You are on page 1of 25

Computer Security

Lecture 4
Security Mechanisms

Syed Naqvi
snaqvi@ieee.org

Physical Security
♦ Physical Security
– keep the machine physically secure
– ensure its connections to other machines are secure
– ensure its environment is workable
e.g. air conditioning is adequate

♦ Electromagnetic Threats
– consider computer system as a whole
– networking, peripherals, power supply

15 November 2010 Lecture 4: Security Mechanisms 2

1
Physical Security
♦ Computers Operate as Systems
– only as strong as the weakest link
– highly dependent on networks
– all components in system must be functional
– power supply is an often overlooked weakness

♦ Must Deal with Threats Systemically


– treat computer system as a whole
– include its environment and its users

15 November 2010 Lecture 4: Security Mechanisms 3

Physical Security
♦ Computer Room Security
– Locks on doors
– Access lists and escort policy
– Maintenance personnel access and monitoring

♦ Workstation Security
– Locks on workstations in public areas
– Positioning of viewable workstations screen in public areas

♦ Marking, storing, maintaining, and shipping electronic


media

15 November 2010 Lecture 4: Security Mechanisms 4

2
Layering of Security Mechanisms
Machine A Machine B
Application Application
High-level
Middleware protocols Middleware
OS Services OS Services
Transport Transport
OS Kernel OS Kernel
Network Low-level Network
protocols
Datalink Datalink
Hardware Hardware
Physical Physical

Network

15 November 2010 Lecture 4: Security Mechanisms 5

Malicious Code
♦ Set of instructions that causes a security policy to be
violated
– Is an unintentional mistake that violates policy malicious code?
(Tricked into doing that?)
– What about “unwanted” code that doesn’t cause a security breach?

♦ Generally relies on “legal” operations


– Authorized user could perform operations without violating policy
– Malicious code “mimics” authorized user

15 November 2010 Lecture 4: Security Mechanisms 6

3
Malicious Code
♦ Trojan Horse
– Trick user into executing malicious code
♦ Virus
– Spreads by making copies of itself from program to program or
disk to disk.
♦ Worm
– A program that travels independently over computer networks,
seeking uninfected sites.
♦ Logic-Time Bomb
– Set off when a specified condition is met.

15 November 2010 Lecture 4: Security Mechanisms 7

Trojan Horse

15 November 2010 Lecture 4: Security Mechanisms 8

4
Trojan Horse
♦ Program with an overt (expected) and covert (unexpected)
effect
– Appears normal/expected
– Covert effect violates security policy

♦ User tricked into executing Trojan horse


– Expects (and sees) overt behavior
– Covert effect performed with user’s authorization

♦ Trojan horse may replicate


– Create copy on execution
– Spread to other users/systems

15 November 2010 Lecture 4: Security Mechanisms 9

Virus
♦ Self-replicating code
– A freely propagating Trojan horse
• some disagree that it is a Trojan horse
– Inserts itself into another file
• Alters normal code with “infected” version

♦ Operates when infected code executed


• If spread condition then
– For target files
• if not infected then alter to include virus
• Perform malicious action
• Execute normal program

15 November 2010 Lecture 4: Security Mechanisms 10

5
Virus – Types
♦ Boot Sector Infectors
– Problem: How to ensure virus “carrier” executed?
– Solution: Place in boot sector of disk
• Run on any boot
– Propagate by altering boot disk creation
• Less common with few boots off floppies

♦ Executable infector
– Malicious code placed at beginning of legitimate program (.COM
.EXE files)
– Runs when application run
– Application then runs normally

♦ Multipartite virus : boot sector + executable infector

15 November 2010 Lecture 4: Security Mechanisms 11

Virus – Types/Properties
♦ Terminate and Stay Resident
– Stays active in memory after application complete
– Allows infection of previously unknown files
• Trap calls that execute a program
– Can be boot sector infectors or executable infectors
♦ Stealth (an executable infector)
– Conceal Infection
• Trap read to provide disinfected file
• Let execute call infected file
♦ Encrypted virus
• Prevents “signature” to detect virus
• [Deciphering routine, Enciphered virus code, Deciphering Key]
♦ Polymorphism
• Change virus code to something equivalent each time it propagates

15 November 2010 Lecture 4: Security Mechanisms 12

6
Virus – Types/Properties
♦ Macro Virus
– Composed of a sequence of instructions that is interpreted rather
than executed directly
– Infected “executable” isn’t machine code
• Relies on something “executed” inside application data

♦ Otherwise similar properties to other viruses


– Architecture-independent
– Application-dependent

15 November 2010 Lecture 4: Security Mechanisms 13

Worm
♦ Replicates from one computer to another
– Self-replicating: No user action required
– Virus: User performs “normal” action
– Trojan horse: User tricked into performing action

♦ Communicates/spreads using standard protocols

15 November 2010 Lecture 4: Security Mechanisms 14

7
Logic Time Bomb
♦ Logic bombs are malicious codes that cause some
destructive activity when a specified condition is met
♦ Unlike viruses, logic bombs do their damage right away,
then stop.
♦ The trigger can be:
– a specific data
– number of times the program is executed
– a predefined event such as a deletion of a certain record.
♦ May exist in the system for weeks or even months before it
is detected/detonated.
♦ The damage is not caused, until a specified date or until the
system has been booted a certain number of times.

15 November 2010 Lecture 4: Security Mechanisms 15

Operating System Security


♦ For an operating system to perform its intended tasks
consistently and reliably, it must
– protect itself from tampering from users
– be able to prevent users from tampering with the programs of other
users
– be able to safeguard users’ applications from accidental corruption
– be able to safeguard its own programs from accidental corruption
– be able to protect itself from power failures or other disasters

15 November 2010 Lecture 4: Security Mechanisms 16

8
Operating System Security
♦ Formalized procedures for software acquisition
♦ Security clearances of prospective employees
♦ Formal acknowledgment by users of their responsibilities
to the company
♦ Security group to monitor security violations
♦ Formal policy for taking disciplinary action against
security violators
♦ Use of one-time passwords

15 November 2010 Lecture 4: Security Mechanisms 17

UNIX Security: Best Practices


♦ pick password carefully, avoid
– dictionary words
– names
– simple modifications of above
♦ change password periodically
♦ don't let people watch login
♦ lock display when unattended
♦ log off when leaving
♦ never ever give out password
– even sys-admin should never need it

15 November 2010 Lecture 4: Security Mechanisms 18

9
UNIX Security: Best Practices
♦ Remote access needs username/password
♦ Potential vulnerability depends on network path
connection flows through
♦ Many connections pass plain text
– telnet particularly bad, rlogin/ftp bad too

♦ SSH encrypts data on network


– slogin for logins
– scp for file transfer

15 November 2010 Lecture 4: Security Mechanisms 19

Windows Security: Best Practices


♦ Perform real-world risk assessment
♦ Develop a security policy
♦ Plan an incident response
♦ Block or disable everything that is not explicitly allowed
♦ Always set a strong password and change it often
♦ Install patches in a timely manner
♦ Use least privilege when authorizing access
♦ Limit trust
♦ Monitor, log, and audit
♦ Formulate and implement a security policy throughout the
organization
♦ Users need to understand and follow the policy
♦ Educate users of responsibilities

15 November 2010 Lecture 4: Security Mechanisms 20

10
Windows Security: Best Practices
♦ Limit access of unauthorized personnel
♦ Use key-card access systems
♦ Monitor computers, files can be modified or hardware
tampered with
♦ Keep servers in a locked location
♦ Disable floppy and CD-ROM based boot
♦ Remove unneeded network cards
♦ Remove unneeded modems
♦ Lock computer case and store key separately

15 November 2010 Lecture 4: Security Mechanisms 21

Web Services
♦ Web designed for application to human interactions

♦ Web services is an effort to build a distributed computing


platform for the Web.

♦ Web service applications are encapsulated, loosely coupled


Web “components” that can bind dynamically to each
other

15 November 2010 Lecture 4: Security Mechanisms 22

11
Web Services Security – 1G
♦ The TCP protocol Hypertext Transfer
provides a reliable Protocol (HTTPS)
communication
between the requestor
and the WS-provider Secure Socket Layer
supporting Protocol (SSL)
symmetric crypto key-exchange
♦ The SSL protocol algorithms algorithm
provides a secure
communication
between the requestor
and the WS-provider Transport Control
supporting Protocol (TCP)

15 November 2010 Lecture 4: Security Mechanisms 23

Web Services Security – 2G

WS-SecureConversation

WS-Security

Simple Object Access


Protocol (SOAP)

15 November 2010 Lecture 4: Security Mechanisms 24

12
Web Services Security – 2G
♦ The SOAP protocol provides a loosely-coupled, language-neutral,
platform-independent way of linking applications across the Internet
– Remote Procedure calls (RPC SOAP)
– Messaging between applications (Document-based SOAP)

♦ The WS-Security Specification protect sensitive data by


– encrypting and signing them
– enclosing them in an XML form in SOAP messages

♦ The WS-SecureConversation specification is a security message-level


protocol (similar to SSL)
– use WS-Security to achieve confidentiality, authenticity, integrity
– use WS-Policy and WS-Trust specifications to achieve authorization and
access control

15 November 2010 Lecture 4: Security Mechanisms 25

Domain Name System (DNS)


Root ♦ Virtually every application uses the

Domain Name System (DNS).

♦ DNS database maps:


edu mil com
– Name to IP address

www.darpa.mil = 128.9.176.20

– And many other mappings


isi darpa usmc cisco
(mail servers, IPv6, reverse…)

♦ Data organized as tree structure.

– Each zone is authoritative


nge quantico
for its local data.
15 November 2010 Lecture 4: Security Mechanisms 26

13
DNS Query & Response

www.darpa.mil A? Root DNS Server

www.darpa.mil
End-user A 128.9.128.127 Caching
DNS Server mil DNS Server

Actually www.darpa.mil = 192.5.18.195.


But how this could be determined?
darpa.mil DNS Server

15 November 2010 Lecture 4: Security Mechanisms 27

DNS Vulnerabilities
♦ Original DNS design focused on data availability
– DNS zone data is replicated at multiple servers.
– A DNS zone works as long as one server is available.
• DDoS attacks against the root must take out 13 root servers.

♦ But the DNS design included no authentication.


– Any DNS response is generally believed.
– No attempt to distinguish valid data from invalid.
• Just one false root server could disrupt the entire DNS.

15 November 2010 Lecture 4: Security Mechanisms 28

14
A Simple DNS Attack
Easy to observe UDP DNS query sent to
well known server on well known port.
www.darpa.mil A?
Root DNS Server

www.darpa.mil
A 192.5.18.19
Doug’s
Caching
Laptop www.darpa.mil DNS Server mil DNS Server
A 128.9.128.127
Dan’s
Laptop

First response wins. Second response is


silently dropped on the floor.
darpa.mil DNS Server

15 November 2010 Lecture 4: Security Mechanisms 29

A more Complex Attack


DARPA Response
Caching Server www.attacker.com A 128.9.128.127
attacker.com NS ns.attacker.com
attacker.com NS www.google.com
ns.attacker.com A 128.9.128.2
www.google.com A 128.9.128.127
www.google.com
= 128.9.128.127 ns.attacker.com
Query
www.attacker.com
Query www.google.com

Any DARPA Computer


Remote attacker
15 November 2010 Lecture 4: Security Mechanisms 30

15
The Problem with DNS …
♦ Resolver can not distinguish between valid and invalid
data in a response.

♦ The idea is to add source authentication


– Verify the data received in a response is equal to the data entered
by the zone administrator.
– Must work across caches and views.
– Must maintain a working DNS for old clients.

15 November 2010 Lecture 4: Security Mechanisms 31

A Solution …
♦ Each DNS zone signs its data using a private key.
– Recommend signing done offline in advance

♦ Query for a particular record returns:


– The requested resource record set.
– A signature (SIG) of the requested resource record set.

♦ Resolver authenticates response using public key.


– Public key is pre-configured or learned via a sequence of key
records in the DNS hierarchy.

15 November 2010 Lecture 4: Security Mechanisms 32

16
Secure DNS Query & Response

Caching DNS Server


www.darpa.mil

Authoritative DNS Servers


www.darpa.mil =
End-user
192.5.18.195
Plus (RSA) signature by darpa.mil
Attacker can not forge this answer
without the darpa.mil private key.
IETF DNS Security Extensions define the process
for including signatures and keys in DNS
15 November 2010 Lecture 4: Security Mechanisms 33

Firewalls
♦ Firewalls are used to prevent intruders on the Internet from
making unauthorized access and denial of service attacks
to your network.
♦ A firewall is a router, gateway, or special purpose
computer that examines packets flowing into and out of the
organization’s network (usually via the Internet or
corporate Intranet), restricting access to that network.
♦ The two main types of firewalls are packet level firewalls
and application-level firewalls.

15 November 2010 Lecture 4: Security Mechanisms 34

17
Packet Level Firewalls
♦ A packet-level firewall (or packet filter) examines the
source and destination address of packets that pass through
it, only allowing packets that have acceptable addresses to
pass.
♦ Since each packet is examined separately, the firewall
can’t understand what the sender’s goal is.
♦ Packet filters may be vulnerable to IP spoofing,
accomplished by changing the source address on incoming
packets from their real address to an address inside the
organization’s network.
♦ While packet filters have strengthened their security since
the first cases of IP spoofing, IP spoofing remains a
problem.

15 November 2010 Lecture 4: Security Mechanisms 35

Application Level Firewalls


♦ An application level firewall or application gateway
acts as an intermediate host computer, separating a
private network from the rest of the Internet, but it
works on specific applications, such as Web site
access.
♦ The application gateway acts as an intermediary
between the outside client making the request and the
destination server responding to that request, hiding
individual computers on the network behind the
firewall.
♦ Because of the increased complexity of what they do,
application level firewalls require more processing
power than packet filters which can impact network
performance.
15 November 2010 Lecture 4: Security Mechanisms 36

18
Demilitarized Zone (DMZ)
♦ DMZ (demilitarized zone) sits between perimeter network
and internal network. It is separated by firewalls on both
sides. It contains:
– InternetInformation Server (IIS)
It provides the core Web services and communicates to Internet
clients by using HTTP and HTTPS.
– DNS(Domain Naming System) services.
– All servers in the DMZ can also communicate with internal
network.

♦ DMZ and firewall control the access to internal network


segments, this can increase security of internal network
when a hacker compromises a Web server.

15 November 2010 Lecture 4: Security Mechanisms 37

DMZ in a Network …

15 November 2010 Lecture 4: Security Mechanisms 38

19
Virtual Private Network (VPN)
Virtual private networks (VPN) provide an
encrypted connection between a user's distributed
sites over a public network (e.g., the Internet). By
contrast, a private network uses dedicated circuits
and possibly encryption.

15 November 2010 Lecture 4: Security Mechanisms 39

Virtual Private Network (VPN)

15 November 2010 Lecture 4: Security Mechanisms 40

20
Virtual Private Network (VPN)

15 November 2010 Lecture 4: Security Mechanisms 41

Benefits of VPN
Traditional Private Networks:
♦ High fixed cost
♦ Low variable costs
(with respect to varying capacity)

♦ Collection of VPNs sharing a common


communication channel are cheaper to build than
the equivalent collection of smaller physically
discrete networks.

15 November 2010 Lecture 4: Security Mechanisms 42

21
Requirements for VPN
♦ Opaque packet transport
– VPN traffic no relation to rest of IP backbone traffic
– VPN may use private IP address
♦ Data security
– By customer ( firewall + encryption)
– Secure managed VPN service by providers
♦ Quality of service
– Leased and dial-up lines provide guarantee on the bandwidth
and latency
♦ Tunneling mechanism
– A way to implement opaque transport and security

15 November 2010 Lecture 4: Security Mechanisms 43

VPN Types
♦ Remote Access VPN
♦ Intranet VPN
♦ Extranet VPN

15 November 2010 Lecture 4: Security Mechanisms 44

22
Remote Access VPN

15 November 2010 Lecture 4: Security Mechanisms 45

Intranet VPN

15 November 2010 Lecture 4: Security Mechanisms 46

23
Extranet VPN

15 November 2010 Lecture 4: Security Mechanisms 47

VPN – Pros & Cons


♦ Advantages:
– Greater scalability
– Easy to add/remove users
– Reduced long-distance telecommunications costs
– Mobility
– Security
♦ Disadvantages
– Lack of standards
– Understanding of security issues
– Unpredictable Internet traffic
– Difficult to accommodate products from different
vendors

15 November 2010 Lecture 4: Security Mechanisms 48

24
Now some practice …
♦ Divide yourself into 2 groups.
♦ Each group is required to prepare a set of security
mechanisms for a newly established SME of 10 persons:
– 1 General Manager
– 1 Administrative Secretary
– 1 Business Manager
– 2 IT Managers
– 5 Developers
♦ Each group has to present their solutions
♦ Other group will identify the short comings and critics to
the plans

15 November 2010 Lecture 4: Security Mechanisms 49

25