Computer Security Technology
Computer Security Fundamentals
by Chuck Easttom
Chapter 9: Security Technology
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Chapter 9 Objectives
- Evaluate the effectiveness of a scanner based on how it works
- Choose the best type of firewall for a given organization
- Understand antispyware
- Employ intrusion-detection systems to detect problems on your system
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Introduction
- Preceding chapters have described computer crime and computer security.
- Now, look at the technical details:
- Various security devices and software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
How can you protect against all the crimes you have studied?
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Virus Scanners
- Purpose: to prevent a virus from infecting the system
- Searches for the signature of a known virus
- Scanners work in two ways:
- Signature matching
- Behavior matching
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Signatures are also known as definitions.
Behavior matching is also known as heuristics.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Virus Scanners (cont.)
- Signature matching
- List of all known virus definitions
- Kept in a small .dat file
- Updating consists of replacing this file
- AV scans host, network, and incoming e-mails for a match
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Virus Scanners (cont.)
- Behavior matching:
- Attempts to write to the boot sector
- Change system files
- Automate e-mail software
- Self-multiply
- These are typical virus behaviors.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Heuristics may have false positives.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Virus Scanners (cont.)
- Ongoing virus scanners:
- Run constantly in the background
- On-demand virus scanners:
- Run only when you launch them
- Modern AV scanners offer both options.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Virus-Scanning Techniques
- E-mail and attachment scanning
- Examine e-mail on the server, OR.
- Scan the host computer before passing to the e-mail program.
- Download scanning
- Scan downloaded files.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Both signatures and heuristics scan the same way, using different databases for references.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Virus-Scanning Techniques (cont.)
- File scanning
- Files on the host computer are checked periodically.
- Heuristic scanning
- Most advanced form of virus scanning
- Uses rules to determine if behavior is virus-like
- Best way to find an unknown virus
- Some false positives
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Virus-Scanning Techniques (cont.)
- Active code scanning
- Java applets and ActiveX
- Visual effects
- Can be vehicles for malicious code
- Must be scanned
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Active code can be dangerous. It is also a huge topic for security and is on the Security+ certification exam.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Commercial Antivirus Software
- www.grisoft.com
- Commercial product
- Also freeware for home use
- McAfee
- Norton
- Popular commercial products
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
DO IT!
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Firewalls
- A barrier between your network and the outside world
- Filters packets based on
- Size
- Source IP
- Protocol
- Destination port
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Again, McAfee and Norton are both popular commercial products you see everywhere, as well as Linksys, which is now owned by Cisco. These are all reasonably priced, so GET ONE!!!
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Firewalls (cont.)
- Need dedicated firewall between trusted network and untrusted network.
- Cisco is well known for its routers and firewalls.
- Firewalls can be hardware or software.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Cisco is the 800-pound gorilla. But there are many good router vendors out there.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Firewall Types and Components
- There are several types of firewalls:
- Packet Filter
- Stateful Packet Inspection
- Application
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Firewall Configurations
- Network host-based:
- Software solution installed on an existing operating system.
- Weakness: It relies on the OS.
- Must harden the existing operating system.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
If you install a network firewall on an NT 4 box, forget it. It’s just too insecure. At least go for win2K.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Firewall Configurations (cont.)
- Dual-homed host:
- Installed on a server with at least two network interfaces.
- Systems inside and outside the firewall can communicate with the dual-homed host, not with each other.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Firewall Configurations (cont.)
- Router-based firewall
- Commonly the first layer of protection
- Usually a packet filter
- Screened host
- Combination firewall
- A bastion host and a packet filter
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Commercial and Free Firewall Products
- Zone Labs
- www.zonelabs.com
- Also freeware version
- Cisco
- Outpost Firewall
- www.agnitum.com/products/outpost/
- Also freeware version
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Commercial and Free Firewall Products (cont.)
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Whether it’s free, get one!!
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Firewall Logs
- All firewalls log activity.
- Logs can provide valuable information.
- Can locate source of an attack.
- Can prevent a future attack.
- Network administrators regularly check for data.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Any good administrator always checks his logs on a regular basis.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Antispyware
- Scans for spyware.
- Checks for known spyware files, such as AV software scans for known virus files.
- Maintain a subscription service to keep spyware file definitions up to date, or use auto-update.
- Be cautious about attachments and downloads.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
We have beat this into the ground, but it’s true.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software
- Intrusion-detection software (IDS)
- Inspects all inbound and outbound port activity
- Scans for patterns that might indicate an attempted break-in
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- IDS categorization
- Misuse detection versus anomaly detection
- Passive systems versus reactive systems
- Network-based systems versus host-based systems
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- Misuse detection versus anomaly detection
- Misuse detection
- Analyzes information it gathers and compares it to known attack signatures
- Anomaly detection
- Looks for unusual behaviors
- Behaviors that do not match pattern of normal user access
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Similar to the AV software approaches—signatures versus heuristics
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- Passive systems versus reactive systems
- Passive systems
- Upon detection, logs the information and sends a signal
- Reactive systems
- Upon detection, logs off a suspicious user or reprograms the firewall to block the suspicious network traffic
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Depends on your needs.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- Network-based systems versus host-based systems
- Network-based systems
- Analyze network traffic
- Host-based systems
- Analyze activity of each individual host
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- IDS approaches
- Preemptive blocking
- Infiltration
- Intrusion deflection
- Intrusion deterrence
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- Preemptive blocking
- Called banishment vigilance
- Seeks to prevent intrusions before they occur
- Notes any sign of impending threats and blocks the user or IP
- Risk of blocking legitimate users
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Can alienate users if the bar is set too high, and you are often blocking legitimate users.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- Infiltration
- Not a software program.
- The process of infiltrating hacker/cracker online groups by security administrator.
- Unusual .
- Most administrators depend on security bulletins.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Revenge on the part of the hacker community you have ratted out may be uncomfortable.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- Intrusion deflection
- Honeypot.
- Set up an attractive, but fake, system.
- Lure the attacker into the system and monitor attacker’s activity.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
It’s unnerving to have a hacker in your system. There are many differences of opinion in the community about the use of these.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Intrusion-Detection Software (cont.)
- Intrusion deterrence
- An attempt to make the system a less palatable target.
- First, attempt to make the system seem less attractive—hide the valuable assets.
- Then, make the system seem more secure than it is—have warnings of monitoring and so on.
- Make any potential reward seem more difficult to attain than it actually is.
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Social engineering on the part of the network admin!!!
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Commercial IDS Providers
- Many IDS vendors
- You must determine which is best for your business environment.
- Snort:
- www.snort.org
- Open source
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Snort is great!
Authentication
- PAP: Password Authentication Protocol is the simplest form of authentication and the least secure. Usernames and passwords are sent unencrypted in plain text.
- SPAP: Shiva Password Authentication Protocol is an extension to PAP that does encrypt the username and password that is sent over the Internet.
© 2016 Pearson, Inc. Chapter 8 Encryption
*
© 2016 Pearson, Inc. Chapter 8 Encryption
Au Authentication thentication (Continued)
- CHAP: Challenge Handshake Authentication Protocol calculates a hash after the user has logged in. Then it shares that hash with the client system. Periodically the server asks the client to provide that hash. (This is the challenge part.)
- Kerberos: Kerberos is used widely, particularly with Microsoft operating systems. It was invented at MIT and derives its name from the mythical three-headed dog that was reputed to guard the gates of Hades.
© 2016 Pearson, Inc. Chapter 8 Encryption
*
© 2016 Pearson, Inc. Chapter 8 Encryption
© 2016 Pearson, Inc. Chapter 8 Encryption
*
VPN
- Virtual Private Networks (VPN)
- Virtual connection through the Internet
- Packets are encrypted
- Protocols
- PPTP
- L2TP
- IPSec
© 2016 Pearson, Inc. Chapter 8 Encryption
*
Virtual private networks (VPN)
Creates a virtual connection through the Internet between a remote user and a central location.
Packets over the VPN are encrypted.
Protocols
PPTP
L2TP
IPSec
© 2016 Pearson, Inc. Chapter 8 Encryption
*
VPNNetworks (cont.)
- PPTP – Point-to-Point Protocol
- Secure extension of PPP
- Authenticates users
- Extensible Authentication Protocol (EAP)
- Challenge Handshake Authentication Protocol (CHAP)
- Encrypts packets
- Microsoft Point-to-Point Encryption (MPPE)
© 2016 Pearson, Inc. Chapter 8 Encryption
*
PPTP – Point-to-Point Protocol
A secure extension of PPP add features
Authenticates users
Extensible Authentication Protocol (EAP)
Challenge Handshake Authentication Protocol (CHAP)
Encrypts packets
Microsoft Point-to-Point Encryption (MPPE)
© 2016 Pearson, Inc. Chapter 8 Encryption
*
VPN Networks (cont.)
- L2TP – Layer 2 Tunneling Protocol
- Five user authentication methods: CHAP and EAP plus:
- PAP – Password Authentication Protocol
- SPAP – Shiva Password Authentication Protocol
- MS-CHAP – Microsoft-specific extension of CHAP
© 2016 Pearson, Inc. Chapter 8 Encryption
*
L2TP – Layer 2 Tunneling Protocol
Enhances PPTP with five user authentication methods: CHAP and EAP plus:
PAP – Password Authentication Protocol – clears text username and password
SPAP – Shiva Password Authentication Protocol, encrypts username and password
MS-CHAP – Microsoft-specific extension of CHAP
© 2016 Pearson, Inc. Chapter 8 Encryption
*
VPN(cont.)
- IPSec – Internet Protocol Security
- Used by L2TP for encryption
- Encrypts packet data and header
- Prevents unauthorized retransmission of packets
© 2016 Pearson, Inc. Chapter 8 Encryption
WiFiWEP
Wired Equivalent Privacy uses the stream cipher RC4 to secure the data and a CRC-32 checksum for error checking. Standard WEP uses a 40 bit key (known as WEP-40) with a 24 bit initialization vector, to effectively form 64 bit encryption. 128 bit WEP uses a 104 bit key with a 24 bit IV.
Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
WiFi - ContWPA
Wi-Fi Protected Access. WPA uses Temporal Key Integrity Protocol. TKIP is a 128-bit per-packet key, meaning that it dynamically generates a new key for each packet.
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
WWiFi - ContWPAPA2
WPA2 is based on the IEEE 802.11i standard. It provides the following:
The Advanced Encryption Standard (AES) using the Counter Mode-Cipher Block Chaining (CBC)-Message Authentication Code (MAC) Protocol (CCMP) that provides data confidentiality, data origin authentication, and data integrity for wireless frames.
.
*
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*
Summary
- Any network needs a firewall and proxy server between the trusted and untrusted networks.
- Also consider IDS and antispyware,
© 2016 Pearson, Inc. Chapter 9 Computer Security Software
*