Network Security Midterm 1--use these LRL

Separation of privilege (security design principle)

*Multiple* privilege attributes are required to achieve access to a restricted source (e.g. 2 step authentication)

Computationally secure if

- *Cost exceeds value* of encrypted info - Time required to break *exceeds useful lifetime of info*

- Identify threats (aspect of threat modeling)

- *list* of common threats grouped by app vulnerability *categories*

Requirements of symmetric key encryption

- *strong* encryption algorithm - sender and receiver must have obtained copies of the secret key in a secure fashion and must keep key secure

Key sizes for AES Block sizes for AES Round sizes for AES

- 128, 192, or 256 bit keys - 128 bit blocks - 10, 12, or 14 rounds (depends on key size)

Notes about DES

- 56 bit key length -> 2^56 possible keys - In 1998, it was able to be cracked now that better hardware had been developed - 3DES still in use today, but considered *slow*

Four security challenges mentioned

- A *battle* between attacker and designer - *where* will security mechanisms be placed - Requires *monitoring* - An *impediment* to efficient, user-friendly operation

Goal of Firewalls

- All traffic passing between inside and outside must pass through firewall - Only authorized traffic, defined by local security policy, is allowed to pass - Firewall itself must be immune to penetration

Attacker vs Hacker

- Attacker has no write to attempt to form a breach, regardless of if intent is malicious or not - Hacker has *written permission* to attempt to break infrastructure

Authenticity vs Authorization (network based attack properties)

- Authenticity: verifying that users are who they say they are, and came from a trusted source - Authorization: Ability to limit and control the access to systems and applications via communication links

Stream cipher (RC4) summary

- Bit-stream generator must be an *algorithmic* procedure - *faster* and *less code* than block ciphers - Same key cannot be used more than once, because it makes *cryptanalysis* simple - If plaintext has known properties, *cryptanalysis* may be successful

DES characteristics

- Block cipher - 56 bit key size - 64 bit block size - 16 rounds, + an initial and final permutation

Fiestel structure (block cipher)

- Block size: larger -> better security, slower speed - Key size: larger -> greater security, slower speed - # of rounds: more rounds, better security - Subkey generation: greater complexity in algorithm -> cryptanalysis more defficult - Fast S/W encry/decry: Encryption *embedded* in application prevents hardware implementation; thus, speed of execution of the algorithm becomes a concern - Ease of analysis: Concise and clear algorithm -> easier to analyze to develop higher *assurance* of strength

3DES

- Breaking it is not practical - Considered secure, but is *slow*, and thus considered *inefficient*

Computer security vs Network security (network based attack properties)

- Computer: protects data - Network: protects *transmission of* data

Confidentiality vs Privacy (network based attack properties)

- Confidentiality: info is not made available to unauthorized individuals - Privacy: individuals control what information about them is collected, and by whom

Stateful firewalls

- Creates an entry for each *established* connection (usually meaning from internal request) - *Tightens* rules for TCP traffic on higher-numbered ports - Allows incoming traffic *only* from higher numbered ports established connections

Data integrity vs System integrity (network based attack properties)

- Data integrity: data only changed in a specified and authorized manner - System integrity: system performs its intended function in an unimpaired manner, free from unauthorized manipulation

Symmetric key wrap-up

- Design of ciphers is a difficult specialty - Takes years of scrutiny by experts to validate a design - Most submissions to AES competition were cryptanalyzed within a year or two - Never design your own cipher - Never trust a product that uses a custom cipher design

4 types of network based attacks

- Eavesdropping - Impersonating - Replay (A sends B a legit packet, then C sends B another packet( - Modification

5 Security design principles !!!

- Economy of mechanism - Fail-safe default - Open design - Separation of privilege - Least privilege

Physical security (access)

- Ensuring only authorized personnel has physical access to equipment

Powerful tool in wireshark

- Filtering, such as "ip.addr == __ and ip.proto = __ and wlan.fc.type = __"

ECB mode

- For a given key, there is a *unique* ciphertext for *every* block of plaintext - May not be secure for long messages

Web app-based attacks, and key to prevention

- Hacker responding with bad data which corrupts server remotely - Prevention: proper input error-handling (e.g. only permitting a number to be sent, so that someone responding DELETE is denied)

Stateless firewalls weaknesses

- IP address spoofing - Cannot prevent attacks using application-specific vulnerabilities - Susceptible to security breaches caused by improper configs - Don't support advanced user authentication schemes

5 steps of threat modeling

- Identify security objectives - Application overview - Decompose application - Identify threats - Identify vulnerabilities

- Application overview (aspect of threat modeling)

- Identify services - Identify roles/privileges (who can do what?) - Current security mechanisms?

Threat modeling

- Identifying and prioritizing threats from a possible attacker's POV

Problem with proactive password checking

- If system rejects too many passwords, users will complain about difficulty - If system uses simple algorithm to define acceptable passwords, it aids in cryptanalysis

2 ways to prevent DDoS attacks

- Increase bandwidth/redundancy, so you can keep going when attacked - Develop algorithms to detect unusual traffic and block connections

CBC mode

- Initialization Vector (IV) is XOR'd with first block of plaintext - If the same plaintext blocks are repeated, they produce *different* ciphertext blocks

Security services

- Integrity (data and system) - Privacy - Confidentiality - Authenticity (and authorization) - Non-repudiation?

IP address spoofing definition and countermeasure (stateless firewalls)

- Intruder transmits packets from outside, with a source IP address containing address of internal host - Countermeasure: discard packets with an inside source address, if arriving on external interface

Disadvantages of Symmetric Key

- Key exchange - Incorrectly designed algorithms can make cipher severely weakend (e.g. WEP)

How: stream ciphers

- Key is used to initialize the plaintext, modding plaintext by the key, restarting at beginning of key if plaintext length > key length - Permutation occurs of some kind, with some swap idk - Stream is generated with some weird swapping shit

Insecure encryption algorithm

- Known algorithm does *not* hide the cipher text enough which makes brute force and/or cryptanalysis *feasible*

In general, the security of network communication *mainly* depends on

- Length of the key - Secrecy of the key length - Secrecy of the key used

Application level firewalls/gateway + disadvantage

- Like a stateful firewall, but it looks at payload - Relay for application layer traffic - Administrator only whitelists specific features - Disadvantage: additional processing overhead on each connection

3 fundamental difficulties of One-time pad

- Make large quantity of *random* keys - Key has to be as long as the message - Huge key distribution problem *only cryptosystem that exhibits perfect secrecy*

Limitations of firewalls

- May not protect against internal threats - Device may be used and infected outside corporate network, then attached and used internally - Cannot protect against attacks that bypass firewall

Block cipher summary

- Most commonly used symmetric encryption algorithms - Fixed sized blocks to process input, and produces ciphertext of equal size for each block - *Feistel structure* is an example of a general structure used by symmetric block cyphers

How do we look at packets? (network traffic analysis)

- Network sniffing tools

Passive vs Active attacks (network based attack properties)

- Passive: learns info, but does *not* affect system resources - Active: attempts to *alter* system resources

2 types of Software based attacks

- Password attacks - Malicious software

Types of attacks (big picture)

- Physical - Software based - Web app based - Social engineering - Network based

3 purposes of using a salt

- Prevents duplicate passwords from being the same in password database - Makes dictionary attacks more difficult, because makes number of possible hashes exponentially larger - If a user uses the same password on 2+ systems, and 1 of these passwords is compromised, attacker can't know that same password is used elsewhere

Security mechanism

- Process designed to detect, prevent, or recovery from a security attack Example: SSL/TLS

Physical security (reliability)

- Protect from fire, flood, extreme temperature, extreme humidity, etc

Cyber Attack phases (5)

- Reconnaissance - Scanning - Gaining access - Maintaining access - Clearing tracks

Physical security (definition)

- Restrict physical access - Assure reliability

Symmetric key encryption

- Same key for encryption/decryption - Can be substitution or permutation cipher - Can be stream or a block cipher - *find out advantages*

Security service

- Service that enhances the security of systems and the information transferred - Can make use of one or more security mechanisms to provide service Example: Confidentiality

Stateless firewalls Strengths

- Simplicity - Transparent to users - Very fast

Advantages of Symmetric Key

- Single key - Fast encryption and decryption - Relatively small key spaces can still offer effective security

Example of failed physical security

- Some dude installs something that *looks* like a surge protector, but it's really running Linux hacking software with WiFi and bluetooth antennas

VPN scenario

- Special firewall setting, where all traffic is encapsulated in another packet. Hides everything but src address, so intermediate packets cannot sniff. - Forms VPN between an unprotected network, so they're in the same internal network

Difference within encapsulation layers for stateful vs stateless firewalls

- Stateless: only Transport layer - Stateful: Transport layer, and physical layer for State info

Types of password attacks

- Stealing - Guessing - Dictionary attacks - Brute force attacks - Rainbow table attacks - Workstation hijacking

4 stages of AES

- Substitute bytes (operates at byte level) - Shift rows (simple byte-shift) - Mix columns (matrix multiplication on bytes) - Add round key (bytewise XOR with key)

Statistics in Wireshark

- Summary - Protocol hierarchy - Conversations - Endpoints

AES

- Symmetric block cipher - Multiple key lengths - Executable in hardware *and* software - Freely available

2 conditions to be computationally secure

- Time taken to crack is longer than the information is useful - Cost of breaking protocol exceeds the value of encrypted information

Why do we look at packets? (network traffic analysis)

- Troubleshooting - Detection of badness - Forensics

One-time Pad

- Use a random key as long as the message, so the key won't be repeated - Discard key after every message - Scheme is *unbrekable* - Output has *no statistical relationship* to the plaintext

Stream cipher (RC4) weakness

- Used in SSL/TLS and WEP - Practical attacks found - WEP is insecure (due to way of input key generation) - Prohibited in all versions of TLS

Four basic techniques used to avoid guessable passwords

- User education - Computer generated passwords - Reactive password checking - Proactive password checking

Asymmetric key encryption

- Uses different, but related keys for encryption/decryption *found out advantages*

Types of malicious software

- Virus (executable which ruins hard drive on computer by adding too many files. Requires an active host/human to run) - Worm (propagates through network without human help) - Rootkits - Spyware - Botnet - Ransomware - Logic bomb (sets off a malicious software under specific circumstances, such as actions or time passage)

Social engineering (types)

- Whaling (targeting well known, rich people) - Spoofing - Phishing - Vishing (phishing, but through the phone) - Shoulder surfing - Impersonation

Types of hackers

- White hat: testing w/ permission - Black hat: testing w/o permission - Grey hat: will test with or w/o permission - Script kiddies: using scripts to hack - Suicide hackers: don't try to hide themselves - Cyber terrorists - State sponsored - Hacktivist: black hat for a cause

Note about keys with AES

- You expand the keys, and only use 4 bits from this expansion in each round

DMZ setup

- a *setup* to group all servers which would face the internet, adding an internal firewall between it and internal network, then adding a 2nd firewall between the whole thing and the internet - *2 way protection* between internal network and DMZ network. A breach in one shouldn't affect the other

Network Security Model requires us to: (4 things)

- design suitable *algorithm* for the security transformation - *Generate the keys* used by algorithm - Develop methods to *distribute and share* - Specify *protocol* enabling the principles to *use* the secret transformation for a security device

Incident response plan (2 aspects)

-what constitutes and incident -step-by-step process to follow when incident occurs

TCP handshake

1) Client sends SYN 2) Server responds SYN-ACK 3) Client responds ACK 4) Client sends data

Fail-safe Default (security design principle)

Access decisions should be based on *permission* rather than exclusion

Cryptanalysis

Attempting to crack code by applying knowledge of the encryption - Attack relies on algorithm + general knowledge of plaintext - To deduce a specific plaintext, or deduce the key used

quiz q: "ability to limit and control access to host systems and applications is"

Authorization

2DES

Basically doing DES twice, with 2 keys.

How to break caesar (substitution) ciphers, why is it so easy?

Brute force - Algorithm known - Algorithm weak - Key space small - Plaintext language known + commonality of letters

quiz q: "protection of data from unauthorized disclosure is:"

Confidentiality

quiz q: "Between an internal firewall and an external firewall are one or more networked devices in a region referred to as a _________ . Systems that are externally accessible but need some protection are usually located in this area."

DMZ

Economy of Mechanism (security design principle)

Design of security measures embodies in both hardware and software should be as *simple* and *small* as possible

What is a salt?

Each individual user has a randomized salt, which their password is hashed with before being stored on a server. Each salt is unique to each user

quiz q: "Failure to recognize that a certain condition is met is a ____"

False negative

- Decompose application (aspect of threat modeling)

Identify: - entry points - data flows - exit points

Unconditionally secure

No matter how much time an opponent has, it is *impossible* to decrypt ciphertext, because required info is not there

Which of the following is NOT a security service? - SSL/TLS - Confidentiality - Authentication - Integrity

SSL/TLS. It is a security *mechanism*

quiz q: "A ___ firewall applies a set of rules to each IP packet, then forwards or discards the packet"

Stateless (aka Packet filtering)

Explaining symmetric vs asymmetric, and private vs public key

Symmetric: 1 shared private key Asymmetric: 2 keys, one private, one public. A message encrypted by a private key can only be decrypted by the public key, and vice versa. Asymmetric is more secure

Modes of operation

Technique to *enhance* effect of cryptographic algorithm - Intended to cover wide variety where *block ciphers* can be used - Modes are intended for use with *any* symmetric block cipher, including 3DES and AES - Examples: ECB, CBC

Open design (security design principle)

The design of security mechanism should be *open* rather than a secret

Least privilege (security design principle)

Users/Processes operate using the *least* set of privileges necessary to perform the task

Cyberstalking

Using internet to stalk or harass

Meet in the Middle attacks

We must *know* one plaintext/ciphertext pair - Use all possible Key1's on plaintext to find intermediate state S and K1 - Use all possible Key2's on the ciphertext to find intermediate state S' and K2 - Wherever S=S', then these K1 K2 pairs are candidate keys

Identify security objectives (aspect of threat modeling)

What should be protected? QoS requirements? Intangible assets to protect?

WEP

Wired Equivalent Privacy - Purpose of an IV is to prevent any repetition - For any 24bit IV, there is a 50% probability the same IV will repeat after 5000 packets - 24-bit IV is not long enough to ensure confidentiality on a busy network

Non-repudiation

You can't deny that you did what you did - Proof of integrity and origin of data - authentication can be asserted with high assurance

Circuit level firewalls, and a common use

divides connection into itself & source, and itself & destination - Happens occur *transport layer* - Stateful, keep track of TCP/IP connections - Used for proxies

Identify vulnerabilities (aspect of threat modeling)

identify *weaknesses* related to the threats, using the *categories*

Caesar (substitution) cipher

k = key Encrypt = P + k Decrypt = P - k So shift up or down the alphabet by k