NETWORK SECURITY AND FIREWALLS

EMERGING THREATS IN C-S ARCHITECTURE

Introduction : Software agent: mobile code (executable program )that resembles virus threat. To prevent them firewalls are used to filter incoming packets. These threats can be categorized into following: a.) threats to local computing environment from mobile software.

b.) access control and threats to servers that include impersonation, eavesdropping, denial of service, packet replay, and packet modification.

Continue

Software agents & malicious code:

o Client programs interpret data downloaded from internet and in absence of checks on imported data as the downloaded data passes through interpreter programs on clients machine without his knowledge, can affect the system. o Clients threats also arise from malicious code such as viruses, worms, trojan horses,logic bombs etc. o Malicious code is associated with both stand alone PCs and networked systems o To prevent such threats the client must do scan for malicious code and executable programs.

Continued
Threats to servers: o These are more prone to attacks which exploits the bugs in server software. o Vulnerable software running, usage of popluar programs, eavesdropping the conversation, spoofing the system etc. enhances the attacking chances. o DoS, eavesdropping,service overloading, message overloading, packet replay are common threats. o To prevent them access to accounts, protect from unauthorized access must be done.

FIREWALLS AND NETWORK SECURITY

Its a barrier between corporate work and outside network It can be computer or router that monitors the traffic The device allows insiders to access services outside while allowing restricted access to outsiders Its located at gateway and internal gateways

What it does
o o o It provides several level of security: Screen packets and filter the network traffic allow/restrict access to certain applications Firewalls range from simple traffic logging systems that record all network traffic to complex one such as screening of packets o Most secure are application gateways and provide proxy services to users o In case of heavy traffic, hardened firewall machines are set up.

IP Packet screening routers

Static traffic routing service placed between network service providers router and internal network Rules screens the IP packets Firewall router filters incoming packets to permit or deny IP packets based on rules. Preventive Measures: o Screening rules are difficult to specify o Not easily flexible o If it is circumvented, the rest of network is open to attack

Proxy application gateways

It is a special server that runs on a firewall machine. Their primary use is access to applications such as www from within a secure perimeter, so each request from client go through proxy on firewall rather going directly to servers. It allows organisation users to access application proxy and disallow external hackers. It accepts the request from inside and forward it to remote server outside the firewall and returns to the client Proxies do not include complex network code and can manage network functions such as auditing,access to services etc. Proxy act as intermediate having capability to mitigate attacks

Hardened firewall hosts

This type of firewalls requires inside/outside users to connect to trusted applications on the firewall itself before connecting further. These are configured to protect against unauthorized interactive logins. It is created such that only that operate it can access it and it provides auditing, logging and monitoring to check remote access Its advantage is concentration of security, information hiding,centralized service management

Data and message security

Data and message security

Data security

Message security

Packet sniffing : monitors network by compromising host and installing sniffer program

Threats to message security are:

Confidentiality, integrity and authentication

Encryption as basis for data and message security Encryption

Secret/symmetri c crptography

Asymmetric cryptography

DES,RSA and digital certificates

Encryption/encipher
It means to convert plaintext into a scrambled text which cannot be read by anyone.

Single-key/symmetric
It involves the encryption and decryption by using single key that is shared between transmitter and reciever. It suffers from problem of key distribution. The generation, transmission and storage of keys is called key management. In business environment it is impossible that key management is flawless. Therefore this method is impractical

Asymmetric/public key
It involves usage of 2 keys: private and public keys Information encrypted with private key can only be opened by public key and vice versa. The private key is secret whereas public key is known to everyone. These keys are maintained in central repository so no problem of key-distribution, the private key is main concern to management

DES
It is the implementation of secret-key cryptography It operates on 64-bit of blockof message. And uses 56-bit key Designed for hardware implementation It deploys more than one stage of encryption This can be cracked so its advanced version like des3, desx are used

RSA algorithm
It is a public key cryptographic system required for encryption and authentication This is hard to crack, as long prime number multiplication is used It is used in wide variety products, platforms and industries e.g. www browsers,on ethernet networks, secure telephones

Digital signatures
In business transcations , authnticatio refres to use of digital signatures that verifies digital document. It is neede for proliferation of e-commerce The recipient, as well as third party verifies that the document did originate from the person hose signature are attached and that document is not altered since it signed.

Encrypted documents and email

Email users who desire confidentiality and authentication uses encryption Pretty good privacy and privacy enhanced mail are commonly used methods

Privacy enhanced mail

It includes encryption, authentication and key management and allows use of both singlekey/double-key cryptosystems. It uses DES for encryption and RSA for authentiaction.

Pretty good privacy

It is implementation of public key cryptography based on RSA and encrypts email and is rapidly used in ecomm applications. Also uses hash algorithms, MD5,to form a digital signature. MD5 generate digital signature
Digital signature encrypted with RSA using private key

Email typing