BLOGGER TEMPLATES AND TWITTER BACKGROUNDS »

Monday, October 26, 2009

Lec 10:Legal And Ethical Issue In Computer Security

INTRODUCTION

To know what protection the provides for computer and data to appropriate laws that protect the right of other with respect to computer, program and data, and to understand how existing laws provide a basis for recommending new laws to protect computers, data and computer.

Law is not always the appropriate way to deal with issues of human behavior.

LEGAL AND ETHICAL

  • Law
    • Law is not always the appropriate way to deal with issue of human behavior.
    • Impossible or impractical to develop laws to describe and enforce all form or behavior acceptable to society.
    • Society relies on ethics or morals to prescribe generally accepted standards of proper behavior.
  • Ethics
    • An ethic is an objective defined standard of right and wrong.
    • Ethical standard are often idealistic principles.
    • Each person is responsible for deciding what to do in a specific situation, hence defines a personal set of ethical practies.
DIFFERENCES BETWEEN LAWS AND ETHICS

LAW
  • Formal, documented
  • Interpreted by courts
  • Established by legislature representing everyone
  • Applicable to everyone
  • Priority determined by courts if two laws conflict
  • Enforceable by police and courts
ETHIC
  • Described by unwritten principles
  • Interpreted by individuals
  • Presented by philosophers, religions, professional group
  • Personal choice
  • Priority determined by individual if two principles conflict
ETHIC CONCEPT IN INFORMATION SECURITY
  • ž
    žEthical Differences Across Cultures
  • Software License Infringement
  • Illicit use
  • Misuse of Corporate Resources
  • Ethics and Education
  • žDeterrence
PROTECTING PROGRAM AND DATA
  • Copyright
    • Are designed to protect the expression of idea.
    • Must apply to an original work and it must be in some tangible medium of expression. Example printed, recorded, or mode concrete in some other way.
    • must apply to an original work and it must be in some tangible medium of expression
  • Patents
    • Designed to protect the device pr process for carrying out an idea, not the idea itself.
    • Can valid only for something that is truly novel or unique.
    • The invention to be patented must not been previously patented.
    • Patented object may be marked with a patent number to warn others that the technology is patent.
  • Trade Secret
    • ¡must be kept a secret
    • the owner must protect the secret by any means, such as by storing it in a safe, encrypting it and by making employees sign a statement that they will not disclose the secret
    • trade secret protection can also vanish through reverse engineering
INFORMATION AND THE LAW
  • Information as an object

    • Information is valuable in that it is used in businesses and everyday life. Businesses pay for credit reports and client list. We also want inside information about competitors. Information does not fit other familiar commercial paradigms.

  • Features of information as an object
    • It is not depletable
    • It can be replicated
    • It has a minimal marginal cost
    • It's value if often timely
    • It is often tranferred intangibly
Right of Employees and Employers
  • Ownership of a Patent
  • Ownership of copyright
  • Work for Hire
  • Licenses
  • Trade Secret Protection
  • Employment Contracts
Computer Crimes
A separate category for computer crime is needed because of the following reason:
  • Rules of properties
  • Rules of Evidence
  • Threats to Integrity and Confidentiality
  • Value of Data
  • Acceptance of Computer Terminology
Privacy
Many ethical issue in security seem to be in the domain of individual's right to privacy verses to greater good of a larger entity. Example: tracking employee computer use, crowd surveillance and etc.

There are four ethical issues of information age:
  • Privacy
  • Accuracy
  • Property
  • Accessibility
Control Protecting Privacy
Several controls methods can be used to protect privacy:
  • Authentication
  • Anonymity
  • Computer Voting
  • Pseudonymity
  • Legal Control
Ethical Issues in Computer Security
  • Ethics and Religion
  • Ethics is not universal
  • Ethics Does Not Provide Answers
  • Ethical Reasoning
Examining a Case for Ethical Issue
  • Understand the situation
  • know several theories of ethical reasoning.
  • List the ethical principles involed
  • Determine which principles outweigh others.





Lec 9: Intrusion Detection System

Intruders

  • significant issue hostile/unwanted trespass from benign to serious
  • user trespass :unauthorized logon, privilege abuse
  • software trespass: virus, worm, or trojan horse
  • classes of intruders: masquerader, misfeasor, clandestine user

Examples of Intrusion

  • Remote root compromise
  • Web server defacement
  • Guessing / cracking passwords
  • Copying viewing sensitive data / databases
  • Running a packet sniffer
  • Distributing pirated software
  • Using an unsecured modem to access net
  • Impersonating a user to reset password
  • Using an unattended workstation


Security Intrusion & Detection


Security Intrusion

  • A security event, or combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.


Intrusion Detection

  • A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.


Hackers

The terms and hack are marked by contrasting positive and negative connotations. Computer programmers often use the words hacking and hacker to express admiration for the work of a skilled software developer, but may also use them in a negative sense to describe the production of inelegant . Some frown upon using hacking as a synonym for security cracking in distinct contrast to the larger kludges, wohacker rld, in which the word hacker is typically used to describe someone who "hacks into" a system by evading or disabling security measures.


Hacker Behavior Example

  • Select target using IP lookup tools
  • Map network for accessible services
  • Identify potentially vulnerable services
  • Brute force (guess) passwords
  • Install remote administration tool
  • Wait for admin to log on and capture password
  • Use password to access remainder of network


Criminal Enterprise

• Organized groups of hackers now a threat

– corporation / government / loosely affiliated gangs

– typically young

– often Eastern European or Russian hackers

– common target credit cards on e-commerce server

• Criminal hackers usually have specific targets

• Once penetrated act quickly and get out

• IDS / IPS help but less effective

• Sensitive data needs strong protection


Criminal Enterprise Behavior

1. act quickly and precisely to make their

activities harder to detect

2. exploit perimeter via vulnerable ports

3. use trojan horses (hidden software) to

leave back doors for re-entry

4. use sniffers to capture passwords

5. do not stick around until noticed

6. make few or no mistakes.


What is hacking?

  • Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)
  • Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK.
  • The key difference is that the ethical hacker has authorization to probe the target.


Intrusion Detection Systems

  • An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic.
  • An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).
  • An IDS can be composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.


IDS Terminology

Alert/Alarm- A signal suggesting a system has been or is being attacked.

True attack stimulus- An event that triggers an IDS to produce an alarm and react as though a real attack were in progress.

False attack stimulus- The event signaling an IDS to produce an alarm when no attack has taken place.

False (False Positive)- An alert or alarm that is triggered when no actual attack has taken place.

False negative- A failure of an IDS to detect an actual attack.

Noise- Data or interference that can trigger a false positive.

Site policy- Guidelines within an organization that control the rules and configurations of an IDS.

Site policy awareness- The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity.

Confidence value- A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.

Alarm filtering- The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.


Types of Intrusion-Detection systems

Network intrusion detection system (NIDS)

  • It is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts.
  • Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.


Protocol-based intrusion detection system (PIDS)

  • It consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system) and the server.
  • For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect.
  • Where HTTPS is in use then this system would need to reside in the "shim", or interface, between where HTTPS is un-encrypted and immediately prior to its entering the Web presentation layer.


Application protocol-based intrusion detection system (APIDS)

  • It consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols.
  • For example, in a web server with a database this would monitor the SQL protocol specific to the middleware/business logic as it transacts with the database.


Host-based intrusion detection system (HIDS)

  • It consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state.
  • An example of a HIDS is OSSEC.


Hybrid intrusion detection system

  • It combines two or more approaches.
  • Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.
  • Intrusion detection systems can also be system-specific using custom tools and honeypots.


IDS Principles

  • Assume intruder behavior differs from
    • legitimate users
      • expect overlap as shown
      • observe deviations
      • from past history
    • problems of:
      • false positives
      • false negatives
      • must compromise


Distributed Host-Based IDS


NIDS Sensor Deployment


Passive system vs. reactive system

  • Intrusion Prevention System (IPS), the IPS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source.
  • This can happen automatically or at the command of an operator. Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening.
  • Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network.
  • An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators.
  • A system which terminates connections is called an intrusion prevention system application layer firewall IDPS is commonly used to refer to hybrid security systems that both "detect" and "prevent".

Statistical anomaly and signature based IDSes

All Intrusion Detection Systems use one of two detection techniques: statistical anomaly based and/or signature based.

Statistical anomaly based IDS

  • A statistical anomaly based IDS establishes a performance baseline based on normal network traffic evaluations.
  • It will then sample current network traffic activity to this baseline in order to detect whether or not it is within baseline parameters.
  • If the sampled traffic is outside baseline parameters an alarm will be triggered.

Signature based IDS

  • Network traffic is examined for preconfigured and predetermined attack patterns known as signatures. Many attacks today have distinct signatures.
  • In good security practice, a collection of these signatures must be constantly updated to mitigate emerging threats.

Distributed Adaptive Intrusion Detection


Intrusion Detection Exchange Format


Honeypots

In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.


Honeypot Deployment


SNORT

  • lightweight IDS
    • real-time packet capture and rule analysis
    • passive or inline

SNORT Rules

  • use a simple, flexible rule definition language
  • with fixed header and zero or more options
  • header includes: action, protocol, source IP, source port, direction, dest IP, dest port
  • many options

Lec 8: Firewall (Dinding Berapi)

Introduction

Firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria.

Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intra nets. All messages entering or leaving the intra net pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques:

1. Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. In addition, it is susceptible to IP spoofing.





2. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.


3. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.



Firewall hosting


  • 1. Bastion host = single firewall that cover a network territory

  • 2. Host-base = single firewall protect a single workstation/server



Virtual Private Networks (VPNs)

  • In essence, a VPN consists of a set of computers that interconnect by means of a relatively unsecure network.
  • Use of a public network exposes corporate traffic to eavesdropping and provides an entry point for unauthorized users. To counter this problem, a VPN is needed.
  • In essence, a VPN uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet.
  • VPNs are generally cheaper than real private networks using private lines but rely on having the same encryption and authentication system at both ends.
  • The encryption may be performed by firewall software or possibly by routers.
  • The most common protocol mechanism used for this purpose is at the IP level and is known as IPSec.

Distributed firewall


  • A distributed firewall configuration involves standalone firewall devices plus host-based firewalls, personal firewall working together under a central administrative control.
  • Administrators can configure host-resident firewalls on hundreds of servers and workstation as well as configuring personal firewalls on local and remote user systems. Tools let the network administrator set policies and monitor security across the entire network.

Lec 7: Wireless Security

Introduction

  • Wireless security is the prevention of unauthorized access or damage to computers using wireless networks.
  • Wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits.
  • The risks to users of wireless technology have increased as the service has become more popular. There were relatively few dangers when wireless technology was first introduced.
There is a types of WLAN standards

802.11
  • The Institute of Electrical and Electronics Engineers (IEEE) created the first WLAN standard in the 1997.
  • Called it 802.11 after the name of the group formed to oversee its development. Unfortunately, 802.11 only supported a maximum network bandwidth of 2 Mbps - too slow for most applications.
  • This reason, ordinary 802.11 wireless products are no longer manufactured.
802.11b
  • IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. 802.11b supports bandwidth up to 11 Mbps, comparable to traditional Ethernet.
  • 802.11b uses the same unregulated radio signaling frequency (2.4 GHz) as the original 802.11 standard. Vendors often prefer using these frequencies to lower their production costs. Being unregulated, 802.11b gear can incur interference from microwave ovens, cordless phones, and other appliances using the same 2.4 GHz range. However, by installing 802.11b gear a reasonable distance from other appliances, interference can easily be avoided.
  • Pros of 802.11b - lowest cost; signal range is good and not easily obstructed.
  • Cons of 802.11b - slowest maximum speed; home appliances may interfere on the unregulated frequency band.
802.11a

  • 802.11a supports bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz.
  • This higher frequency compared to 802.11b shortens the range of 802.11a networks. The higher frequency also means 802.11a signals have more difficulty penetrating walls and other obstructions.
  • 802.11a and 802.11b utilize different frequencies, the two technologies are incompatible with each other. Some vendors offer hybrid 802.11a/b network gear, but these products merely implement the two standards side by side (each connected devices must use one or the other).
  • Pros of 802.11a - fast maximum speed; regulated frequencies prevent signal interference from other devices.
  • Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed.

802.11n
  • The newest IEEE standard in the Wi-Fi category is 802.11n. It was designed to improve on 802.11g in the amount of bandwidth supported by utilizing multiple wireless signals and antennas (called MIMO technology) instead of one.
  • When this standard is finalized, 802.11n connections should support data rates of over 100 Mbps. 802.11n also offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity. 802.11n equipment will be backward compatible with 802.11g gear.
  • Pros of 802.11n - fastest maximum speed and best signal range; more resistant to signal interference from outside sources
  • Cons of 802.11n - standard is not yet finalized; costs more than 802.11g; the use of multiple signals may greatly interfere with nearby 802.11b/g based networks.


    Accidental association

    • Unauthorized access to company wireless and wired networks can come from a number of different methods and intents.
    • One of these methods is referred to as “accidental association”. When a user turns on a computer and it latches on to a wireless access point from a neighboring company’s overlapping network, the user may not even know that this has occurred.
    • It is a security breach in that proprietary company information is exposed and now there could exist a link from one company to the other.
    • This is especially true if the laptop is also hooked to a wired network.

    Malicious association

    • “Malicious associations” are when wireless devices can be actively made by crackers to connect to a company network through their cracking laptop instead of a company access point (AP).
    • Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans.
    • Wireless 802.1x authentications do help with protection but are still vulnerable to cracking.
    • The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the cracker is just trying to take over the client at the Layer 2 level.

    Ad-hoc networks

    • etworks can pose a security threat. Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point in between them.
    • Types of networks usually have little protection, encryption methods can be used to provide security.

    Non-traditional networks

    • Non-traditional networks such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk.
    • Barcode readers, handheld PDAs, and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel who have narrowly focused on laptops and access points.

    Identity theft (MAC spoofing)

    • Identity theft (or MAC spoofing) occurs when a cracker is able to listen in on network traffic and identify the MAC address of a computer with network privileges.
    • Most wireless systems allow some kind of MAC filtering to only allow authorized computers with specific MAC IDs to gain access and utilize the network.
    • Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.
    • MAC filtering is only effective for small residential(SOHO)networks, since it only provides protection when the wireless device is "off the air".
    • Any 802.11 device "on the air" freely transmits it unencrypted MAC address in it's 802.11 headers, and it requires no special equipment or software to detect it.
    • Anyone with an 802.11 receiver (laptop and wireless adapter) and a freeware wireless packet analyzer can obtain the MAC address of any transmitting 802.11 within range.
    • In an organizational environment, where most wireless devices are "on the air" throughout the active working shift, MAC filtering only provides a false sense of security since it only prevents "causal" or unintended connections to the organizational infrastructure and does nothing to prevent a directed attack.

Man-in-the-middle attacks

    • A man-in-the-middle attacker entices computers to log into a computer which is set up as a soft AP (Access Point).
    • The hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic.
    • One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols to execute a “de-authentication attack”. This attack forces AP-connected computers to drop their connections and reconnect with the cracker’s soft AP.
    • Man-in-the-middle attacks are enhanced by software such as LANjack and AirJack, which automate multiple steps of the process.

Denial of service

    • A Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages other commands.
    • These cause legitimate users to not be able to get on the network and may even cause the network to crash.
    • These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP).
    • The DoS attack in itself does little to expose organizational data to a malicious attacker, since the interruption of the network prevents the flow of data and actually indirectly protects data by preventing it from being transmitted.
    • The usual reason for performing a DoS attack is to observe the recovery of the wireless network, during which all of the initial handshake codes are re-transmitted by all devices, providing an opportunity for the malicious attacker to record these codes and use various "cracking" tools to analyze security weaknesses and exploit them to gain unauthorized access to the system.

Network injection

    • In a network injection attack, a cracker can make use of access points that are exposed to non-filtered network traffic, specifically broadcasting network traffic.
    • The cracker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.

Lec6:Security in Applications

Electronic Mail Security

E-mail – what it is and how it works.

E-mail security threats.

Secure e-mail standards and products - PGP and S/MIME.


E-mail – what it is and how it works

What is an e-mail?

An e-mail is a message made up of a string of ASCII characters in a format specified by RFC 822

Two parts, separated by blank line:

The header: sender, recipient, date, subject, delivery path,…

The body: containing the actual message content.

Example

From:zaki.masud@utem.edu.my

To: mothman@utem.edu.my

Cc: shahrinsahib@utem.edu.my

Subject: RFC 822 example

Date: Fri, 25 Aug 2008 13:58:49

This is just a test message to illustrate RFC 822. It’s not very long and it’s not very exciting. But you get the point.


Security provided in E-mail

Confidentiality

Data origin authentication

Message integrity

Non-repudiation of origin

Key management


MIME = Multipurpose Internet Mail Extensions

Extends the capabilities of RFC 822 to allow e-mail to carry non-textual content, non-ASCII character sets, long messages.

Uses extra header fields in RFC 822 e-mails to specify form and content of extensions.

Supports a variety of content types, but e-mail still ASCII-coded for compatibility.

Specified in RFCs 2045-2049.


Example of MIME message

From: j.bloggs@rhul.ac.uk

To: Kenny.Paterson@rhul.ac.uk

Subject: That document

Date: Wed, 13 Nov 2002 19:55:47 -0000

MIME-Version: 1.0

Content-Type: multipart/mixed; boundary="---next part"

------next part

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

Kenny, here’s that document I said I’d send. Regards, Joe

------next part

Content-Type: application/x-zip-compressed; name=“report.zip"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename= “report.zip"

rfvbnj756tbGHUSISyuhssia9982372SHHS3717277vsgGJ77JS77HFyt6GS8

------next part


How E-mails Transported?


MUA: Mail User Agent (Mail Client)

MTA: Mail Transport Agent (Mail Server)




E-mail Security Threats

Two main group:

Threats to the security of e-mail itself

Threats to an organisation that are enabled by the use of e-mail.

Loss of confidentiality.

E-mails are sent in clear over open networks.

E-mails stored on potentially insecure clients and mail servers.

Ensuring confidentiality may be important for e-mails sent within an organisation.

Loss of integrity.

No integrity protection on e-mails; body can be altered in transit or on mail server.

Lack of data origin authentication.

Is this e-mail really from the person named in the From: field?

How many Kenny.Paterson’s are there?

Recall SMTP directly over telnet allows forgery of all e-mail fields!

E-mail could also be altered in transit.

Even if the From: field looks fine, who was logged in as Kenny.Paterson when the e-mail was composed?

Sharing of e-mail passwords common.

Lack of non-repudiation.

Can I rely and act on the content? (integrity)

If so, can the sender later deny having sent it? Who is liable if I have acted?

Example of stock-trading via e-mail.

Lack of notification of receipt.

Has the intended recipient received my e-mail and acted on it?

A message locally marked as ‘sent’ may not have been delivered.


Threats Enabled by E-mail

Disclosure of sensitive information

It’s easier to distribute information by e-mail than it is by paper and snail mail.

Disclosure may be deliberate (and malicious) or unintentional.

Disclosure may be internal or external (e-mail crosses LANs as well as the Internet).

Disclosure may be of personal, inappropriate, commercially sensitive or proprietary information.

Can lead to loss of reputation and ultimately dismissal of staff.


S/MIME

Originated from RSA Data Security Inc. in 1995.

Further development by IETF S/MIME working group at:

www.ietf.org/html.charters/smime-charter.html.

Version 3 specified in RFCs 2630-2634.

Allows flexible client-client security through encryption and signatures.

Widely supported, e.g. in Microsoft Outlook, Netscape Messenger, Lotus Notes.


PGP

PGP=“Pretty Good Privacy”

First released in 1991, developed by Phil Zimmerman, provoked export control and patent infringement controversy.

Freeware: OpenPGP and variants:

www.openpgp.org, www.gnupg.org

Commercial: formerly Network Associates International, now PGP Corporation at www.pgp.com

OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group.

www.ietf.org/html.charters/openpgp-charter.html

Available as plug-in for popular e-mail clients, can also be used as stand-alone software.

Functionality similar to S/MIME:

encryption for confidentiality.

signature for non-repudiation/authenticity.

One level of processing only, so less flexible than S/MIME.

Sign before encrypt, so signatures on unencrypted data.

Sigs can be detached and stored separately.

PGP-processed data is base64 encoded and carried inside RFC822 message body.


Web Security


Web security includes:

Security of server

Security of client

Network traffic security between a browser and a server

SSL/TLS

SSH

SET


SSL/TLS

SSL/TLS widely used in Web browsers and servers to support ‘secure e-commerce’ over HTTP.

Built into Microsoft IE, Netscape, Mozilla, Apache, IIS

The (in)famous browser lock.

SSL architecture provides two layers:

SSL Record Protocol

Provides secure, reliable channel to upper layer.

Upper layer carrying:

SSL Handshake Protocol, Change Cipher Spec. Protocol, Alert Protocol, HTTP, any other application protocols.


SSL/TLS Applications

Secure e-commerce using SSL/TLS.

Client authentication not needed until client decides to buy something.

SSL provides secure channel for sending credit card information, personal details, etc.

Client authenticated using credit card information, merchant bears (most of) risk.

Very successful (amazon.com, on-line supermarkets, airlines,…)

Secure e-commerce: some issues.

No guarantees about what happens to client data (including credit card details) after session: may be stored on insecure server.

Does client understand meaning of certificate expiry and other security warnings?

Does client software actually check complete certificate chain?

Does the name in certificate match the URL of e-commerce site? Does the user check this?

Is the site the one the client thinks it is?

Is the client software proposing appropriate ciphersuites?


SSH – Secure Shell


Initially designed to replace insecure rsh, telnet utilities.

Secure remote administration (mostly of Unix systems).

Extended to support secure file transfer and e-mail.

Latterly, provide a general secure channel for network applications.

SSH-1 flawed, SSH-2 better security (and different architecture).


SSH provides security at Application layer.

Only covers traffic explicitly protected.

Applications need modification, but port-forwarding eases some of this (see later).

Built on top of TCP, reliable transport layer protocol.


SSH Applications


Anonymous ftp for software updates, patches...

No client authentication needed, but clients want to be sure of origin and integrity of software.


Secure ftp.

E.g.upload of webpages to webserver using sftp.

Server now needs to authenticate clients.

Username and password may be sufficient, transmitted over secure SSH transport layer protocol.

Secure remote administration.

SysAdmin (client) sets up terminal on remote machine.

SysAdmin password protected by SSH transport layer protocol.

SysAdmin commands protected by SSH connection protocol.

Guerilla Virtual Private Network.

E.g. use SSH + port forwarding to secure e-mail communications.


SET


SET = an open encryption and security specification designed to protect credit card transactions on the internet

Use SSL to secure the communication links

Main requirements

Confidentiality of payment and ordering information

Integrity of all transmitted data

Authentication of cardholder

Authentication of merchant




SET Security Issues


Two pairs of PKs per entity

One pair for signing

One pair for exchanging keys

Assumes full PKI is available

Including revocation

Merchant does not see payment instrument used


How the Web Works – HTTP

Hypertext transfer protocol (http).

Clients request “documents” (or scripts) through URL.

Server response with “documents”.

Documents are not interpreted by http.

Stateless protocol, request are independent.


Web Vulnerabilities


http://www.w3.org/Security/Faq

Revealing private information on server

Intercept of client information

Execute unauthorized programs

Denial of service


How to Secure the Web

Authentication:

Basic (username, password)

Can be used along with cookie

Digest

Access control via addresses

Multi-layered:

S-http (secure http), just for http

Proposed by CommerceNet, pretty much dead

SSL (TLS), generic for TCP

https: http over SSL

IPSec


HTTP Authentication – Basic


Client doesn’t know which method

Client attempts access (GET, PUT, …) normally

Server returns

“401 unauthorized”

Realm: protection space

Client tries again with (user:password)

Passwords in the clear

Repeated for each access


From Basic Authentication to Forms and Cookies


Not all sites use basic authentication

Many instead ask the user to type username/password into a HTML form

Server looks up the user and sends back a cookie

The browser (client) resends the cookie on subsequent requests


HTTP Access Control - Digest


Server sends www-authenticate parameters:

Realm

Domain

Nonce, new for each 401 response

E.G. H(client-IP:timestamp:server-secret)

Algorithm

E.G., MD5

Client sends authorization response:

Same nonce

H(A1), where a1=user:realm:password, and other information

Steal H(A1)

Only good for realm


HTTPS


HTTPS = Secure Hypertext Transfer Protocol

HTTPS is a communications protocol designed to transfer encrypted information between computers over the World Wide Web (WWW)

Essentially an implementation of HTTP

Commonly used Internet protocol using an SSL

Used to enable online purchasing or the exchange of private information and resources over insecure networks


Why HTTPS combines with SSL and How?


HTTPS combines with SSL to enable secure communication between a client and a server

Steps:

Client requests a secure transaction and informs the encryption algorithms and key sizes that it support (by assessing a URL with HTTPS)

Server sends the requested server certificate (encrypted server’s public key, list of supported ciphers and key sizes in order of priority)

Client then generates a new secret symmetric session key based on the priority list sent by the server. Client compares the certificate issued by CA and confirmed that certificate is belongs to the server intended for communication

If valid and certificate confirmed, client encrypts a copy of the new session key it generated with the server public key obtained from the certificate. Then, client sends the new encrypted key to server

Server decrypts the new session key with its own private key.

Upon completed, both client and server have the same secret session key and use to secure communication and data transport.


Secure File Transfer Protocol (S/FTP)


S/FTP is an interactive file transfer program

Similar to ftp

Performs all operations over an encrypted ssh transport

Use many features of ssh such as public key authentication and compression

S/FTP connects and logs into the specified host, then enters an interactive command mode


END OF LECTURE 6


Review Question ( Lab 6 )

1. Discuss the potential perpetrators that can threaten Network security and it goal for attacking network services.

In general network security can been said as a prevention from nosy people from getting data they are not authorized or worse yet, modify messages intended for other recipients. It is concerned with people trying to access remote services that are not authorized to use. Most problems are intentionally caused by malicious people trying to gain some benefit or bring harm to someone else.

2. Network security problems can be divided roughly into FOUR (4) intertwined areas, List and explain in details each area.

· Secrecy, also called confidentiality, has to do with keeping information out of the hands of unauthorized users. It protects against disclosure of information to entities not authorized to have that information. Entities might be people or organization.

· Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal.

· Non-Repudiation deals with signatures. It protects user against the threat that the value or existence of the data might be changed in a way inconsistent with the recognized security policy.

· Integrity control how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified in transit.

3. What is the significance difference between the wireshark output in Task 1 and Task 2; explain in detail the function of IPSec in Task 2?

During Task 1, wireshark successful captured both username and password in File Transfer Protocol (FTP). Username = ‘administrator’ and Password = ‘abc123’. But all these things not happen in Task 2, this is because both username and password are already encrypted even the data are captured. This is because in the Task 2, we using IPSec to secure FTP Transaction. IPSec is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. It will protect the information from being manipulated.

4. What is the benefit of using IPSec?

IPSec is typically used to attain confidentiality, integrity, and authentication in the transport of data across insecure channels. Though it's original purpose was to secure traffic across public networks, it's implementations are often used to increase the security of private networks as well, since organizations cannot always be sure if weaknesses in their own private networks are susceptible to exploitation. If implemented properly, IPSec provides a private channel for sending and exchanging vulnerable data whether the data is email, ftp traffic, news feeds, partner and supply chain data, medical records, or any other type of TCP/IP based data.

5. Explain what are AH and ESP in IPSec protocol suite?

· Authentication Header (AH): ties data in each packet to a verifiable signature (similar to PGP email signatures) that allows you to verify both the identity of the person sending the data and that the data has not been altered.

· Encapsulation Payload (ESP): scrambles the data (and even certain sensitive IP addresses) in each packet using hard core encryption. So a sniffer somewhere on the network doesn’t get anything usable.

6. Explain in detail how to enable IPSec option in a Linux environment.

There are different methods in order to enable IPSec in Linux platform. One of the simplest methods to is installing and enables a program named ipsec-tools. IPSec-tools is a package that based on Kame Project’s OpenBSD tools. The newest stable versions 0.72 that can be download at

http://sourceforge.net/projects/ipsec-tools/files/ipsec-tools/0.7.2/.

Methods of Installation:

1) Firstly download ipsec-tools-0.7.2.tar.gz or other version of ipsec-tools from http://sourceforge.net/projects/ipsec-tools/files/ . After download, saves the file on any folder in hard drive and open the terminal and targeted the folder where the ipsec-tools is saved.

2) Make sure that the current user have privilage as root. Switch user to root with “#su root” and includes the password in order to access root account.

3) Extract the file by using command “# tar zxf ipsec-tools-x.y.z.tar.gz” with the x.y.z as the version of the ipsec tools. Example: “# tar zxf ipsec-tools-0.7.2.tar.gz”

4) Next, target the terminal to ipsec-tools-x.y.z (x.y.z = version of ipsec-tools) by using “# cd (location of ipsec-tools folder)”

5) Proceed to install ipsec-tools by using command:

# ./configure --prefix=/usr --sysconfdir=/etc

# make

# make install


6) Wait until installation of ipsec-tools complete

7) For Ubuntu user, user can automatically download and install ipsec-tools by using “sudo apt-get install ipsec-tools” command

Writing the configuration file:

1) Before running ipsec-tools, configuration file must be writing first. The configuration should be name as /etc/ipsec.conf

2) Below is the example of ipsec.conf:

# Configuration for 192.168.1.100

# Flush the SAD and SPD

flush;

spdflush;

# Attention: Use this keys only for testing purposes!

# Generate your own keys!

# AH SAs using 128 bit long keys

add 192.168.1.100 192.168.2.100 ah 0x200 -A hmac-md5

0xc0291ff014dccdd03874d9e8e4cdf3e6;

add 192.168.2.100 192.168.1.100 ah 0x300 -A hmac-md5

0x96358c90783bbfa3d7b196ceabe0536b;

# Security policies

spdadd 192.168.1.100 192.168.2.100 any -P out ipsec

esp/transport//require

ah/transport//require;

spdadd 192.168.2.100 192.168.1.100 any -P in ipsec

esp/transport//require

ah/transport//require;


3) For the example configuration above, the configuration are made for host that using 192.168.1.100 address that interconnect with host that use 192.168.2.100 address. The configuration implements MD5 type encryption that uses 0xc0291ff014dccdd03874d9e8e4cdf3e6 key for connection from 192.168.1.100 to 192.168.2.100 and using 0x96358c90783bbfa3d7b196ceabe0536b key from incoming connection from 192.168.2.100 to 192.168.1.100. Make notes that, the key above are for experiment purposed, make sure that user generated other key for actual use. Next, user need to add security policy that allows outgoing and incoming connection by using #spdadd command.

4) After finish writing configuration, make sure that user change access control of the configuration file in order to been unreadable by other person by using #chmod command. For save use, “chmod 750 ipsec-tools.conf” which allowing full control for owner and only read and execute access for group use while the other should not be able to see the configuration file.

Enabling the IPSec-tools program

1) After finishing writing the configuration, user can enable the IPSec-tools which following the configuration file by using “# setkey -f /etc/ipsec.conf” commands.

2) User also can enable permanently the ipsec-tools by adding “/usr/sbin/setkey -f /etc/ipsec.conf” on /etc/rc.d/rc.local file

7. Are there any other methods to secure FTP connection other than using IPSec? (List at least 3 methods)

i. SQL Server Integration Services)

ii. SFTP (secure FTP with SSH2 protocol)

iii. FTPS (FTP over SSL) site