Chapter 10: Net Security

Page 1

The document is authored by Prof. Dr. Hans L. Stahl and focuses on communication technology and data security, specifically detailing the contents of Chapter 10 on network security. The presentation was created for the date of January 28, 2024.

Page 2

Copyright Notice

  • This document is under copyright and may only be used as a learning material in connection with the course "Communication Technology and Networks" at the Institute of Computer Science at the Technical University of Cologne.

  • Any additional use, reproduction, or publication requires written consent from the author.

  • It is also prohibited to share this document with third parties, either digitally or physically, without permission.

Disclaimer

  • While all information has been compiled with great care, errors may still occur, and advancements in information and communication technology may not be reflected immediately.

  • The author does not assume liability for errors or damages resulting from the application of the information described.

Usage Conditions

  • Material can only be downloaded, saved, and printed for personal use related to course preparation or examination purposes.

  • Taking photos or videos of presented materials during the course is prohibited.

  • The removal of copyright notices from any documents is also prohibited.

Page 3

Overview of Chapter 10: Net Security

  • This chapter discusses typical problems in networks, foundational concepts and terms relevant to network security, types of attacks in TCP/IP-based networks, the purpose of encryption, firewall definitions and characteristics, and practical additional notes. It ends with review and exercise questions for assessment.

Key Questions Covered:

  1. What are typical problems encountered in networks?

  2. What foundational concepts are relevant?

    • Basic terms: security goals, threats, risks, measures, attacks

    • Technical security goals

    • Technical protective measures

  3. What do typical attacks look like in TCP/IP-based networks?

    • Types of attacks in networks and TCP/IP model

  4. The role and principles of encryption.

  5. The function and types of firewalls.

  6. Additional remarks and further information references.

  7. Review and exercise questions.

Page 4

Basic Concepts and Foundations of Network Security

  • Introduction to fundamental concepts in network security, establishing the academic framework for the chapter.

Page 5

Motivation: Typical Problems in Networks

Current Situation

  • The rise of distributed and mobile applications necessitates intensive communication.

  • The need to ensure functionality and adherence to legal requirements coincides with the overarching corporate goals.

Conditions

  • Communication may occur over private or public networks, leading to minimal control over data access.

Examples of Problems:

  1. Eavesdropping or tampering with transmitted data (e.g., emails, phone calls).

  2. Unauthorized access to sensitive data (e.g., bank accounts).

  3. Confidential information mistakenly sent to the public web instead of being contained within the intranet.

  4. Hackers compromising corporate computers to steal or manipulate data.

  5. Attackers temporarily taking down a web server (Denial of Service).

  6. Someone ordering or using services in another's name.
    All of these problems can lead to significant damage.

Page 6

Security Goals, Threats, Risks, Measures

  • Introduction of abstract security goals aligned with overarching objectives.

Security Goals:

  • Not a goal in itself but aligned with broader objectives, subjected to threats and risks occurring from potential or actual breaches.

  • Threats: potential events that can undermine security.

  • Risks: evaluated threats considering the likelihood and potential damage.

  • Measures: intended to mitigate risks through established policies and the use of tools like firewalls or antivirus software.

Page 7

Abstract Security Goals (Protection Goals)

  1. Confidentiality: Only authorized parties should be able to read data/messages.

  2. Integrity: Only authorized individuals should have write access, ensuring data accuracy and system functionality.

  3. Authenticity: Data/messages must originate from legitimate sources; third parties should not create/send fake communications.

  4. Non-repudiation: The sender cannot deny sending the data/message, confirming accountability.

  5. Availability: Data, services, and systems should be accessible as needed.

Relationship between Goals

  • Confidentiality, integrity, and availability are core IT security values, while authenticity and non-repudiation derive from cryptographic methods.

Page 8

Technical Protective Measures

For Security Goals:

  • Confidentiality: Achieved through encryption and access rights systems.

  • Integrity: Ensured with digital signatures and encryption.

  • Authenticity: Maintained by using access credentials, passwords, biometrics, and tokens.

  • Non-repudiation: Implemented using timestamps, logs, and signatures.

  • Availability: Supported by redundancy, service monitoring, and firewall systems.

Page 9

Is Total Security Possible?

  • Discussed with a note that it is challenging to accurately assess whether the content on this page may violate current copyright laws, leading to the section being obscured.

Page 10

Typical Attacks in TCP/IP-Based Networks

Introduction

  • This section begins exploring various attacks in TCP/IP networks, setting the context for the following detailed descriptions.

Page 11

Definition of Attack

  • An attack is the realization of threats, intentionally triggering a threat event that violates security policies leading to potential harm, primarily targeting security goals (confidentiality, integrity, authenticity, non-repudiation, availability).

  • Attacks can stem from anywhere on the internet, and they are usually illegal.

Page 12

Common Types of Attacks in Networks

  1. Sniffing: Monitoring and capturing network traffic (e.g., unencrypted login credentials).

  2. Scanning: Searching for open ports to exploit.

  3. Spoofing: Faking IP addresses or other identifiers.

  4. Denial of Service (DoS): Taking offline services or hosts by overwhelming them.

    • Often involves techniques such as flooding.

Note:

  • Attack types often combine to amplify effectiveness.

Page 13

Typical Attacks in the TCP/IP Model

  • Discusses various malicious software types such as viruses and Trojans, common attacks like SYN Flooding, and the various layers of TCP/IP each target.

Page 14

SYN Flooding Attack

  • A form of Denial of Service that floods the target server with SYN requests under the TCP’s three-way handshake, causing resource exhaustion.

Explanation

  1. Client sends a SYN packet.

  2. Server responds with a SYN-ACK.

  3. Client fails to complete the handshake voiding further resources.

Page 15

Nastygram Attack

  • This attack involves sending malformed packets to confuse or crash systems due to poor implementations of TCP protocols.

  • Defined as an illegal TCP segment combining unsanctioned flags.

Page 16

Man-in-the-Middle Attack

  • An attacker impersonates two legitimate parties with the aim of capturing or altering communications without detection.

Page 17

Spoofing Attacks

  • IP Spoofing: Sending IP packets from faked addresses.

  • ARP Spoofing: Misleading networks by sending false MAC address resolutions to redirect traffic, facilitating Man-in-the-Middle attacks.

Page 18

Port Scanning

  • An attack method probing TCP/UDP ports to identify services running on a host, exposing them to attacks.

Page 19

Denial of Service Examples

  1. Smurf Attack: Amplifies traffic using ICMP echo requests to overwhelm a target via broadcast addresses.

  2. Teardrop Attack: Exploits fragmentation of IP packets to cause buffer overflows.

  3. DDoS Attack: Distributes denial-of-service attacks across multiple compromised systems.

Page 20

Encryption Introduction

  • Transitioning to encryption as a key protective measure in network security.

Page 21

Cryptology Overview

  • Cryptology: The science of encryption encompassing cryptography, cryptanalysis, and steganography.

  • Kerckhoffs's Principle: Security of a system hinges on the secrecy of keys, not on the obscurity of the methodology.

Page 22

Principles of Encryption

  • Plaintext: The original data before encryption.

  • Encryption Key: The secret used in the encryption process.

  • Ciphertext: The resulting data post-encryption.

Page 23

Principles of Decryption

  • Reversing the encryption process using a decryption key to retrieve plaintext from ciphertext.

Page 24

Process of Encryption and Decryption

  • Describes the transformation of data and the mathematical operations behind securing information.

Page 25

Encrypted Data Transmission Process

  • Outlines the flow of data during secured transfers between sender and receiver.

Page 26

Encryption Methods Overview

  • Discusses variations between symmetric (shared keys) and asymmetric (public/private keys) encryption methods, highlighting their respective advantages and challenges.

Page 27

Common Encryption Algorithms

  • Symmetric Algorithms:

    • DES: Outdated standard.

    • 3DES: Improved, but no longer secure.

    • AES: Widely accepted standard of robust encryption up to 256 bits.

  • Asymmetric Algorithms:

    • RSA: Foundational public key system based on prime factorization.

Page 28

Application of Asymmetric Methods

  • Describes secure transmission scenarios, including signing and verifying messages using public/private keys.

Page 29

Combination of Encryption Methods

  • Discusses how asymmetric encryption is utilized to securely exchange symmetric session keys for efficient data encryption (as with SSL/TLS).

Page 30

Secure HTTP Communication

  • Highlights the protocols of SSL and TLS for secured communications in web browsers, identifying key functionalities and applications.

Page 31

Distribution of Public Keys

  • Importance of certificate authorities and verification processes in managing and distributing public keys.

Page 32

SSL/TLS Handshake Protocol

  • Detailed step-by-step breakdown of establishing secure connections between clients and servers within SSL/TLS environments.

Page 33

Certificate Authentication

  • The role and validation process for certificates that confirm the authenticity of public keys within cryptographic communication.

Page 34

Public Key Distribution via Directory Services

  • Explanation of the role of directory services in the maintenance and retrieval of public keys and potential vulnerabilities.

Page 35

SSL/TLS Record Protocol

  • Ensures that subsequent data transmissions are encrypted after the handshake is established, securing all communication layers.

Page 36

Utilization of SSL/TLS

  • Discusses practical implementation in browsers and other client applications reinforcing the principle of public key infrastructures (PKI).

Page 37

Security Evaluation of Encryption Algorithms

  • Criteria for what constitutes a secure algorithm and concerns over cryptographic longevity in the face of advancing computational power.

Page 38

Pretty Good Privacy (PGP)

  • An encryption program that uses public key cryptography and relies on a web of trust instead of central authorities, with various applications in software packages.

Page 39

Virtual Private Networks (VPNs)

  • A network technology that creates secure and encrypted connections over a less secure network, and the significance of encryption in VPN implementations.

Page 40

Firewalls Introduction

  • Introduction to the concept of firewalls as barriers against unauthorized access in networks.

Page 41

General Functions and Characteristics of Firewalls

  • Describes the primary purpose and beyond functions of firewalls, including regulating inward and outward traffic, controlling ports, protecting networks from DoS attacks, and more.

Page 42

Firewall Operations

  • Overview of how firewalls process and examine data transmitted through them, explaining passive versus active inspection methods.

Page 43

Applications of Firewalls

  • Discusses the centralization of security policies and mechanisms in blocking unwanted traffic while maintaining required services.

Page 44

Additional Firewall Capabilities

  • Capabilities such as traffic flow monitoring, logging, and network address translation.

Page 45

Limitations of Firewalls

  • Describes the vulnerabilities and common misconceptions surrounding firewall capabilities.

Page 46

Example of a Single Stage Firewall Concept with DMZ

  • Explains the role of a demilitarized zone in firewall networks to provide a layered security concept between external and internal networks.

Page 47

Example of a Two-Stage Firewall Concept with DMZ

  • Continuing the security layered approach by explaining the combined stages of firewalls for enhanced protection to address various security levels.

Page 48

Mitigation of Firewall Risks

  • Implementing stringent security measures within firewall constructs to protect from being compromised and potential operational failures.

Page 49

Types of Firewalls

  • Classification including personal, packet-filtering, circuit-level, and application-level gateways, highlighting their variations and shared functionalities.

Page 50

Additional Aspects of Network Security

  • Discussing the integral and additional considerations for maintaining network integrity and security.

Page 51

Final Remarks

  • Emphasizes the multidimensional nature of security in IT, including policy, behavior, and regular assessments alongside technology.

Page 52

Further Research

  • Suggests additional literature and resources for deeper understanding, focusing on broader IT security principles beyond just network security.

Page 53

Review and Practice Questions

  • Offers questions and self-assessment opportunities for students to better grasp the course material.

Page 54

Exercise: Basics of IT Security

  • Prompts students to explore fundamental security problems, their implications, and the derived protective measures.

Page 55

Exercise: Attacks in TCP/IP-Based Networks

  • Encourages practical understanding of specific attacks and their workings in TCP/IP networks.

Page 56

Exercise: Encryption Methods (1)

  • Engages students to analyze encryption principles and differentiate between various encryption strategies and their implications for security.

Page 57

Exercise: Encryption Methods (2)

  • Continuation of test exercises focusing on authentication and validation processes related to asymmetric encryption.

Page 58

Exercise: Application of Asymmetric Encryption

  • Practical scenario questions surrounding public and private key use in securing data integrity and privacy during transmission.

Page 59

Exercise: Firewall Systems

  • Asks students to critically think about the deployment and effectiveness of firewall systems in protecting networks.

Page 60

Concluding Remarks

  • Concludes the material with gratitude and encouragement followed by exam preparation notes for students.

Page 61

  • Final page reiterating the date of the presentation to establish context for all provided information.