Session 8 Notes

transcript

Session Number: 8

Internet Supply Chain Management –

ECT 581 Winter 2003

Session Date: February 25, 2003

Session Outline: Administrative Items Session Topics: Extranet Security Considerations

Network Fundamentals TCP/IP Security Considerations Firewalls & Other Security Considerations

Mission Critical TerminologyNetwork – a system of interconnected computer systems and terminals connected by communications channels..Protocol – a specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data.Transmission Control Protocol/Internet Protocol (TCP/IP) – a set of protocols developed by the Department of Defense to link dissimilar computers across large networks.Security – the combination of software, hardware, networks, and policies designed to protect sensitive business information and to prevent fraud.Virtual Private Network (VPN) – a wide-area network (WAN) created to link a company with external users (including mobile users, field representatives, or strategic allies). It uses the Internet for data transmission, but ensures confidentiality and security through the use of protocol tunneling.

Mission Critical Terminology (continued)Firewall – a security screen placed between an organization’s internal network and the external Internet. According to the National Computer Security Association (NCSA), a firewall is a system or combination of systems that enforces a boundary between two or more networks.

De-militarized Zone (DMZ) – a term used to refer to a screened subnet that resides between a LAN and the Internet. It is a network environment that is configured to provide an additional shield from undesirable or unauthorized intruders.

Repudiation – A security feature that prevents a third party from proving that a communication between two other parties took place.

Non-repudiation – the opposite of repudiation; desirable if you want to be able to trace your communications and prove that they occurred.

Fundamental Technology Components: Focus on Networks & Security Considerations

Network Components Connectivity Equipment Internet Server Hardware and Software Application Server Database System E-mail Gateway

Firewall Internet Server/Intranet Server Authoring/Web Development Server

Network Fundamentals: Open Systems Interconnection (OSI) Model

Network are defined by architecture or protocolOSI reference model defines functional network layers Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer

Each layer has its own protocol or set of protocols.

Think of OSI model as a ‘layer cake’.

At the bottom is the Physical Layer supporting and holding everything up.

At the top is the Application Layer describing and managing how each application programs will interact.

Network Fundamentals: OSI Model (continued)

Network Fundamentals: Open Systems Interconnection (OSI) Model (continued)

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

• Describes and manages how applications interact with the network operating system. • Protocols include the Network Filing System (NFS), Netware Core Protocol, and Appleshare.

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

• Handles encryption and some special file formatting. Formats screens and files so that the final product looks like the programmer wanted it to. • This layer is the home to terminal emulators that can make a PC think that it is a DEC VT-100 or an IBM 3270 terminal. • Protocols include Netware Core Protocol, Network Filing System (NFS), and AppleTalk File Protocol (AFP).

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

• Performs the function that enables two applications to communicate across the network, performing security, name recognition, logging, administration, and other similar functions. • Protocols include Simple Network Management Protocol (SNMP), File Transfer Protocol (FTP), Telnet, Simple Mail Transport Protocol (SMTP), Netbios, LU 6.2 (from IBM’s SNA) and Advanced Program-to-Program Communications (APPC).

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

• Considered the “railroad yard dispatcher” who takes over if there is a ‘wreck’ somewhere in the system. • Performs a similar function as the Network Layer, only its function is specific to local traffic. • Also handles quality control. Drivers in the networking software perform this layers tasks. • Protocols include Transmission Control Protocol (TCP) and Novell’s SPX.

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

• Functions as the ‘network traffic cop’ deciding which physical pathway the data should take based on network conditions, priorities of service, and other factors. • Protocols include Internet Protocol (IP), Novell’s IPX, and Apple’s Datagram Delivery Protocol (DDP).

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

• Controls the data stream between the communicating systems. Works like the foreman of a railroad yard putting cars together to make a train. • Governing protocols include high-level data link control (HDLC), bi-synch, and Advanced Data Communications Control Procedures (ADCCP).

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Furnishes electrical connections and signals and carries them to higher layers.

Governing protocols include RS-232C, RS-449, X.21 (primarily in Europe).

TCP/IP Overview

A set or family of protocols.

Developed to allow cooperating computers to share resources across a network.

Initially included Arpanet, NSFnet, regional networks such as local university networks, research institutions, and military networks.

All networks are connected and the Internet protocols standardized the order and structure of computer communication within the inter-connected networks.

TCP/IP Overview (continued)

A ‘connection-less’ protocol.

Info transferred in packets.

Built to ensure establishment of connections between end systems.

TCP/IP has limited to no inherent security features.

TCP/IP provides no systematic way to perform encryption (due to unavailability of data-encoding layer).

IP was built for speed and efficiency; ‘just delivers goods’.

IP host address is part of address that identifies networked processors.

Contrasting OSI & TCP/IP

TCP/IP is the de facto global interoperability standard; OSI has more of a presence in Europe.

TCP/IP does not formally have an application layer.

TCP is equivalent of OSI layer 4 protocol.

IP is OSI layer 3 protocol.

TCP/IP protocols of primary importance include:

Transmission Control Protocol (TCP) – provides reliable data transport from one node to another using connection-oriented techniques.

User Datagram Protocol (UDP) – provides datagram services for applications. Primary role is to add the port address of an application process to an IP packet & to move packets through the network (used by DNS).

Internet Protocol (IP) – a connectionless, unacknowledged network service; does not care about the order of transmitted packets.

Additional services or ‘applications’ built on top of TCP/IP include:

Network File System (NFS) – filing system for Unix hosts. Simple Network Management Protocol (SNMP) – collects info about

the network and reports back to network administrators. File Transfer Protocol (FTP) – enables file transfers between

workstations and a Unix host or Novell Netware NFS. Simple Mail Transfer Protocol (SMTP) – enables electronic messaging. Network News Transport Protocol (NNTP) – distributes and manages

Usenet articles and replies. Post Office Protocol (POP) – stores incoming mail until users access it. Telnet – DECVT100 and VT330 terminal emulation. Hypertext Transfer Protocol (HTTP) – defines means of addressing and

locating resources stored on other systems (by means of uniform resource locators – URL’s) and defines request and transmission formats for the World Wide Web.

IP Addressing

Addresses used to provide hierarchical address space for the Internet.

Provides for computers on diverse types of networks to exchange data.

IP address is 4 bytes (32 bits) long & usually expressed in dotted decimal notation.

Addresses are divided into three major classes: A, B, and C.Classes D & E are reserved for special use.

Each class can be identified through examination of the first four bits of the address.

Classes 1st Four Address Bits

A 0xxx

B 10xx

C 110x

D 111x

E 1111

Class Value of High-

order Byte

Max # Net Addresses

Max # of Host

Addresses

Address Format Example Impact on network

A 1-127 127 16M net.host.host.host 100.10.240.28 Limits # of networks

B 128-191 16,384 65K net.net.host.host 157.100.5.195 Balance of networks & hosts

C 192-223 2,097,152 254 net.net.net.host 205.35.4.120 Limits # of hosts

D 224-239

E 240-255Reserved for special use

IP Addressing (continued)

Internet Security Concerns

Findings from 2000 Computer Crime and Security Survey conducted by the Computer Security Institute (CSI) & the FBI with responses from 538 computer security professionals.

97% have WWW sites. 47% conduct electronic commerce on their sites. 85% of respondents detected security breaches within last 12

months. 64% of respondents reported financial losses due to computer

security breaches 70% of respondents cited their Internet connection as a frequent

point of attack. 23% suffered unauthorized Internet access or misuse in last 12

months. 27% said they did not know if there had been unauthorized

access or misuse.

35% of respondents reported detected financial losses totaling $377,828,700.

16% reported losses due to unauthorized access.

40% of respondents detected unauthorized external system penetration.

38% detected denial of service attacks.

91% detected employee abuse (including downloading of unsavory content or pirated software, or inappropriate use of e-mail systems).

94% detected computer viruses.

Internet Security Concerns (Y2K results continued)

Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months.

Eighty percent acknowledged financial losses due to computer breaches.

Forty-four percent (223 respondents) were willing and/or able to quantify their financial losses. These 223 respondents reported $455,848,000 in financial losses.

As in previous years, the most serious financial losses occurred through theft of proprietary information (26 respondents reported $170,827,000) and financial fraud (25 respondents reported $115,753,000).

For the fifth year in a row, more respondents (74%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (33%).

Thirty-four percent reported the intrusions to law enforcement. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.)

Forty percent detected system penetration from the outside.

Forty percent detected denial of service attacks.

Seventy-eight percent detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems)

Eighty-five percent detected computer viruses.

Internet Security Concerns: 2002 CSI Report Highlights

Classifying Potential Security Threats (From Most to Least Prevalent)

Ignorance and Accidents

Company Employees and Partners

Casual “Doorknob Twisters”

Concerted Individual Efforts

Coordinated Group Efforts

Potential Security Gaps

Lack of safeguards (no firewalls).

Poorly configured and administered systems.

Basic security problems with communication protocols (TCP, IP, UDP).

Faulty service programs.

Basic security problems with service programs (WWW. FTP, Telnet, etc.).

Madness in the Method: Tactics and Techniques to ‘Bring the System Down’

Programmed attacks including denial-of-service attacks.

E-mail bombing, spamming, and spoofing

Viruses

Most Successful Break-in Methods

Sniffer attacks (sniffer-kits & Trojan Horses included as programs smuggled in to monitor data flows and to retrieve passwords and ID’s).

IP-spoofing (attacker gives data packets addresses in the address range of the target)

Sendmail attacks (exploits security gaps in the sendmail daemon that supports SMTP).

NFS (Network File System) attacks (exploits gaps in two primary NFS daemons; nfsd & rpc.mountd).

NIS (Sun’s Network Information Service) attacks (exploits gap in NIS

Unique Security Challenges of Extranets

Shared endpoint security – with an extranet, security becomes a joint responsibility of the organizations at the endpoints that link a group of intranets or users.

Unmanaged heterogeneity- an extranet involves a population of local and remote users where it is virtually impossible to manage the types of technical heterogeneity used to access the extranet.

Politics – extranet administrators and uses must deal with the political wrangling and sensitivity of their electronic business partners.

Added costs – added layers of access for multiple business entities translate to added costs of protecting internal systems of unwanted visitors.

Cross-pollination – electronic joining of organizations increases the risk of cross-pollination and unwanted transfer of competitive information.

User anxiety – extranet security must be more extreme and apparent; administrators must always be convincing anxious users that a site is secure.

Basic Security Tenets

Authentication – validation of claimed identity.

Authorization – determining access privileges.

Integrity – assuring that the extranet information is accurate and that it cannot be altered accidentally or deliberately.

Availability – ensure immediate and continuous access to the extranet information, 24 hours per day, 7 days a week, 365 days per year.

Confidentiality – assuring that the data is seen only by authorized viewers.

Auditing – logging of all events.

Non-repudiation – preventing participants from denying roles in a transaction once it is completed.

Three Major Steps

Threat assessment Vulnerability analysis Design and implementation of security measures

Building a Security Program

Building a Security Program: Detailed Process

Identify assets including processors, data, and network components. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan identifying measures to be deployed. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security program and update it if any problems are found. Maintain security by scheduling periodic independent audits, reading

of audit logs, responding to incidents, continuing to train and test, etc.

Security Measure or Protection Mechanisms

Authentication

Authorization or Access Control

Accounting (Auditing)

Data Integrity

Data Confidentiality

Policies

Education

Security through Obscurity (If They Don’t Ask, Don’t Tell)

Widely Used Security TechniquesCertificates & Cryptography for ensuring data integrity and for authentication

Firewalls for controlling access to vital and sensitive resources.

Non-repudiation

Data Encryption

Process that scrambles data to protect it from being read by anyone but the intended receiver.

Useful for providing data confidentiality.

Has two parts:

encryption algorithm – a set of instructions to scramble and unscramble data

encryption key – a code used by an algorithm to scramble and unscramble data

Best known symmetric system is DES

Best known asymmetric system is Public/Private Key encryption

Firewalls

A set of components that function as a choke point, restricting access between a protected network and the Internet.

Provides:Authorization or Access Control

Authentication

Logging

Notification

Firewall Architectures

First consideration in designing a firewall is to meet the requirements set out in the security policy.

May include port filtering, application filtering, and user-based restrictions.

Firewalls also need to provide a system for logging that can be used to monitor the activity of internal and external users and intruders.

A good security rule of thumb is to minimize the number of access to points to the private network.

A good firewall architecture consists of an access router, a perimeter network, a dual-homed proxy server and an interior router.

The access router would be the first opportunity to prevent intruders from accessing the restricted systems.

Packet filters should be used to restrict the use of unnecessary protocols on the perimeter network.

This may include filtering for specific services such as source routing, SNMP, X windows, Telnet, RPC, and FTP.

Packet filters should also be used to allow access only to specific servers such as the proxy server and other bastion hosts.

Firewall Architectures

Firewall Architectures The perimeter network is

between the access router and the interior router.

By creating a separate network for externally accessed hosts you can minimize the probability of an intruder listening for passwords or confidential data.

Servers that provide access to external users are usually placed here.

All servers placed here should be bastion hosts with only a limited amount of services enabled.

A perimeter network is also referred to as a De-Militarized Zone (DMZ).

Firewall Essential Features Proxies - Each application that runs through the firewall needs its own proxy.

Customized kernel - Customization consists of disabling non-required services and modifying the insecure ones.

Logging -The logging feature is vital not only for analyzing attacks but also for providing legal evidence that an effort has been made to secure the network.

Authentication - The firewall should support some authentication based on the security policy.

Firewall Essential Features (continued)

Administration - The administration utilities for the system should be straight forward and provide a quick method of viewing the current configuration to reduce configuration errors.

User Transparency - Depending on the product and services supported, proxy servers may require modifications to clients and procedures.

Platform - The firewall should run on a platform the organization has experience in using.

Network Interface - With Internet traffic growing, the ability for firewalls to integrate into high speed backbones will become more important.

Throughput - Demand for faster firewalls is being driven by faster WAN links and backbones.

Non-repudiation

Non-repudiation is a security measure that provides proof of participation in a transaction for legal purposes.

Digital signature services provide strong and substantial evidence of

the identity of the signer,

the time of the message,

the context of a message, and

the message’s integrity.

Non-repudiation offers sufficient evidence to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents.

For example, if you purchase a home furnishing via the WWW, you can be assured that no one else can easily make purchases in your name.

Non-repudiation provides evidence to prevent a false denial of message creation or message receipt, and renders an added level of confidence to buyers and sellers of products and services over the Internet

Emerging Standard: IP Security Protocol (IPSec)

IPSec is a set of open standards providing data confidentiality, data integrity, and authentication between participating peers at the IP layer.

Relatively new standard.

Enables a system to select protocols and algorithms, and establishes cryptographic keys.

Uses the Internet Key Exchange (IKE) protocol to authenticate IPSec peers.

IKE uses the following technologies:

DES – encrypts packet data.

Diffie-Hellman – establishes a shared, secret, session key.

Message Digest 5 (MD5) – hash algorithm that authenticates packet data.

Secure Hash Algorithm (SHA) – hash algorithm that authenticates packet data.

RSA encrypted nonces – provides repudiation.

RSA signatures – provides non-repudiation.

Emerging Standard: IPSec (continued)

Emerging Standard: IPv6

• IPv6, also known as IPng (IP new generation).

• With the rapid growth of the Internet over the last few years, two major limitations have become evident: the routing tables are growing too fast and the address space is insufficient.

• IPv4 is based on a 32 bit address, allowing for addressing of up to about 4 billion computers. After debate address space increased from 32 to 128 bits.

• IPv6 is based on a 128 bit address scheme.

• By using 128 bits for addressing, this not only allows for addressing billions of billions of hosts, but it also allows a more hierarchical network to be built.

• IPv6 has been designed to solve these problems and also include support for security and multimedia.

• IPv6 requires IPSec. IPSec will be mandatory in IPv6 while it can be ‘transparently’ implemented on the current IPv4 Internet.

Enabling Extranets through Virtual Private Networks (VPN’s)

Key extranet systems enabling tool. VPN’s enable a customer to use a public network, such as the

Internet, to provide a secure connection between sites on the organization’s inter-network.

VPN connectivity must be secure, but still allow ease of access to key resources via the Internet.

Interconnection to service provider’s network enabled through variety of technologies including leased lines (T1/T3), frame relay, cable modems, satellite, digital subscriber line (DSL), etc.

VPN Architecture

Conceptually, constructing a virtual private network is straightforward.

Basic configuration consists of an

Internet connection,

a firewall architecture, and

a data security architecture.

The primary item that is needed by each LAN is an Internet connection.

The pipe should be large enough to service the potential traffic from VPN applications as well as regular Internet traffic.

Key Design Point: Examine the prospective ISP for connectivity, and make sure the ISP has the bandwidth to transport the potential traffic between sites.

Typical VPN Configuration - LAN/WAN to Internet

Typically, firewall software is used to protect corporate LAN resources.

Also, a separate network (commonly referred to as the ‘demilitarized zone or DMZ’ placed between Internet router and firewall.

Some firewall vendors enable integration of DMZ and firewall.

Enabling Extranets through VPN’s (continued)

Protocol tunneling is one technique used to create secure VPN.

In tunneling, data packets are encrypted and encapsulated in a clear text packet.

Layer 2 Tunneling Protocol (L2TP) is an emerging standard for tunneling private data over public networks.

Cisco, Microsoft, 3Com and Ascend Communications support standard setting efforts.

Microsoft has derived Point-to-Point Tunneling Protocol (PPTP) as built-in feature in NT & 2000 Server products.

Enabling Extranets through VPN’s (continued)

Next Session Highlights:

Firewalls, VPNs & Other Security Considerations (continued)

Read required article ‘Web Services Fundamentals’

Session 8 Notes

Documents