You are on page 1of 24

Network Security

Lecture Content
• • • • • • Network Concepts Network Threats Attack Profiles Transit Threats Impersonation Network Security Controls

© Coventry University


ac.Network Concepts • Networks are both fragile and strong – Redundancy reduces single point of failure but cannot be avoided at end points – Complex routing algorithms can re-direct around failures and overloaded segments • Networks use nodes and connections to form a topology – Ranging from a pair of hosts to the Internet © Coventry University 3 .

ac. e. cable. infrared or satellite via protocols such as Transmission Control Protocol and Internet Protocol (TCP/IP) architecture © Coventry University 4 www. optical fibre.Network Concepts • For many networks it is impossible to know which hosts it comprises and who owns and controls it • Communication is via .g. microwave.coventry.

enormous. physically and logically exposed © Coventry University 5 . significant distances.Network Concepts • Common network types: – Local Area Network (LAN) – small. physically exposed – Internetworks – federated. physically protected – Wide Area Network (WAN) – single control. locally controlled.coventry.

Network Threats • Networks are vulnerable because of: – – – – – Anonymity – attackers may be physically remote Many attack surfaces – both for origin and target Sharing – networks cater for many shared users Complexity – too complex for reliable security Unknown Perimeters – has to allow access to potentially malicious users – Unknown Path – networks rarely control routing © Coventry University 6 .coventry.

coventry. operating system and running applications © Coventry University 7 www.Attack Profiles • Because vulnerable networks are frequently connected to the Internet. Typical activities: – Port Scan – tools such as NMAP are used to identify target host ports. attacks usually begin by finding out as much as possible about the target. .ac.

Attack Profiles • Typical activities: – Social Engineering – using social skills and personal interaction to obtain security-relevant information – Intelligence Gathering – from all sources. including “dumpster diving” – OS and Application Fingerprinting – once running applications and versions are identified known vulnerabilities can be exploited © Coventry University 8

uk Profiles • Typical activities: – Bulletin Boards and Chats – numerous underground bulleting boards and chat rooms support the exchange of information – Vendor documentation – vendors may distribute information useful to an attacker • Time is usually on the side of the attacker – The best defence is silence – Reveal as little information as possible © Coventry University 9 www.

uk © Coventry University . connections are all susceptible 10 www. repeaters.Transit Threats • Networks involve data in the easiest attack is to simply “listen in” – – – – Cable – packet sniffer or inductance Microwave – line of sight interception possible Satellite – large signal footprint Optical Fibre – must be tuned before new connection made and cannot be tapped without detection. Inductive tap is not possible. But. splices.

Transit Threats • Networks involve data in .ac. the easiest attack is to simply “listen in” – Wireless – WiFi signals are strong for ~70 metres. Key issues: • Interception – up to 85% of wireless users do not encrypt connections • Theft of service – clients negotiate a one-time IP address via a DHCP server © Coventry University 11 www.coventry.

an attacker chooses between: • Guessing target identity and authentication • Getting target identity and authentication from previous communication or wiretapping • Going round or disabling target authentication • Using a target than will not be authenticated • Using a target with known authentication data © Coventry University 12 • Person/process impersonation may be easier – A more significant threat in a WAN than LAN – .

g.e. application server and database to reduce overall vulnerability © Coventry University 13 www.Network Security Controls • Start with a Security Threat Analysis • Adopt sound principles of system .: – Segmentation – use multiple segments. implementation and maintenance • Adopt a security architecture. e. separate machines for web i.coventry. design.

Network Security Controls • Adopt a security architecture.g. .ac. the other takes over. albeit with reduced performance – Single points of failure – identify these and eliminate if possible. design failover mode solutions. rather than a single database distribute it © Coventry University 14 www. e. i.: – Redundancy – avoid “all eggs in one basket”.e.e.coventry. a pair of web servers asking each other “are you still alive?” • If one fails.

the encryption fails – Key distribution is always a problem © Coventry University 15 www.Network Security Controls • Encryption – Probably the most important and versatile tool – . not a “silver bullet” – Encryption only protects that which is encrypted – data remains exposed prior to encryption and after decryption – If an attacker guesses or deduces a weak encryption

this is a problem © Coventry University 16 .Network Security Controls • Network encryption types: Link encryption – Data are encrypted just prior to being placed upon lowest level of physical communications link and decrypted at arrival at destination computer – Within hosts message is in plaintext – With good physical host security this may be OK – But.coventry. if intermediate hosts are not

uk .Network Security Controls • Network encryption types: Link encryption – It is invisible to the user – It is fast and reliable – It is appropriate when the transmission line is considered the greatest vulnerability © Coventry University 17

ac.coventry.Network Security Controls • Network encryption types: End-to-end encryption – Can be done by either a hardware device or software – It runs at highest levels of OSI model – The message is transmitted in encrypted form throughout the network – Messages can pass through insecure hosts and remain protected © Coventry University 18 .

Network Security Controls Link Encryption? • Data exposed in sending hosts • Data exposed in intermediate nodes • Applied by sending host • Invisible to user • Host maintains encryption • One facility for all users End-to-end Encryption? • Data encrypted in sending host • Data encrypted in intermediate nodes • Applied by sending process • User applied algorithm • User must find algorithm • User selects encryption © Coventry University 19 .

coventry.Network Security Controls Link Encryption? • Typically done in hardware • All or no data encrypted • Requires one key per host pair • Provides node authentication End-to-end Encryption? • Either software or hardware • User chooses to encrypt or not. for each data item • Requires one key per user pair • Provides user authentication © Coventry University 20 .

Network Security Controls • Virtual Private Networks – Link encryption can give users a sense of being on a private The greatest risk is between the user’s workstation and the perimeter of the host network or server © Coventry University 21 www. even when it is part of a public network – this is called a VPN – . physical and administrative security are strong enough to protect transmission within a network perimeter.

ac.Network Security Controls • Virtual Private Networks – A firewall is an access control device between two networks or network segments – Many firewalls can be used to implement VPNs • The user establishes communication with the firewall and requests a VPN session • The user’s client and firewall negotiate a session encryption key and all subsequent traffic between them is encrypted © Coventry University 22 .coventry.

uk .Network Security Controls • Virtual Private Networks – Many firewalls can be used to implement VPNs • To the user it feels like the network is private • Communication is said to pass through an encrypted tunnel © Coventry University 23 .Network Security Controls • Other common network security controls: – – – – – – PKI and Certificates SSH Encryption SSL Encryption (now known as TLS) IPSec Signed Code Encrypted e-mail © Coventry University 24 www.

...3170.94388.!7..0397&3.9009478 .7590/9:330 4.0397 ..3 03. : ./945.0789   .90 W 422:3.8.:79439748 W '79:.88974:.3-0:80/942502039'!8 W %490:8079100809030947857.0947$0.4.

:79439748 W 907.422433094780.0789   .0947$0..:79.0397 . : .0397&3.3/0791.75943 34343.4.8%$ !$0.908 $$3.7590/0 2.75943 $$3.. 4.439748 !. $30/4/0 3.