of carriage return and linefeed
→ Truncating or wrapping lines longer than 76 characters
→ Removal of trailing white space (tab and space characters)
→ Padding of lines in a message to the same length
→ Conversion of tab characters into multiple space characters
• MIME is intended to resolve these problems in a manner that is compatible with existing RFC 5322
implementations.
• The specification is provided in RFCs 2045 through 2049.
6-16
6.2.2.1 OVERVIEW
• The MIME specification includes the following elements.
1) Five new message header fields are defined, which may be included in an RFC 5322 header.
 These fields provide information about the body of the message.
2) A number of content formats are defined, thus standardizing representations that support
multimedia electronic mail.
3) Transfer encodings are defined that enable the conversion of any content format into a form
that is protected from alteration by the mail system.
• The five header fields defined in MIME are
1) MIME-Version
 Must have the parameter value 1.0.
I
 This field indicates that the message conforms to RFCs 2045 and 2046.
R
2) Content-Type
 Describes the data contained in the body with sufficient detail that the receiving user agent
can pick an appropriate agent or mechanism to represent the data to the user.
3) Content-Transfer-Encoding
YS
 Indicates the type of transformation that has been used to represent the body of the message
in a way that is acceptable for mail transport.
4) Content-ID
 Used to identify MIME entities uniquely in multiple contexts.
5) Content-Description
 A text description of the object with the body; this is useful when the object is not readable
(e.g., audio data). SB
TE
O
N
U
VT
6-17
6.2.2.2 MIME CONTENT TYPES
• The bulk of the MIME specification is concerned with the definition of a variety of content types.
• This reflects the need to provide standardized ways of dealing with a wide variety of information
representations in a multimedia environment.
• Table 6.3 lists the content types specified in RFC 2046.
I
R
YS
SB
TE
Table 6.3 MIME Content Types
• Here is a simple example of a multipart message containing two parts—both consisting of simple text
(taken from RFC 2046).
O
N
U
VT
6-18
• There are four subtypes of the multipart type (Table 6.3):
1) In multipart/mixed subtype, there are multiple independent body parts that need to be
bundled in a particular order.
2) In multipart/parallel subtype, the order of the parts is not significant.
If the receiver’s system is appropriate, the multiple parts can be presented in parallel.
3) In multipart/alternative subtype, the various parts are different representations of the
same information.
The body parts are ordered in terms of increasing preference.
4) In multipart/digest subtype, each of the body parts is interpreted as an RFC 5322
message with headers.
This subtype enables the construction of a message whose parts are individual
I
messages.
R
• There are 3 subtypes of the message type:
1) The message/rfc822 subtype indicates that the body is an entire message, including
header and body.
2) The message/partial subtype enables fragmentation of a large message into a number of
YS
parts, which must be reassembled at the destination.
3) The message/external-body subtype indicates that the actual data to be conveyed in this
message are not contained in the body.
Instead, the body contains the information needed to access the data.
• The application type refers to other kinds of data, typically either uninterpreted binary data or
information to be processed by a mail-based application.
6.2.2.3 MIME TRANSFER ENCODINGS

SB
• The other major component of the MIME specification is a definition of transfer encodings for
message bodies.
• The objective is to provide reliable delivery across the largest range of environments.
TE
O
N
Table 6.4 MIME Transfer Encodings

U
• The Content-Transfer-Encoding field can actually take on six values, as listed in Table 6.4.
1) However, three of these values (7bit, 8bit, and binary) indicate that no encoding has been
done but provide some information about the nature of the data.
VT
i) For SMTP transfer, it is safe to use the 7bit form.

ii) The 8bit and binary forms may be usable in other mail transport contexts.
2) x-token indicates that some other encoding scheme is used for which a name is to be
supplied.
This could be a vendor-specific or application-specific scheme.
3) The two actual encoding schemes defined are quoted-printable and base64.
i) The quoted-printable transfer encoding is useful when the data consists largely of
octets that correspond to printable ASCII characters.
ii) The base64 transfer encoding, also known as radix-64 encoding, is a common one
for encoding arbitrary binary data in such a way as to be invulnerable to the processing
by mail-transport programs.
6-19
6.2.2.4 CANONICAL FORM
• Canonical form is a format, appropriate to the content type, that is standardized for use between
systems.
• This is in contrast to native form, which is a format that may be peculiar to a particular system.
(Table 6.5).
I
R
YS
Table 6.5 Native and Canonical Form
6.2.3 S/MIME FUNCTIONALITY

SB
• In terms of general functionality, S/MIME is very similar to PGP.
• Both offer the ability to sign and/or encrypt messages.
6.2.3.1 FUNCTIONS
• S/MIME provides the following functions.
TE
1) Enveloped data
• This consists of encrypted content of any type and encrypted content encryption keys for one or
more receivers.
2) Signed data
• A digital signature is formed by taking the message digest of the content to be signed and then
encrypting that with the private-key of the signer.
O
• The content plus signature are then encoded using base64 encoding.
• A signed data message can only be viewed by a receiver with S/MIME capability.
3) Clear-signed data
• As with signed data, a digital signature of the content is formed. However, in this case, only the
N
digital signature is encoded using base64.

• As a result, receivers without S/MIME capability can view the message
content, although they cannot verify the signature.
4) Signed and enveloped data
U
• Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and
signed data or clear-signed data may be encrypted.
VT
6-20
6.2.3.2 CRYPTOGRAPHIC ALGORITHMS
• Table 6.6 summarizes the cryptographic algorithms used in S/MIME.
• S/MIME uses the following terminology taken from RFC 2119 to specify the requirement level:
1) MUST
 The definition is an absolute requirement of the specification.
• An implementation must include this feature or function to be in conformance with the
specification.
2) SHOULD
 There may exist valid reasons in particular circumstances to ignore this feature or function,
but it is recommended that an implementation include the feature or function.
I
R
YS
SB
TE
Table 6.6 Cryptographic Algorithms Used in S/MIME
• The following rules, in the following order, should be followed by a sending agent.
1) If the sending agent has a list of preferred decrypting capabilities from an intended receiver,
O
it SHOULD choose the first (highest preference) capability on the list.

2) If the sending agent has no such list of capabilities but has received one or more messages
from the receiver, then the outgoing message SHOULD use the same encryption algorithm as
was used on the last signed.
N
3) If the sending agent has no knowledge about the decryption capabilities and is willing to risk
that the receiver may not be able to decrypt the message, then the sending agent SHOULD use
triple DES.
4) If the sending agent has no knowledge about the decryption capabilities and is not willing to
U
risk that the receiver may not be able to decrypt the message, then the sending agent MUST
use RC2/40.
VT
6-21
6.2.4 S/MIME MESSAGES
• S/MIME makes use of a number of new MIME content types, which are shown in Table 6.7.
• All of the new application types use the designation PKCS.
I
R
YS
Table 6.7 S/MIME Content Types
6.2.4.1 SECURING A MIME ENTITY

• S/MIME secures a MIME entity with a signature, encryption, or both.
SB
• A MIME entity may be an entire message (except for the RFC 5322 headers), or if the MIME content
type is multipart, then a MIME entity is one or more of the subparts of the message.
• The MIME entity is prepared according to the normal rules for MIME message preparation.
• Then the MIME entity plus some security-related data, such as algorithm identifiers and certificates,
are processed by S/MIME to produce what is known as a PKCS object.
• A PKCS object is then treated as message content and wrapped in MIME (provided with appropriate
MIME headers).
TE
6.2.4.2 ENVELOPED DATA

• An application/pkcs7-mime subtype is used for one of four categories of S/MIME processing, each
with a unique smime-type parameter.
• In all cases, the resulting entity (referred to as an object) is represented in a form known as Basic
Encoding Rules (BER), which is defined in ITU-T Recommendation X.209.
O
• The steps for preparing an envelopedData MIME entity are

1) Generate a pseudorandom session key for a particular symmetric encryption algorithm
(RC2/40 or triple DES).
2) For each receiver, encrypt the session key with the receiver’s public RSA key.
N
3) For each receiver, prepare a block known as ReceiverInfo that contains an identifier of the
receiver’s public-key certificate,3 an identifier of the algorithm used to encrypt the session
key, and the encrypted session key.
U
4) Encrypt the message content with the session key.
6.2.4.3 SIGNEDDATA
• The signedData smime-type can be used with one or more signers.
VT
• The steps for preparing a signedData MIME entity are

1) Select a message digest algorithm (SHA or MD5).
2) Compute the message digest (hash function) of the content to be signed.
3) Encrypt the message digest with the signer’s private-key.
4) Prepare a block known as SignerInfo that contains the signer’s publickey certificate, an
identifier of the message digest algorithm, an identifier of the algorithm used to encrypt the
message digest, and the encrypted message digest
6-22
6.2.4.4 CLEAR SIGNING
• Clear signing is achieved using the multipart content type with a signed subtype.
• This signing process does not involve transforming the message to be signed, so that the message is
sent “in the clear.”
• Thus, receivers with MIME capability but not S/MIME capability are able to read the incoming
message.
6.2.4.5 REGISTRATION REQUEST

• Typically, an application or user will apply to a certification authority for a public-key certificate.
• The application/pkcs10 S/MIME entity is used to transfer a certification request.
I
6.2.4.6 CERTIFICATES-ONLY MESSAGE
R
• A message containing only certificates or a certificate revocation list (CRL) can be sent in response to
a registration request.
• The message is an application/pkcs7-mime type/subtype with an smime-type parameter of
degenerate.
YS
• The steps involved are the same as those for creating a signedData message, except that there is no
message content and the signerInfo field is empty.
6.2.5 S/MIME CERTIFICATE PROCESSING

• S/MIME uses public-key certificates that conform to version 3 of X.509.
• The key-management scheme used by S/MIME is in some ways a hybrid between a strict X.509
SB
certification hierarchy and PGP’s web of trust.
• As with the PGP model, S/MIME managers and/or users must configure each client with a list of
trusted keys and with certificate revocation lists.
6.2.5.1 USER AGENT ROLE

• An S/MIME user has several key-management functions to perform.
1) Key generation
TE
• The user of some related administrative utility (e.g., one associated with LAN management) MUST be
capable of generating separate Diffie-Hellman and DSS key pairs and SHOULD be capable of
generating RSA key pairs.
• Each key pair MUST be generated from a good source of nondeterministic random input and be
protected in a secure fashion.
• A user agent SHOULD generate RSA key pairs with a length in the range of 768 to 1024 bits and
O
MUST NOT generate a length of less than 512 bits.

2) Registration
• A user’s public-key must be registered with a certification authority in order to receive an X.509
public-key certificate.
N
3) Certificate storage and retrieval

• A user requires access to a local list of certificates in order to verify incoming signatures and to
encrypt outgoing messages.
• Such a list could be maintained by the user or by some local administrative entity on behalf of a
U
number of users.
VT
6-23
6.2.5.2 VERISIGN CERTIFICATES
• VeriSign provides a CA service that is intended to be compatible with S/MIME and a variety of other
applications.
• VeriSign issues X.509 certificates with the product name VeriSign Digital ID.
• The information contained in a Digital ID depends on the type of Digital ID and its use.
• At a minimum, each Digital ID contains
→ Owner’s public-key
→ Owner’s name or alias
→ Expiration date of the Digital ID
→ Serial number of the Digital ID
→ Name of the certification authority that issued the Digital ID
I
→ Digital signature of the certification authority that issued the Digital ID
R
• Digital IDs can also contain other user-supplied information, including
→ Address
→ E-mail address
→ Basic registration information (country, zip code, age, and gender)
YS
• VeriSign provides three levels, or classes, of security for public-key certificates, as summarized in
Table 6.8.
SB
TE
O
N
U
Table 6.8 Verisign Public-Key Certificate Classes

VT
6-24
6.2.6 ENHANCED SECURITY SERVICES
• Three enhanced security services are proposed in an Internet draft.
1) Signed Receipts
• A signed receipt may be requested in a SignedData object.
• Returning a signed receipt
→ provides proof of delivery to the originator of a message and
→ allows the originator to demonstrate to a third party that the receiver received the message.
2) Security Labels
• A security label may be included in the authenticated attributes of a SignedData object.
• A security label is a set of security information regarding the sensitivity of the content that is
protected by S/MIME encapsulation.
I
• The labels may include
R
→ access control that indicates which users are permitted access to an object.
→ priority that describes which kind of people can see the information (e.g., patient’s health-
care team, medical billing agents, etc.).
3) Secure Mailing Lists
YS
• When a user sends a message to multiple receivers, a certain amount of per-receiver processing is
required. This work can be performed by using a Mail List Agent (MLA).
• An MLA can
→ take a single incoming message
→ perform the receiver-specific encryption for each receiver, and
→ forward the message.
SB
• The originator of a message need only send the message to the MLA with encryption performed using
the MLA’s public-key.
TE
O
N
U
VT
6-25

Cir 1634

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cir 1634

Hochgeladen von

Copyright:

Verfügbare Formate

INFORMATION AND NETWORK SECURITY

(Common to CSE & ISE)

Subject Code: 10CS835 I.A. Marks : 25

UNIT 2: FIREWALLS AND VPNS

UNIT 3: IDPS AND OTHER SECURITY TOOLS

UNIT 2: FIREWALLS AND VPNS

UNIT 2: FIREWALLS AND VPNS

2.1.1.1 Packet Filtering Firewall

Figure 2-1 Packet-Filtering-router

Table 2-1 Sample Firewall-rule and Format

2.1.1.2 Application Gateway

• It operates at the application-layer of the OSI-model.

it stores the most recently accessed pages in the internal cache.

2.1.1.3 Circuit Gateway

2.1.1.4 MAC Layer Firewall

2.1.2 Firewall Categorized by Generation

 The security-kernel contains 3 components:

→ reads the header

2.1.3.2 Commercial Grade Firewall System

• It consists of application-software that is configured for the firewall-application.

2.1.3.3 SOHO Firewall Appliance

• It connects the user’s LAN/computer to the DSL-router provided by the ISP.

2.1.3.4 Residential Grade Firewall Software

• For example: antivirus

2.1.4.2 Screened Host Firewall

Figure 2-3 Screened Host Firewall

2.1.4.3 Dual Homed Firewall

• NAT is used for implementation of this architecture (Figure 2-4).

Table 2-3 Reserved Non-routable Address-ranges

Figure 2-5 Screened Subnet (DMZ)

2.1.6.1 Best Practices for Firewall

• So, ICMP should be turned off to prevent snooping.

→ to prevent attackers from taking down the organization’s entire network.

internal-networks through the proxy server or DMZ.

2.2.1 Remote Access

2.2.1.1 RADIUS, Diameter and TACACS

Figure 2-6 RADIUS Configuration

• It is an emerging alternative derived from RADIUS.

• Diameter based devices are emerging into the marketplace.

Figure 2-7 Kerberos Login

→ more scalable encryption systems

2.2.2.1 Transport Mode

Figure 2-9 Transport Mode VPN

• There are two popular uses for transport mode VPNs:

UNIT 3: INTRUSION-DETECTION AND PREVENTION SYSTEMS,

3.1 Intrusion-detection and Prevention Systems

3.3 Scanning and Analysis Tools

3.3.3 Operating System Detection Tools

UNIT 3: INTRUSION-DETECTION AND PREVENTION SYSTEMS,

3.1 Intrusion-detection and Prevention System (IDPS)

• The confidence value is based on experience and past performance measurements.

3.1.2 Why Use an IDPS?

→ how the attack occurred

→ to remedy deficiencies and

• This information may be used to catch the attacker for punishment.

3.1.3.1.1 Wireless NIDPS(WIDPS)

→ Unusual usage patterns

• Some issues associated with the implementation of WIDPS:

• Public areas includes conference rooms, assembly areas, and highways.

3.1.3.1.2 Network Behavior Analysis System(NBA IDPS)

3.1.4.1 Signature-Based IDPS (Sig IDPS)

3.1.4.2 Statistical Anomaly-Based IDPS (Stat IDPS)

1) It requires much more overhead and processing capacity than sig-IDPSs.