Network Security Chapter 4

Questions and Answers

Match the following security-enhanced application protocols with their respective base protocols:

FTPS = FTP HTTPS = HTTP SMTPS = SMTP DNSSEC = DNS

What are the two primary applications of IPSec mentioned in the content?

Secure branch office connectivity over the Internet and secure remote access over the Internet.

What benefits does IPSec provide according to the content?

Security for individual users

Transparent to applications (below transport layer)

Both a and b (correct)

IPSec can assure that a router or neighbor advertisement comes from an authorized source.

True

In IPSec, SA uniquely identified by ______.

Security Parameters Index (SPI) in the enclosed extension header of AH or ESP

Match the IPSec protocols with their descriptions:

AH = Authentication Header for IP-level authentication ESP = Encapsulating Security Payload for IP-level confidentiality IKE = Internet Key Exchange for exchanging secret keys

What are some examples of passive attacks? (Select all that apply)

Traffic analysis

How can passive attacks be defended against?

Using switching tools rather than mere repeating hubs limits this possibility.

What best describes active attacks?

Fully control the transmitted data

Spoofing attack involves successfully imitating another person or program.

True

What is the purpose of the Sequence Number in TCP?

Provides anti-replay function

How often does the RFC suggest incrementing the Initial Sequence Number (ISN)?

At least every 4 ms

What is DNS spoofing?

Modifying a name server to provide false information

What is the purpose of cookies set by web servers?

Used to track user visits

What can malicious scripts in interactive web sites potentially do?

Crash the server

What is IP spoofing?

Inserting a wrong IP address in the source IP of an IP packet.

What is DNS spoofing?

Changing the DNS information to direct to a wrong machine.

What is URL spoofing/Webpage phishing?

A legitimate webpage such as a bank's site is impersonated.

What is session hijacking in network security?

Exploiting an established TCP connection to hijack the session.

What group of users was TCP/IP initially designed for?

A trusted group of users.

What does ARP spoofing involve?

ARP spoofing involves manipulating ARP tables to associate incorrect MAC addresses with IP addresses.

Why are IP packets vulnerable to interception?

IP packets are not protected and can be easily read.

What is the purpose of IP security (IPSec)?

To provide security algorithms and a framework for secure communication.

Study Notes

Network Security

• Network security is a crucial aspect of today's highly networked world, focusing on internet and intranet security (TCP/IP-based networks).
• It involves protecting against attacks that use security holes in the network protocol and their defenses.

Security Services

• Confidentiality: ensuring data is only accessible to authorized parties.
• Authentication: verifying the identity of users or devices.
• Integrity: ensuring data is not modified or tampered with.
• Non-Repudiation: ensuring a sender cannot deny sending a message.
• Access Control: controlling access to resources.
• Availability: ensuring data is accessible and usable.

Network Security Model

• Trusted third-party model: involves a trusted third party to provide security services.

Types of Attacks

• Passive attacks:
  • Listening to the network and making use of the information without altering it.
  • Examples: passive wiretapping, traffic analysis.
• Active attacks:
  • Threatening the integrity and availability of data being transmitted.
  • Examples: modifying, extending, deleting, or playing back data.
• Denial of Service (DoS) attacks:
  • Preventing authorized access to resources.
  • Examples: email bombing, smurf attacks, distributed denial of service attacks.

Spoofing Attacks

• Spoofing: successfully imitating another person or program by falsifying data.
• Examples: IP spoofing, DNS spoofing, URL spoofing/webpage phishing.

Session Hijacking

• Hijacking a TCP connection between a client and a server.
• Exploiting the clear transmission of information to hijack the session.

TCP/IP Networks and Vulnerabilities

• TCP/IP was designed for use by a trusted group of users, but it is now used by various people.
• The protocols are not designed to withstand attacks, and vulnerabilities can be exploited by attackers.

Link Layer: ARP Spoofing

• ARP (Address Resolution Protocol) spoofing: sending fake ARP requests to manipulate the ARP cache.

Network Layer: IP Vulnerabilities

• IP packets can be intercepted and modified.
• IP packets are not protected, and they can be easily read or modified.
• IP packets are not authenticated, making them vulnerable to traffic analysis attacks.

Network Layer: IP Security (IPSec)

• IPSec is a set of security algorithms and a general framework that allows communicating entities to use various algorithms for security.
• IPSec provides confidentiality, authentication, and integrity of data.### IPSec Applications
• Secure branch office connectivity over the Internet
• Secure remote access over the Internet
• Establishing extranet and intranet

Benefits of IPSec

• Transparent to applications (below transport layer)
• Provide security for individual users

IPSec Assurance

• Ensures that router or neighbor advertisements come from an authorized router
• Ensures that redirect messages come from the router to which the initial packet was sent
• Ensures that routing updates are not forged

IPSec Services

• Access control
• Integrity
• Data origin authentication
• Rejection of replayed packets
• Confidentiality (encryption)

IPSec Security Associations (SA)

• One-way relationship between a sender and a receiver that provides security services
• Uniquely identified by:
  • Security Parameters Index (SPI)
  • AH: Authentication Header (Authentications)
  • ESP: Encapsulating Security Payload (both authentication and confidentiality)
  • IP Destination address in the IPv4/IPv6 header

IPSec Modes

• Transport mode: protection for upper-layer protocols (TCP, UDP)
• Tunnel mode: protection for the entire IP packet

IPSec Encryption and Authentication

• Provides authentication, confidentiality, and key management at the level of IP packets
• IP-level authentication is provided by inserting an Authentication Header (AH) into the packets
• IP-level confidentiality is provided by inserting an Encapsulating Security Payload (ESP) header into the packets### Transport Layer: TCP
• The Sequence Number is a monotonically increasing 32-bit counter that provides an anti-replay function.
• The Sequence Number is initialized with a "random" value during connection setup.
• The RFC suggests that the Initial Sequence Number (ISN) is incremented by 1 at least every 44 ms.
• In many implementations, it is computationally feasible to guess the next ISN number.

Transport Layer: TCP SYNC Attack

• A 3-way handshake is used in TCP connections: SYN, SYN-ACK, ACK.
• An attacker can impersonate a trusted host (T) by sending a SYN packet with a spoofed IP address.
• The server responds with a SYN-ACK packet, which the attacker can then respond to with an ACK packet, allowing the attacker to send malicious data.

Application Layer: DNS

• DNS spoofing occurs when an attacker has access to a name server and modifies it to provide false information.
• An example of DNS spoofing is redirecting www.ebay.com to the attacker's own IP address.
• The cache of a DNS name server can be poisoned with false information using simple techniques.

Application Layer: Web Browsers

• Web browsers can be a threat if malicious code is inserted into the browser.
• Informing an attacker of a user's activities and passwords is a potential problem.
• Cookies can be used to track what sites a user visits, leading to serious privacy violations.

Application Layer: Web Browser Security

• Interactive web sites are based on forms and scripts.
• Malicious scripts can be used to crash a server or gain control over it.
• Server security can be improved using security-enhanced application protocols.

Application Layer: E-mail Security

• E-mails transit through various servers before reaching their destinations, making them visible to anybody with access.
• The SMTP protocol itself has security holes.
• E-mail security can be improved using tools and protocols.

Application Layer: Security-Enhanced Application Protocols

• Security-enhanced application protocols can solve most application layer security problems.
• Examples of security-enhanced protocols include FTPS, HTTPS, SMTPS, and DNSSEC.

Description

This quiz covers the basics of network security, including security services, confidentiality, authentication, integrity, non-repudiation, access control, and availability. It also touches on network security models and information channels.