Beruflich Dokumente
Kultur Dokumente
Internet security
The object of this document is to study the issue of security on the Internet. This is aimed at any network administrator concerned in the security of his network. This report contains four main parts. First of all, a brief history of the Internet and its security problem will introduce the reader to this issue in which interest is increasing as well as the Internet. Then, the consequences of a lack of security in organisations will show the importance of this new problem. The breaches and how hackers work will be the next section. And finally, the ways to secure the unsecured will close this dissertation and stress the fact that it is very difficult to make the Internet secure. Moreover, a small conclusion will deal with the existing legislation about the security on the Internet. This report is meant to provide some background to the subject for people interested in this new issue This study does not required advanced skills of computing, however a basic knowledge of UNIX and networking would be helpful to the reader. You can also read the French version of this essay. Please, for any queries or comments: xtream@online.fr Copyright Xtream.
ACKNOWLEDGEMENTS
I am grateful to a number of people for their assistance during the preparation of this dissertation. Among them I am especially thankful to my supervisor, Sharon Morgan, who has been guiding me for the plan and the layout of this document, George Cormack and Anna Stevenson who have corrected my grammar mistakes. I would also like to thank the worldwide Internet community which helped me to find some critical data about the Internet security.
CONTENTS
ABSTRACT ACKNOWLEDGEMENTS CONTENTS CHAPTER 1: INTRODUCTION CHAPTER 2: BRIEF HISTORY OF THE INTERNET AND ITS SECURITY PROBLEMS CHAPTER 3: INTERNET SECURITY ISSUES IN ORGANISATIONS 3.1 Hacked advertising 3.1.1 U.S. administrations 3.1.2 Other organisations 3.2 Industrial and military espionage 3.3 Business integrity 3.4 System disabling CHAPTER 4: BREACHES AND HOW HACKERS WORK 4.1 Introduction 4.1.1 Definition of a hacker 4.1.2 Network file system 4.2 Social engineering 4.3 Password cracking 4.4 Packet and password sniffing 4.5 IP spoofing 4.6 Trojan Horses 4.7 Worms 4.8 Trap Door or back door 4.9 TCP-SYN flooding 4.10 Conclusion CHAPTER 5: WAYS TO SECURE THE INSECURED 5.1 Internet firewalls 5.1.1 What is a firewall ? 5.1.2 What can a firewall not do? 5.1.3 Conclusion 5.2 Password protection and generation of safe passwords 5.2.1 Shadow password 5.2.2 Generation of secure passwords 5.3 Encryption 5.3.1 Asymmetric or public key encryption 5.3.2 Symmetric encryption 5.3.3 PGP
xtream.online.fr/project/security.html 1/12
4/11/12
Internet security
5.4 IP spoofing and SYN-flooding 5.5 Security auditing tools 5.6 Security through obscurity 5.7 IP Restriction 5.8 Education and awareness CHAPTER 6: CONCLUSION REFERENCES
CHAPTER 1: INTRODUCTION
Experts are forecasting that by the year 2000 some 200 million users will be accessing the Internet world-wide and the London-based Electronic Commerce Association (ECA) forecasts that electronic commerce will grow by 50 percent annually, reaching 100 billion by 2002, with the number of companies accessing the web rising from 1.3 million at the end of 1997 to 8 million by 2001. The nature of computing has changed tremendously over the last few years. As computers and networks have become cheaper and more powerful, they have also become more ubiquitous. One unfortunate side effect of these changes is that computer crime has become much more common. A brief history of the Internet and its security problems is given in the first chapter. It introduces the Internet to the reader. Then, chapter 2 covers the main issue of Internet security in organisations. Chapter 3 presents the way hackers work and the weak points of the Internet security. Chapter 4 describes the methods used to improve this security. The research of documentation has mainly been done on the Internet. However, some books and computer magazines have helped me complete an exhaustive search. I also interviewed a security consultant to a French Internet provider who gave me some technical advice about the implementation of the security on a UNIX system.
4/11/12
Internet security
In 1995, the WWW becomes the most popular service on the net. Hong Kong police disconnect all but 1 of the colony's Internet providers in search of a hacker. 10,000 people are left without Net access. The JAVA and JAVAscript languages are spread on the Internet and are inserted into the web browsers. Authors of these languages claims they are highly secure, but several university students find bugs of security in them. Internet security becomes a real issue as there are increasing problems over the net. Further details about the history of the Internet can be found in the Short History of the Internet [1] and The Roads and Crossroads of Internet's History [2].
4/11/12
Internet security
the MILNET (the Internet segment reserved for military uses). The hacled documents were sold to the KGB. [9] The Gartner Group's William Malik says that one of his clients, a large manufacturing company, lost a $900 million dollar bid to a competitor which had apparently cracked the company's computers and learned about its bid. [10] Examples of this sort are abundant in the world of the Internet. However, a good number of these attacks are not reported to the public because they are concealed by the company or they are not detected by the network administrator of the firm.
4.1 Introduction
First of all, we will learn what the definition of a "hacker" is. Subsequently, a short explanation about the network file system will be useful for the understanding of the rest of this report.
4/11/12
Internet security
system. [13]
4.5 IP spoofing
The IP address of a host is presumed to be valid and is therefore trusted by TCP and UDP services. A problem is that, using IP source routing, an attacker's host can masquerade as a trusted host or client. Briefly, IP source routing is an option that can be used to specify a direct route to a destination and return path back to the origination. The route can involve the use of other routers or hosts that normally would not be used to forward packets to the destination. An example of how this can be used such that an attacker's system could masquerade as the trusted client of a particular server is as follows: The attacker would change his host's IP address to match that of the trusted client, The attacker would then construct a source route to the server that specifies the direct path the IP packets should take to the server and should take from the server back to the attacker's host, using the trusted client as the last hop in the route to the server, The attacker sends a client request to the server using the source route, The server accepts the client request as if it came directly from the trusted client and returns a reply to the trusted client, The trusted client, using the source route, forwards the packet on to the attacker's host. Many UNIX hosts accept source routed packets and will pass them on as the source route indicates. Many routers will accept source routed packets
xtream.online.fr/project/security.html 5/12
4/11/12
Internet security
as well, whereas some routers can be configured to block source routed packets. An even simpler method for spoofing a client is to wait until the client system is turned off and then impersonate the client's system. In many organisations, staff members use personal computers and TCP/IP network software to connect to and utilise UNIX hosts as a local area network server. The personal computers often use NFS to obtain access to server directories and files (NFS uses IP addresses only to authenticate clients). An attacker could, after hours, configure a personal computer with the same name and IP address as another's, and then initiate connections to the UNIX host as if it were the "real" client. This is very simple to accomplish and likely would be an insider attack. Electronic mail on the Internet is also particularly easy to spoof and, without enhancements such as digital signatures, generally can not be trusted. As a brief example, consider the exchange that takes place when Internet hosts exchange mail. The exchange takes place using a simple protocol consisting of ASCII-character commands. An intruder easily could enter these commands by hand by using TELNET to connect directly to a system's Simple Mail Transfer Protocol (SMTP) port (port 25 on UNIX systems). The receiving host trusts that the sending host is who it says it is, thus the origin of the mail can be spoofed easily by entering a sender address that is different from the true address. As a result, any user, without privileges, can falsify or spoof e-mail. Other services, such as Domain Name Service, can be spoofed, but with more difficulty than electronic mail. These services still represent a threat that needs to be considered when using them. [14]
4.7 Worms
A worm is an autonomous agent capable of propagating itself without the use of another program or any action by a person. The most famous worm attack occurred in November 1988, when a student launched a program on the Internet which was able to develop itself through the hosts network. Within 8 hours between 2 and 3 thousand computers were infested. Computers began to shut down because worm programs reappeared over network connections faster than they could be deleted. What exactly did the worm do? The worm infested only computers running one particular UNIX operating system. Each worm began by creating a list of remote target machines from information found in the current host. In parallel the worm would: Attempt to find the passwords of user accounts by trying permutations of the account name checking a list of 432 passwords checking all the words in a local dictionary, and Attempt to enter each target by posing as a user (after cracking the user's password) using a "bug" in the finger protocol and using a "trapdoor" in the debug option for processing e-mail. When an attack worked the worm sent a short bootstrap program and the commands to compile and execute it then broke the connection. If the bootstrap worked the new computer called back the parent worm within 120 seconds and files containing the full worm code was sent to the new computer. The parent worm issued commands to construct and start the worm on the new machine. The worm also contained mechanisms to limit its own population on a single machine and camouflage its presence. [15] Worms attacks are rare, but it is still a method used by hackers when a new bug is found on an OS. This has the "advantage" of being able to hack a lot of sites in little time.
4/11/12
Internet security
original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources. Almost every time, when a hacker leaves a system, he leaves behind one or several backdoors to be able to come back whenever he wants. It is why when a system has been hacked it is safer to check all the system files or re-install the operating system.
4.10 Conclusion
There are also plenty of other attack methods but they are very technical for a non-advanced UNIX user. Here is a short list of some of them: Sendmail attack: attack via the mail system on port 25 NIS and NFS attack FTP attack: attack via the ftp port (21) Telnet attack: attack via the telnet port (23) Rlogin and rsh attack This is not an exhaustive list, because there are probably many attacks that have not been disclosed.
4/11/12
Internet security
A firewall is a form of access-control technology that prevents unauthorised access to information resources by placing a barrier between an organisation's network and an unsecured network (e.g. Internet). A firewall is also used to prevent the unauthorised export of proprietary information from a corporate network. In other words, a firewall functions as a gateway, controlling traffic in both directions. The typical firewall is an inexpensive micro-based UNIX box kept clean of critical data, with a bunch of modems and public network ports on it but just one carefully watched connection back to the rest of the cluster. The special precautions may include threat monitoring or call-back. Some firewalls permit only Email traffic through them, thereby protecting the network against any attacks other than attacks against the Email service. Other firewalls provide less strict protections, and block services that are known to be problems. [17] Generally, firewalls are configured to protect against unauthenticated interactive logins from the "outside" world. This, more than anything, helps prevent vandals from logging into machines on the internal network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network borne attack. Firewalls are also important since they can provide a single "choke point" where security and audit can be imposed. Unlike in a situation where a computer system is being attacked by someone dialling in with a modem, the firewall can act as an effective "phone tap" and tracing tool.
5.1.3 Conclusion
There are plenty of sorts of firewalls. However the main part of them are a piece of software installed on the router of the company or on another host. But there are also hardware firewalls. It is an electronic board which is plugged inside the computer. There are different role for a firewall. Some are packet filtering router, dual-home gateway, bastion host, etc ... There is also a wide range of firewalls for each operating system: UNIX, Novell Netware, Windows NT, LINUX, and so on ... Nowadays, firewalls are a good rampart against hackers. However, if a firewall is not installed properly, it could be worth than not having one due to a false sense of security.
4/11/12
Internet security
5.3 Encryption
Encryption is the cryptographic methods and the technology which permits users to send messages that can be understood (decrypted) only by the intended recipient, improving controls on routing messages over the Internet, and improving operating system quality to decrease program flaws and other security vulnerabilities. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
xtream.online.fr/project/security.html
9/12
4/11/12
Internet security
5.3.3 PGP
This is a program for encrypting messages developed by Philip Zimmerman. PGP is one of the most common ways to protect messages on the Internet because it is effective, easy to use, and free. PGP is based on the public-key method, which uses two keys: one is a public key that you disseminate to anyone from whom you want to receive a message, the other is a private key that you use to decrypt messages that you receive. To encrypt a message using PGP, you need the PGP encryption package, which is available for free from a number of sources (the official repository is at the Massachusetts Institute of Technology). PGP is such an effective encryption tool that the US government actually brought a lawsuit against Zimmerman for putting it in the public domain and hence making it available to enemies of the U.S. After a public outcry, the US lawsuit was dropped, but it is still illegal to use PGP in many other countries. Encryption is the most effective way to achieve data security, ensure data integrity and confidentiality.
5.7 IP Restriction
IP Restriction is a very common thing to do to limit a user to parts of the server. By allowing only a few IP address to other parts of the server, a hacker will not be granted access to areas where he or she can cause damage. [21]
4/11/12
Internet security
access via a hole in the operating system or can be used as a gateway to hack other sites. The user is then responsible for this. - A good step is to take strict measures to make users aware of the importance of their password by encourage them to: changing their password after the first login. - not sharing their account - protecting their password i.e. be careful while typing the password - changing their password regularly, and especially after logging into the account from a remote machine. - choosing secure passwords Another good way to imply users for the security is to make them sign a charter of responsibility and good behaviour on the Internet. The security is the business of everybody on a system: the administrator as well as the users. And the role of the administrator is to educate his users to security.
CHAPTER 6: Conclusion
As Internet security is a recent issue, the legislation about it is quite rare. The US federal networking council wrote a draft on the Internet security in 1995. This defines where the responsibilities of users of the Internet lie: the user, the management of multi-user hosts and Internet facilities, the system administrators, the Federal Networking Council, the Vendors and System Developers, the Computer Network and Service Providers. Further details about the US legislation can be found on the website of the US federal networking council [22]. The best solution for the Internet security is encryption. But many countries' governments do not approve this technique because it is a danger to the state security and governments can not control the information. So, it is why in the U.S. the public key encryption is only allowed with a 48-bit key. In other countries such as France and Singapore, encryption is banned. Now, corporations want to choose the strong security features that they need to protect information being communicated in electronic commerce. While there is not and never will be a fool proof secure network, we can protect ourselves from the majority of the problems associated with the Internet. As the Internet continues to grow in popularity, it will surely grow with statistics of fraud, break in, and plain mischief. If you don't want to take the risk, turn off your computer now. "The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it." Gene Spafford This document has dealt with the Internet security issues and has described the main techniques hackers use to achieve their kicks. The last chapter has described the methods used to improve the security. The documentation was sometimes particularly difficult to find, especially that dealing with tricks hackers use to break into hosts. Moreover, I learned a lot of interesting things on the subject and it made me aware of this new important issue.
REFERENCES
[1] Sterling B Short History of the Internet http://www.forthnet.gr/forthnet/isoc/short.history.of.internet [2] Gromov G R The Roads and Crossroads of Internet 's History http://www.internetvalley.com/intval.html [3] - Internet site of the TV channel CNN http://www.cnn.com 29 - December 1996 [4] - Hacked page published in the 2600 magazine http://www.2600.com/hacked_pages/ [5] - Internet site of the newspapers BangkokPost http://www.bangkokpost.net - 3 march 1997 [6] - Hacked page published in the 2600 magazine http://www.2600.com/hacked_pages/ [7] - Hacked page published in the 2600 magazine http://www.2600.com/hacked_pages/ [8] - Internet site of the TV channel CNN http://www.cnn.com - 2 march 1997 [9] Clifford The Cuckoo's Egg, Doubleday, Stoll, 1989 [10] - Newsweek, 2/6/95, p.36 [11] - Internet security: IBM, Mastercard and DPS complete first end-to-end secure electronic transaction over Internet EDGE, Jan 6 1997 [12] Wagner M Web attacks bring down servers, but business stay Computer World, Jan 6 1997 [13] Bryant R UNIX security, SAMS publishing, p53 [14] - IP Spoofing, CERT advisory team, 1995 http://www.deter.com/unix/papers/cert_ip_spoof.txt [15] Gromov G R The Roads and Crossroads of Internet 's History http://www.internetvalley.com/intval.html
xtream.online.fr/project/security.html 11/12
4/11/12
Internet security
[16] Joncheray L A Simple Active Attack Against TCP, 1995 http://www.physnet.uni-hamburg.de/provos/security/iphijack.txt [17] Ranum M Thinking About Firewalls http://www.deter.com/unix/papers/firewall_ranum.ps.gz [18] Klein D Foiling the Cracker http://www.abc.se/~jp/articles/computer/security/passwd2.txt [19] - RSA encryption system official site http://www.rsa.com [20] Farmer D The COPS Security Checker System,1994 http://www.deter.com/unix/papers/cops_dan_farmer.txt [21] Chapman D B Network (In)Security Through IP Packet Filtering, 1992 http://www.deter.com/unix/papers/packet_filt_chapman.ps.gz [22] - A Framework for Action, Federal Networking Council http://www.fnc.gov/fisp_sec_contents.html Please, for any queries or comments: xtream@online.fr Copyright Xtream.
xtream.online.fr/project/security.html
12/12