NETE4630 1

NETE4630 Advanced Network Security

and Implementation

Supakorn Kungpisdansupakorn@mut.ac.th

NETE46302

Course Descriptions

• Lecture: Sunday 12.30PM-3.30PM• Lab: Sunday 3.30PM-6.30PM

• Textbooks– M. Gregg et al., Hack the Stack: Using SNORT and

Ethereal to Master the 8 Layers of An Insecure Network, Syngress, 2006, ISBN 1-59749-109-8

• http://www.msit.mut.ac.th/

NETE46303

Course Information (cont’d)

• Evaluation– Quizzes 20%– Assignment 10%– Project 30%– Final exam 40%

NETE46304

Course Outline

1. Extending OSI to Network Security2. Securing Physical Layer3. Securing Data Link Layer4. Securing Network Layer5. Securing Transport Layer6. Securing Session Layer7. Securing Presentation Layer8. Presentation#19. Securing Application Layer10. Securing People Layer11. Cryptanalysis12. Advanced Cryptographic Protocols13. Advanced Topic#1: Mobile Payments14. Advanced topic#2: Access Controls and Authentication15. Presentation#2

NETE4630 5

Extending OSI to Network Security

Lecture 1Supakorn Kungpisdan

supakorn@mut.ac.th

NETE46306

Roadmap

• OSI and People Layer

• Common Stack Attacks

• Mapping OSI to TCP/IP

• Current State of IT Security

NETE46307

OSI Security

NETE46308

Roadmap

• OSI and People Layer

• Common Stack Attacks

• Mapping OSI to TCP/IP

• Current State of IT Security

NETE46309

People Layer

• Social Engineering Attacks• Dumpster Diving• Attacks usually takes on one of the following angles:

– Diffusion of Responsibility: I know the policy is not to give out passwords, but I will take responsibility for this

– Identification: We both work for the same company; this benefits everyone

– Chance for Ingratiation: This is a win-win situation. The company is going to reward you for helping me in this difficult situation

– Trust Relationships: Although I am new here, I am sure I have seen you in the break room

– Cooperation: Together we can get this done– Authority: I know what the policy is; I drafted those policies and

I have the right to change them

NETE463010

Application Layer

• Traditional network applications are vulnerable to several attacks:– FTP: sniffing cleartext passwords– Telnet: sniffing cleartext passwords– SMTP: spoofing and spamming– DNS: DNS poisoning– TFTP: lack of session management and

authentication– HTTP: stateless connection– SNMP: community strings are passed in cleartext and

default community strings are well-known

NETE463011

Session Layer

• Windows NT LanMan (NTLM) authentication system has a weak encryption (NTLM password can be cracked in less than 1 second)

• To create an NTLM password: 1. Password is stored in uppercase2. Pad the password to 14 characters3. Divided into seven character parts and hash them4. Concatenate two hash values and store as a LAN

Manager (LM) hash, which is stored in the SAM.• Session hijacking

NETE463012

Session Layer (cont.)

• NetBIOS allows applications of different systems to communicate through the LAN

• Hosts using NetBIOS systems identify themselves using a 15-character unique name.

• NetBIOS is used in conjunction with SMB, which allows for the remote access of shared directories and files.

• It also givers attackers the ability to enumerate systems and gather sue names and accounts, and share information

• Almost every script kiddie and juniour league hacker has exploited the net use command

NETE463013

Transport Layer

• UDP is connectionless; it is vulnerable to DoS and easy to spoof

• TCP allows hackers to gather information about targets– From illegal flag settings, NULL and XMAS, to SYN

and RST, TCP helps attackers identify services and operating systems

NETE463014

Network Layer

• IPv4 has no security services built in• Vulnerable to various attacks:

– Source routing– DoS– Idle scan (or IPID scan)– Smurf Dos attack on ICMP protocol– Convert channel on ICMP protocol using Loki

• IPSec is now a component of IPv6

NETE463015

Data Link Layer

• Address Resolution Protocol (ARP) resolves logical to physical addresses

• Vulnerable to ARP Poisoning and passive sniffing

NETE463016

Physical Layer

• An open port in the conference room, or an unused office could be the foothold needed to breach the network or gain access to a server

• If someone gains physical access to an item, they can control it.

NETE463017

Stack Attacks and Vulnerabilities

NETE463018

Countermeasure Found in Each Layer

• Virus Scanners• PGP• S/MIME• Privacy Enhanced Mail (PEM)• SSH• SET• Terminal Access Controller

Access Control System (TACACS)

• Kerberos• SSL and TLS• Windows Sockets (SOCKS)

• Secure RPC (S/RPC)• IPSec• PPTP• Challenge Handshake

Authentication Protocol (CHAP)

• Wired Equivalent Privacy (WEP)

• Wi-Fi Protected Access (WPA)• Packet Filters• NAT• Fiber Cable• Secure Coding

NETE463019

Roadmap

• OSI and People Layer

• Common Stack Attacks

• Mapping OSI to TCP/IP

• Current State of IT Security

NETE463020

Physical Security

• Egyptians used locks more than 2,000 years ago. It the information is important, it was carved in stone or later written on paper

• The loss of information usually meant the loss of critical assets, because knowledge is power

• Even when information was not in transit, many levels of protection were typically used to protect it– including guards, walls, dogs, motes, and fences

NETE463021

Communications Security

• A means of communication security was found in the discovery of encryption– Skytale– ATBASH

• In the ninth century, Abu al-Kindi published “A Manuscript on Deciphering Cryptographic Messages”

• National Security Agency (NSA) became involved at the beginning of the twentieth century

• William Frederick Friedman, on of the best cryptologists of all time, helped break Japanese cryptographic schemes

NETE463022

Signal Security

• Coreless phone had no security. It is easy to intercept conversation

• Early cell phones were also easily intercepted• TEMPEST program, a US-led initiative designed

to develop shielding for equipment to make it less vulnerable to signal theft

• Spread Spectrum technology improves security and reliability– Direct-sequence Spread Spectrum (DSSS)– Frequency-hopping Spread Spectrum (FHSS)

NETE463023

Computer Security

• Computer Security is focused on secure computer operations

• A number of access control models:– Bell LaPadula model was designed to protect

confidentiality of information– Clark Wilson model was the first integrity

model• Separation of Duties: subjects must access data

through an application, and auditing is required

NETE463024

Computer Security (cont.)

• Trusted Computing System Evaluation Criteria (TCSEC) known as “Orange Book” defines confidentiality of computer systems according to the following scales:– A: Verified Protection: The highest security division– B: Mandatory Security: Has mandatory protection of

the TCB– C: Discretionary Protection: Provides discretionary

protection of the TCB– D: Minimal Protection: Failed to meet any of the

standards of A, B, or C; has to security controls

NETE463025

Network Security

• Need for network security was highlighted by the highly successful attacks e.g. Nimda, CodeRed, and SQL Slammer

• Such exploits highlight the need for better network security

• Several tools have been deployed to prevent such attacks

NETE463026

Information Security

• Only physical security, communication security, signal security, compute security, and network security are not enough to solve all security risks

• Only when combined together and examined from the point of information security can we start to build a complete picture.

NETE463027

Information Security (cont.)

• It also requires – senior management support, – good security policies, – risk managements, – employee training, – vulnerability testing, – patch management, – good code design, and so on

NETE463028

Vulnerability Testing

• Vulnerability Testing includes a systematic examination of an organization’s network, policies, and security controls

• The purpose is to – determine the adequacy of security measures, – identify security deficiencies, – provide data from which to predict the effectiveness

of potential security measures, – confirm the adequacy of such measures after

implementation

NETE463029

Security Testing

• Security Audits

• Vulnerability Scanning

• Ethical Hacks (Penetration Testing)

• Stolen Equipment Attack

• Physical Entry

• Signal Security Attack

• Social Engineering Attack

NETE463030

Security Testing (cont.)

• Open Source Security Testing Methodology Manual (OSSTMM) divides security reviews into six key points:– Physical Security– Internet Security– Information Security– Wireless Security– Communications Security– Social Engineering

NETE463031

Finding and Reporting Vulnerabilities

• During security testing, it is necessary to keep management know about it. Do not let them know at the completion of the testing

• Need to report findings before developing a final report• Focus on what is found and its potential impact, not on

its solutions• People don’t like to hear about problems• www.cert.org has developed a way to report

anonymously at www.cert.org/reporting/vulnerability_form.txt

NETE4630 32

Question?

Next week

Physical Layer Security