Network Threats
Vulnerabilities and Attacks
Physical Layer:
- The vulnerability in wired and wireless networks is an unauthorized access to a network through insecure hub/switch port.
- The vulnerability may be exploited to launch attacks like:
a) Sniffing packet data to steal valuable information.
b) Denial of service to legitimate users.
c) Spoofing MAC of legitimate hosts and launch man in the middle attack.
Network Layer
- The vulnerability of TCP/IP is:
a) The plain text data packets exchanged between server and client can be easily read which uses HTTP.
b) HTTP has weak authentication for session initialization which may lead to session hijacking.
c) 3 way handshake for connection establishment is another vulnerability which is exploited by SYN flooding.
d) IP protocol header modification may lead to IP spoofing attack.
Network Security
- It aims to make the entire network secure.
- It protects usability, reliability, integrity and safety of network and data.
- The primary goal of network security are:
a) Confidentiality
b) Integrity
c) Availability
Cryptography - Symmetric and Public Key
Principles of Cryptography
- Cryptography is the method of storing and transmitting data in a format that can be rad and processed by the intended users only.
- It includes methods to hide information in storage or in transit.
- It is often associated with encryption and decryption.
- Encryption is the process of scrambling plain text into cipher text.
- Decryption is the process of regaining the plain text from the cipher text.
Symmetric vs Asymmetric Key Encryption
- Symmetric key encryption uses a single private key.
- Encryption and decryption both utilizes the same key.
- It does not ensure confidentiality.
- It is generally used for bulk data encryption.
- It is more efficient.
- The algorithms used are AES, DES, Blowfish.
- Asymmetric key encryption uses a pair of keys: private key and public key.
- Encryption is done with public key and the holder of private key can only decrypt it.
- It ensures confidentiality.
- It is generally used to secure key exchanges.
- It is less efficient.
- The algorithm used is RSA.
RSA Algorithm
- RSA is an algorithm used for public key encryption.
- It is believed to be secure if its keys have a length of at least 1024 bits.
Key Generation Algorithm
1. Choose two very large random prime integers. (p and q)
2. Compute n and Ǿ(n) such that:
n = p * q
Ǿ(n) = (p-1) * (q-1)
3. Choose an integer e, 1 < e < Ǿ(n), such that:
gcd(e, Ǿ(n)) = 1
4. Compute d, 1 < d < Ǿ(n), such that:
e * d = 1 (mod Ǿ(n))
We get, public key = (n, e)
private key = (n, d)
p, q and Ǿ(n) are private
e is public exponent.
d is private exponent.
Encryption and Decryption:
- Cipher ( C ) = M^e mod n
- Message ( M ) = C^d mod n
Example:
Key Generation:
1. p = 11 and q = 3
2. n = p * q = 33
Ǿ(n) = (p-1) * (q-1) = 20
3. Choose e = 3 such that 1 < e < Ǿ(n) and gcd(e, Ǿ(n)) = 1
4. (3) * d = 1 (mod 20)
d = 7
Public key = (33, 3)
Private key = (33, 7)
Let message M = 7.
Encryption:
C = M^e mod n = 7^3 mod 33 = 13
Decryption:
M = C^d mod n = 13^7 mod 33 = 7
Digital Signature
- Digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
- It is intended to solve the problem of tampering and impersonation in digital communication.
- It is based on public key cryptograhy.
- Using RSA, public and private keys are generated.
- The signing software is used to create a one-way hash of the electronic data to be signed.
- The private key is used to encrypt the hash.
- The encrypted hash along with hashing algorithm is the digital signature.
Securing E-mail : PGP
Pretty Good Privacy (PGP)
- It is a program used to encrypt and decrypt email over the Internet as well as authenticate messages with digital signatures.
- Each user has encryption key and private key.
- Message is encrypted and send to someone using their encryption key.
- It uses faster encryption algorithm to encrypt message.
- The receiver private key is used to decrypt to short key; which is the key used to decrypt the message.
Securing TCP Connections - SSL
- SSL is a standard security technology for establishing encrypted link between a server and a client.
- It allows sensitive informations like credit card no, social security no, etc to be transmitted securely.
- Generally, the data between browser and web server is sent in plain text, which is vulnerable if the intruder intercept the data.
- It provides variables of the encryption for both the link and the data being transmitted.
- SSL secured websites begin with https.
- SSL certificates have public and private key, which work together to establish an encrypted connection.
- When a browser attempts to access a SSL secured websites, the browser and the web server establish an SSL connection using SSL handshake.
- Public key, private key and session key are used to set up SSL connection.
- After secure connection is made, session key is used to encrypt all transmitted data.
Network Layer Security - IPsec and VPN
Internet Protocol Security ( IPSec )
- IPSec is a framework for a set of protocols for security at the network or packet processing layer of network communication.
- It is useful for implementing VPN and for remote user access through dial up connection to private networks.
- The advantage is that, security arrangements can be handled without requiring changes to individual user computers.
- It provides two security service:
a) Authentication header (AH) = allow authentication of data sender.
b) Encapsulating Security Payload (ESP) = allow sender authentication as well as data encryption.
Virtual Private Network (VPN)
- It is a technology that creates safe and encrypted connection over a less secure network.
- It allows remote users to securely access applications and other resources.
- Data travels through secure tunnel.
- VPN users must use authentication method to gain VPN access.
- It ensures appropriate level of security to connected system.
- Speed of Internet connection of user effects VPN performance.
Securing Wireless LAN - WEP
- It is a security protocol specified by IEEE WiFi standard, which provides a wireless LAN with a level of security and privacy comparable to what is expected on a wired LAN.
- Data encryption protects vulnerable wireless link between clients and access points.
- After this measure, password protection, end to end encryption and VPN can be placed to ensure privacy.
- It is vulnerable to wireless equivalent privacy attacks.
Firewalls
- Firewall is a network security that analyzes and controls the incoming and outgoing network traffics based on the predetermined security rules.
- It analyzes the network and allows the network traffics in and out only if they are trusted.
Types of Firewall
1) Packet Filtering Firewall
- It protects users from the external network threat
- Packet filtering is the process of passing or blocking packets based on source and destination address, port or protocols at a network interface.
- The header of the packet is analyzed and based on predefined rules, it allows packet to pass or prevents packet from passing.
Methods
1) The filter accepts only those packets that it is certain are safe, dropping all others.
2) The filter drops only the packets that is certain are unsafe, accepting all others.
3) The filter when encounters a packet for which no rule is provided, it query the user for performing what should be done.
2) Application Gateway
- The gateway operates at the application layer.
- Application gateway for specific applications can be installed.
- It filters incoming node traffic to certain rules which mean that only transmitted network application data is filtered.
- Eg: A mail gateway can be set up to examine each message going in or coming out. For each message, gateway decides whether to transmit of discard the messages.
- by SURAJ AWAL
Ⓒ Copyright ESign Technology 2019. A Product of ESign Technology. All Rights Reserved.