2024-S1-IE2012-Lecture-04-Network Security.pptx

Full Transcript

IE2012 – Systems
IE2061 - Operating and Administration
Systems and System Network
Programming
Lecture 04
Improving Network Security
Content
1. Making remote access secure
i. What is remote access ? 1. Firewalls
ii. Types of remote access tools i. What is a Firewall ?
iii. What is a Telnet ? ii. Types of firewalls
iv. Is Telnet secure ? iii. What is an ‘iptable’
v. SSH
vi. Why SSH 2. Network Security over the Internet
vii. SSH vs Telnet i. HTTP
viii. SSH encryption ii. HTTPS
ix. Basic commands in SSH iii. SSL
iv. TLS

IE2012 | SNP | Ms. Dinithi Pandithage
1.1 What is a Remote access ?
Remote access is the ability of users to access a device or a network from any location. With that
access, users can manage files and data that are stored on a remote device, allowing for continued
collaboration and productivity from anywhere.
E.g.:- you use a computer, smartphone or tablet to connect to another computer or network from a different
location

IE2012 | SNP | Ms. Dinithi Pandithage
1.1 What is a Remote access ?

It enables users to perform tasks, access files, or control devices as if they were physically present.
Remote access is essential for IT professionals, enabling them to manage systems and troubleshoot
issues remotely.
Provides faster response times to user issues
Reduces the need for on-site visits
Enables efficient management of geographically dispersed networks
Offers flexibility for administrators to work from anywhere

IE2012 | SNP | Ms. Dinithi Pandithage
1.2 Types of remote access tools

Remote desktop software like Microsoft Remote Desktop Protocol (RDP) offers a graphical interface
for remote control.
Secure Shell (SSH) and Virtual Network Computing (VNC) are text-based protocols commonly used
for server administration.
Web-based management tools allow access through a web browser, making them platform-
independent

IE2012 | SNP | Ms. Dinithi Pandithage
1.3 What is Telnet ?

Telnet stands for "Teletype Network.” It is a a text-based interface used for remote terminal access.
Telnet allows users to log in to a remote computer and execute commands as if they were directly
operating the system locally.
Telnet operates over a TCP/IP network, typically using port 23.
It establishes a virtual terminal connection between the client and server.
Data sent via Telnet is unencrypted, making it vulnerable to interception and security threats.

IE2012 | SNP | Ms. Dinithi Pandithage
1.4 Is Telnet secure ?

Lack of encryption: Data transmitted via Telnet is sent in plain text, making it susceptible to
eavesdropping.
Security vulnerabilities: Telnet sessions are prone to attacks such as password sniffing and session
hijacking.
Not recommended for use over untrusted networks due to security concerns.

IE2012 | SNP | Ms. Dinithi Pandithage
1.5 SSH

Secure Shell (SSH) is a secure network protocol for remote access and secure data communication
It is a modern and secure alternative to Telnet.
It provides encrypted communication between client and server, ensuring confidentiality and integrity
of data.
SSH is widely used in network administration, system administration, and secure file transfers.
SSH operates over a secure channel, typically using port 22.
It employs public-key cryptography to authenticate the client and server and establish a secure
connection.

IE2012 | SNP | Ms. Dinithi Pandithage
1.5 SSH (continued)

The open source OpenSSH implementation is the one most commonly found on Linux, Unix and
other OSes based on Berkeley Software Distribution (BSD), including Apple's macOS.
While SSH is directly accessible by default in most Unix-like OSes, Microsoft's ported version of
OpenSSH must be explicitly enabled in the Windows Settings app.
PuTTY is another open-source implementation of SSH. While it currently is available for Windows,
macOS and Unix/BSD, PuTTY was originally written to run on Windows. It has long been one of the
top options for using SSH on a Windows system.

IE2012 | SNP | Ms. Dinithi Pandithage
1.6 Why SSH ?

Strong Authentication: SSH supports various authentication methods, including passwords and
public-key cryptography, which offers an extra layer of security compared to passwords alone.
Secure File Transfer: SSH can be used for secure file transfer between systems with encryption. This
allows administrators to transfer sensitive data securely without concerns about interception or
manipulation.
Secure Tunnelling: SSH can create secure tunnels for other protocols, allowing them to run securely
over an unencrypted network. This is useful for applications that are not inherently secure, such as
FTP

IE2012 | SNP | Ms. Dinithi Pandithage
1.6 Why SSH ?
(continued)

Automated Tasks: SSH scripting allows administrators to automate repetitive tasks, saving them
significant time and effort.
Flexibility: Unlike Telnet's limited functionality, SSH provides a powerful command-line interface
that allows administrators to perform a wide range of tasks on remote systems. This includes
managing files and users, installing software, configuring services, and much more.

IE2012 | SNP | Ms. Dinithi Pandithage
 Feature Telnet SSH

1.7 SSH vs Telnet
Security
Unsecure (No
encryption)
Secure
(Strong
encryption)

Port 23 22 (default)

Username/
Username/
Authenticatio Password or
Password
n Keys
(weak)
(stronger)

Unencrypted
Data Transfer Encrypted
(plaintext)

Multi-factor
Not
Authenticatio Supported
supported
n

File Transfer Insecure Secure

Not
Tunneling Supported
supported

Extensive
Scripting Limited scripting
capabilities

Powerful
Limited
Flexibility command-
IE2012
functionality
line |interface
SNP | Ms. Dinithi Pandithage
1.8 SSH encryption

There are three different encryption technologies used by SSH:
Symmetrical encryption
Asymmetrical encryption
Hashing

IE2012 | SNP | Ms. Dinithi Pandithage
1.9 Basic commands in
SSH
Invoke the program and the destination host name or Internet Protocol (IP) address:

This will connect to the destination, server.example.org. The destination host will respond by
prompting for a password for the user ID of the account under which the client is running. In other
words, if the user ID in use is jsmith, then the remote host will ask for a password associated with
the account jsmith on the remote host.

IE2012 | SNP | Ms. Dinithi Pandithage
1.9 Basic commands in
SSH
In many cases, the user ID for the remote host will be different, in which case the command
should be issued with the remote host user ID, like this:

SSH can also be used from the command line to issue a single command on the remote host and then
exit -- for example:

This command executes the Unix ls command, which lists all contents of the current directory on the
remote host.

IE2012 | SNP | Ms. Dinithi Pandithage
1.9 Basic commands in
SSH

IE2012 | SNP | Ms. Dinithi Pandithage
2. Firewalls

A firewall is a network device or host with two or more network interfaces — one connected to the
protected internal network and the other connected to unprotected networks, such as the Internet. The
firewall controls access to and from the protected internal network.
If you connect an internal network directly to the Internet, you have to make sure that every system on
the internal network is properly secured — which can be nearly impossible because a single careless
user can render the entire internal network vulnerable.
Essentially, a firewall is like a protective fence that keeps unwanted external data and software out and
sensitive internal data and software in.

IE2012 | SNP | Ms. Dinithi Pandithage
2.1 What is a Firewall

A Firewall is a network security device that monitors and filters incoming and outgoing network
traffic based on an organization's previously established security policies

IE2012 | SNP | Ms. Dinithi Pandithage
2.2 Types of Firewalls

1. Packet Filtering firewall – make processing decisions based on network addresses, ports, or
protocols
2. Stateful inspection firewall - a kind of firewall that keeps track and monitors the state of active
network connections while analysing incoming traffic and looking for potential traffic and data
risks
3. Proxy firewall - the most secure form of firewall, which filters messages at the application layer to
protect network resources. Traditional firewalls are not designed to decrypt traffic or inspect
application protocol traffic

IE2012 | SNP | Ms. Dinithi Pandithage
2.3 What is an ‘iptable’

An iptable is a tool used in Linux systems to manage network security by configuring firewall rules.
It acts as a firewall that filters and controls incoming and outgoing network traffic.
Think of it as a gatekeeper that decides which network packets are allowed to pass through and which
ones are blocked.
With iptables, administrators can define rules to permit or deny specific types of traffic based on
criteria like IP addresses, ports, and protocols. For example, you might use iptables to block access to
a web server on your system from the public internet, making it only accessible from within your
local network.

IE2012 | SNP | Ms. Dinithi Pandithage
2.3 What is an ‘iptable’
(contd.)
Think of iptables like a traffic light at an intersection. It has different sets of rules, like red, yellow,
and green lights, that determine how to handle incoming and outgoing network traffic. Iptables
analyses each piece of traffic based on various criteria, such as its source and destination addresses,
port numbers, and protocol. If the traffic matches a specific rule in a chain, iptables takes an action
defined in that rule, such as allowing or denying the traffic.

IE2012 | SNP | Ms. Dinithi Pandithage
2.3 What is an ‘iptable’
(contd.)

IE2012 | SNP | Ms. Dinithi Pandithage
3. Network Security over the internet

Protocols define the rules: They act like a common language for devices on the internet to understand
each other. It's like having a set of instructions on how to exchange information, similar to how we
use traffic lights to manage communication on the road.
Different protocols for different purposes: Just like spoken languages have different dialects for
specific situations, there are various protocols for varied tasks. Some excel in reliable data transfer
(TCP), while others prioritize speed (UDP), and some like HTTPS handle secure communication.

IE2012 | SNP | Ms. Dinithi Pandithage
3.1 HTTP

Stands for ‘Hyper Text Transfer Protocol’ and is probably the most widely used protocol in the world
today
It’s the protocol used to view web pages on the internet
In standard HTTP, all the information is sent in clear text. Hence, all the information that is
exchanged between the client machine and the web server, is vulnerable to any middleman who wants
to read it.
Passwords, credit card information

IE2012 | SNP | Ms. Dinithi Pandithage
 3.2 HTTPS
Stands for ‘Secure Hyper Text Transfer Protocol’, and this is nothing more than http with a security
feature.
HTTPS encrypts the data that is being retrieved by HTTP and ensures all the information transferred over
the internet between computers and servers is by making the data impossible to read.
Uses encryption algorithms to scramble the data that is being transferred.

IE2012 | SNP | Ms. Dinithi Pandithage
3.2 HTTPS
HTTPS protects the data by using one of the two following protocols :
SSL
TLS

IE2012 | SNP | Ms. Dinithi Pandithage
3.3 SSL

‘Secure Socket Layer’ is a protocol that’s used to ensure security over the internet.
Uses public key encryption to secure data.
Uses an SSL certificate ; it’s a digital certificate that’s used to authenticate the identity of a website. It
gives an idea if the website you are visiting is trustworthy or not.

IE2012 | SNP | Ms. Dinithi Pandithage
3.3 SSL
1 2

3 4

IE2012 | SNP | Ms. Dinithi Pandithage
3.4 TLS

‘Transport Layer Security’ is the latest industry standard cryptographic protocol
The successor to SSL
Based on the same specifications as SSL
Authenticates the server, client and encrypts the data

IE2012 | SNP | Ms. Dinithi Pandithage
3.4 TLS

IE2012 | SNP | Ms. Dinithi Pandithage
IE2061 - Operating Systems and System Administration

End of Lecture 04