Network Security

Lecture 3

Presented by: Dr. Munam Ali Shah

 Summary of the previous lecture

Hackers and Attackers

Threats, Risks, Vulnerabilities and Attacks
Why is Security difficult to achieve
Threat Modelling and Risk Assessment
 Outlines
 Security tradeoffs
 Protection, Detection and Reaction
 How to Test Security
 Objectives

 To describe the security tradeoffs.

 To understand why is it difficult to achieve full security.

 To understand how different security tools be used.

 Why security is difficult to achieve?
 Security in computer systems – even harder:
 great complexity
 dependency on the Operating System,
File System, network, physical access etc.
 Software/system security is difficult to measure
 there are no security metrics
 How to test security?
 Deadline pressure
 Clients don’t demand security
 … and can’t sue a vendor
Threat Modeling and Risk Assessment
 Secure against what and from whom?
 who will be using the application?
 what does the user (and the admin) care about?
 where will the application run?
(on a local system as Administrator/root? An intranet
application? As a web service available to the public?
On a mobile phone?)
 what are you trying to protect and against whom?
 Steps to take
 Evaluate threats, risks and consequences
 Address the threats and mitigate the risks
 How much security?
 Total security is unachievable

 A trade-off: more security often means

 higher cost
 less convenience / productivity / functionality

 Security measures should be as invisible as possible

 cannot irritate users or slow down the software
(too much)
 example: forcing a password change everyday
 users will find a workaround, or just stop using it
 Choose security level relevant to your needs
 Testing Security
 Penetration Testing:
 Penetration test is a proactive and authorized attempt to
evaluate the security of an IT infrastructure by safely
attempting to exploit system vulnerabilities, including OS,
service and application flaws, improper configurations,
and even risky end-user behavior. Such assessments
are also useful in validating the efficacy of defensive
mechanisms, as well as end-users’ adherence to
security policies. –

 See more at: http://www.coresecurity.com/penetration-testing-

overview#sthash.B23EFh9Z.dpuf
 Penetration Testing Tools
Aircrak:

802.11 WEP and WPA-PSK keys cracking

program

Angry IP Scanner:
It scans IP addresses and ports as well as has
many other features. It is widely used by network
administrators

BackBox:
BackBox is an Ubuntu-based distribution
developed to perform penetration tests and
security assessments for desktop environments

More details on : https://www.concise-courses.com/hacking-tools/

 How to get secure?
 Protection, detection, reaction
 Know your enemy: types of attacks, typical tricks,
commonly exploited vulnerabilities
 Attackers don’t create security holes and
vulnerabilities
 they exploit existing ones
 Software security:
 Two main sources of software security holes:
architectural flaws and implementation bugs
 Think about security in all phases
of software development
 Follow standard software development procedures
 Protection, detection, reaction

An ounce of prevention is worth a pound of cure

 better to protect that to recover

Detection is necessary because total prevention

is impossible to achieve

Without some kind of reaction, detection is useless

 like a burglar alarm that no-one listens and responds
to
 Protection, detection, reaction

 Each and every of the three elements is very important

 Security solutions focus too often on prevention only
 (Network/Host) Intrusion Detection Systems –
tools for detecting network and system level attacks
 For some threats, detection (and therefore reaction)
is not possible, so strong protection is crucial
 example: eavesdropping on Internet transmission
Is a particular security measure good?

(Questions proposed by Bruce Schneier)

 What problem does it solve?
 whether it really solves the problem you have
 How well does it solve the problem?
 will it work as expected?
 What new problems does it add?
 it adds some for sure
 What are the economic and social costs?
 cost of implementation, lost functionality or
productivity
 Given the above, is it worth the costs?
 There is never a free lunch
 Means don’t go for free software, free wallpapers etc.
 No one is going to give you anything free
 Security through obscurity … ?
 Security through obscurity – hiding design
or implementation details to gain security:
 keeping secret not the key, but the encryption
algorithm,
 hiding a DB server under a name different from “db”, etc.
 The idea doesn’t work
 it’s difficult to keep secrets (e.g. source code gets stolen)
 if security of a system depends on one secret, then,
once it’s no longer a secret, the whole system is compromised
 secret algorithms, protocols etc. will not get reviewed  flaws
won’t be spotted and fixed  less security
 Systems should be secure by design, not by obfuscation

 Security AND obscurity

 Aspects of Security
 Security attack
Any action that compromises the security of information
owned by an organization.
 Security mechanism
A process that is designed to detect, prevent or
recover from a security attack.
 Security service
Services that enhances the security of the data processing
systems and the information transfers of an organization.
These services are intended to counter security attacks, and
they make use of one or more security mechanisms to
provide the service.
16
 OSI Security Architecture

  International Telecommunication Union (ITU-T)

recommends X.800, the security architecture for OSI
 Defines a systematic way of defining and providing
security requirements

17
 Security Attacks Classification

 Any action that compromises the security of information

owned by an organization
 Information security is about how to prevent attacks, or
failing that, to detect attacks
 Classification according to X.800
 Passive attack
 Active attack

18
 Passive attack
 Obtaining message content
 Traffic analysis

19
 Active attack
 Masquerade
 Replay previous messages
 Modify messages in transit
 Denial of service

20
 Security Service

 Enhance security of data processing systems and

information transfers of an organization
 Intended to counter security attacks
 Using one or more security mechanisms
 X.800 defines a security service as
“a service provided by a protocol layer of communicating
open systems, which ensures adequate security of the
systems or of data transfers”

21
 Protection
 In one protection model, computer consists of a
collection of objects, hardware or software

 Each object has a unique name and can be accessed

through a well-defined set of operations

 Protection problem - ensure that each object is accessed

correctly and only by those processes that are allowed to
do so
 Principles of Protection
 Guiding principle – principle of least privilege
 Programs, users and systems should be given just enough privileges to
perform their tasks
 Limits damage if entity has a bug, gets abused
 Can be static (during life of system, during life of process)
 Or dynamic (changed by process as needed) – domain switching, privilege
escalation
 “Need to know” a similar concept regarding access to data

 Must consider “grain” aspect

 Rough-grained privilege management easier, simpler, but least privilege now
done in large chunks
 Fine-grained management more complex, more overhead, but more protective
 File ACL lists, RBAC
 Domain can be user, process, procedure
 Domain Structure

 Access-right = <object-name, rights-set>

where rights-set is a subset of all valid operations that can be
performed on the object

 Domain = set of access-rights

 Access Matrix

 View protection as a matrix (access matrix)

 Rows represent domains

 Columns represent objects

 Access(i, j) is the set of operations that a process executing in

Domaini can invoke on Objectj
Access Matrix
 Use of Access Matrix

 If a process in Domain Di tries to do “op” on object Oj, then “op” must

be in the access matrix
 User who creates object can define access column for that object
 Can be expanded to dynamic protection
 Operations to add, delete access rights
 Special access rights:
 owner of Oi
 copy op from Oi to Oj (denoted by “*”)
 control – Di can modify Dj access rights
 transfer – switch from domain Di to Dj
 Copy and Owner applicable to an object
 Control applicable to domain object
 Use of Access Matrix (Cont.)

 Access matrix design separates mechanism from policy

 Mechanism
 Operating system provides access-matrix + rules
 If ensures that the matrix is only manipulated by authorized
agents and that rules are strictly enforced
 Policy
 User dictates policy
 Who can access what object and in what mode

 But doesn’t solve the general confinement problem

 Each column = Access-control list for one object
Defines who can perform what operation
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read

 Each Row = Capability List (like a key)

For each domain, what operations allowed on what objects
Object F1 – Read
Object F4 – Read, Write, Execute
Object F5 – Read, Write, Delete, Copy
Role-based Access Control in Solaris 10
 Summary of today’s lecture
 In today’s lecture, we talked about why is it difficult to
achieve absolute security and what are the security
tradeoffs.
 We also discussed the phenomenon of Detection,
Protection and Reaction.
 Next lecture topics
 Firewall Concept. How could firewalls be implemented
through software and hardware
 We will have some more discussion on Security and
Protection
The End