cs 5950/6030 network security class 35 (m, 11/21/05) leszek lilien department of computer science...

CS 5950/6030 Network SecurityClass 35 (M, 11/21/05)

Leszek LilienDepartment of Computer Science

Western Michigan University

Based on Security in Computing. Third Edition by Pfleeger and Pfleeger.Using some slides (as indicated) courtesy of:Prof. Aaron Striegel — at U. of Notre Dame

Prof. Barbara Endicott-Popovsky and Prof. Deborah Frincke — at U. WashingtonProf. Jussipekka Leiwo — at Vrije Universiteit (Free U.), Amsterdam, The

Netherlands

Slides not created by the above authors are © by Leszek T. Lilien, 2005Requests to use original slides for non-profit purposes will be gladly granted upon a written

request.

2

7. Security in Networks...

7.3. Networks Security Controls...

7.4. Network Security Tools 7.4.1. Firewalls

a) Introductionb) What is a firewall c) Firewall designd) Types of firewallse) Comparison of firewall typesf) Example firewall configurationsg) What firewalls can—and can’t—block

© by Leszek T. Lilien, 2005

Class 34

3

7.4.1. Firewalls Outline

a) Introductionb) What is a firewall c) Firewall designd) Types of firewalls

i. Packet filters(i-1) Simple packet filters(i-2) Stateful packet filters

ii. Application proxies(ii-1) Guards (“top model” subcategory)

iii. Personal firewallse) Comparison of firewall typesf) Example firewall configurationsg) What firewalls can—and can’t—block


4

End of Class 34


5

7. Security in Networks...

7.3. Networks Security Controls...

7.4. Network Security Tools 7.4.1. Firewalls

...

7.4.2. Intrusion Detection Systemsa) Introductionb) Types of IDSs

i. Signature-based IDSsii. Anomaly-based IDSsiii. Other IDSs

c) Goals for IDSsd) IDS strengths and limitations

7.4.3. Secure E-Maila) Introductionb) Security for e-mailc) Design of PEM (Privacy-enhanced Electronic Mail)d) Example secure e-mail systems

i. PGPii. S/MIME


Class 34

Class 35

6

7.4.2. Intrusion Detection Systems

Outlinea) Introductionb) Types of IDSs

i. Signature-based IDSsii. Anomaly-based IDSsiii. Other IDSs

c) Goals for IDSsd) IDS strengths and limitations


7

a. Introduction (1) It is better to prevent attack than to detect it after it

succeedsUnfortunately, not all attacks can be prevented

Some attackers become intruders — succeed in breaking defenses

Intrusion prevention — first line of defenseIntrusion detection — second line of defense

Intrusion detection system (IDS) - a device (typically a seprate computer) monitoring system activities to detect malicious / suspicious events

IDSs attempt to detect Outsiders breaking into a systemOR Insiders (legitimate users) performing illegitimate

actions Accidentally OR deliberately


8

Introduction (2)

IDS runs constantly in the background Alarms when it detects something suspicious

We’ll be talking only about real-time IDSs Ignoring off-line IDSs (early IDSs reviewed logs after th fact)

IDS should operate in stealth mode — be invisible to outside world

IDS interfaces (cf. Fig. 7-43, p.471)

1) Alarm interface through which raises alarm On a completely separate control network

2) Monitoring interface to protected (sub)network Never sends msgs on this interface! Preferably, IDS has no published address

through the monitored=> router does not even know IDS platform exists=> router can not send anything to IDS

directly© by Leszek T. Lilien, 2005

9

Introduction (3)

IDS terminology Anomaly — abnormal behavior Misuse — activity that violates the

security policy(subset of “anomaly”)

Intrusion — misuse by outsiders and insiders

Audit — activity of looking at user/system behavior, its effects, or collected data

Profiling — looking at users or systems to determine what they usually do


10

---[OPTIONAL]--- Introduction (4)

Superset of IDS functions Monitoring users and system activity Auditing system configuration for vulnerabilities

& misconfigurations Assessing integrity of critical system and app

files Recognizing known attack patterns Identifying abnormal activities through statistical

analysis Managing audit trails (logs) and highlighting

misuses or anomalies in user activities Correcting system config errors Installing & operating traps (honeypots) to learn

about intruders


11

b. Types of IDSs (1) IDS types w.r.t. scope:

Host-based Runs on a host Monitors activities on this host only

Network-based Stand–alone device Monitors entire (sub)network

IDS types w.r.t. operationi. Signature-based IDSsii. Anomaly-based IDSs (heuristic IDSs)

(ii-1) Misuse intrusion detectioniii. Other IDS types


12

Types of IDSs (2)

i. Signature-based IDS Looks for unacceptable system activities (attack)

Each known attack characterized by its „signature” (pattern)

To detect attack, matches current activities to known attack signatures

Even attack with signature „similar” to signature of a known attack can be detected

Example signature for port scan attack Syn to port 80 Syn to port 25 Syn to port 161 ...


13

Types of IDSs (3)

Problems with signature-based IDSs(1) Can not detect attack with unknown signature

Must know (exact or very similar) attack signature to detect attack

(2) Attacker can „pad” attack with packets that break known signature into unknown patterns

(3) False alarms occur When legitimate data accidentally match

attack signature

Solution to (1) and (2): anomaly-based IDSs


14

Types of IDSs (4)

ii. Anomaly-based IDS (heuristic IDS) Uses model of acceptable user behavior

Recall that signature-based IDS uses models (signatures) of unacceptable system activities (system behavior)

Watches user activities Watches for deviations from model behavior

Raises alarm upon detection of suspicious behavior If false alarm, admin can „teach” IDS to accept

such behavior in the future


15

Types of IDSs (5)

Example model of acceptable user’s behavior Logs in Reads e-mail User word processor ...

Note: Use of sensitive system management utilities

would be a deviation from the model of acceptable user’s behavior


16

Types of IDSs (6)

(ii-1) Misuse IDS — can be considered a subset of anomaly detection (since misuse is a subset of anomaly – see above)

Uses model of unacceptable user behavior Recall that „regular” anomaly-based IDS uses models

of acceptable user behavior Recall that signature-based IDS uses models

(signatures) of unacceptable system activities (system behavior) Could misuse IDS be considered a variation of

signature-based IDS?

Example model of unacceptable user’s behavior Attempt to copy pwd file Attempt to open pwd file ...


17

Types of IDSs (7)

iii. Other IDSs E.g., hybrid IDSs (combining signature- and

anomaly-based IDSs), immune-system-based IDSs

---[OPTIONAL]--- Under more liberal definiton of IDS, the following are called IDSs:

Tripwire program — cf. p. 471 Produces hash value for each file when installed,

values saved in secure place Later can be called to verify that file was not

compromised Vulnerability scanners Honeypots


18

c. Goals for IDSs (1) IDS goals

1) Detect all attacks correctly Avoid false positives (false alarms)

False alarms annoy sysadmins, users, ... Avoid false negatives (not recognizing attacks)

2) Little overhead / performance impacts

Range of IDS alarms Write a record to audit log ... Page security administrator


Urgency

19

Goals for IDSs (2)

Categories of IDS responses1) Monitor, collect data, collect more data

For attacks with modest impact Invisible to attacker Can be used to study attacker’s actions (like

honeypot)

2) Protect, reduce exposure E.g., making certain files unavailable to any access May be very visible to attacker

3) Call a human For attacks with highest impact potential Calling a human preceded by some automatic

actions Since humans take very long time (compared to computer

time) to respond

Any combination of (1), (2) , (3) into single response is possible


20

d. IDS strengths and limitations IDS strengths

Becoming more effective (e.g., DBs of attack signatures grow)

Becoming cheaper Becoming easier to administer

IDS limitations Attackers use avoidance strategies to avoid

detection by IDS IDS sensitivity is difficult to measure and adjust

Must strike a balance false alarms and missing attacks Only as good as the process/people using it


21

7.4.3. Secure E-Mail Outline

a) Introductionb) Security for e-mailc) Design of PEM (Privacy-enhanced Electronic Mail)d) Example secure e-mail systems

i. PGPii. S/MIME


22

a. Introduction E-mail is the most heavily used network-based

applicationYet, ordinary email is very public, exposedIt has no C / I (confid./integ)

Unencrypted message contents can be peeked at either in transit or by privileged users at destination host


23

b. Security for e-mail (1) Threats to e-mail Controls

Msg interception (confidentiality) encryption Msg interception (blocked delivery) no S/R controls Msg interception+replay encryption (+seq.nr) Msg content modification encryption Msg origin modification encryption

Msg content forgery by outsider encryption Msg origin forgery by outsider encryption

Msg content forgery by recipient (R) publ.key encr. Msg origin forgery by recipient publ.key encr.

Repudiation (denial) by sender (S) publ.key encr.


24

Security for e-mail (2)

Secure e-mail requirements: Msg confidentiality (protection from disclosure)

Msg integrity (protection from modification) Sender authentication Non-repudiation (preventing denial by sender)

Not every msg requires all 4 capabilitiesbut all 4 needed to cover requirements of all kinds of msgs


25

c. Design of PEM (1) Standard for encrypted e-mail

Privacy-enhanced Electronic Mail (PEM) [Bishop-CS-A&S, p.286]

Developed by Internet Society (1985-1993)

One of design goals: Allowing PEM msgs travel as ordinary mail msgs

For legacy reasons Protection occurs within msg body

We’ll look in turn at:1) Confidentiality in PEM2) Other security features in PEM


26

Design of PEM (2)

1) Confidentiality in PEM Scenario: S sends msg M to R (using PEM)

S picks random symm.encr. key K (corr. to session key)

S creates new cleartext header [a] S encrypts K with KPUB-R: E(K, KPUB-R) [b]

Additionally, unprintable characters are converted into „regular” characters Since unprintable characters used as control signals by

e-mail handlers S encrypts M with K: E(M, K) [c]

Entire M, with original header is encrypted

=> Summarizing, „enveloping” msg sent by S to R is:

[a] = new „external” header (plaintext)

[b] = encrypted symm. key K

[c] = encrypted msg M


(cf. Fig. 7-44, p. 475)

27

---[OPTIONAL]--- Design of PEM (3)

Example of subfields within field [b]: (M = original msg)

Proc-Type:indicates applied privacy-enhancement services (e.g., „ENCRYPTED”)

DEK-Info: (DEK=data encipherment key, corr. to session key)

includes symmetric key K (used to encr. M)

ANDindicates kind of corresponding symmetric key encr. alg. (e.g., DES-CBC)

Actually not just K but whole field [b] (including K) is encrypted under KPUB-R,that is, E([b], KPUB-R )

Variant of PEM standard: Using only symmetric key encryption

Requires establishing common secret beforesending e-mail


28

Design of PEM(4)

2) Other security features in PEM PEM msgs always carry a digital signature in [b]

Provide S’s authentication & non-repudiation Hash within digital signature assures msg

integrity S can be anonymous in external header [a]

S’s identity encrypted in [c]

Multiple encryption algorithms are supported by PEM

„Unenhanced” & and PEM msgs can be mixed by sender at will


29

Design of PEM(5)

Problems with PEM Problem 1: key mgmt (as always with public key

exchange) Solution 1a: Using certificate scheme Solution 1b: Using PGP (to be discussed next)

Problem 2: endpoint vulnerability (S and R ends) Attacker penetrating S’s or R’s host can

subvert PEM code or install Trojan for leaking keys


30

d. Example secure e-mail systems (1)

Many encrypted e-mail systems exist (both academic and commercial)

Two popular encrypted e-mail systems:i. PGP (Pretty Good Privacy)ii. S/MIME


31

Example secure e-mail systems (2)

i. PGP (Pretty Good Privacy) Widely used, de facto secure email standard

Available on most operating systems Originally free Commercial versions available

Confidentiality — IDEA encryption (IDEA = International Data Encryption Algorithm; popular in Europe)

Integrity – RSA-encrypted MIC (Message Integrity Check/hash, MD5)

Authentication & non-repudiation – RSA-encrypted MIC

Uses common key distribution Trusted „introducers” used to validate keys No certification authority hierarchy needed


32


PGP in practice The application must be integrated into

existing email Each user has a keyring of known keys

Containing their own public and private keys (protected by a password)

Public keys given to you directly by a person Public keys signed by trusted introducers

Keys used for signing or encrypting messages to be sent and validate messages received


33


ii. S/MIME Internet standard for secure e-mail attachments Very much like PGP Principal difference: method of key exchange

PGP: user exchanging keys with all potential recipients Establishing ring of trusted recipients

S/MIME: uses hierarchically validated certificates for key exchange Usually in X.509 format=> S and R do not have to exchange keys in advance if have a common trusted certifier

Supports many ciphers, incl. DES, AES, RC2 Integrated into many commercial e-mail packages

=> likely to dominate the secure e-mail market© by Leszek T. Lilien, 2005

34

End of Class 35


cs 5950/6030 network security class 35 (m, 11/21/05) leszek lilien department of computer science...

Documents

idss cgoals

offline idss early idss

realtime idss

signaturebased idss

anomalybased idss

idss dids strengths

network security class

firewalls aintroduction