network security

---

NETWORK SECURITY “We have the illusion of security, we don’t have security.” – Isaac Yeffet

Objectives • • • •

Dirty Words CIA AAA IoT

• Malware • MiM • Network Security Devices

“Weak security is NO security” - Someone

Dirty Words

Confidentiality = The contents of the message stay secret until you want it to be read Integrity = The message isn’t changed in transit Availability = Making sure that crucial services are running when needed Non-repudiation = The identity of the owner of the message/document stays with the message.

CIA

Encryption and Security Goals Converts data from plaintext to ciphertext

Encryption supports: • Confidentiality • Integrity • Availability (not so much) Visa 1254-9865-4581-8553

• Non-repudiation (digital signature)

B..P...U.,rB..`-....AH.Z.&E....c.&...a?.N..8

Encryption Using SSL 1

Request secure connection

2

Send certificate and public key

3

Negotiate encryption

4

Generates and encrypts a session key

5

Uses session key for data encryption

SSL and TLS

SSTP •

They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key.

•

This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.

•

TLS/SSL is initialized at layer 5 (session layer) and works at layer 6 (the presentation layer).

Message Digest – hashing (Integrity)

E a s y

H a r d

Digital Signature Sender’s side

Plaintext

Plaintext Signed

Now is the time for all good men…

1 Hash AC4KJ9

Receiver’s side

Now is the time for all good men…

BR549X Signature

Plaintext Signed Send 3

Now is the time for all good men…

BR549X

Sender’s Private Key encrypts hash Creates Alice signature Sender

Hash 5 AC4KJ9 Compare

Attach

2

Bob Receiver

4 Sender’s Public Key Decrypts Signature

AC4KJ9

6

Authentication

Authorization

Security Factors - AAA

Accounting (Auditing)

Authentication 1.Something you know a) Password b) Pin c) Answer to a security question 2.Something you have a) Hardware Token b) Fob c) Smart card 3.Something you are (Biometrics) a) Finger print b) Retina scan

Validates an individual’s credentials to access resources

Strong Pass Phrases Minimum length

Special characters

&TheOCAisGr8 Uppercase letters

Lowercase letters

Numbers

Biometrics • • • •

Fingerprint scanner Retinal scanner Hand geometry scanner Voice-recognition software

• Facial-recognition software

Fingerprint Scanner

Multi-Factor Authentication Requires validation of two authentication factors

Password

IoT The internet of everything

Reconnaissance • Shoulder Surfing • Dumpster Diving • War Driving The first step of any attack

Virus / Worms

Man in the middle

Buffer Overflow

DDoS Network-Based Attacks

Attacks

DOS

Evil Twin

Network Security Devices

Receive requests and pass credentials to RADIUS server

Remote access server

Network resources

Established connection mechanism

Remote computer

DMZ

RADIUS Server

Remote Networking Remote access server

Receive requests and pass credentials to TACACS+ server

Network resources

Established connection mechanism

Remote computer

DMZ

TACACS+

LDAP

TACACS+

TACACS and TACACS+ provide centralized authentication and authorization services for remote users.

TACACS:  Includes process-wide encryption for authentication. 

Utilizes TCP rather than UDP and supports multiple protocols.

TACACS+:  Supports multifactor authentication.  Is more secure and more scalable than RADIUS.  Is not compatible with TACACS because it uses an advanced version of the algorithm used by TACACS.

Firewalls

Administrator Approved Traffic

Firewall

Unapproved Traffic

Firewall Types

There are four common types of firewalls: 

Packet filter:  



Stateful inspection firewall:  



Works at the Session layer. Monitors the condition or state of the connection.

Proxy firewall:  



Works at the Network layer. Each packet being passed along the network is compared to a set of default criteria.

Works at the Application layer. Logs user activity and logons.

Stateful multilayer inspection firewall:  

Works at the Network, Session, and Application layers Combines the functions of a packet filter, a stateful inspection firewall, and a proxy firewall.

DMZs Web server

DMZ

Passive and Active IDSs

Passive IDS:  Detects  Logs  Alerts

Active IDS:  Detects  Logs  Alerts  Blocks

IPSs

IPS

Vulnerability Scanning Nessus nmap

Network Scanners

Network Scanners

Network Scanners

Network Scanners

Network Scanners

Honeypot / Honeynet

NETWORK SECURITY “We have the illusion of security, we don’t have security.” – Isaac Yeffet