Lecture 9 Network Security - Part 2_v1_Part1.pdf
Transcript
Network Security Part 2 Dr Vicky Liu [email protected] Outline • Network Security Overview and Policies • Security controls – – – – – Authentication/authorization/auditing (AAA) Encryption Virtual private network (VPN) Firewall Intrusion Detection system and Intrusion Prevention system (IDS/IPS)...
Network Security Part 2 Dr Vicky Liu [email protected] Outline • Network Security Overview and Policies • Security controls – – – – – Authentication/authorization/auditing (AAA) Encryption Virtual private network (VPN) Firewall Intrusion Detection system and Intrusion Prevention system (IDS/IPS) Network Security Overview and Policies • Security policies provide direction on which a control framework can be built to secure the organization’s data/assets against external and internal threats. • A company that can demonstrate its information systems are secure is more likely to attract customers, partners, and investors Network Security Policy • Network security policy – A document that describes the rules governing access to a company’s information resources, enforcement of these rules, and steps taken if rules are breached. The CIA Triad • Confidentiality – Ensuring that the protection of information assets and networks from unauthorized users • Integrity – Ensuring that the modification of information assets is managed in an authorized manner • Availability – Ensuring continuous access to information assets and networks by authorized users Determining Elements of a Network Security Policy (1 of 2) • Access control policy – Specifies how and when users are allowed to access network resources • Privacy policy – Describes what staff, customers, and business partners can expect for monitoring and reporting network use • Acceptable use policy – what purposes network resources can be used – what constitutes proper or improper use of network resources Determining Elements of a Network Security Policy (2 of 2) • Access control policy – Specifies how and when users are allowed to access network resources • Auditing policy – Explains the manner in which security compliance or violations can be verified and the consequences for violations To learn more about security policies and see a list of templates for different types of policies, refer to the System Administration, Networking, and Security (SANS) Institute Website https://www.sans.org/information-security-policy/ Types of Security Control • Administrative control – It refers to policies/procedures/guidelines that define personnel or business practices based on the organization's security goals. • Physical control – It relates to any tangible that is used to prevent/detect unauthorised access to physical areas/systems/assets • Technical control – It includes HW/SW mechanisms used to protect assets Outline • Network Security Overview and Policies • Security mechanisms – – – – – Authentication/authorization/auditing (AAA) Encryption Virtual private network (VPN) Firewall Intrusion Detection system and Intrusion Prevention system (IDS/IPS) Authentication • Authentication is a process that verifies that someone is who they claim they are • Multifactor authentication requires a user to supply two or more types of authentication drawn from these credential categories: – Knowledge: what the user knows e.g. username/password – Possession: what the user has e.g. smart card or key – Inherence: what the user is e.g. fingerprint, retina scan, or voice pattern Authorisation • Authorization is to delegate what users can do after they are logged on to the system • Access Control = Authentication and Authorisation • Access control‖ refers to a set of rules that specify which users can access what resources with which types of access restrictions. • Operating systems, network control systems, and database management systems (DBMS) can employ a choice of access control mechanisms to allow a user/process to access the protected resources. Auditing • Auditing consists of logging security-related events. • Auditing maintains evidence of attempts to compromise the security controls • Auditing can be used to determine abnormal behaviour and potentially detect system or network intrusion attacks Outline • Network Security Overview and Policies • Network Security controls – – – – – Authentication/authorization/auditing (AAA) Encryption Virtual private network (VPN) Firewall Intrusion Detection system and Intrusion Prevention system (IDS/IPS) Encryption • Encryption is commonly used to protect data in transit and data at rest. • Encryption is the process of encoding and decoding data • Encryption mechanisms can be used to achieve data confidentiality and integrity against – Forgery – Repudiation – Eavesdropping Basic Encryption/Decryption Techniques • Cryptography – study of creating and using encryption and decryption techniques • Plaintext – data before any encryption has been performed • Ciphertext – data after encryption has been performed • Key – The unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext Securing Data with Encryption • Encryption – Prevents eavesdropping • Digital signature – Digital signature is based the use of public key cryptography for authenticity and data integrity Cryptography • Symmetric cryptography – Use the same key to encrypt and decrypt the message – Confidentiality • Asymmetric (public key) cryptography – – – – The private key is kept confidential The public key is published in a public directory. Infeasible to deduce from one key to the other Confidentiality, authentication, integrity and nonrepudiation Public Key Encryption/Decryption • To achieve confidentiality, the sender encrypts the messages with the receiver’s public key and then the receiver decrypts the received message with its own private key Plaintext Encryption Algorithm Ciphertext Receiver's Public Key (Everybody knows) Decryption Algorithm Plaintext Receiver's Private Key (only the Receiver knows) Digital Signatures • A digital signature is can be used to verify the authenticity and integrity of a message. • A digital signature is achieved by using public key cryptography techniques with cryptographic hash functions. • A hash function is an algorithm that computes a fixed-size bit string value from an input message/file. – A hash output is called a digital fingerprint or message authentication code (MAC). Digital signature generation • A document (Doc) is placed to a hash function to generate a MAC (M). • The MAC (M) is encoded with the signer’s private key to become a digital signature. • The document, the digital signature and signer’s pubic key certificate are sent to the recipient (verifier). Digital signature verification • Upon the reception of the document, digital signature and signer’s public key certificate • The verifier uses the same hash function to generate the MAC (M’) from the received document • The verifier decodes the digital signature with signer’s public key (M) • If M=M’, then the received document has not been altered in transit and that it is from the signer. Generate/Verify Digital Signature Signer Public Key (Everybody knows) Signer Private Key (Only the signer knows) Public Key Certificate Signer Signing Algorithm (Hash Function) Signer Private and Public keys Signed Document Verifying Algorithm (Hash Function) {Hash(Document)}sign_pri_signer + document + Signer’s public_key_certificate Output Compare Verifier Use the signer’s public to verify the received signature and document If Hash(received_Document)} = Hash(Document), the message has not been altered in transit and that it is from the signer Necessity of a PKI • The victim, Alice, sends a signed to the recipient, Bob. • The attacker, Carol, substitutes her public key for Alice’s public key after intercepting the transmission. • Carol also altered the contents of the document and signed the document with her own private key before sending the signed document to Bob. • When Bob receives the signed document, he uses what he thinks is Alice’s public key to verify Alice’s digital signature. An independent trusted third party (CA) is needed to attest that each individual public key is associated with a particular party. Signature Stripping attack Public Key Infrastructure (PKI) • PKI – The total of the organizations, systems (hardware and software), personnel, processes, policies, and agreements that enable secure, efficient discovery of public keys. • Certification authority (CA) – To issue a digital certificate to attest to the binding between a particular entity and its public key – To digitally sign the certificate with its own private key. PKI (continued) • A digital certificate – binds a public key with key owner’s identity by the issuing CA – contains • key owner’s identity and public key • information affixed by the CA, such as – issuer, validity, serial number • CA’s signature Certificate Example Outline • Network Security Overview and Policies • Network Security mechanisms – – – – – Authentication/authorization/auditing (AAA) Encryption Virtual private network (VPN) Firewall Intrusion Detection system and Intrusion Prevention system (IDS/IPS)
