e-business ppt ids.vpn.pki2.pptx
Post on 02-Jun-2018
219 Views
Preview:
TRANSCRIPT
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
1/38
IDS,VPNs & PKI
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
2/38
Intrusion detection
system (IDS)
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
3/38
Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your
system.
Intruders may be from outside the network orlegitimate users of the network.
Intrusion can be a physical, system or remoteintrusion.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
4/38
Different ways to intrude Buffer overflows:Almost all the security holes you read about in the press
are due to this problem. A typical example is a programmer who sets aside 256
characters to hold a login username. Surely, the programmer thinks, nobodywill ever have a name longer than that. But a hacker thinks, what happens if Ienter in a false username longer than that? Where do the additionalcharacters go? If they hackers do the job just right, they can send 300characters, including code that will be executed by the server, and voila,they've broken in. Hackers find these bugs in several ways. First of all, thesource code for a lot of services is available on the net. Hackers routinely lookthrough this code searching for programs that have buffer overflow problems.Secondly, hackers may look at the programs themselves to see if such aproblem exists, though reading assembly output is really difficult. Thirdly,hackers will examine every place the program has input and try to overflow itwith random data. If the program crashes, there is a good chance thatcarefully constructed input will allow the hacker to break in. Note that thisproblem is common in programs written in C/C++, but rare in programswritten in Java.
Unhandled input: Most programs are written to handle valid input. Mostprogrammers do not consider what happens when somebody enters inputthat doesn't match the specification.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
5/38
Unexpected combinations: Programs are usually constructed using many layers ofcode, including the underlying operating system as the bottom most layer. Intruders canoften send input that is meaningless to one layer, but meaningful to another layer. Themost common language for processing user input on the web is PERL. Programs written inPERL will usually send this input to other programs for further evaluation. A common
hacking technique would be to enter something like "| mail < /etc/passwd". This getsexecuted because PERL asks the operating system to launch an additional program withthat input. However, the operating system intercepts the pipe '|' character and launches the'mail' program as well, which causes the password file to be emailed to the intruder.
Race conditions:Most systems today are "multitasking/multithreaded". This means
that they can execute more than one program at a time. There is a danger if two programsneed to access the same data at the same time. Imagine two programs, A and B, who needto modify the same file. In order to modify a file, each program must first read the file intomemory, change the contents in memory, then copy the memory back out into the file. Therace condition occurs when program A reads the file into memory, then makes the change.However, before A gets to write the file, program B steps in and does the fullread/modify/write on the file. Now program A writes its copy back out to the file. Since
program A started with a copy before B made its changes, all of B's changes will be lost.Since you need to get the sequence of events in just the right order, race conditions are veryrare. Intruders usually have to tries thousands of time before they get it right, and hackinto the system.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
6/38
Intrusion Detection Systems (IDS) Intrusion Detection Systems look for attack
signatures, which are specific patterns that usuallyindicate malicious or suspicious intent.
Different ways of classifying an IDS
IDS based on
anomaly detection
signature based misuse host based
network based
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
7/38
1.Anomaly based IDS This IDS models the normal usage of the network as a
noise characterization.
Anything distinct from the noise is assumed to be anintrusion activity.
E.g flooding a host with lots of packet.
The primary strength is its ability to recognize novel
attacks.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
8/38
Drawbacks of Anomaly detection
IDSAssumes that intrusions will be accompanied by
manifestations that are sufficiently unusual so as topermit detection.
These generate many false alarms and hencecompromise the effectiveness of the IDS.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
9/38
2. Signature based IDS This IDS possess an attacked description that can be matched to
sensed attack manifestations. The question of what information is relevant to an IDS depends
upon what it is trying to detect. E.g DNS, FTP etc.
ID system is programmed to interpret a certain series of packets,or a certain piece of data contained in those packets,as an attack.For example, an IDS that watches web servers might beprogrammed to look for the string phf as an indicator of a CGIprogram attack.
Most signature analysis systems are based off of simple patternmatching algorithms. In most cases, the IDS simply looks for asub string within a stream of data carried by network packets.
When it finds this sub string (for example, the `phf'' in ``GET/cgi-bin/phf?''), it identifies those network packets as vehicles ofan attack.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
10/38
Drawbacks of Signature based IDS They are unable to detect novel attacks.
Suffer from false alarms
Have to programmed again for every new pattern to bedetected.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
11/38
3. Host/Applications based IDS The host operating system or the application logs in
the audit information.
These audit information includes events like the use of
identification and authentication mechanisms (loginsetc.) , file opens and program executions, adminactivities etc.
This audit is then analyzed to detect trails of intrusion.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
12/38
Drawbacks of the host based IDS The kind of information needed to be logged inis a matter of experience.
Unselective logging of messages may greatly
increase the audit and analysis burdens. Selective logging runs the risk that attack
manifestations could be missed.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
13/38
Strengths of the host based IDSAttack verification
System specific activity
Encrypted and switch environments Monitoring key components
Near Real-Time detection and response.
No additional hardware
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
14/38
Stack based IDS They are integrated closely with the TCP/IP stack,
allowing packets to be watched as they traverse theirway up the OSI layers.
This allows the IDS to pull the packets from the stackbefore the OS or the application have a chance toprocess the packets.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
15/38
4. Network based IDS This IDS looks for attack signatures in network traffic
via a promiscuous interface.
A filter is usually applied to determine which trafficwill be discarded or passed on to an attack recognitionmodule. This helps to filter out known un-malicioustraffic.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
16/38
Strengths of Network based IDS Cost of ownership reduced
Packet analysis
Evidence removal Real time detection and response
Malicious intent detection
Complement and verification
Operating system independence
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
17/38
Future of IDS To integrate the network and host based IDS for better
detection.
Developing IDS schemes for detecting novel attacksrather than individual instantiations.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
18/38
Virtual private network(VPN)
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
19/38
Traditional Connectivity
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
20/38
What is VPN?Virtual Private Network is a type of private network
that uses public telecommunication, such as theInternet, instead of leased lines to communicate.
Became popular as more employees worked in remotelocations.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
21/38
What Makes a VPN?A well-designed VPN can greatly benefit a company. For example,it can:
Extend geographic connectivity
Improve security Reduce operational costs versus traditional VAN
Reduce transit time and transportation costs for remote users
Improve productivity
Simplify network topology
Provide global networking opportunities
Provide telecommuter support
Provide broadband networking compatibility
Provide faster ROI (return on investment) than traditional WAN
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
22/38
Private Networks v/s.
Virtual Private NetworksEmployees can access the network (Intranet) from
remote locations.
Secured networks.
The Internet is used as the backbone for VPNs
Saves cost tremendously from reduction of equipmentand maintenance costs.
Scalability
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
23/38
Three types of VPN:
(From Gartner Consulting)
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
24/38
Brief Overview of How it WorksTwo connections one is made to the Internet and the
second is made to the VPN.
Datagrams contains data, destination and source
information.Firewalls VPNs allow authorized users to pass
through the firewalls.
Protocols protocols create the VPN tunnels.
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
25/38
Four Critical FunctionsAuthentication validates that the data was sent from
the sender.
Access control limiting unauthorized users from
accessing the network.Confidentiality preventing the data to be read or
copied as the data is being transported.
Data Integrity ensuring that the data has not been
altered
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
26/38
Four Protocols used in VPNPPTP -- Point-to-Point Tunneling Protocol
L2TP -- Layer 2 Tunneling Protocol
IPsec -- Internet Protocol Security
SOCKS is not used as much as the ones above
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
27/38
VPN Encapsulation of Packets
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
28/38
Virtual Private Networks (VPN)Basic Architecture
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
29/38
Advantages: Cost Savings Eliminating the need for expensive long-distance
leased lines
Reducing the long-distance telephone charges forremote access.
Transferring the support burden to the serviceproviders
Operational costs
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
30/38
Advantages: ScalabilityFlexibility of growth
Efficiency with broadband technology
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
31/38
DisadvantagesVPNs require an in-depth understanding of publicnetwork security issues and proper deployment ofprecautions
Availability and performance depends on factorslargely outside of their control
Immature standards
VPNs need to accommodate protocols other than IPand existing internal network technology
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
32/38
Applications: Site-to-Site VPNsLarge-scale encryptionbetween multiple fixedsites such as remoteoffices and central offices
Network traffic is sentover the branch officeInternet connection
This saves the companyhardware andmanagement expenses
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
33/38
-
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
34/38
PKI A PKI (public key infrastructure) enables users of abasically unsecure public network such as the Internet tosecurely and privately exchange data and money throughthe use of a public and a private cryptographic key pair that
is obtained and shared through a trusted authority. The public keyinfrastructure provides for a digital
certificatethat can identify an individual or anorganization and directory services that can store and,
when necessary, revoke the certificates. Although the
components of a PKI are generally understood, a number ofdifferent vendor approaches and services are emerging.Meanwhile, an Internet standard for PKI is being workedon.
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212845,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212845,00.html -
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
35/38
A public key infrastructure consists of: A certificate authority (CA) that issues and verifies digital
certificate. A certificate includes the public key or informationabout the public key
A registration authority (RA) that acts as the verifier for thecertificate authority before a digital certificate is issued to arequestor
One or more directories where the certificates (with their publickeys) are held
A certificate management system
ow u c an r va e ey
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214245,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214245,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.html -
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
36/38
ow u c an r va e eyCryptography Works In public key cryptography, a public and private key are
created simultaneously usingthe same algorithm(a
popular one is known as RSA) by a certificate authority(CA). The private key is given only to the requesting partyand the public key is made publicly available (as part of adigital certificate) in a directory that all parties can access.The private key is never shared with anyone or sent acrossthe Internet. You use the private key to decrypt text that
has been encrypted with your public key by someone else(who can find out what your public key is from a publicdirectory). Thus, if I send you a message, I can find out
your public key (but not your private key) from a centraladministrator and encrypt a message to you using yourpublic key. When you receive it, you decrypt it with your
private key. In addition to encrypting messages (whichensures privacy), you can authenticate yourself to me (so Iknow that it is really you whosent the message) by using
your private key to encrypt a digital certificate. When Ireceive it, I can use your public key to decrypt it.
http://whatis.techtarget.com/definition/0,,sid9_gci211545,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.htmlhttp://whatis.techtarget.com/definition/0,,sid9_gci211545,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.htmlhttp://whatis.techtarget.com/definition/0,,sid9_gci211545,00.html -
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
37/38
Who Provides the Infrastructure A number of products are offered that enable a company or group of
companies to implement a PKI. The acceleration of e-commerceand
business-to-business commerce over the Internet has increased thedemand for PKI solutions. Related ideas are the virtual private network(VPN) and the IP Security (IPsec) standard. Among PKI leaders are:
RSA, which has developed the main algorithms used by PKI vendors Verisign, which acts as a certificate authority and sells software that
allows a company to create its own certificate authorities GTE CyberTrust, which provides a PKI implementation methodology
and consultation service that it plans to vend to other companies for afixed price Xcert, whose Web Sentry product that checks the revocation status of
certificates on a server, using the Online Certificate Status Protocol(OCSP)
Netscape, whose Directory Server product is said to support 50 millionobjects and process 5,000 queries a second; Secure E-Commerce, which
allows a company or extranetmanager to manage digital certificates;and Meta-Directory, which can connect all corporate directories into asingle directory for security management
http://searchcio.techtarget.com/sDefinition/0,,sid19_gci212029,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid19_gci212029,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213324,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214037,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213324,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214037,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212089,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212089,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212089,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214037,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213324,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid19_gci212029,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid19_gci212029,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid19_gci212029,00.html -
8/10/2019 E-Business PPT IDS.VPN.PKI2.pptx
38/38
top related