NETWORK

SECURITY
PTIIK - 2012

Networking at a glance
Discrete Mathematics Operating Systems C mp!ter Net" r#s Net" r# Sec!rity $%&ance Net" r#ing Net" r# $nalysis M!ltime%ia Net" r#ing Net" r# 'r gramming

Distri(!te% Systems System $%ministrati ns

01 INTRODUCTION

C !rse Design

Classes

) Cre%its 1 Cre%its ) Str!ct!re% Tas# 1 Mi%term Test 1 0inal Test +)0 .+/0 .+/0 .-

E*ercises +assistant re,!ire%

E&al!ati n

01 INTRODUCTION

Re1erences

D !ligeris2 Christ s 3 4Net" r# Sec!rity 3 Current Status and Features Directions 5 2 6 hn Wiley 7 S ns 2 )008 Ki99a2 6 seph Migga3 4C mp!ter Net" r# Sec!rity5 2 Springer2 )00: Cana&an2 6 hn E 3 40!n%amentals 1 Net" r# Sec!rity5 2 $rtech ; !se 2 )001 C le2 Eric 3 4Net" r# Sec!rity <i(le5 2 6 hn Wiley 7 S ns 2 )00:
01 INTRODUCTION

Re1erences
= S# !%is2 E%"ar%3 4C !nter ;ac# Rel a%e%3 $ Step>(y>Step ?!i%e t C mp!ter $ttac#s an% E11ecti&e De1enses Sec n% E%iti n5 2 'rentice ;all 2 )00@ = M g ll n2 Man!el3 4Crypt graphy an% Sec!rity Ser&ices 3 Mechanisms an% $pplicati ns5 2 Cy(ertech 2 )008 = Rhee2 Man A !ng3 4Internet Sec!rity2 Crypt graphic 'rinciples2 $lg rithms an% 'r t c ls5 2 6 hn Wiley 7 S ns 2 )00B
01 INTRODUCTION

C !rse C ntent

01 Intr %!cti n
1C1 1C) 1CB 1C/ S me Termin l gy Net" r# Sec!rity $ttac#s S !rces 1 Sec!rity Threats Sec!rity Threat
M ti&es Management C rrelati n $"areness

1C/C1 1C/C) 1C/CB 1C/C/

01 INTRODUCTION

0 C!rrent State'orld( &Connected

Control system s utom o*ile )om e ppli nces Sm rt C rds Cellul r phone

/o'er supply

The Intern et

#1I2 ,ur cti$ities

Tr 00ic control

"$i tion ser$ices +edic l ser$ices 1in nci l ser$ices

,nline * n.ing "T+

#eser$ tion tic.eting

Copyright (C) 2010 Suguru Y m guchi! "ll #ights #eser$ed%

32
01 INTRODUCTION

0 C!rrent State

01 INTRODUCTION

0 C!rrent State

01 INTRODUCTION

0 C!rrent State

01 INTRODUCTION

0 C!rrent State

01 INTRODUCTION

0 C!rrent State
= T p>: M st In1ecte% We(sites
= <l gs an% We( c mm!nicati nsC = ; stingD'ers nal h ste% sitesC = <!sinessDEc n myC = Sh ppingC = E%!cati n an% Re1erenceC

01 INTRODUCTION

C!rrent State
= We( (ase% attac#s increase% (y B@. "ith &er /2:00 ne" attac#s each %ayC = /0B milli n ne" &ariants 1 mal"are "ere create% in )0112 a /1. increase 1 )010C = S'$M & l!mes %r ppe% (y 1B. in )011 &er rates in )010C = BE. 1 mal"are attac#s &ia email !se% a lin# t a "e( pageC = M (ile &!lnera(ilities c ntin!e% t rise2 "ith B1: %isc &ere% in )011C
01 INTRODUCTION

1C1 S me Termin l gy
= De1initi n 1 network security can (e c nstr!cte% (y %e1ining its t" c mp nents2 security an% networks. = Security can (e %e1ine% as 1 ll "s3
= $ sit!ati n "ith n ris#2 "ith n sense 1 threatC = The pre&enti n 1 ris# r threatC = The ass!rance 1 a sense 1 c n1i%ence an% certaintyC

01 INTRODUCTION

1C1 S me Termin l gy
= Security2 is %escri(e% thr !gh the acc mplishment 1 s me (asic sec!rity pr perties2 namely confidentiality2 integrity2 an% availability 1 in1 rmati nC
= Confidentiality is the pr perty 1 protecting information from all n n>inten%e% r unauthorized users. = Integrity is the pr perty 1 protecting the c ntent 1 information from alteration (y !na!th ri9e% !sers.

01 INTRODUCTION

1C1 S me Termin l gy
= Availability is the pr perty 1 protecting information from non authorized temporary or permanent withholding 1 in1 rmati nC

= Other (asic pr perties 1 sec!rity is authentication an% nonrepudiationC

= Authentication is %i&i%e% int peer-entity a!thenticati n an% data origin a!thenticati nC
= peer-entity a!thenticati n is the pr perty 1 ensuring the identity 1 an entity + r s!(Fect-2 iCeC h!man2 machine2 r s 1t"areC data-origin a!thenticati n is the pr perty 1 ensuring the source 1 in1 rmati nC
01 INTRODUCTION

1C1 S me Termin l gy
= Nonre udiation is the pr perty 1 ensuring that principals that ha&e c mmitte% t an acti n cannot deny that commitment at a latter timeC

= In practical appr ach2 !ecurity involves the protection of information assets

= A!!et! may (e
= = = physical +c mp!ters2 net" r# in1rastr!ct!re elements2 (!il%ings h sting e,!ipment-2 data +electr nic 1iles2 %ata(ases-2 r software +applicati n s 1t"are2 c n1ig!rati n 1iles-C

01 INTRODUCTION

1C1 S me Termin l gy
= The pr tecti n 1 assets can (e achie&e% thr !gh se&eral security mechanisms2 that is2 aime% at the prevention2 detection2 r recovery 1 assets 1r m sec!rity threats an% vulnerabilities.
= Threat is any event that may harm an asset. When it is reali9e%2 system is !n%er attackC = "ulnerability is any characteristic in a system which makes an asset more vulnerable to threats C

01 INTRODUCTION

1C1 S me Termin l gy
= The combination of threats vulnerabilities and assets provides a !uantified and"or !ualified measure2 that #n "n as ri!kC

= Network !ecurity can (e c nsi%ere% thr !gh the achie&ement 1 t" sec!rity g als3
= computer system security2 t pr tect in1 rmati n assetsG an% = communication security2 t pr tect in1 rmati n %!ring its transmissi n

against unauthorized r malicious use as "ell as disclosure2 modification2 r destructionC

01 INTRODUCTION

1C) Net" r# Sec!rity $ttac#

= S me (asic net" r# sec!rity attac#s 3
= Eavesdropping2 an !na!th ri9e% intercepti n 1 net" r# c mm!nicati n an% the %iscl s!re 1 the e*change% in1 rmati n (y3
= = Sniffing2 in the net" r# layer2 r Wiretapping2 in physical layerC

= Logon A use2 (ypass the a!thenticati n an% access c ntr l mechanisms an% all " a !ser t (tain access "ith m re pri&ileges than a!th ri9e%C

01 INTRODUCTION

1C) Net" r# Sec!rity $ttac#

= Spoofing2 is the act 1 a s!(Fect asserting an i%entity that the s!(Fect has n right t !seC 0 r e*ample3 I' Sp 1ingC = Intrusion Attac!s 1 c!s n !na!th ri9e% !sers gaining access t a &!lnera(le system thr !gh the net" r#C = "i#ac!ing Attac!s2 attempts t gain !na!th ri9e% access t a system (y !sing a legitimate entityHs e*isting c nnecti nC

01 INTRODUCTION

1C) Net" r# Sec!rity $ttac#

= $enia%-of-Service &$oS' Attac!s2 attempts t e*ha!st the net" r# r ser&er res !rces in r%er t ren%er it !seless 1 r legitimate h sts an% !sersC S me "ell #n "n D S attac#s3
= S() Attac!# In a SAN attac#2 the attac#er e*pl its the ina(ility 1 a ser&er pr cess t han%le !n1inishe% c nnecti n re,!estsC Ping of $eat*# $n early D S attac# in "hich an attac#er sen%s a ping re,!est that is larger than @/K(2 "hich is the ma*im!m all "e% si9e 1 r the I'2 ca!sing the system t crash r restartC

01 INTRODUCTION

1C) Net" r# Sec!rity $ttac#

= App%ication-Leve% Attac!s+ These attac#s are c ncerne% "ith the e*pl itati n 1 "ea#nesses in the applicati n layer an% really 1 c!s n intr!si n attac#s in m st casesC E*amples 1 these attac#s incl!%e3
= = = = = malicious software attacks #viruses Tro$ans etc.% &eb server attacks remote command e'ecution Structured (uery )anguage #S()% in$ection2 an% cross-site scripting #*SS%C

01 INTRODUCTION

1CB S !rces 1 Sec!rity Threats

= The sec!rity threat t c mp!ter systems springs 1r m a n!m(er 1 1act rs that incl!%e3
= "ea#nesses in the net" r# in1rastr!ct!re an% c mm!nicati n pr t c ls2 = the gr "th 1 the hac#er c mm!nity2 = the &!lnera(ility in perating system pr t c ls2 = the insi%er e11ect res!lting 1r m " r#ers "h steal an% sell %ata 1 the c mpany2 = s cial engineering2 = physical the1t2 etcC
01 INTRODUCTION

1CB S !rces 1 Sec!rity Threats

1CBC1 Design 'hil s phy
= The gr "th 1 the Internet an% cy(erspace in general "as (ase% n an open arc*itecture ,or! in progress phil s phyC = T*e %ac! 1 a compre*ensive %ueprint an% the demand-driven design an% deve%opment of protoco%s are ca!sing the e&er present "ea# p ints an% l ph les in the !n%erlying c mp!ter net" r# in1rastr!ct!re an% pr t c lsC

01 INTRODUCTION

1CB S !rces 1 Sec!rity Threats

1CBC) In1rastr!ct!re an% 'r t c l Wea#nesses
= $s pac#ets are di-assembled2 transmitted2 an% reassembled2 then there are areas "here2 thr !gh port scans2 %etermine% !sers ha&e manage% t intrude2 penetrate2 fool2 an% intercept the pac#etsC = Initial c mm!nicati n pr cess2 calle% three way handshake that in& l&es a port number2 s!11ers 1r m a half-open s c#et pr (lem as it lea&e an pen p rt 1 r 1!rther c mm!nicati nC

01 INTRODUCTION

1CB S !rces 1 Sec!rity Threats

= +acket transmissions (et"een net" r# elements can (e intercepted an% their contents altered s!ch as in initial se!uence number attack. = In1rastr!ct!re &!lnera(ility attac#s als incl!%e session attacks2 packet sniffing2 buffer overflow2 an% session hi$ackingC

1CBCB Rapi% ?r "th 1 Cy(erspace

= $s m re an% m re pe ple enF ye% the p tential 1 the Internet2 S!ch in%i&i%!als ha&e p se% a p tential ris# t the in1 rmati n c ntent 1 the Internet an% s!ch a sec!rity threat has t (e %ealt "ithC
01 INTRODUCTION

1CB S !rces 1 Sec!rity Threats

1CBC/ The ?r "th 1 the ;ac#er C mm!nity
= The n!m(er ne c ntri(!t r t the sec!rity threat 1 c mp!ter an% telec mm!nicati n net" r#s is the gr "th 1 the hac#er c mm!nityC

1CBC:

Operating Systems I!lnera(ility

= the greatest sec!rity threat t gl (al c mp!ter systems is the area 1 s 1t"are err rs especially net" r# perating systems err rsC

01 INTRODUCTION

1CB S !rces 1 Sec!rity Threats

1CBC@ The In&isi(le J Insi%er E11ect
= 8: percent 1 the IT managers in%icate% they (elie&e% a!th ri9e% !sers an% empl yees represent a threat t the sec!rity 1 their systemsC = Its 1 !n% that in small c mpanies2 B) percent 1 the " rst inci%ents "ere ca!se% (y insi%ers2 an% that n!m(er F!mps t /K percent in large c mpaniesC

01 INTRODUCTION

1CB S !rces 1 Sec!rity Threats

1CBC8 S cial Engineering
= S cial engineering c nsists 1 an array 1 meth %s an intr!%er s!ch as a hac#er2 ( th 1r m "ithin r !tsi%e the rgani9ati n2 can !se t gain system a!th ri9ati n thr !gh mas,!era%ing as an a!th ri9e% !ser 1 the net" r#C

1CBCK

'hysical The1t

= Th !san%s 1 c mpany e*ec!ti&e lapt ps an% 'D$ %isappear e&ery year "ith years 1 c mpany secrets

01 INTRODUCTION

1C/ Sec!rity Threats

1C/C1 M ti&es
= Terrori!$2 electr nic terr rism is !se% t attac# military installati ns2 (an#ing2 an% many ther targets 1 interestC = E! ionage2 gaining access t highly classi1ie% c mmercial in1 rmati nC = "endetta r re&engeC = Notoriety2 pr &ing hac#ing c mpetenciesC = %reed2 Many intr!%ers int c mpany systems % s t gain 1inancially 1r m their actsC
01 INTRODUCTION

1C/ Sec!rity Threats

1C/C) Management
= Sec!rity threat management is a techni,!e !se% t m nit r sec!rity systems in real>time t re&ie" rep rts 1r m the m nit ring sens rs s!ch as the intr!si n %etecti n systems2 1ire"all2 an% ther scanning sens rsC = It is imp rtant 1 r the resp nse team t st!%y the ris#s as sens r %ata c me in an% %eci%e "hich threat t %eal "ith 1irstC = 0 rensic analysis is % ne a1ter a threat has (een i%enti1ie% an% c ntaine%C
01 INTRODUCTION

1C/ Sec!rity Threats

1C/CB C rrelati n
= Sec!rity teams ha&e t re%!ce the turnaround time- the time (et"een the start 1 an inci%ent an% the receipt 1 the 1irst rep rts 1 the inci%entC = Threat c rrelati n2 there1 re is the techni!ue designed to reduce the turnaround time by monitoring all network sensor dataC = In 1act threat c rrelati n helps in3
= = = re%!cing 1alse p siti&es2 re%!cing 1alse negati&es2 &eri1ying sens r per1 rmance an% a&aila(ilityC
01 INTRODUCTION

1C/ Sec!rity Threats

= The ,!ality 1 %ata c ming 1r m the sens r l gs %epen%s n se&eral 1act rs incl!%ing3
= = = Collection2 the c llecti n techni,!es speci1y h " the %ata is t (e analy9e%C Con!olidation2 it is imp rtant t 1in% g % techni,!es t 1ilter !t rele&ant %ata an% c ns li%ate sens r %ataC Correlation2 a g % %ata mining scheme m!st (e !se% 1 r appr priate ,!eriesC

01 INTRODUCTION

1C/ Sec!rity Threats

1C/C/ $"areness
= Sec!rity threat a"areness is meant t (ring "i%esprea% an% massi&e attenti n 1 the p p!lati n t the sec!rity threatC

01 INTRODUCTION