Select one of the three topics defined in the essay quiz section on (2024)

Copyright©2016byMcGraw-HillEducation.Allrightsreserved.ExceptaspermittedundertheUnitedStatesCopyrightActof1976,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisher,withtheexceptionthattheprogramlistingsmaybeentered,stored,andexecutedinacomputersystem,buttheymaynotbereproducedforpublication.

ISBN:978-0-07-183597-8MHID:0-07-183597-0

ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:978-0-07-183601-2,MHID:0-07-183601-2.

eBookconversionbycodeMantraVersion1.0

Alltrademarksaretrademarksoftheirrespectiveowners.Ratherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.Wheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcaps.

McGraw-HillEducationeBooksareavailableatspecialquantitydiscountstouseaspremiumsandsalespromotionsorforuseincorporatetrainingprograms.Tocontactarepresentative,pleasevisittheContactUspageatwww.mhprofessional.com.

SANSInstituteITCodeofEthicsreproducedwithpermission,©SANSInstitute.

InformationhasbeenobtainedbyMcGraw-HillEducationfromsourcesbelievedtobereliable.However,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGraw-HillEducation,orothers,

McGraw-HillEducationdoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformation.

McGraw-HillEducationisanindependententityfromCompTIA®.ThispublicationanddigitalcontentmaybeusedinassistingstudentstopreparefortheCompTIASecurity+exam.NeitherCompTIAnorMcGraw-HillEducationwarrantsthatuseofthispublicationanddigitalcontentwillensurepassinganyexam.CompTIAandCompTIASecurity+aretrademarksorregisteredtrademarksofCompTIAintheUnitedStatesand/orothercountries.Allothertrademarksaretrademarksoftheirrespectiveowners.

TERMSOFUSE

ThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserveallrightsinandtothework.Useofthisworkissubjecttotheseterms.ExceptaspermittedundertheCopyrightActof1976andtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGraw-HillEducation’spriorconsent.Youmayusetheworkforyourownnoncommercialandpersonaluse;anyotheruseoftheworkisstrictlyprohibited.Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththeseterms.

THEWORKISPROVIDED“ASIS.”McGRAW-HILLEDUCATIONANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOF

MERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.McGraw-HillEducationanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedintheworkwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfree.NeitherMcGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtherefrom.McGraw-HillEducationhasnoresponsibilityforthecontentofanyinformationaccessedthroughthework.UndernocircumstancesshallMcGraw-HillEducationand/oritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamages.Thislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwise.

AbouttheAuthorsDr.Wm.ArthurConklinisanassociateprofessorandDirectoroftheCenterforInformationSecurityResearchandEducationintheCollegeofTechnologyattheUniversityofHouston.Heholdstwoterminaldegrees,aPh.D.inBusinessAdministration(specializinginInformationSecurity)fromTheUniversityofTexasatSanAntonio(UTSA)andthedegreeElectricalEngineer(specializinginSpaceSystemsEngineering)fromtheNavalPostgraduateSchoolinMonterey,CA.HeholdsCompTIASecurity+,CISSP,CSSLP,CRISC,DFCP,GICSP,andCASPcertifications.AnISSAFellow,heisalsoaseniormemberofASQandamemberofIEEEandACM.Hisresearchinterestsincludetheuseofsystemstheorytoexploreinformationsecurity,specificallyincyber-physicalsystems.Hehascoauthoredsixsecuritybooksandnumerousacademicarticlesassociatedwithinformationsecurity.HeisactiveintheDHS-sponsoredIndustrialControlSystemsJointWorkingGroup(ICSJWG)effortsassociatedwithworkforcedevelopmentandcybersecurityaspectsofindustrialcontrolsystems.Hehasanextensivebackgroundinsecurecodingandisaformerco-chairoftheDHS/DoDSoftwareAssuranceForumworkinggroupforworkforceeducation,training,anddevelopment.

Dr.GregoryWhitehasbeeninvolvedincomputerandnetworksecuritysince1986.Hespent19yearsonactivedutywiththeU.S.AirForceandiscurrentlyintheAirForceReservesassignedtothePentagon.HeobtainedhisPh.D.inComputerSciencefromTexasA&MUniversityin1995.Hisdissertationtopicwasintheareaofcomputernetworkintrusiondetection,andhecontinuestoconductresearchinthisareatoday.HeiscurrentlytheDirectorfortheCenterforInfrastructureAssuranceandSecurityandisanassociateprofessorofcomputerscienceatTheUniversityofTexasatSanAntonio.Dr.Whitehaswrittenandpresentednumerousarticlesandconferencepapersonsecurity.Heisalsothecoauthorforfivetextbooksoncomputerandnetworksecurityandhaswrittenchaptersfortwoothersecuritybooks.Dr.Whitecontinuestobeactiveinsecurityresearch.His

currentresearchinitiativesincludeeffortsinhigh-speedintrusiondetection,communityinfrastructureprotection,andvisualizationofcommunityandorganizationsecuritypostures.

DwayneWilliamsisAssociateDirector,SpecialProjectsfortheCenterforInfrastructureAssuranceandSecurity(CIAS)attheUniversityofTexasatSanAntonioandhasmorethan22yearsofexperienceininformationsystemsandnetworksecurity.Mr.Williams’sexperienceincludessixyearsofcommissionedmilitaryserviceasaCommunications-ComputerInformationSystemsOfficerintheU.S.AirForce,specializinginnetworksecurity,corporateinformationprotection,intrusiondetectionsystems,incidentresponse,andVPNtechnology.PriortojoiningtheCIAS,heservedasDirectorofConsultingforSecureLogixCorporation,wherehedirectedandprovidedsecurityassessmentandintegrationservicestoFortune100,government,publicutility,oilandgas,financial,andtechnologyclients.Mr.Williamsgraduatedin1993fromBaylorUniversitywithaBachelorofArtsinComputerScience.Mr.WilliamsisaCertifiedInformationSystemsSecurityProfessional(CISSP),CompTIAAdvancedSecurityPractitioner(CASP),andcoauthorofMcGraw-Hill’sVoiceandDataSecurity,CompTIASecurity+All-in-OneExamGuide,andCASPCompTIAAdvancedSecurityPractitionerCertificationStudyGuide.

RogerL.Davis,CISSP,CISM,CISA,isanAccountManagerforMicrosoft.HehasservedaspresidentoftheUtahchapteroftheInformationSystemsSecurityAssociation(ISSA)andvariousboardpositionsfortheUtahchapteroftheInformationSystemsAuditandControlAssociation(ISACA).HeisaretiredAirForcelieutenantcolonelwith35yearsofmilitaryandinformationsystems/securityexperience.Mr.DavisservedonthefacultyofBrighamYoungUniversityandtheAirForceInstituteofTechnology.HecoauthoredMcGraw-Hill’sCompTIASecurity+All-in-OneExamGuideandVoiceandDataSecurity.HeholdsaMaster’sdegreeinComputerSciencefromGeorgeWashingtonUniversity,aBachelor’sdegreeinComputerSciencefromBrigham

YoungUniversity,andperformedpost-graduatestudiesinelectricalengineeringandcomputerscienceattheUniversityofColorado.

ChuckCothren,CISSP,isaPrincipalSolutionsSpecialistatSymantecCorporationapplyingawidearrayofnetworksecurityexperience,includingperformingcontrolledpenetrationtesting,incidentresponse,andsecuritymanagementtoassistawidevarietyofclientsintheprotectionoftheircriticaldata.HehasalsoanalyzedsecuritymethodologiesforVoiceoverInternetProtocol(VoIP)systemsandsupervisorycontrolanddataacquisition(SCADA)systems.HeiscoauthorofthebooksVoiceandDataSecurity,andCompTIASecurity+All-in-OneExamGuide.

AbouttheTechnicalEditorBobbyE.RogersisanInformationSecurityEngineerworkingasacontractorforDepartmentofDefenseagencies,helpingtosecure,certify,andaccredittheirinformationsystems.Hisdutiesincludeinformationsystemsecurityengineering,riskmanagement,andcertificationandaccreditationefforts.Heretiredafter21yearsintheUnitedStatesAirForce,servingasanetworksecurityengineerandinstructor,andhassecurednetworksallovertheworld.BobbyhasaMaster’sdegreeinInformationAssurance(IA),andispursuingadoctoraldegreeinCybersecurityfromCapitolTechnologyUniversity,Maryland.HismanycertificationsincludeCRISC,CISSP-ISSEP,C|EH,andMCSE:SecurityaswellastheCompTIAA+,Network+,Security+,andMobility+certifications.

AcknowledgmentsThisbookisdedicatedtothemanysecurityprofessionalswhodaily

worktoensurethesafetyofournation’scriticalinfrastructures.Wewanttorecognizethethousandsofdedicatedindividualswhostrivetoprotect

ournationalassetsbutwhoseldomreceivepraiseandoftenareonlynoticedwhenanincidentoccurs.Toyou,wesaythankyouforajobwell

done!

We,theauthorsofPrinciplesofComputerSecurity,FourthEdition,havemanyindividualswhoweneedtoacknowledge—individualswithoutwhomthiseffortwouldnothavebeensuccessful.ThiseditionwouldnothavebeenpossiblewithoutTimGreen,whosesupportandfaithintheauthorsmadethiseditionpossible.Hebroughttogetheranall-starproductionteamthatmadethisbookmorethanjustanewedition,butacompletelearningsystem.ThelistneedstostartwiththosefolksatMcGraw-HillEducationwho

workedtirelesslywiththeproject’smultipleauthorsandcontributorsandledussuccessfullythroughtheminefieldthatisabookscheduleandwhotookourroughchaptersanddrawingsandturnedthemintoafinal,professionalproductwecanbeproudof.WethankallthegoodpeoplefromtheAcquisitionsteam,TimGreenandAmyStonebraker;fromtheEditorialServicesteam,JodyMcKenzieandHowieSeverson;fromtheIllustrationandProductionteams,JamesKussowandAmarjeetKumarandthecompositionteamatCenveoPublisherServices.Wealsothankthetechnicaleditor,BobbyRogers;thecopyeditor,BillMcManus;theproofreader,PaulTyler;andtheindexer,JackLewis;foralltheirattentiontodetailthatmadethisafinerworkaftertheyfinishedwithit.Wealsoneedtoacknowledgeourcurrentemployerswho,toourgreat

delight,haveseenfittopayustoworkinacareerfieldthatweallfindexcitingandrewarding.Thereisneveradullmomentinsecurity,becauseitisconstantlychanging.WewouldliketothankArtConklinforherdingthecatsonthisone.

Finally,wewouldeachliketoindividuallythankthosepeoplewho—onapersonalbasis—haveprovidedthecoresupportforusindividually.Withoutthesespecialpeopleinourlives,noneofuscouldhaveputthisworktogether.

—TheAuthorTeam

ToSusan,yourloveandsupportiswhatenablesmetodoallthethingsIdo.

—ArtConklin,Ph.D.Iwouldliketothankmywife,Charlan,forthetremendoussupportshehasalwaysgivenme.Itdoesn’tmatterhowmanytimesIhaveswornthatI’llnevergetinvolvedwithanotherbookprojectonlytoreturnwithinmonthstoyetanotherone;throughitall,shehasremainedsupportive.IwouldalsoliketopubliclythanktheUnitedStatesAirForce,which

providedmenumerousopportunitiessince1986tolearnmoreaboutsecuritythanIeverknewexisted.Towhoeveritwaswhodecidedtosendmeasayoungcaptain—freshfromcompletingmymaster’sdegreeinartificialintelligence—tomyfirstassignmentincomputersecurity:thankyou,ithasbeenagreatadventure!

—GregoryB.White,Ph.D.Josie,thankyouforalltheloveandsupport.Macon,John,thisisforyou.

—ChuckCothrenGeena,thanksforbeingmybestfriendandmygreatestsupport.AnythingIamisbecauseofyou.Lovetomykidsandgrandkids!

—RogerL.DavisTomywifeandbestfriend,Leah,foryourlove,energy,andsupport—thankyouforalwaysbeingthere.Here’stomanymoreyearstogether.

—DwayneWilliams

ABOUTTHISBOOK

ImportantTechnologySkillsInformationtechnology(IT)offersmanycareerpaths,andinformationsecurityisoneofthefastest-growingtracksforITprofessionals.Thisbookprovidescoverageofthematerialsyouneedtobeginyourexplorationofinformationsecurity.InadditiontocoveringalloftheCompTIASecurity+examobjectives,additionalmaterialisincludedtohelpyoubuildasolidintroductoryknowledgeofinformationsecurity.

ProvenLearningMethodKeepsYouonTrackDesignedforclassroomuseandwrittenbyinstructorsforuseintheirownclasses,PrinciplesofComputerSecurityisstructuredtogiveyoucomprehensiveknowledgeofinformationsecurity.Thetextbook’sactivelearningmethodologyguidesyoubeyondmererecalland—throughthought-provokingactivities,labs,andsidebars—helpsyoudevelopcritical-thinking,diagnostic,andcommunicationskills.

EffectiveLearningToolsThisfeature-richtextbookisdesignedtomakelearningeasyandenjoyableandtohelpyoudeveloptheskillsandcritical-thinkingabilitiesthatwillenableyoutoadapttodifferentjobsituationsandtotroubleshootproblems.Writtenbyinstructorswithdecadesofcombinedinformationsecurityexperience,thisbookconveyseventhemostcomplexissuesinanaccessible,easy-tounderstandformat.

Eachchapterincludes

LearningObjectivesthatsetmeasurablegoalsforchapter-by-chapterprogress

Illustrationsthatgiveyouaclearpictureoftheconceptsandtechnologies

TryThis!,CrossCheck,andTechTipsidebarsthatencourageyoutopracticeandapplyconceptsinreal-worldsettings

Notes,Tips,andWarningsthatguideyou,andExamTipsthatgiveyouadviceorprovideinformationspecificallyrelatedtopreparingfortheexam

ChapterSummariesandKeyTermsListsthatprovideyouwithaneasywaytoreviewimportantconceptsandvocabulary

ChallengingEnd-of-ChapterTeststhatincludevocabulary-buildingexercises,multiple-choicequestions,essayquestions,andon-the-joblabprojects

CompTIAAPPROVEDQUALITYCONTENT

ItPaystoGetCertifiedInadigitalworld,digitalliteracyisanessentialsurvivalskill.Certificationdemonstratesthatyouhavetheknowledgeandskilltosolvetechnicalorbusinessproblemsinvirtuallyanybusinessenvironment.CompTIAcertificationsarehighlyvaluedcredentialsthatqualifyyouforjobs,increasedcompensation,andpromotion.

CompTIASecurity+CertificationHelpsYour

Career

Securityisoneofthehighestdemandjobcategories,growinginimportanceasthefrequencyandseverityofsecuritythreatscontinuestobeamajorconcernfororganizationsaroundtheworld.

Jobsforsecurityadministratorsareexpectedtoincreaseby18%—theskillsetrequiredforthesetypesofjobsmapstotheCompTIASecurity+certification.

NetworkSecurityAdministratorscanearnasmuchas$106,000peryear.

CompTIASecurity+isthefirststepinstartingyourcareerasaNetworkSecurityAdministratororSystemsSecurityAdministrator.

Morethan250,000individualsworldwideareCompTIASecurity+certified.

CompTIASecurity+isregularlyusedinorganizationssuchasHitachiSystems,FujiXerox,HP,Dell,andavarietyofmajorU.S.governmentcontractors.

ApprovedbytheU.S.DepartmentofDefense(DoD)asoneoftherequiredcertificationoptionsintheDoD8570.01-Mdirective,forInformationAssuranceTechnicalLevelIIandManagementLevelIjobroles.

StepstoGettingCertifiedandStayingCertified1.Reviewtheexamobjectives.Reviewthecertificationobjectivesto

makesureyouknowwhatiscoveredintheexam:http://certification.comptia.org/examobjectives.aspx

2.Practicefortheexam.Afteryouhavestudiedforthecertificationexam,reviewandanswersamplequestionstogetanideaofwhattypeofquestionsmightbeontheexam:http://certification.comptia.org/samplequestions.aspx

3.Purchaseanexamvoucher.YoucanpurchaseexamvouchersontheCompTIAMarketplace,www.comptiastore.com.

4.Takethetest!GotothePearsonVUEwebsite,www.pearsonvue.com/comptia/,andscheduleatimetotakeyourexam.

5.Staycertified!EffectiveJanuary1,2011,newCompTIASecurity+certificationsarevalidforthreeyearsfromthedateofcertification.Thereareanumberofwaysthecertificationcanberenewed.Formoreinformationgotohttp://certification.comptia.org/ce.

ForMoreInformationVisitCompTIAonlineGotohttp://certification.comptia.org/home.aspxtolearnmoreaboutgettingCompTIAcertified.

ContactCompTIAPleasecall866-835-8020andchooseOption2,ore-mail[emailprotected].

ConnectwithCompTIAFindCompTIAonFacebook,LinkedIn,Twitter,andYouTube.

mailto:[emailprotected]

ContentSealofQualityThiscoursewarebearsthesealofCompTIAApprovedQualityContent.Thissealsignifiesthiscontentcovers100percentoftheexamobjectivesandimplementsimportantinstructionaldesignprinciples.CompTIArecommendsmultiplelearningtoolstohelpincreasecoverageofthelearningobjectives.

CAQCDisclaimerThelogooftheCompTIAApprovedQualityContent(CAQC)programandthestatusofthisorothertrainingmaterialas“Approved”undertheCompTIAApprovedQualityContentprogramsignifiesthat,inCompTIA’sopinion,suchtrainingmaterialcoversthecontentofCompTIA’srelatedcertificationexam.ThecontentsofthistrainingmaterialwerecreatedfortheCompTIA

Security+examcoveringCompTIAcertificationobjectivesthatwerecurrentasofthedateofpublication.CompTIAhasnotreviewedorapprovedtheaccuracyofthecontentsof

thistrainingmaterialandspecificallydisclaimsanywarrantiesofmerchantabilityorfitnessforaparticularpurpose.CompTIAmakesnoguaranteeconcerningthesuccessofpersonsusinganysuch“Approved”orothertrainingmaterialinordertoprepareforanyCompTIAcertificationexam.

CONTENTSATAGLANCE

Chapter1 IntroductionandSecurityTrends

Chapter2 GeneralSecurityConcepts

Chapter3 OperationalandOrganizationalSecurity

Chapter4 TheRoleofPeopleinSecurity

Chapter5 Cryptography

Chapter6 PublicKeyInfrastructure

Chapter7 PKIStandardsandProtocols

Chapter8 PhysicalSecurity

Chapter9 NetworkFundamentals

Chapter10 InfrastructureSecurity

Chapter11 AuthenticationandRemoteAccess

Chapter12 WirelessSecurityandMobileDevices

Chapter13 IntrusionDetectionSystemsandNetworkSecurity

Chapter14 SystemHardeningandBaselines

Chapter15 TypesofAttacksandMaliciousSoftware

Chapter16 E-MailandInstantMessaging

Chapter17 WebComponents

Chapter18 SecureSoftwareDevelopment

Chapter19 BusinessContinuityandDisasterRecovery,andOrganizationalPolicies

Chapter20 RiskManagement

Chapter21 ChangeManagement

Chapter22 IncidentResponse

Chapter23 ComputerForensics

Chapter24 LegalIssuesandEthics

Chapter25 Privacy

AppendixA CompTIASecurity+ExamObjectives:SY0-401

AppendixB AbouttheDownload

Glossary

Index

CONTENTS

ForewordPrefaceIntroductionInstructorWebSite

Chapter1IntroductionandSecurityTrendsTheComputerSecurityProblem

DefinitionofComputerSecurityHistoricalSecurityIncidentsTheCurrentThreatEnvironmentThreatstoSecuritySecurityTrends

TargetsandAttacksSpecificTargetOpportunisticTargetMinimizingPossibleAvenuesofAttack

ApproachestoComputerSecurityEthicsAdditionalReferencesChapter1Review

Chapter2GeneralSecurityConceptsBasicSecurityTerminology

SecurityBasics

SecurityTenetsSecurityApproachesSecurityPrinciplesAccessControlAuthenticationMechanismsAuthenticationandAccessControlPolicies

SecurityModelsConfidentialityModelsIntegrityModels

Chapter2Review

Chapter3OperationalandOrganizationalSecurityPolicies,Procedures,Standards,andGuidelines

SecurityPoliciesChangeManagementPolicyDataPoliciesHumanResourcesPoliciesDueCareandDueDiligenceDueProcessIncidentResponsePoliciesandProcedures

SecurityAwarenessandTrainingSecurityPolicyTrainingandProceduresRole-BasedTrainingCompliancewithLaws,BestPractices,andStandardsUserHabitsNewThreatsandSecurityTrends/AlertsTrainingMetricsandCompliance

InteroperabilityAgreementsServiceLevelAgreementsBusinessPartnershipAgreement

MemorandumofUnderstandingInterconnectionSecurityAgreement

TheSecurityPerimeterPhysicalSecurity

PhysicalAccessControlsPhysicalBarriers

EnvironmentalIssuesFireSuppression

WirelessElectromagneticEavesdropping

ModernEavesdroppingChapter3Review

Chapter4TheRoleofPeopleinSecurityPeople—ASecurityProblem

SocialEngineeringPoorSecurityPractices

PeopleasaSecurityToolSecurityAwarenessSecurityPolicyTrainingandProcedures

Chapter4Review

Chapter5CryptographyCryptographyinPractice

FundamentalMethodsComparativeStrengthsandPerformanceofAlgorithms

HistoricalPerspectivesSubstitutionCiphersOne-TimePads

AlgorithmsKeyManagementRandomNumbers

HashingFunctionsSHARIPEMDMessageDigestHashingSummary

SymmetricEncryptionDES3DESAESCASTRCBlowfishTwofishIDEABlockvs.StreamSymmetricEncryptionSummary

AsymmetricEncryptionDiffie-HellmanRSAElGamalECCAsymmetricEncryptionSummarySymmetricvs.Asymmetric

QuantumCryptographySteganographyCryptographyAlgorithmUse

ConfidentialityIntegrity

AuthenticationNonrepudiationCipherSuitesKeyExchangeKeyEscrowSessionKeysEphemeralKeysKeyStretchingSecrecyPrinciplesTransportEncryptionDigitalSignaturesDigitalRightsManagementCryptographicApplicationsUseofProvenTechnologies

Chapter5Review

Chapter6PublicKeyInfrastructureTheBasicsofPublicKeyInfrastructuresCertificateAuthoritiesRegistrationAuthorities

LocalRegistrationAuthoritiesDigitalCertificates

CertificateExtensionsCertificateAttributes

CertificateLifecyclesRegistrationandGenerationCSRRenewalSuspensionRevocation

KeyDestructionCertificateRepositoriesTrustandCertificateVerificationCentralizedandDecentralizedInfrastructures

HardwareSecurityModulesPrivateKeyProtectionKeyRecoveryKeyEscrow

PublicCertificateAuthoritiesIn-HouseCertificateAuthorities

ChoosingBetweenaPublicCAandanIn-HouseCAOutsourcedCertificateAuthoritiesTyingDifferentPKIsTogetherTrustModels

Certificate-BasedThreatsStolenCertificates

Chapter6Review

Chapter7PKIStandardsandProtocolsPKIXandPKCS

PKIXStandardsPKCSWhyYouNeedtoKnowthePKIXandPKCSStandards

X.509SSL/TLSCipherSuitesISAKMPCMPXKMSS/MIME

IETFS/MIMEHistoryIETFS/MIMEv3Specifications

PGPHowPGPWorks

HTTPSIPsecCEPOtherStandards

FIPSCommonCriteriaWTLSISO/IEC27002(FormerlyISO17799)SAML

Chapter7Review

Chapter8PhysicalSecurityTheSecurityProblemPhysicalSecuritySafeguards

WallsandGuardsPhysicalAccessControlsandMonitoringConvergencePoliciesandProceduresEnvironmentalControls

FireSuppressionWater-BasedFireSuppressionSystemsHalon-BasedFireSuppressionSystemsClean-AgentFireSuppressionSystemsHandheldFireExtinguishersFireDetectionDevices

PowerProtection

UPSBackupPowerandCableShieldingElectromagneticInterference

ElectronicAccessControlSystemsAccessTokens

Chapter8Review

Chapter9NetworkFundamentalsNetworkArchitecturesNetworkTopologyNetworkProtocols

ProtocolsPackets

InternetProtocolIPPacketsTCPvs.UDPICMP

IPv4vs.IPv6PacketDelivery

EthernetLocalPacketDeliveryRemotePacketDeliveryIPAddressesandSubnettingNetworkAddressTranslation

SecurityZonesDMZInternetIntranetExtranetFlatNetworks

EnclavesVLANsZonesandConduits

TunnelingStorageAreaNetworks

iSCSIFibreChannelFCoE

Chapter9Review

Chapter10InfrastructureSecurityDevices

WorkstationsServersVirtualizationMobileDevicesDeviceSecurity,CommonConcernsNetworkAttachedStorageRemovableStorage

NetworkingNetworkInterfaceCardsHubsBridgesSwitchesRoutersFirewallsHowDoFirewallsWork?Next-GenerationFirewallsWebApplicationFirewallsvs.NetworkFirewallsConcentrators

WirelessDevicesModemsTelephonyVPNConcentrator

SecurityDevicesIntrusionDetectionSystemsNetworkAccessControlNetworkMonitoring/DiagnosticLoadBalancersProxiesWebSecurityGatewaysInternetContentFiltersDataLossPreventionUnifiedThreatManagement

MediaCoaxialCableUTP/STPFiberUnguidedMedia

RemovableMediaMagneticMediaOpticalMediaElectronicMedia

SecurityConcernsforTransmissionMediaPhysicalSecurityConcernsCloudComputing

PrivatePublicHybridCommunitySoftwareasaService

PlatformasaServiceInfrastructureasaService

Chapter10Review

Chapter11AuthenticationandRemoteAccessUser,Group,andRoleManagement

UserGroupRole

PasswordPoliciesDomainPasswordPolicy

SingleSign-OnTimeofDayRestrictionsTokensAccountandPasswordExpiration

SecurityControlsandPermissionsAccessControlListsMandatoryAccessControl(MAC)DiscretionaryAccessControl(DAC)Role-BasedAccessControl(RBAC)Rule-BasedAccessControlAttributeBasedAccessControl(ABAC)AccountExpiration

PreventingDataLossorTheftTheRemoteAccessProcess

IdentificationAuthenticationAuthorizationAccessControl

RemoteAccessMethods

IEEE802.1XRADIUSTACACS+AuthenticationProtocolsFTP/FTPS/SFTPVPNsIPsecVulnerabilitiesofRemoteAccessMethods

ConnectionSummaryChapter11Review

Chapter12WirelessSecurityandMobileDevicesIntroductiontoWirelessNetworkingMobilePhones

WirelessApplicationProtocol3GMobileNetworks4GMobileNetworks

BluetoothBluetoothAttacks

NearFieldCommunicationIEEE802.11Series

802.11:IndividualStandardsAttacking802.11CurrentSecurityMethods

WirelessSystemsConfigurationAntennaTypesAntennaPlacementPowerLevelControlsSiteSurveysCaptivePortals

SecuringPublicWi-FiMobileDevices

MobileDeviceSecurityBYODConcernsLocationServicesMobileApplicationSecurity

Chapter12Review

Chapter13IntrusionDetectionSystemsandNetworkSecurityHistoryofIntrusionDetectionSystemsIDSOverview

IDSModelsSignaturesFalsePositivesandFalseNegatives

Network-BasedIDSsAdvantagesofaNIDSDisadvantagesofaNIDSActivevs.PassiveNIDSsNIDSTools

Host-BasedIDSsAdvantagesofHIDSsDisadvantagesofHIDSsActivevs.PassiveHIDSsResurgenceandAdvancementofHIDSs

IntrusionPreventionSystemsHoneypotsandHoneynetsTools

ProtocolAnalyzerSwitchedPortAnalyzerPortScanner

Passivevs.ActiveToolsBannerGrabbing

Chapter13Review

Chapter14SystemHardeningandBaselinesOverviewofBaselinesOperatingSystemandNetworkOperatingSystemHardening

OSSecurityHostSecurity

MachineHardeningOperatingSystemSecurityandSettingsOSHardeningHardeningMicrosoftOperatingSystemsHardeningUNIX-orLinux-BasedOperatingSystemsUpdates(a.k.a.Hotfixes,ServicePacks,andPatches)AntimalwareWhiteListingvs.BlackListingApplicationsTrustedOSHost-basedFirewallsHardwareSecurityHostSoftwareBaselining

Host-BasedSecurityControlsHardware-BasedEncryptionDevicesDataEncryptionDataSecurityHandlingBigDataCloudStorageStorageAreaNetworkPermissions/ACL

NetworkHardening

SoftwareUpdatesDeviceConfigurationSecuringManagementInterfacesVLANManagementIPv4vs.IPv6

ApplicationHardeningApplicationConfigurationBaselineApplicationPatchesPatchManagementHostSoftwareBaselining

GroupPoliciesSecurityTemplatesAlternativeEnvironments

SCADAEmbeddedSystemsPhonesandMobileDevicesMainframeGameConsolesIn-VehicleComputingSystemsAlternativeEnvironmentMethodsNetworkSegmentationSecurityLayersApplicationFirewallsManualUpdatesFirmwareVersionControlWrappersControlRedundancyandDiversity

Chapter14Review

Chapter15TypesofAttacksandMaliciousSoftware

AvenuesofAttackMinimizingPossibleAvenuesofAttack

MaliciousCodeVirusesWormsPolymorphicMalwareTrojanHorsesRootkitsLogicBombsSpywareAdwareBotnetsBackdoorsandTrapdoorsRansomwareMalwareDefenses

AttackingComputerSystemsandNetworksDenial-of-ServiceAttacksSocialEngineeringNullSessionsSniffingSpoofingTCP/IPHijackingMan-in-the-MiddleAttacksReplayAttacksTransitiveAccessSpamSpimPhishingSpearPhishingVishingPharming

ScanningAttacksAttacksonEncryptionAddressSystemAttacksCachePoisoningPasswordGuessingPass-the-HashAttacksSoftwareExploitationClient-SideAttacks

AdvancedPersistentThreatRemoteAccessTrojans

ToolsMetasploitBackTrack/KaliSocial-EngineeringToolkitCobaltStrikeCoreImpactBurpSuite

AuditingPerformRoutineAudits

Chapter15Review

Chapter16E-MailandInstantMessagingHowE-MailWorks

E-MailStructureMIME

SecurityofE-MailMaliciousCodeHoaxE-MailsUnsolicitedCommercialE-Mail(Spam)SenderIDFramework

DomainKeysIdentifiedMailMailEncryption

S/MIMEPGP

InstantMessagingModernInstantMessagingSystems

Chapter16Review

Chapter17WebComponentsCurrentWebComponentsandConcernsWebProtocols

Encryption(SSLandTLS)TheWeb(HTTPandHTTPS)HTTPSEverywhereHTTPStrictTransportSecurityDirectoryServices(DAPandLDAP)FileTransfer(FTPandSFTP)Vulnerabilities

Code-BasedVulnerabilitiesBufferOverflowsJavaJavaScriptActiveXSecuringtheBrowserCGIServer-SideScriptsCookiesBrowserPlug-insMaliciousAdd-onsSignedApplets

Application-BasedWeaknessesSessionHijackingClient-SideAttacksWeb2.0andSecurity

Chapter17Review

Chapter18SecureSoftwareDevelopmentTheSoftwareEngineeringProcess

ProcessModelsSecureDevelopmentLifecycle

SecureCodingConceptsErrorandExceptionHandlingInputandOutputValidationFuzzingBugTracking

ApplicationAttacksCross-SiteScriptingInjectionsDirectoryTraversal/CommandInjectionBufferOverflowIntegerOverflowCross-SiteRequestForgeryZero-DayAttachmentsLocallySharedObjectsClient-SideAttacksArbitrary/RemoteCodeExecutionOpenVulnerabilityandAssessmentLanguage

ApplicationHardeningApplicationConfigurationBaseline

ApplicationPatchManagementNoSQLDatabasesvs.SQLDatabasesServer-Sidevs.Client-SideValidation

Chapter18Review

Chapter19BusinessContinuityandDisasterRecovery,andOrganizationalPolicies

BusinessContinuityBusinessContinuityPlansBusinessImpactAnalysisIdentificationofCriticalSystemsandComponentsRemovingSinglePointsofFailureRiskAssessmentSuccessionPlanningContinuityofOperations

DisasterRecoveryDisasterRecoveryPlans/ProcessCategoriesofBusinessFunctionsITContingencyPlanningTest,Exercise,andRehearseRecoveryTimeObjectiveandRecoveryPointObjectiveBackupsAlternativeSitesUtilitiesSecureRecoveryCloudComputingHighAvailabilityandFaultToleranceFailureandRecoveryTiming

Chapter19Review

Chapter20RiskManagementAnOverviewofRiskManagement

ExampleofRiskManagementattheInternationalBankingLevelRiskManagementVocabulary

WhatIsRiskManagement?RiskManagementCulture

BusinessRisksExamplesofBusinessRisksExamplesofTechnologyRisks

RiskMitigationStrategiesChangeManagementIncidentManagementUserRightsandPermissionsReviewsDataLossorTheft

RiskManagementModelsGeneralRiskManagementModelSoftwareEngineeringInstituteModelNISTRiskModelsModelApplication

QualitativelyAssessingRiskQuantitativelyAssessingRisk

AddingObjectivitytoaQualitativeAssessmentRiskCalculation

Qualitativevs.QuantitativeRiskAssessmentTools

Cost-EffectivenessModelingRiskManagementBestPractices

SystemVulnerabilitiesThreatVectorsProbability/ThreatLikelihood

Risk-Avoidance,Transference,Acceptance,Mitigation,DeterrenceRisksAssociatedwithCloudComputingandVirtualization

Chapter20Review

Chapter21ChangeManagementWhyChangeManagement?TheKeyConcept:SeparationofDutiesElementsofChangeManagementImplementingChangeManagement

Back-outPlanThePurposeofaChangeControlBoard

CodeIntegrityTheCapabilityMaturityModelIntegrationChapter21Review

Chapter22IncidentResponseFoundationsofIncidentResponse

IncidentManagementAnatomyofanAttackGoalsofIncidentResponse

IncidentResponseProcessPreparationSecurityMeasureImplementationIncidentIdentification/DetectionInitialResponseIncidentIsolationStrategyFormulationInvestigationRecovery/ReconstitutionProcedures

ReportingFollow-up/LessonsLearned

StandardsandBestPracticesStateofCompromiseNISTDepartmentofJusticeIndicatorsofCompromiseCyberKillChainMakingSecurityMeasurable

Chapter22Review

Chapter23ComputerForensicsEvidence

TypesofEvidenceStandardsforEvidenceThreeRulesRegardingEvidence

ForensicProcessAcquiringEvidenceIdentifyingEvidenceProtectingEvidenceTransportingEvidenceStoringEvidenceConductingtheInvestigation

AnalysisChainofCustodyMessageDigestandHashHostForensics

FileSystems WindowsMetadataLinuxMetadata

DeviceForensicsNetworkForensicsE-Discovery

ReferenceModelBigDataCloud

Chapter23Review

Chapter24LegalIssuesandEthicsCybercrime

CommonInternetCrimeSchemesSourcesofLawsComputerTrespassSignificantU.S.LawsPaymentCardIndustryDataSecurityStandard(PCIDSS)Import/ExportEncryptionRestrictionsNon-U.S.LawsDigitalSignatureLawsDigitalRightsManagement

EthicsChapter24Review

Chapter25PrivacyPersonallyIdentifiableInformation(PII)

SensitivePIINotice,Choice,andConsent

U.S.PrivacyLawsPrivacyActof1974FreedomofInformationAct(FOIA)

FamilyEducationRecordsandPrivacyAct(FERPA)U.S.ComputerFraudandAbuseAct(CFAA)U.S.Children’sOnlinePrivacyProtectionAct(COPPA)VideoPrivacyProtectionAct(VPPA)HealthInsurancePortability&AccountabilityAct(HIPAA)Gramm-Leach-BlileyAct(GLBA)CaliforniaSenateBill1386(SB1386)U.S.BankingRulesandRegulationsPaymentCardIndustryDataSecurityStandard(PCIDSS)FairCreditReportingAct(FCRA)FairandAccurateCreditTransactionsAct(FACTA)

Non-FederalPrivacyConcernsintheUnitedStatesInternationalPrivacyLaws

OECDFairInformationPracticesEuropeanLawsCanadianLawsAsianLaws

Privacy-EnhancingTechnologiesPrivacyPolicies

PrivacyImpactAssessmentWebPrivacyIssues

CookiesPrivacyinPractice

UserActionsDataBreaches

Chapter25Review

AppendixACompTIASecurity+ExamObjectives:SY0-401

AppendixB

AbouttheDownloadSystemRequirementsDownloadingTotalTesterPremiumPracticeExamSoftwareTotalTesterPremiumPracticeExamSoftware

InstallingandRunningTotalTesterTechnicalSupport

TotalSeminarsTechnicalSupportMcGraw-HillEducationContentSupport

Glossary

Index

FOREWORD

Selectingabookistrickyforme.Ifitisforpersonalreading,willIlikereadingit?Ifitisformyprofessionaldevelopment,willitmeettheneed?Ifitisformystudents,willitbeclearandconcise?ThisneweditionofPrinciplesofComputerSecuritypassesallthreetestswithflyingcolors.Ienjoyedreadingit.IfIneededtopasstheCompTIASecurity+orotherpractitionerexamination,itwouldprepareme.Andfinally,basedonpersonalexperience,studentswilllikethisbookandfindittobevaluablereadingandstudymaterial.Itevenhaspracticeexamsforcertificationformyconvenience.Formorethan40yearsIhaveworkedinsomevarietyofcomputer

security.Whenpeopleaskmewhatdefinesmyjob,Irespondwith“Idon’tknowuntilIreadthemorningnewspaperbecausethesecurityenvironmentchangesrapidly.”Ifyouwanttogetintothecomputersecurityindustry,readingandunderstandingthisbookisagreatintroduction.Nowinitsfourthedition,the25chaptersofPrinciplesofComputerSecurityfocusonabroadspectrumofimportanttopicstopreparethereadertobeacertifiedcomputersecuritypractitioner.Therealdealmakerformeisthefurtherendorsementofthecontents:thebookisbasedonCompTIAApprovedQualityContent(CAQC)andservesasbothanexampreparationguideandausefulreference.Dr.Conklinandhisteamofcoauthorseasethereaderintothemeatof

thetopicbyreviewingbothsecuritytrendsandconcepts.Theythenaddresssecurityfromtwodifferentperspectives.Firsttheyfocusontheorganization’sneedforsecurity,andthenfocusontheimportantroleofpeople.Thesetwoperspectivesareintertwined;itisessentialforasecuritypractitionertounderstandthesecurityenvironmentandhowthepeoplemakeitwork.Everypractitionerneedstounderstandtheunderlyingtechnologyand

toolsofcomputersecurity.Someindividualshaveanideaaboutsecuritytopicsbutdonothavetheessentialknowledgeneededtoaddressthemindepth.Theauthorshaveprovidedninemasterfulchaptersintroducingthesekeyconcepts.Forexample,inasinglechaptertheyprovidethebasisforthereadertodealwithsecurityofnetworks.Thischaptersupportseverythingthereaderneedstoknowtoaddressstandardsandprotocols,infrastructuresecurity,remoteaccessandauthentication,aswellaswireless.Theauthorsintegratetheseconceptstosupportpublickeyinfrastructure(PKI)andintrusiondetectionsystemsfornetworksecuritywithoutforgettingtheimportanceofphysicalsecurityinprotectingtheinformationsystemaswellasinfrastructure.Oneofthemostdebatedtopicsinsecurityistheimportanceof

cryptography.Somewouldassertthatalmostalldigitalsecuritycanbeaccomplishedwithcryptography,thatsecurityandcryptographyareinseparable,withcryptographybeingthecornerstoneofsecuringdatainbothtransmissionandstorage.However,ifcomputersecuritywereaseasyas“encrypteverything,”thiswouldbeaveryshortbook.Whilecryptographyisveryimportantandaverycomplexsecuritymeasure,itisnotapanacea—butitdoesprovideforlivelydiscussions.Theauthorsbringallthesecomponentstogetherwithacomprehensivechapteronintrusiondetectionandprevention.Oncethereaderhasmasteredthebasics,theauthorsaddresse-mail,

malicioussoftware,instantmessaging,andwebcomponentsinsuchawaythatthereadercanapplyhisorherknowledgeofnetworksandsecurityfundamentals.Thereaderwillthenbeprovidedwithanoverviewofsecuresoftwaredevelopment.In2015,boththeU.S.DepartmentofHomelandSecurityandCSOmagazineconcludedthatpoorlydevelopedsoftwareisoneofthebiggestcyberthreats—perhaps90percentofthethreatscomethroughpoorsoftwaredesign.Inthefinalanalysis,securityisreallyallaboutriskmanagement.What

isyourorganization’sappetiteforriskandhowisthatriskmanaged?Thechapterscoveringriskmanagementleadthereaderthroughtheselesstechnicalissuestogainanunderstandinghowtheseimpactthe

organization.Baselinesandchangemanagementareessentialtounderstandingwhatassetsarebeingsecuredandhowtheyarebeingchanged.Areaderwholearnstheseskillswellwillbeabletoworkinincidentresponse,disasterrecovery,andbusinesscontinuity.Understandingtheseprocessesandhowtheyworkwithtechnicalissuesexpandscareeropportunities.Theauthorsconcludetheirreviewoftheprinciplesofcomputersecurity

withanexaminationofprivacy,legalissues,andethics.Althoughthesetopicsappearattheendofthebook,theyarecrucialissuesinthemodernworld.Remember,asacomputersecuritypractitioner,youwillhavelegalaccesstomoredataandinformationthananyelseintheorganization.Althoughnotthelastchapterinthebook,Ihavedecidedtocommenton

forensicslast.Theauthorshavedoneawonderfuljobofaddressingthiscomplextopic.Butwhymentionitlast?Becausemanytimesforensicsiswhatonedoesaftercomputersecurityfails.Itmakesagoodepitaphforawonderfulbook.Tonightitis15degreesandsnowingoutsidewhileIsitinmystudy—

warm,dry,andcomfortable;myhomeismycastle.Notbadformid-winterinIdaho;however,IshouldnotforgetthatonereasonIamcomfortableisbecausecertifiedcomputersecuritypractitionersareprotectingmyinformationandprivacyaswellasthecriticalinfrastructurethatsupportsit.

ForInstructorsIhavetaughtfromprioreditionsofthisbookandhaveuseditscompanionlaboratorymanualforseveralyears.BothPrinciplesofComputerSecurity,FourthEditionandPrinciplesofComputerSecurityLabManual,FourthEditionhaveinstructormaterialsonacompanionWebsiteavailabletoadoptinginstructors.Instructormanuals,includingtheanswerstotheend-of-chapterquestions,PowerPointslides,andthetestbankofquestionsforuseasquizzesorexams,makepreparationasnap.

CoreyD.Schou,PhDSeriesEditor

UniversityProfessorofInformaticsProfessorofComputerScience

DirectoroftheNationalInformationAssuranceTrainingandEducationCenter

IdahoStateUniversity

PREFACE

InformationandcomputersecurityhasmovedfromtheconfinesofacademiatomainstreamAmericainthe21stcentury.Databreaches,informationdisclosures,andhigh-profilehacksinvolvingthetheftofinformationandintellectualpropertyseemtobearegularstapleofthenews.Ithasbecomeincreasinglyobvioustoeverybodythatsomethingneedstobedonetosecurenotonlyournation’scriticalinfrastructurebutalsothebusinesseswedealwithonadailybasis.Thequestionis,“Wheredowebegin?”Whatcantheaverageinformationtechnologyprofessionaldotosecurethesystemsthatheorsheishiredtomaintain?Oneimmediateansweriseducationandtraining.Ifwewanttosecureourcomputersystemsandnetworks,weneedtoknowhowtodothisandwhatsecurityentails.Ourwayoflife,fromcommercetomessagingtobusiness

communicationsandevensocialmedia,dependsontheproperfunctioningofourworldwideinfrastructure.Acommonthreadthroughoutallofthese,however,istechnology—especiallytechnologyrelatedtocomputersandcommunication.Thus,anindividual,organization,ornationwhowantedtocausedamagetothisnationcouldattackitnotjustwithtraditionalweaponsbutwithcomputersthroughtheInternet.Complacencyisnotanoptionintoday’shostilenetworkenvironment.Theprotectionofournetworksandsystemsisnotthesoledomainoftheinformationsecurityprofessional,butrathertheresponsibilityofallwhoareinvolvedinthedesign,development,deployment,andoperationofthesystemsthatarenearlyubiquitousinourdailylives.Withvirtuallyeverysystemwedependupondailyatrisk,theattacksurfaceandcorrespondingriskprofileisextremelylarge.Informationsecurityhasmaturedfromaseriesoftechnicalissuestoacomprehensiveriskmanagementproblem,andthisbookprovidesthefoundationalmaterialtoengageinthefieldina

professionalmanner.So,wheredoyou,theITprofessionalseekingmoreknowledgeon

security,startyourstudies?Thisbookoffersacomprehensivereviewoftheunderlyingfoundationsandtechnologiesassociatedwithsecuringoursystemsandnetworks.TheITworldisoverflowingwithcertificationsthatcanbeobtainedbythoseattemptingtolearnmoreabouttheirchosenprofession.Theinformationsecuritysectorisnodifferent,andtheCompTIASecurity+examoffersabasiclevelofcertificationforsecurity.InthepagesofthisbookyouwillfindnotonlymaterialthatcanhelpyoupreparefortakingtheCompTIASecurity+exambutalsothebasicinformationthatyouwillneedinordertounderstandtheissuesinvolvedinsecuringyourcomputersystemsandnetworkstoday.Innowayisthisbookthefinalsourceforlearningallaboutprotectingyourorganization’ssystems,butitservesasapointfromwhichtolaunchyoursecuritystudiesandcareer.Onethingiscertainlytrueaboutthisfieldofstudy—itnevergets

boring.Itconstantlychangesastechnologyitselfadvances.Somethingelseyouwillfindasyouprogressinyoursecuritystudiesisthatnomatterhowmuchtechnologyadvancesandnomatterhowmanynewsecuritydevicesaredeveloped,atitsmostbasiclevel,thehumanisstilltheweaklinkinthesecuritychain.Ifyouarelookingforanexcitingareatodelveinto,thenyouhavecertainlychosenwisely.Securityoffersachallengingblendoftechnologyandpeopleissues.Andsecuringthesystemsoftomorrowwillrequireeveryonetoworktogether,notjustsecurity,butdevelopers,operators,andusersalike.We,theauthorsofthisbook,wishyouluckasyouembarkonanexcitingandchallengingcareerpath.

Wm.ArthurConklin,Ph.D.GregoryB.White,Ph.D.

INTRODUCTION

Computersecurityisbecomingincreasinglyimportanttodayasthenumberofsecurityincidentssteadilyclimbs.Manycorporationsarenowspendingsignificantportionsoftheirbudgetsonsecurityhardware,software,services,andpersonnel.Theyarespendingthismoneynotbecauseitincreasessalesorenhancestheproducttheyprovide,butbecauseofthepossibleconsequencesshouldtheynottakeprotectiveactions.Securityhasbecomeacomprehensiveriskmanagementexerciseinfirmsthattaketherisksseriously.

WhyFocusonSecurity?Securityisnotsomethingthatwewanttohavetopayfor;itwouldbeniceifwedidn’thavetoworryaboutprotectingourdatafromdisclosure,modification,ordestructionfromunauthorizedindividuals,butthatisnottheenvironmentwefindourselvesintoday.Instead,wehaveseenthecostofrecoveringfromsecurityincidentssteadilyrisealongwiththeriseinthenumberofincidentsthemselves.Sincehackershavelearnedhowtomonetizehacks,theplayingfieldhasbecomesignificantlymoredangerous.Therearenowincentivesforaprofessionalclassofhackerwiththeintentofreapingbenefitsbothlongandshortterm.Withtheadventofadvancedpersistentthreats,theriseofnation-statehacking,andtheincreaseincriminalactivityfrombotnetstoransomware,theITplayingfieldisnowviewedasacontestedenvironment,onewherehackingcanresultingains.Lawenforcementistoooverwhelmedandunder-resourcedtomakeadentintheproblem,andtheresultisaneedfortrainedsecuritypractitionersinallbusinesssegments—andafurtherneedforsecurity-awareITpersonnelinregularITpositions.Securityhasbecomeamainstreamtopic.

AGrowingNeedforSecuritySpecialistsToprotectourcomputersystemsandnetworks,wewillneedasignificantnumberofnewsecurityprofessionalstrainedinthemanyaspectsofcomputerandnetworksecurity.Thisisnotaneasytask,asthesystemsconnectedtotheInternetbecomeincreasinglycomplex,withsoftwarewhoselinesofcodenumberinthemillions.Understandingwhythisissuchadifficultproblemtosolveisnothardifyouconsiderhowmanyerrorsmightbepresentinapieceofsoftwarethatisseveralmillionlineslong.Whenyouaddtheadditionalfactorofhowfastsoftwareisbeingdeveloped—fromnecessityasthemarketisconstantlymoving—understandinghowerrorsoccuriseasy.Notevery“bug”inthesoftwarewillresultinasecurityhole,butit

doesn’ttakemanytoaffecttheInternetcommunitydrastically.Wecan’tjustblamethevendorsforthissituation,becausetheyarereactingtothedemandsofgovernmentandindustry.Mostvendorsarefairlyadeptatdevelopingpatchesforflawsfoundintheirsoftware,andpatchesareconstantlyissuedtoprotectsystemsfrombugsthatmayintroducesecurityproblems.Thisintroducesawholenewproblemformanagersandadministrators—patchmanagement.Howimportantthishasbecomeiseasilyillustratedbyhowmanyofthemostrecentsecurityeventshaveoccurredasaresultofasecuritybugforwhichapatchwasavailablemonthspriortothesecurityincident;membersofthecommunityhadnotcorrectlyinstalledthepatch,however,thusmakingtheincidentpossible.Oneofthereasonsthishappensisthatmanyoftheindividualsresponsibleforinstallingthepatchesarenottrainedtounderstandthesecurityimplicationssurroundingtheholeortheramificationsofnotinstallingthepatch.Manyoftheseindividualssimplylackthenecessarytraining.Becauseoftheneedforanincreasingnumberofsecurityprofessionals

whoaretrainedtosomeminimumlevelofunderstanding,certificationssuchastheCompTIASecurity+havebeendeveloped.Prospectiveemployerswanttoknowthattheindividualtheyareconsideringhiringknowswhattodointermsofsecurity.Theprospectiveemployee,inturn,wantstohaveawaytodemonstratehisorherlevelofunderstanding,

whichcanenhancethecandidate’schancesofbeinghired.Thecommunityasawholesimplywantsmoretrainedsecurityprofessionals.

PreparingYourselffortheCompTIASecurity+ExamPrinciplesofComputerSecurity,FourthEditionisdesignedtohelpprepareyoutotaketheCompTIASecurity+certificationexam.Whenyoupassit,youwilldemonstrateyouhavethatbasicunderstandingofsecuritythatemployersarelookingfor.Passingthiscertificationexamwillnotbeaneasytask,foryouwillneedtolearnmanythingstoacquirethatbasicunderstandingofcomputerandnetworksecurity.

HowThisBookIsOrganizedThebookisdividedintochapterstocorrespondwiththeobjectivesoftheexamitself.Someofthechaptersaremoretechnicalthanothers—reflectingthenatureofthesecurityenvironmentwhereyouwillbeforcedtodealwithnotonlytechnicaldetailsbutalsootherissuessuchassecuritypoliciesandproceduresaswellastrainingandeducation.Althoughmanyindividualsinvolvedincomputerandnetworksecurityhaveadvanceddegreesinmath,computerscience,informationsystems,orcomputerorelectricalengineering,youdonotneedthistechnicalbackgroundtoaddresssecurityeffectivelyinyourorganization.Youdonotneedtodevelopyourowncryptographicalgorithm,forexample;yousimplyneedtobeabletounderstandhowcryptographyisused,alongwithitsstrengthsandweaknesses.Asyouprogressinyourstudies,youwilllearnthatmanysecurityproblemsarecausedbythehumanelement.Thebesttechnologyintheworldstillendsupbeingplacedinanenvironmentwherehumanshavetheopportunitytofoulthingsup—andalltoooftendo.

OnwardandUpward

Atthispoint,wehopethatyouarenowexcitedaboutthetopicofsecurity,evenifyouweren’tinthefirstplace.Wewishyouluckinyourendeavorsandwelcomeyoutotheexcitingfieldofcomputerandnetworksecurity.

INSTRUCTORWEBSITE

Forinstructorresources,visitwww.mhprofessional.com/PrinciplesSecurity4e.Adoptingteacherscanaccessthesupportmaterialsidentifiedbelow.ContactyourMcGraw-HillEducationsalesrepresentativefordetailsonhowtoaccessthematerials.

InstructorMaterialsThePrinciplesofComputerSecuritycompanionWebsite(www.mhprofessional.com/PrinciplesSecurity4e)providesmanyresourcesforinstructors:

Answerkeystotheend-of-chapteractivitiesinthetextbook

Answerkeystothelabmanualactivities(labmanualavailableseparately)

EngagingPowerPointslidesonthelecturetopics(includingfull-colorartworkfromthebook)

AnInstructorManual

Accesstotestbankfilesandsoftwarethatallowsyoutogenerateawidearrayofpaper-ornetwork-basedtests,andthatfeaturesautomaticgrading

Hundredsofpracticequestionsandawidevarietyofquestiontypesanddifficultylevels,enablingyoutocustomizeeachtesttomaximizestudentprogress

Blackboardcartridgesandotherformatsmayalsobeavailableuponrequest;contactyoursalesrepresentative

chapter1 IntroductionandSecurityTrends

Securityismostlyasuperstition.Itdoesnotexistinnature,nordothechildrenofmenasawholeexperienceit.Avoidingdangerisnosaferinthelongrunthanoutrightexposure.Lifeis

W

eitheradaringadventureornothing.

—HELENKELLER

Inthischapter,youwilllearnhowto

Definecomputersecurity

Discusscommonthreatsandrecentcomputercrimesthathavebeencommitted

Listanddiscussrecenttrendsincomputersecurity

Describecommonavenuesofattacks

Describeapproachestocomputersecurity

Discusstherelevantethicalissuesassociatedwithcomputersecurity

hyshouldwebeconcernedaboutcomputerandnetworksecurity?Allyouhavetodoisturnonthetelevisionorreadthenewspapertofindoutaboutavarietyofsecurityproblemsthataffectournation

andtheworldtoday.Thedangertocomputersandnetworksmayseemtopaleincomparisontothethreatofterroriststrikes,butinfacttheaveragecitizenismuchmorelikelytobethetargetofanattackontheirownpersonalcomputer,oracomputertheyuseattheirplaceofwork,thantheyaretobethedirectvictimofaterroristattack.Thischapterwillintroduceyoutoanumberofissuesinvolvedinsecuringyourcomputersandnetworksfromavarietyofthreatsthatmayutilizeanyofanumberofdifferentattacks.

TheComputerSecurityProblemFiftyyearsagocompaniesdidnotconductbusinessacrosstheInternet.Onlinebankingandshoppingwereonlydreamsinsciencefictionstories.Today,however,millionsofpeopleperformonlinetransactionseveryday.CompaniesrelyontheInternettooperateandconductbusiness.Vastamountsofmoneyaretransferredvianetworks,intheformofeitherbanktransactionsorsimplecreditcardpurchases.Wherevertherearevast

amountsofmoney,therearethosewhowilltrytotakeadvantageoftheenvironmenttoconductfraudortheft.Therearemanydifferentwaystoattackcomputersandnetworkstotakeadvantageofwhathasmadeshopping,banking,investment,andleisurepursuitsasimplematterof“draggingandclicking”(ortapping)formanypeople.Identitytheftissocommontodaythatmosteveryoneknowssomebodywho’sbeenavictimofsuchacrime,iftheyhaven’tbeenavictimthemselves.ThisisjustonetypeofcriminalactivitythatcanbeconductedusingtheInternet.Therearemanyothersandallareontherise.

DefinitionofComputerSecurityComputersecurityisnotasimpleconcepttodefine,andhasnumerouscomplexitiesassociatedwithit.Ifoneisreferringtoacomputer,thenitcanbeconsideredsecurewhenthecomputerdoeswhatitissupposedtodoandonlywhatitissupposedtodo.Butaswasnotedearlier,thesecurityemphasishasshiftedfromthecomputertotheinformationbeingprocessed.Informationsecurityisdefinedbytheinformationbeingprotectedfromunauthorizedaccessoralterationandyetisavailabletoauthorizedindividualswhenrequired.Whenonebeginsconsideringtheaspectsofinformation,itisimportanttorealizethatinformationisstored,processed,andtransferredbetweenmachines,andallofthesedifferentstatesrequireappropriateprotectionschemes.Informationassuranceisatermusedtodescribenotjusttheprotectionofinformation,butameansofknowingthelevelofprotectionthathasbeenaccomplished.

TechTip

HistoricalComputerSecurityComputersecurityisanever-changingissue.Fiftyyearsago,computersecuritywasmainlyconcernedwiththephysicaldevicesthatmadeupthecomputer.Atthetime,computerswerethehigh-valueitemsthatorganizationscouldnotaffordtolose.Today,computerequipmentisinexpensivecomparedtothevalueofthedataprocessedbythecomputer.Nowthehigh-value

itemisnotthemachine,buttheinformationthatitstoresandprocesses.Thishasfundamentallychangedthefocusofcomputersecurityfromwhatitwasintheearlyyears.Todaythedatastoredandprocessedbycomputersisalmostalwaysmorevaluablethanthehardware.

Computersecurityandinformationsecuritybothrefertoastatewherethehardwareandsoftwareperformonlydesiredactionsandtheinformationisprotectedfromunauthorizedaccessoralterationandisavailabletoauthorizeduserswhenrequired.

HistoricalSecurityIncidentsByexaminingsomeofthecomputer-relatedcrimesthathavebeencommittedoverthelast30orsoyears,wecanbetterunderstandthethreatsandsecurityissuesthatsurroundourcomputersystemsandnetworks.Electroniccrimecantakeanumberofdifferentforms,buttheoneswewillexamineherefallintotwobasiccategories:crimesinwhichthecomputerwasthetarget,andincidentsinwhichacomputerwasusedtoperpetratetheact(forexample,therearemanydifferentwaystoconductbankfraud,oneofwhichusescomputerstoaccesstherecordsthatbanksprocessandmaintain).Wewillstartourtourofcomputercrimeswiththe1988Internetworm

(Morrisworm),oneofthefirstrealInternetcrimecases.Priorto1988,criminalactivitywaschieflycenteredonunauthorizedaccesstocomputersystemsandnetworksownedbythetelephonecompanyandcompaniesthatprovideddial-upaccessforauthorizedusers.Virusactivityalsoexistedpriorto1988,havingstartedintheearly1980s.

TheMorrisWorm(November1988)RobertMorris,thenagraduatestudentatCornellUniversity,releasedwhathasbecomeknownastheInternetworm(ortheMorrisworm).Theworminfectedroughly10percentofthemachinesthenconnectedtotheInternet

(whichamountedtoapproximately6000infectedmachines).Thewormcarriednomaliciouspayload,theprogrambeingobviouslya“workinprogress,”butitdidwreakhavocbecauseitcontinuallyre-infectedcomputersystemsuntiltheycouldnolongerrunanyprograms.

CitibankandVladimirLevin(June–October1994)StartingaboutJuneof1994andcontinuinguntilatleastOctoberofthesameyear,anumberofbanktransfersweremadebyVladimirLevinofSt.Petersburg,Russia.Bythetimeheandhisaccompliceswerecaught,theyhadtransferredanestimated$10million.Eventuallyallbutabout$400,000wasrecovered.Levinreportedlyaccomplishedthebreak-insbydialingintoCitibank’scashmanagementsystem.Thissystemallowedclientstoinitiatetheirownfundtransferstootherbanks.

KevinMitnick(February1995)KevinMitnick’scomputeractivitiesoccurredoveranumberofyearsduringthe1980sand1990s.Arrestedin1995,heeventuallypledguiltytofourcountsofwirefraud,twocountsofcomputerfraud,andonecountofillegallyinterceptingawirecommunicationandwassentencedto46monthsinjail.Inthepleaagreement,MitnickadmittedtohavinggainedunauthorizedaccesstoanumberofdifferentcomputersystemsbelongingtocompaniessuchasMotorola,Novell,Fujitsu,andSunMicrosystems.Hedescribedusinganumberofdifferent“tools”andtechniques,includingsocialengineering,sniffers,andclonedcellulartelephones.

TechTip

IntellectualCuriosityIntheearlydaysofcomputercrime,muchofthecriminalactivitycenteredongainingunauthorizedaccesstocomputersystems.Inmanyearlycases,theperpetratorofthecrimedidnotintendtocauseanydamagetothecomputerbutwasinsteadonaquestof“intellectualcuriosity”—tryingtolearnmoreaboutcomputersandnetworks.Todaytheubiquitousnatureofcomputersandnetworkshaseliminatedtheperceivedneedfor

individualstobreakintocomputerstolearnmoreaboutthem.Whiletherearestillthosewhodabbleinhackingfortheintellectualchallenge,itismorecommontodayfortheintellectualcuriositytobereplacedbymaliciousintent.Whateverthereason,todayitisconsideredunacceptable(andillegal)togainunauthorizedaccesstocomputersystemsandnetworks.

OmegaEngineeringandTimothyLloyd(July1996)OnJuly30,1996,asoftware“timebomb”wentoffatOmegaEngineering,aNewJersey–basedmanufacturerofhigh-techmeasurementandcontrolinstruments.Twentydaysearlier,TimothyLloyd,acomputernetworkprogramdesigner,hadbeendismissedfromthecompanyafteraperiodofgrowingtensionbetweenLloydandmanagementatOmega.TheprogramthatranonJuly30deletedallofthedesignandproductionprogramsforthecompany,severelydamagingthesmallfirmandforcingthelayoffof80employees.TheprogramwaseventuallytracedbacktoLloyd,whohadleftitinretaliationforhisdismissal.

WorcesterAirportand“Jester”(March1997)InMarchof1997,telephoneservicestotheFAAcontroltoweraswellastheemergencyservicesattheWorcesterAirportandthecommunityofRutland,Massachusetts,werecutoffforaperiodofsixhours.Thisdisruptionoccurredasaresultofanattackonthephonenetworkbyateenagecomputer“hacker”whowentbythename“Jester.”

TheMelissaVirus(March1999)Melissaisthebestknownoftheearlymacro-typevirusesthatattachthemselvestodocumentsforprogramsthathavelimitedmacroprogrammingcapability.Thevirus,writtenandreleasedbyDavidSmith,infectedaboutamillioncomputersandcausedanestimated$80millionindamages.

TechTip

SpeedofVirusProliferationThespeedatwhichtheSlammerwormspreadservedasawakeupcalltosecurityprofessionals.ItdrovehomethepointthattheInternetcouldbeadverselyimpactedinamatterofminutes.Thisinturncausedanumberofprofessionalstorethinkhowpreparedtheyneededtobeinordertorespondtovirusoutbreaksinthefuture.Agoodfirststepistoapplypatchestosystemsandsoftwareassoonaspossible.Thiswillofteneliminatethevulnerabilitiesthatthewormsandvirusesaredesignedtotarget.

TheLoveLetterVirus(May2000)Alsoknownasthe“ILOVEYOU”wormandthe“LoveBug,”theLoveLetterviruswaswrittenandreleasedbyaPhilippinestudentnamedOneldeGuzman.Theviruswasspreadviae-mailwiththesubjectlineof“ILOVEYOU.”Estimatesofthenumberofinfectedmachinesworldwidehavebeenashighas45million,accompaniedbyapossible$10billionindamages(itshouldbenotedthatfiguresliketheseareextremelyhardtoverifyorcalculate).

TheCodeRedWorm(2001)OnJuly19,2001,inaperiodof14hours,over350,000computersconnectedtotheInternetwereinfectedbytheCodeRedworm.Thecostestimateforhowmuchdamagethewormcaused(includingvariationsofthewormreleasedonlaterdates)exceeded$2.5billion.Thevulnerabilitywasabuffer-overflowconditioninMicrosoft’sIISwebservers,hadbeenknownforamonth.

TheSlammerWorm(2003)OnSaturday,January25,2003,theSlammerwormwasreleased.Itexploitedabuffer-overflowvulnerabilityincomputersrunningMicrosoftSQLServerorSQLServerDesktopEngine.LikethevulnerabilityinCodeRed,thisweaknesswasnotnewand,infact,hadbeendiscoveredandapatchreleasedinJulyof2002.Withinthefirst24hoursofSlammer’srelease,thewormhadinfectedatleast120,000hostsandcausednetwork

outagesandthedisruptionofairlineflights,elections,andATMs.Atitspeak,Slammer-infectedhostsweregeneratingareported1TBofworm-relatedtrafficeverysecond.Thewormdoubleditsnumberofinfectedhostsevery8seconds.Itisestimatedthatittooklessthan10minutestoreachglobalproportionsandinfect90percentofthepossiblehostsitcouldinfect.

WebsiteDefacements(2006)InMayof2006,aTurkishhackerusingthehandleiSKORPiTXsuccessfullyhackedover21,000websitesinasingleeffort.Therationaleforhisactionswasneverdetermined,andoverthenextfewyearshehackedhundredsofthousandsofwebsites,defacingtheircoverpagewithastatementofhishack.Anuisancetosome,thoseaffectedhadtocleanuptheirsystems,includingrepairingvulnerabilities,orhewouldstrikeagain.

Cyberwar?(2007)InMayof2007,thecountryofEstoniawascrippledbyamassivedenial-of-service(DoS)cyberattackagainstallofitsinfrastructure,firms(banks),andgovernmentoffices.ThisattackwastracedtoIPaddressesinRussia,butwasneverclearlyattributedtoagovernment-sanctionedeffort.

OperationBotRoast(2007)In2007,theFBIannouncedthatithadconductedOperationBotRoast,identifyingover1millionbotnetcrimevictims.Intheprocessofdismantlingthebotnets,theFBIarrestedseveralbotnetoperatorsacrosstheUnitedStates.Althoughseeminglyabigsuccess,thiseffortmadeonlyasmalldentinthevastvolumeofbotnetsinoperation.

Conficker(2008–2009)Inlate2008andearly2009,securityexpertsbecamealarmedwhenitwasdiscoveredthatmillionsofsystemsattachedtotheInternetwereinfectedwiththeDownadupworm.AlsoknownasConficker,thewormwas

believedtohaveoriginatedinUkraine.Infectedsystemswerenotinitiallydamagedbeyondhavingtheirantivirussolutionupdatesblocked.Whatalarmedexpertswasthefactthatinfectedsystemscouldbeusedinasecondaryattackonothersystemsornetworks.Eachoftheseinfectedsystemswaspartofwhatisknownasabotnetwork(orbotnet)andcouldbeusedtocauseaDoSattackonatargetorbeusedfortheforwardingofspame-mailtomillionsofusers.

U.S.ElectricPowerGrid(2009)InApril2009,HomelandSecuritySecretaryJanetNapolitanotoldreportersthattheUnitedStateswasawareofattemptsbybothRussiaandChinatobreakintotheU.S.electricpowergrid,mapitout,andplantdestructiveprogramsthatcouldbeactivatedatalaterdate.Sheindicatedthattheseattackswerenotnewandhadinfactbeengoingonforyears.OnearticleintheKansasCityStar,forexample,reportedthatin1997thelocalpowercompany,KansasCityPowerandLight,encounteredperhaps10,000attacksfortheentireyear.By2009thecompanyexperienced30–60millionattacks.

TryThis!SoftwarePatchesOneofthemosteffectivemeasuressecurityprofessionalscantaketoaddressattacksontheircomputersystemsandnetworksistoensurethatallsoftwareisuptodateintermsofvendor-releasedpatches.Manyoftheoutbreaksofvirusesandwormswouldhavebeenmuchlesssevereifeverybodyhadappliedsecurityupdatesandpatcheswhentheywerereleased.Fortheoperatingsystemthatyouuse,gotoyourfavoritewebbrowsertofindwhatpatchesexistfortheoperatingsystemandwhatvulnerabilitiesorissuesthepatcheswerecreatedtoaddress.

FiberCableCut(2009)OnApril9,2009,awidespreadphoneandInternetoutagehittheSanJoseareainCalifornia.Thisoutagewasnottheresultofagroupofdeterminedhackersgainingunauthorizedaccesstothecomputersthatoperatethese

networks,butinsteadoccurredasaresultofseveralintentionalcutsinthephysicalcablesthatcarrythesignals.Thecutsresultedinalossofalltelephone,cellphone,andInternetserviceforthousandsofusersintheSanJosearea.Emergencyservicessuchas911werealsoaffected,whichcouldhavehadsevereconsequences.

TheCurrentThreatEnvironmentThethreatsofthepastweresmaller,targeted,andinmanycasesonlyanuisance.Astimehasgoneon,moreorganizedelementsofcybercrimehaveenteredthepicturealongwithnation-states.From2009andbeyond,thecyberthreatlandscapebecameconsiderablymoredangerous,withnewadversariesouttoperformoneoftwofunctions:denyyoutheuseofyourcomputersystems,oruseyoursystemsforfinancialgainincludingtheftofintellectualpropertyorfinancialinformationincludingpersonallyidentifiableinformation.

AdvancedPersistentThreatsAlthoughtherearenumerousclaimsastowhenadvancedpersistentthreats(APTs)beganandwhofirstcoinedtheterm,theimportantissueistonotethatAPTsrepresentanewbreedofattackpattern.Althoughspecificdefinitionsvary,thethreewordsthatcomprisethetermprovidethekeyelements:advanced,persistent,andthreat.Advancedreferstotheuseofadvancedtechniques,suchasspearphishing,asavectorintoatarget.Persistentreferstotheattacker’sgoalofestablishingalong-term,hiddenpositiononasystem.ManyAPTscangoonforyearswithoutbeingnoticed.Threatreferstotheotherobjective:exploitation.IfanadversaryinveststheresourcestoachieveanAPTattack,theyaredoingitforsomeformoflong-termadvantage.APTsarenotaspecifictypeofattack,butratherthenewmeansbywhichhighlyresourcedadversariestargetsystems.

GhostNet(2009)

In2009,theDalaiLama’sofficecontactedsecurityexpertstodetermineifitwasbeingbugged.Theinvestigationrevealeditwas,andthespyringthatwasdiscoveredwaseventuallyshowntobespyingonover100countries’sensitivemissionsworldwide.ResearchersgavethisAPT-stylespynetworkthenameGhostNet,andalthoughtheeffortwastracedbacktoChina,fullattributionwasneverdetermined.

OperationAurora(2009)OperationAurorawasanAPTattackfirstreportedbyGoogle,butalsotargetingAdobe,Yahoo,JuniperNetworks,Rackspace,Symantec,andseveralmajorU.S.financialandindustrialfirms.ResearchanalysispointedtothePeople’sLiberationArmy(PLA)ofChinaasthesponsor.Theattackranformostof2009andoperatedonalargescale,withthegroupsbehindtheattackconsistingofhundredsofhackersworkingtogetheragainstthevictimfirms.

Stuxnet,Duqu,andFlame(2009–2012)Stuxnet,Duqu,andFlamerepresentexamplesofstate-sponsoredmalware.StuxnetwasamaliciouswormdesignedtoinfiltratetheIranianuraniumenrichmentprogram,tomodifytheequipmentandcausethesystemstofailinordertoachievedesiredresultsandinsomecasesevendestroytheequipment.StuxnetwasdesignedtoattackaspecificmodelofSiemensprogrammablelogiccontroller(PLC),whichwasoneofthecluespointingtoitsobjective,themodificationoftheuraniumcentrifuges.AlthoughneithertheUnitedStatesnorIsraelhasadmittedtoparticipatingintheattack,bothhavebeensuggestedtohavehadaroleinit.Duqu(2011)isapieceofmalwarethatappearstobeafollow-onof

Stuxnet,andhasmanyofthesametargets,butratherthanbeingdestructiveinnature,Duquisdesignedtostealinformation.Themalwareusescommandandcontrolserversacrosstheglobetocollectelementssuchaskeystrokesandsysteminformationfrommachinesanddeliverthemtounknownparties.

Flame(2012)isanotherpieceofmodularmalwarethatmaybeaderivativeofStuxnet.Flameisaninformationcollectionthreat,collectingkeystrokes,screenshots,andnetworktraffic.ItcanrecordSkypecallsandaudiosignalsonamachine.Flameisalargepieceofmalwarewithmanyspecificmodules,includingakillswitchandameansofevadingantivirusdetection.BecauseoftheopennatureofStuxnet—itssourcecodeiswidely

availableontheInternet—itisimpossibletoknowwhoisbehindDuquandFlame.Infact,althoughDuquandFlamewerediscoveredafterStuxnet,thereisgrowingevidencethattheywerepresentbeforeStuxnetandcollectedcriticalintelligenceneededtoconductthelaterattack.Therealstorybehindthesemalwareitemsisthattheydemonstratethepowerandcapabilityofnation-statemalware.

Sony(2011)ThehackergroupLulzSecreportedlyhackedSony,stealingover70millionuseraccounts.Theresultingoutagelasted23days,andcostSonyinexcessof$170million.OneofthebiggestissuesrelatedtotheattackwasSony’spoorresponse,takingmorethanaweektonotifypeopleoftheinitialattack,andthencommunicatingpoorlywithitsuserbaseduringtherecoveryperiod.AlsonotablewasthatalthoughthecreditcarddatawasencryptedonSony’sservers,therestofthedatastolenwasnot,makingiteasypickingsforthedisclosureofinformation.

SaudiAramco(Shamoon)(2012)InAugustof2012,30,000computerswereshutdowninresponsetoamalwareattack(namedShamoon)atSaudiAramco,anoilfirminSaudiArabia.Theattackhitthreeoutoffourmachinesinthefirm,andthedamageincludeddatawipingofmachinesandtheuploadingofsensitiveinformationtoPastebin.Ittook10daysforthefirmtocleanuptheinfectionandrestartitsbusinessnetwork.

DataBreaches(2013–present)Fromtheendof2013throughtothetimeofthiswriting,databreacheshavedominatedthesecuritylandscape.TargetCorporationannounceditsbreachinmid-December,2013,statingthatthehackbeganasearlyas“BlackFriday”(November29)andcontinuedthroughDecember15.Datathievescapturednames,addresses,anddebitandcreditcarddetails,includingnumbers,expirationdates,andCVVcodes.Intheendatotalof70millionaccountswereexposed.FollowingtheTargetbreach,HomeDepotsufferedabreachofover50milliondebitandcreditcardnumbersin2014.JPMorganChasealsohadamajordatabreachin2014,announcingthe

lossof77millionaccountholders’information.UnlikeTargetandHomeDepot,JPMorganChasedidnotloseaccountnumbersorothercrucialdataelements.JPMorganChasealsomountedamajorPRcampaigntoutingitssecurityprogramandspendinginordertosatisfycustomersandregulatorsofitsdiligence.Attheendof2014,SonyPicturesEntertainmentannouncedthatithad

beenhacked,withamassivereleaseofinternaldata.Atthetimeofthiswriting,hackershaveclaimedtohavestolenasmuchas100terabytesofdata,includinge-mails,financialdocuments,intellectualproperty,personaldata,HRinformation…inessence,almosteverything.AdditionalreportsindicatethedestructionofdatawithinSony;althoughtheextentofthedamageisnotknown,atleastoneoftheelementsofmalwareassociatedwiththeattackisknownfordestroyingtheMasterBootRecord(MBR)ofdrives.AttributionintheSonyattackisalsotricky,astheU.S.governmenthasaccusedNorthKorea,whileothergroupshaveclaimedresponsibility,andsomeinvestigatorsclaimitwasaninsidejob.Itmaytakeyearstodeterminecorrectattribution,ifitisevenpossible.

Nation-StateHacking(2013–present)Nation-stateshavebecomearecognizedissueinsecurity,fromtheGreatFirewallofChinatomodernmalwareattacksfromawiderangeof

governments.Threatintelligencebecamemorethanabuzzwordin2014asfirmssuchasCrowdStrikeexposedsophisticatedhackingactorsinChina,Russia,andothercountries.In2014CrowdStrikereportedon39differentthreatactors,includingcriminals,hactivists,state-sponsoredgroups,andnation-states.Learninghowtheseadversariesactprovidesvaluablecluestotheirdetectionintheenterprise.GroupssuchasChina’sHurricanePandarepresentarealsecuritythreat.HurricanePandafocusesonaerospacefirmsandInternetservicecompanies.NotallthreatsarefromChina.Russiaiscreditedwithitsownshareof

malware.Attributionisdifficult,andsometimestheonlyhintsareclues,suchasthetimelinesofcommandandcontrolserversforEnergeticBear,anattackontheenergyindustryinEuropefromtheDragonflygroup.TheReginplatform,acompletemalwareplatform,possiblyinoperationforoveradecade,hasbeenshowntoattacktelecomoperators,financialinstitutions,governmentagencies,andpoliticalbodies.Reginisinterestingbecauseofitsstealth,itscomplexity,anditsabilitytohideitscommandandcontrolnetworkfrominvestigators.Althoughhighlysuspectedtobedeployedbyanation-state,itsattributionremainsunsolved.In2015,databreachesandnation-statehackinghitnewhighswiththe

lossofover20millionsensitivepersonnelfilesfromthecomputersattheU.S.OfficeofPersonnelManagement(OPM).ThisOPMloss,reportedlytoChina,wasextremelydamaginginthatthedatalossconsistedofthecompletebackgroundinvestigationsonpeopleswhohadsubmittedsecurityclearances.Theserecordsdetailedextensivepersonalinformationontheapplicantsandtheirfamilymembers,providinganadversarywithdetailedintelligenceknowledge.InthesameyearitwasreportedthatemailsystemsintheDepartmentofState,theDepartmentofDefense,andtheWhiteHousehadbeencompromised,possiblybybothRussiaandChina.ThesensitivenuclearnegotiationsinSwitzerlandbetweentheU.S.,itsallies,andIranwerealsoreportedtohavebeensubjecttoelectroniceavesdroppingbypartiesyetunknown.

OperationNightDragonwasanamegiventoanintellectualpropertyattackexecutedagainstoil,gas,andpetrochemicalcompaniesintheUnitedStates.Usingasetofglobalservers,attackersfromChinaraidedglobalenergycompaniesforproprietaryandhighlyconfidentialinformationsuchasbiddingdataforleases.Theattackshednewlightonwhatconstitutescriticaldataandassociatedrisks.

ThreatstoSecurityTheincidentsdescribedintheprevioussectionsprovideaglimpseintothemanydifferentthreatsthatfaceadministratorsastheyattempttoprotecttheircomputersystemsandnetworks.Thereare,ofcourse,thenormalnaturaldisastersthatorganizationshavefacedforyears.Intoday’shighlynetworkedworld,however,newthreatshavedevelopedthatwedidnothavetoworryabout50yearsago.Thereareanumberofwaysthatwecanbreakdownthevariousthreats.

Onewaytocategorizethemistoseparatethreatsthatcomefromoutsideoftheorganizationfromthosethatareinternal.Anotheristolookatthevariouslevelsofsophisticationoftheattacks,fromthoseby“scriptkiddies”tothoseby“elitehackers.”Athirdistoexaminetheleveloforganizationofthevariousthreats,fromunstructuredthreatstohighlystructuredthreats.Allofthesearevalidapproaches,andtheyinfactoverlapeachother.Thefollowingsectionsexaminethreatsfromtheperspectiveofwheretheattackcomesfrom.

VirusesandWormsWhileyourorganizationmaybeexposedtovirusesandwormsasaresultofemployeesnotfollowingcertainpracticesorprocedures,generallyyouwillnothavetoworryaboutyouremployeeswritingorreleasingvirusesandworms.Itisimportanttodrawadistinctionbetweenthewritersofmalwareandthosewhoreleasemalware.Debatesovertheethicsofwritingvirusespermeatetheindustry,butcurrently,simplywritingthemis

notconsideredacriminalactivity.Avirusislikeabaseballbat;thebatitselfisnotevil,buttheinappropriateuseofthebat(suchastosmashacar’swindow)fallsintothecategoryofcriminalactivity.(Somemayarguethatthisisnotaverygoodanalogysinceabaseballbathasausefulpurpose—toplayball—butviruseshavenousefulpurpose.Ingeneral,thisistrue,butinsomelimitedenvironments,suchasinspecializedcomputersciencecourses,thestudyandcreationofvirusescanbeconsideredausefullearningexperience.)

CrossCheckMalwareVirusesandwormsarejusttwotypesofthreatsthatfallunderthegeneralheadingofmalware.Thetermmalwarecomesfrom“malicioussoftware,”whichdescribestheoverallpurposeofcodethatfallsintothiscategoryofthreat.Malwareissoftwarethathasanefariouspurpose,designedtocauseproblemstoyouasanindividual(forexample,identitytheft)oryoursystem.MoreinformationonthedifferenttypesofmalwareisprovidedinChapter15.

Bynumber,virusesandwormsarethemostcommonproblemthatanorganizationfacesbecauseliterallythousandsofthemhavebeencreatedandreleased.Fortunately,antivirussoftwareandsystempatchingcaneliminatethelargestportionofthisthreat.Virusesandwormsgenerallyarealsonondiscriminatingthreats;theyarereleasedontheInternetinageneralfashionandaren’ttargetedataspecificorganization.Theytypicallyarealsohighlyvisibleoncereleased,sotheyaren’tthebesttooltouseinhighlystructuredattackswheresecrecyisvital.

IntrudersTheactofdeliberatelyaccessingcomputersystemsandnetworkswithoutauthorizationisgenerallyreferredtoashacking,withindividualswhoconductthisactivitybeingreferredtoashackers.Thetermhackingalsoappliestotheactofexceedingone’sauthorityinasystem.Thiswouldincludeauthorizeduserswhoattempttogainaccesstofilestheyaren’t

permittedtoaccessorwhoattempttoobtainpermissionsthattheyhavenotbeengranted.Whiletheactofbreakingintocomputersystemsandnetworkshasbeenglorifiedinthemediaandmovies,thephysicalactdoesnotliveuptotheHollywoodhype.Intrudersare,ifnothingelse,extremelypatient,sincetheprocesstogainaccesstoasystemtakespersistenceanddoggeddetermination.Theattackerwillconductmanypre-attackactivitiesinordertoobtaintheinformationneededtodeterminewhichattackwillmostlikelybesuccessful.Typically,bythetimeanattackislaunched,theattackerwillhavegatheredenoughinformationtobeveryconfidentthattheattackwillsucceed.Generally,attacksbyanindividualorevenasmallgroupofattackers

fallintotheunstructuredthreatcategory.Attacksatthislevelgenerallyareconductedovershortperiodsoftime(lastingatmostafewmonths),donotinvolvealargenumberofindividuals,havelittlefinancialbacking,andareaccomplishedbyinsidersoroutsiderswhodonotseekcollusionwithinsiders.Intruders,orthosewhoareattemptingtoconductanintrusion,definitelycomeinmanydifferentvarietiesandhavevaryingdegreesofsophistication(seeFigure1.1).Atthelowendtechnicallyarewhataregenerallyreferredtoasscriptkiddies,individualswhodonothavethetechnicalexpertisetodevelopscriptsordiscovernewvulnerabilitiesinsoftwarebutwhohavejustenoughunderstandingofcomputersystemstobeabletodownloadandrunscriptsthatothershavedeveloped.Theseindividualsgenerallyarenotinterestedinattackingspecifictargets,butinsteadsimplywanttofindanyorganizationthatmaynothavepatchedanewlydiscoveredvulnerabilityforwhichthescriptkiddiehaslocatedascripttoexploitthevulnerability.Itishardtoestimatehowmanyoftheindividualsperformingactivitiessuchasprobingnetworksorscanningindividualsystemsarepartofthisgroup,butitisundoubtedlythefastestgrowinggroupandthevastmajorityofthe“unfriendly”activityoccurringontheInternetisprobablycarriedoutbytheseindividuals.

•Figure1.1Distributionofattackerskilllevels

Atthenextlevelarethosepeoplewhoarecapableofwritingscriptstoexploitknownvulnerabilities.Theseindividualsaremuchmoretechnicallycompetentthanscriptkiddiesandaccountforanestimated8to12percentofmaliciousInternetactivity.Atthetopendofthisspectrumarethosehighlytechnicalindividuals,oftenreferredtoaselitehackers,whonotonlyhavetheabilitytowritescriptsthatexploitvulnerabilitiesbutalsoarecapableofdiscoveringnewvulnerabilities.Thisgroupisthesmallestofthelot,however,andisresponsiblefor,atmost,only1to2percentofintrusiveactivity.

Insiders

Itisgenerallyacknowledgedbysecurityprofessionalsthatinsidersaremoredangerousinmanyrespectsthanoutsideintruders.Thereasonforthisissimple—insidershavetheaccessandknowledgenecessarytocauseimmediatedamagetoanorganization.Mostsecurityisdesignedtoprotectagainstoutsideintrudersandthusliesattheboundarybetweentheorganizationandtherestoftheworld.Insidersmayactuallyalreadyhavealltheaccesstheyneedtoperpetratecriminalactivitysuchasfraud.Inadditiontounprecedentedaccess,insidersalsofrequentlyhaveknowledgeofthesecuritysystemsinplaceandarebetterabletoavoiddetection.Attacksbyinsidersareoftentheresultofemployeeswhohavebecomedisgruntledwiththeirorganizationandarelookingforwaystodisruptoperations.Itisalsopossiblethatan“attack”byaninsidermaybeanaccidentandnotintendedasanattackatall.Anexampleofthismightbeanemployeewhodeletesacriticalfilewithoutunderstandingitscriticalnature.

TechTip

TheInsideThreatOneofthehardestthreatsthatsecurityprofessionalswillhavetoaddressisthatoftheinsider.Sinceemployeesalreadyhaveaccesstotheorganizationanditsassets,additionalmechanismsneedtobeinplacetodetectattacksbyinsidersandtolessentheabilityoftheseattackstosucceed.

Employeesarenottheonlyinsidersthatorganizationsneedtobeconcernedabout.Often,numerousotherindividualshavephysicalaccesstocompanyfacilities.Custodialcrewsfrequentlyhaveunescortedaccessthroughoutthefacility,oftenwhennobodyelseisaround.Otherindividuals,suchascontractorsorpartners,mayhavenotonlyphysicalaccesstotheorganization’sfacilitiesbutalsoaccesstocomputersystemsandnetworks.AcontractorinvolvedinU.S.Intelligencecomputing,EdwardSnowden,waschargedwithespionagein2013afterhereleasedawiderangeofdataillustratingthetechnicalcapabilitiesofU.S.

intelligencesurveillancesystems.Heistheultimateinsiderwithhisnamebecomingsynonymouswiththeinsiderthreatissue.

CriminalOrganizationsAsbusinessesbecameincreasinglyreliantuponcomputersystemsandnetworks,andastheamountoffinancialtransactionsconductedviatheInternetincreased,itwasinevitablethatcriminalorganizationswouldeventuallyturntotheelectronicworldasanewtargettoexploit.CriminalactivityontheInternetatitsmostbasicisnodifferentfromcriminalactivityinthephysicalworld.Fraud,extortion,theft,embezzlement,andforgeryalltakeplaceintheelectronicenvironment.Onedifferencebetweencriminalgroupsandthe“average”hackeristhe

leveloforganizationthatcriminalelementsemployintheirattack.Criminalgroupstypicallyhavemoremoneytospendonaccomplishingthecriminalactivityandarewillingtospendextratimeaccomplishingthetaskprovidedthelevelofrewardattheconclusionisgreatenough.WiththetremendousamountofmoneythatisexchangedviatheInternetonadailybasis,thelevelofrewardforasuccessfulattackishighenoughtointerestcriminalelements.Attacksbycriminalorganizationsusuallyfallintothestructuredthreatcategory,whichischaracterizedbyagreateramountofplanning,alongerperiodoftimetoconducttheactivity,morefinancialbackingtoaccomplishit,andpossiblycorruptionof,orcollusionwith,insiders.

Nation-States,Terrorists,andInformationWarfareAsnationshaveincreasinglybecomedependentoncomputersystemsandnetworks,thepossibilitythattheseessentialelementsofsocietymightbetargetedbyorganizationsornationsdeterminedtoadverselyaffectanothernationhasbecomeareality.Manynationstodayhavedevelopedtosomeextentthecapabilitytoconductinformationwarfare.Thereareseveraldefinitionsforinformationwarfare,butasimpleoneisthatitiswarfareconductedagainsttheinformationandinformationprocessingequipmentusedbyanadversary.Inpractice,thisisamuchmorecomplicatedsubject,

becauseinformationnotonlymaybethetargetofanadversary,butalsomaybeusedasaweapon.Whateverdefinitionyouuse,informationwarfarefallsintothehighlystructuredthreatcategory.Thistypeofthreatischaracterizedbyamuchlongerperiodofpreparation(yearsisnotuncommon),tremendousfinancialbacking,andalargeandorganizedgroupofattackers.Thethreatmayincludeattemptsnotonlytosubvertinsidersbutalsotoplantindividualsinsideofapotentialtargetinadvanceofaplannedattack.

TechTip

InformationWarfareOnceonlytheconcernofgovernmentsandthemilitary,informationwarfaretodaycaninvolvemanyotherindividuals.Withthepotentialtoattackthevariouscivilian-controlledcriticalinfrastructures,securityprofessionalsinnongovernmentalsectorstodaymustalsobeconcernedaboutdefendingtheirsystemsagainstattackbyagentsofforeigngovernments.

Aninterestingaspectofinformationwarfareisthelistofpossibletargetsavailable.Wehavegrownaccustomedtotheideathat,duringwar,militaryforceswilltargetopposingmilitaryforcesbutwillgenerallyattempttodestroyaslittlecivilianinfrastructureaspossible.Ininformationwarfare,militaryforcesarecertainlystillakeytarget,butmuchhasbeenwrittenaboutothertargets,suchasthevariousinfrastructuresthatanationreliesonforitsdailyexistence.Water,electricity,oilandgasrefineriesanddistribution,bankingandfinance,telecommunications—allfallintothecategoryofcriticalinfrastructuresforanation.Criticalinfrastructuresarethosewhoselosswouldhavesevererepercussionsonthenation.Withcountriesrelyingsoheavilyontheseinfrastructures,itisinevitablethattheywillbeviewedasvalidtargetsduringconflict.Givenhowdependenttheseinfrastructuresareoncomputersystemsandnetworks,itisalsoinevitablethatthesesamecomputersystemsandnetworkswillbetargetedforacyberattackinaninformationwar.

AsdemonstratedbytheStuxnetattacks,andthecyberattacksinEstonia,theriskofnation-stateattacksisreal.Therehavebeennumerousaccusationsofintellectualpropertytheftbeingsponsoredby,andinsomecasesevenperformedby,nation-stateactors.Inaworldwhereinformationdominatesgovernment,business,andeconomies,thecollectionofinformationisthekeytosuccess,andwithlargerewards,thelistofcharacterswillingtospendsignificantresourcesishigh.

SecurityTrendsThebiggestchangeaffectingcomputersecuritythathasoccurredoverthelast30yearshasbeenthetransformationofthecomputingenvironmentfromlargemainframestoahighlyinterconnectednetworkofsmallersystems.ThisinterconnectionofsystemsistheInternetanditnowtouchesvirtuallyallsystems.Whatthishasmeantforsecurityisaswitchfromaclosedoperatingenvironmentinwhicheverythingwasfairlycontainedtooneinwhichaccesstoacomputercanoccurfromalmostanywhereontheplanet.Thishas,forobviousreasons,greatlycomplicatedthejobofthesecurityprofessional.Thetypeofindividualwhoattacksacomputersystemornetworkhas

alsoevolvedoverthelast30years.Asillustratedbythesampleofattackslistedpreviously,theattackershavebecomemorefocusedongainovernotoriety.Todaycomputerattacksareusedtostealandcommitfraudandothercrimesinthepursuitofmonetaryenrichment.Computercrimesarebigbusinesstoday,notjustbecauseitishardtocatchtheperpetrators,butalsobecausethenumberoftargetsislargeandtherewardsgreaterthanrobbinglocalstores.Overthepastseveralyearsawiderangeofcomputerindustryfirms

havebegunissuingannualsecurityreports.AmongthesefirmsisVerizon,whichhasissueditsannualDataBreachInvestigationsReport(DBIR)since2008andislaudedbecauseofitsbreadthanddepth.The2015DBIRwasbasedonover2,100databreachesand79,790securityincidentsin61countries.PerhapsthemostvaluableaspectoftheDBIRisits

identificationofcommondetailsthatresultinadatabreach.TheVerizonDBIRsareavailableatwww.verizonenterprise.com/DBIR/

Intheearlydaysofcomputers,securitywasconsideredtobeabinaryconditioninwhichyoursystemwaseithersecureornotsecure.Securityeffortsweremadetoachieveastateofsecurity,meaningthatthesystemwassecure.Today,thefocushaschanged.Inlightoftherevelationthatapurestateofsecurityisnotachievableinthebinarysense,thefocushasshiftedtooneofriskmanagement.Today,thequestionishowmuchriskyoursystemisexposedto,andfromwhatsources.

TargetsandAttacksTherearetwogeneralreasonsaparticularcomputersystemisattacked:eitheritisspecificallytargetedbytheattacker,oritisanopportunistictarget.

SpecificTargetInthiscase,theattackerhaschosenthetargetnotbecauseofthehardwareorsoftwaretheorganizationisrunningbutforanotherreason,perhapsapoliticalreason.Anexampleofthistypeofattackwouldbeanindividualinonecountryattackingagovernmentsysteminanother.Alternatively,theattackermaybetargetingtheorganizationaspartofahacktivistattack.Forexample,anattackermaydefacethewebsiteofacompanythatsellsfurcoatsbecausetheattackerfeelsthatusinganimalsinthiswayisunethical.Perpetratingsomesortofelectronicfraudisanotherreasonaspecificsystemmightbetargeted.Whateverthereason,anattackofthisnatureisdecideduponbeforetheattackerknowswhathardwareandsoftwaretheorganizationhas.

Themotivebehindmostcomputerattacksfallsintooneoftwocategories:1.Todeprivesomeonetheuseoftheirsystem.2.Tousesomeoneelse’ssystemtoenrichoneself.Insomecases,theuseofadenial-of-serviceattack(item1)precedestheactualheist(item2).

OpportunisticTargetThesecondtypeofattack,anattackagainstatargetofopportunity,isconductedagainstasitethathassoftwarethatisvulnerabletoaspecificexploit.Theattackers,inthiscase,arenottargetingtheorganization;instead,theyhavelearnedofavulnerabilityandaresimplylookingforanorganizationwiththisvulnerabilitythattheycanexploit.Thisisnottosaythatanattackermightnotbetargetingagivensectorandlookingforatargetofopportunityinthatsector,however.Forexample,anattackermaydesiretoobtaincreditcardorotherpersonalinformationandmaysearchforanyexploitablecompanywithcreditcardinformationinordertocarryouttheattack.Targetedattacksaremoredifficultandtakemoretimethanattacksona

targetofopportunity.Thelattersimplyreliesonthefactthatwithanypieceofwidelydistributedsoftware,therewillalmostalwaysbesomebodywhohasnotpatchedthesystem(orhasnotpatcheditproperly)astheyshouldhave.

MinimizingPossibleAvenuesofAttackUnderstandingthestepsanattackerwilltakeenablesyoutolimittheexposureofyoursystemandminimizethoseavenuesanattackermightpossiblyexploit.Therearemultipleelementstoasolidcomputerdefense,buttwoofthekeyelementsinvolvelimitinganattacker’savenuesofattack.Thefirststepanadministratorcantaketoreducepossibleattacksistoensurethatallpatchesfortheoperatingsystemandapplicationsare

installed.Manysecurityproblemsthatwereadabout,suchasvirusesandworms,exploitknownvulnerabilitiesforwhichpatchesexist.Thereasonsuchmalwarecausedsomuchdamageinthepastwasthatadministratorsdidnottaketheappropriateactionstoprotecttheirsystems.Thesecondstepanadministratorcantakeissystemhardening,which

involveslimitingtheservicesthatarerunningonthesystem.Onlyusingthoseservicesthatareabsolutelyneededdoestwothings:itlimitsthepossibleavenuesofattack(thoseserviceswithvulnerabilitiesthatcanbeexploited),anditreducesthenumberofservicestheadministratorhastoworryaboutpatchinginthefirstplace.Thisisoneoftheimportantfirststepsanyadministratorshouldtaketosecureacomputersystem.SystemhardeningiscoveredindetailinChapter14.Whiletherearenoiron-claddefensesagainstattack,orguaranteesthat

anattackwon’tbesuccessful,youcantakestepstoreducetheriskofloss.Thisisthebasisforthechangeinstrategyfromadefense-basedonetoonebasedonriskmanagement.RiskmanagementiscoveredindetailinChapter20.

ApproachestoComputerSecurityWhilemuchofthediscussionofcomputersecurityfocusesonhowsystemsareattacked,itisequallyimportanttoconsiderthestructureofdefenses.Therearethreemajorconsiderationswhensecuringasystem:

CorrectnessEnsuringthatasystemisfullyuptodate,withallpatchesinstalledandpropersecuritycontrolsinplace;thisgoesalongwaytowardminimizingrisk.Correctnessbeginswithasecuredevelopmentlifecycle(coveredinChapter18),continuesthroughpatchingandhardening(Chapters14and21),andculminatesinoperations(Chapters3,4,19,and20).

IsolationProtectingasystemfromunauthorizeduse,bymeansofaccesscontrolandphysicalsecurity.Isolationbeginswith

infrastructure(coveredinChapters9and10),continueswithaccesscontrol(Chapters8,11,and12),andincludestheuseofcryptography(Chapters5,6,and7).

ObfuscationMakingitdifficultforanadversarytoknowwhentheyhavesucceeded.Whetheraccomplishedbyobscurity,randomization,orobfuscation,increasingtheworkloadofanattackermakesitmoredifficultforthemtosucceedintheirattack.Obfuscationoccursthroughoutalltopics,asitisabuilt-inelement,whetherintheformofrandomnumbersincryptooraddressspacerandomizations,stackguards,orpointerencryptionattheoperatingsystemlevel.

Eachoftheseapproacheshasitsinherentflaws,buttakentogether,theycanprovideastrongmeansofsystemdefense.

EthicsAnymeaningfuldiscussionaboutoperationalaspectsofinformationsecuritymustincludethetopicofethics.Ethicsiscommonlydefinedasasetofmoralprinciplesthatguidesanindividual’sorgroup’sbehavior.Becauseinformationsecurityeffortsfrequentlyinvolvetrustingpeopletokeepsecretsthatcouldcauseharmtotheorganizationifrevealed,trustisafoundationalelementinthepeoplesideofsecurity.Andtrustisbuiltuponacodeofethics,anormthatallowseveryonetounderstandexpectationsandresponsibilities.Thereareseveraldifferentethicalframeworksthatcanbeappliedtomakingadecision,andthesearecoveredindetailinChapter25.Ethicsisadifficulttopic;separatingrightfromwrongiseasyinmany

cases,butinothercasesitismoredifficult.Forexample,writingavirusthatdamagesasystemisclearlybadbehavior,butiswritingawormthatgoesoutandpatchessystems,withouttheusers’permission,rightorwrong?Doestheendsjustifythemeans?Suchquestionsarethebasisofethicaldiscussionsthatdefinethechallengesfacedbysecuritypersonnel

onaregularbasis.

AdditionalReferences1.http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history2.http://www.informationisbeautiful.net/visualizations/worlds-biggest-

data-breaches-hacks/www.verizonenterprise.com/DBIR/

Chapter1Review

ChapterSummaryAfterreadingthischapterandcompletingthequizzes,youshouldunderstandthefollowingregardingsecuritythreatsandtrends.

Definecomputersecurity

Computersecurityisdefinedbyoperatinginamannerwherethesystemdoeswhatitissupposedtodoandonlywhatitissupposedtodo.

Informationsecurityisdefinedbytheinformationbeingprotectedfromunauthorizedaccessoralterationandyetisavailabletoauthorizedindividualswhenrequired.

Discusscommonthreatsandrecentcomputercrimesthathavebeencommitted

Thereareanumberofdifferentthreatstosecurity,includingvirusesandworms,intruders,insiders,criminalorganizations,terrorists,andinformationwarfareconductedbyforeigncountries.

Therearetwogeneralreasonsaparticularcomputersystemisattacked:itisspecificallytargetedbytheattacker,oritisatargetofopportunity.

Targetedattacksaremoredifficultandtakemoretimethanattacksonatargetofopportunity.

Thedifferenttypesofelectroniccrimefallintotwomaincategories:crimesinwhichthecomputerwasthetargetoftheattack,andincidentsinwhichthecomputerwasameansofperpetratingacriminalact.

Onesignificanttrendobservedoverthelastseveralyearshasbeentheincreaseinthenumberofcomputerattacksandtheireffectiveness.

Listanddiscussrecenttrendsincomputersecurity

Therearemanydifferentwaystoattackcomputersandnetworkstotakeadvantageofwhathasmadeshopping,banking,investment,andleisurepursuitsasimplematterof“draggingandclicking”formanypeople.

Thebiggestchangethathasoccurredinsecurityoverthelast30yearshasbeenthetransformationofthecomputingenvironmentfromlargemainframestoahighlyinterconnectednetworkofmuchsmallersystems.

Describecommonavenuesofattacks

Anattackercanuseacommontechniqueagainstawiderangeoftargetsinanopportunisticattack,onlysucceedingwheretheattackisviable.

Anattackercanemployavarietyoftechniquesagainstaspecifictargetwhenitisdesiredtoobtainaccesstoaspecificsystem.

Describeapproachestocomputersecurity

Therearethreemainapproachesanenterprisecanemploy,onebasedoncorrectness,oneinvolvingisolation,andoneinvolvingobfuscation.

Theidealmethodistoemployallthreetogether.

Discusstherelevantethicalissuesassociatedwithcomputersecurity

Ethicsiscommonlydefinedasasetofmoralprinciplesthatguidesanindividual’sorgroup’sbehaviors.

Becauseinformationsecurityeffortsfrequentlyinvolvetrustingpeopletokeepsecretsthatcouldcauseharmtotheorganizationifrevealed,trustisafoundationalelementinthepeoplesideofsecurity.

KeyTermscomputersecurity(1)criticalinfrastructure(11)elitehacker(9)hacker(9)hacking(9)hacktivist(12)highlystructuredthreat(11)informationwarfare(10)scriptkiddie(9)structuredthreat(10)unstructuredthreat(9)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.A(n)_______________ischaracterizedbyagreateramountofplanning,alongerperiodoftimetoconducttheactivity,morefinancialbackingtoaccomplishit,andthepossiblecorruptionof,or

collusionwith,insiders.

2.Ahackerwhoseactivitiesaremotivatedbyapersonalcauseorpositionisknownasa(n)_______________.

3.A(n)_______________isonewhoselosswouldhaveaseveredetrimentalimpactonthenation.

4._______________isconductedagainsttheinformationandinformationprocessingequipmentusedbyanadversary.

5.Actorswhodeliberatelyaccesscomputersystemsandnetworkswithoutauthorizationarecalled_______________.

6.A(n)_______________generallyisshort-terminnature,doesnotinvolvealargegroupofindividuals,doesnothavelargefinancialbacking,anddoesnotincludecollusionwithinsiders.

7.A(n)_______________isahighlytechnicallycompetentindividualwhoconductsintrusiveactivityontheInternetandiscapableofnotonlyexploitingknownvulnerabilitiesbutalsofindingnewvulnerabilities.

8.Theactofdeliberatelyaccessingcomputersystemsandnetworkswithoutauthorizationisgenerallyreferredtoas_______________.

9.A(n)_______________isanindividualwhodoesnothavethetechnicalexpertisetodevelopscriptsordiscovernewvulnerabilitiesinsoftwarebutwhohasjustenoughunderstandingofcomputersystemstobeabletodownloadandrunscriptsthatothershavedeveloped.

10.A(n)_______________ischaracterizedbyamuchlongerperiodofpreparation(yearsisnotuncommon),tremendousfinancialbacking,andalargeandorganizedgroupofattackers.

Multiple-ChoiceQuiz

1.Whichthreatsarecharacterizedbypossiblylongperiodsofpreparation(yearsisnotuncommon),tremendousfinancialbacking,alargeandorganizedgroupofattackers,andattemptstosubvertinsidersortoplantindividualsinsideapotentialtargetinadvanceofaplannedattack?

A.Unstructuredthreats

B.Structuredthreats

C.Highlystructuredthreats

D.Nation-stateinformationwarfarethreats

2.Inwhichofthefollowingisanattackerlookingforanyorganizationvulnerabletoaspecificexploitratherthanattemptingtogainaccesstoaspecificorganization?

A.Targetofopportunityattack

B.Targetedattack

C.Vulnerabilityscanattack

D.Informationwarfareattack

3.Theriseofwhichofthefollowinghasgreatlyincreasedthenumberofindividualswhoprobeorganizationslookingforvulnerabilitiestoexploit?

A.Viruswriters

B.Scriptkiddies

C.Hackers

D.Elitehackers

4.Forwhatreason(s)dosomesecurityprofessionalsconsiderinsidersmoredangerousthanoutsideintruders?

A.Employees(insiders)areeasilycorruptedbycriminalandother

organizations.

B.Insidershavetheaccessandknowledgenecessarytocauseimmediatedamagetotheorganization.

C.Insidershaveknowledgeofthesecuritysystemsinplaceandarebetterabletoavoiddetection.

D.BothBandC

5.Theactofdeliberatelyaccessingcomputersystemsandnetworkswithoutauthorizationisgenerallyknownas:

A.Computerintrusion

B.Hacking

C.Cracking

D.Probing

6.Whatisthemostcommonproblem/threatanorganizationfaces?A.Viruses/worms

B.Scriptkiddies

C.Hackers

D.Hacktivists

7.Warfareconductedagainsttheinformationandinformationprocessingequipmentusedbyanadversaryisknownas:

A.Hacking

B.Cyberterrorism

C.Informationwarfare

D.Networkwarfare

8.Anattackerwhofeelsthatusinganimalstomakefurcoatsis

unethicalandthusdefacesthewebsiteofacompanythatsellsfurcoatsisanexampleof:

A.Informationwarfare

B.Hacktivisim

C.Cybercrusading

D.Elitehacking

9.Criminalorganizationswouldnormallybeclassifiedaswhattypeofthreat?

A.Unstructured

B.Unstructuredbuthostile

C.Structured

D.Highlystructured

10.Whichofthefollowingindividualshavetheabilitytonotonlywritescriptsthatexploitvulnerabilitiesbutalsodiscovernewvulnerabilities?

A.Elitehackers

B.Scriptkiddies

C.Hacktivists

D.Insiders

EssayQuiz1.Rereadthevariousexamplesofcomputercrimesatthebeginningof

thischapter.Categorizeeachaseitheracrimewherethecomputerwasthetargetofthecriminalactivityoracrimeinwhichthecomputerwasatoolinaccomplishingthecriminalactivity.

2.Afriendofyourshasjustbeenhiredbyanorganizationasitscomputersecurityofficer.Yourfriendisabitnervousaboutthisnewjobandhascometoyou,knowingthatyouaretakingacomputersecurityclass,toaskyouradviceonmeasuresthatcanbetakenthatmighthelppreventanintrusion.Whatthreethingscanyousuggestthataresimplebutcantremendouslyhelplimitthepossibilityofanattack?

3.Discussthemajordifferencebetweenatargetofopportunityattackandatargetedattack.Whichdoyoubelieveisthemorecommonone?

LabProject

•LabProject1.1Anumberofdifferentexamplesofcomputercrimeswerediscussedinthischapter.Similaractivitiesseemtohappendaily.DoasearchontheInternettoseewhatotherexamplesyoucanfind.Tryandobtainthemostrecentexamplespossible.

chapter2 GeneralSecurityConcepts

I

“Apeoplethatvaluesitsprivilegesaboveitsprinciplessoonlosesboth.”

—DWIGHTD.EISENHOWER

Inthischapter,youwilllearnhowto

Definebasictermsassociatedwithcomputerandinformationsecurity

Identifythebasicapproachestocomputerandinformationsecurity

Identifythebasicprinciplesofcomputerandinformationsecurity

Distinguishamongvariousmethodstoimplementaccesscontrols

Describemethodsusedtoverifytheidentityandauthenticityofanindividual

Recognizesomeofthebasicmodelsusedtoimplementsecurityinoperatingsystems

nChapter1,youlearnedaboutsomeofthevariousthreatsthatwe,assecurityprofessionals,faceonadailybasis.Inthischapter,youstartexploringthefieldofcomputersecurity.Computersecurityhasaseries

offundamentalconceptsthatsupportthediscipline.Inthischapterwewillbeginwithanexaminationofsecuritymodelsandconceptsandproceedtoseehowtheyareoperationallyemployed.

BasicSecurityTerminologyThetermhackinghasbeenusedfrequentlyinthemedia.Ahackerwasonceconsideredanindividualwhounderstoodthetechnicalaspectsofcomputeroperatingsystemsandnetworks.Hackerswereindividualsyouturnedtowhenyouhadaproblemandneededextremetechnicalexpertise.Today,primarilyasaresultofthemedia,thetermisusedmoreoftentorefertoindividualswhoattempttogainunauthorizedaccesstocomputersystemsornetworks.Whilesomewouldprefertousethetermscrackerandcrackingwhenreferringtothisnefarioustypeofactivity,theterminologygenerallyacceptedbythepublicisthatofhackerandhacking.Arelatedtermthatmaysometimesbeseenisphreaking,whichrefersto

the“hacking”ofthesystemsandcomputersusedbyatelephonecompanytooperateitstelephonenetwork.

Thefieldofcomputersecurityconstantlyevolves,introducingnewtermsfrequently,whichareoftencoinedbythemedia.Makesuretolearnthemeaningoftermssuchashacking,phreaking,vishing,phishing,pharming,andspearphishing.Someofthesehavebeenaroundformanyyears,suchashacking,whereasothershaveappearedonlyinthelastfewyears,suchasspearphishing.

SecurityBasicsComputersecurityitselfisatermthathasmanymeaningsandrelatedterms.Computersecurityentailsthemethodsusedtoensurethatasystemissecure.Subjectssuchasauthenticationandaccesscontrolsmustbeaddressedinbroadtermsofcomputersecurity.Seldomintoday’sworldarecomputersnotconnectedtoothercomputersinnetworks.Thisthenintroducesthetermnetworksecuritytorefertotheprotectionofthemultiplecomputersandotherdevicesthatareconnectedtogether.Relatedtothesetwotermsaretwoothers:informationsecurityandinformationassurance,whichplacethefocusofthesecurityprocessnotonthehardwareandsoftwarebeingusedbutonthedatathatisprocessedbythem.Assurancealsointroducesanotherconcept,thatoftheavailabilityofthesystemsandinformationwhenwewantthem.Thecommonpressandmanyprofessionalshavesettledoncybersecurityasthetermtodescribethefield.StillanothertermthatmaybeheardinthesecurityworldisCOMSEC,whichstandsforcommunicationssecurityanddealswiththesecurityoftelecommunicationsystems.Cybersecurityhasbecomeregularheadlinenewsthesedays,with

reportsofbreak-ins,databreaches,fraud,andahostofothercalamities.Thegeneralpublichasbecomeincreasinglyawareofitsdependenceoncomputersandnetworksandconsequentlyhasalsobecomeinterestedin

thesecurityofthesesamecomputersandnetworks.Asaresultofthisincreasedattentionbythepublic,severalnewtermshavebecomecommonplaceinconversationsandprint.Termssuchashacking,virus,TCP/IP,encryption,andfirewallsarenowfrequentlyencounteredinmainstreamnewsmediaandhavefoundtheirwayintocasualconversations.Whatwasoncethepurviewofscientistsandengineersisnowpartofoureverydaylife.Withourincreaseddailydependenceoncomputersandnetworksto

conducteverythingfrommakingpurchasesatourlocalgrocerystore,banking,tradingstocks,andreceivingmedicaltreatmenttodrivingourchildrentoschool,ensuringthatcomputersandnetworksaresecurehasbecomeofparamountimportance.Computersandtheinformationtheymanipulatehasbecomeapartofvirtuallyeveryaspectofourlives.

The“CIA”ofSecurityAlmostfromitsinception,thegoalofcomputersecurityhasbeenthreefold:confidentiality,integrity,andavailability—the“CIA”ofsecurity.Thepurposeofconfidentialityistoensurethatonlythoseindividualswhohavetheauthoritytoviewapieceofinformationmaydoso.Nounauthorizedindividualshouldeverbeabletoviewdatatheyarenotentitledtoaccess.Integrityisarelatedconceptbutdealswiththegenerationandmodificationofdata.Onlyauthorizedindividualsshouldeverbeabletocreateorchange(ordelete)information.Thegoalofavailabilityistoensurethatthedata,orthesystemitself,isavailableforusewhentheauthorizeduserwantsit.

TechTip

CIAofSecurityWhilethereisnouniversalagreementonauthentication,auditability,andnonrepudiationasadditionstotheoriginalCIAofsecurity,thereislittledebateoverwhetherconfidentiality,integrity,andavailabilityarebasicsecurityprinciples.Understandtheseprinciples,becauseoneormoreofthemarethereasonmostsecurityhardware,software,policies,and

proceduresexist.

Asaresultoftheincreaseduseofnetworksforcommerce,twoadditionalsecuritygoalshavebeenaddedtotheoriginalthreeintheCIAofsecurity.Authenticationattemptstoensurethatanindividualiswhotheyclaimtobe.Theneedforthisinanonlinetransactionisobvious.Relatedtothisisnonrepudiation,whichdealswiththeabilitytoverifythatamessagehasbeensentandreceivedandthatthesendercanbeidentifiedandverified.Therequirementforthiscapabilityinonlinetransactionsshouldalsobereadilyapparent.Recentemphasisonsystemsassurancehasraisedthepotentialinclusionofthetermauditability,whichreferstowhetheracontrolcanbeverifiedtobefunctioningproperly.Insecurity,itisimperativethatwecantrackactionstoensurewhathasorhasnotbeendone.

TheOperationalModelofComputerSecurityFormanyyears,thefocusofsecuritywasonprevention.Ifwecouldpreventeveryonewhodidnothaveauthorizationfromgainingaccesstoourcomputersystemsandnetworks,thenweassumedthatwehadachievedsecurity.Protectionwasthusequatedwithprevention.Whilethebasicpremiseofthisistrue,itfailstoacknowledgetherealitiesofthenetworkedenvironmentoursystemsarepartof.Nomatterhowwellweseemtodoinpreventiontechnology,somebodyalwaysseemstofindawayaroundoursafeguards.Whenthishappens,oursystemisleftunprotected.Thus,weneedmultiplepreventiontechniquesandalsotechnologytoalertuswhenpreventionhasfailedandtoprovidewaystoaddresstheproblem.Thisresultsinamodificationtoouroriginalsecurityequationwiththeadditionoftwonewelements—detectionandresponse.Oursecurityequationthusbecomes:

Protection=Prevention+(Detection+Response)Thisisknownastheoperationalmodelofcomputersecurity.Everysecuritytechniqueandtechnologyfallsintoatleastoneofthethree

elementsoftheequation.ExamplesofthetypesoftechnologyandtechniquesthatrepresenteacharedepictedinFigure2.1.

•Figure2.1Sampletechnologiesintheoperationalmodelofcomputersecurity

CybersecurityFrameworkModelIn2013,PresidentObamasignedanexecutiveorderdirectingtheU.S.NationalInstituteofScienceandTechnology(NIST)toworkwithindustryanddevelopacybersecurityframework.Thiswasinresponsetoseveralsignificantcybersecurityeventswherethevictimcompaniesappearedtobeunprepared.Theresultingframework,titledFrameworkforImprovingCriticalInfrastructureCybersecurity,wascreatedasavoluntarysystem,basedonexistingstandards,guidelines,andpractices,tofacilitateadoptionandacceptanceacrossawidearrayofindustries.

TechTip

CybersecurityFrameworkTheNISTCybersecurityFrameworkisarisk-basedapproachtoimplementationofcybersecurityactivitiesinanenterprise.Theframeworkprovidesacommontaxonomyofstandards,guidelines,andpracticesthatcanbeemployedtostrengthencybersecurityefforts.TheframeworkcanbeobtainedfromNIST:

www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf

TheCybersecurityFrameworkprovidesacommontaxonomyandmechanismtoassistinaligningmanagementpracticeswithexistingstandards,guidelines,andpractices.Itspurposeistocomplementandenhanceriskmanagementeffortsthrough

1.Determiningtheircurrentcybersecurityposture2.Documentingtheirdesiredtargetstatewithrespecttocybersecurity3.Determiningandprioritizingimprovementandcorrectiveactions4.Measuringandmonitoringprogresstowardgoals5.Creatingacommunicationmechanismforcoordinationamongstakeholders

Theframeworkiscomposedoffivecorefunctions,asillustratedinFigure2.2.Twoofthesecorefunctions,IdentifyandProtect,describeactionstakenbeforeanincident.Detectisthecorefunctionassociatedwithintrusiondetectionorthebeginningofanincidentresponse.Thelasttwo,RespondandRecover,detailactionsthattakeplaceduringthepost-incidentresponse.Examplesoftheitemsundereachfunctionareillustratedinthefigure.Inadditiontothefivefunctions,theframeworkhaslevelsofimplementationsreferredtoastiers.Thesetiersrepresenttheorganization’sabilityfromPartial(Tier1)toAdaptive(Tier4).

•Figure2.2CybersecurityFrameworkcorefunctions

SecurityTenetsInadditiontotheCIAelements,thereareadditionaltenetsthatformabasisforsystemsecurity.Thethreeoperationaltenetsfoundinsecuredeploymentsaresessionmanagement,exceptionmanagement,andconfigurationmanagement.

SessionManagementSessionmanagementisthesetofactivitiesemployedtoestablishacommunicationchannelbetweentwoparties,identifyingeachinamannerthatallowsfutureactivitywithoutrenewedauthentication.Sessionmanagementallowsanapplicationtoauthenticateonceandhavesubsequentactivitiesascribedtotheauthenticateduser.Sessionsarefrequentlyusedinwebapplicationstopreservestateanduserinformationbetweennormallystatelessclicks.SessionsaretypicallyidentifiedbyanIDthatisknowntobothsidesof

theconversation.ThisIDcanbeusedasatokenforfutureidentification.Ifconfidentialityisrequired,thenthechannelshouldbesecuredbyanappropriatelevelofcryptographicprotection.

TechTip

SessionManagementCheatSheetSessionmanagementisacommontaskforwebapplications,andtheOpenWebApplicationSecurityProject(OWASP)hasacheatsheettoassistinthecorrectimplementationofsessionmanagement.Seehttps://www.owasp.org/index.php/Session_Management_Cheat_Sheet.

Sessionmanagementincludesalltheactivitiesnecessarytomanagethesession,fromestablishment,duringuse,andatcompletionoftheconversation.Becausethesessionrepresentsthecontinuityofasecurity

conditionestablishedduringauthentication,thelevelofprotectionthatshouldbeaffordedtothesessionIDshouldbecommensuratewiththelevelofsecurityinitiallyestablished.

ExceptionManagementExceptionsaretheinvocationofconditionsthatfalloutsidethenormalsequenceofoperation.Whetherbyerrorormaliciousaction,exceptionsarechangestonormalprocessingandneedtobemanaged.Thespecialprocessingrequiredbyconditionsthatfalloutsidenormalparameterscanresultinerrorseitherlocallyorinfollow-onprocessesinasystem.Thehandlingofexceptions,referredtoasexceptionhandling,isanimportantconsiderationduringsoftwaredevelopment.Exceptionmanagementismorethanjustexceptionhandlinginsoftware

development.Whentheoperationofasystemencountersanexception,whetheritisinvokedbyaperson,process,technology,orcombination,thesystemmusteffectivelyhandlethecondition.Thiscanmeanmanydifferentthings,sometimesevenoperatingoutsidenormalpolicylimits.Exceptionmanagementcanalsobenontechnicalinnature:systemsorenvironmentsthatcannotfolloworganizationalsecuritypolicy,forexample,mustbedocumented,exceptionsmustbeapproved,andmitigationsmustbeputinplacetolowertheriskassociatedwithexceptionstopolicy.Thebottomlineissimple:eitherthesystemmusthandletheconditionandrecover,oritmustfailandberecoveredbyseparateaction.Designinginexceptionhandlingmakesasystemmoreresilient,becauseexceptionswillhappen,andhowtheyarehandledistheonlyunknownoutcome.

ConfigurationManagementConfigurationmanagementiskeytotheproperoperationofITsystems.ITsystemsarefirstandforemostsystems,groupsofelementsthatworktogethertoachieveadesiredresultantprocess.Theproperconfigurationandprovisioningofallofthecomponentsinasystemisessentialtotheproperoperationofthesystem.Thedesignandoperationoftheelements

toensuretheproperfunctionalenvironmentofasystemisreferredtoasconfigurationmanagement.ConfigurationmanagementisakeyoperationprincipleandisthoroughlycoveredinChapter21.

SecurityApproachesTherearemultipleapproachesanorganizationcantaketoaddresstheprotectionofitsnetworks:ignoresecurityissues,providehostsecurity,providenetwork-levelsecurity,orprovideacombinationofthelattertwo.Themiddletwo,hostsecurityandnetwork-levelsecurity,havepreventionaswellasdetectionandresponsecomponents.Ratherthanviewthesetwoapproachesasindependentsolutions,amatureorganizationusesbothinacomplementaryfashion.Ifanorganizationdecidestoignoresecurity,ithaschosentoutilizethe

minimalamountofsecuritythatisprovidedwithitsworkstations,servers,anddevices.Noadditionalsecuritymeasureswillbeimplemented.Each“outofthebox”systemhascertainsecuritysettingsthatcanbeconfigured,andtheyshouldbe.Toactuallyprotectanentirenetwork,however,requiresworkinadditiontothefewprotectionmechanismsthatcomewithsystemsbydefault.

TechTip

GotNetwork?AclassicblackT-shirtinthesecurityindustrysays“gotroot?”It’satakeoffonthesuccessfuladcampaign“gotmilk?”andindicatesthepowerofrootprivilege.Similarto“gotroot?”is“gotnetwork?”,forifyoutruly“own”thenetwork,thenyouhavesignificantcontroloverwhatpassesacrossitandcanresultininformationdisclosure.Toensureasecureposture,bothnetworkandhostaccesslevelsmustbecontrolled.

HostSecurityHostsecuritytakesagranularviewofsecuritybyfocusingonprotecting

eachcomputeranddeviceindividuallyinsteadofaddressingprotectionofthenetworkasawhole.Whenhostsecurityisused,eachcomputerisreliedupontoprotectitself.Ifanorganizationdecidestoimplementonlyhostsecurityanddoesnotincludenetworksecurity,thereisahighprobabilityofintroducingoroverlookingvulnerabilities.Mostenvironmentsarefilledwithdifferentoperatingsystems(Windows,UNIX,Linux,OSX),differentversionsofthoseoperatingsystems,anddifferenttypesofinstalledapplications.Eachoperatingsystemhassecurityconfigurationsthatdifferfromthoseofothersystems,anddifferentversionsofthesameoperatingsystemmayinfacthaveconfigurationvariationsbetweenthem.Hostsecurityisimportantandshouldalwaysbeaddressed.Security,

however,shouldnotstopthere,ashostsecurityisacomplementaryprocesstobecombinedwithnetworksecurity.Ifindividualhostcomputershavevulnerabilitiesembodiedwithinthem,thennetworksecuritycanprovideanotherlayerofprotectionthatwill,hopefully,stopanyintruderswhohavegottenthatfarintotheenvironment.

Alongtimediscussionhascenteredonwhetherhost-ornetwork-basedsecurityismoreimportant.Mostsecurityexpertsnowgenerallyagreethatacombinationofbothisneededtoadequatelyaddressthewiderangeofpossiblesecuritythreats.Certainattacksaremoreeasilyspottedandsomeattacksaremoreeasilypreventedusingtoolsdesignedforoneortheotheroftheseapproaches.

NetworkSecurityInsomesmallerenvironments,hostsecuritybyitselfmaybeanoption,butassystemsbecomeconnectedintonetworks,securityshouldincludetheactualnetworkitself.Innetworksecurity,anemphasisisplacedoncontrollingaccesstointernalcomputersfromexternalentities.Thiscontrolcanbethroughdevicessuchasrouters,firewalls,authenticationhardwareandsoftware,encryption,andintrusiondetectionsystems(IDSs).

Networkenvironmentstendtobeuniqueentitiesbecauseusuallynotwonetworkshaveexactlythesamenumberofcomputers,thesameapplicationsinstalled,thesamenumberofusers,theexactsameconfigurations,orthesameavailableservers.Theywillnotperformthesamefunctionsorhavethesameoverallarchitecture.Sincenetworkshavesomanyvariations,therearemanydifferentwaysinwhichtheycanbeprotectedandconfigured.Thischaptercoverssomefoundationalapproachestonetworkandhostsecurity.Eachapproachmaybeimplementedinamyriadofways,butbothnetworkandhostsecurityneedtobeaddressedforaneffectivetotalsecurityprogram.

TechTip

SecurityDesignPrinciplesTheeightdesignprinciplesfromSaltzerandSchroederarelistedandparaphrasedhere:

LeastprivilegeUseminimumprivilegesnecessarytoperformatask.

SeparationofprivilegeAccessshouldbebasedonmorethanoneitem.Fail-safedefaultsDenybydefault(implicitdeny)andonlygrantaccesswithexplicitpermission.

EconomyofmechanismMechanismsshouldbesmallandsimple.CompletemediationProtectionmechanismsshouldcovereveryaccesstoeveryobject.

OpendesignProtectionmechanismsshouldnotdependuponsecrecyofthemechanismitself.

LeastcommonmechanismProtectionmechanismsshouldbesharedtotheleastdegreepossibleamongusers.

PsychologicalacceptabilityProtectionmechanismsshouldnotimpactusers,oriftheydo,theimpactshouldbeminimal.

Ref:J.H.SaltzerandM.D.Schroeder,“TheProtectionofInformationinComputerSystems,”Proc.IEEE,vol.63,no.9,1975,pp.1278–1308.

SecurityPrinciples

Inthemid-1970s,twocomputerscientistsfromMIT,JeromeSaltzerandMichaelSchroeder,publishedapaperondesignprinciplesforasecurecomputersystem.TheSaltzerandSchroederpaper,titled“TheProtectionofInformationinComputerSystems,”hasbeenhailedasaseminalworkincomputersecurity,andtheeightdesignprinciplesareasrelevanttodayastheywerein1970s.Theseprinciplesareusefulinsecuresystemdesignandoperation.

LeastPrivilegeOneofthemostfundamentalprinciplesinsecurityisleastprivilege.Thisconceptisapplicabletomanyphysicalenvironmentsaswellasnetworkandhostsecurity.Leastprivilegemeansthatasubject(whichmaybeauser,application,orprocess)shouldhaveonlythenecessaryrightsandprivilegestoperformitstaskwithnoadditionalpermissions.Limitinganobject’sprivilegeslimitstheamountofharmthatcanbecaused,thuslimitinganorganization’sexposuretodamage.Usersmayhaveaccesstothefilesontheirworkstationsandaselectsetoffilesonafileserver,butnoaccesstocriticaldatathatisheldwithinthedatabase.Thisrulehelpsanorganizationprotectitsmostsensitiveresourcesandhelpsensurethatwhoeverisinteractingwiththeseresourceshasavalidreasontodoso.

TryThis!ExamplesoftheLeastPrivilegePrincipleThesecurityconceptofleastprivilegeisnotuniquetocomputersecurity.Ithasbeenpracticedbyorganizationssuchasfinancialinstitutionsandgovernmentsforcenturies.Basicallyitsimplymeansthatindividualsaregivenonlytheabsoluteminimumofprivilegesthatarerequiredtoaccomplishtheirassignedjob.Examinethesecuritypoliciesthatyourorganizationhasinplaceandseeifyoucanidentifyexamplesofwheretheprincipleofleastprivilegehasbeenused.

Theconceptofleastprivilegeappliestomorenetworksecurityissuesthanjustprovidinguserswithspecificrightsandpermissions.Whentrustrelationshipsarecreated,theyshouldnotbeimplementedinsuchaway

thateveryonetrustseachothersimplybecauseitiseasier.Onedomainshouldtrustanotherforveryspecificreasons,andtheimplementersshouldhaveafullunderstandingofwhatthetrustrelationshipallowsbetweentwodomains.Ifonedomaintrustsanother,doalloftheusersautomaticallybecometrusted,andcantheythuseasilyaccessanyandallresourcesontheotherdomain?Isthisagoodidea?Isthereamoresecurewayofprovidingthesamefunctionality?Ifatrustedrelationshipisimplementedsuchthatusersinonegroupcanaccessaplotterorprinterthatisavailableononlyonedomain,itmightmakesensetosimplypurchaseanotherplottersothatother,morevaluableorsensitiveresourcesarenotaccessiblebytheentiregroup.Anotherissuethatfallsundertheleastprivilegeconceptisthesecurity

contextinwhichanapplicationruns.Allapplications,scripts,andbatchfilesruninthesecuritycontextofaspecificuseronanoperatingsystem.Theyexecutewithspecificpermissionsasiftheywereauser.TheapplicationmaybeMicrosoftWordandruninthespaceofaregularuser,oritmaybeadiagnosticprogramthatneedsaccesstomoresensitivesystemfilesandsomustrununderanadministrativeuseraccount,oritmaybeaprogramthatperformsbackupsandsoshouldoperatewithinthesecuritycontextofabackupoperator.Thecruxofthisissueisthataprogramshouldexecuteonlyinthesecuritycontextthatisneededforthatprogramtoperformitsdutiessuccessfully.Inmanyenvironments,peopledonotreallyunderstandhowtomakeprogramsrununderdifferentsecuritycontexts,oritmayjustseemeasiertohaveallprogramsrunundertheadministratoraccount.Ifattackerscancompromiseaprogramorservicerunningundertheadministratoraccount,theyhaveeffectivelyelevatedtheiraccesslevelandhavemuchmorecontroloverthesystemandmanymorewaystocausedamage.

TryThis!ControlofResourcesBeingabletoapplytheappropriatesecuritycontroltofileandprintresourcesisanimportant

aspectoftheleastprivilegesecurityprinciple.Howthisisimplementedvariesdependingontheoperatingsystemthatthecomputerruns.Checkhowtheoperatingsystemthatyouuseprovidesfortheabilitytocontrolfileandprintresources.

SeparationofPrivilegeProtectionmechanismscanbeemployedtograntaccessbasedonavarietyoffactors.Oneofthekeyprinciplesistobasedecisionsonmorethanasinglepieceofinformation.Theprincipleofseparationofprivilegestatesthattheprotectionmechanismshouldbeconstructedsothatitusesmorethanonepieceofinformationtomakeaccessdecisions.Applyingthisprincipletothepeoplesideofthesecurityfunctionresultsintheconceptofseparationofduties.Theprincipleofseparationofprivilegeisapplicabletophysical

environmentsaswellasnetworkandhostsecurity.Whenappliedtopeople’sactions,separationofdutiesspecifiesthatforanygiventask,morethanoneindividualneedstobeinvolved.Thetaskisbrokenintodifferentduties,eachofwhichisaccomplishedbyaseparateindividual.Byimplementingataskinthismanner,nosingleindividualcanabusethesystemforhisorherowngain.Thisprinciplehasbeenimplementedinthebusinessworld,especiallyfinancialinstitutions,formanyyears.Asimpleexampleisasysteminwhichoneindividualisrequiredtoplaceanorderandaseparatepersonisneededtoauthorizethepurchase.Whileseparationofdutiesprovidesacertainlevelofchecksand

balances,itisnotwithoutitsowndrawbacks.Chiefamongtheseisthecostrequiredtoaccomplishthetask.Thiscostismanifestedinbothtimeandmoney.Morethanoneindividualisrequiredwhenasinglepersoncouldaccomplishthetask,thuspotentiallyincreasingthecostofthetask.Inaddition,withmorethanoneindividualinvolved,acertaindelaycanbeexpectedbecausethetaskmustproceedthroughitsvarioussteps.

Fail-SafeDefaultsToday,theInternetisnolongerthefriendlyplaygroundofresearchersthatitoncewas.Thishasresultedindifferentapproachesthatmightatfirst

seemlessthanfriendlybutthatarerequiredforsecuritypurposes.Fail-safedefaultsisaconceptthatwhensomethingfails,itshoulddosotoasafestate.Oneapproachisthataprotectionmechanismshoulddenyaccessbydefault,andgrantaccessonlywhenexplicitpermissionexists.Thisissometimescalleddefaultdeny,andthecommonoperationaltermforthisapproachisimplicitdeny.Frequentlyinthenetworkworld,administratorsmakemanydecisions

concerningnetworkaccess.Oftenaseriesofruleswillbeusedtodeterminewhetherornottoallowaccess(whichisthepurposeofanetworkfirewall).Ifaparticularsituationisnotcoveredbyanyoftheotherrules,theimplicitdenyapproachstatesthataccessshouldnotbegranted.Inotherwords,ifnorulewouldallowaccess,thenaccessshouldnotbegranted.Implicitdenyappliestosituationsinvolvingbothauthorizationandaccess.Thealternativetoimplicitdenyistoallowaccessunlessaspecificrule

forbidsit.Anotherexampleofthesetwoapproachesisinprogramsthatmonitorandblockaccesstocertainwebsites.Oneapproachistoprovidealistofspecificsitesthatauserisnotallowedtoaccess.Accesstoanysitenotonthelistwouldbeimplicitlyallowed.Theoppositeapproach(theimplicitdenyapproach)wouldblockallaccesstositesthatarenotspecificallyidentifiedasauthorized.Asyoucanimagine,dependingonthespecificapplication,oneortheotherapproachwillbemoreappropriate.Whichapproachyouchoosedependsonthesecurityobjectivesandpoliciesofyourorganization.

Implicitdenyisanotherfundamentalprincipleofsecurityandstudentsneedtobesurethattheyunderstandthisprinciple.Similartoleastprivilege,thisprinciplestatesthatifyouhaven’tspecificallybeenallowedaccess,thenitshouldbedenied.

EconomyofMechanism

Thetermssecurityandcomplexityareoftenatoddswitheachother,becausethemorecomplexsomethingis,theharderitistounderstand,andyoucannottrulysecuresomethingifyoudonotunderstandit.Anotherreasoncomplexityisaproblemwithinsecurityisthatitusuallyallowstoomanyopportunitiesforsomethingtogowrong.Ifanapplicationhas4000linesofcode,therearealotfewerplacesforbufferoverflows,forexample,thaninanapplicationoftwomillionlinesofcode.Theprincipleofeconomyofmechanismisdescribedasalwaysusingsimplesolutionswhenavailable.

Keepitsimple:Anothermethodoflookingattheprincipleofeconomyofmechanismisthattheprotectionmechanismshouldbesmallandsimple.

Anexampleoftheprincipleconcernsthenumberofservicesthatyouallowyoursystemtorun.Defaultinstallationsofcomputeroperatingsystemsoftenleavemanyservicesrunning.Thekeep-it-simpleprincipletellsustoeliminateordisablethoseservicesthatwedon’tneed.Thisisalsoagoodideafromasecuritystandpointbecauseitresultsinfewerapplicationsthatcanbeexploitedandfewerservicesthattheadministratorisresponsibleforsecuring.Thegeneralruleofthumbistoeliminateordisableallnonessentialservicesandprotocols.Thisofcourseleadstothequestion,howdoyoudeterminewhetheraserviceorprotocolisessentialornot?Ideally,youshouldknowwhatyourcomputersystemornetworkisbeingusedfor,andthusyoushouldbeabletoidentifyandactivateonlythoseelementsthatareessential.Foravarietyofreasons,thisisnotaseasyasitsounds.Alternatively,astringentsecurityapproachthatonecantakeistoassumethatnoserviceisnecessary(whichisobviouslyabsurd)andactivateservicesandportsonlyastheyarerequested.Whateverapproachistaken,thereisanever-endingstruggletotrytostrikeabalancebetweenprovidingfunctionalityandmaintainingsecurity.

CompleteMediationOneofthefundamentaltenetsofaprotectionsystemistocheckallaccessrequestsforpermission.Eachandeverytimeasubjectrequestsaccesstoanobject,thepermissionmustbechecked;otherwiseanattackermightgainunauthorizedaccesstoanobject.Completemediationreferstotheconceptthateachandeveryrequestshouldbeverified.Whenpermissionsareverifiedthefirsttime,andtheresultiscachedforsubsequentuse,performancemaybeincreased,butthisalsoopensthedoortopermissionerrors.Shouldapermissionchangesubsequenttothefirstuse,thischangewouldnotbeappliedtotheoperationsaftertheinitialcheck.Completemediationalsoreferstoensuringthatalloperationsgo

throughtheprotectionmechanism.Whensecuritycontrolsareaddedafterthefact,itisimportanttomakecertainthatallprocessflowsarecoveredbythecontrols,includingexceptionsandout-of-bandrequests.Ifanautomatedprocessischeckedinonemanner,butamanualpaperbackupprocesshasaseparatepath,itisimportanttoensureallchecksarestillinplace.Whenasystemundergoesdisasterrecoveryorbusinesscontinuityprocesses,orbackupand/orrestoreprocesses,thesetoorequirecompletemediation.

OpenDesignTheprincipleofopendesignholdsthattheprotectionofanobjectshouldnotrelyuponsecrecyoftheprotectionmechanismitself.Thisprinciplehasbeenlongprovenincryptographiccircles,wherehidingthealgorithmultimatelyfailsandthetrueprotectionreliesuponthesecrecyandcomplexityofthekeys.Theprincipledoesnotexcludetheideaofusingsecrecy,butmerelystatesthat,onthefaceofit,secrecyofmechanismisnotsufficientforprotection.Anotherconceptinsecuritythatshouldbediscussedinthiscontextis

theideaofsecuritythroughobscurity.Inthiscase,securityisconsideredeffectiveiftheenvironmentandprotectionmechanismsareconfusingorthoughttobenotgenerallyknown.Securitythroughobscurityusesthe

approachofprotectingsomethingbyhidingit.Noncomputerexamplesofthisconceptincludehidingyourbriefcaseorpurseifyouleaveitinthecarsothatitisnotinplainview,hidingahousekeyunderadoormatorinaplanter,orpushingyourfavoriteicecreamtothebackofthefreezersothateveryoneelsethinksitisallgone.Theideaisthatifsomethingisoutofsight,itisoutofmind.Thisapproach,however,doesnotprovideactualprotectionoftheobject.Someonecanstillstealthepursebybreakingintothecar,liftthedoormatandfindthekey,ordigthroughtheitemsinthefreezertofindyourfavoriteicecream.Securitythroughobscuritymaymakesomeoneworkalittlehardertoaccomplishatask,butitdoesnotpreventanyonefromeventuallysucceeding.

TechTip

SecurityThroughObscurityTheprincipleofopendesignandthepracticeofsecuritybyobscuritymayseematoddswitheachother,butinrealitytheyarenot.Theprincipleofopendesignstatesthatsecrecyitselfcannotberelieduponasameansofprotection.Thepracticeofsecuritythroughobscurityisaprovenmethodofincreasingtheworkfactorthatanadversarymustexpendtosuccessfullyattackasystem.Byitself,obscurityisnotgoodprotection,butitcancomplementothercontrolswhenbothareproperlyemployed.

Similarapproachesareseenincomputerandnetworksecuritywhenattemptingtohidecertainobjects.Anetworkadministratormay,forinstance,moveaservicefromitsdefaultporttoadifferentportsothatotherswillnotknowhowtoaccessitaseasily,orafirewallmaybeconfiguredtohidespecificinformationabouttheinternalnetworkinthehopethatpotentialattackerswillnotobtaintheinformationforuseinanattackonthenetwork.Inmostsecuritycircles,securitythroughobscurityisconsideredapoor

approach,especiallyifitistheonlyapproachtosecurity.Securitythroughobscuritysimplyattemptstohideanobject;itdoesn’timplementasecuritycontroltoprotectit.Anorganizationcanusesecuritythrough

obscuritymeasurestotrytohidecriticalassets,butothersecuritymeasuresshouldalsobeemployedtoprovideahigherlevelofprotection.Forexample,ifanadministratormovesaservicefromitsdefaultporttoamoreobscureport,anattackercanstillactuallyfindthisservice;thusafirewallshouldbeusedtorestrictaccesstotheservice.Mostpeopleknowthatevenifyoudoshoveyouricecreamtothebackofthefreezer,someonemayeventuallyfindit.

LeastCommonMechanismTheprincipleofleastcommonmechanismstatesthatmechanismsusedtoaccessresourcesshouldbededicatedandnotshared.Sharingofmechanismsallowsapotentialcross-overbetweenchannelsresultinginaprotectionfailuremode.Forexample,ifthereisamodulethatenablesemployeestochecktheirpayrollinformation,aseparatemoduleshouldbeemployedtochangetheinformation,lestausergainaccesstochangeversusreadaccess.Althoughsharingandreusearegoodinonesense,theycanrepresentasecurityriskinanother.Commonexamplesoftheleastcommonmechanismanditsisolation

principleaboundinordinarysystems.Sandboxingisameansofseparatingtheoperationofanapplicationfromtherestoftheoperatingsystem.Virtualmachinesperformthesametaskbetweenoperatingsystemsonasinglepieceofhardware.Instantiatingsharedlibraries,inwhichseparateinstantiationoflocalclassesenablesseparatebutequalcoding,isyetanother.Thekeyistoprovideameansofisolationbetweenprocessessoinformationcannotflowbetweenseparateusersunlessspecificallydesignedtodoso.

Itoftenamazessecurityprofessionalshowfrequentlyindividualsrelyonsecuritythroughobscurityastheirmainlineofdefense.Relyingonsomepieceofinformationremainingsecretisgenerallynotagoodidea.Thisisespeciallytrueinthisageofreverse-engineering,whereindividualsanalyzethebinariesforprogramstodiscoverembeddedpasswordsorcryptographickeys.Thebiggestproblemwithrelyingonsecuritythroughobscurityisthatifitfailsandthe

secretbecomesknown,thereoftenisnoeasywaytomodifythesecrettore-secureit.

PsychologicalAcceptabilityPsychologicalacceptabilityreferstotheusers’acceptanceofsecuritymeasures.Usersplayakeyroleintheoperationofasystem,andifsecuritymeasuresareperceivedtobeanimpedimenttotheworkauserisresponsiblefor,thenanaturalconsequencemaybethattheuserbypassesthecontrol.Althoughausermayunderstandthatthiscouldresultinasecurityproblem,theperceptionthatitdoesresultintheirperformancefailurewillpresentpressuretobypassit.Psychologicalacceptabilityisoftenoverlookedbysecurity

professionalsfocusedontechnicalissuesandhowtheyseethethreat.Theyarefocusedonthethreat,whichistheirprofessionalresponsibility,sothefocusonsecurityisnaturalanditalignswiththeirprofessionalresponsibilities.Thisalignmentbetweensecurityandprofessionalworkresponsibilitiesdoesnotalwaystranslatetootherpositionsinanorganization.Securityprofessionals,particularlythosedesigningthesecuritysystems,shouldnotonlybeawareofthisconcept,butpayparticularattentiontohowsecuritycontrolswillbeviewedbyworkersinthecontextoftheirworkresponsibility,notwithrespecttosecurityforitsownsake.

DefenseinDepthDefenseindepthisaprinciplethatischaracterizedbytheuseofmultiple,differentdefensemechanismswithagoalofimprovingthedefensiveresponsetoanattack.Anothertermfordefenseindepthislayeredsecurity.Singlepointsoffailurerepresentjustthat,anopportunitytofail.Byusingmultipledefensesthataredifferent,withdifferingpointsoffailure,asystembecomesstronger.Whileonedefensemechanismmaynotbe100percenteffective,theapplicationofaseconddefensemechanismtotheitemsthatsucceedinbypassingthefirstmechanismprovidesastrongerresponse.Thereareacoupleofdifferentmechanismsthatcanbe

employedinadefense-in-depthstrategy:layeredsecurityanddiversityofdefense.Togethertheseprovideadefense-in-depthstrategythatisstrongerthananysinglelayerofdefense.Abankdoesnotprotectthemoneythatitstoresonlybyusingavault.It

hasoneormoresecurityguardsasafirstdefensetowatchforsuspiciousactivitiesandtosecurethefacilitywhenthebankisclosed.Itmayhavemonitoringsystemsthatwatchvariousactivitiesthattakeplaceinthebank,whetherinvolvingcustomersoremployees.Thevaultisusuallylocatedinthecenterofthefacility,andthustherearelayersofroomsorwallsbeforearrivingatthevault.Thereisaccesscontrol,whichensuresthatthepeopleenteringthevaulthavetobegivenauthorizationbeforehand.Andthesystems,includingmanualswitches,areconnecteddirectlytothepolicestationincaseadeterminedbankrobbersuccessfullypenetratesanyoneoftheselayersofprotection.Networksshouldutilizethesametypeoflayeredsecurityarchitecture.

Thereisno100percentsecuresystem,andthereisnothingthatisfoolproof,soasinglespecificprotectionmechanismshouldneverbesolelyreliedupon.Itisimportantthateveryenvironmenthavemultiplelayersofsecurity.Theselayersmayemployavarietyofmethods,suchasrouters,firewalls,networksegments,IDSs,encryption,authenticationsoftware,physicalsecurity,andtrafficcontrol.Thelayersneedtoworktogetherinacoordinatedmannersothatonedoesnotimpedeanother’sfunctionalityandintroduceasecurityhole.Asanexample,considerthestepsanintrudermighthavetotaketo

accesscriticaldataheldwithinacompany’sback-enddatabase.TheintruderfirsthastopenetratethefirewallandusepacketsandmethodsthatwillnotbeidentifiedanddetectedbytheIDS(moreinformationonthesedevicescanbefoundinChapter13).Theattackernexthastocircumventaninternalrouterperformingpacketfiltering,andthenpossiblypenetrateanotherfirewallusedtoseparateoneinternalnetworkfromanother(seeFigure2.3).Fromthere,theintrudermustbreaktheaccesscontrolsthatareonthedatabase,whichmeanshavingtodoadictionaryorbrute-forceattacktobeabletoauthenticatetothedatabasesoftware.Oncetheintruder

hasgottenthisfar,thedatastillneedstobelocatedwithinthedatabase.Thismayinturnbecomplicatedbytheuseofaccesscontrollistsoutliningwhocanactuallyviewormodifythedata.Thatisalotofwork.

•Figure2.3Layeredsecurity

Thisexampleillustratesthedifferentlayersofsecuritymanyenvironmentsemploy.Itisimportanttoimplementseveraldifferentlayersbecauseifintruderssucceedatonelayer,youwanttobeabletostopthematthenext.Theredundancyofdifferentprotectionlayersassuresthatthereisnoonesinglepointoffailurepertainingtosecurity.Ifanetworkusedonlyafirewalltoprotectitsassets,anattackerabletopenetratethisdevicesuccessfullywouldfindtherestofthenetworkopenandvulnerable.Anexampleofhowdifferentsecuritymethodscanworkagainsteach

otherisexemplifiedwhenfirewallsencounterencryptednetworktraffic.Anorganizationmayutilizeencryptionsothatanoutsidecustomercommunicatingwithaspecificwebserverisassuredthatsensitivedatabeingexchangedisprotected.IfthisencrypteddataisencapsulatedwithinSecureSocketsLayer(SSL)orTransportLayerSecurity(TLS)packetsandthensentthroughafirewall,thefirewallmaynotbeabletoreadthepayloadinformationintheindividualpackets.Thelayersusuallyaredepictedstartingatthetop,withmoregeneral

typesofprotection,andprogressingdownwardthrougheachlayer,withincreasinggranularityateachlayerasyougetclosertotheactualresource,asyoucanseeinFigure2.4.Thisisbecausethetop-layerprotectionmechanismisresponsibleforlookingatanenormousamountoftraffic,anditwouldbeoverwhelmingandcausetoomuchofaperformancedegradationifeachaspectofthepacketwereinspected.Instead,eachlayerusuallydigsdeeperintothepacketandlooksforspecificitems.Layersthatareclosertotheresourcehavetodealwithonlyafractionofthetrafficthatthetop-layersecuritymechanismdoes,andthuslookingdeeperandatmoregranularaspectsofthetrafficwillnotcauseasmuchofaperformancehit.

•Figure2.4Variouslayersofsecurity

DiversityofDefenseDiversityofdefenseisaconceptthatcomplementstheideaofvariouslayersofsecurity.Itinvolvesmakingdifferentlayersofsecuritydissimilarsothatevenifattackersknowhowtogetthroughasystemthatcomprisesonelayer,theymaynotknowhowtogetthroughadifferenttypeoflayerthatemploysadifferentsystemforsecurity.Ifanenvironmenthastwofirewallsthatformademilitarizedzone

(DMZ),forexample,onefirewallmaybeplacedattheperimeteroftheInternetandtheDMZ.Thisfirewallanalyzesthetrafficthatisenteringthroughthatspecificaccesspointandenforcescertaintypesofrestrictions.TheotherfirewallmaythenbeplacedbetweentheDMZandtheinternalnetwork.Whenapplyingthediversity-of-defenseconcept,youshouldsetupthesetwofirewallstofilterfordifferenttypesoftrafficandprovide

differenttypesofrestrictions.Thefirstfirewall,forexample,maymakesurethatnoFTP,SNMP,orTelnettrafficentersthenetworkbutallowSMTP,SSH,HTTP,andSSLtrafficthrough.ThesecondfirewallmaynotallowSSLorSSHthroughandmayinterrogateSMTPandHTTPtraffictomakesurethatcertaintypesofattacksarenotpartofthattraffic.

AccessControlThetermaccesscontrolhasbeenusedtodescribeavarietyofprotectionschemes.Itsometimesreferstoallsecurityfeaturesusedtopreventunauthorizedaccesstoacomputersystemornetwork.Inthissense,itmaybeconfusedwithauthentication.Moreproperly,accesscontrolistheabilitytocontrolwhetherasubject(suchasanindividualoraprocessrunningonacomputersystem)caninteractwithanobject(suchasafileorhardwaredevice).Authentication,ontheotherhand,dealswithverifyingtheidentityofasubject.Tohelpunderstandthedifference,considertheexampleofanindividualattemptingtologintoacomputersystemornetwork.Authenticationistheprocessusedtoverifytothecomputersystemornetworkthattheindividualiswhotheyclaimtobe.ThemostcommonmethodtodothisisthroughtheuseofauserIDandpassword.Oncetheindividualhasverifiedtheiridentity,accesscontrolsregulatewhattheindividualcanactuallydoonthesystem.Justbecauseapersonisgrantedentrytothesystemdoesnotmeanthattheyshouldhaveaccesstoalldatathesystemcontains.

AuthenticationMechanismsAccesscontrolsdefinewhatactionsausercanperformorwhatobjectsausercanhaveaccessto.Thesecontrolsassumethattheidentityoftheuserhasbeenverified.Itisthejobofauthenticationmechanismstoensurethatonlyvalidusersareadmitted.Describedanotherway,authenticationisusingsomemechanismtoprovethatyouarewhoyouclaimtobe.Therearethreegeneralfactorscommonlyusedinauthentication.Inorderto

verifyyouridentity,youcanprovide

Somethingyouknow(knowledgefactor)

Somethingyouhave(possessionfactor)

Somethingaboutyou(somethingthatyouare;inherentfactor)

Themostcommonauthenticationmechanismistoprovidesomethingthatonlyyou,thevaliduser,shouldknow.ThemostfrequentlyusedexampleofthisisthecommonuserID(orusername)andpassword.Intheory,sinceyouarenotsupposedtoshareyourpasswordwithanybodyelse,onlyyoushouldknowyourpassword,andthusbyprovidingit,youareprovingtothesystemthatyouarewhoyouclaimtobe.Anothermechanismforauthenticationistoprovidesomethingthatyouhaveinyourpossession,suchasamagneticstripecardthatcontainsidentifyinginformation.Thethirdmechanismistousesomethingaboutyouforidentificationpurposes,suchasyourfingerprintorthegeometryofyourhand.Obviously,forthesecondandthirdmechanismstowork,additionalhardwaredevicesneedtobeused(toreadthecard,fingerprint,orhandgeometry).

AccessControlvs.AuthenticationItmayseemthataccesscontrolandauthenticationaretwowaystodescribethesameprotectionmechanism.This,however,isnotthecase.Authenticationprovidesawaytoverifytothecomputerwhotheuseris.Oncetheuserhasbeenauthenticated,theaccesscontrolsdecidewhatoperationstheusercanperform.Thetwogohand-in-handbuttheyarenotthesamething.

AuthenticationandAccessControlPoliciesPoliciesarestatementsofwhattheorganizationwantstoaccomplish.Theorganizationneedstoidentifygoalsandintentionsformanydifferentaspectsofsecurity.Eachaspectwillhaveassociatedpoliciesand

procedures.

GroupPolicyOperatingsystemssuchasWindowsandLinuxallowadministratorstoorganizeusersintogroups,tocreatecategoriesofusersforwhichsimilaraccesspoliciescanbeestablished.Usinggroupssavestheadministratortime,asaddinganewuserwillnotrequiretheadministratortocreateacompletelynewuserprofile;instead,theadministratorcandeterminetowhichgroupthenewuserbelongsandthenaddtheusertothatgroup.Agrouppolicydefinesforthegroupthingssuchastheapplicable

operatingsystemandapplicationsettingsandpermissions.Examplesofgroupscommonlyfoundincludeadministrator,user,andguest.Takecarewhencreatinggroupsandassigninguserstothemsothatyoudonotprovidemoreaccessthanisabsolutelyrequiredformembersofthatgroup.Itwouldbesimpletomakeeverybodyanadministrator—itwouldcutdownonthenumberofrequestsusersmakeofbeleagueredadministrators—butthisisnotawisechoice,asitalsoenablesuserstomodifythesysteminwaysthatcouldimpactsecurity.Establishingtherightslevelsofaccessforthevariousgroupsupfrontwillsaveyoutimeandeliminatepotentialproblemsthatmightbeencounteredlateron.MoreonthissubjectwillbecoveredinChapter14.

TechTip

GroupPolicyThetermgrouppolicyhasdifferentmeaningsinLinuxandWindowssystems.InLinux,grouppoliciestypicallyrefertogroup-levelpermissionsassociatedwithfilesystems.InWindows,grouppoliciesrefertoActiveDirectoryobjectsusedtoenforceconfigurationandpermissionsacrossadomain.

PasswordPolicy

Sincepasswordsarethemostcommonauthenticationmechanism,itisimperativethatorganizationshaveapolicythataddressesthem.Thepasswordpolicyshouldaddresstheproceduresusedforselectinguserpasswords(specifyingwhatisconsideredanacceptablycomplexpasswordintheorganizationintermsofthecharactersetandlength),thefrequencywithwhichpasswordsmustbechanged,andhowpasswordswillbedistributed.Proceduresforcreatingnewpasswordsshouldanemployeeforgetheroldpasswordalsoneedtobeaddressed,aswellastheacceptablehandlingofpasswords(forexample,theyshouldnotbesharedwithanybodyelse,theyshouldnotbewrittendown,andsoon).Itmightalsobeusefultohavethepolicyaddresstheissueofpasswordcrackingbyadministrators,toenablethemtodiscoverweakpasswordsselectedbyemployees.

Apasswordpolicyisoneofthemostbasicpoliciesthatanorganizationcanhave.Makesureyouunderstandthebasicsofwhatconstitutesagoodpasswordalongwiththeotherissuesthatsurroundpasswordcreation,expiration,sharing,anduse.

Notethatthedeveloperofthepasswordpolicyandassociatedprocedurescangooverboardandcreateanenvironmentthatnegativelyimpactsemployeeproductivityandleadstopoorersecurity,notbetter.If,forexample,thefrequencywithwhichpasswordsarechangedistoogreat,usersmightwritethemdownorforgetthem.Neitheroftheseisadesirableoutcome,astheformermakesitpossibleforanintrudertofindapasswordandgainaccesstothesystem,andthelatterleadstotoomanypeoplelosingproductivityastheywaitforanewpasswordtobecreatedtoallowthemaccessagain.MoreinformationonpasswordpoliciescanbefoundinChapter22.

SecurityModels

Animportantissuewhendesigningthesoftwarethatwilloperateandcontrolsecurecomputersystemsandnetworksisthesecuritymodelthatthesystemornetworkwillbebasedupon.Thesecuritymodelwillimplementthesecuritypolicythathasbeenchosenandenforcethosecharacteristicsdeemedmostimportantbythesystemdesigners.Forexample,ifconfidentialityisconsideredparamount,themodelshouldmakecertainnodataisdisclosedtounauthorizedindividuals.Amodelenforcingconfidentialitymayallowunauthorizedindividualstomodifyordeletedata,asthiswouldnotviolatethetenetsofthemodelbecausethetruevaluesforthedatawouldstillremainconfidential.Ofcourse,thismodelmaynotbeappropriateforallenvironments.Insomeinstances,theunauthorizedmodificationofdatamaybeconsideredamoreseriousissuethanitsunauthorizeddisclosure.Insuchcases,themodelwouldberesponsibleforenforcingtheintegrityofthedatainsteadofitsconfidentiality.Choosingthemodeltobasethedesignoniscriticalifyouwanttoensurethattheresultingsystemaccuratelyenforcesthesecuritypolicydesired.This,however,isonlythestartingpoint,anditdoesnotimplythatyouhavetomakeachoicebetweenconfidentialityanddataintegrity,asbothareimportant.

ConfidentialityModelsDataconfidentialityhasgenerallybeenthechiefconcernofthemilitary.Forinstance,theU.S.militaryencouragedthedevelopmentoftheBell-LaPadulasecuritymodeltoaddressdataconfidentialityincomputeroperatingsystems.Thismodelisespeciallyusefulindesigningmultilevelsecuritysystemsthatimplementthemilitary’shierarchicalsecurityscheme,whichincludeslevelsofclassificationsuchasUnclassified,Confidential,Secret,andTopSecret.Similarclassificationschemescanbeusedinindustry,whereclassificationsmightincludePubliclyReleasable,Proprietary,andCompanyConfidential.Asecondconfidentialitymodel,theBrewer-Nashsecuritymodel,is

onedefinedbycontrollingreadandwriteaccessbasedonconflictof

interestrules.ThismodelisalsoknownastheChineseWallmodel,aftertheconceptofseparatinggroupsthroughtheuseofanimpenetrablewall.

Bell-LaPadulaModelTheBell-LaPadulasecuritymodelemploysbothmandatoryanddiscretionaryaccesscontrolmechanismswhenimplementingitstwobasicsecurityprinciples.ThefirstoftheseprinciplesiscalledtheSimpleSecurityRule,whichstatesthatnosubject(suchasauseroraprogram)canreadinformationfromanobject(suchasafile)withasecurityclassificationhigherthanthatpossessedbythesubjectitself.ThismeansthatthesystemmustpreventauserwithonlyaSecretclearance,forexample,fromreadingadocumentlabeledTopSecret.Thisruleisoftenreferredtoasthe“no-read-up”rule.

TheSimpleSecurityRuleisjustthat:themostbasicofsecurityrules.Itessentiallystatesthatinorderforyoutoseesomething,youhavetobeauthorizedtoseeit.

ThesecondsecurityprincipleenforcedbytheBell-LaPadulasecuritymodelisknownasthe*-property(pronounced“starproperty”).Thisprinciplestatesthatasubjectcanwritetoanobjectonlyifthetarget’ssecurityclassificationisgreaterthanorequaltotheobject’ssecurityclassification.ThismeansthatauserwithaSecretclearancecanwritetoafilewithaSecretorTopSecretclassificationbutcannotwritetoafilewithonlyanUnclassifiedclassification.Thisatfirstmayappeartobeabitconfusing,sincethisprincipleallowsuserstowritetofilesthattheyarenotallowedtoview,thusenablingthemtoactuallydestroyfilesthattheydon’thavetheclassificationtosee.Thisistrue,butkeepinmindthattheBell-LaPadulamodelisdesignedtoenforceconfidentiality,notintegrity.Writingtoafilethatyoudon’thavetheclearancetoviewisnotconsideredaconfidentialityissue;itisanintegrityissue.Whereasthe*-propertyallowsausertowritetoafileofequalor

greatersecurityclassification,itdoesn’tallowausertowritetoafilewithalowersecurityclassification.This,too,maybeconfusingatfirst—afterall,shouldn’tauserwithaSecretclearance,whocanviewafilemarkedUnclassified,beallowedtowritetothatfile?Theanswertothis,fromasecurityperspective,is“no.”Thereasonagainrelatestowantingtoavoideitheraccidentalordeliberatesecuritydisclosures.Thesystemisdesignedtomakeitimpossible(hopefully)fordatatobedisclosedtothosewithouttheappropriateleveltoviewit.AsshowninFigure2.5,ifitwerepossibleforauserwithaTopSecretclearancetoeitherdeliberatelyoraccidentallywriteTopSecretinformationandplaceitinafilemarkedConfidential,auserwithonlyaConfidentialsecurityclearancecouldthenaccessthisfileandviewtheTopSecretinformation.Thus,datawouldhavebeendisclosedtoanindividualnotauthorizedtoviewit.Thisiswhatthesystemshouldprotectagainstandisthereasonforwhatisknownasthe“no-write-down”rule.

•Figure2.5Bell-LaPadulasecuritymodel

Notallenvironmentsaremoreconcernedwithconfidentialitythanintegrity.Inafinancialinstitution,forexample,viewingsomebody’sbankbalanceisanissue,butagreaterissuewouldbetheabilitytoactuallymodifythatbalance.Inenvironmentswhereintegrityismoreimportant,adifferentmodelthantheBell-LaPadulasecuritymodelisneeded.

Brewer-NashSecurityModelOneofthetenetsassociatedwithaccessisneedtoknow.Separategroupswithinanorganizationmayhavedifferingneedswithrespecttoaccesstoinformation.Asecuritymodelthattakesintoaccountuserconflict-of-interestaspectsistheBrewer-Nashsecuritymodel.Inthismodel,informationflowsaremodeledtopreventinformationfromflowingbetweensubjectsandobjectswhenaconflictofinterestwouldoccur.Aspreviouslynoted,thismodelisalsoknownasaChineseWallmodel,aftertheGreatWallofChina,astructuredesignedtoseparategroupsofpeople.AsshowninFigure2.6,separategroupsaredefinedandaccesscontrolsaredesignedtoenforcetheseparationofthegroups.

•Figure2.6Brewer-Nashsecuritymodel

IntegrityModels

TheBell-LaPadulamodelwasdevelopedintheearly1970sbutwasfoundtobeinsufficientforallenvironments.Asanalternative,KennethBibastudiedtheintegrityissueanddevelopedwhatiscalledtheBibasecuritymodelinthelate1970s.Additionalworkwasperformedinthe1980sthatledtotheClark-Wilsonsecuritymodel,whichalsoplacesitsemphasisonintegrityratherthanconfidentiality.

TheBibaSecurityModelIntheBibamodel(seeFigure2.7),insteadofsecurityclassifications,integritylevelsareused.Aprincipleofintegritylevelsisthatdatawithahigherintegritylevelisbelievedtobemoreaccurateorreliablethandatawithalowerintegritylevel.Integritylevelsindicatethelevelof“trust”thatcanbeplacedininformationatthedifferentlevels.Integritylevelsdifferfromsecuritylevelsinanotherway—theylimitthemodificationofinformationasopposedtotheflowofinformation.

•Figure2.7BibbSecurityModel

Aninitialattemptatimplementinganintegrity-basedmodelwascapturedinwhatisreferredtoastheLow-Water-Markpolicy.Thispolicyinmanywaysistheoppositeofthe*-propertyinthatitpreventssubjectsfromwritingtoobjectsofahigherintegritylevel.Thepolicyalsocontainsasecondrulethatstatestheintegritylevelofasubjectwillbeloweredifitreadsanobjectofalowerintegritylevel.Thereasonforthisisthatifthesubjectthenusesdatafromthatobject,thehighesttheintegritylevelcanbeforanewobjectcreatedfromitisthesamelevelofintegrityoftheoriginalobject.Inotherwords,theleveloftrustyoucan

placeindataformedfromdataataspecificintegritylevelcannotbehigherthantheleveloftrustyouhaveinthesubjectcreatingthenewdataobject,andtheleveloftrustyouhaveinthesubjectcanonlybeashighastheleveloftrustyouhadintheoriginaldata.ThefinalrulecontainedintheLow-Water-Markpolicystatesthatasubjectcanexecuteaprogramonlyiftheprogram’sintegritylevelisequaltoorlessthantheintegritylevelofthesubject.Thisensuresthatdatamodifiedbyaprogramonlyhastheleveloftrust(integritylevel)thatcanbeplacedintheindividualwhoexecutedtheprogram.WhiletheLow-Water-Markpolicycertainlypreventsunauthorized

modificationofdata,ithastheunfortunatesideeffectofeventuallyloweringtheintegritylevelsofallsubjectstothelowestlevelonthesystem(unlessthesubjectalwaysviewsfileswiththesamelevelofintegrity).Thisisbecauseofthesecondrule,whichlowerstheintegritylevelofthesubjectafteraccessinganobjectofalowerintegritylevel.Thereisnowayspecifiedinthepolicytoeverraisethesubject’sintegritylevelbacktoitsoriginalvalue.Asecondpolicy,knownastheRingpolicy,addressesthisissuebyallowinganysubjecttoreadanyobjectwithoutregardtotheobject’slevelofintegrityandwithoutloweringthesubject’sintegritylevel.This,unfortunately,canleadtoasituationwheredatacreatedbyasubjectafterreadingdataofalowerintegritylevelcouldenduphavingahigherleveloftrustplaceduponitthanitshould.TheBibasecuritymodelimplementsahybridoftheRingandLow-

Water-Markpolicies.Biba’smodelinmanyrespectsistheoppositeoftheBell-LaPadulamodelinthatwhatitenforcesare“no-read-down”and“no-write-up”policies.Italsoimplementsathirdrulethatpreventssubjectsfromexecutingprogramsofahigherlevel.TheBibasecuritymodelthusaddressestheproblemsmentionedwithboththeRingandLow-Water-Markpolicies.

TheClark-WilsonSecurityModelTheClark-WilsonsecuritymodeltakesanentirelydifferentapproachthantheBibaandBell-LaPadulamodels,usingtransactionsasthebasisfor

itsrules.Itdefinestwolevelsofintegrityonly:constraineddataitems(CDIs)andunconstraineddataitems(UDIs).CDIdataissubjecttointegritycontrolswhileUDIdataisnot.Themodelthendefinestwotypesofprocesses:integrityverificationprocesses(IVPs),whichensurethatCDIdatameetsintegrityconstraints(toensurethesystemisinavalidstate),andtransformationprocesses(TPs),whichchangethestateofdatafromonevalidstatetoanother.Datainthismodelcannotbemodifieddirectlybyauser;itmustbechangedbytrustedTPs,accesstowhichcanberestricted(thusrestrictingtheabilityofausertoperformcertainactivities).Itisusefultoreturntothepriorexampleofthebankingaccountbalance

todescribetheneedforintegrity-basedmodels.IntheClark-Wilsonmodel,theaccountbalancewouldbeaCDIbecauseitsintegrityisacriticalfunctionforthebank.Aclient’scolorpreferencefortheircheckbookisnotacriticalfunctionandwouldbeconsideredaUDI.Sincetheintegrityofaccountbalancesisofextremeimportance,changestoaperson’sbalancemustbeaccomplishedthroughtheuseofaTP.EnsuringthatthebalanceiscorrectwouldbethedutyofanIVP.Onlycertainemployeesofthebankshouldhavetheabilitytomodifyanindividual’saccount,whichcanbecontrolledbylimitingthenumberofindividualswhohavetheauthoritytoexecuteTPsthatresultinaccountmodification.CertainverycriticalfunctionsmayactuallybesplitintomultipleTPstoenforceanotherimportantprinciple,separationofduties(introducedearlierinthechapter).Thislimitstheauthorityanyoneindividualhassothatmultipleindividualswillberequiredtoexecutecertaincriticalfunctions.

Chapter2Review

ChapterSummary

Afterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingregardingthebasicsofsecurity,securityterminology,andsecuritymodels.

Definebasictermsassociatedwithcomputerandinformationsecurity

Informationassuranceandinformationsecurityplacethesecurityfocusontheinformationandnotonthehardwareorsoftwareusedtoprocessit.

Theoriginalgoalofcomputerandnetworksecuritywastoprovideconfidentiality,integrity,andavailability—the“CIA”ofsecurity.

Additionalelementsofsecuritycanincludeauthentication,authorization,auditability,andnonrepudiation.

Theoperationalmodelofcomputersecuritytellsusthatprotectionisprovidedbyprevention,detection,andresponse.

Identifythebasicapproachestocomputerandinformationsecurity

Hostsecurityfocusesonprotectingeachcomputeranddeviceindividually,whereasnetworksecurityfocusesonaddressingprotectionofthenetworkasawhole.

Formanyorganizations,acombinationofhostsecurityandnetworksecurityisneededtoadequatelyaddressthewiderangeofpossiblesecuritythreats.

Identifythebasicprinciplesofcomputerandinformationsecurity

Principleofleastprivilegeistousetheminimumprivilegesnecessarytoperformatask.

Principleofseparationofprivilegestatesthatcriticalitemsshouldrequiremultipleparties.

Principleoffail-safedefaultstatesthatdenybydefault(implicitdeny)andonlygrantaccesswithexplicitpermissionshouldbeemployedin

accessdecisions.

Principleofeconomyofmechanismstatesthatprotectionmechanismsshouldbesmallandsimple.

Principleofcompletemediationstatesthatprotectionmechanismsshouldcovereveryaccesstoeveryobjectandshouldneverbebypassed.

Principleofopendesignstatesthatprotectionmechanismsshouldnotdependuponsecrecyofthemechanismitself.

Principleofleastcommonmechanismstatesthattheprotectionmechanismsshouldbesharedtotheleastdegreepossibleamongusers.

Principleofpsychologicalacceptabilitystatesthatprotectionmechanismsshouldnotimpactusers,oriftheydo,theimpactshouldbeminimal.

Principleofdefenseindepth,orlayeredsecurity,isthatmultiplelayersofdiffering,overlappingcontrolsshouldbeemployed.

Diversityofdefenseisaconceptthatcomplementstheideaofvariouslayersofsecurity.Itmeanstomakethelayersdissimilarsothatifonelayerispenetrated,thenextlayercan’talsobepenetratedusingthesamemethod.

Distinguishamongvariousmethodstoimplementaccesscontrols

Accessistheabilityofasubjecttointeractwithanobject.Accesscontrolsarethosedevicesandmethodsusedtolimitwhichsubjectsmayinteractwithspecificobjects.

Anaccesscontrollist(ACL)isamechanismthatisusedtodefinewhetherauserhascertainaccessprivilegesforasystem.Othermethodsincludediscretionaryaccesscontrol(DAC),mandatoryaccesscontrol(MAC),role-basedaccesscontrol(RBAC),andrule-basedaccesscontrol.

Describemethodsusedtoverifytheidentityandauthenticityofanindividual

Authenticationmechanismsensurethatonlyvalidusersareprovidedaccesstothecomputersystemornetwork.

Thethreegeneralmethodscommonlyusedinauthenticationinvolveusersprovidingeithersomethingtheyknow,somethingtheyhave,orsomethinguniqueaboutthem(somethingtheyare).

Recognizesomeofthebasicmodelsusedtoimplementsecurityinoperatingsystems

Securitymodelsenforcethechosensecuritypolicy.

Therearetwobasiccategoriesofmodels:thosethatensureconfidentialityandthosethatensureintegrity.

Bell-LaPadulaisaconfidentialitysecuritymodelwhosedevelopmentwaspromptedbythedemandsoftheU.S.militaryanditssecurityclearancescheme.

TheBell-LaPadulasecuritymodelenforces“no-read-up”and“no-write-down”rulestoavoidthedeliberateoraccidentaldisclosureofinformationtoindividualsnotauthorizedtoreceiveit.

TheBrewer-Nashsecuritymodel(ChineseWallmodel)isaconfidentialitymodelthatseparatesusersbasedonconflictsofinterest.

TheBibasecuritymodelisanintegrity-basedmodelthat,inmanyrespects,implementstheoppositeofwhattheBell-LaPadulamodeldoes—thatis,“no-read-down”and“no-write-up”rules.

TheClark-Wilsonsecuritymodelisanintegrity-basedmodeldesignedtolimittheprocessesanindividualmayperformaswellasrequirethatcriticaldatabemodifiedonlythroughspecifictransformationprocesses.

KeyTerms*-property(34)accesscontrol(31)auditability(20)authentication(20)availability(20)Bell-LaPadulasecuritymodel(34)Bibasecuritymodel(35)Brewer-Nashsecuritymodel(34)Clark-Wilsonsecuritymodel(37)completemediation(27)confidentiality(20)defaultdeny(26)defenseindepth(29)diversityofdefense(31)economyofmechanism(27)fail-safedefaults(26)hacking(19)hostsecurity(23)implicitdeny(26)integrity(20)layeredsecurity(29)leastcommonmechanism(28)leastprivilege(24)Low-Water-Markpolicy(36)networksecurity(24)nonrepudiation(20)opendesign(27)operationalmodelofcomputersecurity(20)phreaking(19)

psychologicalacceptability(29)Ringpolicy(36)securitythroughobscurity(28)separationofduties(25)separationofprivilege(25)SimpleSecurityRule(34)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1._______________isatermusedtodescribetheconditionwhereausercannotdenythataneventhasoccurred.

2.The_______________isanintegrity-basedsecuritymodelthatbasesitssecurityoncontroloftheprocessesthatareallowedtomodifycriticaldata,referredtoasconstraineddataitems.

3.ThesecurityprincipleusedintheBell-LaPadulasecuritymodelthatstatesthatnosubjectcanreadfromanobjectwithahighersecurityclassificationiscalledthe_______________.

4.Theprinciplethatstatesasubjecthasonlythenecessaryrightsandprivilegestoperformitstask,withnoadditionalpermissions,iscalled_______________.

5._______________istheprincipleinsecuritywhereprotectionmechanismsshouldbekeptassimpleandassmallaspossible.

6._______________istheprinciplethatprotectionmechanismsshouldminimizeuser-levelimpact.

7._______________istheprocessusedtoensurethatanindividualiswhotheyclaimtobe.

8.Thearchitectureinwhichmultiplemethodsofsecuritydefenseare

appliedtopreventrealizationofthreat-basedrisksiscalled_______________.

9._______________istheprocessofcombiningseeminglyunimportantinformationwithotherpiecesofinformationtodivulgepotentiallysensitiveinformation.

10.Implicitdenyisanoperationalizationoftheprincipleof_______________.

Multiple-ChoiceQuiz1.Whichofthefollowingisnotaprincipleofsecurity?

A.Principleofleastprivilege

B.Principleofeconomyofmechanism

C.Principleofefficientaccess

D.Principleofopenaccess

2.TheCIAofsecurityincludes:A.Confidentiality,integrity,authentication

B.Confidentiality,integrity,availability

C.Certificates,integrity,availability

D.Confidentiality,inspection,authentication

3.ThesecurityprincipleusedintheBell-LaPadulasecuritymodelthatstatesthatnosubjectcanreadfromanobjectwithahighersecurityclassificationisthe:

A.SimpleSecurityRule

B.Ringpolicy

C.Mandatoryaccesscontrol

D.*-property

4.Whichofthefollowingconceptsrequiresusersandsystemprocessestousetheminimalamountofpermissionnecessarytofunction?

A.Layerdefense

B.Diversifieddefense

C.SimpleSecurityRule

D.Leastprivilege

5.Whichsecuritymodelseparatesusersbasedonconflict-of-interestissues?

A.Bell-LaPadula

B.Brewer-Nash

C.Biba

D.Clark-Wilson

6.TheBell-LaPadulasecuritymodelisanexampleofasecuritymodelthatisbasedon:

A.Theintegrityofthedata

B.Theavailabilityofthedata

C.Theconfidentialityofthedata

D.Theauthenticityofthedata

7.Thetermusedtodescribetherequirementthatdifferentportionsofacriticalprocessmustbeperformedbydifferentpeopleis:

A.Leastprivilege

B.Defenseindepth

C.Separationofduties

D.Jobrotation

8.Hidinginformationtopreventdisclosureisanexampleof:A.Securitythroughobscurity

B.Certificate-basedsecurity

C.Discretionarydatasecurity

D.Defenseindepth

9.TheproblemwiththeLow-Water-Markpolicyisthatit:A.Isaimedatensuringconfidentialityandnotintegrity

B.Couldultimatelyresultinallsubjectshavingtheintegrityleveloftheleast-trustedobjectonthesystem

C.Couldresultintheunauthorizedmodificationofdata

D.Doesnotadequatelypreventusersfromviewingfilestheyarenotentitledtoview

10.Theconceptofblockinganactionunlessitisspecificallyauthorizedis:

A.Implicitdeny

B.Leastprivilege

C.SimpleSecurityRule

D.Hierarchicaldefensemodel

EssayQuiz1.Yourcompanyhasdecidedtoincreasetheauthenticationsecurity

byrequiringremoteemployeestouseasecuritytokenaswellasa

passwordtologontothenetwork.Theemployeesaregrumblingaboutthenewrequirementsbecausetheydon’twanttohavetocarryaroundthetokenwiththemanddon’tunderstandwhyit’snecessary.Writeabriefmemotothestafftoeducatethemonthegeneralwaysthatauthenticationcanbeperformed.Thenexplainwhyyourcompanyhasdecidedtousesecuritytokensinadditiontopasswords.

2.ThenewCEOforyourcompanyjustretiredfromthemilitaryandwantstousesomeofthesamecomputersystemsandsecuritysoftwaresheusedwhilewiththemilitary.Explaintoherthereasonsthatconfidentiality-basedsecuritymodelsarenotadequateforallenvironments.Provideatleasttwoexamplesofenvironmentswhereaconfidentiality-basedsecuritymodelisnotsufficient.

3.Describewhytheconceptof“securitythroughobscurity”isgenerallyconsideredabadprincipletorelyon.Providesomereal-worldexamplesofwhereyouhaveseenthisprincipleused.

4.Writeabriefessaydescribingtheprincipleofleastprivilegeandhowitcanbeemployedtoenhancesecurity.Provideatleasttwoexamplesofenvironmentsinwhichitcanbeusedforsecuritypurposes.

LabProjects

•LabProject2.1Inanenvironmentfamiliartoyou(yourschoolorwhereyouwork,forexample),determinewhethertheprincipleofdiversityofdefensehasbeenemployedandlistthedifferentlayersofsecuritythatareemployed.Discusswhetheryouthinktheyaresufficientandwhethertheprincipleofdiversityofdefensehasalsobeenused.

•LabProject2.2

Pickanoperatingsystemthatenforcessomeformofaccesscontrolanddeterminehowitisimplementedinthatsystem.

chapter3 OperationalandOrganizationalSecurity

Wewillbankruptourselvesinthevainsearchforabsolutesecurity.

—DWIGHTDAVIDEISENHOWER

O

Inthischapter,youwilllearnhowto

Identifyvariousoperationalaspectstosecurityinyourorganization

Identifyvariouspoliciesandproceduresinyourorganization

Identifythesecurityawarenessandtrainingneedsofanorganization

Understandthedifferenttypesofagreementsemployedinnegotiatingsecurityrequirements

Describethephysicalsecuritycomponentsthatcanprotectyourcomputersandnetwork

Identifyenvironmentalfactorsthatcanaffectsecurity

Identifyfactorsthataffectthesecurityofthegrowingnumberofwirelesstechnologiesusedfordatatransmission

Preventdisclosurethroughelectronicemanations

rganizationsachieveoperationalsecuritythroughpoliciesandproceduresthatguideuser’sinteractionswithdataanddataprocessingsystems.Developingandaligningtheseeffortswiththegoalsofthe

businessisacrucialpartofdevelopingasuccessfulsecurityprogram.Onemethodofensuringcoverageistoaligneffortswiththeoperationalsecuritymodeldescribedinthelastchapter.Thisbreakseffortsintogroups;prevention,detection,andresponseelements.Preventiontechnologiesaredesignedtokeepindividualsfrombeing

abletogainaccesstosystemsordatatheyarenotauthorizedtouse.Originally,thiswasthesoleapproachtosecurity.Eventuallywelearnedthatinanoperationalenvironment,preventionisextremelydifficultandrelyingonpreventiontechnologiesaloneisnotsufficient.Thisledtotheriseoftechnologiestodetectandrespondtoeventsthatoccurwhenpreventionfails.Together,thepreventiontechnologiesandthedetectionandresponsetechnologiesformtheoperationalmodelforcomputersecurity.

Policies,Procedures,Standards,andGuidelinesAnimportantpartofanyorganization’sapproachtoimplementingsecurityarethepolicies,procedures,standards,andguidelinesthatareestablishedtodetailwhatusersandadministratorsshouldbedoingtomaintainthesecurityofthesystemsandnetwork.Collectively,thesedocumentsprovidetheguidanceneededtodeterminehowsecuritywillbeimplementedintheorganization.Giventhisguidance,thespecifictechnologyandsecuritymechanismsrequiredcanbeplannedfor.Policiesarehigh-level,broadstatementsofwhattheorganizationwants

toaccomplish.Theyaremadebymanagementwhenlayingouttheorganization’spositiononsomeissue.Proceduresarethestep-by-stepinstructionsonhowtoimplementpoliciesintheorganization.Theydescribeexactlyhowemployeesareexpectedtoactinagivensituationortoaccomplishaspecifictask.Standardsaremandatoryelementsregardingtheimplementationofapolicy.Theyareacceptedspecificationsthatprovidespecificdetailsonhowapolicyistobeenforced.Somestandardsareexternallydriven.Regulationsforbankingandfinancialinstitutions,forexample,requirecertainsecuritymeasuresbetakenbylaw.Otherstandardsmaybesetbytheorganizationtomeetitsownsecuritygoals.Guidelinesarerecommendationsrelatingtoapolicy.Thekeyterminthiscaseisrecommendations—guidelinesarenotmandatorysteps.

Thesedocumentsguidehowsecuritywillbeimplementedintheorganization:Policies High-level,broadstatementsofwhattheorganizationwantstoaccomplishProcedures Step-by-stepinstructionsonhowtoimplementthepoliciesStandards MandatoryelementsregardingtheimplementationofapolicyGuidelines Recommendationsrelatingtoapolicy

Justasthenetworkitselfconstantlychanges,thepolicies,procedures,standards,andguidelinesshouldbeincludedinlivingdocumentsthatare

periodicallyevaluatedandchangedasnecessary.Theconstantmonitoringofthenetworkandtheperiodicreviewoftherelevantdocumentsarepartoftheprocessthatistheoperationalmodel.Whenappliedtopolicies,thisprocessresultsinwhatisknownasthepolicylifecycle.Thisoperationalprocessandpolicylifecycleroughlyconsistoffourstepsinrelationtoyoursecuritypoliciesandsolutions:

1.Plan(adjust)forsecurityinyourorganization.2.Implementtheplans.3.Monitortheimplementation.4.Evaluatetheeffectiveness.

Inthefirststep,youdevelopthepolicies,procedures,andguidelinesthatwillbeimplementedanddesignthesecuritycomponentsthatwillprotectyournetwork.Thereareavarietyofgoverninginstruments,fromstandardstocompliancerulesthatwillprovideboundariesforthesedocuments.Oncethesedocumentsaredesignedanddeveloped,youcanimplementtheplans.Partoftheimplementationofanypolicy,procedure,orguidelineisaninstructionperiodduringwhichthosewhowillbeaffectedbythechangeorintroductionofthisnewdocumentlearnaboutitscontents.Next,youmonitortoensurethatboththehardwareandthesoftwareaswellasthepolicies,procedures,andguidelinesareeffectiveinsecuringyoursystems.Finally,youevaluatetheeffectivenessofthesecuritymeasuresyouhaveinplace.Thisstepmayincludeavulnerabilityassessment(anattempttoidentifyandprioritizethelistofvulnerabilitieswithinasystemornetwork)andapenetrationtest(amethodtocheckthesecurityofasystembysimulatinganattackbyamaliciousindividual)ofyoursystemtoensurethesecurityisadequate.Afterevaluatingyoursecurityposture,youbeginagainwithstepone,thistimeadjustingthesecuritymechanismsyouhaveinplace,andthencontinuewiththiscyclicalprocess.Regardingsecurity,everyorganizationshouldhaveseveralcommon

policiesinplace(inadditiontothosealreadydiscussedrelativetoaccesscontrolmethods).Theseinclude,butarenotlimitedto,securitypoliciesregardingchangemanagement,classificationofinformation,acceptableuse,duecareandduediligence,dueprocess,needtoknow,disposalanddestructionofdata,servicelevelagreements,humanresourcesissues,codesofethics,andpoliciesgoverningincidentresponse.

SecurityPoliciesInkeepingwiththehigh-levelnatureofpolicies,thesecuritypolicyisahigh-levelstatementproducedbyseniormanagementthatoutlinesbothwhatsecuritymeanstotheorganizationandtheorganization’sgoalsforsecurity.Themainsecuritypolicycanthenbebrokendownintoadditionalpoliciesthatcoverspecifictopics.Statementssuchas“thisorganizationwillexercisetheprincipleofleastaccessinitshandlingofclientinformation”wouldbeanexampleofasecuritypolicy.Thesecuritypolicycanalsodescribehowsecurityistobehandledfromanorganizationalpointofview(suchasdescribingwhichofficeandcorporateofficerormanageroverseestheorganization’ssecurityprogram).Inadditiontopoliciesrelatedtoaccesscontrol,theorganization’s

securitypolicyshouldincludethespecificpoliciesdescribedinthenextsections.Allpoliciesshouldbereviewedonaregularbasisandupdatedasneeded.Generally,policiesshouldbeupdatedlessfrequentlythantheproceduresthatimplementthem,sincethehigh-levelgoalswillnotchangeasoftenastheenvironmentinwhichtheymustbeimplemented.Allpoliciesshouldbereviewedbytheorganization’slegalcounsel,andaplanshouldbeoutlinedthatdescribeshowtheorganizationwillensurethatemployeeswillbemadeawareofthepolicies.Policiescanalsobemadestrongerbyincludingreferencestotheauthoritywhomadethepolicy(whetherthispolicycomesfromtheCEOorisadepartment-levelpolicy,forexample)andreferencestoanylawsorregulationsthatareapplicabletothespecificpolicyandenvironment.

ChangeManagementPolicyThepurposeofchangemanagementistoensureproperproceduresarefollowedwhenmodificationstotheITinfrastructurearemade.Thesemodificationscanbepromptedbyanumberofdifferentevents,includingnewlegislation,updatedversionsofsoftwareorhardware,implementationofnewsoftwareorhardware,orimprovementstotheinfrastructure.Theterm“management”impliesthatthisprocessshouldbecontrolledinsomesystematicway,andthatisindeedthepurpose.Changestotheinfrastructuremighthaveadetrimentalimpactonoperations.Newversionsofoperatingsystemsorapplicationsoftwaremightbeincompatiblewithothersoftwareorhardwaretheorganizationisusing.Withoutaprocesstomanagethechange,anorganizationmightsuddenlyfinditselfunabletoconductbusiness.Achangemanagementprocessshouldincludevariousstages,includingamethodtorequestachangetotheinfrastructure,areviewandapprovalprocessfortherequest,anexaminationoftheconsequencesofthechange,resolution(ormitigation)ofanydetrimentaleffectsthechangemightincur,implementationofthechange,anddocumentationoftheprocessasitrelatedtothechange.

DataPoliciesSystemintegrationwiththirdpartiesfrequentlyinvolvesthesharingofdata.Datacanbesharedforthepurposeofprocessingorstorage.Controloverdataisasignificantissueinthird-partyrelationships.Therearenumerousquestionsthatneedtobeaddressed.Thequestionofwhoownsthedata,boththedatasharedwiththirdpartiesandsubsequentdatadevelopedaspartoftherelationship,isanissuethatneedstobeestablished.

DataOwnershipDatarequiresadataowner.Dataownershiprolesforalldataelementsneedtobedefinedinthebusiness.Dataownershipisabusinessfunction,

wheretherequirementsforsecurity,privacy,retention,andotherbusinessfunctionsmustbeestablished.Notalldatarequiresthesamehandlingrestrictions,butalldatarequiresthesecharacteristicstobedefined.Thisistheresponsibilityofthedataowner.

UnauthorizedDataSharingUnauthorizeddatasharingcanbeasignificantissue,andintoday’sworld,datahasvalueandisfrequentlyusedforsecondarypurposes.Ensuringthatallpartiesintherelationshipunderstandthedata-sharingrequirementsisanimportantprerequisite.Equallyimportantisensuringthatallpartiesunderstandthesecurityrequirementsofshareddata.

DataBackupsDataownershiprequirementsincludebackupresponsibilities.Databackuprequirementsincludedeterminingthelevelofbackup,restoreobjectives,andlevelofprotectionrequirements.ThesecanbedefinedbythedataownerandthenexecutedbyoperationalITpersonnel.Determiningthebackupresponsibilitiesanddevelopingthenecessaryoperationalprocedurestoensurethatadequatebackupsoccurareimportantsecurityelements.

ClassificationofInformationAkeycomponentofITsecurityistheprotectionoftheinformationprocessedandstoredonthecomputersystemsandnetwork.Organizationsdealwithmanydifferenttypesofinformation,andtheyneedtorecognizethatnotallinformationisofequalimportanceorsensitivity.Thisrequiresclassificationofinformationintovariouscategories,eachwithitsownrequirementsforitshandling.Factorsthataffecttheclassificationofspecificinformationincludeitsvaluetotheorganization(whatwillbetheimpacttotheorganizationifitlosesthisinformation?),itsage,andlawsorregulationsthatgovernitsprotection.ThemostwidelyknownsystemofclassificationofinformationisthatimplementedbytheU.S.government

(includingthemilitary),whichclassifiesinformationintocategoriessuchasConfidential,Secret,andTopSecret.BusinesseshavesimilardesirestoprotectinformationandoftenusecategoriessuchasPubliclyReleasable,Proprietary,CompanyConfidential,andForInternalUseOnly.Eachpolicyfortheclassificationofinformationshoulddescribehowitshouldbeprotected,whomayhaveaccesstoit,whohastheauthoritytoreleaseitandhow,andhowitshouldbedestroyed.Allemployeesoftheorganizationshouldbetrainedintheproceduresforhandlingtheinformationthattheyareauthorizedtoaccess.Discretionaryandmandatoryaccesscontroltechniquesuseclassificationsasamethodtoidentifywhomayhaveaccesstowhatresources.

TechTip

DataClassificationInformationclassificationcategoriesyoushouldbeawareoffortheCompTIASecurity+examinclude:High,Medium,Low,Confidential,Private,andPublic.

DataLabeling,Handling,andDisposalEffectivedataclassificationprogramsincludedatalabeling,whichenablespersonnelworkingwiththedatatoknowwhetheritissensitiveandtounderstandthelevelsofprotectionrequired.Whenthedataisinsideaninformation-processingsystem,theprotectionsshouldbedesignedintothesystem.Butwhenthedataleavesthiscocoonofprotection,whetherbyprinting,downloading,orcopying,itbecomesnecessarytoensurecontinuedprotectionbyothermeans.Thisiswheredatalabelingassistsusersinfulfillingtheirresponsibilities.Trainingtoensurethatlabelingoccursandthatitisusedandfollowedisimportantforuserswhoserolescanbeimpactedbythismaterial.Trainingplaysanimportantroleinensuringproperdatahandlingand

disposal.Personnelareintimatelyinvolvedinseveralspecifictasks

associatedwithdatahandlinganddatadestruction/disposaland,ifproperlytrained,canactasasecuritycontrol.Untrainedorinadequatelytrainedpersonnelwillnotbeaproductivesecuritycontroland,infact,canbeasourceofpotentialcompromise.

NeedtoKnowAnothercommonsecurityprincipleisthatofneedtoknow,whichgoeshand-in-handwithleastprivilege.Theguidingfactorhereisthateachindividualintheorganizationissuppliedwithonlytheabsoluteminimumamountofinformationandprivilegesheorsheneedstoperformtheirworktasks.Toobtainaccesstoanypieceofinformation,theindividualmusthaveajustifiedneedtoknow.Apolicyspellingoutthesetwoprinciplesasguidingphilosophiesfortheorganizationshouldbecreated.Thepolicyshouldalsoaddresswhointheorganizationcangrantaccesstoinformationandwhocanassignprivilegestoemployees.

DisposalandDestructionPolicyManypotentialintrudershavelearnedthevalueofdumpsterdiving.Anorganizationmustbeconcernedaboutnotonlypapertrashanddiscardedobjects,butalsotheinformationstoredondiscardedobjectssuchascomputers.Severalgovernmentorganizationshavebeenembarrassedwhenoldcomputerssoldtosalvagersprovedtocontainsensitivedocumentsontheirharddrives.Itiscriticalforeveryorganizationtohaveastrongdisposalanddestructionpolicyandrelatedprocedures.Importantpapersshouldbeshredded,andimportantinthiscasemeans

anythingthatmightbeusefultoapotentialintruder.Itisamazingwhatintruderscandowithwhatappeartobeinnocentpiecesofinformation.Beforemagneticstoragemedia(suchasdisksortapes)isdiscardedin

thetrashorsoldforsalvage,itshouldhaveallfilesdeleted,andshouldbeoverwrittenatleastthreetimeswithall1’s,all0’s,andthenrandomcharacters.Commercialproductsareavailabletodestroyfilesusingthisprocess.Itisnotsufficientsimplytodeleteallfilesandleaveitatthat,

sincethedeletionprocessaffectsonlythepointerstowherethefilesarestoredanddoesn’tactuallygetridofallthebitsinthefile.Thisiswhyitispossibleto“undelete”filesandrecoverthemaftertheyhavebeendeleted.Asafermethodfordestroyingfilesfromastoragedeviceistodestroy

thedatamagnetically,usingastrongmagneticfieldtodegaussthemedia.Thiseffectivelydestroysalldataonthemedia.Severalcommercialdegaussersareavailableforthispurpose.Anothermethodthatcanbeusedonharddrivesistouseafileonthem(thesortoffileyou’dfindinahardwarestore)andactuallyfileoffthemagneticmaterialfromthesurfaceoftheplatter.Shreddingfloppymediaisnormallysufficient,butsimplycuttingafloppydiskintoafewpiecesisnotenough—datahasbeensuccessfullyrecoveredfromfloppiesthatwerecutintoonlyacoupleofpieces.CDsandDVDsalsoneedtobedisposedofappropriately.Manypapershreddersnowhavetheabilitytoshredtheseformsofstoragemedia.Insomehighlysecureenvironments,theonlyacceptablemethodofdisposingofharddrivesandotherstoragedevicesistheactualphysicaldestructionofthedevices.Matchingthesecurityactiontothelevelofriskisimportanttorecognizeinthisinstance.Destroyingharddrivesthatdonothavesensitiveinformationiswasteful;properfilescrubbingisprobablyappropriate.Fordriveswithultra-sensitiveinformation,physicaldestructionmakessense.Thereisnosingleanswer,butasinmostthingsassociatedwithinformationsecurity,thebestpracticeistomatchtheactiontothelevelofrisk.

HumanResourcesPoliciesIthasbeensaidthattheweakestlinksinthesecuritychainarethehumans.Consequently,itisimportantfororganizationstohavepoliciesinplacerelativetotheiremployees.Policiesthatrelatetothehiringofindividualsareprimarilyimportant.Theorganizationneedstomakesurethatithiresindividualswhocanbetrustedwiththeorganization’sdataandthatofitsclients.Onceemployeesarehired,theyshouldbekeptfromslippingintothecategoryof“disgruntledemployee.”Finally,policiesmustbe

developedtoaddresstheinevitablepointinthefuturewhenanemployeeleavestheorganization—eitheronhisorherownorwiththe“encouragement”oftheorganizationitself.Securityissuesmustbeconsideredateachofthesepoints.

ManyorganizationsoverlookthesecurityimplicationsthatdecisionsbyHumanResourcesmayhave.HumanResourcespersonnelandsecuritypersonnelshouldhaveacloseworkingrelationship.Decisionsonthehiringandfiringofpersonnelhavedirectsecurityimplicationsfortheorganization.Asaresult,proceduresshouldbeinplacethatspecifywhichactionsmustbetakenwhenanemployeeishired,isterminated,orretires.

CodeofEthicsNumerousprofessionalorganizationshaveestablishedcodesofethicsfortheirmembers.Eachofthesedescribestheexpectedbehavioroftheirmembersfromahigh-levelstandpoint.Organizationscanadoptthisideaaswell.Fororganizations,acodeofethicscansetthetoneforhowemployeeswillbeexpectedtoactandtoconductbusiness.Thecodeshoulddemandhonestyfromemployeesandrequirethattheyperformallactivitiesinaprofessionalmanner.Thecodecouldalsoaddressprinciplesofprivacyandconfidentialityandstatehowemployeesshouldtreatclientandorganizationaldata.Conflictsofinterestcanoftencauseproblems,sothiscouldalsobecoveredinthecodeofethics.Byoutliningacodeofethics,theorganizationcanencouragean

environmentthatisconducivetointegrityandhighethicalstandards.Foradditionalideasonpossiblecodesofethics,checkprofessionalorganizationssuchastheInstituteforElectricalandElectronicsEngineers(IEEE),theAssociationforComputingMachinery(ACM),ortheInformationSystemsSecurityAssociation(ISSA).

TechTip

HiringHackersHiringaskilledhackermaymakesensefromatechnicalskillspointofview,butanorganizationalsohastoconsiderthebroaderethicalandbusinessconsequencesandassociatedrisks.Isthehackercompletelyreformedornot?Howmuchtimeisneededtodeterminethis?Therealquestionisnot“Wouldyouhireahacker?”butrather“Canyoufireahackeroncehehashadaccesstoyoursystems?”Trustisanimportantissuewithemployeeswhohavesystemadministratoraccess,andthelong-termramificationsneedtobeconsidered.

JobRotationAninterestingapproachtoenhancesecuritythatisgainingincreasingattentionisjobrotation.Organizationsoftendiscussthebenefitsofrotatingindividualsthroughvariousjobsinanorganization’sITdepartment.Byrotatingthroughjobs,individualsgainabetterperspectiveonhowthevariouspartsofITcanenhance(orhinder)thebusiness.SincesecurityisoftenamisunderstoodaspectofIT,rotatingindividualsthroughsecuritypositionscanresultinamuchwiderunderstandingthroughouttheorganizationaboutpotentialsecurityproblems.Italsocanhavethesidebenefitofacompanynothavingtorelyonanyoneindividualtooheavilyforsecurityexpertise.Ifallsecuritytasksarethedomainofoneemployee,andthatindividualleavessuddenly,securityattheorganizationcouldsuffer.Ontheotherhand,ifsecuritytasksareunderstoodbymanydifferentindividuals,thelossofanyoneindividualhaslessofanimpactontheorganization.

EmployeeHiringandPromotionsItisbecomingcommonfororganizationstorunbackgroundchecksonprospectiveemployeesandtocheckthereferencesprospectiveemployeessupply.Frequently,organizationsrequiredrugtesting,checkforanypastcriminalactivity,verifyclaimededucationalcredentials,andconfirmreportedworkhistory.Forhighlysensitiveenvironments,specialsecuritybackgroundinvestigationscanalsoberequired.Makesurethatyourorganizationhiresthemostcapableandtrustworthyemployees,andthatyourpoliciesaredesignedtoensurethis.

Afteranindividualhasbeenhired,yourorganizationneedstominimizetheriskthattheemployeewillignorecompanyrulesandaffectsecurity.Periodicreviewsbysupervisorypersonnel,additionaldrugchecks,andmonitoringofactivityduringworkmayallbeconsideredbytheorganization.Iftheorganizationchoosestoimplementanyofthesereviews,thismustbespecifiedintheorganization’spolicies,andprospectiveemployeesshouldbemadeawareofthesepoliciesbeforebeinghired.Whatanorganizationcandointermsofmonitoringandrequiringdrugtests,forexample,canbeseverelyrestrictedifnotspelledoutinadvanceastermsofemployment.Newhiresshouldbemadeawareofallpertinentpolicies,especiallythoseapplyingtosecurity,andshouldbeaskedtosigndocumentsindicatingthattheyhavereadandunderstoodthem.

TechTip

AccountsofFormerEmployeesWhenconductingsecurityassessmentsoforganizations,securityprofessionalsfrequentlyfindactiveaccountsforindividualswhonolongerworkforthecompany.Thisisespeciallytrueforlargerorganizations,whichmaylackaclearprocessforthepersonnelofficetocommunicatewiththenetworkadministratorswhenanemployeeleavestheorganization.Theseoldaccounts,however,areaweakpointinthesecurityperimeterfortheorganizationandshouldbeeliminated.

Occasionallyanemployee’sstatuswillchangewithinthecompany.Ifthechangecanbeconstruedasanegativepersonnelaction(suchasademotion),supervisorsshouldbealertedtowatchforchangesinbehaviorthatmightindicatetheemployeeiscontemplatingorconductingunauthorizedactivity.Itislikelythattheemployeewillbeupset,andwhetherheactsonthistothedetrimentofthecompanyissomethingthatneedstobeguardedagainst.Inthecaseofademotion,theindividualmayalsolosecertainprivilegesoraccessrights,andthesechangesshouldbemadequicklysoastolessenthelikelihoodthattheemployeewilldestroy

previouslyaccessibledataifhebecomesdisgruntledanddecidestotakerevengeontheorganization.Ontheotherhand,iftheemployeeispromoted,privilegesmaystillchange,buttheneedtomakethechangetoaccessprivilegesmaynotbeasurgent,thoughitshouldstillbeaccomplishedasquicklyaspossible.Ifthemoveisalateralone,changesmayalsoneedtotakeplace,andagaintheyshouldbeaccomplishedasquicklyaspossible.

Retirement,Separation,orTerminationofanEmployeeAnemployeeleavinganorganizationcanbeeitherapositiveoranegativeaction.Employeeswhoareretiringbytheirownchoicemayannouncetheirplannedretirementweeksorevenmonthsinadvance.Limitingtheiraccesstosensitivedocumentsthemomenttheyannouncetheirintentionmaybethesafestthingtodo,butitmightnotbenecessary.Eachsituationshouldbeevaluatedindividually.Ifthesituationisaforcedretirement,theorganizationmustdeterminetherisktoitsdataiftheemployeebecomesdisgruntledasaresultoftheaction.Inthissituation,thewisestchoicemightbetocutofftheemployee’saccessquicklyandprovideherwithsomeadditionalvacationtime.Thismightseemlikeanexpensiveproposition,butthedangertothecompanyofhavingadisgruntledemployeemayjustifyit.Again,eachcaseshouldbeevaluatedindividually.

Itisbettertogiveapotentiallydisgruntledemployeeseveralweeksofpaidvacationthantohavehimtrashsensitivefilestowhichhehasaccess.Becauseemployeestypicallyknowthepatternofmanagementbehaviorwithrespecttotermination,doingtherightthingwillpaydividendsinthefutureforafirm.

Whenanemployeedecidestoleaveacompany,generallyasaresultofanewjoboffer,continuedaccesstosensitiveinformationshouldbecarefullyconsidered.Iftheemployeeisleavingasaresultofhardfeelingstowardthecompany,itmightbewisetoquicklyrevokeheraccess

privileges.Iftheemployeeisleavingtheorganizationbecauseheisbeing

terminated,youshouldassumethatheisorwillbecomedisgruntled.Whileitmaynotseemthefriendliestthingtodo,anemployeeinthissituationshouldimmediatelyhavehisaccessprivilegestosensitiveinformationandfacilitiesrevoked.Combinationsshouldalsobequicklychangedonceanemployeehas

beeninformedoftheirtermination.Accesscards,keys,andbadgesshouldbecollected;theemployeeshouldbeescortedtoherdeskandwatchedasshepackspersonalbelongings;andthensheshouldbeescortedfromthebuilding.

Organizationscommonlyneglecttohaveapolicythatmandatestheremovalofanindividual’scomputeraccessupontermination.Notonlyshouldsuchapolicyexist,butitshouldalsoincludetheprocedurestoreclaimand“clean”aterminatedemployee’scomputersystemandaccounts.

MandatoryVacationsOrganizationshaveprovidedvacationtimetotheiremployeesformanyyears.Few,however,forceemployeestotakethistimeiftheydon’twantto.Atsomecompanies,employeesaregiventhechoicetoeither“useorlose”theirvacationtime;iftheydonottakealloftheirvacationtime,theyloseatleastaportionofit.Fromasecuritystandpoint,anemployeewhonevertakestimeoffmightbeinvolvedinnefariousactivity,suchasfraudorembezzlement,andmightbeafraidthatifheleavesonvacation,theorganizationwilldiscoverhisillicitactivities.Asaresult,requiringemployeestousetheirvacationtimethroughapolicyofmandatoryvacationscanbeasecurityprotectionmechanism.Usingmandatoryvacationsasatooltodetectfraudwillrequirethatsomebodyelsealsobetrainedinthefunctionsoftheemployeewhoisonvacation.Havingasecondpersonfamiliarwithsecurityproceduresisalsoagoodpolicyin

casesomethinghappenstotheprimaryemployee.

On-boarding/Off-boardingBusinessPartnersJustasitisimportanttomanagetheon-andoff-boardingprocessesofcompanypersonnel,itisimportanttoconsiderthesametypesofelementswhenmakingarrangementswiththirdparties.Agreementswithbusinesspartnerstendtobefairlyspecificwithrespecttotermsassociatedwithmutualexpectationsassociatedwiththeprocessofthebusiness.Considerationsregardingtheon-boardingandoff-boardingprocessesareimportant,especiallytheoff-boarding.Whenacontractarrangementwithathirdpartycomestoanend,issuesastodataretentionanddestructionbythethirdpartyneedtobeaddressed.Theseconsiderationsneedtobemadepriortotheestablishmentoftherelationship,notaddedatthetimethatitiscomingtoanend.

On-boardingandoff-boardingbusinessproceduresshouldbewelldocumentedtoensurecompliancewithlegalrequirements.

SocialMediaNetworksTheriseofsocialmedianetworkshaschangedmanyaspectsofbusiness.Whetherusedformarketing,communications,customerrelations,orsomeotherpurpose,socialmedianetworkscanbeconsideredaformofthirdparty.Oneofthechallengesinworkingwithsocialmedianetworksand/orapplicationsistheirtermsofuse.Whilearelationshipwithatypicalthirdpartyinvolvesanegotiatedsetofagreementswithrespecttorequirements,thereisnonegotiationwithsocialmedianetworks.Theonlyoptionistoadopttheirtermsofservice,soitisimportanttounderstandtheimplicationsofthesetermswithrespecttothebusinessuseofthesocialnetwork.

AcceptableUsePolicyAnacceptableusepolicy(AUP)outlineswhattheorganizationconsiderstobetheappropriateuseofcompanyresources,suchascomputersystems,e-mail,Internetaccess,andnetworks.Organizationsshouldbeconcernedaboutpersonaluseoforganizationalassetsthatdoesnotbenefitthecompany.ThegoaloftheAUPistoensureemployeeproductivitywhilelimiting

organizationalliabilitythroughinappropriateuseoftheorganization’sassets.TheAUPshouldclearlydelineatewhatactivitiesarenotallowed.Itshouldaddressissuessuchastheuseofresourcestoconductpersonalbusiness,installationofhardwareorsoftware,remoteaccesstosystemsandnetworks,thecopyingofcompany-ownedsoftware,andtheresponsibilityofuserstoprotectcompanyassets,includingdata,software,andhardware.Statementsregardingpossiblepenaltiesforignoringanyofthepolicies(suchastermination)shouldalsobeincluded.Relatedtoappropriateuseoftheorganization’scomputersystemsand

networksbyemployeesistheappropriateusebytheorganization.Themostimportantofsuchissuesiswhethertheorganizationconsidersitappropriatetomonitortheemployees’useofthesystemsandnetwork.Ifmonitoringisconsideredappropriate,theorganizationshouldincludeastatementtothiseffectinthebannerthatappearsatlogin.Thisrepeatedlywarnsemployees,andpossibleintruders,thattheiractionsaresubjecttomonitoringandthatanymisuseofthesystemwillnotbetolerated.Shouldtheorganizationneedtouseinacivilorcriminalcaseanyinformationgatheredduringmonitoring,theissueofwhethertheemployeehadanexpectationofprivacy,orwhetheritwasevenlegalfortheorganizationtobemonitoring,issimplifiediftheorganizationcanpointtoastatementthatisalwaysdisplayedthatinstructsusersthatuseofthesystemconstitutesconsenttomonitoring.Beforeanymonitoringisconducted,ortheactualwordingonthewarningmessageiscreated,theorganization’slegalcounselshouldbeconsultedtodeterminetheappropriatewaytoaddressthisissueintheparticularjurisdiction.

Intoday’shighlyconnectedenvironment,everyorganizationshouldhaveanAUPthatspellsouttoallemployeeswhattheorganizationconsidersappropriateandinappropriateuseofitscomputingandnetworksresources.Havingthispolicymaybecriticalshouldtheorganizationneedtotakedisciplinaryactionsbasedonanabuseofitsresources.

InternetUsagePolicyIntoday’shighlyconnectedenvironment,employeeuseofaccesstotheInternetisofparticularconcern.ThegoaloftheInternetusagepolicyistoensuremaximumemployeeproductivityandtolimitpotentialliabilitytotheorganizationfrominappropriateuseoftheInternetinaworkplace.TheInternetprovidesatremendoustemptationforemployeestowastehoursastheysurftheWebforthescoresofgamesfromthepreviousnight,conductquickonlinestocktransactions,orreadthereviewofthelatestblockbustermovieeveryoneistalkingabout.Inaddition,allowingemployeestovisitsitesthatmaybeconsideredoffensivetoothers(suchaspornographicorhatesites)canopenthecompanytoaccusationsofcondoningahostileworkenvironmentandresultinlegalliability.TheInternetusagepolicyneedstoaddresswhatsitesemployeesare

allowedtovisitandwhatsitestheyarenotallowedtovisit.IfthecompanyallowsthemtosurftheWebduringnonworkhours,thepolicyneedstoclearlyspellouttheacceptableparameters,intermsofwhentheyareallowedtodothisandwhatsitestheyarestillprohibitedfromvisiting(suchaspotentiallyoffensivesites).Thepolicyshouldalsodescribeunderwhatcircumstancesanemployeewouldbeallowedtopostsomethingfromtheorganization’snetworkontheWeb(onablog,forexample).Anecessaryadditiontothispolicywouldbetheprocedureforanemployeetofollowtoobtainpermissiontoposttheobjectormessage.

E-MailUsagePolicyRelatedtotheInternetusagepolicyisthee-mailusagepolicy,whichdeals

withwhatthecompanywillallowemployeestosendin,orasattachmentsto,e-mailmessages.Thispolicyshouldspelloutwhethernonworke-mailtrafficisallowedatallorisatleastseverelyrestricted.Itneedstocoverthetypeofmessagethatwouldbeconsideredinappropriatetosendtootheremployees(forexample,nooffensivelanguage,nosex-relatedorethnicjokes,noharassment,andsoon).Thepolicyshouldalsospecifyanydisclaimersthatmustbeattachedtoanemployee’smessagesenttoanindividualoutsidethecompany.Thepolicyshouldremindemployeesoftherisksofclickingonlinksine-mails,oropeningattachments,asthesecanbesocialengineeringattacks.

CleanDeskPolicyPreventingaccesstoinformationisalsoimportantintheworkarea.Firmswithsensitiveinformationshouldhavea“cleandeskpolicy”specifyingthatsensitiveinformationmustnotbeleftunsecuredintheworkareawhentheworkerisnotpresenttoactascustodian.Evenleavingthedeskareaandgoingtothebathroomcanleaveinformationexposedandsubjecttocompromise.Thecleandeskpolicyshouldidentifyandprohibitthingsthatarenotobviousuponfirstglance,suchaspasswordsonstickynotesunderkeyboardsandmousepadsorinunsecureddeskdrawers.Alloftheseelementsthatdemonstratetheneedforacleandeskarelostifemployeesdonotmakethempersonal.Trainingforcleandeskactivitiesneedstomaketheissueapersonalone,whereconsequencesareunderstoodandtheworkplacereinforcesthepositiveactivity.

BringYourOwnDevice(BYOD)PolicyEveryoneseemstohaveasmartphone,atablet,orotherpersonalInternetdevicethattheyuseintheirpersonallives.Bringingthesetoworkisanaturalextensionofone’snormalactivities,butthisraisesthequestionofwhatpoliciesareappropriatebeforeafirmallowsthesedevicestoconnecttothecorporatenetworkandaccesscompanydata.Likeallotherpolicies,planningisneededtodefinetheappropriatepathwaytothecompanyobjectives.Personaldevicesoffercostsavingsandpositiveuser

acceptance,andinmanycasesthesefactorsmakeallowingBYODasensibledecision.TheprimarypurposeofaBYODpolicyistolowertheriskassociated

withconnectingawidearrayofpersonaldevicestoacompany’snetworkandaccessingsensitivedataonthem.Thisplacessecurity,intheformofriskmanagement,asacenterelementofaBYODpolicy.Devicesneedtobemaintainedinacurrent,up-to-datesoftwareposture,andwithcertainsecurityfeatures,suchasscreenlocksandpasswordsenabled.Remotewipeandotherfeaturesshouldbeenabled,andhighlysensitivedata,especiallyinaggregate,shouldnotbeallowedonthedevices.Usersshouldhavespecifictrainingastowhatisallowedandwhatisn’tandshouldbemadeawareoftheincreasedresponsibilityassociatedwithamobilemeansofaccessingcorporateresources.Insomecasesitmaybenecessarytodefineapolicyassociatedwith

personallyowneddevices.Thispolicywilldescribetherulesandregulationsassociatedwithuseofpersonallyowneddeviceswithrespecttocorporatedata,networkconnectivity,andsecurityrisks.

PrivacyPolicyCustomersplaceanenormousamountoftrustinorganizationstowhichtheyprovidepersonalinformation.Thesecustomersexpecttheirinformationtobekeptsecuresothatunauthorizedindividualswillnotgainaccesstoitandsothatauthorizeduserswillnotusetheinformationinunintendedways.Organizationsshouldhaveaprivacypolicythatexplainswhattheirguidingprincipleswillbeinguardingpersonaldatatowhichtheyaregivenaccess.Aspecialcategoryofprivateinformationthatisbecomingincreasingly

importanttodayispersonallyidentifiableinformation(PII).Thiscategoryofinformationincludesanydatathatcanbeusedtouniquelyidentifyanindividual.Thiswouldincludeanindividual’sname,address,driver’slicensenumber,andotherdetails.AnorganizationthatcollectsPIIonitsemployeesandcustomersmustmakesurethatittakesallnecessarymeasurestoprotectthedatafromcompromise.

CrossCheckPrivacyPrivacyisanimportantconsiderationintoday’scomputingenvironment.Assuch,ithasbeengivenitsownchapter,Chapter25.Additionaldetailsonprivacyissuescanbefoundthere.

TechTip

PrudentPersonPrincipleTheconceptsofduecareandduediligenceareconnected.Duecareaddresseswhethertheorganizationhasaminimalsetofpoliciesthatprovidesreasonableassuranceofsuccessinmaintainingsecurity.Duediligencerequiresthatmanagementactuallydosomethingtoensuresecurity,suchasimplementproceduresfortestingandreviewofauditrecords,internalsecuritycontrols,andpersonnelbehavior.Thestandardappliedisoneofa“prudentperson”;wouldaprudentpersonfindtheactionsappropriateandsincere?Toapplythisstandard,allonehastodoisaskthefollowingquestionfortheissueunderconsideration:“Whatwouldaprudentpersondotoprotectandensurethatthesecurityfeaturesandproceduresareworkingoradequate?”Failureofasecurityfeatureorproceduredoesn’tnecessarilymeanthepersonactedimprudently.

DueCareandDueDiligenceDuecareandduediligencearetermsusedinthelegalandbusinesscommunitytodefinereasonablebehavior.Basically,thelawrecognizestheresponsibilityofanindividualororganizationtoactreasonablyrelativetoanotherparty.IfpartyAallegesthattheactionsofpartyBhavecauseditlossorinjury,partyAmustprovethatpartyBfailedtoexerciseduecareorduediligenceandthatthisfailureresultedinthelossorinjury.Thesetermsoftenareusedsynonymously,butduecaregenerallyreferstothestandardofcareareasonablepersonisexpectedtoexerciseinallsituations,whereasduediligencegenerallyreferstothestandardofcareabusinessisexpectedtoexerciseinpreparationforabusinesstransaction.Anorganizationmusttakereasonableprecautionsbeforeenteringa

businesstransactionoritmightbefoundtohaveactedirresponsibly.Intermsofsecurity,organizationsareexpectedtotakereasonableprecautionstoprotecttheinformationthattheymaintainonindividuals.Shouldapersonsufferalossasaresultofnegligenceonthepartofanorganizationintermsofitssecurity,thatpersontypicallycanbringalegalsuitagainsttheorganization.Thestandardapplied—reasonableness—isextremelysubjectiveand

oftenisdeterminedbyajury.Theorganizationwillneedtoshowthatithadtakenreasonableprecautionstoprotecttheinformation,andthat,despitetheseprecautions,anunforeseensecurityeventoccurredthatcausedtheinjurytotheotherparty.Sincethisissosubjective,itishardtodescribewhatwouldbeconsideredreasonable,butmanysectorshaveasetof“securitybestpractices”fortheirindustry,whichprovidesabasisfororganizationsinthatsectortostartfrom.Iftheorganizationdecidesnottofollowanyofthebestpracticesacceptedbytheindustry,itneedstobepreparedtojustifyitsreasonsincourtshouldanincidentoccur.Ifthesectortheorganizationisinhasregulatoryrequirements,justifyingwhythemandatedsecuritypracticeswerenotfollowedwillbemuchmoredifficult(ifnotimpossible).

Duediligenceistheapplicationofaspecificstandardofcare.Duecareisthedegreeofcarethatanordinarypersonwouldexercise.

DueProcessDueprocessisconcernedwithguaranteeingfundamentalfairness,justice,andlibertyinrelationtoanindividual’slegalrights.IntheUnitedStates,dueprocessisconcernedwiththeguaranteeofanindividual’srightsasoutlinedbytheConstitutionandBillofRights.Proceduraldueprocessisbasedontheconceptofwhatis“fair.”Alsoofinterestistherecognitionbycourtsofaseriesofrightsthatarenotexplicitlyspecifiedbythe

ConstitutionbutthatthecourtshavedecidedareimplicitintheconceptsembodiedbytheConstitution.Anexampleofthisisanindividual’srighttoprivacy.Fromanorganization’spointofview,dueprocessmaycomeintoplayduringanadministrativeactionthatadverselyaffectsanemployee.Beforeanemployeeisterminated,forexample,werealloftheemployee’srightsprotected?Anactualexamplepertainstotherightsofprivacyregardingemployees’e-mailmessages.Asthenumberofcasesinvolvingemployersexaminingemployeee-mailsgrows,caselawcontinuestobeestablishedandthecourtseventuallywillsettleonwhatrightsanemployeecanexpect.ThebestthinganemployercandoiffacedwiththissortofsituationistoworkcloselywithHRstafftoensurethatappropriatepoliciesarefollowedandthatthosepoliciesareinkeepingwithcurrentlawsandregulations.

IncidentResponsePoliciesandProceduresNomatterhowcarefulanorganizationis,eventuallyasecurityincidentofsomesortwilloccur.Whenithappens,howeffectivelytheorganizationrespondstoitwilldependgreatlyonhowprepareditistohandleincidents.Anincidentresponsepolicyandassociatedproceduresshouldbedevelopedtooutlinehowtheorganizationwillprepareforsecurityincidentsandrespondtothemwhentheyoccur.Waitinguntilanincidenthappensisnottherighttimetoestablishyourpolicies—theyneedtobedesignedinadvance.Theincidentresponsepolicyshouldcoverfivephases:preparation,detection,containmentanderadication,recovery,andfollow-upactions.

CrossCheckIncidentResponseIncidentresponseiscoveredindetailinChapter22.Thissectionservesonlyasanintroductiontopolicyelementsassociatedwiththetopic.Forcompletedetailsonincidentresponse,pleaseexamineChapter22.

SecurityAwarenessandTrainingSecurityawarenessandtrainingprogramscanenhanceanorganization’ssecuritypostureintwodirectways.First,theyteachpersonnelhowtofollowthecorrectsetofactionstoperformtheirdutiesinasecuremanner.Second,theymakepersonnelawareoftheindicatorsandeffectsofsocialengineeringattacks.Therearemanytasksthatemployeesperformthatcanhaveinformation

securityramifications.Properlytrainedemployeesareabletoperformtheirdutiesinamoreeffectivemanner,includingtheirdutiesassociatedwithinformationsecurity.Theextentofinformationsecuritytrainingwillvarydependingontheorganization’senvironmentandthelevelofthreat,butinitialemployeesecuritytrainingatthetimeofbeinghiredisimportant,asisperiodicrefreshertraining.Astrongsecurityeducationandawarenesstrainingprogramcangoalongwaytowardreducingthechancethatasocialengineeringattackwillbesuccessful.Securityawarenessprogramsandcampaigns,whichmightincludeseminars,videos,posters,newsletters,andsimilarmaterials,arealsofairlyeasytoimplementandarenotverycostly.

SecurityPolicyTrainingandProceduresPersonnelcannotbeexpectedtoperformcomplextaskswithouttrainingwithrespecttothetasksandexpectations.Thisappliesbothtothesecuritypolicyandtooperationalsecuritydetails.Ifemployeesaregoingtobeexpectedtocomplywiththeorganization’ssecuritypolicy,theymustbeproperlytrainedinitspurpose,meaning,andobjectives.Trainingwithrespecttotheinformationsecuritypolicy,individualresponsibilities,andexpectationsissomethingthatrequiresperiodicreinforcementthroughrefreshertraining.Becausethesecuritypolicyisahigh-leveldirectivethatsetstheoverall

supportandexecutivedirectionwithrespecttosecurity,itisimportantthatthemeaningofthismessagebetranslatedandsupported.Second-level

policiessuchaspassword,access,informationhandling,andacceptableusepoliciesalsoneedtobecovered.Thecollectionofpoliciesshouldpaintapicturedescribingthedesiredsecuritycultureoftheorganization.Thetrainingshouldbedesignedtoensurethatpeopleseeandunderstandthewholepicture,notjusttheelements.

Role-basedTrainingFortrainingtobeeffective,itneedstobetargetedtotheuserwithregardtotheirroleinthesubjectofthetraining.Whileallemployeesmayneedgeneralsecurityawarenesstraining,theyalsoneedspecifictraininginareaswheretheyhaveindividualresponsibilities.Role-basedtrainingwithregardtoinformationsecurityresponsibilitiesisanimportantpartofinformationsecuritytraining.Ifapersonhasjobresponsibilitiesthatmayimpactinformationsecurity,

thenrole-specifictrainingisneededtoensurethattheindividualunderstandstheresponsibilitiesastheyrelatetoinformationsecurity.Someroles,suchassystemadministratorordeveloper,haveclearlydefinedinformationsecurityresponsibilities.Therolesofothers,suchasprojectmanagerorpurchasingmanager,haveinformationsecurityimpactsthatarelessobvious,buttheserolesrequiretrainingaswell.Infact,theless-obviousbutwider-impactrolesofmiddlemanagementcanhavealargeeffectontheinformationsecurityculture,andthusifaspecificoutcomeisdesired,itrequirestraining.Asinallpersonnel-relatedtraining,twoelementsneedattention.First,

retrainingovertimeisnecessarytoensurethatpersonnelkeepproperlevelsofknowledge.Second,aspeoplechangejobs,areassessmentoftherequiredtrainingbasisisneeded,andadditionaltrainingmayberequired.Maintainingaccuratetrainingrecordsofpersonnelistheonlywaythiscanbemanagedinanysignificantenterprise.

CompliancewithLaws,BestPractices,and

StandardsThereisawidearrayoflaws,regulations,contractualrequirements,standards,andbestpracticesassociatedwithinformationsecurity.Eachplacesitsownsetofrequirementsuponanorganizationanditspersonnel.Theonlyeffectivewayforanorganizationtoaddresstheserequirementsistobuildthemintotheirownpoliciesandprocedures.Trainingtoone’sownpoliciesandprocedureswouldthentranslateintocoverageoftheseexternalrequirements.Itisimportanttonotethatmanyoftheseexternalrequirementsimparta

specifictrainingandawarenesscomponentupontheorganization.OrganizationssubjecttotherequirementsofthePaymentCardIndustryDataSecurityStandard(PCIDSS),GrammLeachBlileyAct(GLBA),orHealthInsurancePortabilityAccountabilityAct(HIPAA)areamongthemanythatmustmaintainaspecificinformationsecuritytrainingprogram.Otherorganizationsshoulddosoasamatterofbestpractice.

UserHabitsIndividualuserresponsibilitiesvarybetweenorganizationsandthetypeofbusinesseachorganizationisinvolvedin,buttherearecertainverybasicresponsibilitiesthatallusersshouldbeinstructedtoadopt:

Lockthedoortoyourofficeorworkspace,includingdrawersandcabinets.

Donotleavesensitiveinformationinsideyourcarunprotected.

Securestoragemediacontainingsensitiveinformationinasecurestoragedevice.

Shredpapercontainingorganizationalinformationbeforediscardingit.

Donotdivulgesensitiveinformationtoindividuals(includingotheremployees)whodonothaveanauthorizedneedtoknowit.

Donotdiscusssensitiveinformationwithfamilymembers.(ThemostcommonviolationofthisruleoccursinregardtoHRinformation,asemployees,especiallysupervisors,maycomplaintotheirspouseorfriendsaboutotheremployeesoraboutproblemsthatareoccurringatwork.)

Protectlaptopsandothermobiledevicesthatcontainsensitiveorimportantorganizationinformationwhereverthedevicemaybestoredorleft.(It’sagoodideatoensurethatsensitiveinformationisencryptedonthelaptopormobiledevicesothat,shouldtheequipmentbelostorstolen,theinformationremainssafe.)

Beawareofwhoisaroundyouwhendiscussingsensitivecorporateinformation.Doeseverybodywithinearshothavetheneedtohearthisinformation?

Enforcecorporateaccesscontrolprocedures.Bealertto,anddonotallow,piggybacking,shouldersurfing,oraccesswithoutthepropercredentials.

Beawareofthecorrectprocedurestoreportsuspectedoractualviolationsofsecuritypolicies.

Followproceduresestablishedtoenforcegoodpasswordsecuritypractices.Passwordsaresuchacriticalelementthattheyarefrequentlytheultimatetargetofasocialengineeringattack.Thoughsuchpasswordproceduresmayseemtoooppressiveorstrict,theyareoftenthebestlineofdefense.

Userhabitsareafront-linesecuritytoolinengagingtheworkforcetoimprovetheoverallsecuritypostureofanorganization.

UserresponsibilitiesareeasytrainingtopicsaboutwhichtoaskquestionsontheCompTIASecurity+exam,socommittomemoryyourknowledgeofthepointslistedhere.

NewThreatsandSecurityTrends/AlertsAttheendoftheday,informationsecuritypracticesareaboutmanagingrisk,anditiswellknownthattheriskenvironmentisonemarkedbyconstantchange.Theever-evolvingthreatenvironmentfrequentlyencountersnewthreats,newsecurityissues,andnewformsofdefense.Trainingpeopletorecognizethenewthreatsnecessitatescontinualawarenessandtrainingrefresherevents.

NewVirusesNewformsofviruses,ormalware,arebeingcreatedeveryday.Someofthesenewformscanbehighlydestructiveandcostly,anditisincumbentuponalluserstobeonthelookoutforandtakeactionstoavoidexposure.Pooruserpracticesarecountedonbymalwareauthorstoassistinthespreadoftheirattacks.Onewayofexplainingproperactionstousersistouseananalogytocleanliness.Traininguserstopracticegoodhygieneintheiractionscangoalongwaytowardassistingtheenterpriseindefendingagainsttheseattackvectors.

PhishingAttacksThebestdefenseagainstphishingandothersocialengineeringattacksisaneducatedandawarebodyofemployees.Continualrefreshertrainingaboutthetopicofsocialengineeringandspecificsaboutcurrentattacktrendsareneededtokeepemployeesawareofandpreparedfornewtrendsinsocialengineeringattacks.Attackersrelyuponanuneducated,complacent,ordistractedworkforcetoenabletheirattackvector.Socialengineeringhasbecomethegatewayformanyofthemostdamagingattacksinplaytoday.SocialengineeringiscoveredextensivelyinChapter4.

SocialNetworkingandP2PWiththeriseinpopularityofpeer-to-peer(P2P)communicationsand

socialnetworkingsites—notablyFacebook,Twitter,andLinkedIn—manypeoplehavegottenintoahabitofsharingtoomuchinformation.Usingastatusof“ReturningfromsalescalltoXYZcompany”revealsinformationtopeoplewhohavenoneedtoknowthisinformation.Confusingsharingwithfriendsandsharingbusinessinformationwiththosewhodon’tneedtoknowisalinepeoplearecrossingonaregularbasis.Don’tbetheemployeewhomixesbusinessandpersonalinformationandreleasesinformationtopartieswhoshouldnothaveit,regardlessofhowinnocuousitmayseem.Usersneedtounderstandtheimportanceofnotusingcommonprograms

suchastorrentsandotherfilesharingintheworkplace,astheseprogramscanresultininfectionmechanismsanddata-losschannels.Theinformationsecuritytrainingandawarenessprogramshouldcovertheseissues.Iftheissuesareproperlyexplainedtoemployees,theirmotivationtocomplywon’tsimplybetoavoidadversepersonnelactionforviolatingapolicy;theywillwanttoassistinthesecurityoftheorganizationanditsmission.

TrainingMetricsandComplianceTrainingandawarenessprogramscanyieldmuchinthewayofaneducatedandknowledgeableworkforce.Manylaws,regulations,andbestpracticeshaverequirementsformaintainingatrainedworkforce.Havingarecord-keepingsystemtomeasurecompliancewithattendanceandtomeasuretheeffectivenessofthetrainingisanormalrequirement.Simplyconductingtrainingisnotsufficient.Followingupandgatheringtrainingmetricstovalidatecomplianceandsecuritypostureisanimportantaspectofsecuritytrainingmanagement.Anumberoffactorsdeserveattentionwhenmanagingsecuritytraining.

Becauseofthediversenatureofrole-basedrequirements,maintaininganactive,up-to-datelistingofindividualtrainingandretrainingrequirementsisonechallenge.Monitoringtheeffectivenessofthetrainingisyetanotherchallenge.Creatinganeffectivetrainingandawarenessprogramwhen

measuredbyactualimpactonemployeebehaviorisachallengingendeavor.Trainingneedstobecurrent,relevant,andinterestingtoengageemployeeattention.Simplerepetitionofthesametrainingmaterialhasnotproventobeeffective,soregularlyupdatingtheprogramisarequirementifitistoremaineffectiveovertime.

TechTip

SecurityTrainingRecordsRequirementsforbothperiodictrainingandretrainingdrivetheneedforgoodtrainingrecords.Maintainingproperinformationsecuritytrainingrecordsisarequirementofseverallawsandregulationsandshouldbeconsideredabestpractice.

InteroperabilityAgreementsManybusinessoperationsinvolveactionsbetweenmanydifferentparties—somewithinanorganization,andsomeindifferentorganizations.Theseactionsrequirecommunicationbetweentheparties,definingtheresponsibilitiesandexpectationsoftheparties,thebusinessobjectives,andtheenvironmentwithinwhichtheobjectiveswillbepursued.Toensureanagreementisunderstoodbetweentheparties,writtenagreementsareused.Numerousformsoflegalagreementsandcontractsareusedinbusiness,butwithrespecttosecurity,someofthemostcommononesaretheservicelevelagreement,businesspartnershipagreement,memorandumofunderstanding,andinterconnectionsecurityagreement.

ServiceLevelAgreementsServicelevelagreements(SLAs)arecontractualagreementsbetweenentitiesthatdescribespecifiedlevelsofservicethattheservicingentityagreestoguaranteeforthecustomer.SLAsessentiallysettherequisite

levelofperformanceofagivencontractualservice.SLAsaretypicallyincludedaspartofaservicecontractandsettheleveloftechnicalexpectations.AnSLAcandefinespecificservices,theperformancelevelassociatedwithaservice,issuemanagementandresolution,andsoon.SLAsarenegotiatedbetweencustomerandsupplierandrepresenttheagreed-uponterms.Anorganizationcontractingwithaserviceprovidershouldremembertoincludeintheagreementasectiondescribingtheserviceprovider’sresponsibilityintermsofbusinesscontinuityanddisasterrecovery.Theprovider’sbackupplansandprocessesforrestoringlostdatashouldalsobeclearlydescribed.Typically,agoodSLAwillsatisfytwosimplerules.First,itwill

describetheentiresetofproductorservicefunctionsinsufficientdetailthattheirrequirementwillbeunambiguous.Second,theSLAwillprovideaclearmeansofdeterminingwhetheraspecifiedfunctionorservicehasbeenprovidedattheagreed-uponlevelofperformance.

BusinessPartnershipAgreementAbusinesspartnershipagreement(BPA)isalegalagreementbetweenpartnersestablishingtheterms,conditions,andexpectationsoftherelationshipbetweenthepartners.Thesedetailscancoverawiderangeofissues,includingtypicalitemssuchasthesharingofprofitsandlosses,theresponsibilitiesofeachpartner,theadditionorremovalofpartners,andanyotherissues.TheUniformPartnershipAct(UPA),establishedbystatelawandconvention,laysoutauniformsetofrulesassociatedwithpartnershipstoresolveanypartnershipterms.ThetermsinaUPAaredesignedas“onesizefitsall”andarenottypicallyinthebestinterestofanyspecificpartnership.ToavoidundesiredoutcomesthatmayresultfromUPAterms,itisbestforpartnershipstospelloutspecificsinaBPA.

MemorandumofUnderstandingAmemorandumofunderstanding(MOU)isalegaldocumentusedto

describeabilateralagreementbetweenparties.Itisawrittenagreementexpressingasetofintendedactionsbetweenthepartieswithrespecttosomecommonpursuitorgoal.Itismoreformalanddetailedthanasimplehandshake,butitgenerallylacksthebindingpowersofacontract.ItisalsocommontofindMOUsbetweendifferentunitswithinanorganizationtodetailexpectationsassociatedwiththecommonbusinessinterest.

InterconnectionSecurityAgreementAninterconnectionsecurityagreement(ISA)isaspecializedagreementbetweenorganizationsthathaveinterconnectedITsystems,thepurposeofwhichistodocumentthesecurityrequirementsassociatedwiththeinterconnection.AnISAcanbeapartofanMOUdetailingthespecifictechnicalsecurityaspectsofadatainterconnection.

BesureyouunderstandthedifferencesbetweentheinteroperabilityagreementsSLA,BPA,MOU,andISA.Thedifferenceshingeuponthepurposeforeachdocument.

TheSecurityPerimeterThediscussiontothispointhasnotincludedanymentionofthespecifictechnologyusedtoenforceoperationalandorganizationalsecurityoradescriptionofthevariouscomponentsthatconstitutetheorganization’ssecurityperimeter.Iftheaverageadministratorwereaskedtodrawadiagramdepictingthevariouscomponentsoftheirnetwork,thediagramwouldprobablylooksomethinglikeFigure3.1.

•Figure3.1Basicdiagramofanorganization’snetwork

Thesecurityperimeter,withitsseverallayersofsecurity,alongwithadditionalsecuritymechanismsthatmaybeimplementedoneachsystem(suchasuserIDs/passwords),createswhatissometimesknownasdefense-in-depth.Thisimpliesthatsecurityisenhancedwhentherearemultiplelayersofsecurity(thedepth)throughwhichanattackerwouldhavetopenetratetoreachthedesiredgoal.

Thisdiagramincludesthemajorcomponentstypicallyfoundinanetwork.TheconnectiontotheInternetgenerallyhassomesortofprotectionattachedtoitsuchasafirewall.Anintrusiondetectionsystem(IDS),alsooftenpartofthesecurityperimeterfortheorganization,maybeeitherontheinsideortheoutsideofthefirewall,oritmayinfactbeonbothsides.Thespecificlocationdependsonthecompanyandwhatitis

moreconcernedaboutpreventing(thatis,insiderthreatsorexternalthreats).Theroutercanalsobethoughtofasasecuritydevice,asitcanbeusedtoenhancesecuritysuchasinthecaseofwirelessroutersthatcanbeusedtoenforceencryptionsettings.Beyondthissecurityperimeteristhecorporatenetwork.Figure3.1isobviouslyaverysimpledepiction—anactualnetworkcanhavenumeroussubnetsandextranetsaswellaswirelessaccesspoints—butthebasiccomponentsarepresent.Unfortunately,ifthiswerethediagramprovidedbytheadministratortoshowtheorganization’sbasicnetworkstructure,theadministratorwouldhavemissedaveryimportantcomponent.AmoreastuteadministratorwouldprovideadiagrammorelikeFigure3.2.

•Figure3.2Amorecompletediagramofanorganization’snetwork

Thisdiagramincludesotherpossibleaccesspointsintothenetwork,includingthepublicswitchedtelephonenetwork(PSTN)andwirelessaccesspoints.Theorganizationmayormaynothaveanyauthorizedmodemsorwirelessnetworks,butthesavvyadministratorwouldrealizethatthepotentialexistsforunauthorizedversionsofboth.Whenconsideringthepolicies,procedures,andguidelinesneededtoimplement

securityfortheorganization,bothnetworksneedtobeconsidered.AnotherdevelopmentthathasbroughtthetelephoneandcomputernetworkstogetheristheimplementationofvoiceoverIP(VoIP),whicheliminatesthetraditionallandlinesinanorganizationandreplacesthemwithspecialtelephonesthatconnecttotheIPdatanetwork.WhileFigure3.2providesamorecomprehensiveviewofthevarious

componentsthatneedtobeprotected,itisstillincomplete.Mostexpertswillagreethatthebiggestdangertoanyorganizationdoesnotcomefromexternalattacksbutratherfromtheinsider—adisgruntledemployeeorsomebodyelsewhohasphysicalaccesstothefacility.Givenphysicalaccesstoanoffice,theknowledgeableattackerwillquicklyfindtheinformationneededtogainaccesstotheorganization’scomputersystemsandnetwork.Consequently,everyorganizationalsoneedssecuritypolicies,procedures,andguidelinesthatcoverphysicalsecurity,andeverysecurityadministratorshouldbeconcernedwiththeseaswell.Whilephysicalsecurity(whichcanincludesuchthingsaslocks,cameras,guardsandentrypoints,alarmsystems,andphysicalbarriers)willprobablynotfallunderthepurviewofthesecurityadministrator,theoperationalstateoftheorganization’sphysicalsecuritymeasuresisjustasimportantasmanyoftheothernetwork-centricmeasures.

AnincreasingnumberoforganizationsareimplementingVoIPsolutionstobringthetelephoneandcomputernetworkstogether.Whiletherearesometremendousadvantagestodoingthisintermsofbothincreasedcapabilitiesandpotentialmonetarysavings,bringingthetwonetworkstogethermayalsointroduceadditionalsecurityconcerns.Anothercommonmethodtoaccessorganizationalnetworkstodayisthroughwirelessaccesspoints.Thesemaybeprovidedbytheorganizationitselftoenhanceproductivity,ortheymaybeattachedtothenetworkbyuserswithoutorganizationalapproval.Theimpactofalloftheseadditionalmethodsthatcanbeusedtoaccessanetworkistoincreasethecomplexityofthesecurityproblem.

PhysicalSecurity

Physicalsecurityconsistsofallmechanismsusedtoensurethatphysicalaccesstothecomputersystemsandnetworksisrestrictedtoonlyauthorizedusers.Additionalphysicalsecuritymechanismsmaybeusedtoprovideincreasedsecurityforespeciallysensitivesystemssuchasserversanddevicessuchasrouters,firewalls,andintrusiondetectionsystems.Whenconsideringphysicalsecurity,accessfromallsixsidesshouldbeconsidered—notonlyshouldthesecurityofobviouspointsofentrybeexamined,suchasdoorsandwindows,butthewallsthemselvesaswellasthefloorandceilingshouldalsobeconsidered.Questionssuchasthefollowingshouldbeaddressed:

Isthereafalseceilingwithtilesthatcanbeeasilyremoved?

Dothewallsextendtotheactualceilingoronlytoafalseceiling?

Istherearaisedfloor?

Dothewallsextendtotheactualfloor,ordotheystopataraisedfloor?

Howareimportantsystemssituated?

Dothemonitorsfaceawayfromwindows,orcouldtheactivityofsomebodyatasystembemonitored?

Whohasaccesstothefacility?

Whattypeofaccesscontrolisthere,andarethereanyguards?

Whoisallowedunsupervisedaccesstothefacility?

Isthereanalarmsystemorsecuritycamerathatcoversthearea?

Whatproceduresgovernthemonitoringofthealarmsystemorsecuritycameraandtheresponseshouldunauthorizedactivitybedetected?

Thesearejustsomeofthenumerousquestionsthatneedtobeaskedwhenexaminingthephysicalsecuritysurroundingasystem.

TechTip

PhysicalSecurityIsAlsoImportanttoComputerSecurityComputersecurityprofessionalsrecognizethattheycannotrelyonlyoncomputersecuritymechanismstokeeptheirsystemssafe.Physicalsecuritymustbemaintainedaswell,becauseinmanycases,ifanattackergainsphysicalaccess,hecanstealdataanddestroythesystem.

PhysicalAccessControlsThepurposeofphysicalaccesscontrolsisthesameasthatofcomputerandnetworkaccesscontrols—youwanttorestrictaccesstoonlythosewhoareauthorizedtohaveit.Physicalaccessisrestrictedbyrequiringtheindividualtosomehowauthenticatethattheyhavetherightorauthoritytohavethedesiredaccess.Asincomputerauthentication,accessinthephysicalworldcanbebasedonsomethingtheindividualhas,somethingtheyknow,orsomethingtheyare.Frequently,whendealingwiththephysicalworld,theterms“authentication”and“accesscontrol”areusedinterchangeably.Themostcommonphysicalaccesscontroldevice,whichhasbeen

aroundinsomeformforcenturies,isalock.Combinationlocksrepresentanaccesscontroldevicethatdependsonsomethingtheindividualknows(thecombination).Lockswithkeysdependonsomethingtheindividualhas(thekey).Eachofthesehascertainadvantagesanddisadvantages.Combinationsdon’trequireanyextrahardware,buttheymustberemembered(whichmeansindividualsmaywritethemdown—asecurityvulnerabilityinitself)andarehardtocontrol.Anybodywhoknowsthecombinationmayprovideittosomebodyelse.Keylocksaresimpleandeasytouse,butthekeymaybelost,whichmeansanotherkeyhastobemadeorthelockhastoberekeyed.Keysmayalsobecopied,andtheirdisseminationcanbehardtocontrol.Newerlocksreplacethetraditionalkeywithacardthatmustbepassedthroughareaderorplacedagainstit.Theindividualmayalsohavetoprovideapersonalaccesscode,thus

makingthisformofaccessbothasomething-you-knowandsomething-you-havemethod.

TechTip

PhysicalandInformationSecurityConvergenceInhigh-securitysites,physicalaccesscontrolsandelectronicaccesscontrolstoinformationareinterlocked.Thismeansthatbeforedatacanbeaccessedfromaparticularmachine,thephysicalaccesscontrolsystemmustagreewiththefindingthattheauthorizedpartyispresent.

Inadditiontolocksondoors,othercommonphysicalsecuritydevicesincludevideosurveillanceandevensimpleaccesscontrollogs(sign-inlogs).Whilesign-inlogsdon’tprovideanactualbarrier,theydoprovidearecordofaccessand,whenusedinconjunctionwithaguardwhoverifiesanindividual’sidentity,candissuadepotentialadversariesfromattemptingtogainaccesstoafacility.Asmentioned,anothercommonaccesscontrolmechanismisahumansecurityguard.Manyorganizationsemployaguardtoprovideanextralevelofexaminationofindividualswhowanttogainaccesstoafacility.Otherdevicesarelimitedtotheirdesignedfunction.Ahumanguardcanapplycommonsensetosituationsthatmighthavebeenunexpected.Havingsecurityguardsalsoaddressesthecommonpracticeofpiggybacking(akatailgating),whereanindividualfollowsanotherpersoncloselytoavoidhavingtogothroughtheaccesscontrolprocedures.

BiometricsAccesscontrolsthatutilizesomethingyouknow(forexample,combinations)orsomethingyouhave(suchaskeys)arenottheonlymethodstolimitfacilityaccesstoauthorizedindividuals.Athirdapproachistoutilizesomethinguniqueabouttheindividual—theirfingerprints,forexample—toidentifythem.Unliketheothertwomethods,thesomething-you-aremethod,knownasbiometrics,doesnotrelyontheindividualto

eitherremembersomethingortohavesomethingintheirpossession.Biometricsisamoresophisticatedaccesscontrolapproachandcanbemoreexpensive.Biometricsalsosufferfromfalsepositivesandfalsenegatives,makingthemlessthan100percenteffective.Forthisreasontheyarefrequentlyusedinconjunctionwithanotherformofauthentication.Theadvantageistheuseralwayshasthem(cannotleaveathomeorshare)andtheytendtohavebetterentropythanpasswords.Othermethodstoaccomplishbiometricsincludehandwritinganalysis,retinalscans,irisscans,voiceprints,handgeometry,andfacialgeometry.

Therearemanysimilaritiesbetweenauthenticationandaccesscontrolsincomputersandinthephysicalworld.Rememberthethreecommontechniquesforverifyingaperson’sidentityandaccessprivileges:somethingyouknow,somethingyouhave,andsomethingaboutyou.

Bothaccesstocomputersystemsandnetworksandphysicalaccesstorestrictedareascanbecontrolledwithbiometrics.However,biometricmethodsforcontrollingphysicalaccessaregenerallynotthesameasthoseemployedforrestrictingaccesstocomputersystemsandnetworks.Handgeometry,forexample,requiresafairlylargedevice.Thiscaneasilybeplacedoutsideofadoortocontrolaccesstotheroombutwouldnotbeasconvenienttocontrolaccesstoacomputersystem,sinceareaderwouldneedtobeplacedwitheachcomputeroratleastwithgroupsofcomputers.Inamobileenvironmentwherelaptopsarebeingused,adevicesuchasahandgeometryreaderwouldbeunrealistic.

TechTip

BiometricDevicesOnceonlyseeninspyorsciencefictionmovies,biometricssuchashandandfingerprintreaders,eye-scanningtechnology,andvoiceprintdevicesarenowbecomingmorecommonintherealworld.Theaccuracyofthesedeviceshasimprovedandthecostshavedropped,

makingthemrealisticsolutionstomanyaccesscontrolsituations.

PhysicalBarriersAnevenmorecommonsecurityfeaturethanlocksisaphysicalbarrier.Physicalbarriershelpimplementthephysical-worldequivalentoflayeredsecurity.Theoutermostlayerofphysicalsecurityshouldcontainthemorepubliclyvisibleactivities.Aguardatagateinafence,forexample,wouldbevisiblebyallwhohappentopassby.Asyouprogressthroughthelayers,thebarriersandsecuritymechanismsshouldbecomelesspubliclyvisibletomakedeterminingwhatmechanismsareinplacemoredifficultforobservers.Signsarealsoanimportantelementinsecurity,astheyannouncetothepublicwhichareasarepublicandwhichareprivate.Amantrapcanalsobeusedinthislayeredapproach.Itgenerallyconsistsofasmallspacethatislargeenoughforonlyonepersonatatime,withtwolockingdoors.Anindividualhastoenterthefirstdoor,closethefirstdoor,thenattempttoopentheseconddoor.Ifunsuccessful,perhapsbecausetheydonothavetheproperaccesscode,thepersoncanbecaughtinsidethissmalllocationuntilsecuritypersonnelshowup.Inadditiontowallsandfences,openspacecanalsoserveasabarrier.

Whilethismayatfirstseemtobeanoddstatement,considertheuseoflargeareasofopenspacearoundafacility.Foranintrudertocrossthisopenspacetakestime—timeinwhichtheyarevulnerableandtheirpresencemaybediscovered.Intoday’senvironmentinwhichterroristattackshavebecomemorecommon,additionalprecautionsshouldbetakenforareasthatmaybeconsideredapossibletargetforterroristactivity.Inadditiontoopenspace,whichisnecessarytolessentheeffectofexplosions,concretebarriersthatstopvehiclesfromgettingtooclosetofacilitiesshouldalsobeused.Itisnotnecessaryforthesetobeunsightlyconcretewalls;manyfacilitieshaveplacedlarge,roundconcretecircles,filledthemwithdirt,andthenplantedflowersandotherplantstoconstructalarge,immovableplanter.

TechTip

SignsSignscanbeaneffectivecontrol,warningunauthorizedpersonnelnottoenter,locatingcriticalelementsforfirstresponders,andprovidingpathstoexitsinemergencies.Propersignageisanimportantaspectofphysicalsecuritycontrols.

EnvironmentalIssuesEnvironmentalissuesmaynotatfirstseemtoberelatedtosecurity,butwhenconsideringtheavailabilityofacomputersystemornetwork,theymustbetakenintoconsideration.Environmentalissuesincludeitemssuchasheating,ventilation,andairconditioning(HVAC)systems,electricalpower,andthe“environmentsofnature.”HVACsystemsareusedtomaintainthecomfortofanofficeenvironment.Afewyearsback,theywerealsocriticalforthesmoothoperationofcomputersystemsthathadlowtolerancesforhumidityandheat.Today’sdesktopsystemsaremuchmoretolerant,andthelimitingfactorisnowoftenthehumanuser.TheexceptiontothisHVAClimitationiswhenlargequantitiesofequipmentareco-located,inserverroomsandnetworkequipmentclosets.Intheseheat-denseareas,HVACisneededtokeepequipmenttemperatureswithinreasonableranges.OftencertainsecuritydevicessuchasfirewallsandintrusiondetectionsystemsarelocatedinthesesameequipmentclosetsandthelossofHVACsystemscancausethesecriticalsystemstofail.OneinterestingaspectofHVACsystemsisthattheythemselvesareoftencomputercontrolledandfrequentlyprovideremoteaccessviatelephoneornetworkconnections.Theseconnectionsshouldbeprotectedinasimilarmannertocomputermodems,orelseattackersmaylocatethemandchangetheHVACsettingsforanofficeorbuilding.

HVACsystemsforserverroomsandnetworkequipmentclosetsareimportantbecausethedenseequipmentenvironmentcangeneratesignificantamountsofheat.HVACoutagescanresultintemperaturesthatareoutsideequipmentoperatingranges,forcingshutdowns.

Electricalpowerisobviouslyanessentialrequirementforcomputersystemsandnetworks.Electricalpowerissubjecttomomentarysurgesanddisruption.Surgeprotectorsareneededtoprotectsensitiveelectronicequipmentfromfluctuationsinvoltage.Anuninterruptiblepowersupply(UPS)shouldbeconsideredforcriticalsystemssothatalossofpowerwillnothaltprocessing.ThesizeofthebatteriesassociatedwithaUPSwilldeterminetheamountoftimethatitcanoperatebeforeittoolosespower.Manysitesensuresufficientpowertoprovideadministratorstheopportunitytocleanlybringthesystemornetworkdown.Forinstallationsthatrequirecontinuousoperations,evenintheeventofapoweroutage,electricgeneratorsthatautomaticallystartwhenalossofpowerisdetectedcanbeinstalled.Thesesystemsmaytakeafewsecondstostartbeforetheyreachfulloperation,soaUPSshouldalsobeconsideredtosmooththetransitionbetweennormalandbackuppower.

FireSuppressionFiresareacommondisasterthatcanaffectorganizationsandtheircomputingequipment.Firedetectionandfiresuppressiondevicesaretwoapproachestoaddressingthisthreat.Detectorscanbeusefulbecausesomemaybeabletodetectafireinitsveryearlystagesbeforeafiresuppressionsystemisactivated,andtheycanpotentiallysoundawarning.Thiswarningcouldprovideemployeeswiththeopportunitytodealwiththefirebeforeitbecomesseriousenoughforthefiresuppressionequipmenttokickin.Suppressionsystemscomeinseveralvarieties,includingsprinkler-basedsystemsandgas-basedsystems.Standardsprinkler-basedsystemsarenotoptimalfordatacentersbecausewaterwill

ruinlargeelectricalinfrastructuresandmostintegratedcircuit–baseddevices—suchascomputers.Gas-basedsystemsareagoodalternative,thoughtheyalsocarryspecialconcerns.MoreextensivecoverageoffiredetectionandsuppressionisprovidedinChapter8.

WirelessWhensomeonetalksaboutwirelesscommunication,theygenerallyarereferringtocellulartelephones(“cellphones”).Thesedeviceshavebecomeubiquitousintoday’smodernofficeenvironment.Acellphonenetworkconsistsofthephonesthemselves,thecellswiththeiraccompanyingbasestationsthattheyareusedin,andthehardwareandsoftwarethatallowthemtocommunicate.Thebasestationsaremadeupofantennas,receivers,transmitters,andamplifiers.Thebasestationscommunicatewiththosecellphonesthatarecurrentlyinthegeographicalareathatisservicedbythatstation.Asapersontravelsacrosstown,theymayexitandentermultiplecells.Thestationsmustconductahandofftoensurecontinuousoperationforthecellphone.Astheindividualmovestowardtheedgeofacell,amobileswitchingcenternoticesthepowerofthesignalbeginningtodrop,checkswhetheranothercellhasastrongersignalforthephone(cellsfrequentlyoverlap),and,ifso,switchesoperationtothisnewcellandbasestation.Allofthisisdonewithouttheusereverknowingthattheyhavemovedfromonecelltoanother.Wirelesstechnologycanalsobeusedfornetworking.Therearetwo

mainstandardsforwirelessnetworktechnology.Bluetoothisdesignedasashort-range(approximatelytenmeters)personalareanetwork(PAN)cable-replacementtechnologythatcanbebuiltintoavarietyofdevices,suchasmobilephones,tablets,andlaptopcomputers.Theideaistocreatelow-costwirelesstechnologysothatmanydifferentdevicescancommunicatewitheachother.Bluetoothisalsointerestingbecause,unlikeotherwirelesstechnology,itisdesignedsothatdevicescantalkdirectlywitheachotherwithouthavingtogothroughacentraldevice(suchasthebasestationdescribedpreviously).Thisisknownaspeer-to-peer

communication.

TechTip

WirelessNetworkSecurityIssuesDuetoanumberofadvantages,suchastheabilitytotakeyourlaptopwithyouasyoumovearoundyourbuildingandstillstayconnected,wirelessnetworkshavegrowninpopularity.Theyalsoeliminatetheneedtostringnetworkcablesallovertheoffice.Atthesametime,however,theycanbeasecuritynightmareifnotadequatelyprotected.Thesignalforyournetworkdoesn’tstopatyourofficedoororwalljustbecauseitisthere.Itwillcontinuepropagatingtoareasthatmaybeopentoanybody.Thisprovidestheopportunityforotherstoaccessyournetwork.Toavoidthis,youmusttakestepssuchasencryptingtransmissionssothatyourwirelessnetworkdoesn’tbecometheweaklinkinyoursecuritychain.

TheothermajorwirelessstandardistheIEEE802.11setofstandards,whichiswellsuitedforthelocalareanetwork(LAN)environment.802.11networkscanoperateeitherinanadhocpeer-to-peerfashionorininfrastructuremode,whichismorecommon.Ininfrastructuremode,computerswith802.11networkcardscommunicatewithawirelessaccesspoint.Thisaccesspointconnectstothenetworksothatthecomputerscommunicatingwithitareessentiallyalsoconnectedtothenetwork.Whilewirelessnetworksareveryusefulintoday’smodernoffice(and

home),theyarenotwithouttheirsecurityproblems.Accesspointsaregenerallyplacedthroughoutabuildingsothatallemployeescanaccessthecorporatenetwork.Thetransmissionandreceptionareascoveredbyaccesspointsarenoteasilycontrolled.Consequently,manypubliclyaccessibleareasmightfallintotherangeofoneoftheorganization’saccesspoints,oritsBluetooth-enabledsystems,andthusthecorporatenetworkmaybecomevulnerabletoattack.Wirelessnetworksaredesignedtoincorporatesomesecuritymeasures,butalltoooftenthenetworksaresetupwithoutsecurityenabled,andserioussecurityflawsexistinthe802.11design.

CrossCheckWirelessNetworksWirelessnetworksecurityisdiscussedinthischapterinrelationshiptophysicalissuessuchastheplacementofwirelessaccesspoints.Thereare,however,numerousotherissueswithwirelesssecurity,whicharediscussedinChapter12.Makesuretounderstandhowthephysicallocationofwirelessaccesspointsaffectstheotherwirelesssecurityissues.

ElectromagneticEavesdroppingIn1985,apaperbyWimvanEckoftheNetherlandsdescribedwhatbecameknownasthevanEckphenomenon.InthepapervanEckdescribedhoweavesdroppingonwhatwasbeingdisplayedonmonitorscouldbeaccomplishedbypickingupandthendecodingtheelectromagneticinterferenceproducedbythemonitors.Withtheappropriateequipment,theexactimageofwhatisbeingdisplayedcanbere-createdsomedistanceaway.Whiletheoriginalpaperdiscussedemanationsastheyappliedtovideodisplayunits(monitors),thesamephenomenonappliestootherdevicessuchasprintersandcomputers.Thisphenomenonhadactuallybeenknownaboutforquitesometime

beforevanEckpublishedhispaper.TheU.S.DepartmentofDefenseusedthetermTEMPEST(referredtobysomeastheTransientElectroMagneticPulseEmanationSTandard)todescribebothaprograminthemilitarytocontroltheseelectronicemanationsfromelectricalequipmentandtheactualprocessforcontrollingtheemanations.Therearethreebasicwaystopreventtheseemanationsfrombeingpickedupbyanattacker:

Puttheequipmentbeyondthepointthattheemanationscanbepickedup.

Provideshieldingfortheequipmentitself.

Provideashieldedenclosure(suchasaroom)toputtheequipmentin.

Oneofthesimplestwaystoprotectagainstequipmentbeingmonitoredinthisfashionistoputenoughdistancebetweenthetargetandtheattacker.Theemanationscanbepickedupfromonlyalimiteddistance.Ifthephysicalsecurityforthefacilityissufficienttoputenoughspacebetweentheequipmentandpubliclyaccessibleareasthatthesignalscannotbepickedup,thentheorganizationdoesn’thavetotakeanyadditionalmeasurestoensuresecurity.Distanceisnottheonlywaytoprotectagainsteavesdroppingon

electronicemanations.Devicescanbeshieldedsotheiremanationsareblocked.Acquiringenoughpropertytoprovidethenecessarydistanceneededtoprotectagainstaneavesdroppermaybepossibleifthefacilityisinthecountrywithlotsofavailablelandsurroundingit.Indeed,forsmallerorganizationsthatoccupyonlyafewofficesorfloorsinalargeofficebuilding,itwouldbeimpossibletoacquireenoughspace.Inthiscase,theorganizationmayresorttopurchasingshieldedequipment.A“TEMPESTapproved”computerwillcostsignificantlymorethanwhatanormalcomputerwouldcost.Shieldingaroom(inwhatisknownasaFaradaycage)isalsoanextremelyexpensiveendeavor.

Oneofthechallengesinsecurityisdetermininghowmuchtospendonsecuritywithoutspendingtoomuch.Securityspendingshouldbebasedonlikelythreatstoyoursystemsandnetwork.Whileelectronicemanationscanbemonitored,thelikelihoodofthistakingplaceinmostsituationsisremote,whichmakesspendingonitemstoprotectagainstitatbestalowpriority.

Anaturalquestiontoaskis,howprevalentisthisformofattack?Theequipmentneededtoperformelectromagneticeavesdroppingisnotreadilyavailable,butitwouldnotcostaninordinateamountofmoneytoproduceit.Thecostcouldcertainlybeaffordedbyanylargecorporation,andindustrialespionageusingsuchadeviceisapossibility.Whiletherearenopublicrecordsofthissortofactivitybeingconducted,itisreasonabletoassumethatitdoestakeplaceinlargecorporationsandthegovernment,especiallyinforeigncountries.

ModernEavesdroppingNotjustelectromagneticinformationcanbeusedtocarryinformationoutofasystemtoanadversary.Recentadvanceshavedemonstratedthefeasibilityofusingthewebcamsandmicrophonesonsystemstospyonusers,recordingkeystrokesandotheractivities.Thereareevendevicesbuilttointerceptthewirelesssignalsbetweenwirelesskeyboardsandmiceandtransmitthemoveranotherchanneltoanadversary.USB-basedkeyloggerscanbeplacedinthebackofmachines,asinmanycasesthebackofamachineisunguardedorfacingthepublic(watchforthisthenexttimeyouseeareceptionist’smachine).

Chapter3Review

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingregardingoperationalandorganizationalsecurity.

Identifyvariousoperationalaspectstosecurityinyourorganization

Preventiontechnologiesaredesignedtokeepindividualsfrombeingabletogainaccesstosystemsordatatheyarenotauthorizedtouse.

Previouslyinoperationalenvironments,preventionwasextremelydifficultandrelyingonpreventiontechnologiesalonewasnotsufficient.Thisledtotheriseoftechnologiestodetectandrespondtoeventsthatoccurwhenpreventionfails.

Animportantpartofanyorganization’sapproachtoimplementingsecurityistoestablishpolicies,procedures,standards,andguidelinestodetailwhatusersandadministratorsshouldbedoingtomaintainthe

securityofthesystemsandnetwork.

Identifyvariouspoliciesandproceduresinyourorganization

Policies,procedures,standards,andguidelinesareimportantinestablishingasecurityprogramwithinanorganization.

Thesecuritypolicyandsupportingpoliciesplayanimportantroleinestablishingandmanagingsystemrisk.

PoliciesandproceduresassociatedwithHumanResourcesfunctionalityincludejobrotation,mandatoryvacations,andhiringandterminationpolicies.

Identifythesecurityawarenessandtrainingneedsofanorganization

Securitytrainingandawarenesseffortsarevitalinengagingtheworkforcetoactwithinthedesiredrangeofconductwithrespecttosecurity.

Securityawarenessandtrainingisimportantinachievingcomplianceobjectives.

Securityawarenessandtrainingshouldbemeasuredandmanagedaspartofacomprehensivesecurityprogram.

Understandthedifferenttypesofagreementsemployedinnegotiatingsecurityrequirements

Thedifferentinteroperabilityagreements,includingSLA,BPA,MOUandISA,areusedtoestablishsecurityexpectationsbetweenvariousparties.

Describethephysicalsecuritycomponentsthatcanprotectyourcomputersandnetwork

Physicalsecurityconsistsofallmechanismsusedtoensurethatphysicalaccesstothecomputersystemsandnetworksisrestrictedto

onlyauthorizedusers.

Thepurposeofphysicalaccesscontrolsisthesameasthatofcomputerandnetworkaccesscontrols—torestrictaccesstoonlythosewhoareauthorizedtohaveit.

Thecarefulplacementofequipmentcanprovidesecurityforknownsecurityproblemsexhibitedbywirelessdevicesandthatariseduetoelectronicemanations.

Identifyenvironmentalfactorsthatcanaffectsecurity

Environmentalissuesareimportanttosecuritybecausetheycanaffecttheavailabilityofacomputersystemornetwork.

LossofHVACsystemscanleadtooverheatingproblemsthatcanaffectelectronicequipment,includingsecurity-relateddevices.

Thefrequencyofnaturaldisastersisacontributingfactorthatmustbeconsideredwhenmakingcontingencyprocessingplansforaninstallation.

Firesareacommonproblemfororganizations.Twogeneralapproachestoaddressingthisproblemarefiredetectionandfiresuppression.

Identifyfactorsthataffectthesecurityofthegrowingnumberofwirelesstechnologiesusedfordatatransmission

Wirelessnetworkshavemanysecurityissues,includingthetransmissionandreceptionareascoveredbyaccesspoints,whicharenoteasilycontrolledandcanthusprovideeasynetworkaccessforintruders.

Preventdisclosurethroughelectronicemanations

Withtheappropriateequipment,theexactimageofwhatisbeingdisplayedonacomputermonitorcanbere-createdsomedistance

away,allowingeavesdropperstoviewwhatyouaredoing.

Providingalotofdistancebetweenthesystemyouwishtoprotectandtheclosestplaceaneavesdroppercouldbeisonewaytoprotectagainsteavesdroppingonelectronicemanations.Devicescanalsobeshieldedsothattheiremanationsareblocked.

KeyTermsacceptableusepolicy(AUP)(50)biometrics(62)Bluetooth(65)businesspartnershipagreement(BPA)(59)duecare(53)duediligence(53)guidelines(43)heating,ventilation,andairconditioning(HVAC)(63)IEEE802.11(65)incidentresponsepolicy(54)interconnectionsecurityagreement(ISA)(59)memorandumofunderstanding(MOU)(59)physicalsecurity(61)policies(43)procedures(43)securitypolicy(44)servicelevelagreement(SLA)(59)standards(43)TEMPEST(66)uninterruptiblepowersupply(UPS)(64)userhabits(57)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1._______________arehigh-levelstatementsmadebymanagementthatlayouttheorganization’spositiononsomeissue.

2.Thecollectivetermusedtorefertothesystemsthatareusedtomaintainthecomfortofanofficeenvironmentandthatareoftencontrolledbycomputersystemsis_______________.

3.A(n)_______________isadevicedesignedtoprovidepowertoessentialequipmentforaperiodoftimewhennormalpowerislost.

4._______________areafoundationalsecuritytoolinengagingtheworkforcetoimprovetheoverallsecuritypostureofanorganization.

5._______________areacceptedspecificationsprovidingspecificdetailsonhowapolicyistobeenforced.

6._______________isawirelesstechnologydesignedasashort-range(approximatelytenmeters)personalareanetwork(PAN)cable-replacementtechnologythatmaybebuiltintoavarietyofdevicessuchasmobilephones,tablets,andlaptopcomputers.

7.A(n)_______________isalegaldocumentusedtodescribeabilateralagreementbetweenparties.

8._______________arestep-by-stepinstructionsthatdescribeexactlyhowemployeesareexpectedtoactinagivensituationortoaccomplishaspecifictask.

9.ThesetofstandardsforwirelessnetworksthatiswellsuitedfortheLANenvironmentandwhosenormalmodeistohavecomputerswithnetworkcardscommunicatingwithawirelessaccesspointis_______________.

10.A(n)_______________isalegalagreementbetweenorganizationsestablishingtheterms,conditions,andexpectationsoftherelationshipbetweenthem.

Multiple-ChoiceQuiz1.Whichofthefollowingisaphysicalsecuritythreat?

A.Cleaningcrewsareallowedunsupervisedaccessbecausetheyhaveacontract.

B.Employeesundergobackgroundcriminalchecksbeforebeinghired.

C.Alldataisencryptedbeforebeingbackedup.

D.Alltheabove.

2.Thebenefitoffiredetectionequipmentoverfiresuppressiondevicesis:

A.Firedetectionequipmentisregulated,whereasfiresuppressionequipmentisnot.

B.Firedetectionequipmentwilloftencatchfiresatamuchearlierstage,meaningthatthefirecanbeaddressedbeforesignificantdamagecanoccur.

C.Firedetectionequipmentismuchmorereliablethanfiresuppressionequipment.

D.Thereisnoadvantageoffiredetectionoverfiresuppressionotherthanthecostoffiredetectionequipmentismuchlessthanthecostoffiresuppressionequipment.

3.Whichofthefollowingisacontractualagreementbetweenentitiesthatdescribesspecifiedlevelsofservicethattheservicingentityagreestoguaranteeforthecustomer?

A.Servicelevelagreement

B.Supportlevelagreement

C.Memorandumofunderstanding

D.Businessserviceagreement

4.Duringwhichstepofthepolicylifecycledoestrainingofuserstakeplace?

A.Planforsecurity.

B.Implementtheplans.

C.Monitortheimplementation.

D.Evaluateforeffectiveness.

5.Biometricaccesscontrolsaretypicallyusedinconjunctionwithanotherformofaccesscontrolbecause:

A.Biometricsarestillexpensive.

B.Biometricscannotbecopied.

C.Biometricsarenotalwaysconvenienttouse.

D.Biometricsarenot100percentaccurate,havingsomelevelofmisidentifications.

6.Procedurescanbedescribedas:A.High-level,broadstatementsofwhattheorganizationwantsto

accomplish

B.Step-by-stepinstructionsonhowtoimplementthepolicies

C.Mandatoryelementsregardingtheimplementationofapolicy

D.Recommendationsrelatingtoapolicy

7.Whattechniquecanbeusedtoprotectagainstelectromagnetic

eavesdropping(knownasthevanEckphenomenon)?

A.Providesufficientdistancebetweenthepotentialtargetandthenearestlocationanattackercouldbe.

B.Puttheequipmentthatyouaretryingtoprotectinsideashieldedroom.

C.Purchase“TEMPESTapproved”equipment.

D.Alloftheabove.

8.Keyuserhabitsthatcanimprovesecurityeffortsinclude:A.Donotdiscussbusinessissuesoutsideoftheoffice.

B.Neverleavelaptopsortabletsinsideyourcarunattended.

C.Bealertofpeopleviolatingphysicalaccessrules(piggybackingthroughdoors).

D.ItemsBandC.

9.Whenshouldahumansecurityguardbeusedforphysicalaccesscontrol?

A.Whenotherelectronicaccesscontrolmechanismswillnotbeacceptedbyemployees

B.Whennecessarytoavoidissuessuchaspiggybacking,whichcanoccurwithelectronicaccesscontrols

C.Whenotheraccesscontrolsaretooexpensivetoimplement

D.Whentheorganizationwantstoenhanceitsimage

10.Whatdeviceshouldbeusedbyorganizationstoprotectsensitiveequipmentfromfluctuationsinvoltage?

A.Asurgeprotector

B.Anuninterruptiblepowersupply

C.Abackuppowergenerator

D.Aredundantarrayofinlinebatteries(RAIB)

EssayQuiz1.Describethedifferencebetweenfiresuppressionandfiredetection

systems.

2.Discusswhyphysicalsecurityisalsoimportanttocomputersecurityprofessionals.

3.WhyshouldwebeconcernedaboutHVACsystemswhendiscussingsecurity?

4.Outlinethevariouscomponentsthatmakeup(orshouldmakeup)anorganization’ssecurityperimeter.Whichofthesecanbefoundinyourorganization(orschool)?

LabProjects

•LabProject3.1Takeatourofyourbuildingoncampusoratwork.Whatissecuredatnightwhenworkersareabsent?Recordthelocationandtypeofphysicalaccesscontroldevices.Howdotheseaccesscontrolschangeatnightwhenworkersareabsent?Howwelltraineddoguardsandotheremployeesappeartobe?Dotheyallow“piggybacking”(somebodyslippingintoafacilitybehindanauthorizedindividualwithoutbeingchallenged)?Whatarethepoliciesforvisitorsandcontractors?Howdoesthisallimpactphysicalsecurity?

•LabProject3.2Describethefourstepsofthepolicylifecycle.Obtainapolicyfromyourorganization(suchasanacceptableusepolicyorInternetusagepolicy).Howareusersinformedofthispolicy?Howoftenisitreviewed?Howwouldchangestoitbesuggestedandwhowouldmakedecisionsonwhetherthechangeswereaccepted?

chapter4 TheRoleofPeopleinSecurity

Youarethewayyouarebecausethat’sthewayyouwanttobe.Ifyoureallywantedtobeanydifferent,youwouldbeintheprocessofchangingrightnow.

T

—FREDSMITH

Inthischapter,youwilllearnhowto

Definebasicterminologyassociatedwithsocialengineering

Describestepsorganizationscantaketoimprovetheirsecurity

Describecommonuseractionsthatmayputanorganization’sinformationatrisk

Recognizemethodsattackersmayusetogaininformationaboutanorganization

Determinewaysinwhichuserscanaidinsteadofdetractfromsecurity

Recognizetheroletrainingandawarenessplaysinassistingthepeoplesideofsecurity

heoperationalmodelofcomputersecuritydiscussedinthepreviouschapteracknowledgesthatabsoluteprotectionofcomputersystemsandnetworksisnotpossibleandthatweneedtobepreparedtodetect

andrespondtoattacksthatareabletocircumventoursecuritymechanisms.Anotherverybasicfactthatshouldberecognizedisthattechnologyalonewillnotsolvethesecurityproblem.Nomatterhowadvancedthetechnologyis,itwillultimatelybedeployedinanenvironmentwherehumansexist.Itisthehumanelementthatposesthebiggestsecuritychallenge.Itishardtocompensateforallofthepossiblewaysthathumanscandeliberatelyoraccidentallycausesecurityproblemsorcircumventoursecuritymechanisms.Despiteallofthetechnology,despiteallofthesecurityprocedureswehaveinplace,anddespiteallofthesecuritytrainingwemayprovide,somebodywillinvariablyfailtodowhattheyaresupposedtodo,ordosomethingtheyarenotsupposedtodo,andcreateavulnerabilityintheorganization’ssecurityposture.Thischapterdiscussesthehumanelementandtherolethatpeopleplayinsecurity—boththeuserpracticesthatcanaidinsecuringanorganizationandthevulnerabilitiesorholesinsecuritythatuserscanintroduce.

People—ASecurityProblem

Theoperationalmodelofcomputersecurityacknowledgesthatpreventiontechnologiesarenotsufficienttoprotectourcomputersystemsandnetworks.Thereareanumberofexplanationsforwhythisistrue,someofthemtechnical,butoneofthebiggestreasonsthatpreventiontechnologiesarenotsufficientisthateverynetworkandcomputersystemhasatleastonehumanuser,andhumansarepronetomakemistakesandareofteneasilymisledorfooled.

SocialEngineeringSocialengineering,ifyourecallfromChapter2,istheprocessofconvincinganauthorizedindividualtoprovideconfidentialinformationoraccesstoanunauthorizedindividual.Itisatechniqueinwhichtheattackerusesvariousdeceptivepracticestoconvincethetargetedpersontodivulgeinformationtheynormallywouldnotdivulgeortoconvincethetargetoftheattacktodosomethingtheynormallywouldn’tdo.Socialengineeringisverysuccessfulfortwogeneralreasons.Thefirstisthebasicdesireofmostpeopletobehelpful.Whensomebodyasksaquestionforwhichweknowtheanswer,ournormalresponseisnottobesuspiciousbutrathertoanswerthequestion.Theproblemwiththisisthatseeminglyinnocuousinformationcanbeusedeitherdirectlyinanattackorindirectlytobuildabiggerpicturethatanattackercanusetocreateanauraofauthenticityduringanattack—themoreinformationanindividualhasaboutanorganization,theeasieritwillbetoconvinceothersthatheispartoftheorganizationandhasarighttoevensensitiveinformation.Anattackerwhoisattemptingtoexploitthenaturaltendencyofpeopletobehelpfulmaytakeoneofseveralapproaches:

TechTip

SocialEngineeringWorks!Skilledsocialengineerssetupscenarioswherethevictimisboxedinbyvarioussocial/work

issuesandthenmakesanexceptionthatenablesthesocialengineertogainsomeformofaccess.Theattackercanpretendtobeanimportantpartyandintimidatealower-levelemployee,orcreateasenseofemergency,scarcity,orurgencythatmovesthevictimtoactinamannertoreducetheconflict.Theattackercanbecomea“victim,”creatingasenseoffellowshipwiththetarget,creatingafalsesenseoffamiliarity,andthenusingthattodriveanaction.SocialengineerscansellicetoEskimosandmakethemproudoftheirpurchase,sotheyaremastersatpsychologicalmanipulation.

Theattackermaysimplyaskaquestion,hopingtoimmediatelyobtainthedesiredinformation.Forbasicinformationthatisnotconsideredsensitive,thisapproachgenerallyworks.Asanexample,anattackermightcallandaskwhotheITmanageris.

Theattackermayfirstattempttoengagethetargetinconversationandtrytoevokesympathysothatthetargetfeelssorryfortheindividualandismorepronetoprovidetheinformation.Forinformationthatisevenslightlysensitiveinnature,therequestofwhichcouldpossiblyarousesuspicion,thistechniquemaybetried.Asanexample,anattackermightcallandclaimtobeundersomedeadlinefromasupervisorwhoisupsetforsomereason.Thetarget,feelingsorryforanallegedfellowworker,maygiveuptheinformation,thinkingtheyarehelpingthemavoidtroublewiththesupervisor.

Theattackermayappealtoanindividual’sego.Asanexample,anattackermightcalltheITdepartment,claimingtohavesomesortofproblem,andpraisingthemforworktheysupposedlydidtohelpanotherworker.Afterbeingtoldhowgreattheyareandhowmuchtheyhelpedsomebodyelse,theywilloftenbetemptedtodemonstratethattheycansupplythesamelevelofhelptoanotherindividual.Thistechniquemaybeusedtoobtainsensitiveinformation,suchashavingthetarget’spasswordreset.

Thesecondreasonthatsocialengineeringissuccessfulisthatindividualsnormallyseektoavoidconfrontationandtrouble.Iftheattackerattemptstointimidatethetarget,threateningtocallthetarget’s

supervisorbecauseofalackofhelp,thetargetmaygiveinandprovidetheinformationtoavoidconfrontation.Thisvariationontheattackisoftensuccessfulinorganizationsthathaveastricthierarchicalstructure.Inthemilitary,forexample,alower-rankingindividualmaybecoercedintoprovidinginformationtoanindividualclaimingtobeofhigherrankortobeworkingforanotherindividualhigherupinthechainofcommand.Socialengineeringmayalsobeaccomplishedusingothermeansbesides

directcontactbetweenthetargetandtheattacker.Forexample,anattackermightsendaforgede-mailwithalinktoaboguswebsitethathasbeensetuptoobtaininformationfromthetargetorconvincethetargettoperformsomeaction.Again,thegoalinsocialengineeringistoconvincethetargettoprovideinformationthattheynormallywouldn’tdivulgeortoperformsomeactthattheynormallywouldnotdo.Anexampleofaslightlydifferentattackthatisgenerallystillconsideredasocialengineeringattackisoneinwhichanattackerreplacestheblankdepositslipsinabank’slobbywithonescontaininghisorherownaccountnumberbutnoname.Whenanunsuspectingcustomerusesoneoftheslips,atellerwhoisnotobservantmayendupcreditingtheattacker’saccountwiththedeposit.

CrossCheckTypesofSocialEngineeringChapters1and2bothdiscussedsocialengineering.Electronicversionsofsocialengineeringhavebecomeverycommon.Whatarethedifferenttypesofsocialengineering(especiallyelectronicversions)thatwehavediscussed?

ObtainingInsiderInformationAnexcellentexampleofsocialengineeringoccurredin1978whenStanleyMarkRifkin,fromCarlsbad,California,stole$10.2millionfromtheSecurityPacificBankinLosAngeles.Detailsofthestoryvary,asRifkinhasneverpubliclydetailedhisactions,butanumberoffactsareknown.Atthetimeoftheattack,Rifkinwasworkingasacomputerconsultantfor

thebank.Whileworkingthere,helearneddetailsonhowmoneycouldeasilybetransferredtoaccountsanywhereintheUnitedStates.Theproblemwouldbetoactuallyobtainthemoneyinthefirstplace.Inordertodothis,heneededtohaveaccesstotheelectronicfundstransfer(EFT)codeusedbythebanktotransfermoneytootherbanks.Usingtheexcuseofcheckingonthecomputerequipmentinsideoftheroomfromwhichthebankmadeitstransfers,Rifkinwasabletoobservethecodeforthatday.Afterleavingtheroom,heusedthisinformationtoimpersonateabankofficerandorderedthetransferofthe$10.2million.Sincehehadknowledgeofthesupposedlysecretcode,thetransferwasmadewithlittlefanfare(thisamountwaswellbelowanylevelthatwouldtriggeranysuspicion).EarlierRifkinhadsetupabogusaccountinaNewYorkbank,usingafalsename,andhedepositedthemoneyintothataccount.HelatertransferredthemoneyagaintoanotheraccountinSwitzerlandunderadifferentname.Hethenusedthemoneytopurchasemillionsofdollarsindiamonds,whichhethensmuggledbackintotheUnitedStates.Thecrimemighthavegoneundetectedifhehadnotboastedofhisexploitstoanindividualwhowasmorethanhappytoturnhimin.In1979,Rifkinwassentencedtoeightyearsinprison.Athistrialheattemptedtoconvincethejudgethatheshouldbereleasedsohecouldteachothershowtoprotecttheirsystemsagainstthetypeofactivityheperpetrated.Thejudgedeniedthisrequest.Thediamondswereultimatelyturnedovertothebank,whichtriedtorecoveritslossbysellingthem.

Uptothispoint,socialengineeringhasbeendiscussedinthecontextofanoutsiderattemptingtogaininformationabouttheorganization.Thisdoesnothavetobethecase.Insidersmayalsoattempttogaininformationtheyarenotauthorizedtohave.Inmanycases,theinsidermaybemuchmoresuccessfulsincetheywillalreadyhaveacertainlevelofinformationregardingtheorganizationandcanthereforebetterspinastorythatmaybebelievabletootheremployees.

PhishingPhishing(pronounced“fishing”)isatypeofsocialengineeringinwhich

anattackerattemptstoobtainsensitiveinformationfromauserbymasqueradingasatrustedentityinane-mailorinstantmessagesenttoalargegroupofoftenrandomusers.Theattackerattemptstoobtaininformationsuchasusernames,passwords,creditcardnumbers,anddetailsabouttheuser’sbankaccounts.ThemessagesentoftenencouragestheusertogotoawebsitethatappearstobeforareputableentitysuchasPayPaloreBay,bothofwhichhavefrequentlybeenusedinphishingattempts.Thewebsitetheuseractuallyvisitsisnotownedbythereputableorganization,however,andaskstheusertosupplyinformationthatcanbeusedinalaterattack.Oftenthemessagesenttotheuserwillstatethattheuser’saccounthasbeencompromisedandwillrequest,forsecuritypurposes,theusertoentertheiraccountinformationtoverifythedetails.Inanotherverycommonexampleofphishing,theattackersendsabulk

e-mail,supposedlyfromabank,tellingtherecipientsthatasecuritybreachhasoccurredandinstructingthemtoclickalinktoverifythattheiraccounthasnotbeentamperedwith.Iftheindividualactuallyclicksthelink,theyaretakentoasitethatappearstobeownedbythebankbutisactuallycontrolledbytheattacker.Whentheysupplytheiraccountandpasswordfor“verification”purposes,theyareactuallygivingittotheattacker.

Phishingisnowthemostcommonformofsocialengineeringattackrelatedtocomputersecurity.Thetargetmaybeacomputersystemandaccesstotheinformationfoundonit(suchasisthecasewhenthephishingattemptasksforauserIDandpassword)orthetargetmaybepersonalinformation,generallyfinancial,aboutanindividual(inthecaseofphishingattemptsthataskforanindividual’sbankinginformation).

Thee-mailsandwebsitesgeneratedbytheattackersoftenappeartobelegitimate.Afewclues,however,cantipofftheuserthatthee-mailmightnotbewhatitclaimstobe.Thee-mailmaycontaingrammaticalandtypographicalerrors,forexample.Organizationsthatareusedinthese

phishingattempts(suchaseBayandPayPal)arecarefulabouttheirimagesandwillnotsendasecurity-relatede-mailtouserscontainingobviouserrors.Inaddition,almostunanimously,organizationstelltheirusersthattheywillneveraskforsensitiveinformation(suchasapasswordoraccountnumber)viaane-mail.TheURLofthewebsitethattheusersaretakentomayalsoprovideacluethatthesiteisnotwhatitappearstobe.Despitetheincreasingmediacoverageconcerningphishingattempts,someInternetusersstillfallforthem,whichresultsinattackerscontinuingtousethisrelativelycheapmethodtogaintheinformationtheyareseeking.

Anotherspecializedversionofphishingiscloselyrelatedtospearphishing.Again,specificindividualsaretargeted,butinthiscasetheindividualsareimportantindividualshighupinanorganizationsuchasthecorporateofficers.Thegoalistogoafterthese“biggertargets,”andthusthetermthatisusedtorefertothisformofattackiswhaling.

Arecentdevelopmenthasbeentheintroductionofamodificationtotheoriginalphishingattack.Spearphishingisthetermthathasbeencreatedtorefertothespecialtargetingofgroupswithsomethingincommonwhenlaunchingaphishingattack.Bytargetingspecificgroups,theratioofsuccessfulattacks(thatis,thenumberofresponsesreceived)tothetotalnumberofe-mailsormessagessentusuallyincreasesbecauseatargetedattackwillseemmoreplausiblethanamessagesenttousersrandomly.Pharmingconsistsofmisdirectinguserstofakewebsitesmadetolook

official.Usingphishing,individualsaretargetedonebyonebysendingoute-mails.Tobecomeavictim,therecipientmusttakeanaction(forexample,respondbyprovidingpersonalinformation).Inpharming,theuserwillbedirectedtothefakewebsiteasaresultofactivitysuchasDNSpoisoning(anattackthatchangesURLsinaserver’sdomainnametable)ormodificationoflocalhostfiles,whichareusedtoconvertURLstotheappropriateIPaddress.Onceatthefakesite,theusermaysupplypersonalinformation,believingthattheyareconnectedtothelegitimatesite.

VishingVishingisavariationofphishingthatusesvoicecommunicationtechnologytoobtaintheinformationtheattackerisseeking.Vishingtakesadvantageofthetrustthatsomepeopleplaceinthetelephonenetwork.Usersareunawarethatattackerscanspoof(simulate)callsfromlegitimateentitiesusingVoiceoverIP(VoIP)technology.Voicemessagingcanalsobecompromisedandusedintheseattempts.Generally,theattackersarehopingtoobtaincreditcardnumbersorotherinformationthatcanbeusedinidentitytheft.Theusermayreceiveane-mailaskinghimorhertocallanumberthatisansweredbyapotentiallycompromisedvoicemessagesystem.Usersmayalsoreceivearecordedmessagethatappearstocomefromalegitimateentity.Inbothcases,theuserwillbeencouragedtorespondquicklyandprovidethesensitiveinformationsothataccesstotheiraccountisnotblocked.Ifausereverreceivesamessagethatclaimstobefromareputableentityandasksforsensitiveinformation,theusershouldnotprovideitbutinsteadshouldusetheInternetorexaminealegitimateaccountstatementtofindaphonenumberthatcanbeusedtocontacttheentity.Theusercanthenverifythatthemessagereceivedwaslegitimateorreportthevishingattempt.

TechTip

BewareofVishingVishing(phishingconductedusingvoicesystems)isgenerallysuccessfulbecauseofthetrustthatindividualsplaceinthetelephonesystem.WithcallerID,peoplebelievetheycanidentifywhoitisthatiscallingthem.Theydonotunderstandthat,justlikemanyprotocolsintheTCP/IPprotocolsuite,callerIDcanbespoofed.

SPAMThoughnotgenerallyconsideredasocialengineeringissue,norasecurityissueforthatmatter,SPAMcan,however,beasecurityconcern.SPAM,

asjustabouteverybodyknows,isbulkunsolicitede-mail.Itcanbelegitimateinthesensethatithasbeensentbyacompanyadvertisingaproductorservice,butitcanalsobemaliciousandcouldincludeanattachmentthatcontainsmalicioussoftwaredesignedtoharmyoursystem,oralinktoamaliciouswebsitethatmayattempttoobtainpersonalinformationfromyou.Thoughnotaswellknown,avariationonSPAMisSPIM,whichisbasicallySPAMdeliveredviaaninstantmessagingapplicationsuchasYahoo!MessengerorAIM.ThepurposeofhostileSPIMisthesameasthatofSPAM—thedeliveryofmaliciouscontentorlinks.

ShoulderSurfingShouldersurfingdoesnotnecessarilyinvolvedirectcontactwiththetarget,butinsteadinvolvestheattackerdirectlyobservingtheindividualenteringsensitiveinformationonaform,keypad,orkeyboard.Theattackermaysimplylookovertheshoulderoftheuseratwork,forexample,ormaysetupacameraorusebinocularstoviewtheuserenteringsensitivedata.Theattackercanattempttoobtaininformationsuchasapersonalidentificationnumber(PIN)atanautomatedtellermachine(ATM),anaccesscontrolentrycodeatasecuregateordoor,oracallingcardorcreditcardnumber.Manylocationsnowuseasmallshieldtosurroundakeypadsothatitisdifficulttoobservesomebodyenteringinformation.Moresophisticatedsystemscanactuallyscramblethelocationofthenumberssothatthetoprowatonetimeincludesthenumbers1,2,and3andthenexttime4,8,and0.Whilethismakesitabitslowerfortheusertoenterinformation,itthwartsanattacker’sattempttoobservewhatnumbersarepressedandenterthesamebuttons/pattern,sincethelocationofthenumbersconstantlychanges.

Arelated,somewhatobvioussecurityprecautionisthatapersonshouldnotusethesamePINforalloftheirdifferentaccounts,gatecodes,andsoon,sinceanattackerwholearnsthePINforone

typeofaccesscouldthenuseitforalloftheothertypesofaccess.

Althoughmethodssuchasaddingshieldstoblockthevieworhavingthepad“scramble”thenumberscanhelpmakeshouldersurfingmoredifficult,thebestdefenseisforuserstobeawareoftheirsurroundingsandtonotallowindividualstogetintoapositionfromwhichtheycanobservewhattheuserisentering.Theattackermayattempttoincreasethechanceofsuccessfully

observingthetargetenteringthedatabystartingaconversationwiththetarget.Thisprovidesanexcusefortheattackertobephysicallyclosertothetarget.Otherwise,thetargetmaybesuspiciousiftheattackerisstandingtooclose.Inthissense,shouldersurfingcanbeconsideredasocialengineeringattack.

ReverseSocialEngineeringAslightlydifferentapproachtosocialengineeringiscalledreversesocialengineering.Inthistechnique,theattackerhopestoconvincethetargettoinitiatethecontact.Thisobviouslydiffersfromthetraditionalapproach,wherethetargetistheonethatiscontacted.Thereasonthisattackmaybesuccessfulisthat,sincethetargetistheoneinitiatingthecontact,attackersmaynothavetoconvincethetargetoftheirauthenticity.Thetrickypartofthisattackis,ofcourse,convincingthetargettomakethatinitialcontact.Possiblemethodstoaccomplishthismightincludesendingoutaspoofede-mail(fakee-maildesignedtoappearauthentic)thatclaimstobefromareputablesourceandprovidesanothere-mailaddressorphonenumbertocallfor“techsupport,”orpostinganoticeorcreatingaboguswebsiteforalegitimatecompanythatalsoclaimstoprovide“techsupport.”Thismaybeespeciallysuccessfuliftimedtocoincidewithacompany’sdeploymentofanewsoftwareorhardwareplatform.Anotherpotentialtimetotargetanorganizationwiththissortofattackiswhenthereisasignificantchangeintheorganizationitself,suchaswhentwocompaniesmergeorasmallercompanyisacquiredbyalargerone.Duringthesetimes,employeesarenotfamiliarwiththeneworganizationoritsprocedures,

andamidsttheconfusion,itiseasytoconducteitherasocialengineeringorreversesocialengineeringattack.

TechTip

BeAwareofReverseSocialEngineeringReversesocialengineeringisnotnearlyaswidelyunderstoodassocialengineeringandisabittrickiertoexecute.Iftheattackerissuccessfulinconvincinganindividualtomaketheinitialcontact,however,theprocessofconvincingthemoftheauthenticityoftheattackerisgenerallymucheasierthaninasocialengineeringattack.

HoaxesAtfirstglance,itmightseemthatahoaxrelatedtosecuritywouldbeconsideredanuisanceandnotarealsecurityissue.Thismightbethecaseforsomehoaxes,especiallythoseoftheurbanlegendtype,buttherealityofthesituationisthatahoaxcanbeverydamagingifitcausesuserstotakesomesortofactionthatweakenssecurity.Onerealhoax,forexample,describedanew,highlydestructivepieceofmalicioussoftware.Itinstructeduserstocheckfortheexistenceofacertainfileandtodeleteitifthefilewasfound.Inreality,thefilementionedwasanimportantfileusedbytheoperatingsystem,anddeletingitcausedproblemsthenexttimethesystemwasbooted.Thedamagecausedbyusersmodifyingsecuritysettingscanbeserious.Aswithotherformsofsocialengineering,trainingandawarenessarethebestandfirstlineofdefenseforbothusersandadministrators.Usersshouldbetrainedtobesuspiciousofunusuale-mailsandstoriesandshouldknowwhotocontactintheorganizationtoverifytheirvalidityiftheyarereceived.Hoaxesoftenalsoadvisetheusertosendittotheirfriendssotheyknowabouttheissueaswell—andbydoingso,theyhelpspreadthehoax.Usersneedtobesuspiciousofanye-mailtellingthemto“spreadtheword.”

PoorSecurityPracticesAsignificantportionofhuman-createdsecurityproblemsresultsfrompoorsecuritypractices.Thesepoorpracticesmaybethoseofanindividualuserwhoisnotfollowingestablishedsecuritypoliciesorprocesses,ortheymaybecausedbyalackofsecuritypolicies,procedures,ortrainingwithintheuser’sorganization.

PasswordSelectionFormanyyears,computerintrudershavereliedonusers’poorselectionofpasswordstohelptheintrudersintheirattemptstogainunauthorizedaccesstoasystemornetwork.Ifattackerscouldobtainalistoftheusers’names,chancesweregoodtheycouldeventuallyaccessthesystem.Userstendtopickpasswordsthatareeasyforthemtoremember,andwhateasierpasswordcouldtherebethanthesamesequenceofcharactersthattheyusefortheiruserID?Ifasystemhasanaccountwiththeusernamejdoe,anattacker’sreasonablefirstguessoftheaccount’spasswordwouldbejdoe.Ifthisdoesn’twork,theattackerwouldtryvariationsonthesame,suchasdoej,johndoe,johnd,andeodj,allofwhichwouldbereasonablepossibilities.

Poorpasswordselectionisoneofthemostcommonofpoorsecuritypractices,andoneofthemostdangerous.Numerousstudiesthathavebeenconductedonpasswordselectionhavefoundthat,whileoverallmoreusersarelearningtoselectgoodpasswords,asignificantpercentageofusersstillmakepoorchoices.Theproblemwiththis,ofcourse,isthatapoorpasswordchoicecanenableanattackertocompromiseacomputersystemornetworkmoreeasily.Evenwhenusershavegoodpasswords,theyoftenresorttoanotherpoorsecuritypractice—writingthepassworddowninaneasilylocatedplace,whichcanalsoleadtosystemcompromiseifanattackergainsphysicalaccesstothearea.

Iftheattacker’sattempttousevariationsontheusernamedoesnotyieldthecorrectpassword,theymightsimplyneedmoreinformation.Usersalsofrequentlypicknamesoffamilymembers,pets,orfavoritesportsteam.If

theuserlivesinSanAntonio,Texas,forexample,apossiblepasswordmightbegospursgoinhonorofthecity’sprofessionalbasketballteam.Iftheseattemptsdon’tworkfortheattacker,thentheattackermightnexttryhobbiesoftheuser,thenameoftheuser’sfavoritemakeormodelofcar,orsimilarpiecesofinformation.Thekeyisthattheuseroftenpickssomethingeasyforthemtoremember,whichmeansthatthemoretheattackerknowsabouttheuser,thebetterthechanceofdiscoveringtheuser’spassword.Inanattempttocomplicatetheattacker’sjob,organizationshave

encouragedtheiruserstomixupper-andlowercasecharactersandtoincludenumbersandspecialcharactersintheirpassword.Whilethisdoesmakethepasswordhardertoguess,thebasicproblemstillremains:userswillpicksomethingthatiseasyforthemtoremember.Thus,ouruserinSanAntoniomayselectthepasswordG0*Spurs*G0,capitalizingthreeoftheletters,insertingaspecialcharactertwice,andsubstitutingthenumberzerofortheletterO.Thismakesthepasswordhardertocrack,butthereareafinitenumberofvariationsonthebasicgospursgopassword,so,whiletheattacker’sjobhasbeenmademoredifficult,itisstillpossibletoguessthepassword.Organizationshavealsoinstitutedadditionalpoliciesandrulesrelating

topasswordselectiontofurthercomplicateanattacker’sefforts.Organizations,forexample,mayrequireuserstofrequentlychangetheirpassword.Thismeansthatifanattackerisabletoguessapassword,itisonlyvalidforalimitedperiodoftimebeforeanewpasswordisselected,afterwhichtheattackerislockedout.Allisnotlostfortheattacker,however,since,again,userswillselectpasswordstheycanremember.Forexample,passwordchangesoftenresultinanewpasswordthatsimplyincorporatesanumberattheendoftheoldone.Thus,ourSanAntoniousermightselectG0*Spurs*G1asthenewpassword,inwhichcasethebenefitofforcingpasswordchangesonaperiodic,orevenfrequent,basishasbeentotallylost.ItisagoodbetthatthenextpasswordchosenwillbeG0*Spurs*G2,followedbyG0Spurs*G3,andsoforth.

TechTip

HeartbleedVulnerabilityIn2014,avulnerabilityintheOpenSSLcryptographywasdiscoveredandgiventhenameHeartbleedbecauseitoriginatedintheheartbeatsignalemployedbythesystem.Thisvulnerabilityresultedinthepotentiallossofpasswordsandothersensitivedataacrossmultipleplatformsanduptoamillionwebserversandrelatedsystems.Heartbleedresultedinrandomdatalossfromservers,as64Kblocksofmemorywereexfiltratedfromthesystem.AmongtheitemsthatmaybelostinHeartbleedattacksareusercredentials,userIDs,andpasswords.ThediscoveryofthisvulnerabilityprompteduserstochangeamassivenumberofpasswordsacrosstheWeb,asusershadnoknowledgeastothestatusoftheircredentials.Oneofthecommonpiecesofadvicetouserswastonotreusepasswordsbetweensystems.Thisadviceisuniversallygoodadvice,notjustforHeartbleed,butforallsystems,allthetime.

Anotherpolicyorrulegoverningpasswordselectionoftenadoptedbyorganizationsisthatpasswordsmustnotbewrittendown.This,ofcourse,isdifficulttoenforce,andthususerswillfrequentlywritethemdown,oftenasaresultofwhatisreferredtoasthe“passworddilemma.”Themoredifficultwemakeitforattackerstoguessourpasswords,andthemorefrequentlyweforcepasswordchanges,themoredifficultthepasswordsareforauthorizeduserstorememberandthemorelikelytheyaretowritethemdown.Writingthemdownandputtingtheminasecureplaceisonething,butalltoooftenuserswillwritethemonaslipofpaperandkeepthemintheircalendar,wallet,orpurse.Mostsecurityconsultantsgenerallyagreethatiftheyaregivenphysicalaccesstoanoffice,theywillbeabletofindapasswordsomewhere—thetopdrawerofadesk,insideofadeskcalendar,attachedtotheundersideofthekeyboard,orevensimplyonayellow“stickynote”attachedtothemonitor.Withtheproliferationofcomputers,networks,andusers,thepassword

dilemmahasgottenworse.Today,theaverageInternetuserprobablyhasatleastahalfdozendifferentaccountsandpasswordstoremember.Selectingadifferentpasswordforeachaccount,followingtheguidelinesmentionedpreviouslyregardingcharacterselectionandfrequencyof

changes,onlyaggravatestheproblemofrememberingthepasswords.Thisresultsinusersalltoofrequentlyusingthesamepasswordforallaccounts.Ifauserdoesthis,andthenoneoftheaccountsisbroken,allotheraccountsaresubsequentlyalsovulnerabletoattack.

Knowtherulesforgoodpasswordselection.Generally,thesearetouseeightormorecharactersinyourpassword,includeacombinationofupper-andlowercaseletters,includeatleastonenumberandonespecialcharacter,donotuseacommonword,phrase,orname,andchooseapasswordthatyoucanremembersothatyoudonotneedtowriteitdown.

Theneedforgoodpasswordselectionandtheprotectionofpasswordsalsoappliestoanothercommonfeatureoftoday’selectronicworld,PINs.MostpeoplehaveatleastonePINassociatedwiththingssuchastheirATMcardorasecuritycodetogainphysicalaccesstoaroom.Again,userswillinvariablyselectnumbersthatareeasytoremember.Specificnumbers,suchastheindividual’sbirthdate,theirspouse’sbirthdate,orthedateofsomeothersignificantevent,areallcommonnumberstoselect.Otherpeoplewillpickpatternsthatareeasytoremember—2580,forexample,usesallofthecenternumbersonastandardnumericpadonatelephone.Attackersknowthis,andguessingPINsfollowsthesamesortofprocessthatguessingapassworddoes.Passwordselectionisanindividualactivity,andensuringthat

individualsaremakinggoodselectionsistherealmoftheentity’spasswordpolicy.Toensureusersmakeappropriatechoices,theyneedtobeawareoftheissueandtheirpersonalroleinsecuringaccounts.Aneffectivepasswordpolicyconveysboththeuserroleandresponsibilityassociatedwithpasswordusageanddoessoinasimpleenoughmannerthatitcanbeconveyedviascreennotesduringmandatedpasswordchangeevents.

ShoulderSurfing

Asdiscussedearlier,shouldersurfingdoesnotinvolvedirectcontactwiththeuser,butinsteadinvolvestheattackerdirectlyobservingthetargetenteringsensitiveinformationonaform,keypad,orkeyboard.Theattackermaysimplylookovertheshoulderoftheuseratwork,watchingasacoworkerenterstheirpassword.Althoughdefensivemethodscanhelpmakeshouldersurfingmoredifficult,thebestdefenseisforausertobeawareoftheirsurroundingsandtonotallowindividualstogetintoapositionfromwhichtheycanobservewhattheuserisentering.Arelatedsecuritycommentcanbemadeatthispoint:apersonshouldnotusethesamePINforalloftheirdifferentaccounts,gatecodes,andsoon,sinceanattackerwholearnsthePINforonecouldthenuseitforalltheothers.

PiggybackingPeopleareofteninahurryandwillfrequentlynotfollowgoodphysicalsecuritypracticesandprocedures.Attackersknowthisandmayattempttoexploitthischaracteristicinhumanbehavior.TailgatingorpiggybackingisthesimpletacticoffollowingcloselybehindapersonwhohasjustusedtheirownaccesscardorPINtogainphysicalaccesstoaroomorbuilding.Anattackercanthusgainaccesstothefacilitywithouthavingtoknowtheaccesscodeorhavingtoacquireanaccesscard.Itissimilartoshouldersurfinginthatitreliesontheattackertakingadvantageofanauthorizedusernotfollowingsecurityprocedures.Frequentlytheattackermayevenstartaconversationwiththetargetbeforereachingthedoorsothattheusermaybemorecomfortablewithallowingtheindividualinwithoutchallengingthem.Inthissensepiggybackingisrelatedtosocialengineeringattacks.Boththepiggybackingandshouldersurfingattacktechniquescanbeeasilycounteredbyusingsimpleprocedurestoensurenobodyfollowsyoutoocloselyorisinapositiontoobserveyouractions.Bothtechniquesrelyonthepoorsecuritypracticesofanauthorizedusertobesuccessful.Amoresophisticatedcountermeasuretopiggybackingisa“mantrap,”whichutilizestwodoorstogainaccesstothefacility.Theseconddoordoesnotopenuntilthefirstoneisclosedandisspacedcloseenoughtothefirstthatanenclosureisformedthatonlyallowsone

individualthroughatatime.

DumpsterDivingAsmentionedearlier,attackersneedacertainamountofinformationbeforelaunchingtheirattack.Onecommonplacetofindthisinformation,iftheattackerisinthevicinityofthetarget,isthetarget’strash.Theattackermightfindlittlebitsofinformationthatcouldbeusefulforanattack.Thisprocessofgoingthroughatarget’strashinhopesoffindingvaluableinformationthatmightbeusedinapenetrationattemptisknowninthecomputercommunityasdumpsterdiving.Thetacticisnot,however,uniquetothecomputercommunity;ithasbeenusedformanyyearsbyothers,suchasidentitythieves,privateinvestigators,andlawenforcementpersonnel,toobtaininformationaboutanindividualororganization.Iftheattackersareverylucky,andthetarget’ssecurityproceduresareverypoor,theymayactuallyfinduserIDsandpasswords.Asmentionedinthediscussiononpasswords,userssometimeswritetheirpassworddown.If,whenthepasswordischanged,theydiscardthepapertheoldpasswordwaswrittenonwithoutshreddingit,theluckydumpsterdivercangainavaluableclue.Eveniftheattackerisn’tluckyenoughtoobtainapassworddirectly,heundoubtedlywillfindemployeenames,fromwhichit’snothardtodetermineuserIDs,asdiscussedearlier.Finally,theattackermaygatheravarietyofinformationthatcanbeusefulinasocialengineeringattack.Inmostlocations,trashisnolongerconsideredprivatepropertyafterithasbeendiscarded(andevenwheredumpsterdivingisillegal,littleenforcementoccurs).Anorganizationshouldhavepoliciesaboutdiscardingmaterials.Sensitiveinformationshouldbeshreddedandtheorganizationshouldconsidersecuringthetrashreceptaclesothatindividualscan’tforagethroughit.Peopleshouldalsoconsidershreddingpersonalorsensitiveinformationthattheywishtodiscardintheirowntrash.Areasonablequalityshredderisinexpensiveandwellworththepricewhencomparedwiththepotentiallossthatcouldoccurasaresultofidentitytheft.

TryThis!DivingintoYourDumpsterTheamountofusefulinformationthatusersthrowawayinunsecuredtrashreceptaclesoftenamazessecurityprofessionals.Hackersknowthattheycanoftenfindmanuals,networkdiagrams,andevenuserIDsandpasswordsbyrummagingthroughdumpsters.Aftercoordinatingthiswithyoursecurityoffice,tryseeingwhatyoucanfindthatindividualsinyourorganizationhavediscarded(assumingthatthereisnoshreddingpolicy)byeithergoingthroughyourorganization’sdumpstersorjustthroughtheofficetrashreceptacles.Whatusefulinformationdidyoufind?Isthereanobvioussuggestionthatyoumightmaketoenhancethesecurityofyourorganization?

InstallingUnauthorizedHardwareandSoftwareOrganizationsshouldhaveapolicythatrestrictstheabilityofnormaluserstoinstallsoftwareandnewhardwareontheirsystems.Acommonexampleisauserinstallingunauthorizedcommunicationsoftwareandamodemtoallowthemtoconnecttotheirmachineatworkviaamodemfromtheirhome.Anothercommonexampleisauserinstallingawirelessaccesspointsothattheycanaccesstheorganization’snetworkfrommanydifferentareas.Intheseexamples,theuserhassetupabackdoorintothenetwork,circumventingalltheothersecuritymechanismsinplace.Theterm“roguemodem”or“rogueaccesspoint”maybeusedtodescribethesetwocases.Abackdoorisanavenuethatcanbeusedtoaccessasystemwhilecircumventingnormalsecuritymechanismsandcanoftenbeusedtoinstalladditionalexecutablefilesthatcanleadtomorewaystoaccessthecompromisedsystem.Securityprofessionalscanusewidelyavailabletoolstoscantheirownsystemsperiodicallyforeitheroftheseroguedevicestoensurethatusershaven’tcreatedabackdoor.

Ithasalreadybeenmentionedthatgainingphysicalaccesstoacomputersystemornetworkoftenguaranteesanattackersuccessinpenetratingthesystemorthenetworkitisconnectedto.Atthesametime,theremaybeanumberofindividualswhohaveaccesstoafacilitybutarenot

authorizedtoaccesstheinformationthesystemsstoreandprocess.Webecomecomplacenttotheaccesstheseindividualshavebecausetheyoftenquietlygoabouttheirjobsoastonotdrawattentiontothemselvesandtominimizetheimpactontheoperationoftheorganization.Theymayalsobeoverlookedbecausetheirjobdoesnotimpactthecorefunctionoftheorganization.Aprimeexampleofthisisthecustodialstaff.Becomingcomplacentabouttheseindividualsandnotpayingattentiontowhattheymayhaveaccessto,however,couldbeabigmistake,andusersshouldnotbelievethateverybodywhohasphysicalaccesstotheorganizationhasthesamelevelofconcernfororinterestinthewelfareoftheorganization.

Anothercommonexampleofunauthorizedsoftwarethatusersinstallontheirsystemsisgames.Unfortunately,notallgamescomeinshrink-wrappedpackages.NumeroussmallgamescanbedownloadedfromtheInternet.Theproblemwiththisisthatusersdon’talwaysknowwherethesoftwareoriginallycamefromandwhatmaybehiddeninsideit.Manyindividualshaveunwittinglyinstalledwhatseemedtobeaninnocuousgame,onlytohavedownloadedapieceofmaliciouscodecapableofmanythings,includingopeningabackdoorthatallowsattackerstoconnectto,andcontrol,thesystemfromacrosstheInternet.Becauseofthesepotentialhazards,manyorganizationsdonotallow

theiruserstoloadsoftwareorinstallnewhardwarewithouttheknowledgeandassistanceofadministrators.Manyorganizationsalsoscreen,andoccasionallyintercept,e-mailmessageswithlinksorattachmentsthataresenttousers.Thishelpspreventusersfrom,say,unwittinglyexecutingahostileprogramthatwassentaspartofawormorvirus.Consequently,manyorganizationshavetheirmailserversstripoffexecutableattachmentstoe-mailsothatuserscan’taccidentallycauseasecurityproblem.

DataHandlingUnderstandingtheresponsibilitiesofproperdatahandlingassociatedwithone’sjobisanimportanttrainingtopic.Informationcanbedeceptiveinthatitisnotdirectlytangible,andpeopletendtodevelopbadhabitsaroundotherjobmeasures…attheexpenseofsecurity.Employeesrequiretraininginhowtorecognizethedataclassificationandhandlingrequirementsofthedatatheyareusing,andtheyneedtolearnhowto

followtheproperhandlingprocesses.Ifcertaindataelementsrequirespecialhandlingbecauseofcontracts,laws,orregulations,thereistypicallyatrainingclauseassociatedwiththisrequirement.Personnelassignedtothesetasksshouldbespecificallytrainedwithregardtothesecurityrequirements.Thespiritofthetrainingclauseisyougetwhatyoutrain,andifsecurityoverspecificdatatypesisarequirement,thenitshouldbetrained.Thissameprincipleholdsforcorporatedata-handlingresponsibilities;yougetthebehaviorsyoutrainandreward.

PhysicalAccessbyNon-EmployeesAshasbeenmentioned,ifanattackercangainphysicalaccesstoafacility,chancesareverygoodthattheattackercanobtainenoughinformationtopenetratecomputersystemsandnetworks.Manyorganizationsrequireemployeestowearidentificationbadgeswhenatwork.Thisisaneasymethodtoquicklyspotwhohaspermissiontohavephysicalaccesstotheorganizationandwhodoesnot.Whilethismethodiseasytoimplementandcanbeasignificantdeterrenttounauthorizedindividuals,italsorequiresthatemployeesactivelychallengeindividualswhoarenotwearingtherequiredidentificationbadge.Thisisoneareawhereorganizationsfail.Combineanattackerwhoslipsinbypiggybackingoffofanauthorizedindividualandanenvironmentwhereemployeeshavenotbeenencouragedtochallengeindividualswithoutappropriatecredentialsandyouhaveasituationwhereyoumightaswellnothaveanybadgesinthefirstplace.Organizationsalsofrequentlybecomecomplacentwhenfacedwithwhatappearstobealegitimatereasontoaccessthefacility,suchaswhenanindividualshowsupwithawarmpizzaclaimingitwasorderedbyanemployee.Ithasoftenbeenstatedbysecurityconsultantsthatitisamazingwhatyoucanobtainaccesstowithapizzaboxoravaseofflowers.

Preventingaccesstoinformationisalsoimportantintheworkarea.Firmswithsensitive

informationshouldhavea“cleandeskpolicy”specifyingthatsensitiveinformationisnotleftunsecuredintheworkareawhentheworkerisnotpresenttoactascustodian.

Anotheraspectthatmustbeconsideredispersonnelwhohavelegitimateaccesstoafacilitybutalsohaveintenttostealintellectualpropertyorotherwiseexploittheorganization.Physicalaccessprovidesaneasyopportunityforindividualstolookfortheoccasionalpieceofcriticalinformationcarelesslyleftout.Withtheproliferationofdevicessuchascellphoneswithbuilt-incameras,anindividualcouldeasilyphotographinformationwithoutitbeingobvioustoemployees.Contractors,consultants,andpartnersfrequentlynotonlyhavephysicalaccesstothefacilitybutmayalsohavenetworkaccess.Otherindividualswhotypicallyhaveunrestrictedaccesstothefacilitywhennooneisaroundarenighttimecustodialcrewmembersandsecurityguards.Suchpositionsareoftencontractedout.Asaresult,hackershavebeenknowntotaketemporarycustodialjobssimplytogainaccesstofacilities.

CleanDeskPoliciesPreventingaccesstoinformationisalsoimportantintheworkarea.Firmswithsensitiveinformationshouldhavea“cleandeskpolicy”specifyingthatsensitiveinformationmustnotbeleftunsecuredintheworkareawhentheworkerisnotpresenttoactascustodian.Evenleavingthedeskareaandgoingtothebathroomcanleaveinformationexposedandsubjecttocompromise.Thecleandeskpolicyshouldidentifyandprohibitthingsthatarenotobviousuponfirstglance,suchaspasswordsonstickynotesunderkeyboardsandmousepadsorinunsecureddeskdrawers.

PeopleasaSecurityToolAninterestingparadoxwhenspeakingofsocialengineeringattacksisthatpeoplearenotonlythebiggestproblemandsecurityriskbutalsothebesttoolindefendingagainstasocialengineeringattack.Thefirststepacompanyshouldtaketofightpotentialsocialengineeringattacksisto

createthepoliciesandproceduresthatestablishtherolesandresponsibilitiesfornotonlysecurityadministratorsbutforallusers.Whatisitthatmanagementexpects,security-wise,fromallemployees?Whatisitthattheorganizationistryingtoprotect,andwhatmechanismsareimportantforthatprotection?

Perthe2014VerizonDataBreachInvestigationReport,introducedinChapter1,hackswerediscoveredmoreoftenbyinternalemployeesthanbyoutsiders.Thismeansthattraineduserscanbeanimportantpartofasecurityplan.

SecurityAwarenessProbablythesinglemosteffectivemethodtocounterpotentialsocialengineeringattacks,afterestablishmentoftheorganization’ssecuritygoalsandpolicies,isanactivesecurityawarenessprogram.Theextentofthetrainingwillvarydependingontheorganization’senvironmentandthelevelofthreat,butinitialemployeetrainingonsocialengineeringatthetimeapersonishiredisimportant,aswellasperiodicrefreshertraining.Animportantelementthatshouldbestressedintrainingaboutsocial

engineeringisthetypeofinformationthattheorganizationconsiderssensitiveandwhichmaybethetargetofasocialengineeringattack.Thereareundoubtedlysignsthattheorganizationcouldpointtoasindicativeofanattackerattemptingtogainaccesstosensitivecorporateinformation.Allemployeesshouldbeawareoftheseindicators.Thescopeofinformationthatanattackermayaskforisverylarge,andmanyquestionsattackersposemightalsobelegitimateinanothercontext(askingforsomeone’sphonenumber,forexample).Employeesshouldbetaughttobecautiousaboutrevealingpersonalinformationandshouldespeciallybealertforquestionsregardingaccountinformation,personallyidentifiableinformation,orpasswords.

TryThis!SecurityAwarenessProgramsAstrongsecurityeducationandawarenesstrainingprogramcangoalongwaytowardreducingthechancethatasocialengineeringattackwillbesuccessful.Awarenessprogramsandcampaigns,whichmightincludeseminars,videos,posters,newsletters,andsimilarmaterials,arealsofairlyeasytoimplementandnotverycostly.Thereisnoreasonforanorganizationtonothaveanawarenessprograminplace.AlotofinformationandideasareavailableontheInternet.SeewhatyoucanfindthatmightbeusableforyourorganizationthatyoucanobtainatnochargefromvariousorganizationsontheInternet.(Tip:CheckorganizationssuchasNISTandNSA,whichhavedevelopednumeroussecuritydocumentsandguidelines.)

Asafinalnoteonuserresponsibilities,corporatesecurityofficersmustcultivateanenvironmentoftrustintheiroffice,aswellasanunderstandingoftheimportanceofsecurity.Ifusersfeelthatsecuritypersonnelareonlytheretomaketheirlifedifficultortodredgeupinformationthatwillresultinanemployee’stermination,theatmospherewillquicklyturnadversarialandbetransformedintoan“usversusthem”situation.Securitypersonnelneedthehelpofallusersandshouldstrivetocultivateateamenvironmentinwhichusers,whenfacedwithaquestionablesituation,willnothesitatetocallthesecurityoffice.Insituationslikethis,securityofficesshouldremembertheoldadageof“don’tshootthemessenger.”

SecurityPolicyTrainingandProceduresPeopleinanorganizationplayasignificantroleinthesecuritypostureoftheorganization,Assuch,trainingisimportantasitcanprovidethebasisforawarenessofissuessuchassocialengineeringanddesiredemployeesecurityhabits.ThesearedetailedinChapter2.

Chapter4Review

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingregardingtherolepeoplecanplayinsecurity.

Definebasicterminologyassociatedwithsocialengineering

Socialengineeringisatechniqueinwhichtheattackerusesvariousdeceptivepracticestoconvincethetargetedpersontodivulgeinformationtheynormallywouldnotdivulge,ortoconvincethetargettodosomethingtheynormallywouldn’tdo.

Inreversesocialengineering,theattackerhopestoconvincethetargettoinitiatecontact.

Describestepsorganizationscantaketoimprovetheirsecurity

Organizationsshouldhaveapolicythatrestrictstheabilityofnormaluserstoinstallnewsoftwareandhardwareontheirsystems.

Contractors,consultants,andpartnersmayfrequentlyhavenotonlyphysicalaccesstothefacilitybutalsonetworkaccess.Othergroupsthataregivenunrestricted,andunobserved,accesstoafacilityarenighttimecustodialcrewmembersandsecurityguards.Botharepotentialsecurityproblemsandorganizationsshouldtakestepstolimittheseindividuals’access.

Thesinglemosteffectivemethodtocounterpotentialsocialengineeringattacks,afterestablishingtheorganization’ssecuritygoalsandpolicies,isanactivesecurityawarenessprogram.

Describecommonuseractionsthatmayputanorganization’sinformationatrisk

Nomatterhowadvancedsecuritytechnologyis,itwillultimatelybedeployedinanenvironmentwherethehumanelementmaybeitsgreatestweakness.

Attackersknowthatemployeesarefrequentlyverybusyanddon’tstoptothinkaboutsecurity.Theymayattempttoexploitthisworkcharacteristicthroughpiggybackingorshouldersurfing.

Recognizemethodsattackersmayusetogaininformationaboutanorganization

Formanyyearscomputerintrudershavereliedonusers’poorselectionofpasswordstohelptheintrudersintheirattemptstogainunauthorizedaccesstoasystemornetwork.

Onecommonwaytofindusefulinformation(iftheattackerisinthevicinityofthetarget,suchasacompanyoffice)istogothroughthetarget’strashlookingforbitsofinformationthatcouldbeusefultoapenetrationattempt.

Determinewaysinwhichuserscanaidinsteadofdetractfromsecurity

Aninterestingparadoxofsocialengineeringattacksisthatpeoplearenotonlythebiggestproblemandsecurityriskbutalsothebestlineofdefenseagainstasocialengineeringattack.

Asignificantportionofemployee-createdsecurityproblemsarisefrompoorsecuritypractices.

Usersshouldalwaysbeonthewatchforattemptsbyindividualstogaininformationabouttheorganizationandshouldreportsuspiciousactivitytotheiremployer.

Recognizetheroletrainingandawarenessplaysinassistingthepeoplesideofsecurity

Individualuserscanenhancesecurityofasystemthroughproperexecutionoftheirindividualactionsandresponsibilities.

Trainingandawarenessprogramscanreinforceuserknowledgeof

desiredactions.

KeyTermsbackdoor(82)dumpsterdiving(81)phishing(75)piggybacking(80)reversesocialengineering(77)shouldersurfing(76)socialengineering(73)SPAM(76)tailgating(80)vishing(76)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.A_______________isanavenuethatcanbeusedtoaccessasystemwhilecircumventingnormalsecuritymechanisms.

2._______________isaprocedureinwhichattackerspositionthemselvesinsuchawayastobeabletoobserveanauthorizeduserenteringthecorrectaccesscode.

3.Theprocessofgoingthroughatarget’strashsearchingforinformationthatcanbeusedinanattack,ortogainknowledgeaboutasystemornetwork,isknownas_______________.

4._______________isthesimpletacticoffollowingcloselybehindapersonwhohasjustusedtheiraccesscardorPINtogainphysicalaccesstoaroomorbuilding.

5.In_______________,theattackerhopestoconvincethetargettoinitiatecontact.

6._______________isavariationof_______________thatusesvoicecommunicationtechnologytoobtaintheinformationtheattackerisseeking.

Multiple-ChoiceQuiz1.Whichofthefollowingisconsideredagoodpracticeforpassword

security?

A.Usingacombinationofupper-andlowercasecharacters,anumber,andaspecialcharacterinthepassworditself

B.Notwritingthepassworddown

C.Changingthepasswordonaregularbasis

D.Alloftheabove

2.Thepassworddilemmareferstothefactthat:A.Passwordsthatareeasyforuserstorememberarealsoeasyfor

attackerstoguess.

B.Themoredifficultwemakeitforattackerstoguessourpasswords,andthemorefrequentlyweforcepasswordchanges,themoredifficultthepasswordsareforauthorizeduserstorememberandthemorelikelytheyaretowritethemdown.

C.Userswillinvariablyattempttoselectpasswordsthatarewordstheycanremember.Thismeanstheymayselectthingscloselyassociatedwiththem,suchastheirspouse’sorchild’sname,abelovedsportsteam,orafavoritemodelofcar.

D.Passwordsassignedbyadministratorsareusuallybetterand

moresecure,butareoftenharderforuserstoremember.

3.ThesimpletacticoffollowingcloselybehindapersonwhohasjustusedtheirownaccesscardorPINtogainphysicalaccesstoaroomorbuildingiscalled:

A.Shouldersurfing

B.Tagging-along

C.Piggybacking

D.Accessdrafting

4.Theprocessofgoingthroughatarget’strashinhopesoffindingvaluableinformationthatmightbeusedinapenetrationattemptisknownas:

A.Dumpsterdiving

B.Trashtrolling

C.Garbagegathering

D.Refuserolling

5.Whichofthefollowingisatypeofsocialengineeringattackinwhichanattackerattemptstoobtainsensitiveinformationfromauserbymasqueradingasatrustedentityinane-mail?

A.SPAM

B.SPIM

C.Phishing

D.Vishing

6.Reversesocialengineeringinvolves:A.Contactingthetarget,elicitingsomesensitiveinformation,and

convincingthemthatnothingoutoftheordinaryhasoccurred

B.Contactingthetargetinanattempttoobtaininformationthatcanbeusedinasecondattemptwithadifferentindividual

C.Anindividuallowerinthechainofcommandconvincingsomebodyatahigherleveltodivulgeinformationthattheattackerisnotauthorizedtohave

D.Anattackerattemptingtosomehowconvincethetargettoinitiatecontactinordertoavoidquestionsaboutauthenticity

7.Thereasonfornotallowinguserstoinstallnewhardwareorsoftwarewithouttheknowledgeofsecurityadministratorsis:

A.Theymaynotcompletetheinstallationcorrectlyandtheadministratorwillhavetodomorework,takingthemawayfrommoreimportantsecuritytasks.

B.Theymayinadvertentlyinstallmorethanjustthehardwareorsoftware;theymayaccidentallyinstallabackdoorintothenetwork.

C.Theymaynothavepaidforitandthusmaybeexposingtheorganizationtocivilpenalties.

D.Unauthorizedhardwareandsoftwareareusuallyforleisurepurposesandwilldistractemployeesfromthejobtheywerehiredtoperform.

8.Onceanorganization’ssecuritypolicieshavebeenestablished,thesinglemosteffectivemethodofcounteringpotentialsocialengineeringattacksis:

A.Anactivesecurityawarenessprogram

B.Aseparatephysicalaccesscontrolmechanismforeachdepartmentintheorganization

C.Frequenttestingofboththeorganization’sphysicalsecurityproceduresandemployeetelephonepractices

D.Implementingaccesscontrolcardsandthewearingofsecurityidentificationbadges

9.Whichofthefollowingtypesofattacksutilizesinstantmessagingservices?

A.SPAM

B.SPIM

C.Phishing

D.Vishing

10.InwhatwayarePINssimilartopasswords?A.UserswillnormallypickaPINthatiseasytoremember,such

asadateorspecificpattern.

B.AttackersknowcommonPINsandwilltrytousethemorwillattempttolearnmoreabouttheuserinordertomakeaneducatedguessastowhattheirPINmightbe.

C.Usersmaywritethemdowntorememberthem.

D.Alloftheabovearetrue.

EssayQuiz1.Explainthedifferencebetweensocialengineeringandreversesocial

engineering.

2.Discusshowasecurity-relatedhoaxmightbecomeasecurityissue.3.Howmightshouldersurfingbeathreatinyourschoolorwork

environment?Whatcanbedonetomakethissortofactivitymoredifficult?

4.Foranenvironmentfamiliartoyou(suchasworkorschool),describethedifferentnon-employeeswhomayhaveaccessto

facilitiesthatcouldcontainsensitiveinformation.

5.Describesomeoftheusersecurityresponsibilitiesthatyoufeelaremostimportantforuserstoremember.

LabProjects

•LabProject4.1Ifpossibleateitheryourplaceofemploymentoryourschool,attempttodeterminehoweasyitwouldbetoperformdumpsterdivingtogainaccesstoinformationatthesite.Aretrashreceptacleseasytogainaccessto?Aredocumentsshreddedbeforebeingdiscarded?Areareaswheretrashisstoredeasilyaccessible?

•LabProject4.2PerformasearchontheWebforarticlesandstoriesaboutsocialengineeringattacksorreversesocialengineeringattacks.Chooseandreadfiveorsixarticles.Howmanyoftheattacksweresuccessful?Howmanyfailedandwhy?Howcouldthosethatmayhaveinitiallysucceededbeenprevented?

•LabProject4.3SimilartoLabProject4.2,performasearchontheWebforarticlesandstoriesaboutphishingattacks.Chooseandreadfiveorsixarticles.Howmanyoftheattacksweresuccessful?Howmanyfailedandwhy?Howmightthesuccessfulattackshavebeenmitigatedorsuccessfullyaccomplished?

chapter5 Cryptography

Ifyouaredesigningcryptosystems,you’vegottothinkaboutlong-termapplications.You’vegottotrytofigureouthowtobuildsomethingthatissecureagainsttechnologyinthenextcentury

C

thatyoucannotevenimagine.

—WHITFIELDDIFFIE

Inthischapter,youwilllearnhowto

Understandthefundamentalsofcryptography

Identifyanddescribethethreetypesofcryptography

Listanddescribecurrentcryptographicalgorithms

Explainhowcryptographyisappliedforsecurity

ryptographyisthescienceofencrypting,orhiding,information—somethingpeoplehavesoughttodosincetheybeganusinglanguage.Althoughlanguageallowedpeopletocommunicatewithoneanother,

thoseinpowerattemptedtohideinformationbycontrollingwhowastaughttoreadandwrite.Eventually,morecomplicatedmethodsofconcealinginformationbyshiftinglettersaroundtomakethetextunreadableweredeveloped.Thesecomplicatedmethodsarecryptographicalgorithms,alsoknownasciphers.ThewordciphercomesfromtheArabicwordsifr,meaningemptyorzero.Whenmaterial,calledplaintext,needstobeprotectedfrom

unauthorizedinterceptionoralteration,itisencryptedintociphertext.Thisisdoneusinganalgorithmandakey,andtheriseofdigitalcomputershasprovidedawidearrayofalgorithmsandincreasinglycomplexkeys.Thechoiceofspecificalgorithmdependsonseveralfactors,andtheywillbeexaminedinthischapter.Cryptanalysis,theprocessofanalyzingavailableinformationinan

attempttoreturntheencryptedmessagetoitsoriginalform,requiredadvancesincomputertechnologyforcomplexencryptionmethods.Thebirthofthecomputermadeitpossibletoeasilyexecutethecalculationsrequiredbymorecomplexencryptionalgorithms.Today,thecomputeralmostexclusivelypowershowencryptionisperformed.Computertechnologyhasalsoaidedcryptanalysis,allowingnewmethodstobe

developed,suchaslinearanddifferentialcryptanalysis.Differentialcryptanalysisisdonebycomparingtheinputplaintexttotheoutputciphertexttotryanddeterminethekeyusedtoencrypttheinformation.Linearcryptanalysisissimilarinthatitusesbothplaintextandciphertext,butitputstheplaintextthroughasimplifiedciphertotryanddeducewhatthekeyislikelytobeinthefullversionofthecipher.

CryptographyinPracticeWhilecryptographymaybeascience,itperformscriticalfunctionsintheenablingoftrustacrosscomputernetworksinbusinessandotherfunctions.Beforewedigdeepintothetechnicalnatureofcryptographicpractices,anoverviewofcurrentcapabilitiesisuseful.Examiningcryptographyfromahighlevel,thereareseveralrelevantpointstoday.Cryptographyhasbeenalong-runningeventofadvancesbothonthe

sideofcryptographyandthesideofbreakingitviaanalysis.Withtheadventofdigitalcryptography,theadvantagehasclearlyswungtothesideofcryptography.Moderncomputershavealsoincreasedtheneedfor,andloweredthecostofemploying,cryptographytosecureinformation.Inthepast,theeffectivenessrestedinthesecrecyofthealgorithm,butwithmoderndigitalcryptography,thestrengthisbasedonsheercomplexity.Thepowerofnetworksandmodernalgorithmshasalsobeenemployedtomanageautomatickeymanagement.

Cryptographyismuchmorethanencryption.Cryptographicmethodsenabledataprotection,datahiding,integritychecks,nonrepudiationservices,policyenforcement,keymanagementandexchange,andmanymoreelementsusedinmoderncomputing.IfyouusedtheWebtoday,oddsareyouusedcryptographywithoutevenknowingit.

Cryptographyhasmanyusesbesidesjustenablingconfidentialityincommunicationchannels.Cryptographicfunctionsareusedinawide

rangeofapplications,including,butnotlimitedto,hidingdata,resistingforgery,resistingunauthorizedchange,resistingrepudiation,policyenforcement,andkeyexchanges.Inspiteofthestrengthsofmoderncryptography,itstillfailsduetootherissues;knownplaintextattacks,poorlyprotectedkeys,andrepeatedpassphrasesareexamplesofhowstrongcryptographyisrenderedweakviaimplementationmistakes.Moderncryptographicalgorithmsarefarstrongerthanneededgiventhe

stateofcryptanalysis.Theweaknessesincryptosystemscomefromthesystemsurroundingthealgorithm,implementation,andoperationalizationdetails.AdiShamir,theSinRSA,statesitclearly:“Attackersdonotbreakcrypto;theybypassit.”Overtime,weaknessesanderrors,aswellasshortcuts,arefoundin

algorithms.Whenanalgorithmisreportedasbroken,theterm“broken”canhavemanymeanings.Thiscouldmeanthatthealgorithmisofnofurtheruse,oritcouldmeanthatithasweaknessesthatmaysomedaybeemployedtobreakit,oranythingbetweentheseextremes.Asallmethodscanbebrokenwithbruteforce,onequestionishowmucheffortisrequired,atwhatcost,whencomparedtothevalueoftheassetunderprotection.Whenexaminingthestrengthofacryptosystem,itisworthexamining

thefollowingtypesoflevelsofprotection:

1.Themechanismisnolongerusefulforanypurpose.2.Thecostofrecoveringthecleartextwithoutbenefitofthekeyhasfallentoalowlevel.

3.Thecosthasfallentoequaltoorlessthanthevalueofthedataorthenextleastcostattack.

4.Thecosthasfallentowithinseveralordersofmagnitudesofthecostofencryptionorthevalueofthedata.

5.Theelapsedtimeofattackhasfallentowithinmagnitudesofthelifeofthedata,regardlessofthecostthereof.

6.Thecosthasfallentolessthanthecostofabrute-forceattackagainstthekey.

7.Someonehasrecoveredonekeyoronemessage.

Thislistofconditionsisadescendinglistofrisks/benefits.Conditions6and7areregularoccurrencesincryptographicsystems,andgenerallynotworthworryingaboutatall.Infact,itisnotuntilthefourthpointthatonehastohaverealconcerns.Withallthissaid,mostorganizationsconsiderreplacementbetween5and6.Ifanyofthefirstthreearepositive,theorganizationseriouslyneedstoconsiderchangingtheircryptographicmethods.

FundamentalMethodsModerncryptographicoperationsareperformedusingbothanalgorithmandakey.Thechoiceofalgorithmdependsonthetypeofcryptographicoperationthatisdesired.Thesubsequentchoiceofkeyisthentiedtothespecificalgorithm.Cryptographicoperationsincludeencryption(fortheprotectionofconfidentiality),hashing(fortheprotectionofintegrity),digitalsignatures(tomanagenonrepudiation),andabevyofspecialtyoperationssuchaskeyexchanges.Themethodsusedtoencryptinformationarebasedontwoseparate

operations,substitutionandtransposition.Substitutionisthereplacementofanitemwithadifferentitem.Transpositionisthechangingoftheorderofitems.PigLatin,achild’scipher,employsbothoperationsinsimplisticformandisthuseasytodecipher.Theseoperationscanbedoneonwords,characters,and,inthedigitalworld,bits.Whatmakesasystemsecureisthecomplexityofthechangesemployed.Tomakeasystemreversible(soyoucanreliablydecryptit),thereneedstobeabasisforthepatternofchanges.Historicalciphersusedrelativelysimplepatterns,andonesthatrequiredsignificantknowledge(atthetime)tobreak.Moderncryptographyisbuiltaroundcomplexmathematicalfunctions.

Thesefunctionshavespecificpropertiesthatmakethemresistantto

reversingorsolvingbymeansotherthantheapplicationofthealgorithmandkey.

Assuranceisaspecificterminsecuritythatmeansthatsomethingisnotonlytruebutcanbeproventobesotosomespecificlevelofcertainty.

Whilethemathematicalspecificsoftheseoperationscanbeverycomplexandarebeyondthescopeofthislevelofmaterial,theknowledgetoproperlyemploythemisnot.Cryptographicoperationsarecharacterizedbythequantityandtypeofdata,aswellasthelevelandtypeofprotectionsought.Integrityprotectionoperationsarecharacterizedbythelevelofassurancedesired.Datacanbecharacterizedbyitsstate:dataintransit,dataatrest,ordatainuse.Itisalsocharacterizedinhowitisused,eitherinblockformorstreamform.

ComparativeStrengthsandPerformanceofAlgorithmsThereareseveralfactorsthatplayaroleindeterminingthestrengthofacryptographicalgorithm.Firstandmostobviousisthesizeofthekeyandtheresultingkeyspace.Thekeyspaceisdefinedasasetofeverypossiblekeyvalue.Onemethodofattackistosimplytryallofthepossiblekeysinabrute-forceattack.Theotherfactorisreferredtoasworkfactor,whichisasubjectivemeasurementofthetimeandeffortneededtoperformoperations.Iftheworkfactorislow,thentherateatwhichkeyscanbetestedishigh,meaningthatlargerkeyspacesareneeded.Workfactoralsoplaysaroleinprotectingsystemssuchaspasswordhashes,wherehavingahigherworkfactorcanbepartofthesecuritymechanism.

TechTip

KeyspaceComparisonsBecausethekeyspaceisanumericvalue,itisveryimportanttoensurethatcomparisonsaredoneusingsimilarkeytypes.Comparingakeymadeof1bit(2possiblevalues)andakeymadeof1letter(26possiblevalues)wouldnotyieldaccurateresults.Fortunately,thewidespreaduseofcomputershasmadealmostallalgorithmsstatetheirkeyspacevaluesintermsofbits.

Alargerkeyspaceallowstheuseofkeysofgreatercomplexity,andthereforemoresecurity,assumingthealgorithmiswelldesigned.Itiseasytoseehowkeycomplexityaffectsanalgorithmwhenyoulookatsomeoftheencryptionalgorithmsthathavebeenbroken.TheDataEncryptionStandard(DES)usesa56-bitkey,allowing72,000,000,000,000,000possiblevalues,butithasbeenbrokenbymoderncomputers.ThemodernimplementationofDES,TripleDES(3DES),usesthree56-bitkeys,foratotalkeylengthof168bits(althoughfortechnicalreasonstheeffectivekeylengthis112bits),or340,000,000,000,000,000,000,000,000,000,000,000,000possiblevalues.Whenanalgorithmlistsacertainnumberofbitsasakey,itisdefining

thekeyspace.Somealgorithmshavekeylengthsof8192bitsormore,resultinginverylargekeyspaces,evenbydigitalcomputerstandards.Moderncomputershavealsochallengedworkfactorelementsas

algorithmscanberenderedveryquicklybyspecializedhardwaresuchashigh-endgraphicchips.Todefeatthis,manyalgorithmshaverepeatedcyclestoaddtotheworkandreducetheabilitytoparallelizeoperationsinsideprocessorchips.Thisisdonetoincreasetheinefficiencyofacalculation,butinamannerthatstillresultsinsuitableperformancewhengiventhekeyandstillcomplicatesmatterswhendoneinabrute-forcemannerwithallkeys.

HistoricalPerspectives

Cryptographyisasoldassecrets.Humanshavebeendesigningsecretcommunicationsystemsforaslongthey’veneededtokeepcommunicationprivate.TheSpartansofancientGreecewouldwriteonaribbonwrappedaroundacylinderwithaspecificdiameter(calledascytale).Whentheribbonwasunwrapped,itrevealedastrangestringofletters.Themessagecouldbereadonlywhentheribbonwaswrappedaroundthesamediametercylinder.Thisisanexampleofatranspositioncipher,wherethesamelettersareusedbuttheorderischanged.Inalltheseciphersystems,theunencryptedinputtextisknownasplaintextandtheencryptedoutputisknownasciphertext.

SubstitutionCiphersTheRomanstypicallyusedadifferentmethodknownasashiftcipher.Inthiscase,oneletterofthealphabetisshiftedasetnumberofplacesinthealphabetforanotherletter.Acommonmodern-dayexampleofthisistheROT13cipher,inwhicheveryletterisrotated13positionsinthealphabet:niswritteninsteadofa,oinsteadofb,andsoon.Thesetypesofciphersarecommonlyencodedonanalphabetwheel,asshowninFigure5.1.

•Figure5.1Anyshiftciphercaneasilybeencodedanddecodedonawheeloftwopiecesofpaperwiththealphabetsetasaring;bymovingonecirclethespecifiednumberintheshift,youcantranslatethecharacters.

Theseciphersweresimpletouseandalsosimpletobreak.Becausehidinginformationwasstillimportant,moreadvancedtranspositionandsubstitutioncipherswererequired.Assystemsandtechnologybecamemorecomplex,cipherswerefrequentlyautomatedbysomemechanicalorelectromechanicaldevice.AfamousexampleofarelativelymodernencryptionmachineistheGermanEnigmamachinefromWorldWarII(seeFigure5.2).Thismachineusedacomplexseriesofsubstitutionstoperformencryption,andinterestinglyenoughitgaverisetoextensiveresearchincomputers.

•Figure5.2OneofthesurvivingGermanEnigmamachines

Caesar’scipherusesanalgorithmandakey:thealgorithmspecifiesthatyouoffsetthealphabeteithertotheright(forward)ortotheleft(backward),andthekeyspecifieshowmanyletterstheoffsetshouldbe.Forexample,ifthealgorithmspecifiesoffsettingthealphabettotheright,

andthekeyis3,theciphersubstitutesanalphabeticletterthreetotherightfortherealletter,sodisusedtorepresenta,frepresentsc,andsoon.Inthisexample,boththealgorithmandkeyaresimple,allowingforeasycryptanalysisofthecipherandeasyrecoveryoftheplaintextmessage.Theeasewithwhichshiftcipherswerebrokenledtothedevelopmentof

substitutionciphers,whichwerepopularinElizabethanEngland(roughlythesecondhalfofthe16thcentury)andmorecomplexthanshiftciphers.Substitutionciphersworkontheprincipleofsubstitutingadifferentletterforeveryletter:abecomesg,bbecomesd,andsoon.Thissystempermits26possiblevaluesforeveryletterinthemessage,makingtheciphermanytimesmorecomplexthanastandardshiftcipher.Simpleanalysisoftheciphercouldbeperformedtoretrievethekey,however.Bylookingforcommonletterssuchaseandpatternsfoundinwordssuchasing,youcandeterminewhichcipherlettercorrespondstowhichplaintextletter.Theexaminationofciphertextforfrequentlettersisknownasfrequencyanalysis.Makingeducatedguessesaboutwordswilleventuallyallowyoutodeterminethesystem’skeyvalue(seeFigure5.3).

•Figure5.3Makingeducatedguessesismuchlikeplayinghangman—correctguessescanleadtomoreorallofthekeybeingrevealed.

Tocorrectthisproblem,morecomplexityhadtobeaddedtothesystem.TheVigenèrecipherworksasapolyalphabeticsubstitutioncipherthatdependsonapassword.Thisisdonebysettingupasubstitutiontablelikethisone:

Thenthepasswordismatcheduptothetextitismeanttoencipher.Ifthepasswordisnotlongenough,thepasswordisrepeateduntilonecharacterofthepasswordismatchedupwitheachcharacteroftheplaintext.Forexample,iftheplaintextisSampleMessageandthepasswordispassword,theresultingmatchis

SAMPLEMESSAGEPASSWORDPASSW

Thecipherletterisdeterminedbyuseofthegrid,matchingtheplaintextcharacter’srowwiththepasswordcharacter’scolumn,resultinginasingleciphertextcharacterwherethetwomeet.ConsiderthefirstlettersSandP:whenpluggedintothegridtheyoutputaciphertextcharacterofH.Thisprocessisrepeatedforeveryletterofthemessage.Oncetherestofthelettersareprocessed,theoutputisHAEHHSDHHSSYA.Inthisexample,thekeyintheencryptionsystemisthepassword.The

examplealsoillustratesthatanalgorithmcanbesimpleandstillprovide

strongsecurity.Ifsomeoneknowsaboutthetable,theycandeterminehowtheencryptionwasperformed,buttheystillwillnotknowthekeytodecryptingthemessage.Themorecomplexthekey,thegreaterthesecurityofthesystem.The

Vigenèreciphersystemandsystemslikeitmakethealgorithmsrathersimplebutthekeyrathercomplex,withthebestkeyscomprisingverylongandveryrandomdata.Keycomplexityisachievedbygivingthekeyalargenumberofpossiblevalues.

TryThis!VigenèreCipherMakeasimplemessagethat’sabouttwosentenceslong,andthenchoosetwopasswords,onethat’sshortandonethat’slong.Then,usingthesubstitutiontablepresentedinthissection,performsimpleencryptiononthemessage.Comparethetwociphertexts;sinceyouhavetheplaintextandtheciphertext,youshouldbeabletoseeapatternofmatchingcharacters.Knowingthealgorithmused,seeifyoucandeterminethekeyusedtoencryptthemessage.

One-timePadsOne-timepadsareaninterestingformofencryptioninthattheytheoreticallyareperfectandunbreakable.Thekeyisthesamesizeorlargerthanthematerialbeingencrypted.TheplaintextisXOR’edagainstthekeyproducingtheciphertext.Whatmakestheone-timepad“perfect”isthesizeofthekey.Ifyouuseakeyspacefullofkeys,youwilldecrypteverypossiblemessageofthesamelengthastheoriginal,withnowaytodiscriminatewhichoneiscorrect.Thismakesaone-timepadunabletobebrokenbyevenbrute-forcemethods,providedthatthekeyisnotreused.Thismakesaone-timepadlessthanpracticalforanymassuse.

One-timepadsareexamplesofperfectciphersfromamathematicalpointofview.Butwhenput

intopractice,theimplementationcreatesweaknessesthatresultinlessthanperfectsecurity.Thisisanimportantreminderthatperfectciphersfromamathematicalpointofviewdonotcreateperfectsecurityinpracticebecauseofthelimitationsassociatedwithimplementation.

AlgorithmsEverycurrentencryptionschemeisbaseduponanalgorithm,astep-by-step,recursivecomputationalprocedureforsolvingaprobleminafinitenumberofsteps.Thecryptographicalgorithm—whatiscommonlycalledtheencryptionalgorithmorcipher—ismadeupofmathematicalstepsforencryptinganddecryptinginformation.Thefollowingillustrationshowsadiagramoftheencryptionanddecryptionprocessanditsparts.Therearethreetypesofencryptionalgorithmscommonlyused:hashing,symmetric,andasymmetric.Hashingisaveryspecialtypeofencryptionalgorithmthattakesaninputandmathematicallyreducesittoauniquenumberknownasahash,whichisnotreversible.Symmetricalgorithmsarealsoknownassharedsecretalgorithms,asthesamekeyisusedforencryptionanddecryption.Finally,asymmetricalgorithmsuseaverydifferentprocessemployingtwokeys,apublickeyandaprivatekey,makingupwhatisknownasakeypair.

Thebestalgorithmsarealwayspublicalgorithmsthathavebeenpublishedforpeerreviewbyothercryptographicandmathematicalexperts.Publicationisimportant,asanyflawsinthesystemcanbe

revealedbyothersbeforeactualuseofthesystem.Thisprocessgreatlyencouragestheuseofproventechnologies.Severalproprietaryalgorithmshavebeenreverse-engineered,exposingtheconfidentialdatathealgorithmstrytoprotect.ExamplesofthisincludethedecryptionofNikon’sproprietaryRAWformat,white-balanceencryption,andthecrackingoftheExxonMobilSpeedpassRFIDencryption.Theuseofaproprietarysystemcanactuallybelesssecurethanusingapublishedsystem.Whereasproprietarysystemsarenotmadeavailabletobetestedbypotentialcrackers,publicsystemsaremadepublicforpreciselythispurpose.

Oneofthemostcommoncryptographicfailuresisthecreationofyourownencryptionscheme.Rollingyourowncryptography,whetherincreatingalgorithmsorimplementationofexistingalgorithmsyourself,isarecipeforfailure.Alwaysuseapprovedalgorithmsandalwaysuseapprovedcryptolibrariestoimplement.

Asystemthatmaintainsitssecurityafterpublictestingcanbereasonablytrustedtobesecure.Apublicalgorithmcanbemoresecurebecausegoodsystemsrelyontheencryptionkeytoprovidesecurity,notthealgorithmitself.Theactualstepsforencryptingdatacanbepublished,becausewithoutthekey,theprotectedinformationcannotbeaccessed(seeFigure5.4).

•Figure5.4Whileeveryoneknowshowtouseaknobtoopenadoor,withoutthekeytounlocktheknob,thatknowledgeisuseless.

Akeyisaspecialpieceofdatausedinboththeencryptionanddecryptionprocesses.Thealgorithmsstaythesameineveryimplementation,butadifferentkeyisusedforeach,whichensuresthatevenifsomeoneknowsthealgorithmyouusetoprotectyourdata,hecannotbreakyoursecurity.

TechTip

XORApopularfunctionincryptographyiseXclusiveOR(XOR),whichisabitwisefunctionappliedtodata.WhenyouapplyakeytodatausingXOR,thenasecondapplicationundoesthefirstoperation.Thismakesforspeedyencryption/decryption,butmakesthesystemtotallydependentuponthesecrecyofthekey.Ahard-codedkeyinaprogramwillbediscovered,makingthisaweaksecuritymechanisminmostcases.

Comparingthestrengthoftwodifferentalgorithmscanbemathematicallyverychallenging;fortunatelyforthelayperson,thereisaroughguide.Mostcurrentalgorithmsarelistedwiththeirkeysizeinbits.Unlessaspecificalgorithmhasbeenshowntobeflawed,ingeneral,thegreaternumberofbitswillyieldamoresecuresystem.Thisworkswellforagivenalgorithm,butismeaninglesstocomparedifferentalgorithms.Thegoodnewsisthatmostmoderncryptographyismorethanstrongenoughforallbuttechnicaluses,andforthoseusesexpertscandetermineappropriatealgorithmsandkeylengthstoprovidethenecessaryprotections.

TechTip

Man-in-the-MiddleAttackAman-in-the-middleattackisdesignedtodefeatproperkeyexchangebyinterceptingtheremoteparty’skeyandreplacingitwiththeattacker’skeyinbothdirections.Ifdoneproperly,onlytheattackerknowsthattheencryptedtrafficisnotsecureandtheencryptedtrafficcanbereadbytheattacker.

KeyManagementBecausethesecurityofthealgorithmsreliesonthekey,keymanagementisofcriticalconcern.Keymanagementincludesanythinghavingtodowiththeexchange,storage,safeguarding,andrevocationofkeys.Itismostcommonlyassociatedwithasymmetricencryption,sinceasymmetricencryptionusesbothpublicandprivatekeys.Tobeusedproperlyfor

authentication,akeymustbecurrentandverified.Ifyouhaveanoldorcompromisedkey,youneedawaytochecktoseethatthekeyhasbeenrevoked.Keymanagementisalsoimportantforsymmetricencryption,because

symmetricencryptionreliesonbothpartieshavingthesamekeyforthealgorithmtowork.Sincethesepartiesareusuallyphysicallyseparate,keymanagementiscriticaltoensurekeysaresharedandexchangedeasily.Theymustalsobesecurelystoredtoprovideappropriateconfidentialityoftheencryptedinformation.Therearemanydifferentapproachestosecurestorageofkeys,suchasputtingthemonaUSBflashdriveorsmartcard.Whilekeyscanbestoredinmanydifferentways,newPChardwareoftenincludestheTrustedPlatformModule(TPM),whichprovidesahardware-basedkeystoragelocationthatisusedbymanyapplications.(MorespecificinformationaboutthemanagementofkeysisprovidedlaterinthischapterandinChapter6.)

RandomNumbersManydigitalcryptographicalgorithmshaveaneedforarandomnumbertoactasaseedandprovidetruerandomness.Oneofthestrengthsofcomputersisthattheycandoataskoverandoveragainintheexactsamemanner—nonoiseorrandomness.Thisisgreatformosttasks,butingeneratingarandomsequenceofvalues,itpresentschallenges.Softwarelibrarieshavepseudo-randomgenerators,functionsthatproduceaseriesofnumbersthatstatisticallyappearrandom.Buttheserandomnumbergeneratorsaredeterministicinthat,giventhesequence,youcancalculatefuturevalues.Thismakestheminappropriateforuseincryptographicsituations.Theleveloramountofrandomnessisreferredtoasentropy.Entropyis

themeasureofuncertaintyassociatedwithaseriesofvalues.Perfectentropyequatestocompleterandomness,suchthatgivenanystringofbits,thereisnocomputationtoimproveguessingthenextbitinthesequence.Asimple“measure”ofentropyisinbits,wherethebitsarethepowerof2

thatrepresentsthenumberofchoices.Soifthereare2048options,thenthiswouldrepresent11bitsofentropy.Inthisfashion,onecancalculatetheentropyofpasswordsandmeasurehow“hardtheyaretoguess.”

TechTip

RandomnessIssuesTheimportanceofproperrandomnumbergenerationincryptosystemscannotbeunderestimated.RecentreportsbytheGuardianandtheNewYorkTimesassertthattheU.S.NationalSecurityAgency(NSA)hasputabackdoorintotheCryptographicallySecureRandomNumberGenerator(CSPRNG)algorithmsdescribedinNISTSP800-90A,particularlytheDual_EC_DRBGalgorithm.FurtherallegationsarethattheNSApaidRSA$10milliontousetheresultingstandardinitsproductline.

Toresolvetheproblemofappropriaterandomness,therearesystemstocreatecryptographicrandomnumbers.Thelevelofcomplexityofthesystemisdependentuponthelevelofpurerandomnessneeded.Forsomefunctions,suchasmasterkeys,theonlytruesolutionisahardware-basedrandomnumbergeneratorthatcanusephysicalpropertiestoderiveentropy.Inother,lessdemandingcases,acryptographiclibrarycallcanprovidethenecessaryentropy.Whilethetheoreticalstrengthofthecryptosystemdependsonthealgorithm,thestrengthoftheimplementationinpracticecandependonissuessuchasthekey.Thisisaveryimportantissueandmistakesmadeinimplementationcaninvalidateeventhestrongestalgorithmsinpractice.

HashingFunctionsHashingfunctionsarecommonlyusedencryptionmethods.Ahashingfunctionorhashfunctionisaspecialmathematicalfunctionthatperformsaone-wayfunction,whichmeansthatoncethealgorithmisprocessed,thereisnofeasiblewaytousetheciphertexttoretrievetheplaintextthatwasusedtogenerateit.Also,ideally,thereisnofeasiblewaytogenerate

twodifferentplaintextsthatcomputetothesamehashvalue.Thehashvalueistheoutputofthehashingalgorithmforaspecificinput.Theillustrationshowstheone-waynatureofthesefunctions.

Commonusesofhashingalgorithmsaretostorecomputerpasswordsandtoensuremessageintegrity.Theideaisthathashingcanproduceauniquevaluethatcorrespondstothedataentered,butthehashvalueisalsoreproduciblebyanyoneelserunningthesamealgorithmagainstthesamedata.Soyoucouldhashamessagetogetamessageauthenticationcode(MAC),andthecomputationalnumberofthemessagewouldshowthatnointermediaryhasmodifiedthemessage.Thisprocessworksbecausehashingalgorithmsaretypicallypublic,andanyonecanhashdatausingthespecifiedalgorithm.Itiscomputationallysimpletogeneratethehash,soitissimpletocheckthevalidityorintegrityofsomethingbymatchingthegivenhashtoonethatislocallygenerated.Severalprogramscancomputehashvaluesforaninputfile,asshowninFigure5.5.Hash-basedMessageAuthenticationCode(HMAC)isaspecialsubsetofhashingtechnology.ItisahashalgorithmappliedtoamessagetomakeaMAC,butitisdonewithapreviouslysharedsecret.SotheHMACcanprovideintegritysimultaneouslywithauthentication.HMAC-MD5isusedintheNTLANManagerversion2challenge/responseprotocol.

•Figure5.5Thereareseveralprogramsavailablethatwillacceptan

inputandproduceahashvalue,lettingyouindependentlyverifytheintegrityofdownloadedcontent.

Ahashalgorithmcanbecompromisedwithwhatiscalledacollisionattack,inwhichanattackerfindstwodifferentmessagesthathashtothesamevalue.Thistypeofattackisverydifficultandrequiresgeneratingaseparatealgorithmthatattemptstofindatextthatwillhashtothesamevalueofaknownhash.Thismustoccurfasterthansimplyeditingcharactersuntilyouhashtothesamevalue,whichisabrute-forcetypeattack.Theconsequenceofahashfunctionthatsuffersfromcollisionsisalossofintegrity.Ifanattackercanmaketwodifferentinputspurposefullyhashtothesamevalue,shemighttrickpeopleintorunningmaliciouscodeandcauseotherproblems.PopularhashalgorithmsaretheSecureHashAlgorithm(SHA)series,theRIPEMDalgorithms,andtheMessageDigest(MD)hashofvaryingversions(MD2,MD4,MD5).Becauseofweaknesses,andcollisionattackvulnerabilities,manyhashfunctionsarenowconsideredtobeinsecure,includingMD2,MD4,MD5,andSHA-1series.

TechTip

HashingAlgorithmsThehashingalgorithmsincommonuseareMD2,MD4,andMD5,andSHA-1,SHA-256,SHA-384,andSHA-512.Becauseofpotentialcollisions,MD2,MD4,MD5,andSHA-1havebeendeprecatedbymanygroups.Althoughnotconsideredsecure,theyarestillfoundinuse,atestamenttoslowadoptionofbettersecurity.

Hashingfunctionsareverycommonandplayanimportantroleinthewayinformation,suchaspasswords,isstoredsecurely,andthewayinwhichmessagescanbesigned.Bycomputingadigestofthemessage,lessdataneedstobesignedbythemorecomplexasymmetricencryption,andthisstillmaintainsassurancesaboutmessageintegrity.Thisistheprimarypurposeforwhichtheprotocolsweredesigned,andtheirsuccesswill

allowgreatertrustinelectronicprotocolsanddigitalsignatures.

SHASecureHashAlgorithm(SHA)referstoasetofhashalgorithmsdesignedandpublishedbytheNationalInstituteofStandardsandTechnology(NIST)andtheNationalSecurityAgency(NSA).ThesealgorithmsareincludedintheSHAstandardFederalInformationProcessingStandards(FIPS)180-2and180-3.TheindividualstandardsarenamedSHA-1,SHA-224,SHA-256,SHA-384,andSHA-512.ThelatterthreevariantsareoccasionallyreferredtocollectivelyasSHA-2.ThenewestversionisknownasSHA-3,whichisspecifiedinFIPS202.

SHA-1SHA-1,developedin1993,wasdesignedasthealgorithmtobeusedforsecurehashingintheU.S.DigitalSignatureStandard(DSS).ItismodeledontheMD4algorithmandimplementsfixesinthatalgorithmdiscoveredbytheNSA.Itcreatesmessagedigests160bitslongthatcanbeusedbytheDigitalSignatureAlgorithm(DSA),whichcanthencomputethesignatureofthemessage.Thisiscomputationallysimpler,asthemessagedigestistypicallymuchsmallerthantheactualmessage—smallermessage,lesswork.

TechTip

BlockModeinHashingMosthashalgorithmsuseblockmodetoprocess;thatis,theyprocessallinputinsetblocksofdatasuchas512-bitblocks.Thefinalhashistypicallygeneratedbyaddingtheoutputblockstogethertoformthefinaloutputstringof160or512bits.

SHA-1works,asdoallhashingfunctions,byapplyingacompressionfunctiontothedatainput.Itacceptsaninputofupto264bitsorlessand

thencompressesdowntoahashof160bits.SHA-1worksinblockmode,separatingthedataintowordsfirst,andthengroupingthewordsintoblocks.Thewordsare32-bitstringsconvertedtohex;groupedtogetheras16words,theymakeupa512-bitblock.IfthedatathatisinputtoSHA-1isnotamultipleof512,themessageispaddedwithzerosandanintegerdescribingtheoriginallengthofthemessage.Oncethemessagehasbeenformattedforprocessing,theactualhashcanbegenerated.The512-bitblocksaretakeninorderuntiltheentiremessagehasbeenprocessed.

Trytokeepattacksoncrypto-systemsinperspective.Whilethetheoryofattackinghashingthroughcollisionsissolid,findingacollisionstilltakesenormousamountsofeffort.InthecaseofattackingSHA-1,thecollisionisabletobefoundfasterthanapurebrute-forcemethod,butbymostestimateswillstilltakeseveralyears.

Atonetime,SHA-1wasoneofthemoresecurehashfunctions,butithasbeenfoundtobevulnerabletoacollisionattack.Thisattackfoundacollisionin269computations,lessthanthebrute-forcemethodof280computations.Whilethisisnotatremendouslypracticalattack,itdoessuggestaweakness.Thus,manysecurityprofessionalsaresuggestingthatimplementationsofSHA-1bemovedtooneoftheotherSHAversions.Theselongerversions,SHA-256,SHA-384,andSHA-512,allhavelongerhashresults,makingthemmoredifficulttoattacksuccessfully.TheaddedsecurityandresistancetoattackinSHA-2doesrequiremoreprocessingpowertocomputethehash.

SHA-2SHA-2isacollectivenameforSHA-224,SHA-256,SHA-384,andSHA-512.SHA-256issimilartoSHA-1inthatitalsoacceptsinputoflessthan264bitsandreducesthatinputtoahash.Thisalgorithmreducesto256bitsinsteadofSHA-1’s160.DefinedinFIPS180-2in2002,SHA-256islistedasanupdatetotheoriginalFIPS180thatdefinedSHA.SimilartoSHA-1,

SHA-256uses32-bitwordsand512-bitblocks.Paddingisaddeduntiltheentiremessageisamultipleof512.SHA-256usessixty-four32-bitwords,eightworkingvariables,andresultsinahashvalueofeight32-bitwords,hence256bits.SHA-224isatruncatedversionoftheSHA-256algorithmthatresultsina224-bithashvalue.TherearenoknowncollisionattacksagainstSHA-256;however,anattackonreduced-roundSHA-256ispossible.SHA-512isalsosimilartoSHA-1,butithandleslargersetsofdata.

SHA-512accepts2128bitsofinput,whichitpadsuntilithasseveralblocksofdatain1024-bitblocks.SHA-512alsouses64-bitwordsinsteadofSHA-1’s32-bitwords.Ituseseight64-bitwordstoproducethe512-bithashvalue.SHA-384isatruncatedversionofSHA-512thatusessix64-bitwordstoproducea384-bithash.WhileSHA-2isnotascommonasSHA-1,moreapplicationsare

startingtoutilizeitafterSHA-1wasshowntobepotentiallyvulnerabletoacollisionattack.

SHA-3SHA-3isthenamefortheSHA-2replacement.In2012,theKeccakhashfunctionwontheNISTcompetitionandwaschosenasthebasisfortheSHA-3method.BecausethealgorithmiscompletelydifferentfromthepreviousSHAseries,ithasprovedtobemoreresistanttoattacksthataresuccessfulagainstthem.AstheSHA-3seriesisrelativelynew,ithasnotbeenwidelyadoptedinmanyciphersuitesyet.

TheSHA-2andSHA-3seriesarecurrentlyapprovedforuse.SHA-1hasbeendeprecatedanditsusediscontinuedinmanystrongciphersuites.

RIPEMD

RACEIntegrityPrimitivesEvaluationMessageDigest(RIPEMD)isahashingfunctiondevelopedbytheRACEIntegrityPrimitivesEvaluation(RIPE)consortium.Itoriginallyprovideda128-bithashandwaslatershowntohaveproblemswithcollisions.RIPEMDwasstrengthenedtoa160-bithashknownasRIPEMD-160byHansDobbertin,AntoonBosselaers,andBartPreneel.Therearealso256-and320-bitversionsofthealgorithmknownasRIPEMD-256andRIPEMD-320.

RIPEMD-160RIPEMD-160isanalgorithmbasedonMD4,butitusestwoparallelchannelswithfiverounds.Theoutputconsistsoffive32-bitwordstomakea160-bithash.TherearealsolargeroutputextensionsoftheRIPEMD-160algorithm.Theseextensions,RIPEMD-256andRIPEMD-320,offeroutputsof256bitsand320bits,respectively.Whiletheseofferlargeroutputsizes,thisdoesnotmakethehashfunctioninherentlystronger.

MessageDigestMessageDigest(MD)isthegenericversionofoneofseveralalgorithmsthataredesignedtocreateamessagedigestorhashfromdatainputintothealgorithm.MDalgorithmsworkinthesamemannerasSHAinthattheyuseasecuremethodtocompressthefileandgenerateacomputedoutputofaspecifiednumberofbits.TheMDalgorithmswerealldevelopedbyRonaldL.RivestofMIT.

MD2MD2wasdevelopedin1989andisinsomewaysanearlyversionofthelaterMD5algorithm.Ittakesadatainputofanylengthandproducesahashoutputof128bits.ItisdifferentfromMD4andMD5inthatMD2isoptimizedfor8-bitmachines,whereastheothertwoareoptimizedfor32-bitmachines.Afterthefunctionhasbeenrunforevery16bytesofthe

message,theoutputresultisa128-bitdigest.TheonlyknownattackthatissuccessfulagainstMD2requiresthatthechecksumnotbeappendedtothemessagebeforethehashfunctionisrun.Withoutachecksum,thealgorithmcanbevulnerabletoacollisionattack.Somecollisionattacksarebaseduponthealgorithm’sinitializationvector(IV).

MD4MD4wasdevelopedin1990andisoptimizedfor32-bitcomputers.Itisafastalgorithm,butitissubjecttomoreattacksthanmoresecurealgorithmssuchasMD5.AnextendedversionofMD4computesthemessageinparallelandproducestwo128-bitoutputs—effectivelya256-bithash.Eventhoughalongerhashisproduced,securityhasnotbeenimprovedbecauseofbasicflawsinthealgorithm.Acryptographer,HansDobbertin,hasshownhowcollisionsinMD4canbefoundinunderaminuteusingjustaPC.Thisvulnerabilitytocollisionsappliesto128-bitMD4aswellas256-bitMD4.Becauseofweaknesses,peoplehavemovedawayfromMD4tomorerobusthashfunctions.

MD5MD5wasdevelopedin1991andisstructuredafterMD4butwithadditionalsecuritytoovercometheproblemsinMD4.Therefore,itisverysimilartotheMD4algorithm,onlyslightlyslowerandmoresecure.

MD5createsa128-bithashofamessageofanylength.

Recently,successfulattacksonthealgorithmhaveoccurred.Cryptanalysishasdisplayedweaknessesinthecompressionfunction.However,thisweaknessdoesnotlenditselftoanattackonMD5itself.CzechcryptographerVlastimilKlímapublishedworkshowingthatMD5collisionscanbecomputedinabouteighthoursonastandardhomePC.In

November2007,researcherspublishedresultsshowingtheabilitytohavetwoentirelydifferentWin32executableswithdifferentfunctionalitybutthesameMD5hash.Thisdiscoveryhasobviousimplicationsforthedevelopmentofmalware.ThecombinationoftheseproblemswithMD5haspushedpeopletoadoptastrongSHAversionforsecurityreasons.

TechTip

RainbowTablesRainbowtablesareprecomputedhashtablesthatenablelookingupsmalltextentriesviatheirhashvalues.Thismakeshashedpasswords“reversible”bylookingupthehashinaprecomputedhashtable.Thisworksforsmallpasswords(lessthan10characters)andisveryfast.Saltingpasswordsisoneofthedefensesagainstthesetables.

HashingSummaryHashingfunctionsareverycommon,andtheyplayanimportantroleinthewayinformation,suchaspasswords,isstoredsecurelyandthewayinwhichmessagescanbesigned.Bycomputingadigestofthemessage,lessdataneedstobesignedbythemorecomplexasymmetricencryption,andthisstillmaintainsassurancesaboutmessageintegrity.Thisistheprimarypurposeforwhichtheprotocolsweredesigned,andtheirsuccesswillallowgreatertrustinelectronicprotocolsanddigitalsignatures.ThefollowingillustrationshowsanMD5hashcalculationinLinux.

SymmetricEncryptionSymmetricencryptionistheolderandsimplermethodofencryptinginformation.Thebasisofsymmetricencryptionisthatboththesenderandthereceiverofthemessagehavepreviouslyobtainedthesamekey.Thisis,infact,thebasisforeventheoldestciphers—theSpartansneededtheexactsamesizecylinder,makingthecylinderthe“key”tothemessage,andinshiftciphersbothpartiesneedtoknowthedirectionandamountofshiftbeingperformed.Allsymmetricalgorithmsarebaseduponthissharedsecretprinciple,includingtheunbreakableone-timepadmethod.Figure5.6isasimplediagramshowingtheprocessthatasymmetric

algorithmgoesthroughtoprovideencryptionfromplaintexttociphertext.Thisciphertextmessageis,presumably,transmittedtothemessagerecipient,whogoesthroughtheprocesstodecryptthemessageusingthesamekeythatwasusedtoencryptthemessage.Figure5.6showsthekeystothealgorithm,whicharethesamevalueinthecaseofsymmetricencryption.

•Figure5.6Layoutofasymmetricalgorithm

Unlikewithhashfunctions,acryptographickeyisinvolvedinsymmetricencryption,sotheremustbeamechanismforkeymanagement(discussedearlierinthechapter).Managingthecryptographickeysiscriticallyimportantinsymmetricalgorithmsbecausethekeyunlocksthedatathatisbeingprotected.However,thekeyalsoneedstobeknownby,ortransmittedtoinaconfidentialway,thepartytowhichyouwishtocommunicate.Akeymustbemanagedatallstages,whichrequiressecuringitonthelocalcomputer,securingitontheremoteone,protectingitfromdatacorruption,protectingitfromloss,and,probablythemostimportantstep,protectingitwhileitistransmittedbetweenthetwoparties.Laterinthechapterwewilllookatpublickeycryptography,whichgreatlyeasesthekeymanagementissue,butforsymmetricalgorithmsthemostimportantlessonistostoreandsendthekeyonlybyknownsecuremeans.Someofthemorepopularsymmetricencryptionalgorithmsinusetoday

areDES,3DES,AES,andIDEA.

DESDES,theDataEncryptionStandard,wasdevelopedinresponsetotheNationalBureauofStandards(NBS),nowknownastheNationalInstituteofStandardsandTechnology(NIST),issuingarequestforproposalsforastandardcryptographicalgorithmin1973.NBSreceivedapromising

responseinanalgorithmcalledLucifer,originallydevelopedbyIBM.TheNBSandtheNSAworkedtogethertoanalyzethealgorithm’ssecurity,andeventuallyDESwasadoptedasafederalstandardin1976.DESiswhatisknownasablockcipher;itsegmentstheinputdatainto

blocksofaspecifiedsize,typicallypaddingthelastblocktomakeitamultipleoftheblocksizerequired.Thisisincontrasttoastreamcipher,whichencryptsthedatabitbybit.InthecaseofDES,theblocksizeis64bits,whichmeansDEStakesa64-bitinputandoutputs64bitsofciphertext.Thisprocessisrepeatedforall64-bitblocksinthemessage.DESusesakeylengthof56bits,andallsecurityrestswithinthekey.Thesamealgorithmandkeyareusedforbothencryptionanddecryption.Atthemostbasiclevel,DESperformsasubstitutionandthena

permutation(aformoftransposition)ontheinput,baseduponthekey.Thisactioniscalledaround,andDESperformsthis16timesonevery64-bitblock.Thealgorithmgoesstepbystep,producing64-bitblocksofciphertextforeachplaintextblock.ThisiscarriedonuntiltheentiremessagehasbeenencryptedwithDES.Asmentioned,thesamealgorithmandkeyareusedtodecryptandencryptwithDES.Theonlydifferenceisthatthesequenceofkeypermutationsisusedinreverseorder.OvertheyearsthatDEShasbeenacryptographicstandard,alotof

cryptanalysishasoccurred,andwhilethealgorithmhasheldupverywell,someproblemshavebeenencountered.Weakkeysarekeysthatarelesssecurethanthemajorityofkeysallowedinthekeyspaceofthealgorithm.InthecaseofDES,becauseofthewaytheinitialkeyismodifiedtogetthesubkey,certainkeysareweakkeys.Theweakkeysequateinbinarytohavingall1’sorall0’s,likethoseshowninFigure5.7,ortohavinghalfthekeyall1’sandtheotherhalfall0’s.

•Figure5.7WeakDESkeys

Semiweakkeys,withwhichtwokeyswillencryptplaintexttoidenticalciphertext,alsoexist,meaningthateitherkeywilldecrypttheciphertext.Thetotalnumberofpossiblyweakkeysis64,whichisverysmallrelativetothe256possiblekeysinDES.With16roundsandnotusingaweakkey,DESisreasonablysecure

and,amazingly,hasbeenformorethantwodecades.In1999,adistributedeffortconsistingofasupercomputerand100,000PCsovertheInternetwasmadetobreaka56-bitDESkey.Byattemptingmorethan240billionkeyspersecond,theeffortwasabletoretrievethekeyinlessthanaday.Thisdemonstratesanincredibleresistancetocrackinga20-year-oldalgorithm,butitalsodemonstratesthatmorestringentalgorithmsareneededtoprotectdatatoday.

3DESTripleDES(3DES)isavariantofDES.Dependingonthespecificvariant,ituseseithertwoorthreekeysinsteadofthesinglekeythatDESuses.ItalsospinsthroughtheDESalgorithmthreetimesviawhat’scalledmultipleencryption.Multipleencryptioncanbeperformedinseveraldifferentways.The

simplestmethodofmultipleencryptionisjusttostackalgorithmsontopofeachother—takingplaintext,encryptingitwithDES,thenencryptingthefirstciphertextwithadifferentkey,andthenencryptingthesecondciphertextwithathirdkey.Inreality,thistechniqueislesseffectivethanthetechniquethat3DESuses.Oneofthemodesof3DES(EDEmode)istoencryptwithonekey,thendecryptwithasecond,andthenencryptwithathird,asshowninFigure5.8.

•Figure5.8Diagramof3DES

Thisgreatlyincreasesthenumberofattemptsneededtoretrievethekeyandisasignificantenhancementofsecurity.Theadditionalsecuritycomesataprice,however.Itcantakeuptothreetimeslongertocompute3DESthantocomputeDES.However,theadvancesinmemoryandprocessing

powerintoday’selectronicsshouldmakethisproblemirrelevantinalldevicesexceptforverysmalllow-powerhandhelds.Theonlyweaknessesof3DESarethosethatalreadyexistinDES.

However,duetotheuseofdifferentkeysinthesamealgorithm,effectingalongerkeylengthbyaddingthefirstkeyspacetothesecondkeyspace,andthegreaterresistancetobrute-forcing,3DEShaslessactualweakness.While3DEScontinuestobepopularandisstillwidelysupported,AEShastakenoverasthesymmetricencryptionstandard.

AESThecurrentgoldstandardforsymmetricencryptionistheAESalgorithm.Developedinresponsetoaworldwidecallinthelate1990sforanewsymmetriccipher,agroupofDutchresearcherssubmittedamethodcalledRijndael(pronounced“raindoll”).Inthefallof2000,NISTpickedRijndaeltobethenewAES.Itwas

chosenforitsoverallsecurityaswellasitsgoodperformanceonlimited-capacitydevices.Rijndael’sdesignwasinfluencedbySquare,alsowrittenbyJoanDaemenandVincentRijmen.LikeSquare,Rijndaelisablockcipherthatseparatesdatainputinto128-bitblocks.Rijndaelcanalsobeconfiguredtouseblocksof192or256bits,butAEShasstandardizedon128-bitblocks.AEScanhavekeysizesof128,192,and256bits,withthesizeofthekeyaffectingthenumberofroundsusedinthealgorithm.LongerkeyversionsareknownasAES-192andAES-256,respectively.

TechTip

AESinDepthForamorein-depthdescriptionofAES,seetheNISTdocumenthttp://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

TheRijndael/AESalgorithmiswellthoughtoutandhasasuitablekey

lengthtoprovidesecurityformanyyearstocome.WhilenoefficientattackscurrentlyexistagainstAES,moretimeandanalysiswilltellifthisstandardcanlastaslongasDEShas.

CASTCASTisanencryptionalgorithmthatissimilartoDESinitsstructure.ItwasdesignedbyCarlisleAdamsandStaffordTavares.CASTusesa64-bitblocksizefor64-and128-bitkeyversions,anda128-bitblocksizeforthe256-bitkeyversion.LikeDES,itdividestheplaintextblockintoalefthalfandarighthalf.TherighthalfisthenputthroughfunctionfandthenisXORedwiththelefthalf.Thisvaluebecomesthenewrighthalf,andtheoriginalrighthalfbecomesthenewlefthalf.Thisisrepeatedforeightroundsfora64-bitkey,andtheleftandrightoutputisconcatenatedtoformtheciphertextblock.ThealgorithminCAST-256formwassubmittedfortheAESstandardbutwasnotchosen.CASThasundergonethoroughanalysis,withonlyminorweaknessesdiscoveredthataredependentonlownumbersofrounds.Currently,nobetterwayisknowntobreakhigh-roundCASTthanbybrute-forcingthekey,meaningthatwithsufficientkeylength,CASTshouldbeplacedwithothertrustedalgorithms.

RCRCisageneraltermforseveralciphersalldesignedbyRonRivest—RCofficiallystandsforRivestCipher.RC1,RC2,RC3,RC4,RC5,andRC6areallciphersintheseries.RC1andRC3nevermadeittorelease,butRC2,RC4,RC5,andRC6areallworkingalgorithms.

RC2RC2wasdesignedasaDESreplacement,anditisavariable-key-sizeblock-modecipher.Thekeysizecanbefrom8bitsto1024bits,withtheblocksizebeingfixedat64bits.RC2breaksuptheinputblocksintofour

16-bitwordsandthenputsthemthrough18roundsofeithermixormashoperations,outputting64bitsofciphertextfor64bitsofplaintext.AccordingtoRSA,RC2isuptothreetimesfasterthanDES.RSA

maintainedRC2asatradesecretforalongtime,withthesourcecodeeventuallybeingillegallypostedontheInternet.TheabilityofRC2toacceptdifferentkeylengthsisoneofthelargervulnerabilitiesinthealgorithm.Anykeylengthbelow64bitscanbeeasilyretrievedbymoderncomputationalpower.Additionally,thereisarelatedkeyattackthatneeds234chosenplaintextstowork.Consideringtheseweaknesses,RC2isnotrecommendedasastrongcipher.

RC5RC5isablockcipher,writtenin1994.Ithasmultiplevariableelements,numbersofrounds,keysizes,andblocksizes.Thisalgorithmisrelativelynew,butifconfiguredtorunenoughrounds,RC5seemstoprovideadequatesecurityforcurrentbrute-forcingtechnology.Rivestrecommendsusingatleast12rounds.With12roundsinthealgorithm,cryptanalysisinalinearfashionproveslesseffectivethanbrute-forceagainstRC5,anddifferentialanalysisfailsfor15ormorerounds.AneweralgorithmisRC6.

RC6RC6isbasedonthedesignofRC5.Itusesa128-bitblocksize,separatedintofourwordsof32bitseach.Itusesaroundcountof20toprovidesecurity,andithasthreepossiblekeysizes:128,192,and256bits.RC6isamodernalgorithmthatrunswellon32-bitcomputers.Withasufficientnumberofrounds,thealgorithmmakesbothlinearanddifferentialcryptanalysisinfeasible.Theavailablekeylengthsmakebrute-forceattacksextremelytime-consuming.RC6shouldprovideadequatesecurityforsometimetocome.

RC4

RC4wascreatedbeforeRC5andRC6,butitdiffersinoperation.RC4isastreamcipher,whereasallthesymmetriccipherswehavelookedatsofarhavebeenblockciphers.Astreamcipherworksbyencipheringtheplaintextinastream,usuallybitbybit.Thismakesstreamciphersfasterthanblock-modeciphers.StreamciphersaccomplishthisbyperformingabitwiseXORwiththeplaintextstreamandageneratedkeystream.RC4operatesinthismanner.Itwasdevelopedin1987andremaineda

tradesecretofRSAuntilitwaspostedtotheInternetin1994.RC4canuseakeylengthof8to2048bits,thoughthemostcommonversionsuse128-bitkeysor,ifsubjecttotheoldexportrestrictions,40-bitkeys.Thekeyisusedtoinitializea256-bytestatetable.Thistableisusedtogeneratethepseudo-randomstreamthatisXORedwiththeplaintexttogeneratetheciphertext.Alternatively,thestreamisXORedwiththeciphertexttoproducetheplaintext.Thealgorithmisfast,sometimestentimesfasterthanDES.Themost

vulnerablepointoftheencryptionisthepossibilityofweakkeys.Onekeyin256cangeneratebytescloselycorrelatedwithkeybytes.ProperimplementationsofRC4needtoincludeweakkeydetection.

RC4isthemostwidelyusedstreamcipherandisusedinpopularprotocolssuchasTransportLayerSecurity(TLS)andWEP/WPA/WPA2.

BlowfishBlowfishwasdesignedin1994byBruceSchneier.Itisablock-modecipherusing64-bitblocksandavariablekeylengthfrom32to448bits.Itwasdesignedtorunquicklyon32-bitmicroprocessorsandisoptimizedforsituationswithfewkeychanges.Encryptionisdonebyseparatingthe64-bitinputblockintotwo32-bitwords,andthenafunctionisexecutedeveryround.Blowfishhas16rounds;oncetheroundsarecompleted,the

twowordsarethenrecombinedtoformthe64-bitoutputciphertext.TheonlysuccessfulcryptanalysistodateagainstBlowfishhasbeenagainstvariantsthatusedareducednumberofrounds.Theredoesnotseemtobeaweaknessinthefull16-roundversion.

TwofishTwofishwasdevelopedbyBruceSchneier,DavidWagner,ChrisHall,NielsFerguson,JohnKelsey,andDougWhiting.TwofishwasoneofthefivefinalistsfortheAEScompetition.LikeotherAESentrants,itisablockcipher,utilizing128-bitblockswithavariable-lengthkeyofupto256bits.Ituses16roundsandsplitsthekeymaterialintotwosets,onetoperformtheactualencryptionandtheothertoloadintothealgorithm’sS-boxes.Thisalgorithmisavailableforpublicuseandhasproventobesecure.

TechTip

S-BoxesS-boxes,orsubstitutionboxes,areamethodusedtoprovideconfusion,aseparationoftherelationshipbetweenthekeybitsandtheciphertextbits.Usedinmostsymmetricschemes,theyperformaformofsubstitutionandcanprovidesignificantstrengtheningofanalgorithmagainstcertainformsofattack.Theycanbeintheformoflookuptables,eitherstaticlikeDES,ordynamic(basedonthekey)inotherformssuchasTwofish.

IDEAIDEA(InternationalDataEncryptionAlgorithm)startedoutasPES,orProposedEncryptionCipher,in1990,anditwasmodifiedtoimproveitsresistancetodifferentialcryptanalysisanditsnamewaschangedtoIDEAin1992.Itisablock-modecipherusinga64-bitblocksizeanda128-bitkey.Theinputplaintextissplitintofour16-bitsegments,A,B,C,andD.

Theprocessuseseightrounds,withafinalfour-stepprocess.Theoutputofthelastfourstepsisthenconcatenatedtoformtheciphertext.Allcurrentcryptanalysisonfull,eight-roundIDEAshowsthatthemost

efficientattackwouldbetobrute-forcethekey.The128-bitkeywouldpreventthisattackbeingaccomplished,givencurrentcomputertechnology.TheonlyknownissueisthatIDEAissusceptibletoaweakkey—likeakeythatismadeofall0’s.Thisweakkeyconditioniseasytocheckfor,andtheweaknessissimpletomitigate.

Blockvs.StreamWhenencryptionoperationsareperformedondata,therearetwoprimarymodesofoperation,blockandstream.Blockoperationsareperformedonblocksofdata,enablingbothtranspositionandsubstitutionoperations.Thisispossiblewhenlargepiecesofdataarepresentfortheoperations.StreamdatahasbecomemorecommonwithaudioandvideoacrosstheWeb.Theprimarycharacteristicofstreamdataisthatitisnotavailableinlargechunks,buteitherbitbybitorbytebybyte,piecestoosmallforblockoperations.Streamciphersoperateusingsubstitutiononlyandthereforeofferlessrobustprotectionthanblockciphers.Table5.1comparesandcontrastsblockandstreamciphers.

Table5.1 ComparisonofBlockandStreamCiphers

SymmetricEncryptionSummarySymmetricalgorithmsareimportantbecausetheyarecomparativelyfastandhavefewcomputationalrequirements.Theirmainweaknessisthattwogeographicallydistantpartiesbothneedtohaveakeythatmatchestheotherkeyexactly(seeFigure5.9).

•Figure5.9Symmetrickeysmustmatchexactlytoencryptanddecryptthemessage.

AsymmetricEncryptionAsymmetricencryptionismorecommonlyknownaspublickeycryptography.Asymmetricencryptionisinmanywayscompletelydifferentfromsymmetricencryption.Whilebothareusedtokeepdatafrombeingseenbyunauthorizedusers,asymmetriccryptographyusestwokeysinsteadofone.ItwasinventedbyWhitfieldDiffieandMartinHellmanin1975.Thesystemusesapairofkeys:aprivatekeythatiskeptsecretandapublickeythatcanbesenttoanyone.Thesystem’ssecurityreliesuponresistancetodeducingonekey,giventheother,andthusretrievingtheplaintextfromtheciphertext.Asymmetricencryptioncreatesthepossibilityofdigitalsignaturesand

alsoaddressesthemainweaknessofsymmetriccryptography.Theabilitytosendmessagessecurelywithoutsendersandreceivershavinghadpriorcontacthasbecomeoneofthebasicconcernswithsecurecommunication.Digitalsignatureswillenablefasterandmoreefficientexchangeofallkindsofdocuments,includinglegaldocuments.Withstrongalgorithmsandgoodkeylengths,securitycanbeassured.Asymmetricencryptioninvolvestwoseparatebutmathematically

relatedkeys.Thekeysareusedinanopposingfashion.Onekeyundoestheactionsoftheotherandviceversa.So,asshowninFigure5.10,ifyouencryptamessagewithonekey,theotherkeyisusedtodecryptthemessage.Inthetopexample,AlicewishestosendaprivatemessagetoBob,sosheusesBob’spublickeytoencryptthemessage.Then,sinceonlyBob’sprivatekeycandecryptthemessage,onlyBobcanreadit.Inthelowerexample,Bobwishestosendamessage,withproofthatitisfromhim.Byencryptingitwithhisprivatekey,anyonewhodecryptsitwithhispublickeyknowsthemessagecamefromBob.

•Figure5.10Usinganasymmetricalgorithm

Publickeycryptographyalwaysinvolvestwokeys,apublickeyandaprivatekey,whichtogetherareknownasakeypair.Thepublickeyismadewidelyavailabletoanyonewhomayneedit,whiletheprivatekeyiscloselysafeguardedandsharedwithnoone.

Asymmetrickeysaredistributedusingcertificates.Adigitalcertificatecontainsinformationabouttheassociationofthepublickeytoanentity,andadditionalinformationthatcanbeusedtoverifythecurrentvalidityofthecertificateandthekey.Whenkeysareexchangedbetweenmachines,suchasduringanSSL/TLShandshake,theexchangeisdonebypassingcertificates.

Asymmetricmethodsaresignificantlyslowerthansymmetricmethodsandthusaretypicallynotsuitableforbulkencryption.

Publickeysystemstypicallyworkbyusinghardmathproblems.Oneofthemorecommonmethodsreliesonthedifficultyoffactoringlargenumbers.Thesefunctionsareoftencalledtrapdoorfunctions,astheyaredifficulttoprocesswithoutthekeybuteasytoprocesswhenyouhavethekey—thetrapdoorthroughthefunction.Forexample,givenaprimenumber,say293,andanotherprime,suchas307,itisaneasyfunctiontomultiplythemtogethertoget89,951.Given89,951,itisnotsimpletofindthefactors293and307unlessyouknowoneofthemalready.Computerscaneasilymultiplyverylargeprimeswithhundredsorthousandsofdigitsbutcannoteasilyfactortheproduct.Thestrengthofthesefunctionsisveryimportant:Becauseanattackeris

likelytohaveaccesstothepublickey,hecanruntestsofknownplaintextandproduceciphertext.Thisallowsinstantcheckingofguessesthataremadeaboutthekeysofthealgorithm.Publickeysystems,becauseoftheirdesign,alsoformthebasisfordigitalsignatures,acryptographicmethodforsecurelyidentifyingpeople.RSA,Diffie-Hellman,ellipticcurvecryptography(ECC),andElGamalareallpopularasymmetricprotocols.Wewilllookatallofthemandtheirsuitabilityfordifferentfunctions.

CrossCheckDigitalCertificatesInChapter6youwilllearnmoreaboutdigitalcertificatesandhowencryptionisimportanttoapublickeyinfrastructure.Whyisanasymmetricalgorithmsoimportanttodigitalsignatures?

Diffie-Hellman

Diffie-Hellman(DH)wascreatedin1976byWhitfieldDiffieandMartinHellman.Thisprotocolisoneofthemostcommonencryptionprotocolsinusetoday.ItplaysaroleintheelectronickeyexchangemethodoftheSecureSocketsLayer(SSL)protocol.ItisalsousedbytheTransportLayerSecurity(TLS),SecureShell(SSH),andIPSecurity(IPsec)protocols.Diffie-Hellmanisimportantbecauseitenablesthesharingofasecretkeybetweentwopeoplewhohavenotcontactedeachotherbefore.Theprotocol,likeRSA,useslargeprimenumberstowork.Twousers

agreetotwonumbers,PandG,withPbeingasufficientlylargeprimenumberandGbeingthegenerator.Bothuserspickasecretnumber,aandb.Thenbothuserscomputetheirpublicnumber:

User1X=GamodP,withXbeingthepublicnumberUser2Y=GbmodP,withYbeingthepublicnumber

Theusersthenexchangepublicnumbers.User1knowsP,G,a,X,andY.

User1ComputesKa=YamodPUser2ComputesKb=XbmodP

WithKa=Kb=K,nowbothusersknowthenewsharedsecretK.Thisisthebasicalgorithm,andalthoughmethodshavebeencreatedto

strengthenit,Diffie-Hellmanisstillinwideuse.Itremainsveryeffectivebecauseofthenatureofwhatitisprotecting—atemporary,automaticallygeneratedsecretkeythatisgoodonlyforasinglecommunicationsession.VariationsofDiffie-HellmanincludeEphemeralDiffie-Hellman(EDH),

EllipticCurveDiffie-Hellman(ECDH),andEllipticCurveDiffie-HellmanEphemeral(ECDHE).Thesearediscussedindetaillaterinthechapter.

Diffie-Hellmanisthegoldstandardforkeyexchange,andfortheCompTIASecurity+exam,youshouldunderstandthesubtledifferencesbetweenthedifferentforms,DH,EDH,ECDH,andECDHE.

RSARSAisoneofthefirstpublickeycryptosystemseverinvented.Itcanbeusedforbothencryptionanddigitalsignatures.RSAisnamedafteritsinventors,RonRivest,AdiShamir,andLeonardAdleman,andwasfirstpublishedin1977.Thisalgorithmusestheproductoftwoverylargeprimenumbersand

worksontheprincipleofdifficultyinfactoringsuchlargenumbers.It’sbesttochooselargeprimenumbersthatarefrom100to200digitsinlengthandareequalinlength.ThesetwoprimeswillbePandQ.Randomlychooseanencryptionkey,E,sothatEisgreaterthan1,EislessthanP*Q,andEmustbeodd.Emustalsoberelativelyprimeto(P–1)and(Q–1).ThencomputethedecryptionkeyD:

D=E–1mod((P–1)(Q–1))Nowthattheencryptionkeyanddecryptionkeyhavebeengenerated,

thetwoprimenumberscanbediscarded,buttheyshouldnotberevealed.Toencryptamessage,itshouldbedividedintoblockslessthanthe

productofPandQ.Then,

Ci=MiEmod(P*Q)

Cistheoutputblockofciphertextmatchingtheblocklengthoftheinputmessage,M.Todecryptamessage,takeciphertext,C,andusethisfunction:

Mi=CiDmod(P*Q)

Theuseofthesecondkeyretrievestheplaintextofthemessage.Thisisasimplefunction,butitssecurityhaswithstoodthetestofmore

than20yearsofanalysis.ConsideringtheeffectivenessofRSA’ssecurityandtheabilitytohavetwokeys,whyaresymmetricencryptionalgorithmsneededatall?Theanswerisspeed.RSAinsoftwarecanbe100timesslowerthanDES,andinhardwareitcanbeevenslower.RSAcanbeusedtoperformbothregularencryptionanddigital

signatures.Digitalsignaturestrytoduplicatethefunctionalityofaphysicalsignatureonadocumentusingencryption.Typically,RSAandtheotherpublickeysystemsareusedinconjunctionwithsymmetrickeycryptography.Publickey,theslowerprotocol,isusedtoexchangethesymmetrickey(orsharedsecret),andthenthecommunicationusesthefastersymmetrickeyprotocol.Thisprocessisknownaselectronickeyexchange.SincethesecurityofRSAisbaseduponthesupposeddifficultyof

factoringlargenumbers,themainweaknessesareintheimplementationsoftheprotocol.Untilrecently,RSAwasapatentedalgorithm,butitwasadefactostandardformanyyears.

ElGamalElGamalcanbeusedforbothencryptionanddigitalsignatures.TaherElGamaldesignedthesystemintheearly1980s.Thissystemwasneverpatentedandisfreeforuse.ItisusedastheU.S.governmentstandardfordigitalsignatures.Thesystemisbaseduponthedifficultyofcalculatingdiscrete

logarithmsinafinitefield.Threenumbersareneededtogenerateakeypair.User1choosesaprime,P,andtworandomnumbers,FandD.FandDshouldbothbelessthanP.Thenuser1cancalculatethepublickeyA:

A=DFmodPThenA,D,andParesharedwiththeseconduser,withFbeingtheprivatekey.Toencryptamessage,M,arandomkey,k,ischosenthatisrelativelyprimetoP–1.Then,

C1=DkmodP

C2=AkMmodP

C1andC2makeuptheciphertext.Decryptionisdoneby

M=C2/C1FmodP

ElGamalusesadifferentfunctionfordigitalsignatures.Tosignamessage,M,onceagainchoosearandomvaluekthatisrelativelyprimetoP–1.Then,

C1=DkmodP

C2=(M–C1*F)/k(modP–1)

C1concatenatedtoC2isthedigitalsignature.ElGamalisaneffectivealgorithmandhasbeeninuseforsometime.It

isusedprimarilyfordigitalsignatures.Likeallasymmetriccryptography,itisslowerthansymmetriccryptography.

ECCEllipticcurvecryptography(ECC)worksonthebasisofellipticcurves.AnellipticcurveisasimplefunctionthatisdrawnasagentlyloopingcurveontheX,Yplane.Ellipticcurvesaredefinedbythisequation:

y2=x3+ax2+bEllipticcurvesworkbecausetheyhaveaspecialproperty—youcanaddtwopointsonthecurvetogetherandgetathirdpointonthecurve,asshownintheillustration.

Forcryptography,theellipticcurveworksasapublickeyalgorithm.Usersagreeonanellipticcurveandafixedcurvepoint.Thisinformationisnotasharedsecret,andthesepointscanbemadepublicwithoutcompromisingthesecurityofthesystem.User1thenchoosesasecretrandomnumber,K1,andcomputesapublickeybaseduponapointonthecurve:

P1=K1*F

User2performsthesamefunctionandgeneratesP2.Nowuser1cansenduser2amessagebygeneratingasharedsecret:

S=K1*P2User2cangeneratethesamesharedsecretindependently:

S=K2*P1Thisistruebecause

K1*P2=K1*(K2*F)=(K1*K2)*F=K2*(K1*F)=K2*P1Thesecurityofellipticcurvesystemshasbeenquestioned,mostly

becauseoflackofanalysis.However,allpublickeysystemsrelyonthedifficultyofcertainmathproblems.Itwouldtakeabreakthroughinmathforanyofthementionedsystemstobeweakeneddramatically,butresearchhasbeendoneabouttheproblemsandhasshownthattheellipticcurveproblemhasbeenmoreresistanttoincrementaladvances.Again,aswithallcryptographyalgorithms,onlytimewilltellhowsecuretheyreallyare.ThebigbenefittoECCsystemsisthattheyrequirelesscomputingpowerforagivenbitstrength.ThismakesECCidealforuseinlow-powermobiledevices.Thesurgeinmobileconnectivityhasledtosecurevoice,e-mail,andtextapplicationsthatuseECCandAESalgorithmstoprotectauser’sdata.EllipticcurvefunctionscanbeusedaspartofaDiffie-Hellmankey

exchange,andwhenused,themethodisreferredtoasEllipticCurveDIffie-Hellman(ECDH).ThistechniquecanprovidetheadvantagesofellipticcurveandthefunctionalityofDiffie-Hellman.

AsymmetricEncryptionSummaryAsymmetricencryptioncreatesthepossibilityofdigitalsignaturesandalsocorrectsthemainweaknessofsymmetriccryptography.Theabilitytosendmessagessecurelywithoutsendersandreceivershavinghadpriorcontacthasbecomeoneofthebasicconcernswithsecurecommunication.Digitalsignatureswillenablefasterandmoreefficientexchangeofallkindsofdocuments,includinglegaldocuments.Withstrongalgorithms

andgoodkeylengths,securitycanbeassured.

Symmetricvs.AsymmetricBothsymmetricandasymmetricencryptionmethodshaveadvantagesanddisadvantages.Symmetricencryptiontendstobefaster,islesscomputationallyinvolved,andisbetterforbulktransfers.Butitsuffersfromakeymanagementprobleminthatkeysmustbeprotectedfromunauthorizedparties.Asymmetricmethodsresolvethekeysecrecyissuewithpublickeys,butaddsignificantcomputationalcomplexitythatmakesthemlesssuitedforbulkencryption.Bulkencryptioncanbedoneusingthebestofbothsystems,byusing

asymmetricencryptiontopassasymmetrickey.Byaddinginephemeralkeyexchange,youcanachieveperfectforwardsecrecy,discussedlaterinthechapter.Digitalsignatures,ahighlyusefultool,arenotpracticalwithoutasymmetricmethods.

QuantumCryptographyCryptographyistraditionallyaveryconservativebranchofinformationtechnology.Itreliesonproventechnologiesanddoesitsbesttoresistchange.Abignewtopicinrecentyearshasbeenquantumcryptography.Quantumcryptographyisbasedonquantummechanics,principallysuperpositionandentanglement.Adiscussionofquantummechanicsisbeyondthescopeofthistext,buttheprinciplewearemostconcernedwithinregardtocryptographyisthatinquantummechanics,themeasuringofdatadisturbsthedata.Whatthismeanstocryptographersisthatitiseasytotellifamessagehasbeeneavesdroppedonintransit,allowingpeopletoexchangekeydatawhileknowingthatthedatawasnotinterceptedintransit.Thisuseofquantumcryptographyiscalledquantumkeydistribution.Thisiscurrentlytheonlycommercialuseofquantumcryptography,andalthoughthereareseveralmethodsforsendingthekey,theyalladheretothesameprinciple.Keybitsaresentandthencheckedat

theremoteendforinterception,andthenmorekeybitsaresentusingthesameprocess.Onceanentirekeyhasbeensentsecurely,symmetricencryptioncanthenbeused.Theotherfieldofresearchinvolvingquantummechanicsand

cryptographyisquantumcryptanalysis.Aquantumcomputeriscapableoffactoringlargeprimesexponentiallyfasterthananormalcomputer,potentiallymakingtheRSAalgorithm,andanysystembaseduponfactoringprimenumbers,insecure.Thishasledtoresearchincryptosystemsthatarenotvulnerabletoquantumcomputations,afieldknownaspost-quantumcryptography.

SteganographySteganography,anoffshootofcryptographytechnology,getsitsmeaningfromtheGreekwordsteganos,meaningcovered.Invisibleinkplacedonadocumenthiddenbyinnocuoustextisanexampleofasteganographicmessage.Anotherexampleisatattooplacedonthetopofaperson’shead,visibleonlywhentheperson’shairisshavedoff.Hiddenwritinginthecomputeragereliesonaprogramtohidedata

insideotherdata.Themostcommonapplicationistheconcealingofatextmessageinapicturefile.TheInternetcontainsmultiplebillionsofimagefiles,allowingahiddenmessagetobelocatedalmostanywherewithoutbeingdiscovered.Becausenotalldetectionprogramscandetecteverykindofsteganography,tryingtofindthemessageinanInternetimageisakintoattemptingtofindaneedleinahaystackthesizeofthePacificOcean;evenaGooglesearchforsteganographyreturnsthousandsofimages.

Thenatureoftheimagefilesalsomakesahiddenmessagedifficulttodetect.Whileitismostcommontohidemessagesinsideimages,theycanalsobehiddeninvideoandaudiofiles.Theadvantagetosteganographyovertheuseofencryptionaloneisthat

themessagesdonotattractattention,andthisdifficultyindetectingthe

hiddenmessageprovidesanadditionalbarriertoanalysis.Thedatathatishiddeninasteganographicmessageisfrequentlyalsoencrypted,sothatifitisdiscovered,themessagewillremainsecure.Steganographyhasmanyusesbutthemostpublicizedusesaretohideillegalmaterial,oftenpornography,orallegedlyforcovertcommunicationbyterroristnetworks.Steganographicencodingcanbeusedinmanywaysandthroughmany

differentmedia.Coveringthemallisbeyondthescopeforthisbook,butwewilldiscussoneofthemostcommonwaystoencodeintoanimagefile,LSBencoding.LSB,LeastSignificantBit,isamethodofencodinginformationintoanimagewhilealteringtheactualvisualimageaslittleaspossible.Acomputerimageismadeupofthousandsormillionsofpixels,alldefinedby1’sand0’s.IfanimageiscomposedofRedGreenBlue(RGB)values,eachpixelhasanRGBvaluerepresentednumericallyfrom0to255.Forexample,0,0,0isblack,and255,255,255iswhite,whichcanalsoberepresentedas00000000,00000000,00000000forblackand11111111,11111111,11111111forwhite.Givenawhitepixel,editingtheleastsignificantbitofthepixelto11111110,11111110,11111110changesthecolor.Thechangeincolorisundetectabletothehumaneye,butinanimagewithamillionpixels,thiscreatesa125KBareainwhichtostoreamessage.SomepopularsteganographydetectiontoolsincludeStegdetect,

StegSecret,StegSpy,andthefamilyofSARCtools.Allofthesetoolsusedetectiontechniquesbaseduponthesameprinciple,patterndetection.Bylookingforknownsteganographicencodingschemesorartifacts,theycanpotentiallydetectembeddeddata.Additionally,steganographyinsertiontoolscanbeusedtoattempttodecodeimageswithsuspectedhiddenmessages.InvisibleInkisasmallprogramforsteganographicinsertionofmessagesandthentheextractionofthosemessages,asillustratedhere.

CryptographyAlgorithmUse

Theuseofcryptographicalgorithmsgrowseveryday.Moreandmoreinformationbecomesdigitallyencodedandplacedonline,andallofthisdataneedstobesecured.Thebestwaytodothatwithcurrenttechnologyistouseencryption.Thissectionconsiderssomeofthetaskscryptographicalgorithmsaccomplishandthoseforwhichtheyarebestsuited.Securityistypicallydefinedasaproductoffivecomponents:confidentiality,integrity,availability,authentication,andnonrepudiation.Encryptionaddressesallofthesecomponentsexceptavailability.Keyescrowwillbeoneofthemostimportanttopicsasinformationbecomesuniversallyencrypted;otherwise,everyonemaybeleftwithuselessdata.Digitalrightsmanagementandintellectualpropertyprotectionarealsoplaceswhereencryptionalgorithmsareheavilyused.Digitalsignaturescombineseveralalgorithmstoprovidereliableidentificationinadigitalform.

ConfidentialityConfidentialitytypicallycomestomindwhenthetermsecurityisbroughtup.Confidentialityistheabilitytokeepsomepieceofdataasecret.Inthedigitalworld,encryptionexcelsatprovidingconfidentiality.Inmostcases,symmetricencryptionisfavoredbecauseofitsspeedandbecausesomeasymmetricalgorithmscansignificantlyincreasethesizeoftheobjectbeingencrypted.Asymmetriccryptographyalsocanbeusedtoprotectconfidentiality,butitssizeandspeedmakeitmoreefficientatprotectingtheconfidentialityofsmallunitsfortaskssuchaselectronickeyexchange.Inallcases,thestrengthofthealgorithmsandthelengthofthekeysensurethesecrecyofthedatainquestion.

IntegrityIntegrity,betterknownasmessageintegrity,isacrucialcomponentofmessagesecurity.Whenamessageissent,boththesenderandrecipientneedtoknowthatthemessagewasnotalteredintransmission.Thisis

especiallyimportantforlegalcontracts—recipientsneedtoknowthatthecontractshavenotbeenaltered.Signersalsoneedawaytovalidatethatacontracttheysignwillnotbealteredinthefuture.

Messageintegritywillbecomeincreasinglyimportantasmorecommerceisconducteddigitally.Theabilitytoindependentlymakesurethatadocumenthasnotbeentamperedwithisveryimportanttocommerce.Moreimportantly,oncethedocumentis“signed”withadigitalsignature,itcannotberefutedthatthepersoninquestionsignedit.

Integrityisprovidedviaone-wayhashfunctionsanddigitalsignatures.Thehashfunctionscomputethemessagedigests,andthisguaranteestheintegrityofthemessagebyallowingeasytestingtodeterminewhetheranypartofthemessagehasbeenchanged.Themessagenowhasacomputedfunction(thehashvalue)totelltheuserstoresendthemessageifitwasinterceptedandinterferedwith.Thishashvalueiscombinedwithasymmetriccryptographybytakingthemessage’shashvalueandencryptingitwiththeuser’sprivatekey.Thisletsanyonewiththeuser’spublickeydecryptthehashandcompareittothelocallycomputedhash,notonlyensuringtheintegrityofthemessagebutpositivelyidentifyingthesender.

AuthenticationAuthenticationisthematchingofausertoanaccountthroughpreviouslysharedcredentials.Thisinformationmustbeprotectedandacombinationofcryptographicmethodsarecommonlyemployed.Fromhashingtokeystretchingtoencryptionanddigitalsignatures,multipletechniquesareusedaspartoftheoperationsinvolvedinauthentication.

TryThis!

DocumentIntegrityDownloadahashcalculatorthatworksonyouroperatingsystem,suchasSlavaSoftHashCalc,availableatwww.slavasoft.com/hashcalc/index.htm.Thencreateasimpledocumentfilewithanytextthatyouprefer.Saveit,andthenusethehashingprogramtogeneratethehashandsavethehashvalue.Noweditthefile,evenbysimplyinsertingasingleblankspace,andresaveit.Recalculatethehashandcompare.

NonrepudiationAnitemofsomeconfusion,theconceptofnonrepudiationisactuallyfairlysimple.Nonrepudiationmeansthatthemessagesendercannotlaterdenythattheysentthemessage.Thisisimportantinelectronicexchangesofdata,becauseofthelackofface-to-facemeetings.Nonrepudiationisbaseduponpublickeycryptographyandtheprincipleofonlyyouknowingyourprivatekey.Thepresenceofamessagesignedbyyou,usingyourprivatekey,whichnobodyelseshouldknow,isanexampleofnonrepudiation.Whenathirdpartycancheckyoursignatureusingyourpublickey,thatdisprovesanyclaimthatyouwerenottheonewhoactuallysentthemessage.Nonrepudiationistiedtoasymmetriccryptographyandcannotbeimplementedwithsymmetricalgorithms.

TechTip

HOTPAnHMAC-basedOne-TimePassword(HOTP)algorithmisakeycomponentoftheOpenAuthenticationInitiative(OATH).YubiKeyisahardwareimplementationofHOTPthathassignificantuse.

CipherSuitesInmanyapplications,theuseofcryptographyoccursasacollectionoffunctions.Differentalgorithmscanbeusedforauthentication,

encryption/decryption,digitalsignatures,andhashing.Thetermciphersuitereferstoanarrangedgroupofalgorithms.Forinstance,TLShasapublishedTLSCipherSuiteRegistryatwww.iana.org/assignments/tls-parameters/tls-parameters.xhtml.

Strongvs.WeakCiphersThereisawiderangeofciphers,someoldandsomenew,eachwithitsownstrengthsandweaknesses.Overtime,newmethodsandcomputationalabilitieschangetheviabilityofciphers.Theconceptofstrongversusweakciphersisanacknowledgmentthat,overtime,cipherscanbecomevulnerabletoattacks.Theapplicationorselectionofciphersshouldtakeintoconsiderationthatnotallciphersarestillstrong.Whenselectingacipherforuse,itisimportanttomakeanappropriatechoice.

KeyExchangeCryptographicmechanismsusebothanalgorithmandakey,withthekeyrequiringcommunicationbetweenparties.Insymmetricencryption,thesecrecydependsuponthesecrecyofthekey,soinsecuretransportofthekeycanleadtofailuretoprotecttheinformationencryptedusingthekey.Keyexchangeisthecentralfoundationalelementofasecuresymmetricencryptionsystem.Maintainingthesecrecyofthesymmetrickeyisthebasisofsecretcommunications.Inasymmetricsystems,thekeyexchangeproblemisoneofkeypublication.Becausepublickeysaredesignedtobeshared,theproblemisreversedfromoneofsecrecytooneofpublicity.Earlykeyexchangeswereperformedbytrustedcouriers.Peoplecarried

thekeysfromsenderstoreceivers.Onecouldconsiderthisformofkeyexchangetobetheultimateinout-of-bandcommunication.Withtheadventofdigitalmethodsandsomemathematicalalgorithms,itispossibletopasskeysinasecurefashion.Thiscanoccurevenwhenallpacketsaresubjecttointerception.TheDiffie-Hellmankeyexchangeisoneexampleofthistypeofsecurekeyexchange.TheDiffie-Hellmankeyexchangedependsupontworandomnumbers,eachchosenbyoneoftheparties,and

keptsecret.Diffie-Hellmankeyexchangescanbeperformedin-band,andevenunderexternalobservation,asthesecretrandomnumbersareneverexposedtooutsideparties.

KeyEscrowTheimpressivegrowthoftheuseofencryptiontechnologyhasledtonewmethodsforhandlingkeys.Encryptionisadeptathidingallkindsofinformation,andwithprivacyandidentityprotectionbecomingmoreofaconcern,moreinformationisencrypted.Thelossofakeycanhappenforamultitudeofreasons:itmightsimplybelost,thekeyholdermightbeincapacitatedordead,softwareorhardwaremightfail,andsoon.Inmanycases,thatinformationislockedupuntilthecryptographycanbebroken,and,asyouhaveread,thatcouldbemillennia.Thishasraisedthetopicofkeyescrow,orkeepingacopyoftheencryptionkeywithatrustedthirdparty.Theoretically,thisthirdpartywouldonlyreleaseyourkeytoyouoryourofficialdesignateontheeventofyourbeingunabletogetthekeyyourself.However,justastheoldsayingfromBenjaminFranklingoes,“Threemaykeepasecretiftwoofthemaredead.”Anytimemorethanonecopyofthekeyexists,thesecurityofthesystemisbroken.Theextentoftheinsecurityofkeyescrowisasubjectopentodebate,andwillbehotlycontestedintheyearstocome.

TechTip

KeyEscrowHasBenefitsandHazardsKeyescrowcansolvemanyoftheproblemsthatresultwhenakeyislostorbecomesinaccessible,allowingaccesstodatathatotherwisewouldbeimpossibletoaccesswithoutkeyescrow,butitcanopenupprivateinformationtounauthorizedaccess.

Additionally,withcomputertechnologybeingminiaturizedintosmartphonesandotherrelativelyinexpensivedevices,criminalsandother

ill-willedpeoplehavebegunusingcryptographytoconcealcommunicationsandbusinessdealingsfromlawenforcementagencies.Becauselawenforcementagencieshavenotbeenabletobreaktheencryptioninmanycases,governmentagencieshavebegunaskingformandatorykeyescrowlegislation.Inthissense,keyescrowisasystembywhichyourprivatekeyiskeptbothbyyouandbythegovernment.Thisallowspeoplewithacourtordertoretrieveyourprivatekeytogainaccesstoanythingencryptedwithyourpublickey.Thedataisessentiallyencryptedbyyourkeyandthegovernmentkey,givingthegovernmentaccesstoyourplaintextdata.Thisprocessissimilartoasearchwarrantofyourhome,butisusedagainstyourcomputerdata.Whetherornotthisishowthingsshouldbeisalsoopentodebate,butitdoesraisetheinterestingpossibilityofencryptionsoftwarethatisincompatiblewithgovernmentkeyescrowbeingbanned.Thelastmajordiscussionforkeyescrowlegislationwasseveralyearsago,buttheprospectremainsouttherewaitingforahighprofilecasetobringencryptionintothespotlight.In2015,manyUSFederalofficialsagaincalledforformsofkeyescrowandbackdoorsinthenameofanti-terrorismandlawenforcement.Theresultofthisnewroundofargumentwilltakeyearstodecidethecorrectbalance.Keyescrowcannegativelyimpactthesecurityprovidedbyencryption,

becausethegovernmentrequiresahuge,complexinfrastructureofsystemstoholdeveryescrowedkey,andthesecurityofthosesystemsislessefficientthanthesecurityofyourmemorizingthekey.However,therearetwosidestothekeyescrowcoin.Withoutapracticalwaytorecoverakeyiforwhenitislostorthekeyholderdies,forexample,someimportantinformationwillbelostforever.Suchissueswillaffectthedesignandsecurityofencryptiontechnologiesfortheforeseeablefuture.

SessionKeysAsessionkeyisasymmetrickeyusedforencryptingmessagesduringacommunicationsession.Itisgeneratedfromrandomseedsandisusedfor

thedurationofacommunicationsession.Whencorrectlygeneratedandpropagatedduringsessionsetup,asessionkeyprovidessignificantlevelsofprotectionduringthecommunicationsessionandalsocanaffordperfectforwardsecrecy(describedlaterinthechapter).Sessionkeysoffertheadvantagesofsymmetricencryption,speed,strength,simplicity,and,withkeyexchangespossibleviadigitalmethods,significantlevelsofautomatedsecurity.

EphemeralKeysEphemeralkeysarecryptographickeysthatareusedonlyonceaftertheyaregenerated.WhenanephemeralkeyisusedaspartoftheDiffie-Hellmanscheme,itformsanEphemeralDiffie-Hellman(EDH)keyexchange.AnEDHmechanismgeneratesatemporarykeyforeachconnection,neverusingthesamekeytwice.Thisprovidesforperfectforwardsecrecy.IftheDiffie-Hellmaninvolvestheuseofellipticcurves,itiscalledEllipticCurveDiffie-HellmanEphemeral(ECDHE).

KeyStretchingKeystretchingisamechanismthattakeswhatwouldbeweakkeysand“stretches”themtomakethesystemmoresecureagainstbrute-forceattacks.Atypicalmethodologyusedforkeystretchinginvolvesincreasingthecomputationalcomplexitybyaddingiterativeroundsofcomputations.Toextendapasswordtoalongerlengthofkey,youcanrunitthroughmultipleroundsofvariable-lengthhashing,eachincreasingtheoutputbybitsovertime.Thismaytakehundredsorthousandsofrounds,butforsingle-usecomputations,thetimeisnotsignificant.Whenonewantstouseabrute-forceattack,theincreaseincomputationalworkloadbecomessignificantwhendonebillionsoftimes,makingthisformofattackmuchmoreexpensive.Thecommonformsofkeystretchingemployedinusetodayinclude

Password-BasedKeyDerivationFunction2andBcrypt.

PBKDF2Password-BasedKeyDerivationFunction2(PBKDF2)isakeyderivationfunctiondesignedtoproduceakeyderivedfromapassword.ThisfunctionusesapasswordorpassphraseandasaltandappliesanHMACtotheinputthousandsoftimes.Therepetitionmakesbrute-forceattackscomputationallyunfeasible.

BcryptBcryptisakey-stretchingmechanismthatusestheBlowfishcipherandsalting,andaddsanadaptivefunctiontoincreasethenumberofiterations.Theresultisthesameasotherkey-stretchingmechanisms(singleuseiscomputationallyfeasible),butwhenattemptingtobrute-forcethefunction,thebillionsofattemptsmakeitcomputationallyunfeasible.

SecrecyPrinciplesThereareseveralconditionsandprinciplesassociatedwithsecrecy.Twoofthese,confusionanddiffusion,arisefromClaudeShannon’sseminalworkincommunicationtheory.Theconceptofentropy,presentedearlier,isfromthesamesource.Whilethesearetheoretical-centricideas,thereareimplementationprinciplesaswell.Perfectforwardsecrecyisoneoftheseasitappliestofuturemessagesecrecy.

ConfusionConfusionisaprincipletoaffecttherandomnessofanoutput.Theconceptisoperationalizedbyensuringthateachcharacterofciphertextdependsonseveralpartsofthekey.Confusionplacesaconstraintontherelationshipbetweentheciphertextandthekeyemployed,forcinganeffectthatincreasesentropy.

DiffusionDiffusionisaprinciplethatthestatisticalanalysisofplaintextand

ciphertextresultsinaformofdispersionrenderingonestructurallyindependentoftheother.Inplainterms,achangeinonecharacterofplaintextshouldresultinmultiplechangesintheciphertextinamannerthatchangesinciphertextdonotrevealinformationastothestructureoftheplaintext.

PerfectForwardSecrecyPerfectforwardsecrecyisapropertyofapublickeysysteminwhichakeyderivedfromanotherkeyisnotcompromisedeveniftheoriginatingkeyiscompromisedinthefuture.Thisisespeciallyimportantinsessionkeygeneration,wherethecompromiseoffuturecommunicationsessionsmaybecomecompromised;ifperfectforwardsecrecywerenotinplace,thenpastmessagesthathadbeenrecordedcouldbedecrypted.

TransportEncryptionTransportencryptionisusedtoprotectdatathatisinmotion.Whendataisbeingtransportedacrossanetwork,itisatriskofinterception.AnexaminationoftheOSInetworkingmodelshowsalayerdedicatedtotransport,andthisabstractioncanbeusedtomanageend-to-endcryptographicfunctionsforacommunicationchannel.WhenutilizingtheTCP/IPprotocol,TLSisthepreferredmethodofmanagingthesecurityatthetransportlevel.

DigitalSignaturesDigitalsignatureshavebeentoutedasthekeytotrulypaperlessdocumentflow,andtheydohavepromiseforimprovingthesystem.Digitalsignaturesarebasedonbothhashingfunctionsandasymmetriccryptography.Bothencryptionmethodsplayanimportantroleinsigningdigitaldocuments.Unprotecteddigitaldocumentsareveryeasyforanyonetochange.Ifadocumentiseditedafteranindividualsignsit,itisimportantthatanymodificationcanbedetected.Toprotectagainst

documentediting,hashingfunctionsareusedtocreateadigestofthemessagethatisuniqueandeasilyreproduciblebybothparties.Thisensuresthatthemessageintegrityiscomplete.

Digitalsignaturesprovideameansofverifyingauthenticityandintegrityofamessage:youknowbothwhothesenderisandthatthemessagehasnotbeenaltered.Byitself,adigitalsignaturedoesnotprotectthecontentsfromunauthorizedreading.

Adigitalsignatureisacryptographicimplementationdesignedtodemonstrateauthenticityandidentityassociatedwithamessage.Usingpublickeycryptography,adigitalsignatureallowstraceabilitytothepersonsigningthemessagethroughtheuseoftheirprivatekey.Theadditionofhashcodesallowsfortheassuranceofintegrityofthemessageaswell.Theoperationofadigitalsignatureisacombinationofcryptographicelementstoachieveadesiredoutcome.ThestepsinvolvedindigitalsignaturegenerationanduseareillustratedinFigure5.11.Themessagetobesignedishashed,andthehashisencryptedusingthesender’sprivatekey.Uponreceipt,therecipientcandecryptthehashusingthesender’spublickey.Ifasubsequenthashingofthemessagerevealsanidenticalvalue,twothingsareknown:First,themessagehasnotbeenaltered.Second,thesenderpossessedtheprivatekeyofthenamedsender,soispresumablythesenderhim-orherself.

•Figure5.11Digitalsignatureoperation

Adigitalsignaturedoesnotbyitselfprotectthecontentsofthemessagefrominterception.Themessageisstillsentintheclear,soifconfidentialityofthemessageisarequirement,additionalstepsmustbetakentosecurethemessagefromeavesdropping.Thiscanbedonebyencryptingthemessageitself,orbyencryptingthechanneloverwhichitistransmitted.

DigitalRightsManagementDigitalrightsmanagement(DRM)istheprocessforprotectingintellectualpropertyfromunauthorizeduse.Thisisabroadarea,butthemostconcentratedfocusisonpreventingpiracyofsoftwareordigitalcontent.Beforeeasyaccesstocomputers,orthe“digitalrevolution,”thecontentwecameincontactwithwasanalogorprintbased.Whileitwaspossibletocopythiscontent,itwasdifficultandtime-consumingtodoso,andusuallyresultedinalossofquality.Itwasalsomuchmoredifficulttosend1000pagesofahandwrittencopyofabooktoEurope,forexample.ComputersandtheInternethavemadesuchtaskstrivial,andnowitisveryeasytocopyadocument,music,orvideoandquicklysenditthousandsofmilesaway.Cryptographyhasenteredthefrayasasolutiontoprotectdigitalrights,

thoughitiscurrentlybetterknownforitsfailuresthanitssuccesses.TheDVDContentScrambleSystem(CSS)wasanattempttomakeDVDsimpossibletocopybycomputer.CSSusedanencryptionalgorithmthatwaslicensedtoeveryDVDplayer;however,creativeprogrammerswereabletoretrievethekeytothisalgorithmbydisassemblingasoftware-basedDVDplayer.CSShasbeenreplacedbytheAdvancedAccessContentSystem(AACS),whichisusedonthenext-generationBlu-raydiscs.ThissystemencryptsvideocontentviathesymmetricAESalgorithmwithoneormorekeys.Severaldecryptionkeyshavebeen

crackedandreleasedtotheInternet,allowingpiratestofreelycopytheprotectedcontent.ThemusicandcomputergameindustrieshavealsoattemptedseveraldifferentDRMapplications,butnearlyallofthesehaveeventuallybeencracked,allowingpiracy.AcommonexampleofDRMthatismostlysuccessfulisthebroadcast

streamofdigitalsatelliteTV.SincethesignalisbeamedfromspacetoeveryhomeinNorthAmerica,thesatelliteTVprovidermustbeabletoprotectthesignalsothatitcanchargepeopletoreceiveit.Smartcardsareemployedtosecurelyholdthedecryptionkeysthatallowaccesstosomeorallofthecontentinthestream.Thissystemhasbeencrackedseveraltimes,allowingasubsetofusersfreeaccesstothecontent;however,thesatelliteTVproviderslearnedfromtheirearlymistakesandupgradednewsmartcardstocorrecttheoldproblems.DRMwillalsobecomeveryimportantintheindustryofSoftwareasa

Service(SaaS).SimilartocompaniesthatprovidesatelliteTVservice,companiesthatprovideSaaSrelyonasubscriptionbasisforprofitability.Ifsomeonecouldpayforasinglelicenseandthendistributethattohundredsofemployees,theproviderwouldsoongooutofbusiness.Manysystemsinthepasthavebeencrackedbecausethekeywashousedinsidethesoftware.Thishaspromptedsomesystemstousespecifichardwaretostoreandprotectthekey.ThesedevicesarecommonlyknownasHardwareSecurityModules,orHSMs.Theyareusuallydesignedtoprotectthekeyinhardwaresothatevenifthedeviceistamperedwith,itwillnotrevealkeymaterial.Smartcardsareoneexampleofthistechnology.AnotherexampleishardwaretokenUSBkeysthatmustbeinsertedintothemachineforthesoftwaretodecryptandrun.Placingthekeysinhardwaremakesanattacktoretrievethemmuchharder,aconceptthatisemployedintheTrustedPlatformModule;infact,oneoftheprimarycomplaintsagainsttheTPMisitsinabilitytoenforceDRMrestrictions.

CryptographicApplications

Afewapplicationscanbeusedtoencryptdataconvenientlyonyourpersonalcomputer.(Thisisbynomeansacompletelistofeveryapplication.)PrettyGoodPrivacy(PGP)ismentionedinthisbookbecauseitisausefulprotocolsuite.CreatedbyPhilipZimmermannin1991,itpassedthroughseveralversionsthatwereavailableforfreeunderanoncommerciallicense.PGPisnowanenterpriseencryptionproduct,acquiredbytheSymantecCorporationin2010.PGPcanbeappliedtopopulare-mailprogramstohandlethemajorityofday-to-dayencryptiontasksusingacombinationofsymmetricandasymmetricencryptionprotocols.OneoftheuniquefeaturesofPGPisitsabilitytousebothsymmetricandasymmetricencryptionmethods,accessingthestrengthsofeachmethodandavoidingtheweaknessesofeachaswell.Symmetrickeysareusedforbulkencryption,takingadvantageofthespeedandefficiencyofsymmetricencryption.Thesymmetrickeysarepassedusingasymmetricmethods,capitalizingontheflexibilityofthismethod.PGP-basedtechnologyisnowsoldaspartofacommercialapplication,withhomeandcorporateversions.

CrossCheckPGPInChapter7youwilllearnsomeadditionaldetailsaboutPGP.Whyistheabilitytouseasymmetricandsymmetricencryptioninthesameprogramimportant?

GnuPG,orGnuPrivacyGuard,isanopensourceimplementationoftheOpenPGPstandard.Thiscommandline–basedtoolisapublickeyencryptionprogramdesignedtoprotectelectroniccommunicationssuchase-mail.ItoperatessimilarlytoPGPandincludesamethodformanagingpublic/privatekeys.Filesystemencryptionisbecomingastandardmeansofprotectingdata

whileinstorage.Evenharddrivesareavailablewithbuilt-inAESencryption.MicrosoftexpandeditsEncryptingFileSystem(EFS),availablesincetheWindows2000operatingsystem,withBitLocker,a

boot-sectorencryptionmethodthatprotectsdatathatwasintroducedwiththeWindowsVistaoperatingsystem.BitLockerisalsousedinWindowsServer2008andtheWindows7andbeyondoperatingsystems.BitLockerutilizesAESencryptiontoencrypteveryfileontheharddriveautomatically.Allencryptionoccursinthebackground,anddecryptionoccursseamlesslywhendataisrequested.ThedecryptionkeycanbestoredintheTPMoronaUSBkey.

DatabaseEncryptionDuepartlytoincreasedregulatoryconcernsandpartlytomoretargetedattacks,databaseshavebeguntooffernativesupportforencryption.Protectingdataatrestintheenterprisefrequentlyinvolvesdatastoredindatabases.Buildingdataprotectionmechanismsintothedatabasesystemsisnotnew(ithasbeenaroundforalongtime),butenterpriseadoptionofthisfunctionalityhasbeenslow.Symmetricencryptionalgorithmssuchas3DESandAESareusedtoencryptdatainternallyinthedatabase.Protectionmechanismsthatcanbemanagedbyrowandbycolumnareincludedinmostmajordatabaseapplications;thechallengeisinconvincingorganizationstousethisprovenprotectionmethodology.Itdoesaddcomplexitytothesystem,butintoday’senvironmentofdatabreachesandcorporateespionage,thecomplexityiseasiertomanagethantheeffectsofadataloss.

UseofProvenTechnologiesWhensettingupacryptographicscheme,itisimportanttouseproventechnologies.Provencryptographiclibrariesandprovencryptographicallycorrectrandomnumbergeneratorsarethefoundationalelementsassociatedwithasolidprogram.Homegrownorcustomelementsintheseareascangreatlyincreaseriskassociatedwithabrokensystem.Developingyourowncryptographicalgorithmsisbeyondtheabilitiesofmostgroups.Algorithmsarecomplexanddifficulttocreate.Anyalgorithmthathasnothadpublicreviewcanhaveweaknessesinthe

algorithm.Mostgoodalgorithmsareapprovedforuseonlyafteralengthytestandpublicreviewphase.

Chapter5Review

ForMoreInformationAppliedCryptography,SecondEdition,BruceSchneier(JohnWiley&Sons)

Cryptool:https://www.cryptool.org/en/

BruceSchneierBlog:https://www.schneier.com/cryptography.html

LabBookExercisesThefollowinglabexercisesfromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providepracticalapplicationofmaterialcoveredinthischapter:

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutcryptography.

Understandthefundamentalsofcryptography

Understandthefundamentalmethods.

Understandhowtocomparestrengthsandperformanceofalgorithms.

Haveanappreciationofthehistoricalaspectsofcryptography.

Identifyanddescribethethreetypesofcryptography

Symmetriccryptographyisbasedupontheconceptofasharedsecretorkey.

Asymmetriccryptographyisbaseduponakeythatcanbemadeopenlyavailabletothepublic,yetstillprovidesecurity.

One-way,orhashing,cryptographytakesdataandenciphersit.However,thereisnowaytodecipheritandnokey.

Properrandomnumbergenerationisessentialforcryptographicuse,asthestrengthoftheimplementationfrequentlydependsuponitbeingtrulyrandomandunknown.

Listanddescribecurrentcryptographicalgorithms

Hashingistheuseofaone-wayfunctiontogenerateamessagesummaryfordataintegrity.

HashingalgorithmsincludeSHA(SecureHashAlgorithm)andMD(MessageDigest).

Symmetricencryptionisasharedsecretformofencryptingdataforconfidentiality;itisfastandreliable,butneedssecurekeymanagement.

SymmetricalgorithmsincludeDES(DataEncryptionStandard),3DES,AES(AdvancedEncryptionStandard),CAST,Blowfish,IDEA,andRC(RivestCipher)variants.

Asymmetricencryptionisapublic/privatekey-pairencryptionusedforauthentication,nonrepudiation,andconfidentiality.

AsymmetricalgorithmsincludeRSA,Diffie-Hellman,ElGamal,andECC.

Explainhowcryptographyisappliedforsecurity

Confidentialityisgainedbecauseencryptionisverygoodatscramblinginformationtomakeitlooklikerandomnoise,wheninfactakeycandecipherthemessageandreturnittoitsoriginalstate.

Integrityisgainedbecausehashingalgorithmsarespecificallydesignedtocheckintegrity.Theycanreduceamessagetoamathematicalvaluethatcanbeindependentlycalculated,guaranteeingthatanymessagealterationwouldchangethemathematicalvalue.

Nonrepudiationisthepropertyofnotbeingabletoclaimthatyoudidnotsendthedata.Thispropertyisgainedbecauseofthepropertiesofprivatekeys.

Authentication,orbeingabletoproveyouareyou,isachievedthroughtheprivatekeysinvolvedindigitalsignatures.

Theuseofkeygenerationmethodsincludingephemeralkeysandkeystretchingareimportanttoolsintheimplementationofstrongcryptosystems.

Digitalsignatures,combiningmultipletypesofencryption,provideanauthenticationmethodverifiedbyathirdparty,allowingyoutousethemasifyouwereactuallysigningthedocumentwithyourregularsignature.

Digitalrightsmanagement(DRM)usessomeformofasymmetricencryptionthatallowsanapplicationtodetermineifyouareanauthorizeduserofthedigitalcontentyouaretryingtoaccess.Forexample,thingslikeDVDsandcertaindigitalmusicformatssuchasAACSuseDRM.

Theprincipleofperfectforwardsecrecyprotectsfuturemessagesfrompreviousmessagekeydisclosures.

Provencryptographictechnologiesareimportantasmostcryptographicsystemsfailandonlyafewstandthetestoftime.Homebrewsystemsareripeforfailure.

Ciphersuitesprovideinformationtoassistdevelopersinchoosingthecorrectmethodstoachievedesiredlevelsofprotection.

KeyTermsalgorithm(96)blockcipher(104)ciphertext(94)collisionattack(99)confusion(120)cryptanalysis(90)cryptography(90)differentialcryptanalysis(91)diffusion(120)digitalrightsmanagement(121)digitalsignature(120)entropy(98)ephemeralkeys(119)eXclusiveOR(XOR)(97)hash(99)key(97)keyescrow(118)keymanagement(98)keyspace(93)keystretching(119)linearcryptanalysis(91)multipleencryption(104)perfectforwardsecrecy(120)plaintext(94)sharedsecret(103)shiftcipher(94)

steganography(114)streamcipher(107)substitution(92)transposition(92)transpositioncipher(93)trapdoorfunction(109)Vigenèrecipher(95)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.Makingtwoinputsresultintheexactsamecryptographichashiscalleda(n)_______________.

2.Asimplewaytohideinformation,the_______________movesaletterasetnumberofplacesdownthealphabet.

3.Toprovideforperfectforwardsecurity,oneshoulduse_______________.

4._______________isrequiredforsymmetricencryption.5._______________istheevaluationofacryptosystemtotestits

security.

6._______________referstoeverypossiblevalueforacryptographickey.

7._______________isthefunctionmostcommonlyseenincryptography,a“bitwiseexclusive”or.

8.Themeasureofrandomnessinadatastreamiscalled_______________.

9.Processingthroughanalgorithmmorethanoncewithdifferentkeys

iscalled_______________.

10.Thebasisforsymmetriccryptographyistheprincipleofa(n)_______________.

Multiple-ChoiceQuiz1.Whenamessageissent,nomatterwhatitsformat,whydowecare

aboutitsintegrity?

A.Toensureproperformatting

B.Toshowthattheencryptionkeysareundamaged

C.Toshowthatthemessagehasnotbeeneditedintransit

D.Toshowthatnoonehasviewedthemessage

2.Howis3DESdifferentfrommanyothertypesofencryptiondescribedinthischapter?

A.Itonlyencryptsthehash.

B.Ithashesthemessagebeforeencryption.

C.Itusesthreekeysandmultipleencryptionand/ordecryptionsets.

D.Itcandisplaythekeypublicly.

3.Ifamessagehasahash,howdoesthehashprotectthemessageintransit?

A.Ifthemessageisedited,thehashwillnolongermatch.

B.Hashingdestroysthemessagesothatitcannotbereadbyanyone.

C.Hashingencryptsthemessagesothatonlytheprivatekeyholdercanreadit.

D.Thehashmakesthemessageuneditable.

4.Whatisthebiggestdrawbacktosymmetricencryption?A.Itistooeasilybroken.

B.Itistooslowtobeeasilyusedonmobiledevices.

C.Itrequiresakeytobesecurelyshared.

D.ItisavailableonlyonUNIX.

5.WhatisDiffie-Hellmanmostcommonlyusedfor?A.Symmetricencryptionkeyexchange

B.Signingdigitalcontracts

C.Securee-mail

D.Storingencryptedpasswords

6.Whatispublickeycryptographyamorecommonnamefor?A.Asymmetricencryption

B.SHA

C.Symmetricencryption

D.Hashing

7.Whatalgorithmcanbeusedtoprovideforkeystretching?A.PBKDF2

B.SHA356

C.RIPEMD

D.3DES

8.Agoodhashfunctionisresistanttowhat?

A.Brute-forcing

B.Rainbowtables

C.Interception

D.Collisions

9.Howis3DESanimprovementovernormalDES?A.Itusespublicandprivatekeys.

B.Ithashesthemessagebeforeencryption.

C.Itusesthreekeysandmultipleencryptionand/ordecryptionsets.

D.ItisfasterthanDES.

10.Whatisthebestkindofkeytohave?A.Easytoremember

B.Longandrandom

C.Longandpredictable

D.Short

EssayQuiz1.Describehowpolyalphabeticsubstitutionworks.2.Explainwhyasymmetricencryptioniscalledpublickeyencryption.3.Describecryptanalysis.

LabProjects

•LabProject5.1Usingautilityprogram,demonstratehowsinglecharacterchangescanmakesubstantialchangestohashvalues.

•LabProject5.2Createakeysetanduseittotransferafilesecurely.

chapter6 PublicKeyInfrastructure

Withouttrust,thereisnothing.

—ANONYMOUS

P

Inthischapter,youwilllearnhowto

Implementthebasicsofpublickeyinfrastructures

Describetheroleofregistrationauthorities

Usedigitalcertificates

Understandthelifecycleofcertificates

Explaintherelationshipbetweentrustandcertificateverification

Describetherolesofcertificateauthoritiesandcertificaterepositories

Identifycentralizedanddecentralizedinfrastructures

Describepublicandin-housecertificateauthorities

ublickeyinfrastructures(PKIs)arebecomingacentralsecurityfoundationformanagingidentitycredentialsinmanycompanies.Thetechnologymanagestheissueofbindingpublickeysandidentities

acrossmultipleapplications.Theotherapproach,withoutPKIs,istoimplementmanydifferentsecuritysolutionsandhopeforinteroperabilityandequallevelsofprotection.PKIscompriseseveralcomponents,includingcertificates,registration

andcertificateauthorities,andastandardprocessforverification.PKIsareaboutmanagingthesharingoftrustandusingathirdpartytovouchforthetrustworthinessofaclaimofownershipoveracredentialdocument,calledacertificate.

TheBasicsofPublicKeyInfrastructuresApublickeyinfrastructure(PKI)providesallthecomponentsnecessaryfordifferenttypesofusersandentitiestobeabletocommunicatesecurelyandinapredictablemanner.APKIismadeupofhardware,applications,policies,services,programminginterfaces,cryptographicalgorithms,protocols,users,andutilities.Thesecomponentsworktogethertoallow

communicationtotakeplaceusingpublickeycryptographyandsymmetrickeysfordigitalsignatures,dataencryption,andintegrity.

CrossCheckPKIsandEncryptionThetechnologiesusedinPKIincludemanycryptographicalgorithmsandmechanisms.EncryptiontechnologiesandpublickeyprincipleswerecoveredinChapter5.Abasicunderstandingofpublicandprivatekeysandtheirrelationshiptopublickeyencryptionisaprerequisiteforthischapter.Ifneeded,reviewthatmaterialbeforeyouattemptthedetailsofPKIinthischapter.

Althoughmanydifferentapplicationsandprotocolscanprovidethesametypeoffunctionality,constructingandimplementingaPKIboilsdowntoestablishingaleveloftrust.If,forexample,JohnandDianewanttocommunicatesecurely,Johncangeneratehisownpublic/privatekeypairandsendhispublickeytoDiane,orhecanplacehispublickeyinadirectorythatisavailabletoeveryone.IfDianereceivesJohn’spublickey,eitherfromhimorfromapublicdirectory,howdoessheknowthekeyreallycamefromJohn?Maybeanotherindividual,Katie,ismasqueradingasJohnandhasreplacedJohn’spublickeywithherown,asshowninFigure6.1(referredtoasaman-in-the-middleattack).Ifthistookplace,DianewouldbelievethathermessagescouldbereadonlybyJohnandthatthereplieswereactuallyfromhim.However,shewouldactuallybecommunicatingwithKatie.Whatisneededisawaytoverifyanindividual’sidentity,toensurethataperson’spublickeyisboundtotheiridentityandthusensurethatthepreviousscenario(andothers)cannottakeplace.

•Figure6.1WithoutPKIs,individualscouldspoofothers’identities.

InPKIenvironments,entitiescalledregistrationauthorities(RAs)andcertificateauthorities(CAs)provideservicessimilartothoseoftheDepartmentofMotorVehicles(DMV).WhenJohngoestoregisterforadriver’slicense,hehastoprovehisidentitytotheDMVbyprovidinghispassport,birthcertificate,orotheridentificationdocumentation.IftheDMVissatisfiedwiththeproofJohnprovides(andJohnpassesadrivingtest),theDMVwillcreateadriver’slicensethatcanthenbeusedbyJohntoprovehisidentity.WheneverJohnneedstoidentifyhimself,hecanshowhisdriver’slicense.AlthoughmanypeoplemaynottrustJohntoidentifyhimselftruthfully,theydotrustthethirdparty,theDMV.InthePKIcontext,whilesomevariationsexistinspecificproducts,the

RAwillrequireproofofidentityfromtheindividualrequestingacertificateandwillvalidatethisinformation.TheRAwillthenadvisetheCAtogenerateacertificate,whichisanalogoustoadriver’slicense.TheCAwilldigitallysignthecertificateusingitsprivatekey.TheuseoftheprivatekeyensurestotherecipientthatthecertificatecamefromtheCA.WhenDianereceivesJohn’scertificateandverifiesthatitwasactuallydigitallysignedbyaCAthatshetrusts,shewillbelievethatthecertificateisactuallyJohn’s—notbecauseshetrustsJohn,butbecauseshetruststheentitythatisvouchingforhisidentity(theCA).

TechTip

PublicandPrivateKeysRecallfromChapter5thatthepublickeyistheonethatyougivetoothersandtheprivatekeyneverleavesyourpossession.Anythingonekeydoes,theotherundoes,soifyouencryptsomethingwiththepublickey,onlytheholderoftheprivatekeycandecryptit.Ifyouencryptsomethingwiththeprivatekey,theneveryonewhousesthepublickeyknowsthattheholderoftheprivatekeydidtheencryption.Certificatesdonotalteranyofthis;theyonlyofferastandardmeansoftransferringkeys.

Thisiscommonlyreferredtoasathird-partytrustmodel.Publickeysarecomponentsofdigitalcertificates,sowhenDianeverifiestheCA’sdigitalsignature,thisverifiesthatthecertificateistrulyJohn’sandthatthepublickeythecertificatecontainsisalsoJohn’s.ThisishowJohn’sidentityisboundtohispublickey.ThisprocessallowsJohntoauthenticatehimselftoDianeandothers.

Usingthethird-partycertificate,JohncancommunicatewithDiane,usingpublickeyencryption,withoutpriorcommunicationorapreexistingrelationship.OnceDianeisconvincedofthelegitimacyofJohn’spublickey,shecan

useittoencryptmessagesbetweenherselfandJohn,asillustratedinFigure6.2.

•Figure6.2Publickeysarecomponentsofdigitalcertificates.

Numerousapplicationsandprotocolscangeneratepublic/privatekeypairsandprovidefunctionalitysimilartowhataPKIprovides,butnotrustedthirdpartyisavailableforbothofthecommunicatingparties.Foreachpartytochoosetocommunicatethiswaywithoutathirdpartyvouchingfortheother’sidentity,thetwomustchoosetotrusteachother

andthecommunicationchanneltheyareusing.Inmanysituations,itisimpracticalanddangeroustoarbitrarilytrustanindividualyoudonotknow,andthisiswhenthecomponentsofaPKImustfallintoplace—toprovidethenecessaryleveloftrustyoucannot,orchoosenotto,provideonyourown.

ExamTip:PKIsarecomposedofseveralelements:

•Certificates(containingkeys)

•Certificateauthorities(CAs)•Registrationauthorities(RAs)•Certificaterevocationlists(CRLs)•Trustmodels

Whatdoesthe“infrastructure”in“publickeyinfrastructure”reallymean?Aninfrastructureprovidesasustaininggroundworkuponwhichotherthingscanbebuilt.Soaninfrastructureworksatalowleveltoprovideapredictableanduniformenvironmentthatallowsother,higher-leveltechnologiestoworktogetherthroughuniformaccesspoints.Theenvironmentthattheinfrastructureprovidesallowsthesehigher-levelapplicationstocommunicatewitheachotherandgivesthemtheunderlyingtoolstocarryouttheirtasks.

CertificateAuthoritiesAcertificateauthority(CA)isatrustedauthoritythatcertifiesindividuals’identitiesandcreateselectronicdocumentsindicatingthatindividualsarewhotheysaytheyare.Theelectronicdocumentisreferredtoasadigitalcertificate,anditestablishesanassociationbetweenthesubject’sidentityandapublickey.Theprivatekeythatispairedwiththepublickeyinthecertificateisstoredseparately.

AsnotedinChapter5,itisimportanttosafeguardtheprivatekey.Typically,itshouldneverleavethemachineordevicewhereitwascreated.

ACAismorethanjustapieceofsoftware,however;itisactuallymadeupofthesoftware,hardware,procedures,policies,andpeoplewhoareinvolvedinvalidatingindividuals’identitiesandgeneratingthecertificates.Thismeansthatifoneofthesecomponentsiscompromised,itcannegativelyaffecttheCAoverallandcanthreatentheintegrityofthecertificatesitproduces.

CrossCheckCertificatesStoredonaClientPCCertificatesarestoredonuserPCs.Chapter17coverstheuseoftheInternetandassociatedmaterials,includingtheuseofcertificatesbywebbrowsers.TakeamomenttoexplorethecertificatesstoredonyourPCbyyourbrowser.Tounderstandthedetailsbehindhowcertificatesarestoredandmanaged,thereaderisdirectedtothedetailsinChapter17.

EveryCAshouldhaveacertificationpracticesstatement(CPS)thatoutlineshowidentitiesareverified;thestepstheCAfollowstogenerate,maintain,andtransmitcertificates;andwhytheCAcanbetrustedtofulfillitsresponsibilities.TheCPSdescribeshowkeysaresecured,whatdataisplacedwithina

digitalcertificate,andhowrevocationswillbehandled.IfacompanyisgoingtouseanddependonapublicCA,thecompany’ssecurityofficers,administrators,andlegaldepartmentshouldreviewtheCA’sentireCPStoensurethatitwillproperlymeetthecompany’sneeds,andtomakesurethatthelevelofsecurityclaimedbytheCAishighenoughfortheiruseandenvironment.AcriticalaspectofaPKIisthetrustbetweentheusersandtheCA,sotheCPSshouldbereviewedandunderstoodtoensurethat

thisleveloftrustiswarranted.Thecertificateserveristheactualservicethatissuescertificatesbased

onthedataprovidedduringtheinitialregistrationprocess.Theserverconstructsandpopulatesthedigitalcertificatewiththenecessaryinformationandcombinestheuser’spublickeywiththeresultingcertificate.ThecertificateisthendigitallysignedwiththeCA’sprivatekey.

TechTip

TrustingCAsThequestionofwhetheraCAcanbetrustedispartofthecontinuingdebateonhowmuchsecurityPKIsactuallyprovide.Overall,peopleputalotoffaithinCAs.ThecompaniesthatprovideCAservicesunderstandthisandalsounderstandthattheirbusinessisbasedontheirreputation.IfaCAwascompromisedordidnotfollowthroughonitsvariousresponsibilities,wordwouldgetoutanditwouldquicklylosecustomersandbusiness.CAsworkdiligentlytoensurethatthereputationoftheirproductsandservicesremainsgoodbyimplementingverysecurefacilities,methods,procedures,andpersonnel.Butitisuptothecompanyorindividualtodeterminewhatdegreeoftrustcanactuallybegivenandwhatlevelofriskisacceptable.

RegistrationAuthoritiesAregistrationauthority(RA)isthePKIcomponentthatacceptsarequestforadigitalcertificateandperformsthenecessarystepsofregisteringandauthenticatingthepersonrequestingthecertificate.Theauthenticationrequirementsdifferdependingonthetypeofcertificatebeingrequested.MostCAsofferaseriesofclassesofcertificateswithincreasingtrustbyclass.ThespecificclassesaredescribedintheupcomingTechTipsidebar,“CertificateClasses.”Eachhigherclassofcertificatecancarryoutmorepowerfulandcritical

tasksthantheonebelowit.Thisiswhythedifferentclasseshavedifferentrequirementsforproofofidentity.IfyouwanttoreceiveaClass1

certificate,youmayonlybeaskedtoprovideyourname,e-mailaddress,andphysicaladdress.ForaClass2certification,youmayneedtoprovidetheRAwithmoredata,suchasyourdriver’slicense,passport,andcompanyinformation,thatcanbeverified.ToobtainaClass3certificate,youwillbeaskedtoprovideevenmoreinformationandmostlikelywillneedtogototheRA’sofficeforaface-to-facemeeting.EachCAwilloutlinethecertificationclassesitprovidesandtheidentificationrequirementsthatmustbemettoacquireeachtypeofcertificate.

TechTip

CertificateClassesThetypesofcertificatesavailablecanvarybetweendifferentCAs,butusuallyatleastthreedifferenttypesareavailable,andtheyarereferredtoasclasses:

Class1AClass1certificateisusuallyusedtoverifyanindividual’sidentitythroughe-mail.ApersonwhoreceivesaClass1certificatecanusehispublic/privatekeypairtodigitallysigne-mailandencryptmessagecontents.

Class2AClass2certificatecanbeusedforsoftwaresigning.Asoftwarevendorwouldregisterforthistypeofcertificatesothatitcoulddigitallysignitssoftware.Thisprovidesintegrityforthesoftwareafteritisdevelopedandreleased,anditallowsthereceiverofthesoftwaretoverifyfromwherethesoftwareactuallycame.

Class3AClass3certificatecanbeusedbyacompanytosetupitsownCA,whichwillallowittocarryoutitsownidentificationverificationandgeneratecertificatesinternally.

Inmostsituations,whenauserrequestsaClass1certificate,theregistrationprocesswillrequiretheusertoenterspecificinformationintoaweb-basedform.Thewebpagewillhaveasectionthatacceptstheuser’spublickey,oritwillsteptheuserthroughcreatingapublic/privatekeypair,whichwillallowtheusertochoosethesizeofthekeystobecreated.Oncethesestepshavebeencompleted,thepublickeyisattachedtothecertificateregistrationformandbothareforwardedtotheRAforprocessing.TheRAisresponsibleonlyfortheregistrationprocessandcannotactuallygenerateacertificate.OncetheRAisfinishedprocessing

therequestandverifyingtheindividual’sidentity,theRAsendstherequesttotheCA.TheCAusestheRA-providedinformationtogenerateadigitalcertificate,integratesthenecessarydataintothecertificatefields(useridentificationinformation,publickey,validitydates,properuseforthekeyandcertificate,andsoon),andsendsacopyofthecertificatetotheuser.ThesestepsareshowninFigure6.3.Thecertificatemayalsobepostedtoapubliclyaccessibledirectorysothatotherscanaccessit.

•Figure6.3Stepsforobtainingadigitalcertificate

Notethata1:1correspondencedoesnotnecessarilyexistbetweenidentitiesandcertificates.Anentitycanhavemultiplekeypairs,usingseparatepublickeysforseparatepurposes.Thus,anentitycanhavemultiplecertificates,eachattestingtoseparatepublickeyownership.Itisalsopossibletohavedifferentclassesofcertificates,againwithdifferentkeys.Thisflexibilityallowsentitiestotaldiscretioninhowtheymanagetheirkeys,andthePKImanagesthecomplexitybyusingaunifiedprocessthatallowskeyverificationthroughacommoninterface.Ifanapplicationcreatesakeystorethatcanbeaccessedbyother

applications,itwillprovideastandardizedinterface,calledtheapplicationprogramminginterface(API).Asanexample,Figure6.4showsthatapplicationAwentthroughtheprocessofregisteringacertificateandgeneratingakeypair.Itcreatedakeystorethatprovidesaninterfacetoallowotherapplicationstocommunicatewithitandusetheitemsheldwithinthestore.Thelocalkeystoreisjustonelocationwheretheseitemscanbeheld.

Oftenthedigitalcertificateandpublickeyarealsostoredinacertificaterepository(asdiscussedinthe“CertificateRepositories”sectionofthischapter)sothatitisavailabletoasubsetofindividuals.

•Figure6.4Somekeystorescanbesharedbydifferentapplications.

ExamTip:TheRAverifiestheidentityofthecertificaterequestoronbehalfoftheCA.TheCAgeneratesthecertificateusinginformationforwardedbytheRA.

LocalRegistrationAuthoritiesAlocalregistrationauthority(LRA)performsthesamefunctionsasan

RA,buttheLRAisclosertotheendusers.ThiscomponentisusuallyimplementedincompaniesthathavetheirowninternalPKIsandhavedistributedsites.EachsitehasusersthatneedRAservices,soinsteadofrequiringthemtocommunicatewithonecentralRA,eachsitecanhaveitsownLRA.Thisreducestheamountoftrafficthatwouldbecreatedbyseveralusersmakingrequestsacrosswideareanetwork(WAN)lines.TheLRAperformsidentification,verification,andregistrationfunctions.Itthensendstherequest,alongwiththeuser’spublickey,toacentralizedCAsothatthecertificatecanbegenerated.ItactsasaninterfacebetweentheusersandtheCA.LRAssimplifytheRA/CAprocessforentitiesthatdesirecertificatesonlyforin-houseuse.

TechTip

SharingKeyStoresDifferentapplicationsfromthesamevendormaysharekeystores.MicrosoftapplicationskeepuserkeysandcertificatesinaRegistryentrywithinthatuser’sprofile.Theapplicationscanthensaveandretrievethemfromthissinglelocationorkeystore.OtherapplicationscouldalsousethesamekeysiftheyknewwheretheywerestoredbyusingRegistryAPIcalls.

DigitalCertificatesAdigitalcertificatebindsanindividual’sidentitytoapublickey,anditcontainsalltheinformationareceiverneedstobeassuredoftheidentityofthepublickeyowner.AfteranRAverifiesanindividual’sidentity,theCAgeneratesthedigitalcertificate,buthowdoestheCAknowwhattypeofdatatoinsertintothecertificate?ThecertificatesarecreatedandformattedbasedontheX.509standard,

whichoutlinesthenecessaryfieldsofacertificateandthepossiblevaluesthatcanbeinsertedintothefields.Asofthiswriting,X.509version3isthemostcurrentversionofthestandard.X.509isastandardoftheInternationalTelecommunicationUnion(www.itu.int).TheIETF’sPublic

KeyInfrastructure(X.509),orPKIX,workinggrouphasadaptedtheX.509standardtothemoreflexibleorganizationoftheInternet,asspecifiedinRFC5280,andiscommonlyreferredtoasPKIXforPublicKeyInfrastructureX.509.Table6.1listsanddescribesthefieldsinanX.509certificate.

Table6.1 X.509CertificateFields

Figure6.5showstheactualvaluesofthedifferentcertificatefieldsforaparticularcertificateinInternetExplorer.TheversionofthiscertificateisV3(X.509v3)andtheserialnumberisalsolisted—thisnumberisuniqueforeachcertificatethatiscreatedbyaspecificCA.TheCAusedtheMD5hashingalgorithmtocreatethemessagedigestvalueandthensigneditusingtheCA’sprivatekeyusingtheRSAalgorithm.TheactualCAthatissuedthecertificateisRootSGCAuthority,andthevaliddatesindicatehowlongthiscertificateisvalid.ThesubjectisMSSGCAuthority,whichistheentitythatregisteredthiscertificateandthatisboundtotheembeddedpublickey.Theactualpublickeyisshowninthelowerwindowandisrepresentedinhexadecimal.

•Figure6.5Fieldswithinadigitalcertificate

Thesubjectofacertificateiscommonlyaperson,butitdoesnothavetobe.Thesubjectcanalsobeanetworkdevice(router,webserver,firewall,andsoon),anapplication,adepartment,oracompany.Eachhasitsownidentitythatneedstobeverifiedandproventoanotherentitybeforesecure,trustedcommunicationcanbeinitiated.Ifanetworkdeviceisusingacertificateforauthentication,thecertificatemaycontaintheidentityofthatdevice.Thisallowsauserofthedevicetoverifyitsauthenticitybasedonthesignedcertificateandtrustinthesigningauthority.Thistrustcanbetransferredtotheidentityofthedeviceindicatingauthenticity.

TechTip

X.509DigitalCertificateExtensionsFollowingaresomekeyexamplesofcertificateextensions:

DigitalSignatureThekeyusedtoverifyadigitalsignature

KeyEnciphermentThekeyusedtoencryptotherkeysusedforsecurekeydistribution

DataEnciphermentThekeyusedtoencryptdata,whichcannotbeusedtoencryptotherkeys

CRLSignThekeyusedtoverifyaCAsignatureonaCRL

KeyCertSignThekeyusedtoverifyCAsignaturesoncertificates

NonRepudiationThekeyusedwhenanonrepudiationserviceisbeingprovided

CertificateExtensionsCertificateextensionsallowforfurtherinformationtobeinsertedwithinthecertificate,whichcanbeusedtoprovidemorefunctionalityinaPKIimplementation.Certificateextensionscanbestandardorprivate.StandardcertificateextensionsareimplementedforeveryPKI

implementation.Privatecertificateextensionsaredefinedforspecificorganizations(ordomainswithinoneorganization),andtheyallowcompaniestofurtherdefinedifferent,specificusesfordigitalcertificatestobestfittheirbusinessneeds.Severaldifferentextensionscanbeimplemented,onebeingkeyusage

extensions,whichdictatehowthepublickeythatisheldwithinthecertificatecanbeused.Rememberthatpublickeyscanbeusedfordifferentfunctions:symmetrickeyencryption,dataencryption,verifyingdigitalsignatures,andmore.Anonrepudiationservicecanbeprovidedbyathird-partynotary.Inthis

situation,thesender’sdigitalsignatureisverifiedandthensignedbythenotarysothatthesendercannotlaterdenysigningandsendingthemessage.Thisisbasicallythesamefunctionperformedbyatraditionalnotaryusingpaper—validatethesender’sidentityandvalidatethetimeanddateofanitembeingsignedandsent.Thisisrequiredwhenthereceiverneedstobereallysureofthesender’sidentityandwantstobelegallyprotectedagainstpossiblefraudorforgery.Ifacompanyneedstobesurethataccountablenonrepudiationservices

willbeprovided,atrustedtimesourceneedstobeused,whichcanbeatrustedthirdpartycalledatimestampauthority(TSA).Usingatrustedtimesourcegivesusersahigherlevelofconfidenceastowhenspecificmessagesweredigitallysigned.Forexample,supposeBarrysendsRonamessageanddigitallysignsit,andRonlatercivillysuesBarryoveradispute.ThisdigitallysignedmessagemaybesubmittedbyRonasevidencepertainingtoanearlieragreementthatBarrynowisnotfulfilling.IfatrustedtimesourcewasnotusedintheirPKIenvironment,Barrycouldclaimthathisprivatekeyhadbeencompromisedbeforethatmessagewassent.Ifatrustedtimesourcewasimplemented,thenitcouldbeshownthatthemessagewassignedbeforethedateonwhichBarryclaimshiskeywascompromised.Ifatrustedtimesourceisnotused,noactivitythatwascarriedoutwithinaPKIenvironmentcanbetrulyprovenbecauseitissoeasytochangesystemandsoftwaretimesettings.

TechTip

CriticalFlagandCertificateUsageWhenanextensionismarkedascritical,itmeansthattheCAiscertifyingthekeyforonlythatspecificpurpose.IfJoereceivesacertificatewithaDigitalSignaturekeyusageextensionandthecriticalflagisset,Joecanusethepublickeyonlywithinthatcertificatetovalidatedigitalsignatures,andnomore.Iftheextensionwasmarkedasnoncritical,thekeycanbeusedforpurposesoutsideofthoselistedintheextensions,sointhiscaseitisuptoJoe(andhisapplications)todecidehowthekeywillbeused.

CriticalandNoncriticalExtensionsCertificateextensionsareconsideredeithercriticalornoncritical,whichisindicatedbyaspecificflagwithinthecertificateitself.Whenthisflagissettocritical,itmeansthattheextensionmustbeunderstoodandprocessedbythereceiver.Ifthereceiverisnotconfiguredtounderstandaparticularextensionmarkedascritical,andthuscannotprocessitproperly,thecertificatecannotbeusedforitsproposedpurpose.Iftheflagdoesnotindicatethattheextensioniscritical,thecertificatecanbeusedfortheintendedpurpose,evenifthereceiverdoesnotprocesstheappendedextension.

CertificateAttributesFourmaintypesofcertificatesareused:

End-entitycertificates

CAcertificates

Cross-certificationcertificates

Policycertificates

End-entitycertificatesareissuedbyaCAtoaspecificsubject,suchas

Joyce,theAccountingdepartment,orafirewall,asillustratedinFigure6.6.Anend-entitycertificateistheidentitydocumentprovidedbyPKIimplementations.

•Figure6.6End-entityandCAcertificates

ACAcertificatecanbeself-signed,inthecaseofastandaloneorrootCA,oritcanbeissuedbyasuperiorCAwithinahierarchicalmodel.InthemodelinFigure6.6,thesuperiorCAgivestheauthorityandallowsthesubordinateCAtoacceptcertificaterequestsandgeneratetheindividualcertificatesitself.ThismaybenecessarywhenacompanyneedstohavemultipleinternalCAs,anddifferentdepartmentswithinanorganizationneedtohavetheirownCAsservicingtheirspecificend-entitiesintheirsections.Inthesesituations,arepresentativefromeachdepartmentrequiringaCAregisterswiththehighertrustedCAandrequestsaCertificateAuthoritycertificate.(PublicandprivateCAsarediscussedinthe“PublicCertificateAuthorities”and“In-HouseCertificateAuthorities”sectionslaterinthischapter,asarethedifferenttrustmodelsthatareavailableforcompanies.)Across-certificationcertificate,orcross-certificate,isusedwhen

independentCAsestablishpeer-to-peertrustrelationships.Simplyput,cross-certificatesareamechanismthroughwhichoneCAcanissueacertificateallowingitsuserstotrustanotherCA.WithinsophisticatedCAsusedforhigh-securityapplications,a

mechanismisrequiredtoprovidecentrallycontrolledpolicyinformationtoPKIclients.Thisisoftendonebyplacingthepolicyinformationinapolicycertificate.

CertificateLifecyclesKeysandcertificatesshouldhavelifetimesettingsthatforcetheusertoregisterforanewcertificateafteracertainamountoftime.Determiningtheproperlengthoftheselifetimesisatrade-off:shorterlifetimeslimittheabilityofattackerstocrackthem,butlongerlifetimeslowersystemoverhead.More-sophisticatedPKIimplementationsperformautomatedandoftentransparentkeyupdatestoavoidthetimeandexpenseofhavingusersregisterfornewcertificateswhenoldonesexpire.

Thismeansthatthecertificateandkeypairhasalifecyclethatmustbemanaged.Certificatemanagementinvolvesadministratingandmanagingeachofthesephases,includingregistration,certificateandkeygeneration,renewal,andrevocation.AdditionalmanagementfunctionsincludeCRLdistribution,certificatesuspension,andkeydestruction.

Settingcertificatelifetimeswayintothefutureandusingthemforlongperiodsoftimeprovidesattackerswithextendedwindowstoattackthecryptography.AsstatedinChapter5,cryptographymerelybuystimeagainstanattacker;itisneveranabsoluteguarantee.

RegistrationandGenerationAkeypair(publicandprivatekeys)canbegeneratedlocallybyanapplicationandstoredinalocalkeystoreontheuser’sworkstation.Thekeypaircanalsobecreatedbyacentralkey-generationserver,whichwillrequiresecuretransmissionofthekeystotheuser.Thekeypairthatiscreatedonthecentralizedservercanbestoredontheuser’sworkstationorontheuser’ssmartcard,whichwillallowformoreflexibilityandmobility.Theactofverifyingthatanindividualindeedhasthecorresponding

privatekeyforagivenpublickeyisreferredtoasproofofpossession.Notallpublic/privatekeypairscanbeusedfordigitalsignatures,soaskingtheindividualtosignamessageandreturnittoprovethatshehasthenecessaryprivatekeywillnotalwayswork.Ifakeypairisusedforencryption,theRAcansendachallengevaluetotheindividual,who,inturn,canuseherprivatekeytoencryptthatvalueandreturnittotheRA.IftheRAcansuccessfullydecryptthisvaluewiththepublickeythatwasprovidedearlier,theRAcanbeconfidentthattheindividualhasthenecessaryprivatekeyandcancontinuethroughtherestoftheregistrationphase.

Keyregenerationandreplacementisusuallydonetoprotectagainstthesetypesofthreats,althoughastheprocessingpowerofcomputersincreasesandourknowledgeofcryptographyandnewpossiblecryptanalysis-basedattacksexpands,keylifetimesmaydrasticallydecrease.Aswitheverythingwithinthesecurityfield,itisbettertobesafenowthantobesurprisedlaterandsorry.

ExamTip:Goodkeymanagementandproperkeyreplacementintervalsprotectkeysfrombeingcompromisedthroughhumanerror.Choosingalargekeysizemakesabrute-forceattackmoredifficult.

ThePKIadministratorusuallyconfigurestheminimumrequiredkeysizethatusersmustusetohaveakeygeneratedforthefirsttime,andthenforeachrenewal.Inmostapplications,thereisadrop-downlistofpossiblealgorithmstochoosefrom,andpossiblekeysizes.Thekeysizeshouldprovidethenecessarylevelofsecurityforthecurrentenvironment.Thelifetimeofthekeyshouldbelongenoughthatcontinualrenewalwillnotnegativelyaffectproductivity,butshortenoughtoensurethatthekeycannotbesuccessfullycompromised.

TechTip

Centralizedvs.LocalKeyGenerationInmostmodernPKIimplementations,usershavetwokeypairs.Onekeypairisoftengeneratedbyacentralserverandusedforencryptionandkeytransfers.ThisallowsthecorporatePKItoretainacopyoftheencryptionkeypairforrecovery,ifnecessary.Thesecondkeypair,adigitalsignaturekeypair,isusuallygeneratedbytheusertomakesurethatsheistheonlyonewithacopyoftheprivatekey.Nonrepudiationcanbechallengedifthereisanydoubtaboutsomeoneelseobtainingacopyofanindividual’ssignatureprivatekey.Ifthekeypairwascreatedonacentralizedserver,thatcouldweakenthecasethattheindividualwastheonlyonewhohadacopyofherprivatekey.Ifacopyofauser’ssignatureprivatekeyisstoredanywhereotherthaninherpossession,orifthereisapossibilityofsomeoneobtainingtheuser’skey,thentruenonrepudiationcannotbeprovided.

CSRAcertificatesigningrequest(CSR)istheactualrequesttoaCAcontainingapublickeyandtherequisiteinformationneededtogenerateacertificate.TheCSRcontainsalloftheidentifyinginformationthatistobeboundtothekeybythecertificategenerationprocess.

RenewalThecertificateitselfhasitsownlifetime,whichcanbedifferentfromthekeypair’slifetime.Thecertificate’slifetimeisspecifiedbythevaliditydatesinsertedintothedigitalcertificate.Thesearebeginningandendingdatesindicatingthetimeperiodduringwhichthecertificateisvalid.Thecertificatecannotbeusedbeforethestartdate,andoncetheenddateismet,thecertificateisexpiredandanewcertificatewillneedtobeissued.ArenewalprocessisdifferentfromtheregistrationphaseinthattheRA

assumesthattheindividualhasalreadysuccessfullycompletedoneregistrationround.Ifthecertificatehasnotactuallybeenrevoked,theoriginalkeysandcertificatecanbeusedtoprovidethenecessaryauthenticationinformationandproofofidentityfortherenewalphase.Thecertificatemayormaynotneedtochangeduringtherenewal

process;thisusuallydependsonwhytherenewalistakingplace.Ifthecertificatejustexpiredandthekeyswillstillbeusedforthesamepurpose,anewcertificatecanbegeneratedwithnewvaliditydates.If,however,thekeypairfunctionalityneedstobeexpandedorrestricted,newattributesandextensionsmayneedtobeintegratedintothenewcertificate.Thesenewfunctionalitiesmayrequiremoreinformationtobegatheredfromtheindividualrenewingthecertificate,especiallyiftheclasschangesorthenewkeyusesallowformorepowerfulabilities.Thisrenewalprocessisrequiredwhenthecertificatehasfulfilledits

lifetimeanditsendvaliditydatehasbeenmet.

SuspensionWhentheownerofacertificatewishestomarkacertificateasnolongervalidpriortoitsnaturalexpiration,twochoicesexist:revocationandsuspension.Revocation,discussedinthenextsection,isanactionwithapermanentoutcome.Insteadofbeingrevoked,acertificatecanbesuspended,meaningitistemporarilyputonhold.If,forexample,Bobistakinganextendedvacationandwantstoensurethathiscertificatewillnotbecompromisedorusedduringthattime,hecanmakeasuspensionrequesttotheCA.TheCRLwouldlistthiscertificateanditsserialnumber,andinthefieldthatdescribeswhythecertificateisrevoked,itwouldinsteadindicateaholdstate.OnceBobreturnstowork,hecanmakearequesttotheCAtoremovehiscertificatefromthelist.

ExamTip:Acertificatesuspensioncanbeausefulprocesstoolwhileinvestigatingwhetherornotacertificateshouldbeconsideredtobevalid.

Anotherreasontosuspendacertificateisifanadministratorissuspiciousthataprivatekeymighthavebeencompromised.Whiletheissueisunderinvestigation,thecertificatecanbesuspendedtoensurethatitcannotbeused.

Relyingonanexpirationdateonacertificateto“destroy”theutilityofakeywillnotwork.Anewcertificatecanbeissuedwithan“extendeddate.”Toendtheuseofakeyset,anentryinaCRListheonlysurewaytopreventreissuanceandre-datingofacertificate.

Revocation

Acertificatecanberevokedwhenitsvalidityneedstobeendedbeforeitsactualexpirationdateismet,andthiscanoccurformanyreasons:forexample,ausermayhavelostalaptoporasmartcardthatstoredaprivatekey;animpropersoftwareimplementationmayhavebeenuncoveredthatdirectlyaffectedthesecurityofaprivatekey;ausermayhavefallenvictimtoasocialengineeringattackandinadvertentlygivenupaprivatekey;dataheldwithinthecertificatemaynolongerapplytothespecifiedindividual;orperhapsanemployeeleftacompanyandshouldnotbeidentifiedasamemberofanin-housePKIanylonger.Inthelastinstance,thecertificate,whichwasboundtotheuser’skeypair,identifiedtheuserasanemployeeofthecompany,andtheadministratorwouldwanttoensurethatthekeypaircouldnotbeusedinthefuturetovalidatethisperson’saffiliationwiththecompany.Revokingthecertificatedoesthis.

Oncerevoked,acertificatecannotbereinstated.Thisistopreventanunauthorizedreinstatementbysomeonewhohasunauthorizedaccesstothekey(s).Akeypaircanbereinstatedforusebyissuinganewcertificateifatalatertimethekeysarefoundtobesecure.Theoldcertificatewouldstillbevoid,butthenewonewouldbevalid.

Ifanyofthesethingshappens,auser’sprivatekeyhasbeencompromisedorshouldnolongerbemappedtotheowner’sidentity.Adifferentindividualmayhaveaccesstothatuser’sprivatekeyandcoulduseittoimpersonateandauthenticateastheoriginaluser.Iftheimpersonatorusedthekeytodigitallysignamessage,thereceiverwouldverifytheauthenticityofthesenderbyverifyingthesignaturebyusingtheoriginaluser’spublickey,andtheverificationwouldgothroughperfectly—thereceiverwouldbelieveitcamefromthepropersenderandnottheimpersonator.Ifreceiverscouldlookatalistofcertificatesthathadbeenrevokedbeforeverifyingthedigitalsignature,however,theywouldknownottotrustthedigitalsignaturesonthelist.Becauseofissuesassociatedwiththeprivatekeybeingcompromised,revocationispermanentandfinal

—oncerevoked,acertificatecannotbereinstated.Ifreinstatementwasallowedandauserrevokedhiscertificate,thentheunauthorizedholderoftheprivatekeycoulduseittorestorethecertificatevalidity.

ExamTip:Acertificatecannotbeassumedtobevalidwithoutcheckingforrevocationbeforeeachuse.

CertificateRevocationListTheCAprovidesprotectionagainstimpersonationandsimilarfraudbymaintainingacertificaterevocationlist(CRL),alistofserialnumbersofcertificatesthathavebeenrevoked.TheCRLalsocontainsastatementindicatingwhytheindividualcertificateswererevokedandadatewhentherevocationtookplace.ThelistusuallycontainsallcertificatesthathavebeenrevokedwithinthelifetimeoftheCA.Certificatesthathaveexpiredarenotthesameasthosethathavebeenrevoked.Ifacertificatehasexpired,itmeansthatitsendvaliditydatewasreached.TheformatoftheCRLmessageisalsodefinedbyX.509.Thelistissigned,topreventtampering,andcontainsinformationoncertificatesthathavebeenrevokedandthereasonsfortheirrevocation.Theselistscangrowquitelong,andassuch,thereareprovisionsfordatetimestampingthelistandforissuingdeltalists,whichshowchangessincethelastlistwasissued.

TechTip

CRLReasonCodesPertheX.509v2CRLstandard,thefollowingreasonsforrevocationareused:

TheCAistheentitythatisresponsibleforthestatusofthecertificatesitgenerates;itneedstobetoldofarevocation,anditmustprovidethisinformationtoothers.TheCAisresponsibleformaintainingtheCRLandpostingitinapubliclyavailabledirectory.

ExamTip:Thecertificaterevocationlistisanessentialitemtoensureacertificateisstillvalid.CAspostCRLsinpubliclyavailabledirectoriestopermitautomatedcheckingofcertificatesagainstthelistbeforecertificateusebyaclient.AusershouldnevertrustacertificatethathasnotbeencheckedagainsttheappropriateCRL.

Weneedtohavesomesysteminplacetomakesurepeoplecannot

arbitrarilyhaveothers’certificatesrevoked,whetherforrevengeorformaliciouspurposes.Whenarevocationrequestissubmitted,theindividualsubmittingtherequestmustbeauthenticated.Otherwise,thiscouldpermitatypeofdenial-of-serviceattack,inwhichsomeonehasanotherperson’scertificaterevoked.Theauthenticationcaninvolveanagreed-uponpasswordthatwascreatedduringtheregistrationprocess,butauthenticationshouldnotbebasedontheindividualprovingthathehasthecorrespondingprivatekey,becauseitmayhavebeenstolen,andtheCAwouldbeauthenticatinganimposter.TheCRL’sintegrityneedstobeprotectedtoensurethatattackers

cannotmodifydatapertainingtoarevokedcertificationonthelist.Ifthiswereallowedtotakeplace,anyonewhostoleaprivatekeycouldjustdeletethatkeyfromtheCRLandcontinuetousetheprivatekeyfraudulently.Theintegrityofthelistalsoneedstobeprotectedtoensurethatbogusdataisnotaddedtoit.Otherwise,anyonecouldaddanotherperson’scertificatetothelistandeffectivelyrevokethatperson’scertificate.TheonlyentitythatshouldbeabletomodifyanyinformationontheCRListheCA.ThemechanismusedtoprotecttheintegrityofaCRLisadigital

signature.TheCA’srevocationservicecreatesadigitalsignaturefortheCRL,asshowninFigure6.7.Tovalidateacertificate,theuseraccessesthedirectorywheretheCRLisposted,downloadsthelist,andverifiestheCA’sdigitalsignaturetoensurethattheproperauthoritysignedthelistandtoensurethatthelistwasnotmodifiedinanunauthorizedmanner.Theuserthenlooksthroughthelisttodeterminewhethertheserialnumberofthecertificatethatheistryingtovalidateislisted.Iftheserialnumberisonthelist,theprivatekeyshouldnolongerbetrusted,andthepublickeyshouldnolongerbeused.Thiscanbeacumbersomeprocess,soithasbeenautomatedinseveralways,whicharedescribedinthenextsection.

•Figure6.7TheCAdigitallysignstheCRLtoprotectitsintegrity.

Oneconcernishowup-to-datetheCRLis—howoftenisitupdatedanddoesitactuallyreflectallthecertificatescurrentlyrevoked?TheactualfrequencywithwhichthelistisupdateddependsupontheCAanditscertificationpracticesstatement(CPS).Itisimportantthatthelistisupdatedinatimelymannersothatanyoneusingthelisthasthemostcurrentinformation.

CRLDistributionCRLfilescanberequestedbyindividualswhoneedtoverifyandvalidateanewlyreceivedcertificate,orthefilescanbeperiodicallypusheddown

(sent)toallusersparticipatingwithinaspecificPKI.ThismeanstheCRLcanbepulled(downloaded)byindividualuserswhenneededorpusheddowntoalluserswithinthePKIonatimedinterval.TheactualCRLfilecangrowsubstantially,andtransmittingthisfile

andrequiringPKIclientsoftwareoneachworkstationtosaveandmaintainitcanusealotofresources,sothesmallertheCRLis,thebetter.ItisalsopossibletofirstpushdownthefullCRLandsubsequentlypushdownonlydeltaCRLs,whichcontainonlythechangestotheoriginalorbaseCRL.ThiscangreatlyreducetheamountofbandwidthconsumedwhenupdatingCRLs.

TechTip

AuthorityRevocationListsInsomePKIimplementations,aseparaterevocationlistismaintainedforCAkeysthathavebeencompromisedorshouldnolongerbetrusted.Thislistisknownasanauthorityrevocationlist(ARL).IntheeventthataCA’sprivatekeyiscompromisedoracross-certificationiscancelled,therelevantcertificate’sserialnumberisincludedintheARL.AclientcanreviewanARLtomakesuretheCA’spublickeycanstillbetrusted.

InimplementationswheretheCRLsarenotpusheddowntoindividualsystems,theusers’PKIsoftwareneedstoknowwheretolookforthepostedCRLthatrelatestothecertificateitistryingtovalidate.ThecertificatemighthaveanextensionthatpointsthevalidatingusertothenecessaryCRLdistributionpoint.Thenetworkadministratorsetsupthedistributionpoints,andoneormorepointscanexistforaparticularPKI.Thedistributionpointholdsoneormorelistscontainingtheserialnumbersofrevokedcertificates,andtheuser’sPKIsoftwarescansthelist(s)fortheserialnumberofthecertificatetheuserisattemptingtovalidate.Iftheserialnumberisnotpresent,theuserisassuredthatithasnotbeenrevoked.Thisapproachhelpspointuserstotherightresourceandalsoreducestheamountofinformationthatneedstobescannedwhencheckingthatacertificatehasnotbeenrevoked.

OnlineCertificateStatusProtocol(OCSP)OnelastoptionforcheckingdistributedCRLsisanonlineservice.Whenaclientuserneedstovalidateacertificateandensurethatithasnotbeenrevoked,hecancommunicatewithanonlineservicethatwillquerythenecessaryCRLsavailablewithintheenvironment.ThisservicecanquerythelistsfortheclientinsteadofpushingdownthefullCRLtoeachandeverysystem.SoifJoereceivesacertificatefromStacy,hecancontactanonlineserviceandsendtoittheserialnumberlistedinthecertificateStacysent.TheonlineservicewouldquerythenecessaryCRLsandrespondtoJoe,indicatingwhetherornotthatserialnumberwaslistedasbeingrevoked.OneoftheprotocolsusedforonlinerevocationservicesistheOnline

CertificateStatusProtocol(OCSP),arequestandresponseprotocolthatobtainstheserialnumberofthecertificatethatisbeingvalidatedandreviewsrevocationlistsfortheclient.Theprotocolhasaresponderservicethatreportsthestatusofthecertificatebacktotheclient,indicatingwhetherithasbeenrevoked,isvalid,orhasanunknownstatus.Thisprotocolandservicesavestheclientfromhavingtofind,download,andprocesstherightlists.

ExamTip:CertificaterevocationchecksaredoneeitherbyexaminingtheCRLorbyusingOCSPtoseeifacertificatehasbeenrevoked.

KeyDestructionKeypairsandcertificateshavesetlifetimes,meaningthattheywillexpireatsomespecifiedtime.Itisimportantthatthecertificatesandkeysareproperlydestroyedwhenthattimecomes,whereverthekeysarestored(onusers’workstations,centralizedkeyservers,USBtokendevices,smartcards,andsoon).

TechTip

HistoricalRetentionofCertificatesNotethatinmodernPKIs,encryptionkeypairsusuallymustberetainedlongaftertheyexpiresothatuserscandecryptinformationthatwasencryptedwiththeoldkeys.Forexample,ifBobencryptsadocumentusinghiscurrentkeyandthekeysareupdatedthreemonthslater,Bob’ssoftwaremustmaintainacopyoftheoldkeysohecanstilldecryptthedocument.InthePKIworld,thisissueisreferredtoaskeyhistorymaintenance.

Thegoalistomakesurethatnoonecangainaccesstoakeyafteritslifetimehasendedandusethatkeyformaliciouspurposes.Anattackermightusethekeytodigitallysignorencryptamessagewiththehopesoftrickingsomeoneelseabouthisidentity(thiswouldbeanexampleofaman-in-themiddleattack).Also,iftheattackerisperformingsometypeofbrute-forceattackonyourcryptosystem,tryingtofigureoutspecifickeysthatwereusedforencryptionprocesses,obtaininganoldkeycouldgivehimmoreinsightintohowyourcryptosystemgenerateskeys.Thelessinformationyousupplytopotentialhackers,thebetter.

CertificateRepositoriesOncetherequestor’sidentityhasbeenproven,acertificateisregisteredwiththepublicsideofthekeypairprovidedbytherequestor.PublickeysmustbeavailabletoanybodywhorequiresthemtocommunicatewithinaPKIenvironment.Thesekeys,andtheircorrespondingcertificates,areusuallyheldinapubliclyavailablerepository.Certificaterepositoryisageneraltermthatdescribesacentralizeddirectorythatcanbeaccessedbyasubsetofindividuals.ThedirectoriesareusuallyLightweightDirectoryAccessProtocol(LDAP)–compliant,meaningthattheycanbeaccessedandsearchedviaanLDAPqueryfromanLDAPclient.Whenanindividualinitializescommunicationwithanother,thesender

cansendhercertificateandpublickeytothereceiver,whichwillallowthe

receivertocommunicatewiththesenderusingencryptionordigitalsignatures(orboth)withoutneedingtotrackdownthenecessarypublickeyinacertificaterepository.Thisisequivalenttothesendersaying,“Ifyouwouldliketoencryptanyfuturemessagesyousendtome,orifyouwouldliketheabilitytoverifymydigitalsignature,herearethenecessarycomponents.”Butifapersonwantstoencryptthefirstmessagesenttothereceiver,thesenderneedstofindthereceiver’spublickeyinacertificaterepository.

CrossCheckCertificatesandKeysCertificatesareastandardizedmethodofexchangingasymmetrickeyinformation.Tounderstandtheneedforcertificates,youshouldfirstbeabletoanswerthequestions:

WhatdoIneedapublickeyfor?

HowcanIgetsomeone’spublickey,andhowdoIknowitistheirs?

Forarefresheronhowpublicandprivatekeyscomeintoplaywithencryptionanddigitalsignatures,refertoChapter5.

Acertificaterepositoryisaholdingplaceforindividuals’certificatesandpublickeysthatareparticipatinginaparticularPKIenvironment.ThesecurityrequirementsforrepositoriesthemselvesarenotashighasthoseneededforactualCAsandfortheequipmentandsoftwareusedtocarryoutCAfunctions.SinceeachcertificateisdigitallysignedbytheCA,ifacertificatestoredinthecertificaterepositoryismodified,therecipientwillbeabletodetectthischangeandknownottoacceptthecertificateasvalid.

TrustandCertificateVerificationWeneedtouseaPKIifwedonotautomaticallytrustindividualswedonotknow.Securityisaboutbeingsuspiciousandbeingsafe,soweneeda

thirdpartythatwedotrusttovouchfortheotherindividualbeforeconfidencecanbeinstilledandsensitivecommunicationcantakeplace.ButwhatdoesitmeanthatwetrustaCA,andhowcanweusethistoouradvantage?WhenauserchoosestotrustaCA,shewilldownloadthatCA’sdigital

certificateandpublickey,whichwillbestoredonherlocalcomputer.MostbrowsershavealistofCAsconfiguredtobetrustedbydefault,sowhenauserinstallsanewwebbrowser,severalofthemostwell-knownandmosttrustedCAswillbetrustedwithoutanychangeofsettings.AnexampleofthislistingisshowninFigure6.8.

•Figure6.8BrowsershavealonglistofCAsconfiguredtobetrustedbydefault.

IntheMicrosoftCAPIenvironment,theusercanaddandremoveCAsfromthislistasneeded.Inproductionenvironmentsthatrequireahigherdegreeofprotection,thislistwillbepruned,andpossiblytheonlyCAslistedwillbethecompany’sinternalCAs.Thisensuresthatdigitallysignedsoftwarewillbeautomaticallyinstalledonlyifitwassignedbythecompany’sCA.Otherproducts,suchasEntrust,usecentrallycontrolledpoliciestodeterminewhichCAsaretobetrusted,insteadofexpectingtheusertomakethesecriticaldecisions.

TechTip

DistinguishedNamesAdistinguishednameisalabelthatfollowstheX.500standard.Thisstandarddefinesanamingconventionthatcanbeemployedsothateachsubjectwithinanorganizationhasauniquename.Anexampleis{Country=US,Organization=RealSecure,OrganizationalUnit=R&D,Location=Washington}.CAsusedistinguishednamestoidentifytheownersofspecificcertificates.

Anumberofstepsareinvolvedincheckingthevalidityofamessage.Suppose,forexample,thatMaynardreceivesadigitallysignedmessagefromJoyce,whohedoesnotknowortrust.Joycehasalsoincludedherdigitalcertificatewithhermessage,whichhasherpublickeyembeddedwithinit.BeforeMaynardcanbesureoftheauthenticityofthismessage,hehassomeworktodo.ThestepsareillustratedinFigure6.9.

•Figure6.9Stepsforverifyingtheauthenticityandintegrityofacertificate

First,MaynardseeswhichCAsignedJoyce’scertificateandcomparesittothelistofCAshehasconfiguredwithinhiscomputer.HetruststheCAsinhislistandnoothers.(IfthecertificatewassignedbyaCAthathedoesnothaveinthelist,hewouldnotacceptthecertificateasbeingvalid,andthushecouldnotbesurethatthismessagewasactuallysentfromJoyceorthattheattachedkeywasactuallyherpublickey.)

Becausecertificatesproducechainsoftrust,havinganunnecessarycertificateinyourcertificatestorecouldleadtotrustproblems.Bestpracticesindicatethatyoushouldunderstandthecertificatesinyourstore,andtheneedforeach.Whenindoubt,removeit.Ifitisneeded,youcanadditbacklater.

MaynardseesthattheCAthatsignedJoyce’scertificateisindeedinhislistoftrustedCAs,sohenowneedstoverifythatthecertificatehasnotbeenaltered.UsingtheCA’spublickeyandthedigestofthecertificate,Maynardcanverifytheintegrityofthecertificate.ThenMaynardcanbeassuredthatthisCAdidactuallycreatethecertificate,sohecannowtrusttheoriginofJoyce’scertificate.Theuseofdigitalsignaturesallowscertificatestobesavedinpublicdirectorieswithouttheconcernofthembeingaccidentallyorintentionallyaltered.Ifauserextractsacertificatefromarepositoryandcreatesamessagedigestvaluethatdoesnotmatchthedigitalsignatureembeddedwithinthecertificateitself,thatuserwillknowthatthecertificatehasbeenmodifiedbysomeoneotherthantheCA,andhewillknownottoacceptthevalidityofthecorrespondingpublickey.Similarly,anattackercouldnotcreateanewmessagedigest,encryptit,andembeditwithinthecertificatebecausehewouldnothaveaccesstotheCA’sprivatekey.

ButMaynardisnotdoneyet.HeneedstobesurethattheissuingCAhasnotrevokedthiscertificate.Thecertificatealsohasstartandstopdates,indicatingatimeduringwhichthecertificateisvalid.Ifthestartdatehasn’thappenedyetorthestopdatehasbeenpassed,thecertificateisnotvalid.Maynardreviewsthesedatestomakesurethecertificateisstilldeemedvalid.AnotherstepMaynardmaygothroughistocheckwhetherthis

certificatehasbeenrevokedforanyreason.Todoso,hewillrefertothecertificaterevocationlist(CRL)toseeifJoyce’scertificateislisted.HecouldchecktheCRLdirectlywiththeCAthatissuedthecertificateorviaaspecializedonlineservicethatsupportstheOnlineCertificateStatusProtocol(OCSP).(Certificaterevocationandlistdistributionwereexplainedinthe“CertificateLifecycles”section,earlierinthischapter.)

TechTip

ValidatingaCertificateThefollowingstepsarerequiredforvalidatingacertificate:

1.ComparetheCAthatdigitallysignedthecertificatetoalistofCAsthathavealreadybeenloadedintothereceiver’scomputer.

2.Calculateamessagedigestforthecertificate.3.UsetheCA’spublickeytodecryptthedigitalsignatureandrecoverwhatisclaimedtobe

theoriginalmessagedigestembeddedwithinthecertificate(validatingthedigitalsignature).

4.Comparethetworesultingmessagedigestvaluestoensuretheintegrityofthecertificate.5.Reviewtheidentificationinformationwithinthecertificate,suchasthee-mailaddress.6.Reviewthevaliditydates.7.Checkarevocationlisttoseeifthecertificatehasbeenrevoked.

MaynardnowtruststhatthiscertificateislegitimateandthatitbelongstoJoyce.Nowwhatdoesheneedtodo?ThecertificateholdsJoyce’spublickey,whichheneedstovalidatethedigitalsignaturesheappendedtohermessage,soMaynardextractsJoyce’spublickeyfromher

certificate,runshermessagethroughahashingalgorithm,andcalculatesamessagedigestvalueofX.HethenusesJoyce’spublickeytodecryptherdigitalsignature(rememberthatadigitalsignatureisjustamessagedigestencryptedwithaprivatekey).ThisdecryptionprocessprovideshimwithanothermessagedigestofvalueY.MaynardcomparesvaluesXandY,andiftheyarethesame,heisassuredthatthemessagehasnotbeenmodifiedduringtransmission.Thushehasconfidenceintheintegrityofthemessage.ButhowdoesMaynardknowthatthemessageactuallycamefromJoyce?Becausehecandecryptthedigitalsignatureusingherpublickey,whichindicatesthatonlytheassociatedprivatekeycouldhavebeenused.Thereisaminisculeriskthatsomeonecouldcreateanidenticalkeypair,butgiventheenormouskeyspaceforpublickeys,thisisimpractical.Thepublickeycanonlydecryptsomethingthatwasencryptedwiththerelatedprivatekey,andonlytheowneroftheprivatekeyissupposedtohaveaccesstoit.MaynardcanbesurethatthismessagecamefromJoyce.Afterallofthishereadshermessage,whichsays,“Hi.Howareyou?”

Allofthatworkjustforthismessage?Maynard’sbloodpressurewouldsurelygothroughtheroofifhehadtodoallofthisworkonlytoendupwithashortandnotveryusefulmessage.Fortunately,allofthisPKIworkisperformedwithoutuserinterventionandhappensbehindthescenes.Maynarddidn’thavetoexertanyenergy.Hesimplyreplies,“Fine.Howareyou?”

CentralizedandDecentralizedInfrastructuresKeysusedforauthenticationandencryptionwithinaPKIenvironmentcanbegeneratedinacentralizedordecentralizedmanner.Inadecentralizedapproach,softwareonindividualcomputersgeneratesandstorescryptographickeyslocaltothesystemsthemselves.Inacentralizedinfrastructure,thekeysaregeneratedandstoredonacentralserver,andthekeysaretransmittedtotheindividualsystemsasneeded.Youmightchooseonetypeovertheotherforseveralreasons.Ifacompanyusesanasymmetricalgorithmthatisresource-intensiveto

generatethepublic/privatekeypair,andiflarge(andresource-intensive)keysizesareneeded,thentheindividualcomputersmaynothavethenecessaryprocessingpowertoproducethekeysinanacceptablefashion.Inthissituation,thecompanycanchooseacentralizedapproachinwhichaveryhigh-endserverwithpowerfulprocessingabilitiesisused,probablyalongwithahardware-basedrandomnumbergenerator.Centralkeygenerationandstorageoffersotherbenefitsaswell.For

example,itismucheasiertobackupthekeysandimplementkeyrecoveryprocedureswithcentralstoragethanwithadecentralizedapproach.Implementingakeyrecoveryprocedureoneachandeverycomputerholdingoneormorekeypairsisdifficult,andmanyapplicationsthatgeneratetheirownkeypairsdonotusuallyinterfacewellwithacentralizedarchivesystem.Thismeansthatifacompanychoosestoallowitsindividualuserstocreateandmaintaintheirownkeypairsontheirseparateworkstations,norealkeyrecoveryprocedurecanbeputinplace.Thisputsthecompanyatrisk.Ifanemployeeleavestheorganizationorisunavailableforonereasonoranother,thecompanymaynotbeabletoaccessitsownbusinessinformationthatwasencryptedbythatemployee.Soacentralizedapproachseemslikethebestapproach,right?Well,the

centralizedmethodhassomedrawbackstoconsider,too.Securekeydistributionisatrickyevent.Thiscanbemoredifficultthanitsounds.Atechnologyneedstobeemployedthatwillsendthekeysinanencryptedmanner,ensurethekeys’integrity,andmakesurethatonlytheintendeduserisreceivingthekey.Also,theserverthatcentrallystoresthekeysneedstobehighly

availableandisapotentialsinglepointoffailure,sosometypeoffaulttoleranceorredundancymechanismmayneedtobeputintoplace.Ifthatoneservergoesdown,userscouldnotaccesstheirkeys,whichmightpreventthemfromproperlyauthenticatingtothenetwork,resources,andapplications.Also,sinceallthekeysareinoneplace,theserverisaprimetargetforanattacker—ifthecentralkeyserveriscompromised,thewholeenvironmentiscompromised.Oneotherissuepertainstohowthekeyswillactuallybeused.Ifa

public/privatekeypairisbeinggeneratedfordigitalsignatures,andifthecompanywantstoensurethatitcanbeusedtoprovidetrueauthenticityandnonrepudiation,thekeysshouldnotbegeneratedatacentralizedserver.Thiswouldintroducedoubtthatonlytheonepersonhadaccesstoaspecificprivatekey.Itisbettertogenerateend-userkeysonalocalmachinetoeliminatedoubtaboutwhodidtheworkand“owns”thekeys.Ifacompanyusessmartcardstoholdusers’privatekeys,eachprivate

keyoftenhastobegeneratedonthecarditselfandcannotbecopiedforarchivingpurposes.Thisisadisadvantageofthecentralizedapproach.Inaddition,sometypesofapplicationshavebeendevelopedtocreatetheirownpublic/privatekeypairsanddonotallowotherkeystobeimportedandused.Thismeansthekeyswouldhavetobecreatedlocallybytheseapplications,andkeysfromacentralservercouldnotbeused.Thesearejustsomeoftheconsiderationsthatneedtobeevaluatedbeforeanydecisionismadeandimplementationbegins.

HardwareSecurityModulesPKIscanbeconstructedinsoftwarewithoutspecialcryptographichardware,andthisisperfectlysuitableformanyenvironments.Butsoftwarecanbevulnerabletoviruses,hackers,andhacking.Ifacompanyrequiresahigherlevelofprotectionthanapurelysoftware-basedsolutioncanprovide,severalhardware-basedsolutionsareavailable.Ahardwaresecuritymodule(HSM)isaphysicaldevicethatsafeguardscryptographickeys.HSMsenableahigherlevelofsecurityfortheuseofkeys,includinggenerationandauthentication.Inmostsituations,HSMsolutionsareusedonlyforthemostcriticaland

sensitivekeys,whicharetherootkeyandpossiblytheintermediateCAprivatekeys.Ifthosekeysarecompromised,thewholesecurityofthePKIisgravelythreatened.IfapersonobtainedarootCAprivatekey,shecoulddigitallysignanycertificate,andthatcertificatewouldbequicklyacceptedbyallentitieswithintheenvironment.Suchanattackermightbeabletocreateacertificatethathasextremelyhighprivileges,perhapsallowingher

tomodifybankaccountinformationinafinancialinstitution,andnoalertsorwarningswouldbeinitiatedbecausetheultimateCA,therootCA,signedit.

TechTip

StoringCriticalKeysHSMstakemanydifferentforms,includingembeddedcards,network-attacheddevices,andevenUSBflashdrives.HSMsassistintheuseofcryptographickeysacrossthelifecycle.Theycanprovidededicatedsupportforcentralizedlifecyclemanagement,fromgenerationtodistribution,storage,termination,archiving,andrecordkeeping.HSMscanincreasetheefficiencyofcryptographicoperationsandassistincomplianceefforts.CommonusesincludeuseinPCIDSSsolutions,DNSSEC,signingoperationsincludingcertificates,code,documents,ande-mail,andlarge-scaledataencryptionefforts.

PrivateKeyProtectionAlthoughaPKIimplementationcanbecomplex,withmanydifferentcomponentsandoptions,acriticalconceptcommontoallPKIsmustbeunderstoodandenforced:theprivatekeyneedstostayprivate.Adigitalsignatureiscreatedsolelyforthepurposeofprovingwhosentaparticularmessagebyusingaprivatekey.Thisrestsontheassumptionthatonlyonepersonhasaccesstothisprivatekey.Ifanimposterobtainsauser’sprivatekey,authenticityandnonrepudiationcannolongerbeclaimedorproven.Whenaprivatekeyisgeneratedforthefirsttime,itmustbestored

somewhereforfutureuse.Thisstorageareaisreferredtoasakeystore,anditisusuallycreatedbytheapplicationregisteringforacertificate,suchasawebbrowser,smartcardsoftware,orotherapplication.Inmostimplementations,theapplicationwillprompttheuserforapassword,whichwillbeusedtocreateanencryptionkeythatprotectsthekeystore.So,forexample,ifCherylusedherwebbrowsertoregisterforacertificate,herprivatekeywouldbegeneratedandstoredinthekeystore.Cherylwouldthenbepromptedforapassword,whichthesoftwarewould

usetocreateakeythatwillencryptthekeystore.WhenCherylneedstoaccessthisprivatekeylaterthatday,shewillbepromptedforthesamepassword,whichwilldecryptthekeystoreandallowheraccesstoherprivatekey.Unfortunately,manyapplicationsdonotrequirethatastrongpassword

becreatedtoprotectthekeystore,andinsomeimplementationstheusercanchoosenottoprovideapasswordatall.Theuserstillhasaprivatekeyavailable,anditisboundtotheuser’sidentity,sowhyisapasswordevennecessary?If,forexample,Cheryldecidednottouseapassword,andanotherpersonsatdownathercomputer,hecoulduseherwebbrowserandherprivatekeyanddigitallysignamessagethatcontainsanastyvirus.IfCheryl’scoworkerCliffreceivedthismessage,hewouldthinkitcamefromCheryl,openthemessage,anddownloadthevirus.Themoraltothisstoryisthatusersshouldberequiredtoprovidesometypeofauthenticationinformation(password,smartcard,PIN,orthelike)beforebeingabletouseprivatekeys.Otherwise,thekeyscouldbeusedbyotherindividualsorimposters,andauthenticationandnonrepudiationwouldbeofnouse.BecauseaprivatekeyisacrucialcomponentofanyPKI

implementation,thekeyitselfshouldcontainthenecessarycharacteristicsandbeprotectedateachstageofitslife.Thefollowinglistsumsupthecharacteristicsandrequirementsofproperprivatekeyuse:

Thesecurityassociatedwiththeuseofpublickeycryptographyrevolvesaroundthesecurityoftheprivatekey.Nonrepudiationdependsupontheprinciplethattheprivatekeyisonlyaccessibletotheholderofthekey.Ifanotherpersonhasaccesstotheprivatekey,theycanimpersonatetheproperkeyholder.

Thekeysizeshouldprovidethenecessarylevelofprotectionfortheenvironment.

Thelifetimeofthekeyshouldcorrespondwithhowoftenitisused

andthesensitivityofthedataitisprotecting.

Thekeyshouldbechangedattheendofitslifetimeandnotusedpastitsallowedlifetime.

Whereappropriate,thekeyshouldbeproperlydestroyedattheendofitslifetime.

Thekeyshouldneverbeexposedincleartext.

Nocopiesoftheprivatekeyshouldbemadeifitisbeingusedfordigitalsignatures.

Thekeyshouldnotbeshared.

Thekeyshouldbestoredsecurely.

Authenticationshouldberequiredbeforethekeycanbeused.

Thekeyshouldbetransportedsecurely.

Softwareimplementationsthatstoreandusethekeyshouldbeevaluatedtoensuretheyprovidethenecessarylevelofprotection.

Ifdigitalsignatureswillbeusedforlegalpurposes,thesepointsandothersmayneedtobeauditedtoensurethattrueauthenticityandnonrepudiationareprovided.

Themostsensitiveandcriticalpublic/privatekeypairsarethoseusedbyCAstodigitallysigncertificates.Theseneedtobehighlyprotectedbecauseiftheywereevercompromised,thetrustrelationshipbetweentheCAandalloftheend-entitieswouldbethreatened.Inhigh-securityenvironments,thesekeysareoftenkeptinatamper-proofhardwareencryptionstore,suchasanHSM,andareaccessibleonlytoindividualswithaneedtoknow.

KeyRecovery

Oneindividualcouldhaveone,two,ormanykeypairsthataretiedtohisorheridentity.Thatisbecauseusersmayhavedifferentneedsandrequirementsforpublic/privatekeypairs.Asmentionedearlier,certificatescanhavespecificattributesandusagerequirementsdictatinghowtheircorrespondingkeyscanandcannotbeused.Forexample,Davidcanhaveonekeypairheusestoencryptandtransmitsymmetrickeys,anotherkeypairthatallowshimtoencryptdata,andyetanotherkeypairtoperformdigitalsignatures.Davidcanalsohaveadigitalsignaturekeypairforhiswork-relatedactivitiesandanotherkeypairforpersonalactivities,suchase-mailinghisfriends.Thesekeypairsneedtobeusedonlyfortheirintendedpurposes,andthisisenforcedthroughcertificateattributesandusagevalues.Ifacompanyisgoingtoperformkeyrecoveryandmaintainakey

recoverysystem,itwillgenerallybackuponlythekeypairusedtoencryptdata,notthekeypairsthatareusedtogeneratedigitalsignatures.Thereasonthatacompanyarchiveskeysistoensurethatifapersonleavesthecompany,fallsoffacliff,orforsomereasonisunavailabletodecryptimportantcompanyinformation,thecompanycanstillgettoitscompany-owneddata.Thisisjustamatteroftheorganizationprotectingitself.Acompanywouldnotneedtobeabletorecoverakeypairthatisusedfordigitalsignatures,sincethosekeysaretobeusedonlytoprovetheauthenticityoftheindividualwhosentamessage.Acompanywouldnotbenefitfromhavingaccesstothosekeysandreallyshouldnothaveaccesstothem,sincetheyaretiedtooneindividualforaspecificpurpose.Twosystemsareimportantforbackingupandrestoringcryptographic

keys:keyarchivingandkeyrecovery.Keyarchivingisawayofbackingupkeysandsecurelystoringtheminarepository;keyrecoveryistheprocessofrestoringlostkeystotheusersorthecompany.

ExamTip:Keyarchivingistheprocessofstoringasetofkeystobeusedasabackupshouldsomethinghappentotheoriginalset.Keyrecoveryistheprocessofusingthebackupkeys.

Ifkeysarebackedupandstoredinacentralizedcomputer,thissystemmustbetightlycontrolled,becauseifitwerecompromised,anattackerwouldhaveaccesstoallkeysfortheentireinfrastructure.Also,itisusuallyunwisetoauthorizeasinglepersontobeabletorecoverallthekeyswithintheenvironment,becausethatpersoncouldusethispowerforevilpurposesinsteadofjustrecoveringkeyswhentheyareneededforlegitimatepurposes.Insecuritysystems,itisbestnottofullytrustanyone.Dualcontrolcanbeusedaspartofasystemtobackupandarchivedata

encryptionkeys.PKIsystemscanbeconfiguredtorequiremultipleindividualstobeinvolvedinanykeyrecoveryprocess.Whenakeyrecoveryisrequired,atleasttwopeoplecanberequiredtoauthenticatebythekeyrecoverysoftwarebeforetherecoveryprocedureisperformed.Thisenforcesseparationofduties,whichmeansthatonepersoncannotcompleteacriticaltaskbyhimself.Requiringtwoindividualstorecoveralostkeytogetheriscalleddualcontrol,whichsimplymeansthattwopeoplehavetobepresenttocarryoutaspecifictask.

TechTip

KeysplittingSecretsplittingusingmofnauthenticationschemescanimprovesecuritybyrequiringthatmultiplepeopleperformcriticalfunctions,preventingasinglepartyfromcompromisingasecret.BesuretounderstandtheconceptofmofnfortheCompTIASecurity+exam.

Thisapproachtokeyrecoveryisreferredtoasthemofnauthentication,wherennumberofpeoplecanbeinvolvedinthekeyrecoveryprocess,butatleastm(whichisasmallernumberthann)mustbeinvolvedbeforethetaskcanbecompleted.Thegoalistominimizefraudulentorimproperuseofaccessandpermissions.Acompanywouldnotrequireallpossibleindividualstobeinvolvedintherecoveryprocess,becausegettingallthepeopletogetheratthesametimecouldbeimpossibleconsideringmeetings,vacations,sicktime,andtravel.Atleastsomeofallpossible

individualsmustbeavailabletoparticipate,andthisisthesubsetmofthenumbern.Thisformofsecretsplittingcanincreasesecuritybyrequiringmultiplepeopletoperformaspecificfunction.Requiringtoomanypeopleforthemsubsetincreasesissuesassociatedwithavailability,whereasrequiringtoofewincreasestheriskofasmallnumberofpeoplecolludingtocompromiseasecret.

ExamTip:Recoveryagentisthetermforanentitythatisgivenapublickeycertificateforrecoveringuserdatathatisencrypted.ThisisthemostcommontypeofrecoverypolicyusedinPKIbutaddstheriskoftherecoveryagenthavingaccesstosecuredinformation.

Allkeyrecoveryproceduresshouldbehighlyaudited.Theauditlogsshouldcaptureatleastwhatkeyswererecovered,whowasinvolvedintheprocess,andthetimeanddate.KeysareanintegralpieceofanyencryptioncryptosystemandarecriticaltoaPKIenvironment,soyouneedtotrackwhodoeswhatwiththem.

KeyEscrowKeyrecoveryandkeyescrowaretermsthatareoftenusedinterchangeably,buttheyactuallydescribetwodifferentthings.Youshouldnotusetheminterchangeablyafteryouhavereadthissection.

ExamTip:Keyrecoveryisaprocessthatallowsforlostkeystoberecovered.Keyescrowisaprocessofgivingkeystoathirdpartysothattheycandecryptandreadsensitiveinformationwhenthisneedarises.

Keyescrowistheprocessofgivingkeystoathirdpartysothattheycandecryptandreadsensitiveinformationiftheneedarises.Keyescrow

almostalwayspertainstohandingoverencryptionkeystothegovernment,ortoanotherhigherauthority,sothatthekeyscanbeusedtocollectevidenceduringinvestigations.Akeypairusedinaperson’splaceofworkmayberequiredtobeescrowedbytheemployerfortworeasons.First,thekeysarepropertyoftheenterprise,issuedtotheworkerforuse.Second,thefirmmayhaveneedforthemafteranemployeeleavesthefirm.

ExamTip:Keyescrow,allowinganothertrustedpartytoholdacopyofakey,haslongbeenacontroversialtopic.Thisessentialbusinessprocessprovidescontinuityshouldtheauthorizedkey-holdingpartyleaveanorganizationwithoutdisclosingkeys.Thesecurityoftheescrowedkeyisaconcern,anditneedstobemanagedatthesamesecuritylevelasfortheoriginalkey.

Severalmovements,supportedbypartsoftheU.S.government,wouldrequireallormanypeopleresidingintheUnitedStatestohandovercopiesofthekeystheyusetoencryptcommunicationchannels.Themovementinthelate1990sbehindtheClipperchipisthemostwell-knownefforttoimplementthisrequirementandprocedure.ItwassuggestedthatallAmerican-madecommunicationdevicesshouldhaveahardwareencryptionchipwithinthem.Thechipcouldbeusedtoencryptdatagoingbackandforthbetweentwoindividuals,butifagovernmentagencydecidedthatitshouldbeabletoeavesdroponthisdialog,itwouldjustneedtoobtainacourtorder.Ifthecourtorderwasapproved,alawenforcementagentwouldtaketheordertotwoescrowagencies,eachofwhichwouldhaveapieceofthekeythatwasnecessarytodecryptthiscommunicationinformation.Theagentwouldobtainbothpiecesofthekeyandcombinethem,whichwouldallowtheagenttolisteninontheencryptedcommunicationoutlinedinthecourtorder.TheClipperchipstandardneversawthelightofdaybecauseitseemed

too“BigBrother”tomanyAmericancitizens.Buttheideawasthattheencryptionkeyswouldbeescrowedtotwoagencies,meaningthateachagencywouldholdonepieceofthekey.Oneagencycouldnotholdthe

wholekey,becauseitcouldthenusethiskeytowiretappeople’sconversationsillegally.Splittingupthekeyisanexampleofseparationofduties,putintoplacetotryandpreventfraudulentactivities.ThecurrentissueofgovernmentsdemandingaccesstokeystodecryptinformationiscoveredinChapter24.

PublicCertificateAuthoritiesAnindividualorcompanymaydecidetorelyonaCAthatisalreadyestablishedandbeingusedbymanyotherindividualsandcompanies—apublicCA.Acompany,ontheotherhand,maydecidethatitneedsitsownCAforinternaluse,whichgivesthecompanymorecontroloverthecertificateregistrationandgenerationprocessandallowsittoconfigureitemsspecificallyforitsownneeds.ThissecondtypeofCAisreferredtoasaprivateCA(orin-houseCA),discussedinthenextsection.ApublicCAspecializesinverifyingindividualidentitiesandcreating

andmaintainingtheircertificates.Thesecompaniesissuecertificatesthatarenotboundtospecificcompaniesorintracompanydepartments.Instead,theirservicesaretobeusedbyalargerandmorediversifiedgroupofpeopleandorganizations.IfacompanyusesapublicCA,thecompanywillpaytheCAorganizationforindividualcertificatesandfortheserviceofmaintainingthesecertificates.SomeexamplesofpublicCAsareVeriSign(includingGeoTrustandThawte),Entrust,andGoDaddy.

UserscanremoveCAsfromtheirbrowserlistiftheywanttohavemorecontroloverwhotheirsystemtrustsandwhoitdoesn’t.Unfortunately,systemupdatescanrestorethem,requiringregularcertificatestoremaintenance.

OneadvantageofusingapublicCAisthatitisusuallywellknownandeasilyaccessibletomanypeople.MostwebbrowsershavealistofpublicCAsinstalledandconfiguredbydefault,alongwiththeircorresponding

rootcertificates.Thismeansthatifyouinstallawebbrowseronyourcomputer,itisalreadyconfiguredtotrustcertainCAs,eventhoughyoumighthaveneverheardofthembefore.So,ifyoureceiveacertificatefromBob,andhiscertificatewasdigitallysignedbyaCAlistedinyourbrowser,youautomaticallytrusttheCAandcaneasilywalkthroughtheprocessofverifyingBob’scertificate.Thishasraisedsomeeyebrowsamongsecurityprofessionals,however,sincetrustisinstalledbydefault,buttheindustryhasdeemedthisisanecessaryapproachthatprovidesuserswithtransparencyandincreasedfunctionality.Earlierinthechapter,thedifferentcertificateclassesandtheiruseswere

explained.Noglobalstandarddefinestheseclasses,theexactrequirementsforobtainingthesedifferentcertificates,ortheiruses.Standardsareinplace,usuallyforaparticularcountryorindustry,butthismeansthatpublicCAscandefinetheirowncertificateclassifications.ThisisnotnecessarilyagoodthingforcompaniesthatdependonpublicCAs,becauseitdoesnotprovidetothecompanyenoughcontroloverhowitshouldinterpretcertificateclassificationsandhowtheyshouldbeused.Thismeansanothercomponentneedstobecarefullydevelopedfor

companiesthatuseanddependonpublicCAs,andthiscomponentisreferredtoasthecertificatepolicy(CP).Thispolicyallowsthecompanytodecidewhatcertificationclassesareacceptableandhowtheywillbeusedwithintheorganization.ThisisdifferentfromtheCPS,whichexplainshowtheCAverifiesentities,generatescertificates,andmaintainsthesecertificates.TheCPisgeneratedandownedbyanindividualcompanythatusesanexternalCA,anditallowsthecompanytoenforceitssecuritydecisionsandcontrolhowcertificatesareusedwithitsapplications.

In-HouseCertificateAuthoritiesAnin-houseCAisimplemented,maintained,andcontrolledbythecompanythatimplementedit.ThistypeofCAcanbeusedtocreatecertificatesforinternalemployees,devices,applications,partners,and

customers.Thisapproachgivesthecompanycompletecontroloverhowindividualsareidentified,whatcertificationclassificationsarecreated,whocanandcannothaveaccesstotheCA,andhowthecertificationscanbeused.

TechTip

WhyIn-HouseCAs?In-houseCAsprovidemoreflexibilityforcompanies,whichoftenintegratethemintocurrentinfrastructuresandintoapplicationsforauthentication,encryption,andnonrepudiationpurposes.IftheCAisgoingtobeusedoveranextendedperiodoftime,thiscanbeacheapermethodofgeneratingandusingcertificatesthanhavingtopurchasethemthroughapublicCA.Settingupin-housecertificateserversisrelativelyeasyandcanbedonewithsimplesoftwarethattargetsbothWindowsandLinuxservers.

ChoosingBetweenaPublicCAandanIn-HouseCAWhendecidingbetweenanin-houseandpublicCA,variousfactorsneedtobeidentifiedandaccountedfor.Manycompanieshaveembarkeduponimplementinganin-housePKIenvironmentwitharoughestimatethatwouldbeimplementedwithinxnumberofmonthsandwouldcostapproximatelyyamountindollars.Withoutdoingtheproperhomework,companiesmightnotunderstandthecurrentenvironment,mightnotcompletelyhammerouttheintendedpurposeofthePKI,andmightnothaveenoughskilledstaffsupportingtheproject;timeestimatescandoubleortripleandtherequiredfundsandresourcescanbecomeunacceptable.SeveralcompanieshavestartedonaPKIimplementation,onlytoquithalfwaythrough,resultinginwastedtimeandmoney,withnothingtoshowforitexceptheapsoffrustrationandmanyulcers.Insomesituations,itisbetterforacompanytouseapublicCA,since

publicCAsalreadyhavethenecessaryequipment,skills,andtechnologies.

Inothersituations,companiesmaydecideitisabetterbusinessdecisiontotakeontheseeffortsthemselves.Thisisnotalwaysastrictlymonetarydecision—aspecificlevelofsecuritymightberequired.Somecompaniesdonotbelievethattheycantrustanoutsideauthoritytogenerateandmaintaintheirusers’andcompany’scertificates.Inthissituation,thescalemaytiptowardanin-houseCA.

Certificateauthoritiescomeinmanytypes:public,in-house,andoutsourced.Allofthemperformthesamefunctions,withtheonlydifferencebeinganorganizationalone.Thiscanhaveabearingontrustrelationships,asoneismorelikelytotrustin-houseCAsoverothersforwhichthereisarguablylesscontrol.

Eachcompanyisunique,withvariousgoals,securityrequirements,functionalityneeds,budgetaryrestraints,andideologies.ThedecisionofwhethertouseaprivateCAoranin-houseCAdependsontheexpansivenessofthePKIwithintheorganization,howintegrateditwillbewithdifferentbusinessneedsandgoals,itsinteroperabilitywithacompany’scurrenttechnologies,thenumberofindividualswhowillbeparticipating,andhowitwillworkwithoutsideentities.Thiscouldbequitealargeundertakingthattiesupstaff,resources,andfunds,soalotofstrategicplanningisrequired,andwhatwillandwon’tbegainedfromaPKIshouldbefullyunderstoodbeforethefirstdollarisspentontheimplementation.

OutsourcedCertificateAuthoritiesThelastavailableoptionforusingPKIcomponentswithinacompanyistooutsourcedifferentpartsofittoaspecificserviceprovider.Usually,themorecomplexpartsareoutsourced,suchastheCA,RA,CRL,andkeyrecoverymechanisms.ThisoccursifacompanydoesnothavethenecessaryskillstoimplementandcarryoutafullPKIenvironment.

TechTip

OutsourcedCAvs.PublicCAAnoutsourcedCAisdifferentfromapublicCAinthatitprovidesdedicatedservices,andpossiblyequipment,toanindividualcompany.ApublicCA,incontrast,canbeusedbyhundredsorthousandsofcompanies—theCAdoesn’tmaintainspecificserversandinfrastructuresforindividualcompanies.

Althoughoutsourcedservicesmightbeeasierforyourcompanytoimplement,youneedtoreviewseveralfactorsbeforemakingthistypeofcommitment.Youneedtodeterminewhatleveloftrustthecompanyiswillingtogivetotheserviceproviderandwhatlevelofriskitiswillingtoaccept.OftenaPKIanditscomponentsserveaslargesecuritycomponentswithinacompany’senterprise,andallowingathirdpartytomaintainthePKIcanintroducetoomanyrisksandliabilitiesthatyourcompanyisnotwillingtoundertake.Theliabilitiestheserviceprovideriswillingtoaccept,thesecurityprecautionsandprocedurestheoutsourcedCAsprovide,andthesurroundinglegalissuesneedtobeexaminedbeforethistypeofagreementismade.SomelargeverticalmarketshavetheirownoutsourcedPKI

environmentssetupbecausetheysharesimilarneedsandusuallyhavethesamerequirementsforcertificationtypesanduses.Thisallowsseveralcompanieswithinthesamemarkettosplitthecostsofthenecessaryequipment,anditallowsforindustry-specificstandardstobedrawnupandfollowed.Forexample,althoughmanymedicalfacilitiesworkdifferentlyandhavedifferentenvironments,theyhavealotofthesamefunctionalityandsecurityneeds.Ifseveralofthemcametogether,purchasedthenecessaryequipmenttoprovideCA,RA,andCRLfunctionality,employedonepersontomaintainit,andtheneachconnecteditsdifferentsitestothecentralizedcomponents,themedicalfacilitiescouldsavealotofmoneyandresources.Inthiscase,noteveryfacilitywouldneedtostrategicallyplanitsownfullPKI,andeachwouldnotneed

topurchaseredundantequipmentoremployredundantstaffmembers.Figure6.10illustrateshowoneoutsourcedserviceprovidercanofferdifferentPKIcomponentsandservicestodifferentcompanies,andhowcompanieswithinoneverticalmarketcansharethesameresources.

•Figure6.10APKIserviceprovider(representedbythefourboxes)canofferdifferentPKIcomponentstocompanies.

AsetofstandardscanbedrawnupabouthoweachdifferentfacilityshouldintegrateitsowninfrastructureandhowitshouldintegratewiththecentralizedPKIcomponents.Thisalsoallowsforless-complicatedintercommunicationtotakeplacebetweenthedifferentmedicalfacilities,whichwilleaseinformation-sharingattempts.

TyingDifferentPKIsTogetherInsomecases,morethanoneCAmaybeneededforaspecificPKItoworkproperly,andseveralrequirementsmustbemetfordifferentPKIstointercommunicate.Herearesomeexamples:

Acompanywantstobeabletocommunicateseamlesslywithitssuppliers,customers,orbusinesspartnersviaaPKI.

OnedepartmentwithinacompanyhashighersecurityrequirementsthanallotherdepartmentsandthusneedstoconfigureandcontrolitsownCA.

Onedepartmentneedstohavespeciallyconstructedcertificateswithuniquefieldsandusages.

DifferentpartsofanorganizationwanttocontroltheirownpiecesofthenetworkandtheCAthatisencompassedwithinit.

ThenumberofcertificatesthatneedtobegeneratedandmaintainedwouldoverwhelmoneCA,somultipleCAsmustbedeployed.

Thepoliticalcultureofacompanyinhibitsonedepartmentfrombeingabletocontrolelementsofanotherdepartment.

Enterprisesarepartitionedgeographically,anddifferentsitesneedtheirownlocalCA.

Thesesituationscanaddmuchmorecomplexitytotheoverallinfrastructure,intercommunicationcapabilities,andproceduresforcertificategenerationandvalidation.Tocontrolthiscomplexityproperlyfromthebeginning,theserequirementsneedtobeunderstood,addressed,andplannedfor.Thenthenecessarytrustmodelneedstobechosenandmoldedforthecompanytobuildupon.Selectingtherighttrustmodelwillgivethecompanyasolidfoundationfromthebeginning,insteadoftryingtoaddstructuretoaninaccurateandinadequateplanlateron.

TrustModelsPotentialscenariosexistotherthanjusthavingmorethanoneCA—eachofthecompaniesoreachdepartmentofanenterprisecanactuallyrepresentatrustdomainitself.Atrustdomainisaconstructofsystems,personnel,applications,protocols,technologies,andpoliciesthatworktogethertoprovideacertainlevelofprotection.Allofthesecomponentscanworktogetherseamlesslywithinthesametrustdomainbecausetheyareknowntotheothercomponentswithinthedomainandaretrustedtosomedegree.Differenttrustdomainsareusuallymanagedbydifferentgroupsofadministrators,havedifferentsecuritypolicies,andrestrictoutsidersfromprivilegedaccess.

TechTip

TrustModelsThereareseveralformsoftrustmodelsassociatedwithcertificates.Hierarchical,peer-to-peer,andhybridaretheprimaryforms,withtheweboftrustbeingaformofhybrid.EachofthesemodelshasausefulplaceinthePKIarchitectureunderdifferentcircumstances.

Mosttrustdomains(whetherindividualcompaniesordepartments)usuallyarenotislandscutofffromtheworld—theyneedtocommunicatewithother,less-trusteddomains.Thetrickistofigureouthowmuchtwo

differentdomainsshouldtrusteachother,andhowtoimplementandconfigureaninfrastructurethatwouldallowthesetwodomainstocommunicateinawaythatwillnotallowsecuritycompromisesorbreaches.Thiscanbemoredifficultthanitsounds.Inthenondigitalworld,itisdifficulttofigureoutwhototrust,howto

carryoutlegitimatebusinessfunctions,andhowtoensurethatoneisnotbeingtakenadvantageoforliedto.Jumpintothedigitalworldandaddprotocols,services,encryption,CAs,RAs,CRLs,anddifferingtechnologiesandapplications,andthebusinessriskscanbecomeoverwhelmingandconfusing.Sostartwithabasicquestion:Whatcriteriawillweusetodeterminewhowetrustandtowhatdegree?Oneexampleoftrustconsideredearlierinthechapteristhedriver’s

licenseissuedbytheDMV.Suppose,forexample,thatBobisbuyingalampfromCarolandhewantstopaybycheck.SinceCaroldoesnotknowBob,shedoesnotknowifshecantrusthimorhavemuchfaithinhischeck.ButifBobshowsCarolhisdriver’slicense,shecancomparethenametowhatappearsonthecheck,andshecanchoosetoacceptit.Thetrustanchor(theagreed-upontrustedthirdparty)inthisscenarioistheDMV,sincebothCarolandBobtrustitmorethantheytrusteachother.BobhadtoprovidedocumentationtotheDMVtoprovehisidentity,thatorganizationtrustedhimenoughtogeneratealicense,andCaroltruststheDMV,soshedecidestotrustBob’scheck.Consideranotherexampleofatrustanchor.IfJoeandStacyneedto

communicatethroughe-mailandwouldliketouseencryptionanddigitalsignatures,theywillnottrusteachother’scertificatealone.Butwheneachreceivestheother’scertificateandseesthatithasbeendigitallysignedbyanentitytheybothdotrust—theCA—theyhaveadeeperleveloftrustineachother.ThetrustanchorhereistheCA.Thisiseasyenough,butwhenweneedtoestablishtrustanchorsbetweendifferentCAsandPKIenvironments,itgetsalittlemorecomplicated.IftwocompaniesneedtocommunicateusingtheirindividualPKIs,orif

twodepartmentswithinthesamecompanyusedifferentCAs,twoseparatetrustdomainsareinvolved.Theusersanddevicesfromthesedifferent

trustdomainsneedtocommunicatewitheachother,andtheyneedtoexchangecertificatesandpublickeys,whichmeansthattrustanchorsneedtobeidentifiedandacommunicationchannelmustbeconstructedandmaintained.Atrustrelationshipmustbeestablishedbetweentwoissuingauthorities

(CAs).ThishappenswhenoneorbothoftheCAsissueacertificatefortheotherCA’spublickey,asshowninFigure6.11.ThismeansthateachCAregistersforacertificateandpublickeyfromtheotherCA.EachCAvalidatestheotherCA’sidentificationinformationandgeneratesacertificatecontainingapublickeyforthatCAtouse.Thisestablishesatrustpathbetweenthetwoentitiesthatcanthenbeusedwhenusersneedtoverifyotherusers’certificatesthatfallwithinthedifferenttrustdomains.Thetrustpathcanbeunidirectionalorbidirectional,soeitherthetwoCAstrusteachother(bidirectional)oronlyonetruststheother(unidirectional).

•Figure6.11Atrustrelationshipcanbebuiltbetweentwotrustdomainstosetupacommunicationchannel.

ExamTip:ThreeformsoftrustmodelsarecommonlyfoundinPKIs:

•Hierarchical•Peer-to-peer•Hybrid

AsillustratedinFigure6.11,alltheusersanddevicesintrustdomain1trusttheirownCA,CA1,whichistheirtrustanchor.Allusersanddevicesintrustdomain2havetheirowntrustanchor,CA2.ThetwoCAshaveexchangedcertificatesandtrusteachother,buttheydonothaveacommontrustanchorbetweenthem.Thetrustmodelsdescribeandoutlinethetrustrelationshipsbetweenthe

differentCAsanddifferentenvironments,whichwillindicatewherethetrustpathsreside.Thetrustmodelsandpathsneedtobethoughtoutbeforeimplementationtorestrictandcontrolaccessproperlyandtoensurethatasfewtrustpathsaspossibleareused.Severaldifferenttrustmodelscanbeused:thehierarchical,peer-to-peer,andhybridmodelsarediscussedinthefollowingsections.

HierarchicalTrustModelThehierarchicaltrustmodelisabasichierarchicalstructurethatcontainsarootCA,intermediateCAs,leafCAs,andend-entities.Theconfigurationisthatofaninvertedtree,asshowninFigure6.12.TherootCAistheultimatetrustanchorforallotherentitiesinthisinfrastructure,anditgeneratescertificatesfortheintermediateCAs,whichinturngeneratecertificatesfortheleafCAs,andtheleafCAsgeneratecertificatesfortheend-entities(users,networkdevices,andapplications).

•Figure6.12Thehierarchicaltrustmodeloutlinestrustpaths.

IntermediateCAsfunctiontotransfertrustbetweendifferentCAs.TheseCAsarereferredtoassubordinateCAsbecausetheyaresubordinatetotheCAthattheyreference.ThepathoftrustiswalkedupfromthesubordinateCAtothehigher-levelCA;inessencethesubordinateCAisusingthehigher-levelCAasareference.AsshowninFigure6.12,nobidirectionaltrustsexist—theyareall

unidirectionaltrusts,asindicatedbytheone-wayarrows.Sincenoother

entitycancertifyandgeneratecertificatesfortherootCA,itcreatesaself-signedcertificate.Thismeansthatthecertificate’sIssuerandSubjectfieldsholdthesameinformation,bothrepresentingtherootCA,andtherootCA’spublickeywillbeusedtoverifythiscertificatewhenthattimecomes.ThisrootCAcertificateandpublickeyaredistributedtoallentitieswithinthistrustmodel.

TechTip

RootCAIftherootCA’sprivatekeywereevercompromised,allentitieswithinthehierarchicaltrustmodelwouldbedrasticallyaffected,becausethisistheirsoletrustanchor.TherootCAusuallyhasasmallamountofinteractionwiththeintermediateCAsandend-entities,andcanthereforebetakenofflinemuchofthetime.ThisprovidesagreaterdegreeofprotectionfortherootCA,becausewhenitisofflineitisbasicallyinaccessible.

WalkingtheCertificatePathWhenauserinonetrustdomainneedstocommunicatewithauserinanothertrustdomain,oneuserwillneedtovalidatetheother’scertificate.Thissoundssimpleenough,butwhatitreallymeansisthateachcertificateforeachCA,allthewayuptoasharedtrustedanchor,alsomustbevalidated.IfDebbieneedstovalidateSam’scertificate,asshowninFigure6.12,sheactuallyalsoneedstovalidatetheLeafDCAandIntermediateBCAcertificates,aswellasSam’s.SoinFigure6.12,wehaveauser,Sam,whodigitallysignsamessage

andsendsitandhiscertificatetoDebbie.DebbieneedstovalidatethiscertificatebeforeshecantrustSam’sdigitalsignature.IncludedinSam’scertificateisanIssuerfield,whichindicatesthatthecertificatewasissuedbyLeafDCA.DebbiehastoobtainLeafDCA’sdigitalcertificateandpublickeytovalidateSam’scertificate.RememberthatDebbievalidatesthecertificatebyverifyingitsdigitalsignature.Thedigitalsignaturewascreatedbythecertificateissuerusingitsprivatekey,soDebbieneedsto

verifythesignatureusingtheissuer’spublickey.DebbietracksdownLeafDCA’scertificateandpublickey,butshe

nowneedstoverifythisCA’scertificate,soshelooksattheIssuerfield,whichindicatesthatLeafDCA’scertificatewasissuedbyIntermediateBCA.DebbienowneedstogetIntermediateBCA’scertificateandpublickey.Debbie’sclientsoftwaretracksthisdownandseesthattheissuerfor

IntermediateBCAistherootCA,forwhichshealreadyhasacertificateandpublickey.SoDebbie’sclientsoftwarehadtofollowthecertificatepath,meaningithadtocontinuetotrackdownandcollectcertificatesuntilitcameuponaself-signedcertificate.Aself-signedcertificateindicatesthatitwassignedbyarootCA,andDebbie’ssoftwarehasbeenconfiguredtotrustthisentityashertrustanchor,soshecanstopthere.Figure6.13illustratesthestepsDebbie’ssoftwarehadtocarryoutjusttobeabletoverifySam’scertificate.

•Figure6.13Verifyingeachcertificateinacertificatepath

Thistypeofsimplistictrustmodelworkswellwithinanenterprisethateasilyfollowsahierarchicalorganizationalchart,butmanycompaniescannotusethistypeoftrustmodelbecausedifferentdepartmentsorofficesrequiretheirowntrustanchors.Thesedemandscanbederivedfromdirectbusinessneedsorfrominterorganizationalpolitics.Thishierarchicalmodelmightnotbepossiblewhentwoormorecompaniesneedtocommunicatewitheachother.Neithercompanywilllettheother’sCAbetherootCA,becauseeachdoesnotnecessarilytrusttheotherentitytothatdegree.Inthesesituations,theCAswillneedtoworkinapeer-to-peerrelationshipinsteadofinahierarchicalrelationship.

Peer-to-PeerModel

Inapeer-to-peertrustmodel,oneCAisnotsubordinatetoanotherCA,andnoestablishedtrustedanchorbetweentheCAsisinvolved.Theend-entitieswilllooktotheirissuingCAastheirtrustedanchor,butthedifferentCAswillnothaveacommonanchor.Figure6.14illustratesthistypeoftrustmodel.ThetwodifferentCAs

willcertifythepublickeyforeachother,whichcreatesabidirectionaltrust.Thisisreferredtoascross-certification,sincetheCAsarenotreceivingtheircertificatesandpublickeysfromasuperiorCA,butinsteadarecreatingthemforeachother.

•Figure6.14Cross-certificationcreatesapeer-to-peerPKImodel.

Oneofthemaindrawbackstothismodelisscalability.EachCAmustcertifyeveryotherCAthatisparticipating,andabidirectionaltrustpathmustbeimplemented,asshowninFigure6.15.IfonerootCAwerecertifyingalltheintermediateCAs,scalabilitywouldnotbeasmuchofanissue.

•Figure6.15Scalabilityisadrawbackincross-certificationmodels.

Figure6.15representsafullyconnectedmesharchitecture,meaningthateachCAisdirectlyconnectedtoandhasabidirectionaltrustrelationshipwitheveryotherCA.Asyoucanseeinthisillustration,thecomplexityofthissetupcanbecomeoverwhelming.

Inanynetworkmodel,fullyconnectedmesharchitecturesarewastefulandexpensive.Intrusttransfermodels,theextralevelofredundancyisjustthat:redundantandunnecessary.

HybridTrustModel

Acompanycanbeinternallycomplex,andwhentheneedarisestocommunicateproperlywithoutsidepartners,suppliers,andcustomersinanauthorizedandsecuredmanner,thiscomplexitycanmakestickingtoeitherthehierarchicalorpeer-to-peertrustmodeldifficult,ifnotimpossible.Inmanyimplementations,thedifferentmodeltypeshavetobecombinedtoprovidethenecessarycommunicationlinesandlevelsoftrust.Inahybridtrustmodel,thetwocompanieshavetheirowninternalhierarchicalmodelsandareconnectedthroughapeer-to-peermodelusingcross-certification.AnotheroptioninthishybridconfigurationistoimplementabridgeCA.

Figure6.16illustratestherolethatabridgeCAcouldplay—itisresponsibleforissuingcross-certificatesforallconnectedCAsandtrustdomains.Thebridgeisnotconsideredarootortrustanchor,butmerelytheentitythatgeneratesandmaintainsthecross-certificationfortheconnectedenvironments.

•Figure6.16AbridgeCAcancontrolthecross-certificationprocedures.

ExamTip:Threetrustmodelsexist:hierarchical,peer-to-peer,andhybrid.Hierarchicaltrustislikeanupside-downtree,peer-to-peerisalateralseriesofreferences,andhybridisacombinationofhierarchicalandpeer-to-peertrust.

Certificate-BasedThreatsAlthoughcertificatesbringmuchcapabilitytosecuritythroughpracticalmanagementoftrust,theyalsocanpresentthreats.Becausemuchoftheactualworkisdonebehindthescenes,withoutdirectuserinvolvement,afalsesenseofsecuritymightensue.EndusersmightassumethatifanHTTPSconnectionwasmadewithaserver,theyaresecurelyconnectedtotheproperserver.Spoofing,phishing,pharming,andawiderangeofsophisticatedattackspreyonthisassumption.Today,industryhasrespondedwithahigh-assurancecertificatethatissignedandrecognizedbybrowsers.Usingthisexample,wecanexaminehowanattackermightpreyonauser’strustinsoftwaregettingthingscorrect.Ifahackerwishestohavesomethingrecognizedaslegitimate,hemay

havetoobtainacertificatethatprovesthispointtotheend-usermachine.Oneavenuewouldbetoforgeafalsecertificate,butthisischallengingbecauseofthepublickeysigningofcertificatesbyCAs.Toovercomethisproblem,thehackerneedstoinstallafalse,self-signedrootcertificateontheend-userPC.Thisfalsekeycanthenbeusedtovalidatemalicioussoftwareascomingfromatrustedsource.Thisattackpreysonthefactthatendusersdonotknowthecontentsoftheirrootcertificatestore,nordotheyhaveameanstovalidatechanges.Inanenterpriseenvironment,thisattackcanbethwartedbylockingdownthecertificatestoreandvalidatingchangesagainstawhitelist.Thisoptionreallyisnotverypracticalforendusersoutsideofanenterprise.

StolenCertificatesCertificatesactasaformoftrustedIDandaretypicallyhandledwithoutend-userintervention.Toensuretheveracityofacertificate,aseriesofcryptographiccontrolsisemployed,includingdigitalsignaturestoprovideproofofauthenticity.Thisstatementaside,stolencertificateshavebeenusedinmultiplecasesofcomputerintrusions/systemattacks.Speciallycraftedmalwarehasbeendesignedtostealbothprivatekeysanddigitalcertificatesfrommachines.Oneofthemostinfamousmalwareprograms,theZeusbot,hasfunctionalitytoperformthistask.

Astolencertificateand/orprivatekeycanbeusedtobypassmanysecuritymeasures.ConcernoverstolenSSL/TLScredentialsledtothecreationofhigh-assurancecertificates,whicharediscussedinChapter17.

Stolencertificateshavebeenimplementedinawiderangeofattacks.Malwaredesignedtoimitateantivirussoftwarehasbeenfounddatingbackto2009.TheStuxnetattackontheIraniannuclearproductionfacilityusedstolencertificatesfromthirdpartiesthatwerenotinvolvedinanywayotherthantheunwittingcontributionofapasskeyintheformofacertificate.InlessthanamonthaftertheSonyPicturesEntertainmentattackbecamepublicin2014,malwareusingSonycertificatesappeared.Whetherthecertificatescamefromthebreak-inoroneofthepreviousSonyhacksisunknown,buttheresultisthesame.

Chapter6Review

LabBookExercise

Thefollowinglabexercisefromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providespracticalapplicationofmaterialcoveredinthischapter:

Lab8.5wUsingIPsecinWindows

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutpublickeyinfrastructures.

Implementthebasicsofpublickeyinfrastructures

PKIsolutionsincludecertificateauthorities(CAs)andregistrationauthorities(RAs).

PKIsformthecentralmanagementfunctionalityusedtoenableencryptiontechnologies.

Thestepsauserperformstoobtainacertificateforusearelistedinthetextandareimportanttomemorize.

Describetheroleofregistrationauthorities

RAsverifyidentitiestobeusedoncertificates.

RAspassidentityinformationtoCAsforuseinbindingtoacertificate.

Usedigitalcertificates

Certificatesarehandledviaacertificateserverandclientsoftware.

Therearethreeclassesofcertificatesandtheyhavethefollowingtypicaluses:

Class1Personale-mailuseClass2Softwaresigning

Class3SettingupaCAUnderstandthelifecycleofcertificates

Certificatesaregenerated,registered,andhistoricallyverifiedbytheoriginatingCA.

Therearetwomainmechanismstomanagetherevocationofacertificate:CRLandOCSP.

Keys,andhencecertificates,havealifecycle;theyarecreated,usedforadefinedperiodoftime,andthendestroyed.

Explaintherelationshipbetweentrustandcertificateverification

Trustisbasedonanunderstandingoftheneedsoftheuserandwhattheitembeingtrustedoffers.

Certificateverificationprovidesassurancethatthedatainthecertificateisvalid,notwhetheritmeetstheneedsoftheuser.

Describetherolesofcertificateauthoritiesandcertificaterepositories

CAscreatecertificatesforidentifiedentitiesandmaintainrecordsoftheirissuanceandrevocation.

CRLsprovideameansoflettingusersknowwhencertificateshavebeenrevokedbeforetheirend-of-lifedate.

Identifycentralizedanddecentralizedinfrastructures

TherearethreedifferentarchitecturesofCAs:

Hierarchical

Peer-to-peer

Hybrid

MultipleCAscanbeusedtogethertocreateaweboftrust.

Describepublicandin-housecertificateauthorities

PublicCAsexistasaservicethatallowsentitiestoobtaincertificatesfromatrustedthirdparty.

In-housecertificatesprovidecertificatesthatallowafirmameanstousecertificateswithincompanyborders.

KeyTermsauthorityrevocationlist(ARL)(142)CAcertificate(136)certificate(128)certificateauthority(CA)(130)certificatepath(158)certificaterepository(143)certificaterevocationlist(CRL)(140)certificateserver(131)certificatesigningrequest(CSR)(138)certificationpracticesstatement(CPS)(131)cross-certificationcertificate(137)digitalcertificate(130)dualcontrol(150)end-entitycertificate(136)hardwaresecuritymodule(HSM)(147)hierarchicaltrustmodel(157)hybridtrustmodel(159)keyarchiving(150)keyescrow(150)keyrecovery(150)localregistrationauthority(LRA)(132)OnlineCertificateStatusProtocol(OCSP)(142)

peer-to-peertrustmodel(158)policycertificate(137)publickeyinfrastructure(PKI)(129)registrationauthority(RA)(131)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.The_______________isthetrustedauthorityforcertifyingindividuals’identitiesandcreatinganelectronicdocumentindicatingthatindividualsarewhotheysaytheyare.

2.A(n)_______________istheactualrequesttoaCAcontainingapublickeyandtherequisiteinformationneededtogenerateacertificate.

3.The_______________isamethodofdeterminingwhetheracertificatehasbeenrevokedthatdoesnotrequirelocalmachinestorageofCRLs.

4.The_______________istheactualservicethatissuescertificatesbasedonthedataprovidedduringtheinitialregistrationprocess.

5.Aphysicaldevicethatsafeguardscryptographickeysiscalleda(n)_______________.

6.A(n)_______________isaholdingplaceforindividuals’certificatesandpublickeysthatareparticipatinginaparticularPKIenvironment.

7.A(n)_______________isusedwhenindependentCAsestablishpeer-to-peertrustrelationships.

8.A(n)_______________isastructurethatprovidesallofthenecessarycomponentsfordifferenttypesofusersandentitiestobe

abletocommunicatesecurelyandinapredictablemanner.

9._______________istheprocessofgivingkeystoathirdpartysothattheycandecryptandreadsensitiveinformationiftheneedarises.

10.Ina(n)_______________,oneCAisnotsubordinatetoanotherCA,andthereisnoestablishedtrustanchorbetweentheCAsinvolved.

Multiple-ChoiceQuiz1.WhenauserwantstoparticipateinaPKI,whatcomponentdoeshe

orsheneedtoobtain,andhowdoesthathappen?

A.TheusersubmitsacertificaterequesttotheCA.

B.TheusersubmitsakeypairrequesttotheCRL.

C.TheusersubmitsacertificaterequesttotheRA.

D.TheusersubmitsproofofidentificationtotheCA.

2.Howdoesauservalidateadigitalcertificatethatisreceivedfromanotheruser?

A.TheuserfirstseeswhetherhersystemhasbeenconfiguredtotrusttheCAthatdigitallysignedtheotheruser’scertificateandthenvalidatesthatCA’sdigitalsignature.

B.Theusercalculatesamessagedigestandcomparesittotheoneattachedtothemessage.

C.TheuserfirstseeswhetherhersystemhasbeenconfiguredtotrusttheCAthatdigitallysignedthecertificateandthenvalidatesthepublickeythatisembeddedwithinthecertificate.

D.Theuservalidatesthesender’sdigitalsignatureonthemessage.

3.Whatisthepurposeofadigitalcertificate?

A.ItbindsaCAtoauser’sidentity.

B.ItbindsaCA’sidentitytothecorrectRA.

C.ItbindsanindividualidentitytoanRA.

D.Itbindsanindividualidentitytoapublickey.

4.Whatstepsdoesauser’ssoftwaretaketovalidateaCA’sdigitalsignatureonadigitalcertificate?

A.Theuser’ssoftwarecreatesamessagedigestforthedigitalcertificateanddecryptstheencryptedmessagedigestincludedwithinthedigitalcertificate.Ifthedecryptionperformsproperlyandthemessagedigestvaluesarethesame,thecertificateisvalidated.

B.Theuser’ssoftwarecreatesamessagedigestforthedigitalsignatureandencryptsthemessagedigestincludedwithinthedigitalcertificate.Iftheencryptionperformsproperlyandthemessagedigestvaluesarethesame,thecertificateisvalidated.

C.Theuser’ssoftwarecreatesamessagedigestforthedigitalcertificateanddecryptstheencryptedmessagedigestincludedwithinthedigitalcertificate.IftheusercanencryptthemessagedigestproperlywiththeCA’sprivatekeyandthemessagedigestvaluesarethesame,thecertificateisvalidated.

D.Theuser’ssoftwarecreatesamessagedigestforthedigitalsignatureandencryptsthemessagedigestwithitsprivatekey.Ifthedecryptionperformsproperlyandthemessagedigestvaluesarethesame,thecertificateisvalidated.

5.Whywouldacompanyimplementakeyarchivingandrecoverysystemwithintheorganization?

A.Tomakesurealldataencryptionkeysareavailableforthecompanyifandwhenitneedsthem

B.Tomakesurealldigitalsignaturekeysareavailableforthecompanyifandwhenitneedsthem

C.Tocreatesessionkeysforuserstobeabletoaccesswhentheyneedtoencryptbulkdata

D.TobackuptheRA’sprivatekeyforretrievalpurposes

6.WithinaPKIenvironment,wheredoesthemajorityofthetrustactuallylie?

A.AllusersanddeviceswithinanenvironmenttrusttheRA,whichallowsthemtoindirectlytrusteachother.

B.AllusersanddeviceswithinanenvironmenttrusttheCA,whichallowsthemtoindirectlytrusteachother.

C.AllusersanddeviceswithinanenvironmenttrusttheCRL,whichallowsthemtoindirectlytrusteachother.

D.AllusersanddeviceswithinanenvironmenttrusttheCPS,whichallowsthemtoindirectlytrusteachother.

7.Whichofthefollowingproperlydescribeswhatapublickeyinfrastructure(PKI)actuallyis?

A.Aprotocolwrittentoworkwithalargesubsetofalgorithms,applications,andprotocols

B.Analgorithmthatcreatespublic/privatekeypairs

C.Aframeworkthatoutlinesspecifictechnologiesandalgorithmsthatmustbeused

D.Aframeworkthatdoesnotspecifyanytechnologiesbutprovidesafoundationforconfidentiality,integrity,andavailabilityservices

8.Onceanindividualvalidatesanotherindividual’scertificate,whatistheuseofthepublickeythatisextractedfromthisdigital

certificate?

A.Thepublickeyisnowavailabletousetocreatedigitalsignatures.

B.Theusercannowencryptsessionkeysandmessageswiththispublickeyandcanvalidatethesender’sdigitalsignatures.

C.Thepublickeyisnowavailabletoencryptfuturedigitalcertificatesthatneedtobevalidated.

D.Theusercannowencryptprivatekeysthatneedtobetransmittedsecurely.

9.Whywouldadigitalcertificatebeaddedtoacertificaterevocationlist(CRL)?

A.Ifthepublickeyhadbecomecompromisedinapublicrepository

B.Iftheprivatekeyhadbecomecompromised

C.Ifanewemployeejoinedthecompanyandreceivedanewcertificate

D.Ifthecertificateexpired

10.HowcanusershavefaiththattheCRLwasnotmodifiedtopresentincorrectinformation?

A.TheCRLisdigitallysignedbytheCA.

B.TheCRLisencryptedbytheCA.

C.TheCRLisopenforanyonetopostcertificateinformationto.

D.TheCRLisaccessibleonlytotheCA.

EssayQuiz

1.Describetheprosandconsofestablishingakeyarchivingsystemprogramforasmall-tomedium-sizedbusiness.

2.Whywouldasmall-tomedium-sizedfirmimplementaPKIsolution?Whatbusinessbenefitswouldensuefromsuchacourseofaction?

3.Describethestepsinvolvedinverifyingacertificate’svalidity.4.Describethestepsinobtainingacertificate.5.Compareandcontrastthehierarchicaltrustmodel,peer-to-peertrust

model,andhybridtrustmodel.

LabProjects

•LabProject6.1InvestigatetheprocessofobtainingapersonalcertificateordigitalIDfore-mailusage.Whatinformationisneeded,whatarethecosts,andwhatprotectionisaffordedbasedonthevendor?

•LabProject6.2Determinewhatcertificatesareregisteredwiththebrowserinstanceonyourcomputer.

chapter7 PKIStandardsandProtocols

Thenicethingaboutstandardsisthatyouhavesomanytochoosefrom.

—ANDREWS.TANENBAUM

N

Inthischapter,youwilllearnhowto

IdentifythestandardsinvolvedinestablishinganinteroperableInternetPKI

ExplaininteroperabilityissueswithPKIstandards

DescribehowthecommonInternetprotocolsimplementthePKIstandards

oneofthestillsteadilygrowingInternetcommercewouldbepossiblewithouttheuseofstandardsandprotocolsthatprovideacommon,interoperableenvironmentforexchanginginformationsecurely.Due

tothewidedistributionofInternetusersandbusinesses,themostpracticalsolutiontodatehasbeenthecommercialimplementationofpublickeyinfrastructures(PKIs).Thischapterexaminesthestandardsandprotocolsinvolvedinsecure

Internettransactionsande-businessusingaPKI.Althoughyoumayuseonlyaportionoftherelatedstandardsandprotocolsonadailybasis,youshouldunderstandhowtheyinteracttoprovidetheservicesthatarecriticalforsecurity:confidentiality,integrity,availability,authentication,andnonrepudiation.Thischapterwillalsoincludesomerelatedstandards,suchasFIPSandtheCommonCriteria.

Chapter6introducedthealgorithmsandtechniquesusedtoimplementapublicPKI,but,asyouprobablynoticed,thereisalotofroomforinterpretation.VariousorganizationshavedevelopedandimplementedstandardsandprotocolsthathavebeenacceptedasthebasisforsecureinteractioninaPKIenvironment.Thesestandardsfallintothreegeneralcategories:

TechTip

RevolutionaryTechnologiesThe1976publicdisclosureofasymmetrickeyalgorithmsbyDiffie,Hellman,Rivest,Shamir,

andAdlemanchangedsecurecommunicationsinaworld-shatteringway.Itwasatechnologythatmettheneedofanotheremergingtechnology;thedevelopmentoftheInternetduringthissametimeledtotheneedforsecurecommunicationsbetweenanonymousparties—combined,atechnologicallyrevolutionaryevent.

StandardsthatdefinethePKIThesestandardsdefinethedataanddatastructuresexchangedandthemeansformanagingthatdatatoprovidethefunctionsofthePKI(certificateissuance,storage,revocation,registration,andmanagement).

StandardsthatdefinetheinterfacebetweenapplicationsandtheunderlyingPKIThesestandardsusethePKItoestablishtheservicesrequiredbyapplications(S/MIME,SSL,andTLS).

OtherstandardsThesestandardsdon’tfitneatlyineitheroftheothertwocategories.Theyprovidebitsandpiecesthatglueeverythingtogether;theynotonlycanaddressthePKIstructureandthemethodsandprotocolsforusingit,butcanalsoprovideanoverarchingbusinessprocessenvironmentforPKIimplementation(forexample,ISO/IEC27002,CommonCriteria,andtheFederalInformationProcessingStandardsPublications[FIPSPUBS]).

Figure7.1showstherelationshipsbetweenthesestandardsandprotocolsandconveystheinterdependenceofthestandardsandprotocolsdiscussedinthischapter.TheInternetpublickeyinfrastructure(PKI)reliesonthreemainstandardsforestablishinginteroperablePKIservices:PKIX.509(PKIX),PublicKeyCryptographyStandards(PKCS),andX.509.OtherprotocolsandstandardshelpdefinethemanagementandoperationofthePKIandrelatedservices—InternetSecurityAssociationandKeyManagementProtocol(ISAKMP)andXMLKeyManagementSpecification(XKMS)arebothkeymanagementprotocols,whileCertificateManagementProtocol(CMP)isusedformanagingcertificates.CertificateEnrollmentProtocol(CEP)isanalternativecertificateissuance,distribution,andrevocationmechanism.Finally,PrettyGoodPrivacy(PGP)providesanalternativemethodspanningtheprotocoland

applicationlevels.

•Figure7.1RelationshipsbetweenPKIstandardsandprotocols

Thischapterexamineseachstandardfromthebottomup,startingwithbuildinganinfrastructurethroughprotocolsandapplications,andfinishingwithsomeoftheinherentweaknessesofandpotentialattacksonaPKI.

PKIXandPKCSTwomainstandardshaveevolvedovertimetoimplementPKIsonapracticallevelontheInternet.BotharebasedontheX.509certificatestandard(discussedshortlyinthe“X.509”section)andestablishcomplementarystandardsforimplementingPKIs.PKIXandPKCSintertwinetodefinethemostcommonlyusedsetofstandards.PKIXwasproducedbytheInternetEngineeringTaskForce(IETF)and

definesstandardsforinteractionsandoperationsforfourcomponenttypes:theuser(end-entity),certificateauthority(CA),registrationauthority(RA),andtherepositoryforcertificatesandcertificaterevocationlists(CRLs).PKCSdefinesmanyofthelower-levelstandardsformessagesyntax,cryptographicalgorithms,andthelike.ThePKCSsetofstandardsisaproductofRSASecurity.ThePKIXworkinggroupwasformedin1995todevelopthestandards

necessarytosupportPKIs.Atthetime,theX.509PublicKeyCertificate(PKC)formatwasproposedasthebasisforaPKI.X.509includesinformationregardingdataformatsandproceduresusedforCA-signedPKCs,butitdoesn’tspecifyvaluesorformatsformanyofthefieldswithinthePKC.PKIXprovidesstandardsforextendingandusingX.509v3certificatesandformanagingthem,enablinginteroperabilitybetweenPKIsfollowingthestandards.PKIXusesthemodelshowninFigure7.2forrepresentingthe

componentsandusersofaPKI.Theuser,calledanend-entity,isnotpartofthePKI,butend-entitiesareeitherusersofthePKIcertificates,thesubjectofacertificate(anentityidentifiedbyit),orboth.Thecertificateauthority(CA)isresponsibleforissuing,storing,andrevokingcertificates—bothPKCsandAttributeCertificates(ACs).TheRAisresponsibleformanagementactivitiesdesignatedbytheCA.TheRAcan,infact,beacomponentoftheCAratherthanaseparatecomponent.ThefinalcomponentofthePKIXmodelistherepository,asystemorgroupofdistributedsystemsthatprovidescertificatesandCRLstotheend-entities.Thecertificaterevocationlist(CRL)isadigitallysignedobjectthatlists

allofthecurrentbutrevokedcertificatesissuedbyaCA.

•Figure7.2ThePKIXmodel

TechTip

PKIEssentialsAPKIbringstogetherpolicies,procedures,hardware,software,andenduserstocreate,manage,store,distribute,andrevokedigitalcertificates.

PKIXStandardsNowthatwehavelookedathowPKIXisorganized,let’stakealookat

whatPKIXdoes.UsingX.509v3,thePKIXworkinggroupaddressesfivemajorareas:

PKIXoutlinescertificateextensionsandcontentnotcoveredbyX.509v3andtheformatofversion2CRLs,thusprovidingcompatibilitystandardsforsharingcertificatesandCRLsbetweenCAsandend-entitiesindifferentPKIs.ThePKIXprofileoftheX.509v3PKCdescribesthecontents,requiredextensions,optionalextensions,andextensionsthatneednotbeimplemented.ThePKIXprofilesuggestsarangeofvaluesformanyextensions.Inaddition,PKIXprovidesaprofileforversion2CRLs,allowingdifferentPKIstosharerevocationinformation.

PKIXprovidescertificatemanagementmessageformatsandprotocols,definingthedatastructures,managementmessages,andmanagementfunctionsforPKIs.Theworkinggroupalsoaddressestheassumptionsandrestrictionsoftheirprotocols.ThisstandardidentifiestheprotocolsnecessarytosupportonlineinteractionsbetweenentitiesinthePKIXmodel.Themanagementprotocolssupportfunctionsforentityregistration,initializationofthecertificate(possiblykey-pairgeneration),issuanceofthecertificate,key-pairupdate,certificaterevocation,cross-certification(betweenCAs),andkey-pairrecoveryifavailable.

PKIXoutlinescertificatepoliciesandcertificationpracticesstatements(CPSs),establishingtherelationshipbetweenpoliciesandCPSs.Apolicyisasetofrulesthathelpsdeterminetheapplicabilityofacertificatetoanend-entity.Forexample,acertificateforhandlingroutineinformationwouldprobablyhaveapolicyoncreation,storage,andmanagementofkeypairsquitedifferentfromapolicyforcertificatesusedinfinancialtransactions,duetothesensitivityofthefinancialinformation.ACPSexplainsthepracticesusedbyaCAtoissuecertificates.Inotherwords,theCPSisthemethodusedtogetthecertificate,whilethepolicydefinessomecharacteristicsofthecertificateandhowitwillbehandledandused.

PKIXspecifiesoperationalprotocols,definingtheprotocolsforcertificatehandling.Inparticular,protocoldefinitionsarespecifiedforusingFileTransferProtocol(FTP)andHypertextTransferProtocol(HTTP)toretrievecertificatesfromrepositories.Thesearethemostcommonprotocolsforapplicationstousewhenretrievingcertificates.

PKIXincludestime-stampinganddatacertificationandvalidationservices,whichareareasofinteresttothePKIXworkinggroup,andwhichwillprobablygrowinuseovertime.Atimestampauthority(TSA)certifiesthataparticularentityexistedataparticulartime.ADataValidationandCertificationServer(DVCS)certifiesthevalidityofsigneddocuments,PKCs,andthepossessionorexistenceofdata.Thesecapabilitiessupportnonrepudiationrequirementsandareconsideredbuildingblocksforanonrepudiationservice.

PKCsarethemostcommonlyusedcertificates,butthePKIXworkinggrouphasbeenworkingontwoothertypesofcertificates:AttributeCertificatesandQualifiedCertificates.AnAttributeCertificate(AC)isusedtograntpermissionsusingrule-based,role-based,andrank-basedaccesscontrols.ACsareusedtoimplementaprivilegemanagementinfrastructure(PMI).InaPMI,anentity(user,program,system,andsoon)istypicallyidentifiedasaclienttoaserverusingaPKC.Therearethentwopossibilities:eithertheidentifiedclientpushesanACtotheserver,ortheservercanqueryatrustedrepositorytoretrievetheattributesoftheclient.ThissituationismodeledinFigure7.3.

•Figure7.3ThePKIXPMImodel

TheclientpushoftheAChastheeffectofimprovingperformance,butnoindependentverificationoftheclient’spermissionsisinitiatedbytheserver.ThealternativeistohavetheserverpulltheinformationfromanACissuerorarepository.Thismethodispreferablefromasecuritystandpoint,becausetheserverorserver’sdomaindeterminestheclient’saccessrights.Thepullmethodhastheaddedbenefitofrequiringnochangestotheclientsoftware.TheQualifiedCertificate(QC)isbasedonthetermusedwithinthe

EuropeanCommissiontoidentifycertificateswithspecificlegislativeuses.ThisconceptisgeneralizedinthePKIXQCprofiletoindicateacertificateusedtoidentifyaspecificindividual(asinglehumanratherthantheentityofthePKC)withahighlevelofassuranceinanonrepudiationservice.TherearedozensofIETFRequestsforComment(RFCs)thathavebeen

producedbythePKIXworkinggroupforeachofthesefiveareas.

ForacompletelistofcurrentandpendingdocumentsassociatedwithPKIX,seetheInternetdraftforthePKIXworkinggrouproadmap(https://www.ietf.org/archive/id/draft-ietf-pkix-roadmap-09.txt/).

PKCSRSALaboratoriescreatedthePublicKeyCryptographyStandards(PKCS)tofillsomeofthegapsinthestandardsthatexistedinPKIimplementation.AstheyhavewiththePKIXstandards,PKIdevelopershaveadoptedmanyofthesestandardsasabasisforachievinginteroperabilitybetweendifferentCAs.PKCSiscomposedofasetof(currently)13activestandards,with2otherstandardsthatarenolongeractive.ThestandardsarereferredtoasPKCS#1throughPKCS#15,aslistedinTable7.1.ThestandardscombinetoestablishacommonbaseforservicesrequiredinaPKI.

Table7.1 PKCSStandards

ThoughadoptedearlyinthedevelopmentofPKIs,someofthesestandardsarebeingphasedout.Forexample,PKCS#6isbeingreplacedbyX.509v3(coveredshortlyinthe“X.509”section)andPKCS#7andPKCS#10arebeingusedless,astheirPKIXcounterpartsarebeingadopted.

WhyYouNeedtoKnowthePKIXandPKCSStandardsIfyourcompanyisplanningtouseoneoftheexistingcertificateserverstosupporte-commerce,youmaynotneedtoknowthespecificsofthesestandards(exceptperhapsfortheCompTIASecurity+exam).However,ifyouplantoimplementaprivatePKItosupportsecureserviceswithinyourorganization,youneedtounderstandwhatstandardsareoutthereandhowthedecisiontouseaparticularPKIimplementation(eitherhomegrownorcommercial)mayleadtoincompatibilitieswithothercertificate-issuingentities.Youmustconsideryourbusiness-to-businessrequirementswhenyou’redecidinghowtoimplementaPKIwithinyourorganization.

ExamTip:Allofthestandardsandprotocolsdiscussedinthischapterarethe“vocabulary”ofthecomputersecurityindustry.Youshouldbewellversedinallthesetitlesandtheirpurposesandoperations.

TechTip

X.509EssentialsX.509specifiesstandardformatsforpublickeycertificates,certificaterevocationlists,andAttributeCertificates.

X.509Whatisacertificate?AsexplainedinChapter6,acertificateismerelyadatastructurethatbindsapublickeytosubjects(uniquenames,DNSentries,ore-mails)andisusedtoauthenticatethatapublickeyindeedbelongstothesubject.Inthelate1980s,theX.500OSIDirectoryStandardwasdefinedbytheInternationalOrganizationforStandardization(ISO)andtheInternationalTelecommunicationUnion(ITU).Itwasdevelopedforimplementinganetworkdirectorysystem,andpartofthisdirectorystandardwastheconceptofauthenticationofentitieswithinthedirectory.X.509istheportionoftheX.500standardthataddressesthestructureofcertificatesusedforauthentication.SeveralversionsoftheX.509certificateshavebeencreated,with

version3beingthecurrentversion(asthisisbeingwritten).EachversionhasextendedthecontentsofthecertificatestoincludeadditionalinformationnecessarytousecertificatesinaPKI.TheoriginalITUX.509definitionwaspublishedin1988,wasformerlyreferredtoasCCITTX.509,andissometimesreferredtoasISO/IEC/ITU9594-8.Version3addedadditionaloptionalextensionsformoresubjectidentificationinformation,keyattributeinformation,policyinformation,andcertificationpathconstraints.Inaddition,version3allowsadditionalextensionstobedefinedinstandardsortobedefinedandregisteredbyorganizationsorcommunities.Certificatesareusedtoencapsulatetheinformationneededto

authenticateanentity.TheX.509specificationdefinesahierarchicalcertificationstructurethatreliesonarootCAthatisself-certifying(meaningitissuesitsowncertificate).Allothercertificatescanbetracedbacktosucharootthroughapath.ACAissuesacertificatetoauniquelyidentifiableentity(person,corporation,computer,andsoon)—issuingacertificateto“JohnSmith”wouldcausesomerealproblemsifthatwerealltheinformationtheCAhadwhenissuingthecertificate.WearesavedsomewhatbytherequirementthattheCAdetermineswhatidentifierisunique(thedistinguishedname),butwhencertificatesandtrustare

extendedbetweenCAs,theuniqueidentificationbecomescritical.

CrossCheckCertificatesAdetaileddescriptionofcertificatesandthesupportingpublickeyinfrastructureisprovidedinChapter6.

SSL/TLSSecureSocketsLayer(SSL)andTransportLayerSecurity(TLS)providethemostcommonmeansofinteractingwithaPKIandcertificates.Theolder,SSLprotocolwasintroducedbyNetscapeasameansofprovidingsecureconnectionsforwebtransfersusingencryption.Thesetwoprotocolsprovidesecureconnectionsbetweentheclientandserverforexchanginginformation.Theyalsoprovideserverauthentication(andoptionally,clientauthentication)andconfidentialityofinformationtransfers.SeeChapter17foradetailedexplanation.

TechTip

SSL/TLSSimplifiedSSLandTLSarecryptographicprotocolstoprovidedataintegrityandsecurityovernetworksbyencryptingnetworkconnectionsatthetransportlayer.InmanycasespeopleusethetermSSLevenwhenTLSisinfacttheprotocolbeingused.

TheIETFestablishedtheTLSworkinggroupin1996todevelopastandardtransportlayersecurityprotocol.TheworkinggroupbeganwithSSLversion3.0asitsbasisandreleasedRFC2246,“TheTLSProtocolVersion1.0,”in1999asaproposedstandard.TheworkinggroupalsopublishedRFC2712,“AdditionofKerberosCipherSuitestoTransport

LayerSecurity(TLS),”asaproposedstandard,andtwoRFCsontheuseofTLSwithHTTP.Likeitspredecessor,TLSisaprotocolthatensuresprivacybetweencommunicatingapplicationsandtheirusersontheInternet.Whenaserverandclientcommunicate,TLSensuresthatnothirdpartycaneavesdroportamperwithanymessage.

SSLisdeprecated.AllversionsofSSL,includingv3,haveexploitablevulnerabilitiesthatmaketheprotocolnolongerconsideredsecure.Foralltrafficwhereconfidentialityisimportant,youshoulduseTLS.

TLSiscomposedoftwoparts:theTLSRecordProtocolandtheTLSHandshakeProtocol.TheTLSRecordProtocolprovidesconnectionsecuritybyusingsupportedencryptionmethods.TheTLSRecordProtocolcanalsobeusedwithoutencryption.TheTLSHandshakeProtocolallowstheserverandclienttoauthenticateeachotherandtonegotiateasessionencryptionalgorithmandcryptographickeysbeforedataisexchanged.ThoughTLSisbasedonSSLandissometimesreferredtoasSSL,they

arenotinteroperable.However,theTLSprotocoldoescontainamechanismthatallowsaTLSimplementationtobackdowntoSSL3.0.Thedifferencebetweenthetwoisthewaytheyperformkeyexpansionandmessageauthenticationcomputations.TheTLSRecordProtocolisalayeredprotocol.Ateachlayer,messagesmayincludefieldsforlength,description,andcontent.TheRecordProtocoltakesmessagestobetransmitted,fragmentsthedataintomanageableblocks,optionallycompressesthedata,appliesamessageauthenticationcode(HMAC)tothedata,encryptsit,andtransmitstheresult.Receiveddataisdecrypted,verified,decompressed,andreassembled,andthendeliveredtohigher-levelclients.TheTLSHandshakeProtocolinvolvesthefollowingsteps,whichare

summarizedinFigure7.4:

•Figure7.4TLSHandshakeProtocol

1.Exchangehellomessagestoagreeonalgorithms,exchangerandomvalues,andcheckforsessionresumption.

2.Exchangethenecessarycryptographicparameterstoallowtheclientandservertoagreeonapre-mastersecret.

3.Exchangecertificatesandcryptographicinformationtoallowtheclientandservertoauthenticatethemselves.

4.Generateamastersecretfromthepre-mastersecretandexchangerandomvalues.

5.Providesecurityparameterstotherecordlayer.6.Allowtheclientandservertoverifythattheirpeerhascalculated

thesamesecurityparametersandthatthehandshakeoccurredwithouttamperingbyanattacker.

Thoughithasbeendesignedtominimizethisrisk,TLSstillhaspotentialvulnerabilitiestoaman-in-the-middleattack.Ahighlyskilledandwell-placedattackercanforceTLStooperateatlowersecuritylevels.Regardless,throughtheuseofvalidatedandtrustedcertificates,asecureciphersuitecanbeselectedfortheexchangeofdata.Onceestablished,aTLSsessionremainsactiveaslongasdataisbeing

exchanged.Ifsufficientinactivetimehaselapsedforthesecureconnectiontotimeout,itcanbereinitiated.

TechTip

DisablingSSLBecauseallversionsofSSL,includingv3,haveexploitablevulnerabilitiesthatmaketheprotocolnolongerconsideredsecure,usersshouldnotrelyonitforsecurity.ChromenolongerusesSSL.ForInternetExplorer,youneedtounchecktheSSLboxesunderInternetOptions.

CipherSuitesInmanyapplications,theuseofcryptographyoccursasacollectionoffunctions.Differentalgorithmscanbeusedforauthentication,encryption/decryption,digitalsignatures,andhashing.Thetermciphersuitereferstoanarrangedgroupofalgorithms.Forinstance,TLShasapublishedTLSCipherSuiteRegistryatwww.iana.org/assignments/tls-

parameters/tls-parameters.xhtml.Thereisawiderangeofciphers,someoldandsomenew,eachwithits

ownstrengthsandweaknesses.Overtime,newmethodsandcomputationalabilitieschangetheviabilityofciphers.Theconceptofstrongversusweakciphersisanacknowledgmentthat,overtime,cipherscanbecomevulnerabletoattacks.Theapplicationorselectionofciphersshouldtakeintoconsiderationthatnotallciphersarestillstrong.Whenselectingacipherforuse,itisimportanttomakeanappropriatechoice.Forexample,ifaserveroffersSSLv3andTLS,youshouldchooseTLSonly,asSSLv3hasbeenshowntobevulnerable.

ISAKMPTheInternetSecurityAssociationandKeyManagementProtocol(ISAKMP)providesamethodforimplementingakeyexchangeprotocolandfornegotiatingasecuritypolicy.Itdefinesproceduresandpacketformatstonegotiate,establish,modify,anddeletesecurityassociates.Becauseitisaframework,itdoesn’tdefineimplementation-specificprotocols,suchasthekeyexchangeprotocolorhashfunctions.ExamplesofISAKMParetheInternetKeyExchange(IKE)protocolandIPsec,whichareusedwidelythroughouttheindustry.AnimportantdefinitionforunderstandingISAKMPisthatoftheterm

securityassociation.Asecurityassociation(SA)isarelationshipinwhichtwoormoreentitiesdefinehowtheywillcommunicatesecurely.ISAKMPisintendedtosupportSAsatalllayersofthenetworkstack.Forthisreason,ISAKMPcanbeimplementedonthetransportlayerusingTCPorUserDatagramProtocol(UDP),oritcanbeimplementedonIPdirectly.NegotiationofanSAbetweenserversoccursintwostages.First,the

entitiesagreeonhowtosecurenegotiationmessages(theISAKMPSA).Oncetheentitieshavesecuredtheirnegotiationtraffic,theythendeterminetheSAsfortheprotocolsusedfortheremainderoftheircommunications.Figure7.5showsthestructureoftheISAKMPheader.ThisheaderisusedduringbothpartsoftheISAKMPnegotiation.

•Figure7.5ISAKMPheaderformat

TheInitiatorCookieissetbytheentityrequestingtheSA,andtherespondersetstheResponderCookie.ThePayloadbyteindicatesthetypeofthefirstpayloadtobeencapsulated.Payloadtypesincludesecurityassociations,proposals,keytransforms,keyexchanges,vendoridentities,andotherthings.TheMajorandMinorRevisionfieldsrefertothemajorversionnumberandminorversionnumberfortheISAKMP.TheExchangeTypehelpsdeterminetheorderofmessagesandpayloads.TheFlagsbitsindicateoptionsfortheISAKMPexchange,includingwhetherthepayloadisencrypted,whethertheinitiatorandresponderhave“committed”totheSA,andwhetherthepacketistobeauthenticatedonly(andisnotencrypted).ThefinalfieldsoftheISAKMPheaderindicatetheMessageIdentifierandaMessageLength.PayloadsencapsulatedwithinISAKMPuseagenericheader,andeachpayloadhasitsownheaderformat.OncetheISAKMPSAisestablished,multipleprotocolSAscanbe

establishedusingthesingleISAKMPSA.Thisfeatureisvaluableduetotheoverheadassociatedwiththetwo-stagenegotiation.SAsarevalidforspecificperiodsoftime,andoncethetimeexpires,theSAmustberenegotiated.ManyresourcesarealsoavailableforspecificimplementationsofISAKMPwithintheIPsecprotocol.

CMPThePKIXCertificateManagementProtocol(CMP)isspecifiedinRFC4210.ThisprotocoldefinesthemessagesandoperationsrequiredtoprovidecertificatemanagementserviceswithinthePKIXmodel.ThoughpartoftheIETFPKIXeffort,CMPprovidesaframeworkthatworkswellwithotherstandards,suchasPKCS#7andPKCS#10.

TechTip

CMPSummarizedCMPisaprotocoltoobtainX.509certificatesinaPKI.

CMPprovidesforthefollowingcertificateoperations:CAestablishment,includingcreationoftheinitialCRLandexportofthepublickeyfortheCA

Certificationofanend-entity,includingthefollowing:

Initialregistrationandcertificationoftheend-entity(registration,certificateissuance,andplacementofthecertificateinarepository)

Updatestothekeypairforend-entities,requiredperiodicallyandwhenakeypairiscompromisedorkeyscannotberecovered

End-entitycertificateupdates,requiredwhenacertificateexpires

PeriodicCAkey-pairupdates,similartoend-entitykey-pair

updates

Cross-certificationrequests,placedbyotherCAs

CertificateandCRLpublication,performedundertheappropriateconditionsofcertificateissuanceandcertificaterevocation

Key-pairrecovery,aservicetorestorekey-pairinformationforanend-entity;forexample,ifacertificatepasswordislostorthecertificatefileislost

Revocationrequests,supportingrequestsbyauthorizedentitiestorevokeacertificate

CMPalsodefinesmechanismsforperformingtheseoperations,eitheronlineorofflineusingfiles,e-mail,tokens,orweboperations.

XKMSTheXMLKeyManagementSpecificationdefinesservicestomanagePKIoperationswithintheExtensibleMarkupLanguage(XML)environment.TheseservicesareprovidedforhandlingPKIkeysandcertificatesautomatically.DevelopedbytheWorldWideWebConsortium(W3C),XKMSisintendedtosimplifyintegrationofPKIsandmanagementofcertificatesinapplications.Aswellasrespondingtoproblemsofauthenticationandverificationofelectronicsignatures,XKMSalsoallowscertificatestobemanaged,registered,orrevoked.XKMSservicesresideonaseparateserverthatinteractswithan

establishedPKI.TheservicesareaccessibleviaasimpleXMLprotocol.DeveloperscanrelyontheXKMSservices,makingitlesscomplextointerfacewiththePKI.Theservicesprovideforretrievingkeyinformation(owner,keyvalue,keyissuer,andthelike)andkeymanagement(suchaskeyregistrationandrevocation).RetrievaloperationsrelyontheXMLsignatureforthenecessary

information.Threetiersofservicearebasedontheclientrequestsandapplicationrequirements.Tier0providesameansofretrievingkey

informationbyembeddingreferencestothekeywithintheXMLsignature.Thesignaturecontainsanelementcalledaretrievalmethodthatindicateswaystoresolvethekey.Inthiscase,theclientsendsarequest,usingtheretrievalmethod,toobtainthedesiredkeyinformation.Forexample,iftheverificationkeycontainsalongchainofX.509v3certificates,aretrievalmethodcouldbeincludedtoavoidsendingthecertificateswiththedocument.Theclientwouldusetheretrievalmethodtoobtainthechainofcertificates.Fortier0,theserverindicatedintheretrievalmethodrespondsdirectlytotherequestforthekey,possiblybypassingtheXKMSserver.Thetier0processisshowninFigure7.6.

•Figure7.6XKMStier0retrieval

Withtier1operations,theclientforwardsthekey-informationportionsoftheXMLsignaturetotheXKMSserver,relyingontheservertoperformtheretrievalofthedesiredkeyinformation.ThedesiredinformationcanbelocaltotheXKMSserver,oritcanresideonanexternalPKIsystem.TheXKMSserverprovidesnoadditionalvalidationofthekeyinformation,suchascheckingwhetherthecertificatehasbeenrevokedorisstillvalid.Justasintier0,theclientperformsfinalvalidationofthedocument.Tier1iscalledthelocateservicebecauseitlocatestheappropriatekeyinformationfortheclient,asshowninFigure7.7.

•Figure7.7XKMStier1locateservice

Tier2iscalledthevalidateserviceandisillustratedinFigure7.8.Inthiscase,justasintier1,theclientreliesontheXKMSservicetoretrievetherelevantkeyinformationfromtheexternalPKI.TheXKMSserveralsoperformsdatavalidationonaportionofthekeyinformationprovidedbytheclientforthispurpose.ThisvalidationverifiesthebindingofthekeyinformationwiththedataindicatedbythekeyinformationcontainedintheXMLsignature.

•Figure7.8XKMStier2validateservice

Theprimarydifferencebetweentier1andtier2isthelevelofinvolvementoftheXKMSserver.Intier1,itcanserveonlyasarelayorgatewaybetweentheclientandthePKI.Intier2,theXKMSserverisactivelyinvolvedinverifyingtherelationbetweenthePKIinformationandthedocumentcontainingtheXMLsignature.XKMSreliesontheclientorunderlyingcommunicationsmechanismto

provideforthesecurityofthecommunicationswiththeXKMSserver.Thespecificationsuggestsusingoneofthreemethodsforensuringserverauthentication,responseintegrity,andrelevanceoftheresponsetotherequest:digitallysignedcorrespondence,atransportlayersecurityprotocol(suchasSSL,TLS,orWTLS),orapacketlayersecurityprotocol(suchasIPsec).Obviously,digitallysignedcorrespondenceintroducesitsownissuesregardingvalidationofthesignature,whichisthepurposeofXKMS.Itispossibletodefineothertiersofservice.Tiers3and4,anassertion

serviceandanassertionstatusservice,respectively,arementionedinthedefiningXKMSspecification,buttheyarenotdefined.Thespecificationstatesthey“could”bedefinedinotherdocuments.XKMSalsoprovidesservicesforkeyregistration,keyrevocation,and

keyrecovery.Authenticationfortheseactionsisbasedonapasswordorpassphrase,whichisprovidedwhenthekeysareregisteredandwhentheymustberecovered.

S/MIMETheSecure/MultipurposeInternetMailExtensions(S/MIME)messagespecificationisanextensiontotheMIMEstandardthatprovidesawaytosendandreceivesignedandencryptedMIMEdata.RSASecuritycreatedthefirstversionoftheS/MIMEstandard,usingtheRSAencryptionalgorithmandthePKCSseriesofstandards.Thesecondversiondatesfrom1998buthadanumberofseriousrestrictions,includingtherestrictionto40-bitDataEncryptionStandard(DES).ThecurrentversionoftheIETFstandardisdatedJuly2004andrequirestheuseofAdvanced

EncryptionStandard(AES).

CrossCheckE-mailEncryptionWanttounderstande-mailencryption?FlipaheadtoChapter16one-mailandinstantmessagingformoredetailsone-mailencryption.Thenanswerthesequestions:

Whyisitimportanttoencrypte-mail?Whatimpactscanmaliciouscodehaveonabusiness?

Whyisinstantmessagingahigherriskthane-mail?

ThechangesintheS/MIMEstandardhavebeensofrequentthatthestandardhasbecomedifficulttoimplementuntilv3.Farfromhavingastablestandardforseveralyearsthatproductmanufacturerscouldhavetimetogainexperiencewith,thereweremanychangestotheencryptionalgorithmsbeingused.Justasimportantly,andnotimmediatelyclearfromtheIETFdocuments,thestandardplacesrelianceuponmorethanoneotherstandardforittofunction.KeyamongtheseistheformatofapublickeycertificateasexpressedintheX.509standard.

IETFS/MIMEHistoryTheS/MIMEv2specificationsoutlineabasicstrategyforprovidingsecurityservicesfore-mailbutlackmanysecurityfeaturesrequiredbytheDepartmentofDefense(DoD)forusebythemilitary.ShortlyafterthedecisionwasmadetorevisetheS/MIMEv2specifications,theDoD,itsvendorcommunity,andcommercialindustrymettobegindevelopmentoftheenhancedspecifications.ThesenewspecificationswouldbeknownasS/MIMEv3.ParticipantsagreedthatbackwardcompatibilitybetweenS/MIMEv3andv2shouldbepreserved;otherwise,S/MIMEv3–compatibleapplicationswouldnotbeabletoworkwitholderS/MIMEv2–compatibleapplications.

AminimumsetofcryptographicalgorithmswasmandatedsothatdifferentimplementationsofthenewS/MIMEv3setofspecificationscouldbeinteroperable.ThisminimumsetmustbeimplementedinanapplicationforittobeconsideredS/MIME-compliant.Applicationscanimplementadditionalcryptographicalgorithmstomeettheircustomers’needs,buttheminimumsetmustalsobepresentintheapplicationsforinteroperabilitywithotherS/MIMEapplications.Thus,usersarenotforcedtouseS/MIME-specifiedalgorithms;theycanchoosetheirown,butiftheapplicationistobeconsideredS/MIME-compliant,thestandardalgorithmsmustalsobepresent.

IETFS/MIMEv3SpecificationsBuildingupontheoriginalworkbytheIMC-organizedgroup,theIETFhasworkedhardtoenhancetheS/MIMEv3specifications.TheultimategoalistohavetheS/MIMEv3specificationsreceiverecognitionasanInternetstandard.ThecurrentIETFS/MIMEv3setofspecificationsincludesthefollowing:

CryptographicMessageSyntax(CMS)

S/MIMEv3messagespecification

S/MIMEv3certificate-handlingspecification

Enhancedsecurityservices(ESS)forS/MIME

TechTip

S/MIMEinaNutshellS/MIMEprovidestwosecurityservicestoe-mail:digitalsignaturesandmessageencryption.Digitalsignaturesverifysenderidentity,andencryptioncankeepcontentsprivateduringtransmission.Theseservicescanbeusedindependentlyofeachother,andprovidethefoundationalbasisformessagesecurity.

TheCMSdefinesastandardsyntaxfortransmittingcryptographicinformationaboutcontentsofaprotectedmessage.OriginallybasedonthePKCS#7version1.5specification,theCMSspecificationwasenhancedbytheIETFS/MIMEworkinggrouptoincludeoptionalsecuritycomponents.JustastheS/MIMEv3providesbackwardcompatibilitywithv2,CMSprovidesbackwardcompatibilitywithPKCS#7,soapplicationswillbeinteroperableevenifthenewcomponentsarenotimplementedinaspecificapplication.Integrity,authentication,andnonrepudiationsecurityfeaturesare

providedbyusingdigitalsignaturesusingtheSignedDatasyntaxdescribedbytheCMS.CMSalsodescribeswhatisknownastheEnvelopedDatasyntaxtoprovideconfidentialityofthemessage’scontentthroughtheuseofencryption.ThePKCS#7specificationsupportskeyencryptionalgorithms,suchasRSA.AlgorithmindependenceispromotedthroughtheadditionofseveralfieldstotheEnvelopedDatasyntaxinCMS,whichisthemajordifferencebetweenthePKCS#7andCMSspecifications.ThegoalwastobeabletosupportspecificalgorithmssuchasDiffie-HellmanandtheKeyExchangeAlgorithm(KEA),whichisimplementedontheFortezzaCryptoCarddevelopedfortheDoD.OnefinalsignificantchangetotheoriginalspecificationsistheabilitytoincludeX.509AttributeCertificatesintheSignedDataandEnvelopedDatasyntaxesforCMS.

CMSTriple-EncapsulatedMessageAninterestingfeatureofCMSistheabilitytonestsecurityenvelopestoprovideacombinationofsecurityfeatures.Asanexample,aCMStriple-encapsulatedmessagecanbecreatedinwhichtheoriginalcontentandassociatedattributesaresignedandencapsulatedwithintheinnerSigned-Dataobject.TheinnerSignedDataobjectisinturnencryptedandencapsulatedwithinanEnvelopedDataobject.TheresultingEnvelopedDataobjectisthenalsosignedandfinallyencapsulatedwithinasecondSignedDataobject,theouterSignedDataobject.UsuallytheinnerSignedDataobjectissignedbytheoriginaluserandtheouterSignedDataobjectissignedbyanotherentity,suchasafirewalloramaillistagent,

providinganadditionallevelofsecurity.ThistripleencapsulationisnotrequiredofeveryCMSobject.Allthatis

requiredisasingleSignedDataobjectcreatedbytheusertosignamessageoranEnvelopedDataobjectiftheuserdesiredtoencryptamessage.

OpenPGPisawidelyusede-mailencryptionstandard.Anonproprietaryprotocolforencryptinge-mailusingpublickeycryptography,itisbasedonPGPasoriginallydevelopedbyPhilZimmermann,andisdefinedbytheOpenPGPworkinggroupoftheIETFproposedstandardRFC4880.

PGPPrettyGoodPrivacy(PGP)isapopularprogramthatisusedtoencryptanddecrypte-mailandfiles.Italsoprovidestheabilitytodigitallysignamessagesothereceivercanbecertainofthesender’sidentity.Takentogether,encryptingandsigningamessageallowsthereceivertobeassuredofwhosentthemessageandtoknowthatitwasnotmodifiedduringtransmission.Public-domainversionsofPGPhavebeenavailableforyears,ashaveinexpensivecommercialversions.PGPwasoneofthemostwidelyusedprogramsandwasfrequentlyused

bybothindividualsandbusinessestoensuredataande-mailprivacy.ItwasdevelopedbyPhilipR.Zimmermannin1991andquicklybecameadefactostandardfore-mailsecurity.ThepopularityofPGPleadtotheOpenPGPInternetstandard,RFC4880,andopensourcesolutions.GNUPrivacyGuard(GPG)isacommonalternativetoPGPinusetoday.

TechTip

APGPPersonalNote

AfterdistributingPGPin1991,including(indirectly)internationally,ZimmermannbecameaformaltargetofacriminalinvestigationbytheU.S.governmentin1993forexportingmunitionswithoutalicense,becausecryptosystemsusingkeyslargerthan40bitswereconsidered“munitions”underU.S.exportlaw.ZimmermannproceededtopublishtheentiresourcecodeofPGPinahardbackbook,which,unlikesoftware,isprotectedfromexportlawsbytheFirstAmendmentoftheU.S.Constitution.TheinvestigationofZimmermannwasdroppedafterseveralyears.

HowPGPWorksPGPusesavariationofthestandardpublickeyencryptionprocess.Inpublickeyencryption,anindividual(herecalledthecreator)usestheencryptionprogramtocreateapairofkeys.Onekeyisknownasthepublickeyandisdesignedtobegivenfreelytoothers.Theotherkeyiscalledtheprivatekeyandisdesignedtobeknownonlybythecreator.Individualswhowanttosendaprivatemessagetothecreatorencryptthemessageusingthecreator’spublickey.Thealgorithmisdesignedsuchthatonlytheprivatekeycandecryptthemessage,soonlythecreatorwillbeabletodecryptit.Thismethod,knownaspublickeyorasymmetricencryption,istime

consuming.Symmetricencryptionusesonlyasinglekeyandisgenerallyfaster.ItisbecauseofthisthatPGPisdesignedthewayitis.PGPusesasymmetricencryptionalgorithmtoencryptthemessagetobesent.Itthenencryptsthesymmetrickeyusedtoencryptthismessagewiththepublickeyoftheintendedrecipient.Boththeencryptedkeyandmessagearethensent.Thereceiver’sversionofPGPfirstdecryptsthesymmetrickeywiththeprivatekeysuppliedbytherecipientandthenusestheresultingdecryptedkeytodecrypttherestofthemessage.PGPcanusetwodifferentpublickeyalgorithms:Rivest-Shamir-

Adleman(RSA)andDiffie-Hellman.TheRSAversionusestheInternationalDataEncryptionAlgorithm(IDEA)andashortsymmetrickeytoencryptthemessageandthenusesRSAtoencrypttheshortIDEAkeyusingtherecipient’spublickey.TheDiffie-HellmanversionusestheCarlisleAdamsandStaffordTavares(CAST)algorithmtoencryptthe

messageandtheDiffie-HellmanalgorithmtoencrypttheCASTkey.Todecryptthemessage,thereverseisperformed.TherecipientusestheirprivatekeytodecrypttheIDEAorCASTkey,andthenusesthatdecryptedkeytodecryptthemessage.ThesearebothillustratedinFigure7.9.

•Figure7.9HowPGPworksforencryption

Togenerateadigitalsignature,PGPtakesadvantageofanotherpropertyofpublickeyencryptionschemes.Normally,thesenderencryptsusingthereceiver’spublickeyandthemessageisdecryptedattheotherendusingthereceiver’sprivatekey.Theprocesscanbereversedsothatthesenderencrypts(signs)withhisownprivatekey.Thereceiverthendecryptsthemessagewiththesender’spublickey.Sincethesenderistheonlyindividualwhohasakeythatwillcorrectlybedecryptedwiththesender’spublickey,thereceiverknowsthatthemessagewascreatedbythesenderwhoclaimstohavesentit.ThewayPGPaccomplishesthistaskistogenerateahashvaluefromtheuser’snameandothersignatureinformation.Thishashvalueisthenencryptedwiththesender’sprivatekeyknownonlybythesender.Thereceiverusesthesender’spublickey,whichisavailabletoeveryone,todecryptthehashvalue.Ifthedecryptedhashvaluematchesthehashvaluesentasthedigitalsignatureforthemessage,thenthereceiverisassuredthatthemessagewassentbythesenderwhoclaimstohavesentit.Typically,versionsofPGPcontainauserinterfacethatworkswith

commone-mailprogramssuchasMicrosoftOutlook.Ifyouwantotherstobeabletosendyouanencryptedmessage,youneedtoregisteryourpublickey,generatedbyyourPGPprogram,withaPGPpublickeyserver.Alternatively,youhavetoeithersendyourpublickeytoallthosewhowanttosendyouanencryptedmessageorpostyourkeytosomelocationfromwhichtheycandownloadit,suchasyourwebpage.Notethatusingapublickeyserveristhebettermethod,forallthereasonsoftrustdescribedinthediscussionofPKIsinChapter6.

TechTip

WhereCanYouUsePGP?

FormanyyearstheU.S.governmentwagedafightovertheexportationofPGPtechnology,andformanyyearsitsexportationwasillegal.Today,however,PGP-encryptede-mailcanbeexchangedwithmostusersoutsidetheUnitedStates,andmanyversionsofPGPareavailablefromnumerousinternationalsites.Ofcourse,beingabletoexchangePGP-encryptede-mailrequiresthattheindividualsonbothsidesofthecommunicationhavevalidversionsofPGP.Interestingly,internationalversionsofPGParejustassecureasdomesticversions—afeaturethatisnottrueofotherencryptionproducts.ItshouldbenotedthatthefreewareversionsofPGParenotlicensedforcommercialpurposes.

HTTPSMostwebactivityoccursusingHTTP,butthisprotocolispronetointerception.HTTPSuseseitherSSLorTLStosecurethecommunicationchannel.OriginallydevelopedbyNetscapeCommunicationsandimplementedinitsbrowser,HTTPShassincebeenincorporatedintomostcommonbrowsers.HTTPSusesthestandardTCPport443forTCP/IPcommunicationsratherthanthestandardport80usedforHTTP.Aspreviouslydiscussed,becauseofvulnerabilitiesinSSL,onlyTLSisrecommendedforHTTPStoday.

IPsecIPsecisacollectionofIPsecurityfeaturesdesignedtointroducesecurityatthenetworkorpacket-processinglayerinnetworkcommunication.OtherapproacheshaveattemptedtoincorporatesecurityathigherlevelsoftheTCP/IPsuitesuchasatthelevelwhereapplicationsreside.IPsecisdesignedtoprovidesecureIPcommunicationsovertheInternet.Inessence,IPsecprovidesasecureversionoftheIPbyintroducingauthenticationandencryptiontoprotectLayer4protocols.IPsecisoptionalforIPv4butisrequiredforIPv6.Obviously,bothendsofthecommunicationneedtouseIPsecfortheencryption/decryptionprocesstooccur.IPsecprovidestwotypesofsecurityservicetoensureauthenticationand

confidentialityforeitherthedataalone(referredtoasIPsectransportmode)orforboththedataandheader(referredtoastunnelmode).SeeChapter11formoredetailontunnelingandIPsecoperation.IPsecintroducesseveralnewprotocols,includingtheAuthenticationHeader(AH),whichbasicallyprovidesauthenticationofthesender,andtheEncapsulatingSecurityPayload(ESP),whichaddsencryptionofthedatatoensureconfidentiality.IPsecalsoprovidesforpayloadcompressionbeforeencryptionusingtheIPPayloadCompressionProtocol(IPcomp).Frequently,encryptionnegativelyimpactstheabilityofcompressionalgorithmstofullycompressdatafortransmission.Byprovidingtheabilitytocompressthedatabeforeencryption,IPsecaddressesthisissue.

CEPCertificateEnrollmentProtocol(CEP)wasoriginallydevelopedbyVeriSignforCiscoSystems.Itwasdesignedtosupportcertificateissuance,distribution,andrevocationusingexistingtechnologies.ItsusehasgrowninclientandCAapplications.TheoperationssupportedincludeCAandRApublickeydistribution,certificateenrollment,certificaterevocation,certificatequery,andCRLquery.OneofthekeygoalsofCEPwastouseexistingtechnologywhenever

possible.ItusesbothPKCS#7(CryptographicMessageSyntaxStandard)andPKCS#10(CertificationRequestSyntaxStandard)todefineacommonmessagesyntax.ItsupportsaccesstocertificatesandCRLsusingeithertheLightweightDirectoryAccessProtocol(LDAP)ortheCEP-definedcertificatequery.

OtherStandardsTherearemanyadditionalstandardsassociatedwithinformationsecuritythatarenotspecificallyorsolelyassociatedwithPKIand/orcryptography.Theremainderofthechapterwillintroducethesestandardsandprotocols.

FIPSTheFederalInformationProcessingStandardsPublications(FIPSPUBSorsimplyFIPS)describevariousstandardsfordatacommunicationissues.ThesedocumentsareissuedbytheU.S.governmentthroughtheNationalInstituteofStandardsandTechnology(NIST),whichistaskedwiththeirdevelopment.NISTcreatesthesepublicationswhenacompellinggovernmentneedrequiresastandardforuseinareassuchassecurityorsysteminteroperabilityandnorecognizedindustrystandardexists.ThreecategoriesofFIPSPUBSarecurrentlymaintainedbyNIST:

Hardwareandsoftwarestandards/guidelines

Datastandards/guidelines

Computersecuritystandards/guidelines

ThesedocumentsrequirethatproductssoldtotheU.S.governmentcomplywithone(ormore)oftheFIPSstandards.Thestandardscanbeobtainedfromwww.nist.gov/itl/fips.cfm.

FIPS140-2relatestospecificcryptographicstandardsforthevalidationofcomponentsusedinU.S.governmentsystems.SystemscanbeaccreditedtotheFIPS140-2standardtodemonstratelevelsofsecurityfrom“approvedalgorithms”tohigherlevelsthatincludeadditionalprotectionsuptoandincludingphysicalsecurityandtamperproofmechanisms.

CommonCriteriaTheCommonCriteriaforInformationTechnologySecurity(CommonCriteriaorCC)istheresultofanefforttodevelopajointsetofsecurityprocessesandstandardsthatcanbeusedbytheinternationalcommunity.ThemajorcontributorstotheCCarethegovernmentsoftheUnitedStates,Canada,France,Germany,theNetherlands,andtheUnitedKingdom.The

CCalsoprovidesalistingoflaboratoriesthatapplythecriteriaintestingsecurityproducts.ProductsthatareevaluatedbyoneoftheapprovedlaboratoriesreceiveanEvaluationAssuranceLevelofEAL1throughEAL7(EAL7isthehighestlevel),withEAL4,forexample,designedforenvironmentsrequiringamoderatetohighlevelofindependentlyassuredsecurity,andEAL1beingdesignedforenvironmentsinwhichsomeconfidenceinthecorrectoperationofthesystemisrequiredbutwherethethreatstothesystemarenotconsideredserious.TheCCalsoprovidesalistingofproductsbyfunctionthathaveperformedataspecificEAL.

WTLSTheWirelessTransportLayerSecurity(WTLS)protocolisbasedontheTLSprotocol.WTLSprovidesreliabilityandsecurityforwirelesscommunicationsusingtheWirelessApplicationProtocol(WAP).WTLSisnecessaryduetothelimitedmemoryandprocessingabilitiesofWAP-enabledphones.WTLScanbeimplementedinoneofthreeclasses:Class1iscalled

anonymousauthenticationbutisnotdesignedforpracticaluse.Class2iscalledserverauthenticationandisthemostcommonmodel.Theclientsandservermayauthenticateusingdifferentmeans.Class3isserverandclientauthentication.InClass3authentication,theclient’sandserver’sWTLScertificatesareauthenticated.Class3isthestrongestformofauthenticationandencryption.

ISO/IEC27002(FormerlyISO17799)ISO/IEC27002isaverypopularanddetailedstandardforcreatingandimplementingsecuritypolicies.ISO/IEC27002wasformerlyISO17799,whichwasbasedonversion2oftheBritishStandard7799(BS7799)publishedinMay1999.Withtheincreasedemphasisplacedonsecurityinboththegovernmentandindustryinrecentyears,manyorganizationsarenowtrainingtheirauditpersonneltoevaluatetheirorganizationsagainst

theISO/IEC27002standard.Thestandardisdividedinto12sections,eachcontainingmoredetailedstatementsdescribingwhatisinvolvedforthattopic:

RiskassessmentDeterminetheimpactofrisksSecuritypolicyGuidanceandpolicyprovidedbymanagementOrganizationofinformationsecurityGovernancestructuretoimplementsecuritypolicy

AssetmanagementInventoryandclassificationofassetsHumanresourcessecurityPoliciesandproceduresaddressingsecurityforemployeesincludinghires,changes,anddepartures

PhysicalandenvironmentalsecurityProtectionofthecomputerfacilities

CommunicationsandoperationsmanagementManagementoftechnicalsecuritycontrolsinsystemsandnetworks

AccesscontrolRestrictionofaccessrightstonetworks,systems,applications,functions,anddata

Informationsystemsacquisition,development,andmaintenanceBuildingsecurityintoapplications

InformationsecurityincidentmanagementAnticipatingandrespondingappropriatelytoinformationsecuritybreaches

BusinesscontinuitymanagementProtecting,maintaining,andrecoveringbusiness-criticalprocessesandsystems

ComplianceEnsuringconformancewithinformationsecuritypolicies,standards,laws,andregulations

SAMLSecurityAssertionMarkupLanguage(SAML)isasinglesign-on

capabilityusedforwebapplicationstoensureuseridentitiescanbesharedandareprotected.Itdefinesstandardsforexchangingauthenticationandauthorizationdatabetweensecuritydomains.Itisbecomingincreasinglyimportantwithcloud-basedsolutionsandwithSoftware-as-a-Service(SaaS)applications,becauseitensuresinteroperabilityacrossidentityproviders.SAMLisanXML-basedprotocolthatusessecuritytokensand

assertionstopassinformationabouta“principal”(typicallyanenduser)withaSAMLauthority(an“identityprovider”orIdP)andtheserviceprovider(SP).TheprincipalrequestsaservicefromtheSPwhichthenrequestsandobtainsanidentityassertionfromtheIdP.TheSPcanthengrantaccessorperformtherequestedservicefortheprincipal.

Chapter7Review

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutPKIstandardsandprotocols.

IdentifythestandardsinvolvedinestablishinganinteroperableInternetPKI

PKIXandPKCSdefinethemostcommonlyusedPKIstandards.

PKIX,PKCS,X.509,ISAKMP,XKMS,andCMPcombinetoimplementPKI.

SSL/TLS,S/MIME,HTTPS,andIPsecareprotocolsthatusePKI.

ExplaininteroperabilityissueswithPKIstandards

Standardsandprotocolsareimportantbecausetheydefinethebasisfor

howcommunicationwilltakeplace.Theuseofstandardsandprotocolsprovidesacommon,interoperableenvironmentforsecurelyexchanginginformation.

Withoutthesestandardsandprotocols,twoentitiesmayindependentlydeveloptheirownmethodtoimplementthevariouscomponentsforaPKI,andthetwowillnotbecompatible.

OntheInternet,notbeingcompatibleandnotbeingabletocommunicateisnotanoption.

DescribehowthecommonInternetprotocolsimplementthePKIstandards

ThreemainstandardshaveevolvedovertimetoimplementPKIsontheInternet.

Twoofthemainstandardsarebasedonathirdstandard,theX.509standard,andestablishcomplementarystandardsforimplementingPKIs.ThesetwostandardsarePublicKeyInfrastructureX.509(PKIX)andPublicKeyCryptographyStandards(PKCS).

PKIXdefinesstandardsforinteractionsandoperationsforfourcomponenttypes:theuser(end-entity),certificateauthority(CA),registrationauthority(RA),andtherepositoryforcertificatesandcertificaterevocationlists(CRLs).

PKCSdefinesmanyofthelower-levelstandardsformessagesyntax,cryptographicalgorithms,andthelike.

ThereareotherprotocolsandstandardsthathelpdefinethemanagementandoperationofthePKIandrelatedservices,suchasISAKMP,XKMS,andCMP.

S/MIMEisusedtoencrypte-mail.

SSL,TLS,andWTLSareusedforsecurepackettransmission.

IPsecisusedtosupportvirtualprivatenetworks.

TheCommonCriteriaestablishesaseriesofcriteriafromwhichsecurityproductscanbeevaluated.

TheISO/IEC27002standardprovidesapointfromwhichsecuritypoliciesandpracticescanbedevelopedintwelveareas.

VarioustypesofpublicationsareavailablefromNISTsuchasthosefoundintheFIPSseries.

KeyTermscertificate(172)certificateauthority(CA)(169)certificaterevocationlist(CRL)(169)InternetSecurityAssociationandKeyManagementProtocol

(ISAKMP)(174)IPsec(182)PrettyGoodPrivacy(PGP)(180)publickeyinfrastructure(PKI)(167)Secure/MultipurposeInternetMailExtensions(S/MIME)(178)SecureSocketsLayer(SSL)(173)SecurityAssertionMarkupLanguage(SAML)(185)TransportLayerSecurity(TLS)(173)WirelessApplicationProtocol(WAP)(184)WirelessTransportLayerSecurity(WTLS)(184)X.509(172)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1._______________isaprotocolusedtosecureIPpacketsduring

transmissionacrossanetwork.Itoffersauthentication,integrity,andconfidentialityservices.ItusesAuthenticationHeaders(AHs)andEncapsulatingSecurityPayload(ESP)toaccomplishthisfunctionality.

2.Anencryptioncapabilitydesignedtoencryptabovethetransportlayer,enablingsecuresessionsbetweenhosts,iscalled______________.

3.A(n)_______________isanentitythatisresponsibleforissuingandrevokingcertificates.Thistermisalsoappliedtoserversoftwarethatprovidestheseservices.

4.Adigitallysignedobjectthatlistsallofthecurrentbutrevokedcertificatesissuedbyagivencertificateauthorityiscalledthe______________.Itallowsuserstoverifywhetheracertificateiscurrentlyvalideveniftheexpirationdatehasn’tpassed.

5._______________isaformatthathasbeenadoptedtostandardizedigitalcertificates.

6.Infrastructureforbindingapublickeytoaknownuserthroughatrustedintermediary,typicallyacertificateauthority,iscalledthe_______________.

7.The_______________isaprotocolframeworkthatdefinesthemechanicsofimplementingakeyexchangeprotocolandnegotiationofasecuritypolicy.

8.TheencryptionprotocolthatisusedonWirelessApplicationProtocol(WAP)networksiscalled_______________.

9.Aprotocolfortransmittingdatatosmallhandhelddeviceslikecellularphonesisthe_______________.

10._______________isapopularencryptionprogramthathastheabilitytoencryptanddigitallysigne-mailandfiles.

Multiple-ChoiceQuiz1.Whichofthefollowingisusedtograntpermissionsusingrule-

based,role-based,andrank-basedaccesscontrols?

A.AQualifiedCertificate

B.AControlCertificate

C.AnAttributeCertificate

D.AnOptionalCertificate

2.XKMSallowscertificatestobeallofthefollowingexcept:A.Created

B.Registered

C.Managed

D.Revoked

3.TransportLayerSecurityconsistsofwhichtwoprotocols?A.TheTLSRecordProtocolandTLSHandshakeProtocol

B.TheTLSRecordProtocolandTLSCertificateProtocol

C.TheTLSCertificateProtocolandTLSHandshakeProtocol

D.TheTLSKeyProtocolandTLSHandshakeProtocol

4.Whichofthefollowingprovidesamethodforimplementingakeyexchangeprotocol?

A.EISA

B.ISAKMP

C.ISA

D.ISAKEY

5.Whichofthefollowingisadetailedstandardforcreatingandimplementingsecuritypolicies?

A.PKIX

B.ISO/IEC27002

C.FIPS

D.X.509

6.Arelationshipwheretwoormoreentitiesdefinehowtheywillcommunicatesecurelyisknownaswhat?

A.Athree-wayhandshake

B.Asecurityassociation

C.Athree-wayagreement

D.Asecurityagreement

7.WhatisthepurposeofXKMS?A.Extendssessionassociationsovermanytransportprotocols

B.EncapsulatessessionassociationsoverTCP/IP

C.DefinesservicestomanageheterogeneousPKIoperationsviaXML

D.DesignedtoreplaceSSL

8.Whichofthefollowingisasecuree-mailstandard?A.POP3

B.IMAP

C.SMTP

D.S/MIME

9.WhichofthefollowingisajointsetofsecurityprocessesandstandardsusedbyapprovedlaboratoriestoawardanEvaluationAssuranceLevel(EAL)fromEAL1toEAL7?

A.CommonCriteria

B.FIPS

C.ISO17700

D.IEEEX.509

10.TransportLayerSecurityforHTTPuseswhatporttocommunicate?A.53

B.80

C.143

D.443

EssayQuiz1.YouaretheInformationSecurityOfficeratamedium-sized

company(1500employees).TheCIOhasaskedyoutoexplainwhyyourecommendusingcommercialPKIsratherthanimplementingsuchacapabilityin-housewiththesoftwaredevelopersyoualreadyhave.Writethreesuccinctsentencesthatwouldgetyourpointacrossandaddressthreekeyissues.

2.Imagineyouareawebdeveloperforasmalllocallyownedbusiness.ExplainwhenusingHTTPwouldbesatisfactoryandwhy,andexplainwhenyoushoulduseHTTPSandwhy.

3.Explaininyourownwordshow,byapplyingbothasymmetricandsymmetricencryption,yourbrowserusesTLStoprotecttheprivacyoftheinformationpassingbetweenyourbrowserandawebserver.

4.Itiswellunderstoodthatasymmetricencryptionconsumesmorecomputingresourcesthansymmetricencryption.ExplainhowPGPusesbothasymmetricandsymmetricencryptiontobebothsecureandefficient.

LabProjects

Notethatfortheselabprojects,itwouldbebesttohaveapartnersothatyoucaneachhaveyourownpairofpublic/privatekeystoconfirmtheoperationofPGP.

•LabProject7.1LoadeitheratrialversionofPGPorGnuPrivacyGuard(GPG).Installitandcreateapublic/privatekeypairforyourself.Createadocumentusingawordprocessorandencryptitusingthereceiver’spublickey.Sendittoapartner(oryourself)andthendecryptitusingthecorrespondingprivatekey.

•LabProject7.2CreateanotherdocumentdifferentfromtheoneusedinLabProject7.1.Thistimeuseyourprivatekeytodigitallysignthedocumentandsendittoapartner(oryourself)whocanthenusethepublickeytoconfirmthatitreallyisfromtheindicatedsender.

chapter8 PhysicalSecurity

Baseballis90percentmental,theotherhalfisphysical.

—YOGIBERRA

F

Inthischapter,youwilllearnhowto

Describehowphysicalsecuritydirectlyaffectscomputerandnetworksecurity

Discussstepsthatcanbetakentohelpmitigaterisks

Identifythedifferenttypesoffiresandthevariousfiresuppressionsystemsdesignedtolimitthedamagecausedbyfires

Explainelectronicaccesscontrolsandtheprinciplesofconvergence

ormosthomes,locksaretheprimarymeansofachievingphysicalsecurity,andalmosteveryonelocksthedoorstohisorherhomeuponleavingtheresidence.Somegoevenfurtherandsetupintrusionalarm

systemsinadditiontolocks.Alltheseprecautionsareconsiderednecessarybecausepeoplebelievetheyhavesomethingsignificantinsidethehousethatneedstobeprotected,suchasimportantpossessionsandimportantpeople.Physicalsecurityisanimportanttopicforbusinessesdealingwiththe

securityofnetworksandinformationsystems.Businessesareresponsibleforsecuringtheirprofitability,whichrequiressecuringacombinationofassets:employees,productinventory,tradesecrets,andstrategyinformation.Theseandotherimportantassetsaffecttheprofitabilityofacompanyanditsfuturesurvival.Companiesthereforeperformmanyactivitiestoattempttoprovidephysicalsecurity—lockingdoors,installingalarmsystems,usingsafes,postingsecurityguards,settingaccesscontrols,andmore.Mostcompaniestodayhaveinvestedalargeamountoftime,money,

andeffortinbothnetworksecurityandinformationsystemssecurity.Inthischapter,youwilllearnabouthowthestrategiesforsecuringthenetworkandforsecuringinformationsystemsarelinked,andyou’lllearnseveralmethodsbywhichcompaniescanminimizetheirexposuretophysicalsecurityeventsthatcandiminishtheirnetworksecurity.

TheSecurityProblemTheproblemthatfacesprofessionalschargedwithsecuringacompany’snetworkcanbestatedrathersimply:physicalaccessnegatesallothersecuritymeasures.Nomatterhowimpenetrablethefirewallandintrusiondetectionsystem(IDS),ifanattackercanfindawaytowalkuptoandtouchaserver,hecanbreakintoit.Considerthatmostnetworksecuritymeasuresare,fromnecessity,

directedatprotectingacompanyfromInternet-basedthreats.Consequently,alotofcompaniesallowanykindoftrafficonthelocalareanetwork(LAN).SoifanattackerattemptstogainaccesstoaserverovertheInternetandfails,hemaybeabletogainphysicalaccesstothereceptionist’smachineand,byquicklycompromisingit,useitasaremotelycontrolledzombietoattackwhatheisreallyafter.Figure8.1illustratestheuseofalower-privilegemachinetoobtainsensitiveinformation.Physicallysecuringinformationassetsdoesn’tmeanjusttheservers;itmeansprotectingphysicalaccesstoalltheorganization’scomputersanditsentirenetworkinfrastructure.

•Figure8.1Usingalower-privilegemachinetogetatsensitiveinformation

Physicalaccesstoacorporation’ssystemscanallowanattackertoperformanumberofinterestingactivities,startingwithsimplypluggingintoanopenEthernetjack.Theadventofhandhelddeviceswiththeabilitytorunoperatingsystemswithfullnetworkingsupporthasmadethisattackscenarioevenmorefeasible.Priortohandhelddevices,theattackerwouldhavetoworkinasecludedareawithdedicatedaccesstotheEthernetforatime.Theattackerwouldsitdownwithalaptopandrunavarietyoftoolsagainstthenetwork,andworkinginternallytypicallyputtheattackerinsidethefirewallandIDS.Today’scapablemobiledevicescanassisttheseeffortsbyallowingattackerstoplacethesmalldeviceontothenetworktoactasawirelessbridge,asshowninFigure8.2.

•Figure8.2Awirelessbridgecanallowremoteaccess.

Theattackercanthenusealaptoptoattackanetworkremotelyviathebridgefromoutsidethebuilding.IfpowerisavailableneartheEthernetjack,thistypeofattackcanalsobeaccomplishedwithanoff-the-shelfaccesspoint.Theattacker’sonlychallengeisfindinganEthernetjackthat

isn’tcoveredbyfurnitureorsomeotherobstruction.Anothersimpleattackthatcanbeusedwhenanattackerhasphysical

accessiscalledabootdisk.AnymediausedtobootacomputerintoanoperatingsystemthatisnotthenativeOSonitsharddrivecouldbeclassifiedasabootdisk.Thesecanbeintheformofafloppydisk,CD,DVD,oraUSBflashdrive.BeforebootableCDsorDVDswereavailable,abootfloppywasusedtostartthesystemandpreparetheharddrivestoloadtheoperatingsystem.Abootsourcecancontainanumberofprograms,butthemosttypicaloneswouldbeNTFSDOSorafloppy-basedLinuxdistributionthatcanbeusedtoperformanumberoftasks,includingmountingtheharddrivesandperformingatleastreadoperations,alldoneviascript.Onceanattackerisabletoreadaharddrive,thepasswordfilecanbecopiedoffthemachineforofflinepassword-crackingattacks.Ifwriteaccesstothedriveisobtained,theattackercouldalterthepasswordfileorplacearemote-controlprogramtobeexecutedautomaticallyuponthenextboot,guaranteeingcontinuedaccesstothemachine.Mostnewmachinesdonotincludefloppydrives,sothisattackisrapidlybeingreplacedbythesameconceptwithaUSBdevice,CD,orDVD.ThemostobviousmitigationistotelltheBIOSnottobootfromremovablemedia,butthistoohasissues.ThebootableCD-ROMsandDVD-ROMsareactuallymoreofathreat,

becausetheyarefrequentlyusedtocarryavarietyofsoftwareforupdatesandcanutilizethemuchgreaterstoragecapacityoftheCDorDVDmedia.Thiscapacitycanstoreanentireoperatingsystemandacompletetoolsetforavarietyoftasksormalware,sowhenupdatingviaCD/DVD,precautionsmustbetakentoensuretheveracityofthemedia.Thereareoperatingsystemdistributionsspecificallydesignedtorunthe

entiremachinefromanopticaldiscwithoutusingtheharddrive.ThesearecommonlyreferredtoasLiveCDs.ALiveCDcontainsabootableversionofanentireoperatingsystem,typicallyavariantofLinux,completewithdriversformostdevices.LiveCDsgiveanattackeragreaterarrayoftoolsthancouldbeloadedontoafloppydisk,suchasscanners,sniffers,vulnerabilityexploits,forensictools,driveimagers,passwordcrackers,

andsoon.Thesesetsoftoolsaretoonumeroustolisthereandarechangingeveryday.ThebestresourceistosearchtheInternetforpopularLiveCDdistributionslikeKali/Backtrack,knoppix,andPHLAK.AsamplecollectionofLiveCDsisshowninFigure8.3.

•Figure8.3AcollectionofsampleLiveCDs

Forexample,withaLiveCDanattackerwouldlikelyhaveaccesstotheharddiskandalsotoanoperationalnetworkinterfacethatwouldallow

himtosendthedrivedataovertheInternetifproperlyconnected.ThesebootableoperatingsystemscouldalsobecustombuilttocontainanytoolthatrunsunderLinux,allowinganattackertobuildastandardbootableattackimageorastandardbootableforensicimage,orsomethingcustomizedforthetoolshelikestouse.BootableUSBflashdrivesemulatethefunctionofaCD-ROMandprovideadevicethatisbothphysicallysmallerandlogicallylarger.CheapUSBflashdrivesarenowcommonlyavailablethatprovidegreaterthan32GBofstorage,withmoreexpensiveversionsstretchingthatcapacityto64,128,andeven256GB.Electronicminiaturizationhasmadethesedevicessmallenoughtobeunnoticed;arecentversionextendsonly5mmfromtheUSBport.Madebootable,thesedevicescancontainentirespecializedoperatingsystems,andunlikeabootableCD-ROM,thesedevicescanalsobewrittento,providinganoffloadpointforcollecteddataifanattackerchoosestoleavethedeviceandreturnlater.

TryThis!CreateaBootdiskBootdisksallowyoutobootacomputertothediskratherthantheOSthatisontheharddrive.Createabootdiskforyourownpersonalcomputer.ThestepsdifferbetweendifferentOSsanddependinguponthemediathatyouwishtomakebootable.PerformalittleresearchtodeterminethecorrectprocedureforyourOSandgiveitatry.MakeabootableCD/DVDorUSBflashdrive.

ThesetypesofdeviceshavespawnedanewkindofattackinwhichaCD,DVD,orflashdriveisleftinanopportunisticplacewheremembersofatargetorganizationmaypickupandusethem.ThisCD/DVDorflashdriveistypicallyloadedwithmalwareandisreferredtoasaroadapple.Theattackreliesoncuriouspeopletoplugthedeviceintotheirworkcomputertoseewhat’sonit.Occasionallytheattackermayalsotrytotemptthepasserbywithenticingdescriptionslike“EmployeeSalaries”orevensomethingassimpleas“Confidential.”OnceauserloadstheCD/DVDorflashdrive,themalwarewillattempttoinfectthemachine.

Driveimagingistheprocessofcopyingtheentirecontentsofaharddrivetoasinglefileonadifferentmedia.Thisprocessisoftenusedbypeoplewhoperformforensicinvestigationsofcomputers.Typically,abootablemediaisusedtostartthecomputerandloadthedriveimagingsoftware.Thissoftwareisdesignedtomakeabit-by-bitcopyoftheharddriveinafileonanothermedia,usuallyanotherharddriveorCD-R/DVD-Rmedia.Driveimagingisusedininvestigationstomakeanexactcopythatcanbeobservedandtakenapart,whilekeepingtheoriginalexactlyasitwasforevidencepurposes.

ExamTip:Driveimagingisathreatbecauseallexistingaccesscontrolstodatacanbebypassedandallthedatastoredonthedrivecanbereadfromtheimage.

Fromanattacker’sperspective,driveimagingsoftwareisusefulbecauseitpullsallinformationfromacomputer’sharddrivewhilestillleavingthemachineinitsoriginalstate.Theinformationcontainseverybitofdatathatisonthecomputer:anylocallystoreddocuments,locallystorede-mails,andeveryotherpieceofinformationthattheharddrivecontains.Thisdatacouldbeveryvaluableifthemachineholdssensitiveinformationaboutthecompany.Physicalaccessisthemostcommonwayofimagingadrive,andthe

biggestbenefitfortheattackeristhatdriveimagingleavesabsolutelynotraceofthecrime.Besidesphysicallysecuringaccesstoyourcomputers,youcandoverylittletopreventdriveimaging,butyoucanminimizeitsimpact.Theuseofencryptionevenforafewimportantfilesprovidesprotection.Fullencryptionofthedriveprotectsallfilesstoredonit.Alternatively,placingfilesonacentralizedfileserverkeepsthemfrombeingimagedfromanindividualmachine,butifanattackerisabletoimagethefileserver,thedatawillbecopied.

CrossCheckForensicImagesWhentakingaforensic-basedimage,itisimportanttofollowproperforensicprocedurestoensuretheevidenceisproperlysecured.ForensicprocessesandproceduresarecoveredindetailinChapter23.

TechTip

EncryptiontoTPM-BasedKeysManycomputersnowcomewithasecuritychipthatfollowstheTrustedPlatformModulestandard.ThisTPMchipallowsforthecreationandstorageofencryptionkeys.Oneofthestrengthsassociatedwiththislevelofsecurityisthatifacopyofadrive,oreventhedriveitself,isstolen,thecontentsareunusablewithoutthekey.Havingthiskeylockedinhardwarepreventshackersfromstealingacopyofthekeyfromamemorylocation.

Adenial-of-service(DoS)attackcanalsobeperformedwithphysicalaccess.Physicalaccesstothecomputerscanbemuchmoreeffectivethananetwork-basedDoSattack.Stealingacomputer,usingabootdisktoerasealldataonthedrives,orsimplyunpluggingcomputersarealleffectiveDoSattacks.Dependingonthecompany’squalityandfrequencyofbackingupcriticalsystems,aDoSattackusingthesemethodscanhavelastingeffects.Physicalaccesscannegatealmostallthesecuritythatthenetwork

attemptstoprovide.Consideringthis,youmustdeterminethelevelofphysicalaccessthatattackersmightobtain.Ofspecialconsiderationarepersonswithauthorizedaccesstothebuildingbutwhoarenotauthorizedusersofthesystems.Janitorialpersonnelandothershaveauthorizedaccesstomanyareas,buttheydonothaveauthorizedsystemaccess.Anattackercouldposeasoneoftheseindividualsorattempttogainaccesstothefacilitiesthroughthem.

PhysicalSecuritySafeguardsWhileitisdifficult,ifnotimpossible,tomakeanorganization’scomputersystemstotallysecure,manystepscanbetakentomitigatetherisktoinformationsystemsfromaphysicalthreat.Thefollowingsectionsdiscussaccesscontrolmethodsandphysicalsecuritypoliciesandproceduresthatshouldbeimplemented.

WallsandGuardsTheprimarydefenseagainstamajorityofphysicalattacksarethebarriersbetweentheassetsandapotentialattacker—walls,fences,gates,anddoors.Someorganizationsalsoemployfull-orpart-timeprivatesecuritystafftoattempttoprotecttheirassets.Thesebarriersprovidethefoundationuponwhichallothersecurityinitiativesarebased,butthesecuritymustbedesignedcarefully,asanattackerhastofindonlyasinglegaptogainaccess.

ExamTip:Allentrypointstoserverroomsandwiringclosetsshouldbecloselycontrolled,and,ifpossible,accessshouldbeloggedthroughanaccesscontrolsystem.

Wallsmayhavebeenoneofthefirstinventionsofman.Oncehelearnedtousenaturalobstaclessuchasmountainstoseparatehimfromhisenemy,henextlearnedtobuildhisownmountainforthesamepurpose.Hadrian’sWallinEngland,theGreatWallofChina,andtheBerlinWallareallfamousexamplesofsuchbasicphysicaldefenses.Thewallsofanybuildingservethesamepurpose,butonasmallerscale:theyprovidebarrierstophysicalaccesstocompanyassets.Bollardsaresmallandroundconcretepillarsthatareconstructedandplacedaroundabuildingtoprotectitfrombeingdamagedbysomeonedrivingavehicleintothesideofthebuilding,orgettingcloseandusingacarbomb.

Toprotectthephysicalservers,youmustlookinalldirections:Doorsandwindowsshouldbesafeguardedandaminimumnumberofeachshouldbeusedinaserverroom.Lessobviousentrypointsshouldalsobeconsidered:Isadropceilingusedintheserverroom?Dotheinteriorwallsextendtotheactualroof,raisedfloors,orcrawlspaces?Accesstotheserverroomshouldbelimitedtothepeoplewhoneedaccess,nottoallemployeesoftheorganization.Ifyouaregoingtouseawalltoprotectanasset,makesurenoobviousholesappearinthatwall.

Anothermethodofpreventingsurreptitiousaccessisthroughtheuseofwindows.Manyhigh-securityareashaveasignificantnumberofwindowssothatpeople’sactivitieswithintheareacan’tbehidden.Aclosedserverroomwithnowindowsmakesforaquietplaceforsomeonetoachievephysicalaccesstoadevicewithoutworryofbeingseen.Windowsremovethisprivacyelementthatmanycriminalsdependupontoachievetheirentryandillicitactivities.Toomanywindowsmakesiteasytoshouldersurf—balanceisthekey,

FencesOutsideofthebuilding’swalls,manyorganizationsprefertohaveaperimeterfenceasaphysicalfirstlayerofdefense.Chain-link-typefencingismostcommonlyused,anditcanbeenhancedwithbarbedwire.Anti-scalefencing,whichlookslikeverytallverticalpolesplacedclosetogethertoformafence,isusedforhigh-securityimplementationsthatrequireadditionalscaleandtamperresistance.Toincreasesecurityagainstphysicalintrusion,higherfencescanbe

employed.Afencethatisthreetofourfeetinheightwilldetercasualoraccidentaltrespassers.Sixtosevenfeetwilldeterageneralintruder.Todetermoredeterminedintruders,aminimumheightofeightfeetisrecommendedwiththeadditionofbarbedwireorrazorwireontopforextremelevelsofdeterrence.

Guards

Guardsprovideanexcellentsecuritymeasure,becauseguardsareavisiblepresencewithdirectresponsibilityforsecurity.Otheremployeesexpectsecurityguardstobehaveacertainwaywithregardtosecuringthefacility.Guardstypicallymonitorentrancesandexitsandcanmaintainaccesslogsofwhohasenteredanddepartedthebuilding.Inmanyorganizations,everyonewhopassesthroughsecurityasavisitormustsignthelog,whichcanbeusefulintracingwhowasatwhatlocationandwhy.

Thebiggerchallengeassociatedwithcapturingsurveillanceactivitiesorotherattemptedbreak-ineffortsistheirclandestinenature.Theseeffortsaredesignedtobeaslowprofileandnonobviousaspossibletoincreasethechancesofsuccess.Trainingandawarenessisnecessarynotjustforsecuritypersonnelbutforallpersonnel.Ifanemployeehearsmultipleextensionsallstartringinginthemiddleofthenight,dotheyknowwhotonotify?Ifasecurityguardnotessuchactivity,howdoesthisinformationgetreportedtothecorrectteam?

Securitypersonnelarehelpfulinphysicallysecuringthemachinesonwhichinformationassetsreside,buttogetthemostbenefitfromtheirpresence,theymustbetrainedtotakeaholisticapproachtosecurity.Thevalueofdatatypicallycanbemanytimesthatofthemachinesonwhichthedataisstored.Securityguardstypicallyarenotcomputersecurityexperts,sotheyneedtobeeducatedaboutthevalueofthedataandbetrainedinnetworksecurityaswellasphysicalsecurityinvolvingusers.Theyarethecompany’seyesandearsforsuspiciousactivity,sothenetworksecuritydepartmentneedstotrainthemtonoticesuspiciousnetworkactivityaswell.Multipleextensionsringinginsequenceduringthenight,computersrebootingallatonce,orstrangepeopleparkedintheparkinglotwithlaptopcomputersareallindicatorsofanetworkattackthatmightbemissedwithoutpropertraining.Manytraditionalphysicalsecuritytoolssuchasaccesscontrolsand

CCTVcamerasystemsaretransitioningfromclosedhardwiredsystemstoEthernet-andIP-basedsystems.Thistransitionopensupthedevicestonetworkattackstraditionallyperformedoncomputers.WithphysicalsecuritysystemsbeingimplementedusingtheIPnetwork,everyonein

physicalsecuritymustbecomesmarteraboutnetworksecurity.

PhysicalAccessControlsandMonitoringPhysicalaccesscontrolmeanscontrolofdoorsandentrypoints.Thedesignandconstructionofalltypesofaccesscontrolsystems,aswellasthephysicalbarrierstowhichtheyaremostcomplementary,arefullydiscussedinothertexts.Here,weexploreafewimportantpointstohelpyousafeguardtheinformationinfrastructure,especiallywhereitmeetswiththephysicalaccesscontrolsystem.Thissectiontalksaboutphysicallocks,layeredaccesssystems,andelectronicaccesscontrolsystems.Italsodiscussesclosedcircuittelevision(CCTV)systemsandtheimplicationsofdifferentCCTVsystemtypes.

LocksLockshavebeendiscussedasaprimaryelementofsecurity.Althoughlockshavebeenusedforhundredsofyears,theirdesignhasnotchangedmuch:ametal“token”isusedtoalignpinsinamechanicaldevice.Asallmechanicaldeviceshavetolerances,itispossibletosneakthroughthesetolerancesby“picking”thelock.Mostlockscanbeeasilypickedwithsimpletools,someofwhichareshowninFigure8.4.

•Figure8.4Lockpickingtools

Aswehumansarealwaystryingtobuildabettermousetrap,high-securitylockshavebeendesignedtodefeatattacks,suchastheoneshowninFigure8.5;theselocksaremoresophisticatedthanastandardhomedeadboltsystem.Typicallyfoundincommercialapplicationsthatrequirehighsecurity,theselocksaremadetoresistpickinganddrilling,aswellasothercommonattackssuchassimplypoundingthelockthroughthedoor.Anothercommonfeatureofhigh-securitylocksiskeycontrol,whichreferstotherestrictionsplacedonmakingacopyofthekey.Formostresidentiallocks,atriptothehardwarestorewillallowyoutomakeacopyofthekey.Keycontrollocksusepatentedkeywaysthatcanonlybecopiedatalocksmith,whowillkeeprecordsonauthorizedusersofaparticularkey.

•Figure8.5Ahigh-securitylockanditskey

High-endlocksecurityismoreimportantnowthatattackssuchas“bumpkeys”arewellknownandwidelyavailable.Abumpkeyisakeycutwithallnotchestothemaximumdepth,alsoknownas“allnines.”Thiskeyusesatechniquethathasbeenaroundalongtime,buthasrecentlygainedalotofpopularity.Thekeyisinsertedintothelockandthensharplystruck,bouncingthelockpinsupabovetheshearlineandallowingthelocktoopen.High-securitylocksattempttopreventthistypeofattackthroughvariousmechanicalmeanssuchasnontraditionalpinlayout,sidebars,andevenmagnetickeys.Otherphysicallocksincludeprogrammableorcipherlocks;lockswitha

keypadthatrequireacombinationofkeystoopenthelock;andlockswithareaderthatrequireanaccesscardtoopenthelock.Thesemayhavespecialoptionssuchasahostagealarm(supportakeycombinationtotriggeranalarm).Master-keying(supportkeycombinationstochangetheaccesscodeandconfigurethefunctionsofthelock)andkey-overridefunctions(supportkeycombinationstooverridetheusualprocedures)arealsooptionsonhigh-endprogrammablelocks.

ExamTip:Layeredaccessisaformofdefenseindepth,aprinciplecomponentofanystrongsecuritysolution.

Devicelocksareusedtolockadevicetoaphysicalrestraint,preventingitsremoval.Anothermethodofsecuringlaptopsandmobiledevicesisacabletrap,whichallowsausertoaffixacablelocktoasecurestructure.

LayeredAccessLayeredaccessisanimportantconceptinsecurity.Itisoftenmentionedinconversationsaboutnetworksecurityperimeters,butinthischapteritrelatestotheconceptofphysicalsecurityperimeters.Tohelppreventanattackerfromgainingaccesstoimportantassets,theseassetsshouldbeplacedinsidemultipleperimeters.Serversshouldbeplacedinaseparatesecurearea,ideallywithaseparateauthenticationmechanism.Forexample,ifanorganizationhasanelectronicdoorcontrolsystemusingcontactlessaccesscards(suchastheexampleshowninFigure8.6)aswellasakeypad,acombinationofthecardandaseparatePINcodewouldberequiredtoopenthedoortotheserverroom.

•Figure8.6Contactlessaccesscardsactasmodernkeystoabuilding.

Accesstotheserverroomshouldbelimitedtostaffwithalegitimateneedtoworkontheservers.Tolayertheprotection,theareasurrounding

theserverroomshouldalsobelimitedtopeoplewhoneedtoworkinthatarea.

ElectronicAccessControlSystemsManyorganizationsuseelectronicaccesscontrolsystemstocontroltheopeningofdoors.Theuseofproximityreadersandcontactlessaccesscardsprovidesuserinformationtothecontrolpanel.Doorwaysareelectronicallycontrolledviaelectronicdoorstrikesandmagneticlocks.Thesedevicesrelyonanelectronicsignalfromthecontrolpaneltoreleasethemechanismthatkeepsthedoorclosed.Thesedevicesareintegratedintoanaccesscontrolsystemthatcontrolsandlogsentryintoallthedoorsconnectedtoit,typicallythroughtheuseofaccesstokens.Securityisimprovedbyhavingacentralizedsystemthatcaninstantlygrantorrefuseaccessbaseduponaccesslistsandthereadingofatokenthatisgiventotheuser.Thiskindofsystemalsologsuseraccess,providingnonrepudiationofaspecificuser’spresenceinacontrolledenvironment.Thesystemwillallowloggingofpersonnelentry,auditingofpersonnelmovements,andreal-timemonitoringoftheaccesscontrols.

ExamTip:Amantrapdoorarrangementcanpreventunauthorizedpeoplefromfollowingauthorizedusersthroughanaccess-controlleddoor,whichisalsoknownas“tailgating.”

Onecautionaboutthesekindsofsystemsisthattheyusuallyworkwithasoftwarepackagethatrunsonacomputer,andassuchthiscomputershouldnotbeattachedtothecompanynetwork.Whileattachingittothenetworkcanalloweasyadministration,thelastthingyouwantisforanattackertohavecontrolofthesystemthatallowsphysicalaccesstoyourfacility.Withthiscontrol,anattackercouldinputtheIDofabadgethatsheowns,allowingfull,legitimateaccesstoanareathesystemcontrols.Anotherproblemwithsuchasystemisthatitlogsonlythepersonwhoinitiallyusedthecardtoopenthedoor—sonologsexistfordoorsthatare

proppedopentoallowothersaccess,orofpeople“tailgating”throughadooropenedwithacard.Theimplementationofamantrapisonewaytocombattailgating.Amantrapcomprisestwodoorscloselyspacedthatrequiretheusertocardthroughoneandthentheothersequentially.Mantrapsmakeitnearlyimpossibletotrailthroughadoorwayundetected—ifyouhappentocatchthefirstdoor,youwillbetrappedinbytheseconddoor.

DoorsDoorstosecuredareasshouldhavecharacteristicstomakethemlessobvious.Theyshouldhavesimilarappearancetotheotherdoorstoavoidcatchingtheattentionofintruders.Securitydoorsshouldbeself-closingandhavenohold-openfeature.Theyshouldtriggeralarmsiftheyareforciblyopenedorhavebeenheldopenforalongperiod.

ExamTip:Afail-soft(orfail-safe)lockisunlockedinapowerinterruption.Afail-securelockislockedinapowerinterruption.

Doorsystems,likemanysystems,havetwodesignmethodologies:fail-safeorfail-secure.Whilefail-safeisacommonenoughphrasetohaveenteredthelexicon,thinkaboutwhatitreallymeans—beingsafewhenasystemfails.Inthecaseoftheseelectronicdoorsystems,fail-safemeansthatthedoorisunlockedshouldpowerfail.Tofail-securemeansthatthesystemwilllockthedoorwhenpowerislost.Thiscanalsoapplywhendoorsystemsaremanuallybypassed.Itisimportanttoknowhoweachdoorwillreacttoasystemfailure,notonlyforsecuritybutalsoforfirecodecompliance,asfail-secureisnotallowedforcertaindoorsinabuilding.

Cameras

Closedcircuittelevision(CCTV)camerasaresimilartothedoorcontrolsystems—theycanbeveryeffective,buthowtheyareimplementedisanimportantconsideration.TheuseofCCTVcamerasforsurveillancepurposesdatesbacktoatleast1961,whencameraswereinstalledintheLondonTransporttrainstation.ThedevelopmentofsmallerandmoresophisticatedcameracomponentsanddecreasingpricesforthecamerashavecausedaboonintheCCTVindustrysincethen.CCTVcamerasareusedtomonitoraworkplaceforsecuritypurposes.

Thesesystemsarecommonplaceinbanksandjewelrystores,placeswithhigh-valuemerchandisethatisattractivetothieves.Astheexpenseofthesesystemsdropped,theybecamepracticalformanymoreindustrysegments.Traditionalcamerasareanalogbasedandrequireavideomultiplexertocombineallthesignalsandmakemultipleviewsappearonamonitor.IP-basedcamerasarechangingthat,asmostofthemarestandaloneunitsviewablethroughawebbrowser,suchasthecamerashowninFigure8.7.

•Figure8.7IP-basedcamerasleverageexistingIPnetworksinsteadofneedingaproprietaryCCTVcable.

TechTip

PTZCamerasPan-tilt-zoom(PTZ)camerasarecamerasthathavethefunctionalitytoenablecameramovementinmultipleaxes,aswellastheabilitytozoominonanitem.Thesecamerasprovideadditionalcapability,especiallyinsituationswherethevideoismonitoredandthe

monitoringstationcanmaneuverthecamera.

TheseIP-basedsystemsaddusefulfunctionality,suchastheabilitytocheckonthebuildingfromtheInternet.Thisnetworkfunctionality,however,makesthecamerassubjecttonormalIP-basednetworkattacks.ADoSattacklaunchedattheCCTVsystemjustasabreak-inisoccurringisthelastthingthatanyonewouldwant(otherthanthecriminals).Forthisreason,IP-basedCCTVcamerasshouldbeplacedontheirownseparatenetworkthatcanbeaccessedonlybysecuritypersonnel.ThesamephysicalseparationappliestoanyIP-basedcamerainfrastructure.Oldertime-lapsetaperecordersareslowlybeingreplacedwithdigitalvideorecorders.Whiletheadvanceintechnologyissignificant,becarefulifandwhenthesedevicesbecomeIP-enabled,sincetheywillbecomeasecurityissue,justlikeeverythingelsethattouchesthenetwork.IfyoudependontheCCTVsystemtoprotectyourorganization’s

assets,carefullyconsidercameraplacementandthetypeofcamerasused.Differentiristypes,focallengths,andcolororinfraredcapabilitiesarealloptionsthatmakeonecamerasuperiortoanotherinaspecificlocation.

AlarmsThereareseveraltypesofalarmsystems.Localalarmsystemsringonlylocally.Acentralstationsystemisonewherealarms(andCCTV)aremonitoredbyacentralstation.Manyalarmswillhaveauxiliaryorsecondaryreportingfunctionstolocalpoliceorfiredepartments.Alarmsworkbyalertingpersonneltothetriggeringofspecificmonitoringcontrols.Typicalcontrolsincludethefollowing:

Drycontactswitchesusemetallicfoiltapeasacontactdetectortodetectwhetheradoororwindowisopened.

Electro-mechanicaldetectionsystemsdetectachangeorbreakinacircuit.Theycanbeusedasacontactdetectortodetectwhetheradoororwindowisopened.

Vibrationdetectionsystemsdetectmovementonwalls,ceiling,floors,andsoforthbyvibration.

Pressurematsdetectwhethersomeoneissteppingonthemat.

Photoelectricorphotometricdetectionsystemsemitabeamoflightandmonitorthebeamtodetectformotionandbreak-in.

Wavepatternmotiondetectorsgeneratemicrowaveorultrasonicwaveandmonitortheemittedwavestodetectformotion.

Passiveinfrareddetectionsystemsdetectchangesofheatwavesgeneratedbyanintruder.

Audiooracoustical-seismicdetectionsystemslistenforchangesinnoiselevels.

Proximitydetectorsorcapacitancedetectorsemitamagneticfieldandmonitorthefieldtodetectanyinterruption.

ConvergenceThereisatrendtoconvergeelementsofphysicalandinformationsecuritytoimproveidentificationofunauthorizedactivityonnetworks.Ifaaccesscontrolsystemisaskedtoapproveaccesstoaninsiderusinganoutsideaddress,yetthephysicalsecuritysystemidentifiesthemasbeinginthebuilding,thenananomalyexistsandshouldbeinvestigated.Thistrendiscalledconvergenceandcansignificantlyimprovedefensesagainstclonedcredentials.

PoliciesandProceduresApolicy’seffectivenessdependsonthecultureofanorganization,soallofthepoliciesmentionedhereshouldbefollowedupbyfunctionalproceduresthataredesignedtoimplementthem.Physicalsecuritypoliciesandproceduresrelatetotwodistinctareas:thosethataffectthecomputersthemselvesandthosethataffectusers.

Tomitigatetherisktocomputers,physicalsecurityneedstobeextendedtothecomputersthemselves.Tocombatthethreatofbootdisks,beginbyremovingordisablingtheabilityofasystemtoautomaticallyplayconnecteddevices,suchasUSBflashdrives.Otheractivitiesthattypicallyrequirephysicalpresenceshouldbeprotected,suchasaccesstoasystem’sBIOSatbootup.

TryThis!ExploringYourBIOSSettingsNexttimeyoubootyourPC,exploretheBIOSsettings.Usually,pressingtheF2keyimmediatelyonpower-upwillallowyoutoentertheBIOSsetupscreens.MostPCswillalsohaveabrieftimewhentheypromptfor“Setup”andgiveakeytopress,mostcommonlyF2,orF12.Exploreelementssuchasthebootorderfordevices,optionsforaddingpasswords,andotheroptions.Forsafety,donotsavechangesunlessyouareabsolutelycertainthatyouwanttomakethosechangesandareawareoftheconsequences.Topreventanattackerfromeditingthebootorder,youshouldsetBIOSpasswords.

BIOSAsafeguardthatcanbeemployedistheremovalofremovablemediadevicesfromthebootsequenceinthecomputer’sBIOS(basicinput/outputsystem).ThespecificsofthisoperationdependontheBIOSsoftwareoftheindividualmachine.ArelatedstepthatmustbetakenistosetaBIOSpassword.NearlyallBIOSsoftwarewillsupportpasswordprotectionthatallowsyoutobootthemachinebutrequiresapasswordtoeditanyBIOSsettings.WhiledisablingtheopticaldriveandsettingaBIOSpasswordarebothgoodmeasures,donotdependonthisstrategyexclusivelybecause,insomecases,BIOSmanufacturerswillhaveadefaultBIOSpasswordthatstillworks.

DependinguponBIOSpasswordsisalsonotaguaranteedsecuritymeasure.Formanymachines,

itistrivialtoremoveandthenreplacetheBIOSbattery,whichwillresettheBIOStothe“nopassword”ordefaultpasswordstate.

UEFIUnifiedExtensibleFirmwareInterface(UEFI)isastandardfirmwareinterfaceforPCs,designedtoreplaceBIOS.SupportedbyMacOSX,Linux(laterversions),andWindows8andbeyond,UEFIofferssomesignificantsecurityadvantages.UEFIhasafunctionalityknownassecureboot,whichallowsonlydigitallysigneddriversandOSloaderstobeusedduringthebootprocess,preventingbootkitattacks.AsUEFIisreplacingBIOS,andhasadditionalcharacteristics,itisimportanttokeeppoliciesandprocedurescurrentwiththeadvancementoftechnology.

ExamTip:USBdevicescanbeusedtoinjectmaliciouscodeontoanymachinetowhichtheyareattached.Theycanbeusedtotransportmaliciouscodefrommachinetomachinewithoutusingthenetwork.

USBUSBportshavegreatlyexpandedusers’abilitytoconnectdevicestotheircomputers.USBportsautomaticallyrecognizeadevicebeingpluggedintothesystemandusuallyworkwithouttheuserneedingtoadddriversorconfiguresoftware.ThishasspawnedalegionofUSBdevices,fromMP3playerstoCDburners.Themostinterestingofthese,forsecuritypurposes,aretheUSBflash

memory–basedstoragedevices.USBdrivekeys,whicharebasicallyflashmemorywithaUSBinterfaceinadevicetypicallyaboutthesizeofyourthumb,provideawaytomovefileseasilyfromcomputertocomputer.WhenpluggedintoaUSBport,thesedevicesautomountandbehavelikeanyotherdriveattachedtothecomputer.Theirsmallsizeandrelativelylargecapacity,coupledwithinstantread-writeability,presentsecurity

problems.Theycaneasilybeusedbyanindividualwithmaliciousintenttoconcealtheremovaloffilesordatafromthebuildingortobringmaliciousfilesintothebuildingandontothecompanynetwork.

Laptopsandtabletsarepopulartargetsforthievesandshouldbelockedinsideadeskwhennotinuse,orsecuredwithspecialcomputerlockdowncables.Ifdesktoptowersareused,usecomputerdesksthatprovideaspaceinwhichtolockthecomputer.Allofthesemeasurescanimprovethephysicalsecurityofthecomputersthemselves,butmostofthemcanbedefeatedbyattackersifusersarenotknowledgeableaboutthesecurityprogramanddonotfollowit.

Inaddition,well-intentioneduserscouldaccidentallyintroducemaliciouscodefromUSBdevicesbyusingthemonaninfectedhomemachineandthenbringingtheinfecteddevicetotheoffice,allowingthemalwaretobypassperimeterprotectionsandpossiblyinfecttheorganization.IfUSBdevicesareallowed,aggressivevirusscanningshouldbeimplementedthroughouttheorganization.ThedevicescanbedisallowedviaActiveDirectorypolicysettingsorwithaWindowsRegistrykeyentry.USBcanalsobecompletelydisabled,eitherthroughBIOSsettingsorbyunloadinganddisablingtheUSBdriversfromusers’machines,eitherofwhichwillstopallUSBdevicesfromworking—however,doingthiscancreatemoretroubleifusershaveUSBkeyboardsandmice.TherearetwocommonwaystodisableUSBsupportinaWindowssystem.Onoldersystems,editingtheRegistrykeyisprobablythemosteffectivesolutionforuserswhoarenotauthorizedtousethesedevices.Onnewersystems,thebestwayisthroughGroupPolicyinadomainorthroughtheLocalSecurityPolicyMMConastand-alonebox.

AutoplayAnotherbootdevicetoconsideristheCD/DVDdrive.Thisdevicecanprobablyalsoberemovedfromordisabledonanumberofmachines.ADVDnotonlycanbeusedasabootdevice,butalsocanbeexploitedvia

theautoplayfeaturethatsomeoperatingsystemssupport.Autoplaywasdesignedasaconvenienceforusers,sothatwhenaCD/DVDorUSBcontaininganapplicationisinserted,thecomputerinstantlypromptsforinputversusrequiringtheusertoexplorethedevicefilesystemandfindtheexecutablefile.Unfortunately,sincetheautoplayfunctionalityrunsanexecutable,itcanbeprogrammedtodoanythinganattackerwants.Ifanautoplayexecutableismalicious,itcouldallowanattackertogainremotecontrolofthemachine.Figure8.8illustratesanautoplaymessagepromptinWindows,givingauseratleastminimalcontroloverwhethertorunanitemornot.

•Figure8.8AutoplayonaWindowssystem

Sincetheopticaldrivecanbeusedasabootdevice,aDVDloadedwith

itsownoperatingsystem(calledaLiveCD,introducedearlierinthechapter)couldbeusedtobootthecomputerwithmalicioussystemcode(seeFigure8.9).Thisseparateoperatingsystemwillbypassanypasswordsonthehostmachineandcanaccesslocallystoredfiles.

•Figure8.9ALiveCDbootsitsownOSandbypassesanybuilt-insecurityofthenativeoperatingsystem.

TechTip

DisablingtheAutoplayFeatureinWindowsDisablingtheautoplayfeatureisaneasytaskusingLocalGroupPolicyEditorinWindows.SimplylaunchtheLocalGroupPolicyEditor(gpedit.msc)andnavigatetothislocation:

ComputerConfiguration>AdministrativeTemplates>WindowsComponents>AutoPlayPolicies

DeviceTheftTheoutrighttheftofacomputerisasimplephysicalattack.Thisattackcanbemitigatedinanumberofways,butthemosteffectivemethodistolockupequipmentthatcontainsimportantdata.Insurancecancoverthelossofthephysicalequipment,butthiscandolittletogetabusinessupandrunningagainquicklyafteratheft.Therefore,implementingspecialaccesscontrolsforserverroomsandsimplylockingtherackcabinetswhenmaintenanceisnotbeingperformedaregoodwaystosecureanarea.Fromadatastandpoint,mission-criticalorhigh-valueinformationshouldbestoredonaserveronly.Thiscanmitigatetheriskofadesktoporlaptopbeingstolenforthedataitcontains.Lossoflaptopshasbeenacommoncauseofinformationbreaches.

Mobiledevicetheftsfromcarsandotherlocationscanoccurinseconds.Thieveshavebeencaughttakingmobiledevicesfromsecurityscreeningareasatairportswhiletheownerwasdistractedinscreening.Snatchandgrabattacksoccurinrestaurants,bars,andcafes.Tabletsandsmartphoneshavesignificantvalueandphysicalprecautionsshouldbetakenatalltimes.

CrossCheckMobileDeviceSecurityMobiledevicesecurityiscoveredindepthinChapter14.Foramoredetailedanalysisofsafeguardsuniquetomobiledevices,pleaserefertothatsectionofthetext.

Userscanperformoneofthemostsimple,yetimportant,informationsecuritytasks:lockaworkstationimmediatelybeforetheystepawayfromit.

Althoughuseofaself-lockingscreensaverisagoodpolicy,settingittolockatanypointlessthan10to15minutesafterbecomingidleisoftenconsideredanuisanceandcounterproductivetoactiveuseofthecomputeronthejobasthecomputerwilloftenlockwhiletheemployeeisstillactivelyusingthecomputer.Thus,computerstypicallysitidleforatleast15minutesbeforeautomaticallylockingunderthistypeofpolicy.Usersshouldmanuallylocktheirworkstations,asanattackeronlyneedstobeluckyenoughtocatchamachinethathasbeenleftalonefor5minutes.

BTUstandsforBritishThermalUnit;asingleBTUisdefinedastheamountofenergyrequiredtoraisethetemperatureofonepoundofliquidwateronedegreeFahrenheit.

EnvironmentalControlsWhiletheconfidentialityofinformationisimportant,soisitsavailability.Sophisticatedenvironmentalcontrolsareneededforcurrentdatacenters.Serverscangeneratelargelevelsofheat,andmanagingtheheatisthejoboftheenvironmentalcontrol.Controllingadatacenter’stemperatureandhumidityisimportantto

keepingserversrunning.Heatingventilatingandairconditioning(HVAC)systemsarecriticalforkeepingdatacenterscool,becausetypicalserversputoutbetween1000and2000BTUsofheat.Thetemperatureofadatacentershouldbemaintainedbetween70and74degreesFahrenheit(°F).Ifthetemperatureistoolow,itmaycausemechanismstoslowdown.Ifthetemperatureistoohigh,itmaycauseequipmentdamage.Thetemperature-damagingpointsofdifferentproductsareasfollows:

Magneticmedia:100°F

Computerhardware:175°F

Paperproducts:350°F

Itshouldbenotedthatthesearetemperaturesofthematerials;thesurroundingairisfrequentlycooler.Temperaturemeasurementsshouldbeobtainedonequipmentitselftoensureappropriateprotection.Multipleserversinaconfinedareacancreateconditionstoohotforthe

machinestocontinuetooperate.Thisproblemismadeworsewiththeadventofblade-stylecomputingsystemsandwithmanyotherdevicesshrinkinginsize.Whilephysicallysmaller,theytendtostillexpelthesameamountofheat.Thisisknownasincreaseddatacenterdensity—moreserversanddevicesperrack,puttingagreaterloadonthecoolingsystems.Thisencouragestheuseofahotaisle/coldaislelayout.Adatacenterthatisarrangedintohotandcoldaislesdictatesthatalltheintakefansonallequipmentfacethecoldaisle,andtheexhaustfansallfacetheoppositeaisle.TheHVACsystemisthendesignedtopushcoolairunderneaththeraisedfloorandupthroughperforatedtilesonthecoldaisle.HotairfromthehotaisleiscapturedbyreturnairductsfortheHVACsystem.Theuseofthislayoutisdesignedtocontrolairflow,withthepurposebeingnevertomixthehotandcoldair.Thisrequirestheuseofblockingplatesandsideplatestocloseopenrackslots.Thebenefitsofthisarrangementarethatcoolingismoreefficientandcanhandlehigherdensity.ThefailureofHVACsystemsforanyreasoniscauseforconcern.RisingcopperpriceshavemadeHVACsystemsthetargetsforthieves,andgeneralvandalismcanresultincostlydowntime.ProperlysecuringthesesystemsisimportantinhelpingpreventanattackerfromperformingaphysicalDoSattackonyourservers.

FireSuppressionAccordingtotheFireSuppressionSystemsAssociation(www.fssa.net),43percentofbusinessesthatcloseasaresultofasignificantfireneverreopen.Anadditional29percentfailwithinthreeyearsoftheevent.Theabilitytorespondtoafirequicklyandeffectivelyisthuscriticaltothelong-termsuccessofanyorganization.Addressingpotentialfirehazardsandvulnerabilitieshaslongbeenaconcernoforganizationsintheirrisk

analysisprocess.Thegoalobviouslyshouldbenevertohaveafire,butintheeventthatonedoesoccur,itisimportantthatmechanismsareinplacetolimitthedamagethefirecancause.

TechTip

EnvironmentandFiresWhileitmayatfirstseemtothesecurityprofessionalthatenvironmentalcontrolsandnaturaldisasterssuchasfiresdon’thaveanythingtodowithcomputersecurity,thinkofitintermsofavailability.Ifthegoaloftheattackerisnotinformationbutrathertodenyanorganizationtheuseofitsresources,environmentalfactors,anddisasterssuchasfires,canbeusedtodenythetargettheuseofitsowncomputingresources.This,then,becomesasecurityissueaswellasanoperationalissue.

Water-BasedFireSuppressionSystemsWater-basedfiresuppressionsystemshavelongbeen,andstillaretoday,theprimarytooltoaddressandcontrolstructuralfires.Consideringtheamountofelectricalequipmentfoundintoday’sofficeenvironmentandthefactthat,forobviousreasons,thisequipmentdoesnotreactwelltolargeapplicationsofwater,itisimportanttoknowwhattodowithequipmentifitdoesbecomesubjectedtoawater-basedsprinklersystem.TheNationalFireProtectionAssociation’s2013NFPA75:StandardfortheProtectionofInformationTechnologyEquipmentoutlinesmeasuresthatcanbetakentominimizethedamagetoelectronicequipmentexposedtowater.Thisguidanceincludesthesesuggestions:

Opencabinetdoors,removesidepanelsandcovers,andpulloutchassisdrawerstoallowwatertorunoutofequipment.

Setupfanstomoveroom-temperatureairthroughtheequipmentforgeneraldrying.Moveportableequipmenttodryair-conditionedareas.

Usecompressedairatnohigherthan50psitoblowouttrappedwater.

Usehandhelddryersonlowestsettingtodryconnectors,backplanewirewraps,andprintedcircuitcards.

Usecotton-tippedswabsforhard-to-reachplaces.Lightlydabthesurfacestoremoveresidualmoisture.

Keepthedryerswellawayfromcomponentsandwires.Overheatingofelectricalcomponentscancausepermanentdamage.

Eveniftheseguidelinesarefollowed,damagetothesystemsmayhavealreadyoccurred.Sincewaterissodestructivetoelectronicequipment,notonlybecauseoftheimmediateproblemsofelectronicshortstothesystembutalsobecauseoflonger-termcorrosivedamagewatercancause,alternativefiresuppressionmethodshavebeensought.

Halon-BasedFireSuppressionSystemsAfireneedsfuel,oxygen,andhightemperaturesforthechemicalcombustiontooccur.Ifyouremoveanyofthese,thefirewillnotcontinue.Haloninterfereswiththechemicalcombustionpresentinafire.Eventhoughhalonproductionwasbannedin1994,anumberofthesesystemsstillexisttoday.Theywereoriginallypopularbecausehalonwillmixquicklywiththeairinaroomandwillnotcauseharmtocomputersystems.Halonis,however,dangeroustohumans,especiallywhensubjectedtoextremelyhottemperatures(suchasmightbefoundduringafire),whenitcandegradeintoothertoxicchemicals.Asaresultofthesedangers,andalsobecausehalonhasbeenlinkedwiththeissueofozonedepletion,halonisbannedinnewfiresuppressionsystems.ItisimportanttonotethatundertheEnvironmentalProtectionAgency(EPA)rulesthatmandatednofurtherproductionofhalon,existingsystemswerenotrequiredtobedestroyed.Replacingthehaloninadischargedsystem,

however,willbeaproblem,sinceonlyexistingstockpilesofhalonmaybeusedandthecostisbecomingprohibitive.Forthisreason,manyorganizationsareswitchingtoalternativesolutions.

TechTip

DrillsIntheeventofanemergency,peoplewillbechallengedtoperformcorrectactionswhenstressedbytheemergency.Theuseofdrills,plans,andtestingwillensurethatescapeplansandescaperoutesareknownandeffectiveandthatpeoplearefamiliarwiththeiruse.Thetimetopracticeisbeforetheproblem,andrepeatingpracticeovertimebuildsconfidenceandstrengthensfamiliarity.

Clean-AgentFireSuppressionSystemsThesealternativesareknownasclean-agentfiresuppressionsystems,sincetheynotonlyprovidefiresuppressioncapabilitiesbutalsoprotectthecontentsoftheroom,includingpeople,documents,andelectronicequipment.Examplesofcleanagentsincludecarbondioxide,argon,Inergen,andFM-200(heptafluoropropane).Carbondioxide(CO2)hasbeenusedasafiresuppressionagentforalongtime.TheBellTelephoneCompanyusedportableCO2extinguishersintheearlypartofthe20thcentury.Carbondioxideextinguishersattackallthreenecessaryelementsforafiretooccur.CO2displacesoxygensothattheamountofoxygenremainingisinsufficienttosustainthefire.Italsoprovidessomecoolinginthefirezoneandreducestheconcentrationof“gasified”fuel.Argonextinguishesfirebyloweringtheoxygenconcentrationbelowthe15percentlevelrequiredforcombustibleitemstoburn.Argonsystemsaredesignedtoreducetheoxygencontenttoabout12.5percent,whichisbelowthe15percentneededforthefirebutisstillabovethe10percentrequiredbytheEPAforhumansafety.Inergen,aproductofAnsulCorporation,iscomposedofthreegases:52percentnitrogen,40percent

argon,and8percentcarbondioxide.Inamannersimilartopureargonsystems,Inergensystemsreducethelevelofoxygentoabout12.5percent,whichissufficientforhumansafetybutnotsufficienttosustainafire.Anotherchemicalusedinthephase-outofhalonisFE-13,ortrifluoromethane.Thischemicalwasoriginallydevelopedasachemicalrefrigerantandworkstosuppressfiresbyinhibitingthecombustionchainreaction.FE-13isgaseous,leavesbehindnoresiduethatwouldharmequipment,andisconsideredsafetouseinoccupiedareas.Otherhalocarbonsarealsoapprovedforuseinreplacinghalonsystems,includingFM-200(heptafluoropropane),achemicalusedasapropellantforasthmamedicationdispensers.

HandheldFireExtinguishersAutomaticfiresuppressionsystemsdesignedtodischargewhenafireisdetectedarenottheonlysystemsyoushouldbeawareof.Ifafirecanbecaughtandcontainedbeforetheautomaticsystemsdischarge,itcanmeansignificantsavingstotheorganizationintermsofbothtimeandequipmentcosts(includingtherechargingoftheautomaticsystem).Handheldextinguishersarecommoninoffices,butthecorrectuseofthemmustbeunderstoodordisastercanoccur.Therearefourdifferenttypesoffire,asshowninTable8.1.Eachtypeoffirehasitsownfuelsourceandmethodforextinguishingit.TypeAsystems,forexample,aredesignedtoextinguishfireswithnormalcombustiblematerialasthefire’ssource.Watercanbeusedinanextinguisherofthissort,sinceitiseffectiveagainstfiresofthistype.Water,aswe’vediscussed,isnotappropriateforfiresinvolvingwiringorelectricalequipment.UsingatypeAextinguisheragainstanelectricalfirewillnotonlybeineffectivebutcanresultinadditionaldamage.Someextinguishersaredesignedtobeeffectiveagainstmorethanonetypeoffire,suchasthecommonABCfireextinguishers.Thisisprobablythebesttypeofsystemtohaveinadataprocessingfacility.Allfireextinguishersshouldbeeasilyaccessibleandshouldbeclearlymarked.Beforeanybodyusesanextinguisher,theyshouldknow

whattypeofextinguisheritisandwhatthesourceofthefireis.Whenindoubt,evacuateandletthefiredepartmenthandlethesituation.

Table8.1 TypesofFireandSuppressionMethods

ExamTip:Thetypeoffiredistinguishesthetypeofextinguisherthatshouldbeusedtosuppressit.RememberthatthemostcommontypeistheABCfireextinguisher,whichisdesignedtohandlealltypesoffiresexceptflammable-metalfires,whicharerare.

TryThis!HandheldFireExtinguishersComputersecurityprofessionalstypicallydonothavemuchinfluenceoverthetypeoffiresuppressionsystemthattheirofficeincludes.Itis,however,importantthattheyareawareofwhattypehasbeeninstalled,whattheyshoulddoincaseofanemergency,andwhatneedstobedonetorecoverafterthereleaseofthesystem.Oneareathattheycaninfluence,however,isthetypeofhandheldfireextinguisherthatislocatedintheirarea.Checkyourfacilitytoseewhattypeoffiresuppressionsystemisinstalled.Alsochecktoseewherethefireextinguishersareinyourofficeandwhattypeoffirestheyaredesignedtohandle.

FireDetectionDevicesAnessentialcomplementtofiresuppressionsystemsanddevicesarefiredetectiondevices(firedetectors).Detectorsmaybeabletodetectafireinitsveryearlystages,beforeafiresuppressionsystemisactivated,andsoundawarningthatpotentiallyenablesemployeestoaddressthefirebeforeitbecomesseriousenoughforthefiresuppressionequipmenttokickin.Thereareseveraldifferenttypesoffiredetectors.Onetype,ofwhich

therearetwovarieties,isactivatedbysmoke.Thetwovarietiesofsmokedetectorareionizationandphotoelectric.Aphotoelectricdetectorisgoodforpotentiallyprovidingadvancewarningofasmolderingfire.Thistypeofdevicemonitorsaninternalbeamoflight.Ifsomethingdegradesthelight,forexamplebyobstructingit,thedetectorassumesitissomethinglikesmokeandthealarmsounds.Anionizationstyleofdetectorusesanionizationchamberandasmallradioactivesourcetodetectfast-burningfires.ShowninFigure8.10,thechamberconsistsoftwoplates,onewithapositivechargeandonewithanegativecharge.Oxygenandnitrogenparticlesintheairbecome“ionized”(anionisfreedfromthemolecule).Thefreedion,whichhasanegativecharge,isattractedtothepositiveplate,andtheremainingpartofthemolecule,nowwithapositivecharge,isattractedtothenegativeplate.Thismovementofparticlescreatesaverysmallelectriccurrentthatthedevicemeasures.Smokeinhibitsthisprocess,andthedetectorwilldetecttheresultingdropincurrentandsoundanalarm.Bothofthesedevicesareoftenreferredtogenericallyassmokedetectors,andcombinationsofbothvarietiesarepossible.Formoreinformationonsmokedetectors,seehttp://home.howstuffworks.com/home-improvement/household-safety/fire/smoke2.htm.

•Figure8.10Anionizationchamberforanionizationtypeofsmokedetector

TechTip

TestingControlsBecauseoftheimportanceoftheirprotection,safetycontrolsshouldbeperiodicallytestedforproperoperationandalerting.Thisshouldbeasystem-level,notdevice-level,testtoensuretheentirecontrolsystemperformsintheintendedmanner.

Anothertypeoffiredetectorisactivatedbyheat.Thesedevicesalsocomeintwovarieties.Fixed-temperatureorfixed-pointdevicesactivateifthetemperatureintheareaeverexceedssomepredefinedlevel.Rate-of-riseorrate-of-increasetemperaturedevicesactivatewhenthereisasuddenincreaseinlocaltemperaturethatmayindicatethebeginningstagesofafire.Rate-of-risesensorscanprovideanearlierwarningbutarealsoresponsibleformorefalsewarnings.Athirdtypeofdetectorisflameactivated.Thistypeofdevicerelieson

theflamesfromthefiretoprovideachangeintheinfraredenergythatcan

bedetected.Flame-activateddevicesaregenerallymoreexpensivethantheothertwotypesbutcanfrequentlydetectafiresooner.

PowerProtectionComputersystemsrequirecleanelectricalpower,andforcriticalsystems,uninterruptedpowercanbeimportantaswell.Thereareseveralelementsusedtomanagethepowertosystems,includinguninterruptiblepowersuppliesandbackuppowersystems.

TechTip

UPSAttributesUPSsystemshaveseveralattributestoconsider:

Theelectricalloadtheycansupport(measuredinkVA)

ThelengthoftimetheycansupporttheloadThespeedofprovidingpowerwhenthereisapowerfailure

Thephysicalspacetheyoccupy

UPSAnuninterruptiblepowersupply(UPS)isusedtoprotectagainstshort-durationpowerfailures.TherearetwotypesofUPS,onlineandstandby.AnonlineUPSisincontinuoususebecausetheprimarypowersourcegoesthroughittotheequipment.ItusesAClinevoltagetochargeabankofbatteries.Whentheprimarypowersourcefails,aninverterintheUPSwillchangeDCofthebatteriesintoAC.AstandbyUPShassensorstodetectpowerfailures.Ifthereisapowerfailure,theloadwillbeswitchedtotheUPS.Itstaysinactivebeforeapowerfailure,andtakesmoretimethananonlineUPStoprovidepowerwhentheprimarysourcefails.

BackupPowerandCableShieldingBackuppowersources,suchasamotorgenerator,anotherelectricalsubstation,andsoon,areusedtoprotectagainstalong-durationpowerfailure.Avoltageregulatorandlineconditionerareusedtoprotectagainstunstablepowersupplyandspikes.Propergroundingisessentialforallelectricaldevicestoprotectagainstshortcircuitsandstaticelectricity.Inmoresensitiveareas,cableshieldingcanbeemployedtoavoid

interference.Powerlinemonitoringcanbeusedtodetectchangesinfrequencyandvoltageamplitude,warningofbrownoutsorspikes.Anemergencypoweroff(EPO)switchcanbeinstalledtoallowforthequickshutdownofpowerwhenrequired.Topreventelectromagneticinterferenceandvoltagespikes,electricalcablesshouldbeplacedawayfrompowerfulelectricalmotorsandlighting.Anothersourceofpower-inducedinterferencecanbefluorescentlighting,whichcancauseradiofrequencyinterference.

ElectromagneticInterferenceElectromagneticinterference,orEMI,canplagueanytypeofelectronics,butthedensityofcircuitryinthetypicaldatacentercanmakeitahavenforEMI.EMIisdefinedasthedisturbanceonanelectricalcircuitcausedbythatcircuit’sreceptionofelectromagneticradiation.Magneticradiationentersthecircuitbyinduction,wheremagneticwavescreateachargeonthecircuit.Theamountofsensitivitytothismagneticfielddependsonanumberoffactors,includingthelengthofthecircuit,whichcanactlikeanantenna.EMIisgroupedintotwogeneraltypes:narrowbandandbroadband.NarrowbandEMIis,byitsnature,electromagneticenergywithasmallfrequencybandand,therefore,typicallysourcedfromadevicethatispurposefullytransmittinginthespecifiedband.BroadbandEMIcoversawiderarrayoffrequenciesandistypicallycausedbysometypeofgeneralelectricalpowerusesuchaspowerlinesorelectricmotors.IntheUnitedStates,theFederalCommunicationsCommissionhas

responsibilityforregulatingproductsthatproduceEMIandhasdevelopedaprogramforequipmentmanufacturerstoadheretostandardsforEMIimmunity.ModerncircuitryisdesignedtoresistEMI.Cablingisagoodexample;thetwistinunshieldedtwistedpair,orCategory6/6a,cableistheretoreduceEMI.EMIisalsocontrolledbymetalcomputercasesthataregrounded;byprovidinganeasypathtoground,thecaseactsasanEMIshield.AbiggerexamplewouldbeaFaradaycageorFaradayshield,whichisanenclosureofconductivematerialthatisgrounded.Thesecanberoomsizedorbuiltintoabuilding’sconstruction;thecriticalelementisthatthereisnosignificantgapintheenclosurematerial.ThesemeasurescanhelpshieldEMI,especiallyinhighradiofrequencyenvironments.WhilewehavetalkedabouttheshieldingnecessarytokeepEMI

radiationoutofyourcircuitry,thereisalsotechnologytotryandhelpkeepitin.KnownbysomeasTEMPEST,itisalsoknownasVanEckemissions.Acomputer’smonitororLCDdisplayproduceselectromagneticradiationthatcanberemotelyobservedwiththecorrectequipment.TEMPESTwasthecodewordforanNSAprogramtosecureequipmentfromthistypeofeavesdropping.WhilesomeoftheinformationaboutTEMPESTisstillclassified,thereareguidesontheInternetthatdescribeprotectivemeasures,suchasshieldingandelectromagnetic-resistantenclosures.Acompanyhasevendevelopedacommercialpaintthatoffersradiofrequencyshielding.

TechTip

MasterKeysMechanicalkeyingsystemswithindustrial-gradelockshaveprovisionsformultiplemasterkeys.Thisallowsindividualmasterkeystobedesignatedbyfloor,bydepartment,bythewholebuilding,andsoforth.Thisprovidestremendousflexibility,althoughifamasterkeyislost,significantrekeyingwillberequired.

ElectronicAccessControlSystemsAccesstokensaredefinedas“somethingyouhave.”Anaccesstokenisaphysicalobjectthatidentifiesspecificaccessrights.Accesstokensarefrequentlyusedforphysicalaccesssolutions,justasyourhousekeyisabasicphysicalaccesstokenthatallowsyouaccessintoyourhome.Althoughkeyshavebeenusedtounlockdevicesforcenturies,theydohaveseverallimitations.Keysarepairedexclusivelywithalockorasetoflocks,andtheyarenoteasilychanged.Itiseasytoaddanauthorizeduserbygivingtheuseracopyofthekey,butitisfarmoredifficulttogivethatuserselectiveaccessunlessthatspecifiedareaisalreadysetupasaseparatekey.Itisalsodifficulttotakeaccessawayfromasinglekeyorkeyholder,whichusuallyrequiresarekeyofthewholesystem.Inmanybusinesses,physicalaccessauthenticationhasmovedto

contactlessradiofrequencycardsandproximityreaders.Whenpassednearacardreader,thecardsendsoutacodeusingradiowaves.Thereaderpicksupthiscodeandtransmitsittothecontrolpanel.Thecontrolpanelchecksthecodeagainstthereaderfromwhichitisbeingreadandthetypeofaccessthecardhasinitsdatabase.Oneoftheadvantagesofthiskindoftoken-basedsystemisthatanycardcanbedeletedfromthesystemwithoutaffectinganyothercardortherestofthesystem.TheRFID-basedcontactlessentrycardshowninFigure8.11isacommonformofthistokendeviceemployedfordoorcontrolsandisfrequentlyputbehindanemployeebadge.Inaddition,alldoorsconnectedtothesystemcanbesegmentedinanyformorfashiontocreatemultipleaccessareas,withdifferentpermissionsforeachone.Thetokensthemselvescanalsobegroupedinmultiplewaystoprovidedifferentaccesslevelstodifferentgroupsofpeople.Alloftheaccesslevelsorsegmentationofdoorscanbemodifiedquicklyandeasilyifbuildingspaceisretasked.Newertechnologiesareaddingcapabilitiestothestandardtoken-basedsystems.

•Figure8.11Smartcardshaveaninternalchipaswellasmultipleexternalcontactsforinterfacingwithasmartcardreader.

Theadventofsmartcards(cardsthatcontainintegratedcircuitscapableofgeneratingandstoringcryptographickeys)hasenabledcryptographictypesofauthentication.Smartcardtechnologyhasprovenreliableenoughthatitisnowpartofagovernmentalstandardforphysicalandlogicalauthentication.KnownasPersonalIdentityVerification,orPIV,cards,theyadheretotheFIPS201standard.Thissmartcardincludesacryptographicchipandconnector,aswellasacontactlessproximitycardcircuit.Italsohasstandardsforaprintedphotoandnameprintingonthefront.Biometricdatacanbestoredonthecard,providinganadditionalauthenticationfactor,andifthePIVstandardisfollowed,severalformsof

identificationareneededtogetacard.

TechTip

PersonnelIDBadgesHavingpersonnelwearavisibleIDbadgewiththeirpictureisacommonformofphysicalsecurity.Ifeveryoneissupposedtowearabadgevisibly,thenanyonewhoseessomeonewithoutabadgecanaskthemwhotheyare,andwhytheyarethere.Thisgreatlyincreasesthenumberofeyeswatchingforintrudersinlarge,publiclyaccessiblefacilities.

Theprimarydrawbackoftoken-basedauthenticationisthatonlythetokenisbeingauthenticated.Therefore,thetheftofthetokencouldgrantanyonewhopossessedthetokenaccesstowhatthesystemprotects.Theriskoftheftofthetokencanbeoffsetbytheuseofmultiple-factorauthentication.Oneofthewaysthatpeoplehavetriedtoachievemultiple-factorauthenticationistoaddabiometricfactortothesystem.

AccessTokensElectronicaccesscontrolsystemswerespawnedfromtheneedtohavemoreloggingandcontrolthanprovidedbytheoldermethodofmetallickeys.Mostelectronicsystemscurrentlyuseatoken-basedcardthatifpassednearareaderwillunlockthedoorstrikeandletyoupassintothearea(assumingyouhavepermissionfromthesystem).Newertechnologyattemptstomaketheauthenticationprocesseasierandmoresecure.Thefollowingsectionsdiscusshowtokensandbiometricsarebeing

usedforauthentication.Italsolooksintohowmultiple-factorauthenticationcanbeusedforphysicalaccess.

BiometricsBiometricsusethemeasurementsofcertainbiologicalfactorstoidentifyonespecificpersonfromothers.Thesefactorsarebasedonpartsofthe

humanbodythatareunique.Themostwellknownoftheseuniquebiologicalfactorsisthefingerprint.Fingerprintreadershavebeenavailableforseveralyearsinlaptops.Thesecomeinavarietyofformfactors,suchastheexampleshowninFigure8.12,andasstandaloneUSBdevices.

•Figure8.12Newerlaptopcomputersoftenincludeafingerprintreader.

However,manyotherbiologicalfactorscanbeused,suchastheretinaoririsoftheeye,thegeometryofthehand,andthegeometryoftheface.Whentheseareusedforauthentication,thereisatwo-partprocess:enrollmentandthenauthentication.Duringenrollment,acomputertakestheimageofthebiologicalfactorandreducesittoanumericvalue.Whentheuserattemptstoauthenticate,theirfeatureisscannedbythereader,andthecomputercomparesthenumericvaluebeingreadtotheonestoredinthedatabase.Iftheymatch,accessisallowed.Sincethesephysicalfactorsareunique,theoreticallyonlytheactualauthorizedpersonwouldbe

allowedaccess.Intherealworld,however,thetheorybehindbiometricsbreaksdown.

Tokensthathaveadigitalcodeworkverywellbecauseeverythingremainsinthedigitalrealm.Acomputerchecksyourcode,suchas123,againstthedatabase;ifthecomputerfinds123andthatnumberhasaccess,thecomputeropensthedoor.Biometrics,however,takeananalogsignal,suchasafingerprintoraface,andattempttodigitizeit,anditisthenmatchedagainstthedigitsinthedatabase.Theproblemwithananalogsignalisthatitmightnotencodetheexactsamewaytwice.Forexample,ifyoucametoworkwithabandageonyourchin,wouldtheface-basedbiometricsgrantyouaccessordenyit?Engineerswhodesignedthesesystemsunderstoodthatifasystemwas

settoexactchecking,anencodedbiometricmightnevergrantaccesssinceitmightneverscanthebiometricexactlythesamewaytwice.Therefore,mostsystemshavetriedtoallowacertainamountoferrorinthescan,whilenotallowingtoomuch.Thisleadstotheconceptsoffalsepositivesandfalsenegatives.Afalsepositiveoccurswhenabiometricisscannedandallowsaccesstosomeonewhoisnotauthorized—forexample,twopeoplewhohaveverysimilarfingerprintsmightberecognizedasthesamepersonbythecomputer,whichgrantsaccesstothewrongperson.Afalsenegativeoccurswhenthesystemdeniesaccesstosomeonewhoisactuallyauthorized—forexample,auseratthehandgeometryscannerforgottoweararingheusuallywearsandthecomputerdoesn’trecognizehishandanddenieshimaccess.Forbiometricauthenticationtoworkproperly,andalsobetrusted,itmustminimizetheexistenceofbothfalsepositivesandfalsenegatives.Todothat,abalancebetweenexactinganderrormustbecreatedsothatthemachinesallowalittlephysicalvariance—butnottoomuch.

FalsePositivesandFalseNegativesWhenadecisionismadeoninformationandanassociatedrangeofprobabilities,theconditionsexistforafalsedecision.Figure8.13illustratestwooverlappingprobabilities;anitembelongstoeithertheredcurveorthebluecurve,butnotboth.The

problemindecidingwhichcurveanitembelongstooccurswhenthecurvesoverlap.

•Figure8.13Overlappingprobabilities

Whenthereisanoverlappingarea,itistypicallyreferredtoasthefalsepositiveandfalsenegativerate.Notethatintheaccompanyingfigures,thesizeofoverlapisgreatlyexaggeratedtomakeiteasytosee.Figure8.14illustratesafalsepositivedetection.Ifthevalueobservedisthedottedline,thenitcouldbeconsideredeitheramatchoranon-match.Ifinfactitshouldnotmatch,andthesystemtagsitasamatch,itisafalsepositive.Inbiometrics,afalsepositivewouldallowaccesstoanunauthorizedparty.

•Figure8.14Falsepositive

Figure8.15illustratesafalsenegativedetection.Ifthevalueobservedisthedottedline,thenitcouldbeconsideredeitheramatchoranon-match.Ifinfactitshouldmatch,andthesystemtagsitasanon-match,itisafalsenegative.Afalsenegativewouldpreventanauthorizeduserfromobtainingaccess.

•Figure8.15Falsenegative

ExamTip:Falsepositiveandfalsenegativearefrequentlyconfused.Thetruedefinitionsrevolvearoundthestatisticaltermnullhypothesis.Forauthentication,itisassumedthatthepersonisnotauthorized.Ifthepersonisnotauthorized,andthetestincorrectlyrejectsthenullhypothesisandallowsentry,thisisafalsepositive—alsocalledaTypeIerror.Ifthepersonisauthorized,andthetestfailstoallowentry,thenthisisafalsenegative,orTypeIIerror.Theimportantelementisthedirectionofthenullhypothesis,which,forauthentication,wouldbetodenyentry.

Tosolvethefalsepositiveandfalsenegativeissue,theprobabilisticenginemustproducetwosetsofcurvesthatdonotoverlap.Thisisequivalenttoverylow,<0.001%,falsepositiveandfalsenegativerates.Becausethecurvestechnicallyhavetailsthatgoforever,therewillalwaysbesomefalserates,butthenumbershavetobeexceedinglysmalltoassuresecurity.Figure8.16illustratesthedesired,buttypicallyimpractical,separationofthecurves.

•Figure8.16Desiredsituation

Amorerealisticsituationhasthetwocurvescrossingoveratsomepoint,andthispointisknownasthecrossovererrorrate(CER).TheCERisthepointwherethefalseacceptanceandfalserejectionratesareequal.Whileasystemhastheabilitytoadjustwhichofthetwofalseratestofavor,theCERprovidesameansofcomparingsystemsperformanceatdiscriminatingsignals.AsystemwithaCERof2percentismoreaccurate(andhasmoreseparation)thanonewithaCERof5percent.Anotherconcernwithbiometricsisthatifsomeoneisabletostealthe

uniquenessfactorthatthemachinescans—yourfingerprintfromaglass,forexample—andisabletoreproducethatfactorinasubstancethatfoolsthescanner,thatpersonnowhasyouraccessprivileges.Thisideaiscompoundedbythefactthatitisimpossibleforyoutochangeyourfingerprintifitgetsstolen.Itiseasytoreplacealostorstolentokenanddeletethemissingonefromthesystem,butitisfarmoredifficulttoreplaceahumanhand.Anotherproblemwithbiometricsisthatpartsofthehumanbodycanchange.Ahumanfacecanchange,throughscarring,weightlossorgain,orsurgery.Afingerprintcanbechangedthroughdamagetothefingers.Eyeretinascanbeaffectedbysometypesofdiabetesorbypregnancy.Allofthesechangesforcethebiometricsystem

toallowahighertoleranceforvarianceinthebiometricbeingread.Thishasledthewayforhigh-securityinstallationstomovetowardmultiple-factorauthentication.

Multiple-FactorAuthenticationMultiple-factorauthenticationissimplythecombinationoftwoormoretypesofauthentication.Threebroadcategoriesofauthenticationcanbeused:whatyouare(forexample,biometrics),whatyouhave(forinstance,tokens),andwhatyouknow(passwordsandotherinformation).Two-factorauthenticationcombinesanytwoofthesebeforegrantingaccess.Anexamplewouldbeacardreaderthatthenturnsonafingerprintscanner—ifyourfingerprintmatchestheoneonfileforthecard,youaregrantedaccess.Three-factorauthenticationwouldcombineallthreetypes,suchasasmartcardreaderthatasksforaPINbeforeenablingaretinascanner.Ifallthreecorrespondtoavaliduserinthecomputerdatabase,accessisgranted.

ExamTip:Two-factorauthenticationcombinesanytwomethodsofauthentication,matchingitemssuchasatokenwithabiometric.Three-factorauthenticationcombinesanythree,suchasapasscode,biometric,andatoken.

Multiple-factorauthenticationmethodsgreatlyenhancesecuritybymakingitverydifficultforanattackertoobtainallthecorrectmaterialsforauthentication.Theyalsoprotectagainsttheriskofstolentokens,astheattackermusthavethecorrectbiometric,password,orboth.Moreimportant,multiple-factorauthenticationenhancesthesecurityofbiometricsystems,byprotectingagainstastolenbiometric.Changingthetokenmakesthebiometricuselessunlesstheattackercanstealthenewtoken.Italsoreducesfalsepositivesbytryingtomatchthesuppliedbiometricwiththeonethatisassociatedwiththesuppliedtoken.Thispreventsthecomputerfromseekingamatchusingtheentiredatabaseof

biometrics.Usingmultiplefactorsisoneofthebestwaystoensureproperauthenticationandaccesscontrol.

Chapter8Review

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingfactsabouthowphysicalsecurityimpactsnetworksecurity.

Describehowphysicalsecuritydirectlyaffectscomputerandnetworksecurity

Physicalaccessdefeatsallnetworksecurityprotections.

Bootdisksallowfilesystemaccess.

Driveimagingissimpletoaccomplishwithphysicalaccess.

Accesstotheinternalnetworkissimplewithphysicalaccess.

Theftofhardwarecanbeanattackinandofitself.

Discussstepsthatcanbetakentohelpmitigaterisks

Removaloffloppydrivesandothermediadriveswhentheyareunnecessarycanhelpmitigatebootdiskattacks.

RemovalofCD-ROMdevicesalsomakesphysicalaccessattacksmoredifficult.

BIOSpasswordsshouldbeusedtoprotectthebootsequence.

USBdevicesareathreatandthus,ifpossible,USBdriversshouldberemoved.

Allusersneedsecuritytraining.

Authenticationsystemsshouldusemultiplefactorswhenfeasible.

Identifythedifferenttypesoffiresandthevariousfiresuppressionsystemsdesignedtolimitthedamagecausedbyfires

Firescanbecausedbyandcanconsumeanumberofdifferentmaterials.Itisimportanttorecognizewhattypeoffireisoccurring,becausetheextinguishertousedependsonthetypeoffire.

TheABCfireextinguisheristhemostcommontypeandisdesignedtohandlemosttypesoffires.Theonlytypeoffireitisnotdesignedtoaddressisonewithcombustiblemetals.

Explainelectronicaccesscontrolsandtheprinciplesofconvergence

Accesscontrolsshouldhavelayeredareasandelectronicaccesscontrolsystems.

Electronicphysicalsecuritysystemsneedtobeprotectedfromnetwork-basedattacks.

KeyTermsaccesstokens(210)autoplay(201)biometrics(211)BIOSpasswords(200)bootdisk(192)closedcircuittelevision(CCTV)(198)contactlessaccesscards(197)convergence(200)crossovererrorrate(CER)(214)driveimaging(194)falsenegative(212)

falsepositive(212)layeredaccess(197)LiveCD(193)mantrap(198)multiple-factorauthentication(214)physicalaccesscontrol(196)policiesandprocedures(200)smartcards(211)UnifiedExtensibleFirmwareInterface(UEFI)(200)USBdevices(201)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.Adoorsystemdesignedtoonlyallowasinglepersonthroughiscalleda(n)_______________.

2._______________includeMP3playersandflashdrives.3.A(n)_______________happenswhenanunauthorizeduseris

allowedaccess.

4.Removablemediafromwhichacomputercanbebootediscalleda(n)_______________.

5._______________forcesausertoauthenticateagainwhenenteringamoresecurearea.

6.Itemscarriedbytheusertoallowthemtobeauthenticatedarecalled_______________.

7._______________isthemeasurementofuniquebiologicalproperties,likethefingerprint.

8._______________preventanattackerfrommakingthemachinebootofftheDVDdrive.

9._______________isasystemwherethecameraandmonitoraredirectlylinked.

10.Usingatoken,fingerprintreader,andPINkeypadwouldbeanexampleof_______________.

Multiple-ChoiceQuiz1.Whatisthemostcommonexampleofanaccesstoken?

A.Smartcard

B.Handwritingsample

C.PDA

D.Key

2.Whichoneisnotcommonlyusedasabiometric?A.Eyeretina

B.Handgeometry

C.Shoulder-to-waistgeometry

D.Fingerprint

3.Probablythesimplestphysicalattackonthecomputersystemis:A.AccessinganEthernetjacktoattackthenetwork

B.Usinganimitationtofoolabiometricauthenticator

C.InstallingavirusontheCCTVsystem

D.Outrighttheftofthecomputers

4.Whatisacommonthreattotoken-basedaccesscontrols?

A.Thekey

B.Demagnetizationofthestrip

C.Asystemcrash

D.Lossortheftofthetoken

5.WhycanUSBflashdrivesbeathreat?A.Theyusetoomuchpower.

B.Theycanbringmaliciouscodepastothersecuritymechanisms.

C.Theycanbestolen.

D.Theycanbeencrypted.

6.WhyisHVACimportanttocomputersecurity?A.SabotageoftheACunitcouldtakeouttheelectricalpower.

B.SabotageoftheACunitwouldmakethecomputersoverheatandshutdown.

C.TheACunitscouldbeconnectedtothenetwork.

D.HVACisnotimportanttosecurity.

7.Whyshouldsecurityguardsgetcross-traininginnetworksecurity?A.Theyaretheeyesandearsofthecorporationwhenitcomesto

security.

B.Theyaretheonlypeopleinthebuildingatnight.

C.Theyaremorequalifiedtoknowwhatasecuritythreatis.

D.Theyhavetheauthoritytodetainviolators.

8.Whyisenrollmentimportanttobiometrics?A.Fingerprintsareunique.

B.Itaddsanotherlayertothelayeredaccessmodel.

C.Ifenrollmentisnotdonecarefully,falsepositiveswillincrease.

D.Itcompletelypreventsfalsepositives.

9.Whyisphysicalsecuritysoimportanttogoodnetworksecurity?A.Becauseencryptionisnotinvolved

B.Becausephysicalaccessdefeatsnearlyallnetworksecuritymeasures

C.Becauseanattackercanstealbiometricidentities

D.Authentication

10.Howdoesmultiple-factorauthenticationimprovesecurity?A.Byusingbiometrics,nootherpersoncanauthenticate.

B.Itrestrictsuserstosmallerspaces.

C.Byusingacombinationofauthentications,itismoredifficultforsomeonetogainillegitimateaccess.

D.Itdeniesaccesstoanintrudermultipletimes.

EssayQuestions1.YouhavebeenaskedtoreportonthefeasibilityofinstallinganIP

CCTVcamerasystematyourorganization.DetailtheprosandconsofanIPCCTVsystemandhowyouwouldimplementthesystem.

2.Writeamemojustifyinglayeredaccessfordevicesinanorganization.

3.Writeamemojustifyingmoreusereducationaboutphysicalsecurity.

4.WriteasamplepolicyregardingtheuseofUSBdevicesinan

organization.

LabProjects

•LabProject8.1LoadaLiveCDonyourmachineandexaminethetoolsitprovides.Youwillneedthefollowingmaterials:

AcomputerwithaversionofWindowsinstalledandaCD/DVDburner

AnemptyCDorDVDThendothefollowing:

1.DownloadacopyofKaliLinux.Agoodsitefromwhichtoobtainthisiswww.kali.org/downloads/.

2.BurntheISOfiletotheCD/DVD.

3.Rebootthemachine,allowingtheLiveCDtostartthemachineinLinux.4.OnceKaliLinuxisrunning,openaterminalwindowandtypewireshark.

5.WithWiresharkopenasasniffingprogram,recordthetraffictoandfromthiscomputer.A.OpenCapture|Options.

B.SelectStartonyourEthernetinterface,usuallyeth0.

C.StopCapturebyselectingCapture|Stop.

D.Clickanypacketlistedtoviewtheanalysis.

6.ViewtheothertoolsontheCDunderKDE|Kali.

•LabProject8.2Disableautoplayonyoursystemforseveraltypesofmedia.Youwillneedthefollowingmaterials:

AcomputerwithWindowsAUSBflashdrivethatissettobebootable

ACD/DVDwithanautoplayfile

Thendothefollowing:

1.InserttheCD/DVDandverifythatautoplayisonandworking.

2.Followthischapter’sinstructionsondisablingautoplay.3.ReinserttheCD/DVDandverifythatautoplayisdisabled—nothingshouldappearwhen

theCD/DVDisinsertednow.

4.InserttheUSBflashdriveandseeifautoplayworksforit;ifitdoes,disableitusingthesamemethod.

chapter9 NetworkFundamentals

Thevalueofacommunicationsnetworkisproportionaltothesquareofthenumberofitsusers.

—METCALFE’SLAW

B

Inthischapter,youwilllearnhowto

Identifythebasicnetworkarchitectures

Definethebasicnetworkprotocols

Explainroutingandaddresstranslation

Classifysecurityzones

ythesimplestdefinitioninthedataworld,anetworkisameanstoconnecttwoormorecomputerstogetherforthepurposesofsharinginformation.Theterm“network”hasdifferentmeaningsdependingon

thecontextandusage.Anetworkcanbeagroupoffriendsandassociates,aseriesofinterconnectedtunnels,or,fromacomputer-orientedperspective,acollectionofinterconnecteddevices.Networksizesandshapesvarydrastically,rangingfromtwopersonalcomputersconnectedwithacrossovercableorwirelessrouterallthewayuptotheInternet,encirclingtheglobeandlinkingtogetheruntoldnumbersofindividual,distributedsystems.Thoughdatanetworksvarywidelyinsizeandscope,theyaregenerallydefinedintermsoftheirarchitecture,topology,andprotocols.

NetworkArchitecturesEverynetworkhasanarchitecture—whetherbydesignorbyaccident.Definingordescribingaspecificnetwork’sarchitectureinvolvesidentifyingthenetwork’sphysicalconfiguration,logicaloperation,structure,procedures,dataformats,protocols,andothercomponents.Forthesakeofsimplicityandcategorization,peopletendtodividenetworkarchitecturesintotwomaincategories:LANsandWANs.Alocalareanetwork(LAN)typicallyissmallerintermsofsizeandgeographiccoverageandconsistsoftwoormoreconnecteddevices.HomenetworksandmostsmallofficenetworkscanbeclassifiedasLANs.Awidearea

network(WAN)tendstobelarger,coveringmoregeographicarea,andconsistsoftwoormoresystemsingeographicallyseparatedareasconnectedbyanyofavarietyofmethodssuchasleasedlines,radiowaves,satelliterelays,microwaves,orevendial-upconnections.Withtheadventofwirelessnetworking,optical,andcellulartechnology,thelinesbetweenLANandWANsometimesseemtomergeseamlesslyintoasinglenetworkentity.Forexample,mostcorporationshavemultipleLANswithineachofficelocationthatallconnecttoaWANthatprovidesintercompanyconnectivity.Figure9.1showsanexampleofacorporatenetwork.EachofficelocationwilltypicallyhaveoneormoreLANs,whichareconnectedtotheotherofficesandthecompanyheadquartersthroughacorporateWAN.

•Figure9.1CorporateWANconnectingmultipleoffices

ExamTip:ALANisalocalareanetwork—anofficebuilding,homenetwork,andsoon.AWANisawideareanetwork—acorporatenetworkconnectingofficesinDallas,NewYork,andSanJose,forexample.

Overtime,asnetworkshavegrown,diversified,andmultiplied,thelinebetweenLANandWANhasbecomeblurred.Tobetterdescribeemerging,specializednetworkstructures,newtermshavebeencoinedtoclassifynetworksbasedonsizeanduse:

Campusareanetwork(CAN)Anetworkconnectinganynumberofbuildingsinanofficeoruniversitycomplex(alsoreferredtoasacampuswideareanetwork).

IntranetA“private”networkthatisaccessibleonlytoauthorizedusers.Manylargecorporationshostanintranettofacilitateinformationsharingwithintheirorganization.

InternetThe“globalnetwork”connectinghundredsofmillionsofsystemsandusers.

Metropolitanareanetwork(MAN)Anetworkdesignedforaspecificgeographiclocalitysuchasatownoracity.

Storageareanetwork(SAN)Ahigh-speednetworkconnectingavarietyofstoragedevicessuchastapesystems,RAIDarrays,opticaldrives,fileservers,andothers.

Virtuallocalareanetwork(VLAN)Alogicalnetworkallowingsystemsondifferentphysicalnetworkstointeractasiftheywereconnectedtothesamephysicalnetwork.

Client/serverAnetworkinwhichpowerful,dedicatedsystemscalledserversprovideresourcestoindividualworkstationsorclients.

Peer-to-peerAnetworkinwhicheverysystemistreatedasanequal,suchasahomenetwork.

NetworkTopologyOnemajorcomponentofeverynetwork’sarchitectureisthenetwork’stopology—howthenetworkisphysicallyorlogicallyarranged.Termstoclassifyanetwork’stopologyhavebeendeveloped,oftenreflectingthephysicallayoutofthenetwork.Themainclassesofnetworktopologiesarestar,ring,bus,andmixed.

StartopologyNetworkcomponentsareconnectedtoacentralpoint.(SeeFigure9.2.)

•Figure9.2Startopology

BustopologyNetworkcomponentsareconnectedtothesamecable,oftencalled“thebus”or“thebackbone.”(SeeFigure9.3.)

•Figure9.3Bustopology

RingtopologyNetworkcomponentsareconnectedtoeachotherinaclosedloopwitheachdevicedirectlyconnectedtotwootherdevices.(SeeFigure9.4.)

•Figure9.4Ringtopology

Largernetworks,suchasthoseinsideanofficecomplex,mayusemorethanonetopologyatthesametime.Forexample,anofficecomplexmayhavealargeringtopologythatinterconnectsallthebuildingsinthecomplex.Eachbuildingmayhavealargebustopologytointerconnectstartopologieslocatedoneachfloorofthebuilding.Thisiscalledamixedtopologyorhybridtopology.(SeeFigure9.5.)

•Figure9.5Mixedtopology

Withrecentadvancesintechnology,thesetopologydefinitionsoftenbreakdown.Whileanetworkconsistingoffivecomputersconnectedtothesamecoaxialcableiseasilyclassifiedasabustopology,whataboutthosesamecomputersconnectedtoaswitchusingCat-5cables?Withaswitch,eachcomputerisconnectedtoacentralnode,muchlikeastartopology,butthebackplaneoftheswitchisessentiallyasharedmedium.

Withaswitch,eachcomputerhasitsownexclusiveconnectiontotheswitchlikeastartopology,buthastosharetheswitch’scommunicationsbackbonewithalltheothercomputers,muchlikeabustopology.Toavoidthistypeofconfusion,manypeopleusetopologydefinitionsonlytoidentifythephysicallayoutofthenetwork,focusingonhowthedevicesareconnectedtothenetwork.Ifweapplythislineofthinkingtoourexample,thefive-computernetworkbecomesastartopologywhetherweuseahuboraswitch.

Wirelessnetworksuseradiowavesastheirmediumtotransmitpackets,andthoseradiowavesdon’tstopatthewallsofyourhouseoryourorganization.Anyonewithinrangecan“see”thoseradiowavesandattempttoeithersniffyourtrafficorconnecttoyournetwork.Encryption,MACaddressfiltering,andsuppressionofbeaconframesareallsecuritymechanismstoconsiderwhenusingwirelessnetworks.Wirelessnetworks,becauseofthesignalpropagation,caneasilyassumeameshstructure.

NetworkProtocolsHowdoalltheseinterconnecteddevicescommunicate?WhatmakesaPCinChinaabletoviewwebpagesonaserverinBrazil?Whenengineersfirststartedtoconnectcomputerstogethervianetworks,theyquicklyrealizedtheyneededacommonlyacceptedmethodforcommunicating—aprotocol.

ProtocolsAprotocolisanagreed-uponformatforexchangingortransmittingdatabetweensystems.Aprotocoldefinesanumberofagreed-uponparameters,suchasthedatacompressionmethod,thetypeoferrorcheckingtouse,andmechanismsforsystemstosignalwhentheyhavefinishedeitherreceivingortransmittingdata.Thereisawidevarietyofprotocols,each

designedwithcertainbenefitsandusesinmind.Someofthemorecommonprotocolsthathavebeenusedinnetworkingarelistednext.Today,mostnetworksaredominatedbyEthernetandInternetProtocol.

AppleTalkThecommunicationsprotocoldevelopedbyAppletoconnectMacintoshcomputersandprinters.

AsynchronousTransferMode(ATM)Aprotocolbasedontransferringdatainfixed-sizepackets.Thefixedpacketsizeshelpensurethatnosingledatatypemonopolizestheavailablebandwidth.

EthernetTheLANprotocoldevelopedjointlybyXerox,DEC,andIntel—themostwidelyimplementedLANstandard.

FiberDistributedDataInterface(FDDI)Theprotocolforsendingdigitaldataoverfiber-opticcabling.

InternetProtocols(IP)Theprotocolsformanagingandtransmittingdatabetweenpacket-switchedcomputernetworks,originallydevelopedfortheDepartmentofDefense.MostusersarefamiliarwithInternetprotocolssuchase-mail,FileTransferProtocol(FTP),Telnet,andHypertextTransferProtocol(HTTP).

InternetworkPacketExchange(IPX)ThenetworkingprotocolcreatedbyNovellforusewithNovellNetWareoperatingsystems.

SignalingSystem7(SS7)Thetelecommunicationsprotocolusedbetweenprivatebranchexchanges(PBXs)tohandletaskssuchascallsetup,routing,andteardown.

SystemsNetworkArchitecture(SNA)AsetofnetworkprotocolsdevelopedbyIBM,originallyusedtoconnectIBM’smainframesystems.

TokenRingALANprotocoldevelopedbyIBMthatrequiressystemstopossessthenetwork“token”beforetransmittingdata.

TransmissionControlProtocol/InternetProtocol(TCP/IP)Thecollectionofcommunicationsprotocolsusedtoconnecthostsonthe

Internet.TCP/IPisbyfarthemostcommonlyusednetworkprotocolandisacombinationoftheTCPandIPprotocols.

X.25AprotocolDevelopedbytheComitéConsultatifInternationalTéléphoniqueetTélégraphique(CCITT)foruseinpacket-switchednetworks.TheCCITTwasasubgroupwithintheInternationalTelecommunicationUnion(ITU)beforetheCCITTwasdisbandedin1992.

AlittlehistoryontheIPprotocolfromWikipedia:“InMay,1974,theInstituteofElectricalandElectronicEngineers(IEEE)publishedapaperentitled‘AProtocolforPacketNetworkInterconnection.’Thepaper’sauthors,VintCerfandBobKahn,describedaninternetworkingprotocolforsharingresourcesusingpacket-switchingamongthenodes.”

Inmostcases,communicationsprotocolsweredevelopedaroundtheOpenSystemInterconnection(OSI)model.TheOSImodel,orOSIReferenceModel,isanInternationalOrganizationforStandardization(ISO)standardforworldwidecommunicationsthatdefinesaframeworkforimplementingprotocolsandnetworkingcomponentsinsevendistinctlayers.WithintheOSImodel,controlispassedfromonelayertoanother(top-down)beforeitexitsonesystemandentersanothersystem,wherecontrolispassedbottom-uptocompletethecommunicationscycle.ItisimportanttonotethatmostprotocolsonlylooselyfollowtheOSImodel;severalprotocolscombineoneormorelayersintoasinglefunction.TheOSImodelalsoprovidesacertainlevelofabstractionandisolationforeachlayer,whichonlyneedstoknowhowtointeractwiththelayeraboveandbelowit.Theapplicationlayer,forexample,onlyneedstoknowhowtocommunicatewiththepresentationlayer—itdoesnotneedtotalkdirectlytothephysicallayer.Figure9.6showsthedifferentlayersoftheOSImodel.

•Figure9.6TheOSIReferenceModel

PacketsNetworksarebuilttoshareinformationandresources,butlikeotherformsofcommunication,networksandtheprotocolstheyusehavelimitsandrulesthatmustbefollowedforeffectivecommunication.Forexample,largechunksofdatamusttypicallybebrokenupintosmaller,moremanageablechunksbeforetheyaretransmittedfromonecomputertoanother.Breakingthedatauphasadvantages—youcanmoreeffectivelysharebandwidthwithothersystemsandyoudon’thavetoretransmittheentiredatasetifthereisaproblemintransmission.Whendataisbrokenupintosmallerpiecesfortransmission,eachofthesmallerpiecesistypicallycalledapacket.Eachprotocolhasitsowndefinitionofapacket—

dictatinghowmuchdatacanbecarried,whatinformationisstoredwhere,howthepacketshouldbeinterpretedbyanothersystem,andsoon.

Theconceptofbreakingamessageintopiecesbeforesendingitisasoldasnetworking.Thetermsusedtodescribethesepiecescanvaryfromprotocoltoprotocol.FrameRelayandEthernetbothusethetermframe.ATMcallsthemcells.Manyprotocolsusethegenerictermpacket.IntheOSImodel,thetermdatagramisused.Attheendoftheday,regardlessofwhatitiscalled,thesepiecesareprotocol-defined,formattedstructuresusedtocarryinformation.

Astandardpacketstructureisacrucialelementinaprotocoldefinition.Withoutastandardpacketstructure,systemswouldnotbeabletointerprettheinformationcomingtothemfromothersystems.Packet-basedcommunicationsystemshaveotheruniquecharacteristics,suchassize,whichneedtobeaddressed.Thisisdoneviaadefinedmaximumandfragmentingpacketsthataretoobig,asshowninthenextsections.

MaximumTransmissionUnitWhentransmittingpacketsacrossanetwork,therearemanyinterveningprotocolsandpiecesofequipment,eachwithitsownsetoflimitations.OneofthefactorsusedtodeterminehowmanypacketsamessagemustbebrokenintoistheMaximumTransmissionUnit(MTU).TheMTUisthelargestpacketthatcanbecarriedacrossanetworkchannel.ThevalueoftheMTUisusedbyTCPtopreventpacketfragmentationatinterveningdevices.PacketfragmentationisthesplittingofapacketwhileintransitintotwopacketssothattheyfitpastanMTUbottleneck.

PacketFragmentationBuiltintotheInternetProtocolisamechanismforhandlingofpacketsthatarelargerthanallowedacrossahop.UnderICMPv4,arouterhastwooptionswhenitencountersapacketthatistoolargeforthenexthop:breakthepacketintotwofragments,sendingeachseparately,ordropthepacket

andsendanICMPmessagebacktotheoriginator,indicatingthatthepacketistoobig.Whenafragmentedpacketarrivesatthereceivinghost,itmustbereunitedwiththeotherpacketfragmentsandreassembled.OneoftheproblemswithfragmentationisthatitcancauseexcessivelevelsofpacketretransmissionasTCPmustretransmitanentirepacketforthelossofasinglefragment.InIPv6,toavoidfragmentation,hostsarerequiredtodeterminetheminimalpathMTUbeforetransmissionofpacketstoavoidfragmentationenroute.AnyfragmentationrequirementsinIPv6areresolvedattheorigin,andiffragmentationisrequired,itoccursbeforesending.

TechTip

IPv6andFragmentationIPv6systemscalculatetheMTUandthenadheretothatfromhosttohost.Thispreventsfragmentationenroute;insteadallfragmentationisdonebytheoriginatinghosttofitundertheMTUlimit.

IPfragmentationcanbeexploitedinavarietyofwaystobypasssecuritymeasures.PacketscanbepurposefullyconstructedtosplitexploitcodeintomultiplefragmentstoavoidIDSdetection.Becausethereassemblyoffragmentsisdependentupondatainthefragments,itispossibletomanipulatethefragmentstoresultindatagramsthatexceedthe64KBlimit,resultingindenialofservice.

InternetProtocolTheInternetProtocolisnotasingleprotocolbutasuiteofprotocols.TherelationshipbetweensomeoftheIPsuiteandtheOSImodelisshowninFigure9.7.Asyoucansee,therearedifferencesbetweenthetwoversionsoftheprotocolinuse,v4andv6.Theprotocolelementsandtheirsecurityimplicationsarecoveredinthenextsectionsofthischapter.Oneofthese

differencesisthereplacementoftheInternetGroupManagementProtocol(IGMP)withtheInternetControlMessageProtocol(ICMP)andMulticastListenerDiscovery(MLD)inIPv6.

•Figure9.7InternetProtocolsuitecomponents

IPPacketsTobetterunderstandpacketstructure,let’sexaminethepacketstructuredefinedbytheIPprotocol.AnIPpacket,oftencalledadatagram,hastwomainsections:theheaderandthedatasection(sometimescalledthepayload).Theheadersectioncontainsalloftheinformationneededtodescribethepacket(seeFigure9.8).

•Figure9.8LogicallayoutofanIPpacket,(a)IPv4(b)IPv6

InIPv4,therearecommonfieldstodescribethefollowingoptions.

Whatkindofpacketitis(protocolversionnumber)

Howlargetheheaderofthepacketis(packetheaderlength)

Howtoprocessthispacket(typeofservicetellingthenetworkwhetherornottouseoptionssuchasminimizedelay,maximizethroughput,maximizereliability,andminimizecost)

Howlargetheentirepacketis(overalllengthofpacket—sincethisisa16-bitfield,themaximumsizeofanIPpacketis65,535bytes,butinpracticemostpacketsarearound1500bytes)

Auniqueidentifiersothatthispacketcanbedistinguishedfromotherpackets

Whetherornotthispacketispartofalongerdatastreamandshouldbehandledrelativetootherpackets

Flagsthatindicatewhetherornotspecialhandlingofthispacketisnecessary

Adescriptionofwherethispacketfitsintothedatastreamascomparedtootherpackets(thefragmentoffset)

A“timetolive”fieldthatindicatesthepacketshouldbediscardedifthevalueiszero

Aprotocolfieldthatdescribestheencapsulatedprotocol

Achecksumofthepacketheader(tominimizethepotentialfordatacorruptionduringtransmission)

Wherethepacketisfrom(sourceIPaddress,suchas10.10.10.5)

Wherethepacketisgoing(destinationIPaddress,suchas10.10.10.10)

Optionflagsthatgovernsecurityandhandlingrestrictions,whetherornottorecordtheroutethispackethastaken,whetherornottorecordtimestamps,andsoon

Thedatathispacketcarries

InIPv6,thesourceanddestinationaddressestakeupmuchgreater

room,andforequipmentandpackethandlingreasons,mostoftheinformationaloptionshavebeenmovedtotheoptionalareaaftertheaddresses.Thisseriesofoptionalextensionheadersallowstheefficientuseoftheheaderinprocessingtheroutinginformationduringpacketroutingoperations.OneofthemostcommonoptionsistheIPsecextension,whichisused

toestablishIPsecconnections.IPsecusesencryptiontoprovideavarietyofprotectionstopackets.IPsecisfullycoveredinChapter11.

TechTip

TheImportanceofUnderstandingTCP/IPProtocolsAsecurityprofessionalmustunderstandhowthevariousTCP/IPprotocolsoperate.Forexample,ifyou’relookingatapacketcaptureofasuspectedportscan,youneedtoknowhow“normal”TCPandUDPtrafficworkssoyouwillbeabletospot“abnormal”traffic.Thischapterprovidesaverybasicoverviewofthemostpopularprotocols:TCP,UDP,andICMP.

Asyoucansee,thisstandardpacketdefinitionallowssystemstocommunicate.Withoutthistypeof“commonlanguage,”theglobalconnectivityweenjoytodaywouldbeimpossible—theIPprotocolistheprimarymeansfortransmittinginformationacrosstheInternet.

TCPvs.UDPProtocolsaretypicallydevelopedtoenableacertaintypeofcommunicationorsolveaspecificproblem.Overtheyears,thisapproachhasledtothedevelopmentofmanydifferentprotocols,eachcriticaltothefunctionorprocessitsupports.However,therearetwoprotocolsthathavegrownsomuchinpopularityandusethatwithoutthem,theInternetasweknowitwouldceasetoexist.Thesetwoprotocols,theTransmissionControlProtocol(TCP)andUserDatagramProtocol(UDP),areprotocolsthatrunontopoftheIPnetworkprotocol.Asseparateprotocols,

theyeachhavetheirownpacketdefinitions,capabilities,andadvantages,butthemostimportantdifferencebetweenTCPandUDPistheconceptof“guaranteed”reliabilityanddelivery.

ExamTip:TCPisa“connection-oriented”protocolandoffersreliabilityandguaranteeddeliveryofpackets.UDPisa“connectionless”protocolwithnoguaranteesofdelivery.

UDPisknownasa“connectionless”protocolasithasveryfewerror-recoveryservicesandnoguaranteeofpacketdelivery.WithUDP,packetsarecreatedandsentontheirway.Thesenderhasnoideawhetherthepacketsweresuccessfullyreceivedorwhethertheywerereceivedinorder.Inthatrespect,UDPpacketsaremuchlikepostcards—youaddressthemanddroptheminthemailbox,notreallyknowingif,when,orhowthepostcardsreachyourintendedaudience.Eventhoughpacketlossandcorruptionarerelativelyrareonmodernnetworks,UDPisconsideredtobeanunreliableprotocolandisoftenonlyusedfornetworkservicesthatarenotgreatlyaffectedbytheoccasionallostordroppedpacket.Timesynchronizationrequests,namelookups,andstreamingaudioaregoodexamplesofnetworkservicesbasedonUDP.UDPalsohappenstobeafairly“efficient”protocolintermsofcontentdeliveryversusoverhead.WithUDP,moretimeandspaceisdedicatedtocontent(data)deliverythanwithotherprotocolssuchasTCP.ThismakesUDPagoodcandidateforstreamingprotocols,asmoreoftheavailablebandwidthandresourcesareusedfordatadeliverythanwithotherprotocols.TCPisa“connection-oriented”protocolandwasspecificallydesigned

toprovideareliableconnectionbetweentwohostsexchangingdata.TCPwasalsodesignedtoensurethatpacketsareprocessedinthesameorderinwhichtheyweresent.AspartofTCP,eachpackethasasequencenumbertoshowwherethatpacketfitsintotheoverallconversation.Withthesequencenumbers,packetscanarriveinanyorderandatdifferenttimesandthereceivingsystemwillstillknowthecorrectorderforprocessing

them.Thesequencenumbersalsoletthereceivingsystemknowifpacketsaremissing—receivingpackets1,2,4,and7tellsusthatpackets3,5,and6aremissingandneededaspartofthisconversation.Thereceivingsystemcanthenrequestretransmissionofpacketsfromthesendertofillinanygaps.The“guaranteedandreliable”aspectofTCPmakesitverypopularfor

manynetworkapplicationsandservicessuchasHTTP,FTP,andTelnet.Aspartoftheconnection,TCPrequiresthatsystemsfollowaspecificpatternwhenestablishingcommunications.Thispattern,oftencalledthethree-wayhandshake(showninFigure9.9),isasequenceofveryspecificsteps:

•Figure9.9TCP’sthree-wayhandshake

1.Theoriginatinghost(usuallycalledtheclient)sendsaSYN(synchronize)packettothedestinationhost(usuallycalledtheserver).TheSYNpackettellstheserverwhatporttheclientwantstoconnecttoandtheinitialpacketsequencenumberoftheclient.

2.TheserversendsaSYN/ACKpacketbacktotheclient.ThisSYN/ACK(synchronize/acknowledge)tellstheclient“Ireceivedyourrequest”andalsocontainstheserver’sinitialpacketsequencenumber.

3.TheclientrespondstotheserverwithanACKpackettocompletetheconnectionestablishmentprocess.

Thinkofthethree-wayhandshakeasbeingsimilartoaphonecall.Youplaceacalltoyourfriend—that’stheSYN.Yourfriendanswersthephoneandsays“hello”—that’stheSYN/ACK.Thenyousay“Hi,it’sme”—that’stheACK.Yourconnectionisestablishedandyoucanstartyourconversation.

ICMPWhileTCPandUDParearguablythemostcommonprotocols,theInternetControlMessageProtocol(ICMP)isprobablythethirdmostcommonlyusedprotocol.Duringtheearlydevelopmentoflargenetworks,itwasquicklydiscoveredthatthereneededtobesomemechanismformanagingtheoverallinfrastructure—handlingconnectionstatus,trafficflow,availability,anderrors.ThismechanismisICMP.ICMPisacontrolandinformationprotocolandisusedbynetworkdevicestodeterminesuchthingsasaremotenetwork’savailability,thelengthoftimetoreacharemotenetwork,andthebestrouteforpacketstotakewhentravelingtothatremotenetwork(usingICMPredirectmessages,forexample).ICMPcanalsobeusedtohandletheflowoftraffic,tellingothernetworkdevicesto“slowdown”transmissionspeedsifpacketsarecomingintoofast.

TechTip

TCPPacketFlagsTCPpacketscontainflags—dedicatedfieldsthatareusedtohelptheTCPprotocolcontrolandmanagetheTCPsession.ThereareeightdifferentflagsinaTCPpacket,andwhenaflagis“set,”itissettoavalueof1.Theeightdifferentflagsare

CWR(CongestionWindowReduced)SetbyahosttoindicatethatitreceivedapacketwiththeECEflagsetandistakingactiontohelpreducecongestion.

ECE(ECN-Echo)IndicatesthattheTCPpeerisECNcapablewhenusedduringthethree-wayhandshake.Duringnormaltraffic,thisflagmeansthatapacketwithaCongestionExperiencedflaginitsIPheaderwasreceivedbythehostsendingthis

packet.

URG(Urgent)Whenset,theurgentpointerinthepacketsshouldbereadasvalidandfollowedforadditionaldata.

ACK(Acknowledgment)IndicatesthatthedataintheACKfieldshouldbeprocessed.

PSH(Push)Indicatesthatdatadeliveryshouldstartimmediatelyratherthanwaitingforbufferstofillupfirst.

RST(Reset)Resetsthecurrentconnection—astart-overfeatureoftenusedbyIPS/IDSdevicestointerruptsessions.

SYN(Synchronize)Usedtohelpsynchronizesequencenumbers.FIN(Finish)Indicatesthesenderisfinishedandhasnomoredatatosend.

ICMP,likeUDP,isaconnectionlessprotocol.ICMPwasdesignedtocarrysmallmessagesquicklywithminimaloverheadorimpacttobandwidth.ICMPpacketsaresentusingthesameheaderstructureasIPpackets,withtheprotocolfieldsetto1toindicatethatitisanICMPpacket.ICMPpacketsalsohavetheirownheader,whichfollowstheIPheaderandcontainstype,code,checksum,sequencenumber,identifier,anddatafields.The“type”fieldindicateswhattypeofICMPmessageitis,andthe“code”fieldtellsuswhatthemessagereallymeans.Forexample,anICMPpacketwithatypeof3andacodeof2wouldtellusthisisa“destinationunreachable”messageand,morespecifically,a“hostunreachable”message—usuallyindicatingthatweareunabletocommunicatewiththeintendeddestination.BecauseICMPmessagesinIPv6canuseIPsec,ICMPv6messagescanhavesignificantprotectionsfromalteration.Unfortunately,ICMPhasbeengreatlyabusedbyattackersoverthelast

fewyearstoexecutedenial-of-service(DoS)attacks.BecauseICMPpacketsareverysmallandconnectionless,thousandsandthousandsofICMPpacketscanbegeneratedbyasinglesysteminaveryshortperiodoftime.AttackershavedevelopedmethodstotrickmanysystemsintogeneratingthousandsofICMPpacketswithacommondestination—theattacker’starget.Thiscreatesaliteralfloodoftrafficthatthetarget,andinmostcasesthenetworkthetargetsitson,isincapableofdealingwith.The

ICMPflooddrownsoutanyotherlegitimatetrafficandpreventsthetargetfromaccomplishingitsnormalduties—denyingaccesstotheservicethetargetnormallyprovides.ThishasledtomanyorganizationsblockingallexternalICMPtrafficattheperimeteroftheirorganization.

TechTip

ICMPMessageCodesWithICMPpackets,therealmessageofthepacketiscontainedinthe“typeandcode”fields,notthedatafield.FollowingaresomeofthemorecommonlyseenICMPtypecodes.NotethatICMPv6hasbrokenthelistingintotwotypes:errormessages(0—127)andinformationalmessages(128—255,presentedinthelatterhalfofthetable).IPv6introducesmanynewprotocols,twoofwhichwillhavesignificantimplications:theNeighborDiscoveryProtocol(NDP),whichmanagestheinteractionsbetweenneighboringIPv6nodes,andMulticastListenerDiscovery(MLD),whichmanagesIPv6multicastgroups.

TechTip

Manyofthemessageshaveassociatedcodevaluesthatmakethemessagemorespecific.For

example,ICMPv4messageswithatypeof3canhaveanyofthefollowingcodes:

CrossCheckPingSweepInChapter1youlearnedabouta“pingsweep.”Whatisapingsweepandwhatisitusedfor?WhattypesofICMPpacketscouldyouusetoconductapingsweep?HowdoesthisdifferbetweenICMPv4andICMPv6?

TechTip

ShouldYouBlockICMP?ICMPisaprotocolusedfortroubleshooting,errorreporting,andawidevarietyofassociatedfunctionality.ThisfunctionalityexpandsinICMPv6intomulticasting.ICMPgotabadnameprimarilybecauseofissuesassociatedwithpingandtraceroutecommands,buttheserepresentatinyminorityoftheprotocolfunctionality.TherearenumerousimportantusesassociatedwithICMP,andblockingitinitsentiretyisabadpractice.Blockingspecificcommandsandspecificsourcesmakessense;blanketblockingisapoorpracticethatwillleadtonetworkinefficiencies.BlockingICMPv6initsentiretywillblockalotofIPv6functionalitybecauseICMPisnowanintegralpartoftheprotocolsuite.

IPv4vs.IPv6ThemostcommonversionofIPinuseisIPv4,butthereleaseofIPv6,spurredbythedepletionoftheIPv4addressspace,hasbegunatypicallogarithmicadoptioncurve.IPv6hasmanysimilaritiestothepreviousversion,butitalsohassignificantnewenhancements,manyofwhichhavesignificantsecurityimplications.

ExpandedAddressSpaceTheexpansionoftheaddressspacefrom32bitsto128bitsisasignificantchange.WhereIPv4didnothaveenoughaddressesforeachpersononearth,IPv6hasover1500addressespersquaremeteroftheentireearth’ssurface.Thishasoneimmediateimplication:whereyoucoulduseascannertosearchalladdressesforresponsesinIPv4,doingthesameinIPv6willtakesignificantlylonger.AonemillisecondscaninIPv4equatestoa2.5billionyearscaninIPv6.Intheory,the128bitsofIPv6addressspacewillexpress3.4×1038possiblenodes.TheIPv6addressingprotocolhasbeendesignedtoallowforahierarchaldivisionoftheaddressspaceintoseverallayersofsubnets,toassistinthemaintainingofbothefficientandlogicaladdressallocations.OneexampleistheembeddingoftheIPv4

addressspaceintheIPv6space.Thisalsohasanintentionaleffectofsimplifyingthebackboneroutinginfrastructuresbyreducingtheroutingtablesize.

TechTip

IPv6TopSecurityConcernsTherearenumerousIPv6securityconcerns,sometechnical,someoperational.Someofthetopsecurityconcernsare

LackofIPv6securitytraining/education.

SecuritydevicebypassviaIPv6.PoorIPv6securitypolicies.

Addressnotationmakesgreppingthroughlogsdifficultifnotimpossible.IPv6complexityincreasesoperationalchallengesforcorrectdeployment.

NetworkDiscoveryIPv6introducestheNetworkDiscovery(NDP)protocol,whichisusefulforauto-configurationofnetworks.NDPcanenableavarietyofinterceptionandinterruptionthreatmodes.Amalevolentroutercanattachitselftoanetworkandrerouteorinterrupttrafficflows.

BenefitsofIPv6Changeisalwaysadifficulttask,andwhenthechangewilltouchvirtuallyeverythinginyoursystem,thismakesitevenmoredifficult.ChangingfromIPv4toIPv6isnotasimpletask,foritwillhaveaneffectoneverynetworkedresource.Thegoodnewsisthatthisisnotasuddenorsurpriseprocess;vendorshavebeenmakingproductsIPv6capableforalmostadecade.Bythispoint,virtuallyallthenetworkequipmentyourelyuponwillbedual-stackcapable,meaningthattheycanoperateinbothIPv4andIPv6networks.ThisprovidesamethodforanorderlytransferfromIPv4

toIPv6.IPv6hasmanyusefulbenefitsandultimatelywillbemoresecure

becauseithasmanysecurityfeaturesbuiltintothebaseprotocolseries.IPv6hasasimplifiedpacketheaderandnewaddressingscheme.Thiscanleadtomoreefficientroutingthroughsmallerroutingtablesandfasterpacketprocessing.IPv6wasdesignedtoincorporatemulticastingflowsnatively,whichallowsbandwidth-intensivemultimediastreamstobesentsimultaneouslytomultipledestinations.IPv6hasahostofnewservices,fromauto-configurationtomobiledeviceaddressing,andserviceenhancementstoimprovetherobustnessofQoSandVoIPfunctions.ThesecuritymodelofIPv6isbakedintotheprotocol,andis

significantlyenhancedfromthenonexistentoneinIPv4.IPv6isdesignedtobesecurefromsendertoreceiver,withIPsecavailablenativelyacrosstheprotocol.Thiswillsignificantlyimprovecommunicationlevelsecurity,butithasalsodrawnalotofattention.TheuseofIPsecwillchangethewaysecurityfunctionsareperformedacrosstheenterprise.OldIPv4methods,suchasNATandpacketinspectionmethodsofIDS,willneedtobeadjustedtothenewmodel.Securityapplianceswillhavetoadapttothenewprotocolanditsenhancednature.

PacketDeliveryProtocolsaredesignedtohelpinformationgetfromoneplacetoanother,butinordertodeliverapacketwehavetoknowwhereitisgoing.Packetdeliverycanbedividedintotwosections:localandremote.Ethernetiscommonforlocaldelivery,whileIPworksforremotedelivery.Localpacketdeliveryappliestopacketsbeingsentoutonalocalnetwork,whileremotepacketdeliveryappliestopacketsbeingdeliveredtoaremotesystem,suchasacrosstheInternet.Ultimately,packetsmayfollowalocaldelivery–remotedelivery–localdeliverypatternbeforereachingtheirintendeddestination.Thebiggestdifferenceinlocalversusremotedeliveryishowpacketsareaddressed.Networksystemshaveaddresses,notunlikeofficenumbersorstreetaddresses,andbeforeapacketcanbe

successfullydelivered,thesenderneedstoknowtheaddressofthedestinationsystem.

TechTip

MACAddressesEverynetworkdeviceshouldhaveauniqueMACaddress.ManufacturersofnetworkcardsandnetworkchipsetshaveblocksofMACaddressesassignedtothem,soyoucanoftentellwhattypeofequipmentissendingpacketsbylookingatthefirstthreepairsofhexadecimaldigitsinaMACaddress.Forexample“00-00-0C”wouldindicatethenetworkdevicewasbuiltbyCiscoSystems.

EthernetEthernetisthemostwidelyimplementedLayer2protocol.EthernetisstandardizedunderIEEE802.3.Ethernetworksbyforwardingpacketsonahop-to-hopbasisusingMACaddresses.Layer2addressingcanhavenumeroussecurityimplications.Layer2addressescanbepoisoned,spanningtreealgorithmscanbeattacked,VLANscanbehopped,andmore.Becauseofitsnearubiquity,Ethernetisacommonattackvector.Ithasmanyelementsthatmakeitusefulfromanetworkingpointofview,suchasitsbroadcastnatureanditsabilitytorunoverawiderangeofmedia.Butthesecanalsoactagainstsecurityconcerns.Wirelessconnectionsarefrequentlyconsideredtobeweakfromasecuritypointofview,butsoshouldEthernet,forunlessyouownthenetwork,youshouldconsiderthenetworktobeatrisk.

LocalPacketDeliveryPacketsdeliveredonanetwork,suchasanofficeLAN,areusuallysentusingthedestinationsystem’shardwareaddress,orMediaAccessControl(MAC)address.Eachnetworkcardornetworkdeviceis

supposedtohaveauniquehardwareaddresssothatitcanbespecificallyaddressedfornetworktraffic.MACaddressesareassignedtoadeviceornetworkcardbythemanufacturer,andeachmanufacturerisassignedaspecificblockofMACaddressestopreventtwodevicesfromsharingthesameMACaddress.MACaddressesareusuallyexpressedassixpairsofhexadecimaldigits,suchas00:07:e9:7c:c8:aa.Inorderforasystemtosenddatatoanothersystemonthenetwork,itmustfirstfindoutthedestinationsystem’sMACaddress.

TryThis!FindingMACAddressesonWindowsSystemsOpenacommandpromptonaWindowssystem.Typethecommandipconfig/allandfindyoursystem’sMACaddress.Hint:Itshouldbelistedunder“PhysicalAddress”onyournetworkadapters.Nowtypethecommandarp–aandpressENTER.Whatinformationdoesthisdisplay?CanyoufindtheMACaddressofyourdefaultgateway?

Maintainingalistofeverylocalsystem’sMACaddressisbothcostlyandtimeconsuming,andalthoughasystemmaystoreMACaddressestemporarilyforconvenience,inmanycasesthesendermustfindthedestinationMACaddressbeforesendinganypackets.Tofindanothersystem’sMACaddress,theAddressResolutionProtocol(ARP)isused.Essentially,thisisthecomputer’swayoffindingout“whoownstheblueconvertiblewithlicensenumber123JAK.”Inmostcases,systemsknowtheIPaddresstheywishtosendto,butnottheMACaddress.UsinganARPrequest,thesendingsystemwillsendoutaquery:Whois10.1.1.140?Thisbroadcastqueryisexaminedbyeverysystemonthelocalnetwork,butonlythesystemwhoseIPaddressis10.1.1.140willrespond.Thatsystemwillsendbackaresponsethatsays“I’m10.1.1.140andmyMACaddressis00:07:e9:7c:c8:aa.”Thesendingsystemwillthenformatthepacketfordeliveryanddropitonthenetworkmedia,stampedwiththeMACaddressofthedestinationworkstation.

MACaddressescanbe“spoofed”orfaked.Someoperatingsystemsallowuserswithadministrator-levelprivilegestoexplicitlysettheMACaddressfortheirnetworkcard(s).Forexample,inLinuxoperatingsystemsyoucanusetheifconfigcommandtochangeanetworkadapter’sMACaddress.Thecommandifconfigeth0hwether00:07:e9:7c:c8:aawillsettheMACaddressofadaptereth0to00:07:e9:7c:c8:aa.TherearealsoanumberofsoftwareutilitiesthatallowyoutodothisthroughaGUI,suchastheGNUMACChanger.GUIutilitiestochangeMACaddressesonWindowssystemsarealsoavailable.

CrossCheckMandatoryAccessControlvs.MediaAccessControlInChapter2youlearnedaboutadifferentMAC—mandatoryaccesscontrol.WhatisthedifferencebetweenmandatoryaccesscontrolandMediaAccessControl?Whatiseachusedfor?Whenusingacronymsitcanbecriticaltoensureallpartiesareawareofthecontextoftheirusage.

ARPAttacksARPoperatesinasimplisticandefficientmanner—abroadcastrequestfollowedbyaunicastreply.ThismethodleavesARPopentoattack,whichinturncanresultinlossesofintegrity,confidentiality,andavailability.BecauseARPservestoestablishcommunicationchannels,failuresatthislevelcanleadtosignificantsystemcompromises.ThereisawiderangeofARP-specificattacks,butonecanclassifythemintotypesbasedoneffect.

TechTip

RogueDeviceDetectionThereisalwaysariskofarogue(unauthorized)devicebeinginsertedintothenetwork.Todetectwhenthishappens,maintainingalistofallauthorizedMACaddressescanhelpdetectthesedevices.AlthoughMACscanbecopiedandspoofed,thiswouldalsosetupaconflictif

theoriginaldevicewaspresent.Monitoringfortheseconditionscandetecttheinsertionofaroguedevice.

ARPcanbeavectoremployedtoachieveaman-in-the-middleattack.Therearemanyspecificwaystocreatefalseentriesinamachine’sARPcache,buttheeffectisthesame:communicationswillberoutedtoanattacker.ThistypeofattackiscalledARPpoisoning.Theattackercanusethismethodtoinjecthimselfintothemiddleofacommunication,hijackasession,snifftraffictoobtainpasswordsorothersensitiveitems,orblocktheflowofdata,creatingadenialofservice.AlthoughARPisnotsecure,allisnotlostwithmanyARP-based

attacks.Higher-levelpacketprotectionssuchasIPseccanbeemployedsothatthepacketsareunreadablebyinterlopers.ThisisoneofthesecuritygainsassociatedwithIPv6,becausewhensecurityisemployedattheIPseclevel,packetsareprotectedbelowtheIPlevel,makingLayer2attackslesssuccessful.

RemotePacketDeliveryWhilepacketdeliveryonaLANisusuallyaccomplishedwithMACaddresses,packetdeliverytoadistantsystemisusuallyaccomplishedusingInternetProtocol(IP)addresses.IPaddressesare32-bitnumbersthatusuallyareexpressedasagroupoffournumbers(suchas10.1.1.132).Inordertosendapackettoaspecificsystemontheothersideoftheworld,youhavetoknowtheremotesystem’sIPaddress.StoringlargenumbersofIPaddressesoneveryPCisfartoocostly,andmosthumansarenotgoodatrememberingcollectionsofnumbers.However,humansaregoodatrememberingnames,sotheDomainNameSystem(DNS)protocolwascreated.

DNSDNStranslatesnamesintoIPaddresses.Whenyouenterthenameofyourfavoritewebsiteintothelocationbarofyourwebbrowserandpress

ENTER,thecomputerhastofigureoutwhatIPaddressbelongstothatname.YourcomputertakestheenterednameandsendsaquerytoalocalDNSserver.Essentially,yourcomputeraskstheDNSserver,“WhatIPaddressgoeswithwww.myfavoritesite.com?”TheDNSserver,whosemainpurposeinlifeistohandleDNSqueries,looksinitslocalrecordstoseeifitknowstheanswer.Ifitdoesn’t,theDNSserverqueriesanother,higher-leveldomainserver.Thatserverchecksitsrecordsandqueriestheserveraboveit,andsoonuntilamatchisfound.Thatname-to−IPaddressmatchingispassedbackdowntoyourcomputersoitcancreatethewebrequest,stampitwiththerightdestinationIPaddress,andsendit.

TheDomainNameSystemiscriticaltotheoperationoftheInternet—ifyourcomputercan’ttranslatewww.espn.cominto68.71.212.159,thenyourwebbrowserwon’tbeabletoaccessthelatestscores.(AsDNSisadynamicsystem,theIPaddressmaychangeforwww.espn.com;youcancheckwiththetracertcommand.)

Beforesendingthepacket,yoursystemwillfirstdetermineifthedestinationIPaddressisonalocalorremotenetwork.Inmostcases,itwillbeonaremotenetworkandyoursystemwillnotknowhowtoreachthatremotenetwork.Again,itwouldnotbepracticalforyoursystemtoknowhowtodirectlyreacheveryothersystemontheInternet,soyoursystemwillforwardthepackettoanetworkgateway.Networkgateways,usuallycalledrouters,aredevicesthatareusedtointerconnectnetworksandmovepacketsfromonenetworktoanother.ThatprocessofmovingpacketsfromonenetworktoanotheriscalledroutingandiscriticaltotheflowofinformationacrosstheInternet.Toaccomplishthistask,routersuseforwardingtablestodeterminewhereapacketshouldgo.Whenapacketreachesarouter,therouterlooksatthedestinationaddresstodeterminewheretosendthepacket.Iftherouter’sforwardingtablesindicatewherethepacketshouldgo,theroutersendsthepacketoutalongtheappropriateroute.Iftherouterdoesnotknowwherethedestinationnetworkis,itforwardsthepackettoitsdefinedgateway,whichrepeatsthe

sameprocess.Eventually,aftertraversingvariousnetworksandbeingpassedthroughvariousrouters,yourpacketarrivesattherouterservingthenetworkwiththewebsiteyouaretryingtoreach.ThisrouterdeterminestheappropriateMACaddressofthedestinationsystemandforwardsthepacketaccordingly.

DNSSECBecauseofthecriticalfunctionDNSperformsandthesecurityimplicationsofDNS,acryptographicallysignedversionofDNSwascreated.DNSSECisanextensionoftheoriginalDNSspecification,makingittrustworthy.DNSisoneofthepillarsofauthorityassociatedwiththeInternet—itprovidestheaddressesusedbymachinesforcommunications.LackoftrustinDNSandtheinabilitytoauthenticateDNSmessagesdrovetheneedforandcreationofDNSSEC.TheDNSSECspecificationwasformallypublishedin2005,butsystem-wideadoptionhasbeenslow.In2008,DanKaminskyintroducedamethodofDNScachepoisoning,demonstratingtheneedforDNSSECadoption.AlthoughKaminskyworkedwithvirtuallyallmajorvendorsandwasbehindoneofthemostcoordinatedpatchrolloutsever,theneedforDNSSECstillremainsandenterprisesareslowtoadoptthenewmethods.Oneofthereasonsforslowadoptioniscomplexity.HavingDNSrequestsandrepliesdigitallysignedrequiressignificantlymoreworkandtheincreaseincomplexitygoesagainstthestabilitydesiresofnetworkengineers.DNSwasdesignedinthe1980swhenthethreatmodelwassubstantially

differentthantoday.TheInternettoday,anditsuseforallkindsofcriticalcommunications,needsatrustworthyaddressingmechanism.DNSSECisthatmechanism,andasitrollsout,itwillsignificantlyincreasetheleveloftrustassociatedwithaddresses.Althoughcertificate-baseddigitalsignaturesarenotperfect,thelevelofefforttocompromisethistypeofprotectionmechanismchangesthenatureoftheattackgame,makingitoutofreachtoallbutthemostresourcedplayers.ThecouplednatureofthetrustchainsinDNSalsoservestoalerttoanyinterveningattacks,makingattacksmuchhardertohide.

IPAddressesandSubnettingThelastsectionmentionedthatIPv4addressesare32-bitnumbers.Those32bitsarerepresentedasfourgroupsof8bitseach(calledoctets).YouwillusuallyseeIPaddressesexpressedasfoursetsofdecimalnumbersindotted-decimalnotation,10.120.102.15forexample.Ofthose32bitsinanIPaddress,someareusedforthenetworkportionoftheaddress(thenetworkID),andsomeareusedforthehostportionoftheaddress(thehostID).Subnettingistheprocessthatisusedtodividethose32bitsinanIPaddressandtellyouhowmanyofthe32bitsarebeingusedforthenetworkIDandhowmanyarebeingusedforthehostID.Asyoucanguess,whereandhowyoudividethe32bitsdetermineshowmanynetworksandhowmanyhostaddressesyoumayhave.Tointerpretthe32-bitspacecorrectly,wemustuseasubnetmask,whichtellsusexactlyhowmuchofthespaceisthenetworkportionandhowmuchisthehostportion.Let’slookatanexampleusingtheIPaddress10.10.10.101withasubnetmaskof255.255.255.0.

TechTip

HowDNSWorksDNSisahierarchicaldistributeddatabasestructureofnamesandaddresses.ThissystemisdelegatedfromrootserverstootherDNSserversthateachmanagelocalrequestsforinformation.Thetoplevelofauthorities,referredtoasauthoritativesources,maintainthecorrectauthoritativerecord.Asrecordschange,theyarepushedoutbetweenDNSservers,sorecordscanbemaintainedinasnearacurrentfashionaspossible.TransfersofDNSrecordsbetweenDNSserversarecalledDNSzonetransfers.Becausethesecanresultinmassivepoisoningattacks,zonetransfersneedtobetightlycontrolledbetweentrustedparties.Toavoidrequestcongestion,DNSresponsesarehandledbyamyriadoflowernameservers,referredtoasresolvers.Resolvershaveacounterthatrefreshestheirrecordafteratimelimithasbeenreached.Undernormaloperation,theDNSfunctionisatwo-stepprocess:

1.TheclientrequestsaDNSrecord.2.TheresolverreplieswithaDNSreply.

Iftheresolverisoutofdate,thestepsexpand:

1.TheclientrequestsaDNSrecord.2.Therecursiveresolverqueriestheauthoritativeserver.3.Theauthoritativeserverrepliestotherecursiveresolver.4.TherecursiveresolverreplieswithaDNSresponsetoclient.ForamoredetailedexplanationofDNS,checkoutDNSforRocketScientists,www.zytrax.com/books/dns/.

Firstwemustconverttheaddressandsubnetmasktotheirbinaryrepresentations:

SubnetMask:11111111.11111111.11111111.00000000IPAddress:00001010.00001010.00001010.01100101

Then,weperformabitwiseANDoperationtogetthenetworkaddress.ThebitwiseANDoperationexamineseachsetofmatchingbitsfromthebinaryrepresentationofthesubnetmaskandthebinaryrepresentationoftheIPaddress.Foreachsetwhereboththemaskandaddressbitsare1,theresultoftheANDoperationisa1.Otherwise,ifeitherbitisa0,theresultisa0.So,forourexampleweget

NetworkAddress:00001010.00001010.00001010.00000000

whichindecimalis10.10.10.0,thenetworkIDofourIPnetworkaddress(translatethebinaryrepresentationtodecimal).ThenetworkIDandsubnetmasktogethertellusthatthefirstthree

octetsofouraddressarenetwork-related(10.10.10.),whichmeansthatthelastoctetofouraddressisthehostportion(101inthiscase).Inourexample,thenetworkportionoftheaddressis10.10.10andthehostportionis101.Anothershortcutinidentifyingwhichofthe32bitsisbeingusedinthenetworkIDistolookatthesubnetmaskafterit’sbeenconvertedtoitsbinaryrepresentation.Ifthere’sa1inthesubnetmask,thenthecorrespondingbitinthebinaryrepresentationoftheIPaddressisbeingusedaspartofthenetworkID.Intheprecedingexample,thesubnetmaskof255.255.255.0inbinaryrepresentationis11111111.11111111.11111111.00000000.Wecanseethatthere’sa1inthefirst24spots,whichmeansthatthefirst24bitsoftheIPaddressare

beingusedasthenetworkID(whichisthefirstthreeoctetsof255.255.255).Networkaddressspacesareusuallydividedintooneofthreeclasses:

ClassASupports16,777,214hostsoneachnetworkwithadefaultsubnetmaskof255.0.0.0Subnets:0.0.0.0to126.255.255.255(127.0.0.0to127.255.255.255isreservedforloopback)

ClassBSupports65,534hostsoneachnetworkwithadefaultsubnetmaskof255.255.0.0Subnets:128.0.0.0to191.255.255.255

ClassCSupports253hostsoneachnetworkwithadefaultsubnetmaskof255.255.255.0(seeFigure9.10)Subnets:192.0.0.0to223.255.255.255

•Figure9.10Asubnetmaskof255.255.255.0indicatesthisisaClassCaddressspace.

Everythingabove224.0.0.0isreservedforeithermulticastingorfutureuse.

TechTip

RFC1918—PrivateAddressSpacesRFC1918isthetechnicalspecificationforprivateaddressspace.RFCstandsfor“RequestforComment”andthereareRFCsforjustabouteverythingtodowiththeInternet—protocols,routing,howtohandlee-mail,andsoon.YoucanfindRFCsatwww.ietf.org/rfc.html.

Inaddition,certainsubnetsarereservedforprivateuseandarenotroutedacrosspublicnetworkssuchastheInternet:

10.0.0.0to10.255.255.255

172.16.0.0to172.31.255.255

192.168.0.0to192.168.255.255

169.254.0.0to169.254.255.255(AutomaticPrivateIPAddressing)

Finally,whendeterminingthevalidhoststhatcanbeplacedonaparticularsubnet,youhavetokeepinmindthatthe“all0’s”addressofthehostportionisreservedforthenetworkaddressandthe“all1’s”addressofthehostportionisreservedforthebroadcastaddressofthatparticularsubnet.Againfromourearlierexample:

SubnetNetworkAddress:10.10.10.000001010.00001010.00001010.00000000

BroadcastAddress:10.10.10.25500001010.00001010.00001010.11111111

Intheirforwardingtables,routersmaintainlistsofnetworksandtheaccompanyingsubnetmask.Withthesetwopieces,theroutercanexamine

thedestinationaddressofeachpacketandthenforwardthepacketontotheappropriatedestination.Asmentionedearlier,subnettingallowsustodividenetworksinto

smallerlogicalunits,andweusesubnetmaskstodothis.Buthowdoesthiswork?RememberthatthesubnetmasktellsushowmanybitsarebeingusedtodescribethenetworkID—adjustingthesubnetmask(andthenumberofbitsusedtodescribethenetworkID)allowsustodivideanaddressspaceintomultiple,smallerlogicalnetworks.Let’ssayyouhaveasingleaddressspaceof192.168.45.0thatyouneedtodivideintomultiplenetworks.Thedefaultsubnetmaskis255.255.255.0,whichmeansyou’reusing24bitsasthenetworkIDand8bitsasthehostID.Thisgivesyou254differenthostaddresses.Butwhatifyouneedmorenetworksanddon’tneedasmanyhostaddresses?Youcansimplyadjustyoursubnetmasktoborrowsomeofthehostbitsandusethemasnetworkbits.Ifyouuseasubnetmaskof255.255.255.224,youareessentially“borrowing”thefirst3bitsfromthespaceyouwereusingtodescribehostIDsandusingthemtodescribethenetworkID.ThisgivesyoumorespacetocreatedifferentnetworksbutmeansthateachnetworkwillnowhavefeweravailablehostIDs.Witha255.255.255.224subnetmask,youcancreatesixdifferentsubnets,buteachsubnetcanonlyhave30uniquehostIDs.Ifyouborrow6bitsfromthehostIDportionanduseasubnetmaskof255.255.255.252,youcancreate62differentnetworksbuteachofthemcanonlyhavetwouniquehostIDs.

TryThis!CalculatingSubnetsandHostsGivenanetworkIDof192.168.10.Xandasubnetmaskof255.255.255.224,youshouldbeabletocreateeightnetworkswithspacefor30hostsoneachnetwork.Calculatethenetworkaddress,thefirstusableIPaddressinthatsubnet,andthelastusableIPaddressinthatsubnet.Hint:Thefirstnetworkwillbe192.168.10.0.ThefirstusableIPaddressinthatsubnetis192.168.10.1andthelastusableIPaddressinthatsubnetis192.168.10.30.

TechTip

DynamicHostConfigurationProtocolWhenanadministratorsetsupanetwork,theyusuallyassignIPaddressestosystemsinoneoftwoways:staticallyorthroughDHCP.AstaticIPaddressassignmentisfairlysimple;theadministratordecideswhatIPaddresstoassigntoaserverorPC,andthatIPaddressstaysassignedtothatsystemuntiltheadministratordecidestochangeit.TheotherpopularmethodisthroughtheDynamicHostConfigurationProtocol(DHCP).UnderDHCP,whenasystembootsuporisconnectedtothenetwork,itsendsoutaquerylookingforaDHCPserver.IfaDHCPserverisavailableonthenetwork,itanswersthenewsystemandtemporarilyassignstothenewsystemanIPaddressfromapoolofdedicated,availableaddresses.DHCPisan“asavailable”protocol—iftheserverhasalreadyallocatedalltheavailableIPaddressesintheDHCPpool,thenewsystemwillnotreceiveanIPaddressandwillnotbeabletoconnecttothenetwork.AnotherkeyfeatureofDHCPistheabilitytolimithowlongasystemmaykeepitsDHCP-assignedIPaddress.DHCPaddresseshavealimitedlifespan,andoncethattimeperiodexpires,thesystemusingthatIPaddressmusteitherrenewuseofthataddressorrequestanotheraddressfromtheDHCPserver.TherequestingsystemeithermayendupwiththesameIPaddressormaybeassignedacompletelynewaddress,dependingonhowtheDHCPserverisconfiguredandonthecurrentdemandforavailableaddresses.DHCPisverypopularinlargeuserenvironmentswherethecostofassigningandtrackingIPaddressesamonghundredsorthousandsofusersystemsisextremelyhigh.

NetworkAddressTranslationIfyou’rethinkingthata32-bitaddressspacethat’schoppedupandsubnettedisn’tenoughtohandleallthesystemsintheworld,you’reright.WhileIPv4addressblocksareassignedtoorganizationssuchascompaniesanduniversities,thereusuallyaren’tenoughInternet-visibleIPaddressestoassigntoeverysystemontheplanetaunique,Internet-routableIPaddress.TocompensateforthislackofavailableIPaddressspace,weuseNetworkAddressTranslation(NAT).NATtranslatesprivate(nonroutable)IPaddressesintopublic(routable)IPaddresses.Fromourdiscussionsearlierinthischapter,youmayrememberthat

certainIPaddressblocksarereservedfor“privateuse,”andyou’dprobablyagreethatnoteverysysteminanorganizationneedsadirect,Internet-routableIPaddress.Actually,forsecurityreasons,it’smuch

betterifmostofanorganization’ssystemsarehiddenfromdirectInternetaccess.MostorganizationsbuildtheirinternalnetworksusingtheprivateIPaddressranges(suchas10.1.1.X)topreventoutsidersfromdirectlyaccessingthoseinternalnetworks.However,inmanycasesthosesystemsstillneedtobeabletoreachtheInternet.ThisisaccomplishedbyusingaNATdevice(typicallyafirewallorrouter)thattranslatesthemanyinternalIPaddressesintooneofasmallnumberofpublicIPaddresses.Forexample,considerafictitiouscompany,ACME.com.ACMEhas

severalthousandinternalsystemsusingprivateIPaddressesinthe10.X.X.Xrange.ToallowthoseIPstocommunicatewiththeoutsideworld,ACMEleasesanInternetconnectionandafewpublicIPaddresses,anddeploysaNAT-capabledevice.ACMEadministratorsconfigurealltheirinternalhoststousetheNATdeviceastheirdefaultgateway.Wheninternalhostsneedtosendpacketsoutsidethecompany,theysendthemtotheNATdevice.TheNATdeviceremovestheinternalsourceIPaddressoutoftheoutboundpacketsandreplacesitwiththeNATdevice’spublic,routableaddressandsendsthemontheirway.Whenresponsepacketsarereceivedfromoutsidesources,thedeviceperformsNATinreverse,strippingofftheexternal,publicIPaddressinthedestinationaddressfieldandreplacingitwiththecorrectinternal,privateIPaddressinthedestinationaddressfieldandreplacingitwiththecorrectinternal,privateIPaddressbeforesendingitonintotheprivateACME.comnetwork.Figure9.11illustratesthisNATprocess.

•Figure9.11LogicaldepictionofNAT

TechTip

DifferentApproachesforImplementingNATWhiletheconceptofNATremainsthesame,thereareactuallyseveraldifferentapproachestoimplementingNAT.Forexample:

StaticNATMapsaninternal,privateaddresstoanexternal,publicaddress.Thesamepublicaddressisalwaysusedforthatprivateaddress.Thistechniqueisoftenusedwhenhostingsomethingyouwishthepublictobeabletogetto,suchasawebserver,behindafirewall.

DynamicNATMapsaninternal,privateIPaddresstoapublicIPaddressselectedfromapoolofregistered(public)IPaddresses.Thistechniqueisoftenusedwhentranslatingaddressesforend-userworkstationsandtheNATdevicemustkeeptrackofinternal/externaladdressmappings.

PortAddressTranslation(PAT)Allowsmanydifferentinternal,privateaddressestoshareasingleexternalIPaddress.DevicesperformingPATreplacethesourceIPaddress

withtheNATIPaddressandreplacethesourceportfieldwithaportfromanavailableconnectionpool.PATdeviceskeepatranslationtabletotrackwhichinternalhostsareusingwhichportssothatsubsequentpacketscanbestampedwiththesameportnumber.Whenresponsepacketsarereceived,thePATdevicereversestheprocessandforwardsthepackettothecorrectinternalhost.PATisaverypopularNATtechniqueandinuseatmanyorganizations.

InFigure9.11,weseeanexampleofNATbeingperformed.Aninternalworkstation(10.10.10.12)wantstovisittheESPNwebsiteatwww.espn.com(68.71.212.159).WhenthepacketreachestheNATdevice,thedevicetranslatesthe10.10.10.12sourceaddresstothegloballyroutable63.69.110.110address,theIPaddressofthedevice’sexternallyvisibleinterface.WhentheESPNwebsiteresponds,itrespondstothedevice’saddressjustasiftheNATdevicehadoriginallyrequestedtheinformation.TheNATdevicemustthenrememberwhichinternalworkstationrequestedtheinformationandroutethepackettotheappropriatedestination.

SecurityZonesThefirstaspectofsecurityisalayereddefense.Justasacastlehasamoat,anoutsidewall,aninsidewall,andevenakeep,so,too,doesamodernsecurenetworkhavedifferentlayersofprotection.Differentzonesaredesignedtoprovidelayersofdefense,withtheoutermostlayersprovidingbasicprotectionandtheinnermostlayersprovidingthehighestlevelofprotection.Aconstantissueisthataccessibilitytendstobeinverselyrelatedtolevelofprotection,soitismoredifficulttoprovidecompleteprotectionandunfetteredaccessatthesametime.Trade-offsbetweenaccessandsecurityarehandledthroughzones,withsuccessivezonesguardedbyfirewallsenforcingever-increasinglystrictsecuritypolicies.TheoutermostzoneistheInternet,afreearea,beyondanyspecificcontrols.Betweentheinner,securecorporatenetworkandtheInternetisanareawheremachinesareconsideredatrisk.ThiszonehascometobecalledtheDMZ,afteritsmilitarycounterpart,thedemilitarizedzone,

whereneithersidehasanyspecificcontrols.Onceinsidetheinner,securenetwork,separatebranchesarefrequentlycarvedouttoprovidespecificfunctionality;underthisheading,wewillalsodiscussintranets,extranets,flatnetworks,enclaves,virtualLANs(VLANs),andzonesandconduits.

DMZTheDMZisamilitarytermforgroundseparatingtwoopposingforces,byagreementandforthepurposeofactingasabufferbetweenthetwosides.ADMZinacomputernetworkisusedinthesameway;itactsasabufferzonebetweentheInternet,wherenocontrolsexist,andtheinner,securenetwork,whereanorganizationhassecuritypoliciesinplace(seeFigure9.12).Todemarcatethezonesandenforceseparation,afirewallisusedoneachsideoftheDMZ.Theareabetweenthesefirewallsisaccessiblefromeithertheinner,securenetworkortheInternet.Figure9.12illustratesthesezonesascausedbyfirewallplacement.ThefirewallsarespecificallydesignedtopreventaccessacrosstheDMZdirectly,fromtheInternettotheinner,securenetwork.ItisimportanttonotethattypicallyonlyfilteredInternettrafficisallowedintotheDMZ.Forexample,anorganizationhostingawebserverandanFTPserverinitsDMZmaywantthepublictobeableto“see”thoseservicesbutnothingelse.InthatcasethefirewallmayallowFTP,HTTP,andHTTPStrafficintotheDMZfromtheInternetandthenfilterouteverythingelse.

•Figure9.12TheDMZandzonesoftrust

SpecialattentionshouldbepaidtothesecuritysettingsofnetworkdevicesplacedintheDMZ,andtheyshouldbeconsideredatalltimestobeatriskforcompromisebyunauthorizeduse.Acommonindustryterm,hardenedoperatingsystem,appliestomachineswhosefunctionalityislockeddowntopreservesecurity—unnecessaryservicesandsoftwareareremovedordisabled,functionsarelimited,andsoon.ThisapproachneedstobeappliedtothemachinesintheDMZ,andalthoughitmeansthattheirfunctionalityislimited,suchprecautionsensurethatthemachineswillworkproperlyinaless-secureenvironment.Manytypesofserversbelonginthisarea,includingwebserversthatare

servingcontenttoInternetusers,aswellasremoteaccessserversandexternale-mailservers.Ingeneral,anyserverdirectlyaccessedfromtheoutside,untrustedInternetzoneneedstobeintheDMZ.OtherserversshouldnotbeplacedintheDMZ.Domainnameserversforyourinner,

trustednetworkanddatabaseserversthathousecorporatedatabasesshouldnotbeaccessiblefromtheoutside.Applicationservers,fileservers,printservers—allofthestandardserversusedinthetrustednetwork—shouldbebehindbothfirewallsandtheroutersandswitchesusedtoconnectthesemachines.TheideabehindtheuseoftheDMZtopologyistoprovidepublicly

visibleserviceswithoutallowinguntrustedusersaccesstoyourinternalnetwork.Iftheoutsideusermakesarequestforaresourcefromthetrustednetwork,suchasadataelementfromaninternaldatabasethatisaccessedviaapubliclyvisiblewebpageintheDMZ,thenthisrequestneedstofollowthisscenario:

1.Auserfromtheuntrustednetwork(theInternet)requestsdataviaawebpagefromawebserverintheDMZ.

2.ThewebserverintheDMZrequeststhedatafromtheapplicationserver,whichcanbeintheDMZorintheinner,trustednetwork.

3.Theapplicationserverrequeststhedatafromthedatabaseserverinthetrustednetwork.

4.Thedatabaseserverreturnsthedatatotherequestingapplicationserver.

5.Theapplicationserverreturnsthedatatotherequestingwebserver.6.Thewebserverreturnsthedatatotherequestinguserfromthe

untrustednetwork.

ExamTip:DMZsactasabufferzonebetweenunprotectedareasofanetwork(theInternet)andprotectedareas(sensitivecompanydatastores),allowingforthemonitoringandregulationoftrafficbetweenthesetwozones.

Thisseparationaccomplishestwospecific,independenttasks.First,theuserisseparatedfromtherequestfordataonasecurenetwork.Byhaving

intermediariesdotherequesting,thislayeredapproachallowssignificantsecuritylevelstobeenforced.Usersdonothavedirectaccessorcontrolovertheirrequests,andthisfilteringprocesscanputcontrolsinplace.Second,scalabilityismoreeasilyrealized.Themultiple-serversolutioncanbemadetobeveryscalable,literallytomillionsofusers,withoutslowingdownanyparticularlayer.

InternetTheInternetisaworldwideconnectionofnetworksandisusedtotransporte-mail,files,financialrecords,remoteaccess—younameit—fromonenetworktoanother.TheInternetisnotasinglenetwork,butaseriesofinterconnectednetworksthatallowsprotocolstooperateandenabledatatoflowacrossit.Thismeansthatevenifyournetworkdoesn’thavedirectcontactwitharesource,aslongasaneighbor,oraneighbor’sneighbor,andsoon,cangetthere,socanyou.Thislargeweballowsusersalmostinfiniteabilitytocommunicatebetweensystems.

Thereareover3.2billionusersontheInternet,andEnglishisthemostusedlanguage.

Becauseeverythingandeveryonecanaccessthisinterconnectedwebanditisoutsideofyourcontrolandabilitytoenforcesecuritypolicies,theInternetshouldbeconsideredanuntrustednetwork.AfirewallshouldexistatanyconnectionbetweenyourtrustednetworkandtheInternet.ThisisnottoimplythattheInternetisabadthing—itisagreatresourceforallnetworksandaddssignificantfunctionalitytoourcomputingenvironments.ThetermWorldWideWeb(WWW)isfrequentlyusedsynonymously

torepresenttheInternet,buttheWWWisactuallyjustonesetofservicesavailableviatheInternet.WWWor“theWeb”ismorespecificallytheHypertextTransferProtocol(HTTP)–basedservicesthataremade

availableovertheInternet.Thiscanincludeavarietyofactualservicesandcontent,includingtextfiles,pictures,streamingaudioandvideo,andevenvirusesandworms.

IntranetAnintranetdescribesanetworkthathasthesamefunctionalityastheInternetforusersbutliescompletelyinsidethetrustedareaofanetworkandisunderthesecuritycontrolofthesystemandnetworkadministrators.Typicallyreferredtoascampusorcorporatenetworks,intranetsareusedeverydayincompaniesaroundtheworld.Anintranetallowsadeveloperandauserthefullsetofprotocols—HTTP,FTP,instantmessaging,andsoon—thatisofferedontheInternet,butwiththeaddedadvantageoftrustfromthenetworksecurity.ContentonintranetwebserversisnotavailableovertheInternettountrustedusers.Thislayerofsecurityoffersasignificantamountofcontrolandregulation,allowinguserstofulfillbusinessfunctionalitywhileensuringsecurity.Twomethodscanbeusedtomakeinformationavailabletooutside

users:DuplicationofinformationontomachinesintheDMZcanmakeitavailabletootherusers.Propersecuritychecksandcontrolsshouldbemadepriortoduplicatingthematerialtoensuresecuritypoliciesconcerningspecificdataavailabilityarebeingfollowed.Alternatively,extranets(discussedinthenextsection)canbeusedtopublishmaterialtotrustedpartners.

ExamTip:Anintranetisaprivate,internalnetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestoorganizationalusers.

ShouldusersinsidetheintranetrequireaccesstoinformationfromtheInternet,aproxyservercanbeusedtomasktherequestor’slocation.This

helpssecuretheintranetfromoutsidemappingofitsactualtopology.AllInternetrequestsgototheproxyserver.Ifarequestpassesfilteringrequirements,theproxyserver,assumingitisalsoacacheserver,looksinitslocalcacheofpreviouslydownloadedwebpages.Ifitfindsthepageinitscache,itreturnsthepagetotherequestorwithoutneedingtosendtherequesttotheInternet.Ifthepageisnotinthecache,theproxyserver,actingasaclientonbehalfoftheuser,usesoneofitsownIPaddressestorequestthepagefromtheInternet.Whenthepageisreturned,theproxyserverrelatesittotheoriginalrequestandforwardsitontotheuser.Thismaskstheuser’sIPaddressfromtheInternet.Proxyserverscanperformseveralfunctionsforafirm;forexample,theycanmonitortrafficrequests,eliminatingimproperrequestssuchasinappropriatecontentforwork.Theycanalsoactasacacheserver,cuttingdownonoutsidenetworkrequestsforthesameobject.Finally,proxyserversprotecttheidentityofinternalIPaddressesusingNAT,althoughthisfunctioncanalsobeaccomplishedthrougharouterorfirewallusingNATaswell.

ExtranetAnextranetisanextensionofaselectedportionofacompany’sintranettoexternalpartners.Thisallowsabusinesstoshareinformationwithcustomers,suppliers,partners,andothertrustedgroupswhileusingacommonsetofInternetprotocolstofacilitateoperations.Extranetscanusepublicnetworkstoextendtheirreachbeyondacompany’sowninternalnetwork,andsomeformofsecurity,typicallyVPN,isusedtosecurethischannel.Theuseofthetermextranetimpliesbothprivacyandsecurity.Privacyisrequiredformanycommunications,andsecurityisneededtopreventunauthorizeduseandeventsfromoccurring.Bothofthesefunctionscanbeachievedthroughtheuseoftechnologiesdescribedinthischapterandotherchaptersinthisbook.Properfirewallmanagement,remoteaccess,encryption,authentication,andsecuretunnelsacrosspublicnetworksareallmethodsusedtoensureprivacyandsecurityforextranets.

ExamTip:Anextranetisasemiprivatenetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestobusinesspartners.Extranetscanbeaccessedbymorethanonecompany,becausetheyshareinformationbetweenorganizations.

FlatNetworksAsnetworkshavebecomemorecomplex,withmultiplelayersoftiersandinterconnections,aproblemcanariseinconnectivity.OneofthelimitationsoftheSpanningTreeProtocol(STP)isitsinabilitytomanageLayer2trafficefficientlyacrosshighlycomplexnetworks.STPwascreatedtopreventloopsinLayer2networksandhasbeenimprovedtothecurrentversionofRapidSpanningTreeProtocol(RSTP).RSTPcreatesaspanningtreewithinthenetworkofLayer2switches,disablinglinksthatarenotpartofthespanningtree.RSTP,IEEE802.1w,providesamorerapidconvergencetoanewspanningtreesolutionaftertopologychangesaredetected.Theproblemwiththespanningtreealgorithmsisthatthenetworktrafficisinterruptedwhilethesystemrecalculatesandreconfigures.Thesedisruptionscancauseproblemsinnetworkefficienciesandhaveledtoapushforflatnetworkdesigns,whichavoidpacket-loopingissuesthroughanarchitecturethatdoesnothavetiers.Onenameassociatedwithflatnetworktopologiesisnetworkfabric,a

termmeanttodescribeaflat,depthlessnetwork.Thesearebecomingincreasinglypopularindatacenters,andotherareasofhightrafficdensity,astheycanofferincreasedthroughputandlowerlevelsofnetworkjitterandotherdisruptions.Whilethisisgoodforefficiencyofnetworkoperations,this“everyonecantalktoeveryone”ideaisproblematicwithrespecttosecurity.

Enclaves

Modernnetworks,withtheirincreasinglycomplexconnections,resultinsystemswherenavigationcanbecomecomplexbetweennodes.JustasaDMZ-basedarchitectureallowsfordifferinglevelsoftrust,theisolationofspecificpiecesofthenetworkusingsecurityrulescanprovidedifferingtrustenvironments.Theconceptofbreakinganetworkintoenclavescancreateareasoftrustwherespecialprotectionscanbeemployedandtrafficfromoutsidetheenclaveislimitedorproperlyscreenedbeforeadmission.Enclavesarenotdiametricallyopposedtotheconceptofaflatnetwork

structure;theyarejustcarved-outareas,likegatedneighborhoods,whereoneneedsspecialcredentialstoenter.Avarietyofsecuritymechanismscanbeemployedtocreateasecureenclave.Layer2addressing(subnetting)canbeemployed,makingdirectaddressabilityanissue.Firewalls,routers,andapplication-levelproxiescanbeemployedtoscreenpacketsbeforeentryorexitfromtheenclave.Eventhepeoplesideofthesystemcanberestrictedthroughtheuseofaspecialsetofsysadminstomanagethesystems.Enclavesareanimportanttoolinmodernsecurenetworkdesign.Figure

9.13showsanetworkdesignwithastandardtwo-firewallimplementationofaDMZ.Ontheinternalsideofthenetwork,multiplefirewallscanbeseen,carvingoffindividualsecurityenclaves,zoneswherethesamesecurityrulesapply.Commonenclavesincludethoseforhigh-securitydatabases,low-securityusers(callcenters),public-facingkiosks,andthemanagementinterfacestoserversandnetworkdevices.Havingeachoftheseinitsownzoneprovidesformoresecuritycontrol.Onthemanagementlayer,usinganonroutableIPaddressschemeforalloftheinterfacespreventsthemfrombeingdirectlyaccessedfromtheInternet.

•Figure9.13Secureenclaves

VLANsALANisasetofdeviceswithsimilarfunctionalityandsimilarcommunicationneeds,typicallyco-locatedandoperatedoffasingleswitch.Thisisthelowestlevelofanetworkhierarchyanddefinesthedomainforcertainprotocolsatthedatalinklayerforcommunication.AvirtualLAN(VLAN)isalogicalimplementationofaLANandallowscomputersconnectedtodifferentphysicalnetworkstoactandcommunicateasiftheywereonthesamephysicalnetwork.AVLANhasmanyofthesamecharacteristicattributesofaLANandbehavesmuchlikeaphysicalLANbutisimplementedusingswitchesandsoftware.Thisverypowerfultechniqueallowssignificantnetworkflexibility,scalability,andperformanceandallowsadministratorstoperformnetworkreconfigurationswithouthavingtophysicallyrelocateorrecablesystems.

ExamTip:Abroadcastdomainisalogicaldivisionofacomputernetwork.Systemsconnectedtoabroadcastdomaincancommunicatewitheachotherasiftheywereconnectedtothesamephysicalnetworkevenwhentheyarenot.

TrunkingTrunkingistheprocessofspanningasingleVLANacrossmultipleswitches.Atrunk-basedconnectionbetweenswitchesallowspacketsfromasingleVLANtotravelbetweenswitches,asshowninFigure9.14.Twotrunksareshowninthefigure:VLAN10isimplementedwithonetrunkandVLAN20isimplementedwiththeother.HostsondifferentVLANscannotcommunicateusingtrunksandthusareswitchedacrosstheswitchnetwork.TrunksenablenetworkadministratorstosetupVLANsacrossmultipleswitcheswithminimaleffort.WithacombinationoftrunksandVLANs,networkadministratorscansubnetanetworkbyuserfunctionalitywithoutregardtohostlocationonthenetworkortheneedtorecablemachines.

•Figure9.14VLANsandtrunks

SecurityImplicationsVLANsareusedtodivideasinglenetworkintomultiplesubnetsbasedonfunctionality.Thispermitsaccountingandmarketing,forexample,toshareaswitchbecauseofproximityyetstillhaveseparatetrafficdomains.Thephysicalplacementofequipmentandcablesislogicallyandprogrammaticallyseparatedsothatadjacentportsonaswitchcanreferenceseparatesubnets.Thispreventsunauthorizeduseofphysically

closedevicesthroughseparatesubnetsthatareonthesameequipment.VLANsalsoallowanetworkadministratortodefineaVLANthathasnousersandmapalloftheunusedportstothisVLAN(somemanagedswitchesallowadministratorstosimplydisableunusedportsaswell).Then,ifanunauthorizedusershouldgainaccesstotheequipment,thatuserwillbeunabletouseunusedports,asthoseportswillbesecurelydefinedtonothing.BothapurposeandasecuritystrengthofVLANsisthatsystemsonseparateVLANscannotdirectlycommunicatewitheachother.

TrunksandVLANshavesecurityimplicationsthatyouneedtoheedsothatfirewallsandothersegmentationdevicesarenotbreachedthroughtheiruse.YoualsoneedtounderstandhowtousetrunksandVLANs,topreventanunauthorizeduserfromreconfiguringthemtogainundetectedaccesstosecureportionsofanetwork.

ZonesandConduitsThetermszonesandconduitshavespecializedmeaningincontrolsystemnetworks.Controlsystemsarethecomputersusedtocontrolphysicalprocesses,rangingfromtrafficlightstorefineries,manufacturingplants,criticalinfrastructure,andmore.ThesenetworksarenowbeingattachedtoenterprisenetworksandthiswillresultintheinclusionofcontrolsystemnetworkterminologyintoIT/network/securityoperationsterminology.Atermcommonlyusedincontrolsystemnetworksiszone.Azoneisagroupingofelementsthatsharecommonsecurityrequirements.Aconduitisdefinedasthepathfortheflowofdatabetweenzones.Zonesaresimilartoenclavesinthattheyhaveadefinedsetofcommon

securityrequirementsthatdifferfromoutsidethezone.Thezoneismarkedonadiagram,indicatingtheboundarybetweenwhatisinandoutsidethezone.Alldataflowsinoroutofazonemustbebyadefinedconduit.Theconduitallowsameanstofocusthesecurityfunctiononthe

dataflows,ensuringtheappropriateconditionsaremetbeforedataentersorleavesazone.

TunnelingTunnelingisamethodofpackagingpacketssothattheycantraverseanetworkinasecure,confidentialmanner.Tunnelinginvolvesencapsulatingpacketswithinpackets,enablingdissimilarprotocolstocoexistinasinglecommunicationstream,asinIPtrafficroutedoveranAsynchronousTransferMode(ATM)network.Tunnelingalsocanprovidesignificantmeasuresofsecurityandconfidentialitythroughencryptionandencapsulationmethods.ThebestexampleofthisisaVPNthatisestablishedoverapublicnetworkthroughtheuseofatunnel,asshowninFigure9.15,connectingafirm’sBostonofficetoitsNewYorkCity(NYC)office.

•Figure9.15Tunnelingacrossapublicnetwork

Assume,forexample,thatacompanyhasmultiplelocationsanddecidestousethepublicInternettoconnectthenetworksattheselocations.Tomaketheseconnectionssecurefromoutsideunauthorizeduse,thecompanycanemployaVPNconnectionbetweenthedifferentnetworks.Oneachnetwork,anedgedevice,usuallyarouterorVPNconcentrator,connectstoanotheredgedeviceontheothernetwork.Then,usingIPsecprotocols,theseroutersestablishasecure,encryptedpathbetweenthem.

Thissecurelyencryptedsetofpacketscannotbereadbyoutsiderouters;onlytheaddressesoftheedgeroutersarevisible.ThisarrangementactsasatunnelacrossthepublicInternetandestablishesaprivateconnection,securefromoutsidesnoopingoruse.Becauseofeaseofuse,low-costhardware,andstrongsecurity,tunnels

andtheInternetareacombinationthatwillseemoreuseinthefuture.IPsec,VPN,andtunnelswillbecomeamajorsetoftoolsforusersrequiringsecurenetworkconnectionsacrosspublicsegmentsofnetworks.FormoreinformationonVPNsandremoteaccess,refertoChapter11.

AVPNconcentratorisaspecializedpieceofhardwaredesignedtohandletheencryptionanddecryptionrequiredforremote,secureaccesstoanorganization’snetwork.

StorageAreaNetworksStorageareanetworks(SANs)aresystemswhichprovideremotestorageofdataacrossanetworkconnection.ThedesignofSANprotocolsissuchthatthediskappearstoactuallybeontheclientmachineasalocaldriveratherthanasattachedstorage,asinnetworkattachedstorage(NAS).Thismakesthediskvisibleindiskandvolumemanagementutilitiesandallowstheirfunctionality.CommonSANprotocolsincludeiSCSIandFibreChannel.

iSCSITheInternetSmallComputerSystemInterface(iSCSI)isaprotocolforIP-basedstorage.iSCSIcanbeusedtosenddataoverexistingnetworkinfrastructures,enablingSANs.Positionedasalow-costalternativetoFibreChannelstorage,theonlyreallimitationisoneofnetworkbandwidth.

FibreChannelFibreChannel(FC)isahigh-speednetworktechnology(withthroughputupto16Gbps)usedtoconnectstoragetocomputersystems.TheFCprotocolisatransportprotocolsimilartotheTCPprotocolinIPnetworks.Carriedviaspecialcables,oneofthedrawbacksofFC-basedstorageiscost.

FCoETheFibreChanneloverEthernet(FCoE)protocolencapsulatestheFCframes,enablingFCcommunicationover10-GigabitEthernetnetworks.

Chapter9Review

ForMoreInformationNetworkingCompTIANetwork+CertificationAll-in-OneExamGuide,PremiumFifthEdition,McGraw-Hill,2014

TheInternetEngineeringTaskForcewww.ietf.org

Wikipediaarticles:Routinghttp://en.wikipedia.org/wiki/RoutingNAThttp://en.wikipedia.org/wiki/Network_address_translationICMPhttp://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

Subnettinghttp://en.wikipedia.org/wiki/Subnetting

LabManualExercisesThefollowinglabexercisesfromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providepracticalapplicationofmaterialcoveredinthischapter:

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutnetworks.

Identifythebasicnetworkarchitectures

Therearetwobroadcategoriesofnetworks:LANsandWANs.

Thephysicalarrangementofanetworkistypicallycalledthenetwork’stopology.

Therearefourmaintypesofnetworktopologies:ring,bus,star,andmixed.

Definethebasicnetworkprotocols

Protocols,agreed-uponformatsforexchangingortransmittingdatabetweensystems,enablecomputerstocommunicate.

Whendataistransmittedoveranetwork,itisusuallybrokenupintosmallerpiecescalledpackets.

Mostprotocolsdefinethetypesandformatforpacketsusedinthatprotocol.

TCPisconnectionoriented,requiresthethree-wayhandshaketoinitiateaconnection,andprovidesguaranteedandreliabledatadelivery.

UDPisconnectionless,lightweight,andprovideslimitederrorcheckingandnodeliveryguarantee.

EachnetworkdevicehasauniquehardwareaddressknownasaMACaddress.TheMACaddressisusedforpacketdelivery.

Networkdevicesarealsotypicallyassigneda32-bitnumberknownasanIPaddress.

TheDomainNameService(DNS)translatesnames,likewww.cnn.com,intoIPaddresses.

Explainroutingandaddresstranslation

Theprocessofmovingpacketsfromoneenddevicetoanotherthroughdifferentnetworksiscalledrouting.

Subnettingistheprocessofdividinganetworkaddressspaceintosmallernetworks.

DHCPallowsnetworkdevicestobeautomaticallyconfiguredonanetworkandtemporarilyassignedanIPaddress.

NetworkAddressTranslation(NAT)convertsprivate,internalIPaddressestopublic,routableIPaddressesandviceversa.

Classifysecurityzones

ADMZisabufferzonebetweennetworkswithdifferenttrustlevels.CompaniesoftenplacepublicresourcesinaDMZsothatInternetusersandinternalusersmayaccessthoseresourceswithoutexposingtheinternalcompanynetworktotheInternet.

Anintranetisaprivate,internalnetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestoorganizationalusers.

Anextranetisasemiprivatenetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestobusinesspartners.

Anenclaveisaspecializedsecurityzonewithcommonsecurityrequirements.

AVLAN(orvirtualLAN)isagroupofportsonaswitchthatisconfiguredtocreatealogicalnetworkofcomputerthatappearstobeconnectedtothesamenetworkeveniftheyarelocatedondifferentphysicalnetworksegments.SystemsonaVLANcancommunicatewitheachotherbutcannotcommunicatedirectlywithsystemsonotherVLANs.

TrunkingistheprocessofspanningasingleVLANacrossmultipleswitches.

Tunnelingisamethodofpackagingpacketssothattheycantraverseanetworkinasecure,confidentialmanner.

KeyTermsAddressResolutionProtocol(ARP)(234)bustopology(222)datagram(226)denial-of-service(DoS)(229)

DomainNameSystem(DNS)(235)DMZ(240)DynamicHostConfigurationProtocol(DHCP)(238)enclave(243)Ethernet(233)extranet(243)flatnetwork(243)InternetControlMessageProtocol(ICMP)(229)InternetProtocol(IP)(226)intranet(242)localareanetwork(LAN)(221)MediaAccessControl(MAC)address(233)NetworkAddressTranslation(NAT)(238)network(220)packet(225)protocol(223)ringtopology(222)routing(235)startopology(222)storageareanetwork(SAN)(221)subnetting(236)subnetmask(236)three-wayhandshake(228)topology(222)TransmissionControlProtocol(TCP)(228)trunking(245)tunneling(246)UserDatagramProtocol(UDP)(228)virtuallocalareanetwork(VLAN)(222)wideareanetwork(WAN)(221)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.A(n)_______________isagroupoftwoormoredeviceslinkedtogethertosharedata.

2.ApacketinanIPnetworkissometimescalleda(n)_______________.

3.Movingpacketsfromsourcetodestinationacrossmultiplenetworksiscalled____________.

4.The_______________isthehardwareaddressusedtouniquelyidentifyeachdeviceonanetwork.

5.A(n)_______________tellsyouwhatportionofa32-bitIPaddressisbeingusedasthenetworkIDandwhatportionisbeingusedasthehostID.

6.Theshapeorarrangementofanetwork,suchasbus,star,ring,ormixed,isknownasthe_______________ofthenetwork.

7.Asmall,typicallylocalnetworkcoveringarelativelysmallareasuchasasinglefloorofanofficebuildingiscalleda(n)_______________.

8.A(n)_______________isanagreed-uponformatforexchanginginformationbetweensystems.

9.Thepacketexchangesequence(SYN,SYN/ACK,ACK)thatinitiatesaTCPconnectioniscalledthe_______________.

10._______________istheprotocolthatallowstheuseofprivate,internalIPaddressesforinternaltrafficandpublicIPaddressesforexternaltraffic.

Multiple-ChoiceQuiz1.WhatisLayer1oftheOSImodelcalled?

A.Thephysicallayer

B.Thenetworklayer

C.Theinitiallayer

D.Thepresentationlayer

2.TheUDPprotocol:A.Providesexcellenterror-checkingalgorithms

B.Isaconnectionlessprotocol

C.Guaranteesdeliveryofpackets

D.Requiresapermanentconnectionbetweensourceanddestination

3.TheprocessthatdynamicallyassignsanIPaddresstoanetworkdeviceiscalled:

A.NAT

B.DNS

C.DHCP

D.Routing

4.Whatisthethree-wayhandshakesequenceusedtoinitiateTCPconnections?

A.ACK,SYN/ACK,ACK

B.SYN,SYN/ACK,ACK

C.SYN,SYN,ACK/ACK

D.ACK,SYN/ACK,SYN

5.Whichofthefollowingisacontrolandinformationprotocolusedbynetworkdevicestodeterminesuchthingsasaremotenetwork’savailabilityandthelengthoftimerequiredtoreacharemotenetwork?

A.UDP

B.NAT

C.TCP

D.ICMP

6.WhatisthenameoftheprotocolthattranslatesnamesintoIPaddresses?

A.TCP

B.DNS

C.ICMP

D.DHCP

7.Dividinganetworkaddressspaceintosmaller,separatenetworksiscalledwhat?

A.Translating

B.Networkconfiguration

C.Subnetting

D.Addresstranslation

8.Whichprotocoltranslatesprivate(nonroutable)IPaddressesintopublic(routable)IPaddresses?

A.NAT

B.DHCP

C.DNS

D.ICMP

9.TheTCPprotocol:A.Isconnectionless

B.Providesnoerrorchecking

C.Allowsforpacketstobeprocessedintheordertheyweresent

D.Hasnooverhead

10.WhichofthefollowingwouldbeavalidMACaddress?A.00:07:e9

B.00:07:e9:7c:c8

C.00:07:e9:7c:c8:aa

D.00:07:e9:7c:c8:aa:ba

EssayQuiz1.Adeveloperinyourcompanyisbuildinganewapplicationandhas

askedyouifitshoulduseTCP-orUDP-basedcommunications.Provideherwithabriefdiscussionoftheadvantagesanddisadvantagesofeachprotocol.

2.YourbosswantstoknowifDHCPisappropriateforbothserverandPCenvironments.ProvideherwithyouropinionandbesuretoincludeadiscussionofhowDHCPworks.

3.Describethethreebasictypesofnetworktopologiesandprovideasamplediagramofeachtype.

4.Describethethree-wayhandshakeprocessusedtoinitiateTCP

connections.

5.Yourbosswantstoknowhowsubnettingworks.Provideherwithabriefdescriptionandbesuretoincludeanexampletoillustratehowsubnettingworks.

LabProjects

•LabProject9.1Aclientofyoursonlyhasfiveexternal,routableIPaddressesbuthasover50systemsthatitwantstobeabletoreachtheInternetforwebsurfing,e-mail,andsoon.Designanetworksolutionfortheclientthataddressestheirimmediateneedsbutwillstillletthemgrowinthefuture.

•LabProject9.2Yourbosswantsyoutolearnhowtousethearpandnslookupcommands.FindaWindowsmachineandopenacommand/DOSprompt.TypeinarpandpressENTERtoseetheoptionsforthearpcommand.UsethearpcommandtofindtheMACaddressofyoursystemandatleastfiveothersystemsonyournetwork.Whenyouarefinishedwitharp,typeinnslookupandpressENTER.Attheprompt,typeinthenameofyourfavoritewebsite,suchaswww.cnn.com.ThenslookupcommandwillreturntheIPaddressesthatmatchthatdomainname.FindtheIPaddressesofatleastfivedifferentwebsites.

chapter10 InfrastructureSecurity

Thehigheryourstructureistobe,thedeepermustbeitsfoundation.

—SAINTAUGUSTINE

I

Inthischapter,youwilllearnhowto

Constructnetworksusingdifferenttypesofnetworkdevices

Enhancesecurityusingsecuritydevices

EnhancesecurityusingNAC/NAPmethodologies

Identifythedifferenttypesofmediausedtocarrynetworksignals

Describethedifferenttypesofstoragemediausedtostoreinformation

Usebasicterminologyassociatedwithnetworkfunctionsrelatedtoinformationsecurity

Describethedifferenttypesandusesofcloudcomputing

nfrastructuresecuritybeginswiththedesignoftheinfrastructureitself.Theproperuseofcomponentsimprovesnotonlyperformancebutsecurityaswell.Networkcomponentsarenotisolatedfromthe

computingenvironmentandareanessentialaspectofatotalcomputingenvironment.Fromtherouters,switches,andcablesthatconnectthedevices,tothefirewallsandgatewaysthatmanagecommunication,fromthenetworkdesign,totheprotocolsthatareemployed—alltheseitemsplayessentialrolesinbothperformanceandsecurity.

DevicesAcompletenetworkcomputersolutionintoday’sbusinessenvironmentconsistsofmorethanjustclientcomputersandservers.Devicesareneededtoconnecttheclientsandserversandtoregulatethetrafficbetweenthem.Devicesarealsoneededtoexpandthisnetworkbeyondsimpleclientcomputersandserverstoincludeyetotherdevices,suchaswirelessandhandheldsystems.Devicescomeinmanyformsandwithmanyfunctions,fromhubsandswitches,torouters,wirelessaccesspoints,andspecial-purposedevicessuchasvirtualprivatenetwork(VPN)devices.Eachdevicehasaspecificnetworkfunctionandplaysaroleinmaintaining

networkinfrastructuresecurity.

CrossCheckTheImportanceofAvailabilityInChapter2,weexaminedtheCIAofsecurity:confidentiality,integrity,andavailability.Unfortunately,theavailabilitycomponentisoftenoverlooked,eventhoughavailabilityiswhathasmovedcomputingintothemodernnetworkedframeworkandplaysasignificantroleinsecurity.Securityfailurescanoccurintwoways.First,afailurecanallowunauthorizedusersaccessto

resourcesanddatatheyarenotauthorizedtouse,compromisinginformationsecurity.Second,afailurecanpreventauserfromaccessingresourcesanddatatheuserisauthorizedtouse.Thissecondfailureisoftenoverlooked,butitcanbeasseriousasthefirst.Theprimarygoalofnetworkinfrastructuresecurityistoallowallauthorizeduseanddenyallunauthorizeduseofresources.

WorkstationsMostusersarefamiliarwiththeclientcomputersusedintheclient/servermodelcalledworkstationdevices.Theworkstationisthemachinethatsitsonthedesktopandisusedeverydayforsendingandreadinge-mail,creatingspreadsheets,writingreportsinawordprocessingprogram,andplayinggames.Ifaworkstationisconnectedtoanetwork,itisanimportantpartofthesecuritysolutionforthenetwork.Manythreatstoinformationsecuritycanstartataworkstation,butmuchcanbedoneinafewsimplestepstoprovideprotectionfrommanyofthesethreats.

CrossCheckWorkstationsandServersServersandworkstationsarekeynodesonnetworks.ThespecificsforsecuringthesedevicesarescoveredinChapter14.

ServersServersarethecomputersinanetworkthathostapplicationsanddataforeveryonetoshare.Serverscomeinmanysizes,fromsmallsingle-CPUboxesthatmaybelesspowerfulthanaworkstation,tomultiple-CPUmonsters,uptoandincludingmainframes.TheoperatingsystemsusedbyserversrangefromWindowsServer,toUNIX,toMultipleVirtualStorage(MVS)andothermainframeoperatingsystems.TheOSonaservertendstobemorerobustthantheOSonaworkstationsystemandisdesignedtoservicemultipleusersoveranetworkatthesametime.Serverscanhostavarietyofapplications,includingwebservers,databases,e-mailservers,fileservers,printservers,andapplicationserversformiddlewareapplications.

VirtualizationVirtualizationtechnologyisusedtoallowacomputertohavemorethanoneOSpresentand,inmanycases,operatingatthesametime.VirtualizationisanabstractionoftheOSlayer,creatingtheabilitytohostmultipleOSsonasinglepieceofhardware.Oneofthemajoradvantagesofvirtualizationistheseparationofthesoftwareandthehardware,creatingabarrierthatcanimprovemanysystemfunctions,includingsecurity.Theunderlyinghardwareisreferredtoasthehostmachine,andonitisahostOS.EitherthehostOShasbuilt-inhypervisorcapabilityoranapplicationisneededtoprovidethehypervisorfunctiontomanagethevirtualmachines(VMs).ThevirtualmachinesaretypicallyreferredtoastheguestOSs.

ExamTip:Ahypervisoristheinterfacebetweenavirtualmachineandthehostmachinehardware.Hypervisorsarethelayerthatenablesvirtualization.

NewerOSsaredesignedtonativelyincorporatevirtualizationhooks,enablingvirtualmachinestobeemployedwithgreaterease.Thereareseveralcommonvirtualizationsolutions,includingMicrosoftHyper-V,VMware,OracleVMVirtualBox,Parallels,andCitrixXen.ItisimportanttodistinguishbetweenvirtualizationandbootloadersthatallowdifferentOSstobootonhardware.Apple’sBootCampallowsyoutobootintoMicrosoftWindowsonApplehardware.ThisisdifferentfromParallels,aproductwithcompletevirtualizationcapabilityforApplehardware.Virtualizationoffersmuchintermsofhost-basedmanagementofa

system.Fromsnapshotsthatalloweasyrollbacktopreviousstates,fastersystemdeploymentviapreconfiguredimages,easeofbackup,andtheabilitytotestsystems,virtualizationoffersmanyadvantagestosystemowners.Theseparationoftheoperationalsoftwarelayerfromthehardwarelayercanoffermanyimprovementsinthemanagementofsystems.

SnapshotsAsnapshotisapoint-in-timesavingofthestateofavirtualmachine.Snapshotshavegreatutilitybecausetheyarelikeasavepointforanentiresystem.Snapshotscanbeusedtorollasystembacktoapreviouspointintime,undooperations,orprovideaquickmeansofrecoveryfromacomplex,system-alteringchangethathasgoneawry.Snapshotsactasaformofbackupandaretypicallymuchfasterthannormalsystembackupandrecoveryoperations.

PatchCompatibilityHavinganOSoperateinavirtualenvironmentdoesnotchangetheneedforsecurityassociatedwiththeOS.Patchesarestillneededandshouldbeapplied,independentofthevirtualizationstatus.Becauseofthenatureofavirtualenvironment,itshouldhavenoeffectontheutilityofpatching,asthepatchisfortheguestOS.

HostAvailability/ElasticityWhenyousetupavirtualizationenvironment,protectingthehostOSandhypervisorleveliscriticalforsystemstability.Thebestpracticeistoavoidtheinstallationofanyapplicationsonthehost-levelmachine.Allappsshouldbehousedandruninavirtualenvironment.ThisaidsinthestabilitybyprovidingseparationbetweentheapplicationandthehostOS.Thetermelasticityreferstotheabilityofasystemtoexpand/contractassystemrequirementsdictate.Oneoftheadvantagesofvirtualizationisthatavirtualmachinecanbemovedtolargerorsmallerenvironmentsbasedonneeds.IfaVMneedsmoreprocessingpower,thenmigratingtheVMtoanewhardwaresystemwithgreaterCPUcapacityallowsthesystemtoexpandwithouthavingtorebuildit.

SecurityControlTestingWhenapplyingsecuritycontrolstoasystemtomanagesecurityoperations,itisimportanttotestthecontrolstoensurethattheyareprovidingthedesiredresults.PuttingasystemintoaVMdoesnotchangethisrequirement.Infact,itmaycomplicateitbecauseofthenatureoftheguestOStohypervisorrelationship.Itisessentialtospecificallytestallsecuritycontrolsinsidethevirtualenvironmenttoensuretheirbehaviorisstilleffective.

SandboxingSandboxingreferstothequarantineorisolationofasystemfromitssurroundings.Virtualizationcanbeusedasaformofsandboxingwithrespecttoanentiresystem.YoucanbuildaVM,testsomethinginsidetheVM,and,basedontheresults,makeadecisionwithregardtostabilityorwhateverconcernwaspresent.

MobileDevicesMobiledevicessuchaslaptops,tablets,andmobilephonesarethelatest

devicestojointhecorporatenetwork.Mobiledevicescancreateamajorsecuritygap,asausermayaccessseparatee-mailaccounts,onepersonal,withoutantivirusprotection,andtheothercorporate.MobiledevicesarecoveredindetailinChapter12.

DeviceSecurity,CommonConcernsAsmoreandmoreinteractivedevices(thatis,devicesyoucaninteractwithprogrammatically)arebeingdesigned,anewthreatsourcehasappeared.Inanattempttobuildsecurityintodevices,typically,adefaultaccountandpasswordmustbeenteredtoenabletheusertoaccessandconfigurethedeviceremotely.Thesedefaultaccountsandpasswordsarewellknowninthehackercommunity,sooneofthefirststepsyoumusttaketosecuresuchdevicesistochangethedefaultcredentials.Anyonewhohaspurchasedahomeofficerouterknowsthedefaultconfigurationsettingsandcanchecktoseeifanotheruserhaschangedtheirs.Iftheyhavenot,thisisahugesecurityhole,allowingoutsidersto“reconfigure”theirnetworkdevices.

TechTip

DefaultAccountsAlwaysreconfigurealldefaultaccountsonalldevicesbeforeexposingthemtoexternaltraffic.Thisistopreventothersfromreconfiguringyourdevicesbasedonknownaccesssettings.

NetworkAttachedStorageBecauseofthespeedoftoday’sEthernetnetworks,itispossibletomanagedatastorageacrossthenetwork.ThishasledtoatypeofstorageknownasNetworkAttachedStorage(NAS).Thecombinationofinexpensiveharddrives,fastnetworks,andsimpleapplication-based

servershasmadeNASdevicesintheterabyterangeaffordableforevenhomeusers.Becauseofthelargesizeofvideofiles,thishasbecomepopularforsomeusersasamethodofstoringTVandvideolibraries.BecauseNASisanetworkdevice,itissusceptibletovariousattacks,includingsniffingofcredentialsandavarietyofbrute-forceattackstoobtainaccesstothedata.

RemovableStorageBecauseremovabledevicescanmovedataoutsideofthecorporate-controlledenvironment,theirsecurityneedsmustbeaddressed.Removabledevicescanbringunprotectedorcorrupteddataintothecorporateenvironment.Allremovabledevicesshouldbescannedbyantivirussoftwareuponconnectiontothecorporateenvironment.Corporatepoliciesshouldaddressthecopyingofdatatoremovabledevices.ManymobiledevicescanbeconnectedviaUSBtoasystemandusedtostoredata—andinsomecasesvastquantitiesofdata.Thiscapabilitycanbeusedtoavoidsomeimplementationsofdatalosspreventionmechanisms.

NetworkingNetworksareusedtoconnectdevicestogether.Networksarecomposedofcomponentsthatperformnetworkingfunctionstomovedatabetweendevices.Networksbeginwithnetworkinterfacecards,thencontinueinlayersofswitchesandrouters.Specializednetworkingdevicesareusedforspecificpurposes,suchassecurityandtrafficmanagement.

NetworkInterfaceCardsToconnectaserverorworkstationtoanetwork,adeviceknownasanetworkinterfacecard(NIC)isused.ANICisacardwithaconnectorportforaparticulartypeofnetworkconnection,eitherEthernetorToken

Ring.ThemostcommonnetworktypeinuseforLANsistheEthernetprotocol,andthemostcommonconnectoristheRJ-45connector.ANICisthephysicalconnectionbetweenacomputerandthenetwork.

ThepurposeofaNICistoprovidelower-levelprotocolfunctionalityfromtheOSI(OpenSystemInterconnection)model.BecausetheNICdefinesthetypeofphysicallayerconnection,differentNICsareusedfordifferentphysicalprotocols.NICscomeassingle-portandmultiport,andmostworkstationsuseonlyasingle-portNIC,asonlyasinglenetworkconnectionisneeded.Figure10.1showsacommonformofaNIC.Forservers,multiportNICsareusedtoincreasethenumberofnetworkconnections,increasingthedatathroughputtoandfromthenetwork.

•Figure10.1Linksysnetworkinterfacecard(NIC)

EachNICportisserializedwithauniquecode,48bitslong,referredtoasaMediaAccessControladdress(MACaddress).Thesearecreatedbythemanufacturer,with24bitsrepresentingthemanufacturerand24bitsbeingaserialnumber,guaranteeinguniqueness.MACaddressesareusedintheaddressinganddeliveryofnetworkpacketstothecorrectmachineandinavarietyofsecuritysituations.Unfortunately,theseaddressescanbechanged,or“spoofed,”rathereasily.Infact,itiscommonforpersonalrouterstocloneaMACaddresstoallowuserstousemultipledevicesoveranetworkconnectionthatexpectsasingleMAC.

HubsAhubisnetworkingequipmentthatconnectsdevicesthatareusingthesameprotocolatthephysicallayeroftheOSImodel.Ahuballowsmultiplemachinesinanareatobeconnectedtogetherinastarconfiguration,withthehubasthecenter.ThisconfigurationcansavesignificantamountsofcableandisanefficientmethodofconfiguringanEthernetbackbone.Allconnectionsonahubshareasinglecollisiondomain,asmallclusterinanetworkwherecollisionsoccur.Asnetworktrafficincreases,itcanbecomelimitedbycollisions.Thecollisionissuehasmadehubsobsoleteinnewer,higherperformancenetworks,withinexpensiveswitchesandswitchedEthernetkeepingcostslowandusablebandwidthhigh.Hubsalsocreateasecurityweaknessinthatallconnecteddevicesseealltraffic,enablingsniffingandeavesdroppingtooccur.Intoday’snetworks,hubshaveallbutdisappeared,beingreplacedbylow-costswitches.

TechTip

Device/OSILevelInteraction

DifferentnetworkdevicesoperateusingdifferentlevelsoftheOSInetworkingmodeltomovepacketsfromdevicetodevice:

BridgesBridgesarenetworkingequipmentthatconnectdevicesusingthesameprotocolatthedatalinklayeroftheOSImodel.Abridgeoperatesatthedatalinklayer,filteringtrafficbasedonMACaddresses.Bridgescanreducecollisionsbyseparatingpiecesofanetworkintotwoseparatecollisiondomains,butthisonlycutsthecollisionprobleminhalf.Althoughbridgesareuseful,abettersolutionistouseswitchesfornetworkconnections.

SwitchesAswitchformsthebasisforconnectionsinmostEthernet-basedLANs.Althoughhubsandbridgesstillexist,intoday’shigh-performancenetworkenvironment,switcheshavereplacedboth.Aswitchhasseparatecollision

domainsforeachport.Thismeansthatforeachport,twocollisiondomainsexist:onefromtheporttotheclientonthedownstreamside,andonefromtheswitchtothenetworkupstream.Whenfullduplexisemployed,collisionsarevirtuallyeliminatedfromthetwonodes,hostandclient.Thisalsoactsasahub-basedsystem,whereasinglesniffercanseeallofthetraffictoandfromconnecteddevices.Switchesoperateatthedatalinklayer,whileroutersactatthenetwork

layer.Forintranets,switcheshavebecomewhatroutersareontheInternet—thedeviceofchoiceforconnectingmachines.Asswitcheshavebecometheprimarynetworkconnectivitydevice,additionalfunctionalityhasbeenaddedtothem.AswitchisusuallyaLayer2device,butLayer3switchesincorporateroutingfunctionality.Hubshavebeenreplacedbyswitchesbecauseswitchesperforma

numberoffeaturesthathubscannotperform.Forexample,theswitchimprovesnetworkperformancebyfilteringtraffic.Itfilterstrafficbyonlysendingthedatatotheportontheswitchthatthedestinationsystemresideson.Theswitchknowswhatporteachsystemisconnectedtoandsendsthedataonlytothatport.Theswitchalsoprovidessecurityfeatures,suchastheoptiontodisableaportsothatitcannotbeusedwithoutauthorization.Theswitchalsosupportsafeaturecalledportsecurity,whichallowstheadministratortocontrolwhichsystemscansenddatatoeachoftheports.TheswitchusestheMACaddressofthesystemstoincorporatetrafficfilteringandportsecurityfeatures,whichiswhyitisconsideredaLayer2device.

ExamTip:MACfilteringcanbeemployedonswitches,permittingonlyspecifiedMACstoconnecttotheswitch.ThiscanbebypassedifanattackercanlearnanallowedMAC,astheycanclonethepermittedMAContotheirownNICcardandspooftheswitch.Tofilteredgeconnections,IEEE802.1XismoresecureandiscoveredinChapter11.ThiscanalsobereferredtoasMAClimiting.Becarefultopayattentiontocontextontheexam,however,becauseMAClimitingalsocanrefertopreventingfloodingattacksonswitchesbylimitingthenumberofMACaddressesthatcanbe“learned”byaswitch.

PortaddresssecuritybasedonMACaddressescandeterminewhetherapacketisallowedorblockedfromaconnection.Thisistheveryfunctionthatafirewallusesforitsdetermination,andthissamefunctionalityiswhatallowsan802.1Xdevicetoactasan“edgedevice.”

ExamTip:Networktrafficsegregationbyswitchescanalsoactasasecuritymechanism,preventingaccesstosomedevicesfromotherdevices.Thiscanpreventsomeonefromaccessingcriticaldataserversfromamachineinapublicarea.

Oneofthesecurityconcernswithswitchesisthat,likerouters,theyareintelligentnetworkdevicesandarethereforesubjecttohijackingbyhackers.Shouldahackerbreakintoaswitchandchangeitsparameters,hemightbeabletoeavesdroponspecificorallcommunications,virtuallyundetected.SwitchesarecommonlyadministeredusingtheSimpleNetworkManagementProtocol(SNMP)andTelnetprotocol,bothofwhichhaveaseriousweaknessinthattheysendpasswordsacrossthenetworkincleartext.Ahackerarmedwithasnifferthatobservesmaintenanceonaswitchcancapturetheadministrativepassword.Thisallowsthehackertocomebacktotheswitchlaterandconfigureitasanadministrator.Anadditionalproblemisthatswitchesareshippedwithdefaultpasswords,andifthesearenotchangedwhentheswitchissetup,theyofferanunlockeddoortoahacker.

Tosecureaswitch,youshoulddisableallaccessprotocolsotherthanasecureseriallineorasecureprotocolsuchasSecureShell(SSH).Usingonlysecuremethodstoaccessaswitchwilllimittheexposuretohackersandmalicioususers.Maintainingsecurenetworkswitchesisevenmoreimportantthansecuringindividualboxes,forthespanofcontroltointerceptdataismuchwideronaswitch,especiallyifit’sreprogrammedbyahacker.

Switchesarealsosubjecttoelectronicattacks,suchasARPpoisoning

andMACflooding.ARPpoisoningiswhereadevicespoofstheMACaddressofanotherdevice,attemptingtochangetheARPtablesthroughspoofedtrafficandtheARPtable-updatemechanism.MACfloodingiswhereaswitchisbombardedwithpacketsfromdifferentMACaddresses,floodingtheswitchtableandforcingthedevicetorespondbyopeningallportsandactingasahub.Thisenablesdevicesonothersegmentstosnifftraffic.

LoopProtectionSwitchesoperateatLayer2,atwhichthereisnocountdownmechanismtokillpacketsthatgetcaughtinloopsoronpathsthatwillneverresolve.TheLayer2spaceactsasamesh,wherepotentiallytheadditionofanewdevicecancreateloopsintheexistingdeviceinterconnections.Topreventloops,atechnologycalledspanningtreesisemployedbyvirtuallyallswitches.TheSpanningTreeProtocol(STP)allowsformultiple,redundantpaths,whilebreakingloopstoensureaproperbroadcastpattern.LoopprotectioniscoveredindetailinChapter9.

RoutersArouterisanetworktrafficmanagementdeviceusedtoconnectdifferentnetworksegmentstogether.Routersoperateatthenetworklayer(Layer3)oftheOSImodel,usingthenetworkaddress(typicallyanIPaddress)toroutetrafficandusingroutingprotocolstodetermineoptimalroutingpathsacrossanetwork.RoutersformthebackboneoftheInternet,movingtrafficfromnetworktonetwork,inspectingpacketsfromeverycommunicationastheymovetrafficinoptimalpaths.Routersoperatebyexaminingeachpacket,lookingatthedestination

address,andusingalgorithmsandtablestodeterminewheretosendthepacketnext.Thisprocessofexaminingtheheadertodeterminethenexthopcanbedoneinquickfashion.

ACLscanrequiresignificantefforttoestablishandmaintain.Creatingthemisastraightforwardtask,buttheirjudicioususewillyieldsecuritybenefitswithalimitedamountofmaintenance.CiscoroutershavestandardandextendedACLs;standardACLscanfiltertrafficbasedonlyonthesourceIPaddress,whereasextendedACLscanfiltertrafficbysource/destinationIPaddress,protocol,andport.ThiscanbeveryimportantinsecurityzonessuchasaDMZandatedgedevices,blockingundesiredoutsidecontactwhileallowingknowninsidetraffic.

Routersuseaccesscontrollists(ACLs)asamethodofdecidingwhetherapacketisallowedtoenterthenetwork.WithACLs,itisalsopossibletoexaminethesourceaddressanddeterminewhetherornottoallowapackettopass.ThisallowsroutersequippedwithACLstodroppacketsaccordingtorulesbuiltintotheACLs.Thiscanbeacumbersomeprocesstosetupandmaintain,andastheACLgrowsinsize,routingefficiencycanbedecreased.Itisalsopossibletoconfiguresomerouterstoactasquasi–applicationgateways,performingstatefulpacketinspectionandusingcontentsaswellasIPaddressestodeterminewhetherornottopermitapackettopass.Thiscantremendouslyincreasethetimeforaroutertopasstrafficandcansignificantlydecreaserouterthroughput.ConfiguringACLsandotheraspectsofsettinguproutersforthistypeofusearebeyondthescopeofthisbook.Oneserioussecurityconcernregardingrouteroperationislimitingwho

hasaccesstotherouterandcontrolofitsinternalfunctions.Likeaswitch,aroutercanbeaccessedusingSNMPandTelnetandprogrammedremotely.Becauseofthegeographicseparationofrouters,thiscanbecomeanecessity,formanyroutersintheworldoftheInternetcanbehundredsofmilesapart,inseparatelockedstructures.Physicalcontroloverarouterisabsolutelynecessary,forifanydevice,beitaserver,switch,orrouter,isphysicallyaccessedbyahacker,itshouldbeconsideredcompromised.Thus,suchaccessmustbeprevented.Aswithswitches,itisimportanttoensurethattheadministratorpasswordisneverpassedintheclear,thatonlysecuremechanismsareusedtoaccesstherouter,andthatallofthedefaultpasswordsareresettostrongpasswords.

Aswithswitches,themostassuredpointofaccessforroutermanagementcontrolisviatheserialcontrolinterfaceport.Thisallowsaccesstothecontrolaspectsoftherouterwithouthavingtodealwithtraffic-relatedissues.Forinternalcompanynetworks,wherethegeographicdispersionofroutersmaybelimited,third-partysolutionstoallowout-of-bandremotemanagementexist.Thisallowscompletecontrolovertherouterinasecurefashion,evenfromaremotelocation,althoughadditionalhardwareisrequired.Routersareavailablefromnumerousvendorsandcomeinsizesbigand

small.Atypicalsmallhomeofficerouterforusewithcablemodem/DSLserviceisshowninFigure10.2.Largerrouterscanhandletrafficofuptotensofgigabytespersecondperchannel,usingfiber-opticinputsandmovingtensofthousandsofconcurrentInternetconnectionsacrossthenetwork.Theserouters,whichcancosthundredsofthousandsofdollars,formanessentialpartofe-commerceinfrastructure,enablinglargeenterprisessuchasAmazonandeBaytoservemanycustomers’useconcurrently.

•Figure10.2Asmallhomeofficerouterforcablemodem/DSL

FirewallsAfirewallisanetworkdevice—hardware,software,oracombinationthereof—whosepurposeistoenforceasecuritypolicyacrossitsconnectionsbyallowingordenyingtraffictopassintooroutofthenetwork.Afirewallisalotlikeagateguardatasecurefacility.Theguardexaminesallthetraffictryingtoenterthefacility—carswiththecorrectstickerordeliverytruckswiththeappropriatepaperworkareallowedin;everyoneelseisturnedaway(seeFigure10.3).

•Figure10.3Howafirewallworks

ExamTip:Afirewallisanetworkdevice(hardware,software,orcombinationofthetwo)thatenforcesasecuritypolicy.Allnetworktrafficpassingthroughthefirewallisexamined—trafficthatdoesnotmeetthespecifiedsecuritycriteriaorviolatesthefirewallpolicyisblocked.

Theheartofafirewallisthesetofsecuritypoliciesthatitenforces.Managementdetermineswhatisallowedintheformofnetworktrafficbetweendevices,andthesepoliciesareusedtobuildrulesetsforthefirewalldevicesusedtofilternetworktrafficacrossthenetwork.

TechTip

FirewallRulesFirewallsareinrealitypolicyenforcementdevices.Eachruleinafirewallshouldhaveapolicybehindit,asthisistheonlymannerofmanagingfirewallrulesetsovertime.Thestepsforsuccessfulfirewallmanagementbeginandendwithmaintainingapolicylistbyfirewallofthetrafficrestrictionstobeimposed.Managingthislistviaaconfigurationmanagementprocessisimportanttopreventnetworkinstabilitiesfromfaultyrulesetsorunknown“left-over”rules.

Orphanorleft-overrulesarerulesthatwerecreatedforaspecialpurpose(testing,emergency,visitororvendor,etc.)andthenforgottenaboutandnotremovedaftertheiruseended.Theserulescanclutterupafirewallandresultinunintendedchallengestothenetworksecurityteam.

Firewallsecuritypoliciesareaseriesofrulesthatdefineswhattrafficispermissibleandwhattrafficistobeblockedordenied.Thesearenotuniversalrules,andtherearemanydifferentsetsofrulesforasinglecompanywithmultipleconnections.AwebserverconnectedtotheInternetmaybeconfiguredonlytoallowtrafficonport80forHTTP,and

haveallotherportsblocked.Ane-mailservermayhaveonlynecessaryportsfore-mailopen,withothersblocked.Akeytosecuritypoliciesforfirewallsisthesameashasbeenseenforothersecuritypolicies—theprincipleofleastaccess.Onlyallowthenecessaryaccessforafunction;blockordenyallunneededfunctionality.Howanorganizationdeploysitsfirewallsdetermineswhatisneededforsecuritypoliciesforeachfirewall.Youmayevenhaveasmalloffice–homeofficefirewallatyourhouse,suchastheRVS4000showninFigure10.4.ThisdevicefromLinksysprovidesbothroutingandfirewallfunctions.

•Figure10.4LinksysRVS4000SOHOfirewall

Thesecuritytopologydetermineswhatnetworkdevicesareemployedatwhatpointsinanetwork.Ataminimum,thecorporateconnectiontotheInternetshouldpassthroughafirewall,asshowninFigure10.5.Thisfirewallshouldblockallnetworktrafficexceptthatspecificallyauthorizedbythesecuritypolicy.Thisisactuallyeasytodo:blockingcommunicationsonaportissimplyamatteroftellingthefirewalltoclosetheport.Theissuecomesindecidingwhatservicesareneededandby

whom,andthuswhichportsshouldbeopenandwhichshouldbeclosed.Thisiswhatmakesasecuritypolicyusefulbut,insomecases,difficulttomaintain.

•Figure10.5LogicaldepictionofafirewallprotectinganorganizationfromtheInternet

Theperfectfirewallpolicyisonethattheenduserneverseesandonethatneverallowsevenasingleunauthorizedpackettoenterthenetwork.Aswithanyotherperfectitem,itwillberaretofindtheperfectsecuritypolicyforafirewall.Todevelopacompleteandcomprehensivesecuritypolicy,itisfirst

necessarytohaveacompleteandcomprehensiveunderstandingofyournetworkresourcesandtheiruses.Onceyouknowwhatyournetworkwillbeusedfor,youwillhaveanideaofwhattopermit.Also,onceyouunderstandwhatyouneedtoprotect,youwillhaveanideaofwhattoblock.Firewallsaredesignedtoblockattacksbeforetheygettoatargetmachine.Commontargetsarewebservers,e-mailservers,DNSservers,FTPservices,anddatabases.Eachofthesehasseparatefunctionality,andeachofthesehasseparatevulnerabilities.Onceyouhavedecidedwhoshouldreceivewhattypeoftrafficandwhattypesshouldbeblocked,youcanadministerthisthroughthefirewall.

Routershelpcontroltheflowoftrafficintoandoutofyournetwork.ThroughtheuseofACLs,routerscanactasfirst-levelfirewallsandcanhelpweedoutmalicioustraffic.

HowDoFirewallsWork?Firewallsenforcetheestablishedsecuritypolicies.Theycandothisthroughavarietyofmechanisms,including:

NetworkAddressTranslation(NAT)AsyoumayrememberfromChapter9,NATtranslatesprivate(nonroutable)IPaddressesintopublic(routable)IPaddresses.

BasicpacketfilteringBasicpacketfilteringlooksateachpacketenteringorleavingthenetworkandtheneitheracceptsthepacketorrejectsthepacketbasedonuser-definedrules.Eachpacketisexaminedseparately.

StatefulpacketfilteringStatefulpacketfilteringalsolooksateachpacket,butitcanexaminethepacketinitsrelationtootherpackets.Statefulfirewallskeeptrackofnetworkconnectionsandcanapplyslightlydifferentrulesetsbasedonwhetherthepacketispartofanestablishedsessionornot.

NATistheprocessofmodifyingnetworkaddressinformationindatagrampacketheaderswhileintransitacrossatrafficroutingdevice,suchasarouterorfirewall,forthepurposeofremappingagivenaddressspaceintoanother.SeeChapter9foramoredetaileddiscussiononNAT.

Accesscontrollists(ACLs)ACLsaresimplerulesetsthatareappliedtoportnumbersandIPaddresses.Theycanbeconfiguredforinboundandoutboundtrafficandaremostcommonlyusedonroutersandswitches.

ApplicationlayerproxiesAnapplicationlayerproxycanexaminethecontentofthetrafficaswellastheportsandIPaddresses.Forexample,anapplicationlayerhastheabilitytolookinsideauser’swebtraffic,detectamaliciouswebsiteattemptingtodownloadmalwaretotheuser’ssystem,andblockthemalware.

OneofthemostbasicsecurityfunctionsprovidedbyafirewallisNAT.Thisserviceallowsyoutomasksignificantamountsofinformationfromoutsideofthenetwork.Thisallowsanoutsideentitytocommunicatewithanentityinsidethefirewallwithouttrulyknowingitsaddress.Basicpacketfiltering,alsoknownasstatelesspacketinspection,

involveslookingatpackets,theirprotocolsanddestinations,andcheckingthatinformationagainstthesecuritypolicy.TelnetandFTPconnectionsmaybeprohibitedfrombeingestablishedtoamailordatabaseserver,buttheymaybeallowedfortherespectiveserviceservers.Thisisafairlysimplemethodoffilteringbasedoninformationineachpacketheader,likeIPaddressesandTCP/UDPports.Thiswillnotdetectandcatchallundesiredpackets,butitisfastandefficient.Tolookatallpackets,determiningtheneedforeachanditsdata,

requiresstatefulpacketfiltering.Advancedfirewallsemploystatefulpacketfilteringtopreventseveraltypesofundesiredcommunications.Shouldapacketcomefromoutsidethenetwork,inanattempttopretendthatitisaresponsetoamessagefrominsidethenetwork,thefirewallwill

havenorecordofitbeingrequestedandcandiscardit,blockingaccess.Asmanycommunicationswillbetransferredtohighports(above1023),statefulmonitoringwillenablethesystemtodeterminewhichsetsofhigh-portcommunicationsarepermissibleandwhichshouldbeblocked.Thedisadvantagetostatefulmonitoringisthatittakessignificantresourcesandprocessingtodothistypeofmonitoring,andthisreducesefficiencyandrequiresmorerobustandexpensivehardware.However,thistypeofmonitoringisessentialintoday’scomprehensivenetworks,particularlygiventhevarietyofremotelyaccessibleservices.

TechTip

FirewallsandAccessControlListsManyfirewallsreadfirewallandACLrulesfromtoptobottomandapplytherulesinsequentialordertothepacketstheyareinspecting.Typicallytheywillstopprocessingruleswhentheyfindarulethatmatchesthepackettheyareexamining.Ifthefirstlineinyourrulesetreads“allowalltraffic,”thenthefirewallwillpassanynetworktrafficcomingintoorleavingthefirewall—ignoringtherestofyourrulesbelowthatline.Manyfirewallshaveanimplied“denyall”lineaspartoftheirrulesets.Thismeansthatanytrafficthatisnotspecificallyallowedbyarulewillgetblockedbydefault.

Astheyareinrouters,switches,servers,andothernetworkdevices,ACLsareacornerstoneofsecurityinfirewalls.Justasyoumustprotectthedevicefromphysicalaccess,ACLsdothesametaskforelectronicaccess.FirewallscanextendtheconceptofACLsbyenforcingthematapacketlevelwhenpacket-levelstatefulfilteringisperformed.Thiscanaddanextralayerofprotection,makingitmoredifficultforanoutsidehackertobreachafirewall.

ExamTip:Manyfirewallscontain,bydefault,animplicitdenyattheendofeveryACLorfirewallruleset.Thissimplymeansthatanytrafficnotspecificallypermittedbyapreviousrule

intherulesetisdenied.

Somehigh-securityfirewallsalsoemployapplicationlayerproxies.Asthenameimplies,packetsarenotallowedtotraversethefirewall,butdatainsteadflowsuptoanapplicationthatinturndecideswhattodowithit.Forexample,anSMTPproxymayacceptinboundmailfromtheInternetandforwardittotheinternalcorporatemailserver,asdepictedinFigure10.6.Whileproxiesprovideahighlevelofsecuritybymakingitverydifficultforanattackertomanipulatetheactualpacketsarrivingatthedestination,andwhiletheyprovidetheopportunityforanapplicationtointerpretthedatapriortoforwardingittothedestination,theygenerallyarenotcapableofthesamethroughputasstatefulpacket-inspectionfirewalls.Thetrade-offbetweenperformanceandspeedisacommononeandmustbeevaluatedwithrespecttosecurityneedsandperformancerequirements.

•Figure10.6FirewallwithSMTPapplicationlayerproxy

TechTip

FirewallOperationsApplicationlayerfirewallssuchasproxyserverscananalyzeinformationintheheaderanddataportionofthepacket,whereaspacket-filteringfirewallscananalyzeonlytheheaderofa

packet.

Firewallscanalsoactasnetworktrafficregulatorsinthattheycanbeconfiguredtomitigatespecifictypesofnetwork-basedattacks.Indenial-of-serviceanddistributeddenial-of-serviceattacks,anattackercanattempttofloodanetworkwithtraffic.Firewallscanbetunedtodetectthesetypesofattacksandactasfloodguards,mitigatingtheeffectonthenetwork.

ExamTip:Firewallscanactasfloodguards,detectingandmitigatingspecifictypesofDoS/DDoSattacks.

Next-GenerationFirewallsFirewallsoperatebyinspectingpacketsandbyusingrulesassociatedwithIPaddressesandports.Next-generationfirewallshavesignificantlymorecapabilityandarecharacterizedbythesefeatures:

Deeppacketinspection

Movebeyondport/protocolinspectionandblocking

Addapplication-levelinspection

Addintrusionprevention

Bringintelligencefromoutsidethefirewall

Next-generationfirewallsaremorethanjustafirewallandIDScoupledtogether;theyofferadeeperlookatwhatthenetworktrafficrepresents.Inalegacyfirewall,withport80open,allwebtrafficisallowedtopass.Usinganext-generationfirewall,trafficoverport80canbeseparatedbywebsite,orevenactivityonawebsite(forexample,allowFacebook,butnotgamesonFacebook).Becauseofthedeeperpacketinspectionandthe

abilitytocreaterulesbasedoncontent,trafficcanbemanagedbasedoncontent,notmerelysiteorURL.

WebApplicationFirewallsvs.NetworkFirewallsIncreasingly,theterm“firewall”isgettingattachedtoanydeviceorsoftwarepackagethatisusedtocontroltheflowofpacketsordataintooroutofanorganization.Forexample,awebapplicationfirewallisthetermgiventoanysoftwarepackage,appliance,orfilterthatappliesarulesettoHTTP/HTTPStraffic.WebapplicationfirewallsshapewebtrafficandcanbeusedtofilteroutSQLinjectionattacks,malware,cross-sitescripting(XSS),andsoon.Bycontrast,anetworkfirewallisahardwareorsoftwarepackagethatcontrolstheflowofpacketsintoandoutofanetwork.Webapplicationfirewallsoperateontrafficatamuchhigherlevelthannetworkfirewalls,aswebapplicationfirewallsmustbeabletodecodethewebtraffictodeterminewhetherornotitismalicious.Networkfirewallsoperateonmuchsimpleraspectsofnetworktrafficsuchassource/destinationportandsource/destinationaddress.

ConcentratorsNetworkdevicescalledconcentratorsactastrafficmanagementdevices,managingflowsfrommultiplepointsintosinglestreams.Concentratorstypicallyactasendpointsforaparticularprotocol,suchasSSL/TLSorVPN.Theuseofspecializedhardwarecanenablehardware-basedencryptionandprovideahigherlevelofspecificservicethanageneral-purposeserver.Thisprovidesbotharchitecturalandfunctionalefficiencies.

WirelessDevicesWirelessdevicesbringadditionalsecurityconcerns.Thereis,bydefinition,nophysicalconnectiontoawirelessdevice;radiowavesor

infraredcarrydata,whichallowsanyonewithinrangeaccesstothedata.Thismeansthatunlessyoutakespecificprecautions,youhavenocontroloverwhocanseeyourdata.Placingawirelessdevicebehindafirewalldoesnotdoanygood,becausethefirewallstopsonlyphysicallyconnectedtrafficfromreachingthedevice.Outsidetrafficcancomeliterallyfromtheparkinglotdirectlytothewirelessdeviceandintothenetwork.Thepointofentryfromawirelessdevicetoawirednetworkis

performedatadevicecalledawirelessaccesspoint.Wirelessaccesspointscansupportmultipleconcurrentdevicesaccessingnetworkresourcesthroughthenetworknodetheycreate.Atypicalwirelessaccesspointisshownhere.

•Atypicalwirelessaccesspoint

Topreventunauthorizedwirelessaccesstothenetwork,configurationofremoteaccessprotocolstoawirelessaccesspointiscommon.Forcingauthenticationandverifyingauthorizationisaseamlessmethodofperformingbasicnetworksecurityforconnectionsinthisfashion.TheseaccessprotocolsarecoveredinChapter11.

Severalmechanismscanbeusedtoaddwirelessfunctionalitytoamachine.ForPCs,thiscanbedoneviaanexpansioncard.Fornotebooks,aPCMCIAadapterforwirelessnetworksisavailablefromseveralvendors.ForbothPCsandnotebooks,vendorshaveintroducedUSB-basedwirelessconnectors.Thefollowingillustrationshowsonevendor’scard—notetheextendedlengthusedasanantenna.Notallcardshavethesameconfiguration,althoughtheyallperformthesamefunction:toenableawirelessnetworkconnection.Thenumerouswirelessprotocols(802.11a,b,g,i,andn)arecoveredinChapter12.Wirelessaccesspointsandcardsmustbematchedbyprotocolforproperoperation.

ModemsModemswereonceaslowmethodofremoteconnectionthatwasusedtoconnectclientworkstationstoremoteservicesoverstandardtelephonelines.Modemisashortenedformofmodulator/demodulator,convertinganalogsignalstodigitalandviceversa.Connectingadigitalcomputersignaltotheanalogtelephonelinerequiredoneofthesedevices.Today,theuseofthetermhasexpandedtocoverdevicesconnectedtospecialdigitaltelephonelines—DSLmodems—andtocabletelevisionlines—cablemodems.Althoughthesedevicesarenotactuallymodemsinthetruesenseoftheword,thetermhasstuckthroughmarketingeffortsdirectedtoconsumers.DSLandcablemodemsofferbroadbandhigh-speedconnectionsandtheopportunityforcontinuousconnectionstotheInternet.Alongwiththesenewdesirablecharacteristicscomesomeundesirableones,however.Althoughtheybothprovidethesametypeofservice,cableandDSLmodemshavesomedifferences.ADSLmodemprovidesadirect

connectionbetweenasubscriber’scomputerandanInternetconnectionatthelocaltelephonecompany’sswitchingstation.Thisprivateconnectionoffersadegreeofsecurity,asitdoesnotinvolveotherssharingthecircuit.Cablemodemsaresetupinsharedarrangementsthattheoreticallycouldallowaneighbortosniffauser’scablemodemtraffic.

•AtypicalPCMCIAwirelessnetworkcard

Cablemodemsweredesignedtoshareapartylineintheterminalsignalarea,andthecablemodemstandard,DataOverCableServiceInterfaceSpecification(DOCSIS),wasdesignedtoaccommodatethisconcept.DOCSISincludesbuilt-insupportforsecurityprotocols,including

authenticationandpacketfiltering.Althoughthisdoesnotguaranteeprivacy,itpreventsordinarysubscribersfromseeingothers’trafficwithoutusingspecializedhardware.Figure10.7isamoderncablemodem.Ithasanimbeddedwireless

accesspoint,aVoIPconnection,alocalrouter,andDHCPserver.Thesizeofthedeviceisfairlylarge,butithasabuilt-inlead-acidbatterytoprovideVoIPservicewhenpowerisout.

•Figure10.7Moderncablemodem

BothcableandDSLservicesaredesignedforacontinuousconnection,whichbringsupthequestionofIPaddresslifeforaclient.AlthoughsomeservicesoriginallyusedastaticIParrangement,virtuallyallhavenowadoptedtheDynamicHostConfigurationProtocol(DHCP)tomanagetheiraddressspace.AstaticIPaddresshasanadvantageofremainingthesameandenablingconvenientDNSconnectionsforoutsideusers.AscableandDSLservicesareprimarilydesignedforclientservicesasopposedtohostservices,thisisnotarelevantissue.AsecurityissueofastaticIPaddressisthatitisastationarytargetforhackers.ThemovetoDHCPhasnotsignificantlylessenedthisthreat,however,becausethetypicalIPleaseonacablemodemDHCPserverisfordays.Thisisstillrelativelystationary,andsomeformoffirewallprotectionneedstobeemployedbytheuser.

Cable/DSLSecurityThemodemequipmentprovidedbythesubscriptionserviceconvertsthecableorDSLsignalintoastandardEthernetsignalthatcanthenbeconnectedtoaNIContheclientdevice.Thisisstilljustadirectnetworkconnection,withnosecuritydeviceseparatingthetwo.Themostcommonsecuritydeviceusedincable/DSLconnectionsisarouterthatactsasahardwarefirewall.Thefirewall/routerneedstobeinstalledbetweenthecable/DSLmodemandclientcomputers.

TelephonyAprivatebranchexchange(PBX)isanextensionofthepublictelephonenetworkintoabusiness.Althoughtypicallyconsideredseparateentitiesfromdatasystems,PBXsarefrequentlyinterconnectedandhavesecurityrequirementsaspartofthisinterconnection,aswellassecurityrequirementsoftheirown.PBXsarecomputer-basedswitchingequipment

designedtoconnecttelephonesintothelocalphonesystem.Basicallydigitalswitchingsystems,theycanbecompromisedfromtheoutsideandusedbyphonehackers(phreakers)tomakephonecallsatthebusiness’sexpense.Althoughthistypeofhackinghasdecreasedasthecostoflong-distancecallinghasdecreased,ithasnotgoneaway,andasseveralfirmslearneveryyear,voicemailboxesandPBXscanbecompromisedandthelong-distancebillscangetveryhigh,veryfast.

TechTip

CoexistingCommunicationsDataandvoicecommunicationshavecoexistedinenterprisesfordecades.RecentconnectionsinsidetheenterpriseofVoiceoverIP(VoIP)andtraditionalprivatebranchexchange(PBX)solutionsincreasebothfunctionalityandsecurityrisks.Specificfirewallstoprotectagainstunauthorizedtrafficovertelephonyconnectionsareavailabletocountertheincreasedrisk.

AnotherproblemwithPBXsariseswhentheyareinterconnectedtothedatasystems,eitherbycorporateconnectionorbyroguemodemsinthehandsofusers.Ineithercase,apathexistsforconnectiontooutsidedatanetworksandtheInternet.Justasafirewallisneededforsecurityondataconnections,oneisneededfortheseconnectionsaswell.TelecommunicationsfirewallsareadistincttypeoffirewalldesignedtoprotectboththePBXandthedataconnections.Thefunctionalityofatelecommunicationsfirewallisthesameasthatofadatafirewall:itistheretoenforcesecuritypolicies.Telecommunicationsecuritypoliciescanbeenforcedeventocoverhoursofphoneuse,topreventunauthorizedlong-distanceusagethroughtheimplementationofaccesscodesand/orrestrictedservicehours.

VPNConcentratorAvirtualprivatenetwork(VPN)isaconstructusedtoprovideasecure

communicationchannelbetweenusersacrosspublicnetworkssuchastheInternet.ThemostcommonimplementationofVPNisviaIPsec,aprotocolforIPsecurity.IPsecismandatedinIPv6andisoptionalinIPv4.IPseccanbeimplementedinhardware,software,oracombinationofbothandisusedtoencryptallIPtraffic.InChapter11,avarietyoftechniquesaredescribedthatcanbeemployedtoinstantiateaVPNconnection.Theuseofencryptiontechnologiesallowseitherthedatainapackettobeencryptedortheentirepackettobeencrypted.Ifthedataisencrypted,thepacketheadercanstillbesniffedandobservedbetweensourceanddestination,buttheencryptionprotectsthecontentsofthepacketfrominspection.Iftheentirepacketisencrypted,itisthenplacedintoanotherpacketandsentviatunnelacrossthepublicnetwork.Tunnelingcanprotecteventheidentityofthecommunicatingparties.

ExamTip:AVPNconcentratorisahardwaredevicedesignedtoactasaVPNendpoint,managingVPNconnectionstoanenterprise.

SecurityDevicesTherearearangeofsecuritydevicesthatcanbeemployedatthenetworklayertoinstantiatesecurityfunctionalityinthenetworklayer.Devicescanbeusedforintrusiondetection,networkaccesscontrol,andawiderangeofothersecurityfunctions.Eachdevicehasaspecificnetworkfunctionandplaysaroleinmaintainingnetworkinfrastructuresecurity.

IntrusionDetectionSystemsIntrusiondetectionsystems(IDSs)areanimportantelementofinfrastructuresecurity.IDSsaredesignedtodetect,log,andrespondtounauthorizednetworkorhostuse,bothinrealtimeandafterthefact.IDSs

areavailablefromawideselectionofvendorsandareanessentialpartofacomprehensivenetworksecurityprogram.Thesesystemsareimplementedusingsoftware,butinlargenetworksorsystemswithsignificanttrafficlevels,dedicatedhardwareistypicallyrequiredaswell.IDSscanbedividedintotwocategories:network-basedsystemsandhost-basedsystems.

CrossCheckIntrusionDetectionFromanetworkinfrastructurepointofview,network-basedIDSscanbeconsideredpartofinfrastructure,whereashost-basedIDSsaretypicallyconsideredpartofacomprehensivesecurityprogramandnotnecessarilyinfrastructure.Twoprimarymethodsofdetectionareused:signature-basedandanomaly-based.IDSsarecoveredindetailinChapter13.

NetworkAccessControlNetworkscompriseconnectedworkstationsandservers.Managingsecurityonanetworkinvolvesmanagingawiderangeofissues,fromvariousconnectedhardwareandthesoftwareoperatingthesedevices.Assumingthatthenetworkissecure,eachadditionalconnectioninvolvesrisk.Managingtheendpointsonacase-by-casebasisastheyconnectisasecuritymethodologyknownasnetworkaccesscontrol.Twomaincompetingmethodologiesexistthatdealwithnetworkaccesscontrol:NetworkAccessProtection(NAP)isaMicrosofttechnologyforcontrollingnetworkaccessofacomputerhost,andNetworkAdmissionControl(NAC)isCisco’stechnologyforcontrollingnetworkadmission.

TechTip

NACandNAPInteroperabilityAlthoughMicrosoft’sNAPandCisco’sNACappeartobecompetingmethodologies,theyare

infactcomplementary.NAPallowsmuchfiner-graincontrolforWindows-baseddevices,whileNACisamoregeneral-purposemethodologyforcontrollingadmissionthroughedgedevices.Recognizinghowtheycanworktogether,MicrosoftandCiscohavedeployedguidesonhowtocombinethesetwosystems,preservingtheadvantagesandinvestmentsineach.

Microsoft’sNAPsystemisbasedonmeasuringthesystemhealthoftheconnectingmachine,includingpatchlevelsoftheOS,antivirusprotection,andsystempolicies.TheobjectivebehindNAPistoenforcepolicyandgovernancestandardsonnetworkdevicesbeforetheyarealloweddata-levelaccesstoanetwork.NAPwasfirstutilizedinWindowsXPServicePack3,WindowsVista,andWindowsServer2008,anditrequiresadditionalinfrastructureserverstoimplementthehealthchecks.Thesystemincludesenforcementagentsthatinterrogateclientsandverifyadmissioncriteria.AdmissioncriteriacanincludeclientmachineID,statusofupdates,andsoforth.UsingNAP,networkadministratorscandefinegranularlevelsofnetworkaccessbasedonmultiplecriteria;whoaclientis,whatgroupsaclientbelongsto,andthedegreetowhichthatclientiscompliantwithcorporateclienthealthrequirements.ThesehealthrequirementsincludeOSupdates,antivirusupdates,andcriticalpatches.Responseoptionsincluderejectionoftheconnectionrequestorrestrictionofadmissiontoasubnet.NAPalsoprovidesamechanismforautomaticremediationofclienthealthrequirementsandrestorationofnormalaccesswhenhealthy.Cisco’sNACsystemisbuiltaroundanappliancethatenforcespolicies

chosenbythenetworkadministrator.Aseriesofthird-partysolutionscaninterfacewiththeappliance,allowingtheverificationofmanydifferentoptions,includingclientpolicysettings,softwareupdates,andclientsecurityposture.Theuseofthird-partydevicesandsoftwaremakesthisanextensiblesystemacrossawiderangeofequipment.BothCiscoNACandMicrosoftNAPareintheirearlystagesof

widespreadimplementation,withonlylargeenterprisestypicallytakingthesesteps.Althoughtheyhavebeenavailableforover5years,theyarenotbeingembracedacrossmostfirms.Theconceptofautomatedadmissioncheckingbasedonclientdevicecharacteristicsisheretostay,as

itprovidestimelycontrolintheever-changingnetworkworldoftoday’senterprises.

NetworkMonitoring/DiagnosticAcomputernetworkitselfcanbeconsideredalargecomputersystem,withperformanceandoperatingissues.Justasacomputerneedsmanagement,monitoring,andfaultresolution,sodonetworks.SNMPwasdevelopedtoperformthisfunctionacrossnetworks.Theideaistoenableacentralmonitoringandcontrolcentertomaintain,configure,andrepairnetworkdevices,suchasswitchesandrouters,aswellasothernetworkservices,suchasfirewalls,IDSs,andremoteaccessservers.SNMPhassomesecuritylimitations,andmanyvendorshavedevelopedsoftwaresolutionsthatsitontopofSNMPtoprovidebettersecurityandbettermanagementtoolsuites.

SNMP,SimpleNetworkManagementProtocol,isapartoftheInternetProtocolsuiteofprotocols.Itisanopenstandard,designedfortransmissionofmanagementfunctionsbetweendevices.DonotconfusethiswithSMTP,SimpleMailTransferProtocol,whichisusedtotransfermailbetweenmachines.

Theconceptofanetworkoperationscenter(NOC)comesfromtheoldphonecompanynetworkdays,whencentralmonitoringcentersmonitoredthehealthofthetelephonenetworkandprovidedinterfacesformaintenanceandmanagement.Thissameconceptworkswellwithcomputernetworks,andcompanieswithmidsizeandlargernetworksemploythesamephilosophy.TheNOCallowsoperatorstoobserveandinteractwiththenetwork,usingtheself-reportingand,insomecases,self-healingnatureofnetworkdevicestoensureefficientnetworkoperation.Althoughgenerallyaboringoperationundernormalconditions,whenthingsstarttogowrong,asinthecaseofavirusorwormattack,theNOC

canbecomeabusyandstressfulplaceasoperatorsattempttoreturnthesystemtofullefficiencywhilenotinterruptingexistingtraffic.Asnetworkscanbespreadoutliterallyaroundtheworld,itisnot

feasibletohaveapersonvisiteachdeviceforcontrolfunctions.SoftwareenablescontrollersatNOCstomeasuretheactualperformanceofnetworkdevicesandmakechangestotheconfigurationandoperationofdevicesremotely.Theabilitytomakeremoteconnectionswiththisleveloffunctionalityisbothablessingandasecurityissue.Althoughthisallowsefficientnetworkoperationsmanagement,italsoprovidesanopportunityforunauthorizedentryintoanetwork.Forthisreason,avarietyofsecuritycontrolsareused,fromsecondarynetworkstoVPNsandadvancedauthenticationmethodswithrespecttonetworkcontrolconnections.Networkmonitoringisanongoingconcernforanysignificantnetwork.

Inadditiontomonitoringtrafficflowandefficiency,monitoringofsecurity-relatedeventsisnecessary.IDSsactmerelyasalarms,indicatingthepossibilityofabreachassociatedwithaspecificsetofactivities.Theseindicationsstillneedtobeinvestigatedandanappropriateresponseneedstobeinitiatedbysecuritypersonnel.Simpleitemssuchasportscansmaybeignoredbypolicy,butanactualunauthorizedentryintoanetworkrouter,forinstance,wouldrequireNOCpersonneltotakespecificactionstolimitthepotentialdamagetothesystem.Inanysignificantnetwork,coordinatingsystemchanges,dynamicnetworktrafficlevels,potentialsecurityincidents,andmaintenanceactivitiesisadauntingtaskrequiringnumerouspersonnelworkingtogether.Softwarehasbeendevelopedtohelpmanagetheinformationflowrequiredtosupportthesetasks.Suchsoftwarecanenableremoteadministrationofdevicesinastandardfashion,sothatthecontrolsystemscanbedevisedinahardwarevendor–neutralconfiguration.SNMPisthemainstandardembracedbyvendorstopermit

interoperability.AlthoughSNMPhasreceivedalotofsecurity-relatedattentionoflateduetovarioussecurityholesinitsimplementation,itisstillanimportantpartofasecuritysolutionassociatedwithnetworkinfrastructure.Manyusefultoolshavesecurityissues;thekeyisto

understandthelimitationsandtousethetoolswithincorrectboundariestolimittheriskassociatedwiththevulnerabilities.Blinduseofanytechnologywillresultinincreasedrisk,andSNMPisnoexception.Properplanning,setup,anddeploymentcanlimitexposuretovulnerabilities.Continuousauditingandmaintenanceofsystemswiththelatestpatchesisanecessarypartofoperationsandisessentialtomaintainingasecureposture.

LoadBalancersCertainsystems,suchasservers,aremorecriticaltobusinessoperationsandshouldthereforebetheobjectoffault-tolerancemeasures.Loadbalancersaredesignedtodistributetheprocessingloadovertwoormoresystems.Theyareusedtohelpimproveresourceutilizationandthroughputbutalsohavetheaddedadvantageofincreasingthefaulttoleranceoftheoverallsystemsinceacriticalprocessmaybesplitacrossseveralsystems.Shouldanyonesystemfail,theotherscanpickuptheprocessingitwashandling.

ProxiesProxiesservetomanageconnectionsbetweensystems,actingasrelaysforthetraffic.Proxiescanfunctionatthecircuitlevel,wheretheysupportmultipletraffictypes,ortheycanbeapplication-levelproxies,whicharedesignedtorelayspecificapplicationtraffic.AnHTTPproxycanmanageanHTTPconversationasitunderstandsthetypeandfunctionofthecontent.Application-specificproxiescanserveassecuritydevicesiftheyareprogrammedwithspecificrulesdesignedtoprovideprotectionagainstundesiredcontent.Thoughnotstrictlyasecuritytool,aproxyserver(orsimplyproxy)can

beusedtofilteroutundesirabletrafficandpreventemployeesfromaccessingpotentiallyhostilewebsites.Aproxyservertakesrequestsfromaclientsystemandforwardsthemtothedestinationserveronbehalfofthe

client,asshowninFigure10.8.Proxyserverscanbecompletelytransparent(theseareusuallycalledgatewaysortunnelingproxies),oraproxyservercanmodifytheclientrequestbeforesendingiton,orevenservetheclient’srequestwithoutneedingtocontactthedestinationserver.Severalmajorcategoriesofproxyserversareinuse:

•Figure10.8HTTPproxyhandlingclientrequestsandwebserverresponses

AnonymizingproxyAnanonymizingproxyisdesignedtohideinformationabouttherequestingsystemandmakeauser’swebbrowsingexperience“anonymous.”Thistypeofproxyserviceisoften

usedbyindividualswhoareconcernedabouttheamountofpersonalinformationbeingtransferredacrosstheInternetandtheuseoftrackingcookiesandothermechanismstotrackbrowsingactivity.

CachingproxyThistypeofproxykeepslocalcopiesofpopularclientrequestsandisoftenusedinlargeorganizationstoreducebandwidthusageandincreaseperformance.Whenarequestismade,theproxyserverfirstcheckstoseewhetherithasacurrentcopyoftherequestedcontentinthecache;ifitdoes,itservicestheclientrequestimmediatelywithouthavingtocontactthedestinationserver.Ifthecontentisoldorthecachingproxydoesnothaveacopyoftherequestedcontent,therequestisforwardedtothedestinationserver.

Content-filteringproxyContent-filteringproxiesexamineeachclientrequestandcompareittoanestablishedacceptableusepolicy(AUP).Requestscanusuallybefilteredinavarietyofways,includingbytherequestedURL,destinationsystem,ordomainnameorbykeywordsinthecontentitself.Content-filteringproxiestypicallysupportuser-levelauthentication,soaccesscanbecontrolledandmonitoredandactivitythroughtheproxycanbeloggedandanalyzed.Thistypeofproxyisverypopularinschools,corporateenvironments,andgovernmentnetworks.

OpenproxyAnopenproxyisessentiallyaproxythatisavailabletoanyInternetuserandoftenhassomeanonymizingcapabilitiesaswell.Thistypeofproxyhasbeenthesubjectofsomecontroversy,withadvocatesforInternetprivacyandfreedomononesideoftheargument,andlawenforcement,corporations,andgovernmententitiesontheotherside.Asopenproxiesareoftenusedtocircumventcorporateproxies,manycorporationsattempttoblocktheuseofopenproxiesbytheiremployees.

ReverseproxyAreverseproxyistypicallyinstalledontheserversideofanetworkconnection,ofteninfrontofagroupofwebservers.Thereverseproxyinterceptsallincomingwebrequestsandcanperformanumberoffunctions,includingtrafficfilteringandshaping,SSL

decryption,servingofcommonstaticcontentsuchasgraphics,andperformingloadbalancing.

WebproxyAwebproxyissolelydesignedtohandlewebtrafficandissometimescalledawebcache.Mostwebproxiesareessentiallyspecializedcachingproxies.

ExamTip:Aproxyserverisasystemorapplicationthatactsasago-betweenforclients’requestsfornetworkservices.Theclienttellstheproxyserverwhatitwantsand,iftheclientisauthorizedtohaveit,theproxyserverconnectstotheappropriatenetworkserviceandgetstheclientwhatitaskedfor.Webproxiesarethemostcommonlydeployedtypeofproxyserver.

Deployingaproxysolutionwithinanetworkenvironmentisusuallydoneeitherbysettinguptheproxyandrequiringallclientsystemstoconfiguretheirbrowserstousetheproxyorbydeployinganinterceptingproxythatactivelyinterceptsallrequestswithoutrequiringclient-sideconfiguration.Fromasecurityperspective,proxiesaremostusefulintheirabilityto

controlandfilteroutboundrequests.Bylimitingthetypesofcontentandwebsitesemployeescanaccessfromcorporatesystems,manyadministratorshopetoavoidlossofcorporatedata,hijackedsystems,andinfectionsfrommaliciouswebsites.AdministratorsalsouseproxiestoenforcecorporateAUPsandtrackuseofcorporateresources.Mostproxiescanbeconfiguredtoeitheralloworrequireindividualuserauthentication—thisgivesthemtheabilitytologandcontrolactivitybasedonspecificusersorgroups.Forexample,anorganizationmightwanttoallowthehumanresourcesgrouptobrowseFacebookduringbusinesshoursbutnotallowtherestoftheorganizationtodoso.

WebSecurityGatewaysSomesecurityvendorscombineproxyfunctionswithcontent-filtering

functionstocreateaproductcalledawebsecuritygateway.Websecuritygatewaysareintendedtoaddressthesecuritythreatsandpitfallsuniquetoweb-basedtraffic.Websecuritygatewaystypicallyprovidethefollowingcapabilities:

Real-timemalwareprotection(a.k.a.malwareinspection)Theabilitytoscanalloutgoingandincomingwebtraffictodetectandblockundesirabletrafficsuchasmalware,spyware,adware,maliciousscripts,file-basedattacks,andsoon.

ContentmonitoringTheabilitytomonitorthecontentofwebtrafficbeingexaminedtoensurethatitcomplieswithorganizationalpolicies.

ProductivitymonitoringTheabilitytomeasuretypesandquantitiesofwebtrafficthatisbeinggeneratedbyspecificusers,groupsofusers,ortheentireorganization.

DataprotectionandcomplianceScanningwebtrafficforsensitiveorproprietaryinformationbeingsentoutsideoftheorganizationaswellastheuseofsocialnetworksitesorinappropriatesites.

InternetContentFiltersWiththedramaticproliferationofInternettrafficandthepushtoprovideInternetaccesstoeverydesktop,manycorporationshaveimplementedcontent-filteringsystems,calledanInternetcontentfilter,toprotectthemfromemployees’viewingofinappropriateorillegalcontentattheworkplaceandthesubsequentcomplicationsthatoccurwhensuchviewingtakesplace.Internetcontentfilteringisalsopopularinschools,libraries,homes,governmentoffices,andanyotherenvironmentwherethereisaneedtolimitorrestrictaccesstoundesirablecontent.Inadditiontofilteringundesirablecontent,suchaspornography,somecontentfilterscanalsofilteroutmaliciousactivitysuchasbrowserhijackingattemptsorXSSattacks.Inmanycases,contentfilteringisperformedwithorasapartofaproxysolutionasthecontentrequestscanbefilteredandservicedby

thesamedevice.Contentcanbefilteredinavarietyofways,includingviatherequestedURL,thedestinationsystem,thedomainname,bykeywordsinthecontentitself,andbytypeoffilerequested.

Theterm“Internetcontentfilter”or“contentfilter”isappliedtoanydevice,application,orsoftwarepackagethatexaminesnetworktraffic(especiallywebtraffic)forundesirableorrestrictedcontent.AcontentfiltercouldbeasoftwarepackageloadedonaspecificPCoranetworkappliancecapableoffilteringanentireorganization’swebtraffic.

Content-filteringsystemsfacemanychallenges,becausetheever-changingInternetmakesitdifficulttomaintainlistsofundesirablesites(sometimecalledblacklists);termsusedonamedicalsitecanalsobeusedonapornographicsite,makingkeywordfilteringchallenging;anddeterminedusersarealwaysseekingwaystobypassproxyfilters.Tohelpadministrators,mostcommercialcontent-filteringsolutionsprovideanupdateservice,muchlikeIDSorantivirusproductsthatupdateskeywordsandundesirablesitesautomatically.

DataLossPreventionDatalossprevention(DLP)referstotechnologyemployedtodetectandpreventtransfersofdataacrossanenterprise.Employedatkeylocations,DLPtechnologycanscanpacketsforspecificdatapatterns.Thistechnologycanbetunedtodetectaccountnumbers,secrets,specificmarkers,orfiles.Whenspecificdataelementsaredetected,thesystemcanblockthetransfer.TheprimarychallengeinemployingDLPtechnologiesistheplacementofthesensor.TheDLPsensorneedstobeableobservethedata,soifthechannelisencrypted,DLPtechnologycanbethwarted.

UnifiedThreatManagementManysecurityvendorsoffer“all-in-onesecurityappliances,”whichare

devicesthatcombinemultiplefunctionsintothesamehardwareappliance.Mostcommonlythesefunctionsarefirewall,IDS/IPS,andantivirus,althoughall-in-oneappliancescanincludeVPNcapabilities,antispam,maliciouswebtrafficfiltering,antispyware,contentfiltering,trafficshaping,andsoon.All-in-oneappliancesareoftensoldasbeingcheaper,easiertomanage,andmoreefficientthanhavingseparatesolutionsthataccomplisheachofthefunctionstheall-in-oneapplianceiscapableofperforming.Acommonnamefortheseall-in-oneappliancesisaunifiedthreatmanagement(UTM)appliance.UsingaUTMsolutionsimplifiesthesecurityactivityasasingletask,underacommonsoftwarepackageforoperations.Thisreducesthelearningcurvetoasingletoolratherthanacollectionoftools.AUTMsolutioncanhavebetterintegrationandefficienciesinhandlingnetworktrafficandincidentsthanacollectionoftoolsconnectedtogether.Figure10.9illustratestheadvantagesofUTMprocessing.Ratherthan

processingelementsinalinearfashion,asshownin10.9a,thepacketsareprocessedinaparallelizedfashion(b).Thereisaneedtocoordinatebetweentheelementsandmanymodernsolutionsdothiswithparallelizedhardware.

•Figure10.9Unifiedthreatmanagementarchitecture

URLFilteringURLfiltersblockconnectionstowebsitesthatareinaprohibitedlist.TheuseofaUTMappliance,typicallybackedbyaservicetokeepthelistofprohibitedwebsitesupdated,providesanautomatedmeanstoblockaccesstositesdeemeddangerousorinappropriate.Becauseofthehighlyvolatilenatureofwebcontent,automatedenterprise-levelprotectionisneededtoensureareasonablechanceofblockingsourcesofinappropriate

content,malware,andothermaliciouscontent.

ContentInspectionInsteadofjustrelyingonaURLtodeterminetheacceptabilityofcontent,UTMappliancescanalsoinspecttheactualcontentbeingserved.Contentinspectionisusedtofilterwebrequeststhatreturncontentwithspecificcomponents,suchasnamesofbodyparts,musicorvideocontent,andothercontentthatisinappropriateforthebusinessenvironment.

MalwareInspectionMalwareisanotheritemthatcanbedetectedduringnetworktransmission,andUTMappliancescanbetunedtodetectmalware.Network-basedmalwaredetectionhastheadvantageofhavingtoupdateonlyasinglesystemasopposedtoallmachines.

MediaThebaseofcommunicationsbetweendevicesisthephysicallayeroftheOSImodel.Thisisthedomainoftheactualconnectionbetweendevices,whetherbywire,fiber,orradiofrequencywaves.Thephysicallayerseparatesthedefinitionsandprotocolsrequiredtotransmitthesignalphysicallybetweenboxesfromhigher-levelprotocolsthatdealwiththedetailsofthedataitself.Fourcommonmethodsareusedtoconnectequipmentatthephysicallayer:

Coaxialcable

Twisted-paircable

Fiber-optics

Wireless

CoaxialCableCoaxialcableisfamiliartomanyhouseholdsasamethodofconnectingtelevisionstoVCRsortosatelliteorcableservices.Itisusedbecauseofitshighbandwidthandshieldingcapabilities.Comparedtostandardtwisted-pairlinessuchastelephonelines,coaxialcable(“coax”)ismuchlesspronetooutsideinterference.Itisalsomuchmoreexpensivetorun,bothfromacost-per-footmeasureandfromacable-dimensionmeasure.Coaxcostsmuchmoreperfootthanstandardtwisted-pairwiresandcarriesonlyasinglecircuitforalargewirediameter.

•Acoaxconnector

AnoriginaldesignspecificationforEthernetconnections,coaxwasusedfrommachinetomachineinearlyEthernetimplementations.Theconnectorswereeasytouseandensuredgoodconnections,andthelimiteddistanceofmostofficeLANsdidnotcarryalargecostpenalty.Today,almostallofthisolderEthernetspecificationhasbeenreplacedbyfaster,cheapertwisted-pairalternatives,andtheonlyplaceyou’relikelytoseecoaxinadatanetworkisfromthecableboxtothecablemodem.

•Atypical8-wireUTPline

Becauseofitsphysicalnature,itispossibletodrillaholethroughtheouterpartofacoaxcableandconnecttothecenterconnector.Thisiscalleda“vampiretap”andisaneasymethodtogetaccesstothesignalanddatabeingtransmitted.

UTP/STPTwisted-pairwireshaveallbutcompletelyreplacedcoaxialcablesinEthernetnetworks.Twisted-pairwiresusethesametechnologyusedbythephonecompanyforthemovementofelectricalsignals.Singlepairsoftwistedwiresreduceelectricalcrosstalkandelectromagneticinterference.Multiplegroupsoftwistedpairscanthenbebundledtogetherincommongroupsandeasilywiredbetweendevices.

•Atypical8-wireSTPline

•AbundleofUTPwires

Twistedpairscomeintwotypes,shieldedandunshielded.Shieldedtwisted-pair(STP)hasafoilshieldaroundthepairstoprovideextrashieldingfromelectromagneticinterference.Unshieldedtwisted-pair(UTP)reliesonthetwisttoeliminateinterference.UTPhasacostadvantageoverSTPandisusuallysufficientforconnections,exceptinverynoisyelectricalareas.

Twisted-pairlinesarecategorizedbythelevelofdatatransmissiontheycansupport.Threecurrentcategoriesareinuse:

Category3(Cat3)Minimumforvoiceand10-MbpsEthernet.Category5(Cat5/Cat5e)For100-MbpsFastEthernet;Cat5eisanenhancedversionoftheCat5specificationtoaddressfar-endcrosstalkandissuitablefor1000Mbps.

Category6(Cat6/Cat6a)For10-GigabitEthernetovershortdistances;Cat6aisusedforlonger,upto100m,10-Gbpscables.

Thestandardmethodforconnectingtwisted-paircablesisviaan8-pinconnector,calledanRJ-45connectorthatlookslikeastandardphonejackconnectorbutisslightlylarger.Oneniceaspectoftwisted-paircablingisthatit’seasytospliceandchangeconnectors.ManyanetworkadministratorhasmadeEthernetcablesfromstockCat-5wire,twoconnectors,andacrimpingtool.Thiseaseofconnectionisalsoasecurityissue;becausetwisted-paircablesareeasytospliceinto,rogueconnectionsforsniffingcouldbemadewithoutdetectionincableruns.Bothcoaxandfiberaremuchmoredifficulttosplicebecauseeachrequiresataptoconnect,andtapsareeasiertodetect.

FiberFiber-opticcableusesbeamsoflaserlighttoconnectdevicesoverathinglasswire.Thebiggestadvantagetofiberisitsbandwidth,withtransmissioncapabilitiesintotheterabitspersecondrange.Fiber-opticcableisusedtomakehigh-speedconnectionsbetweenserversandisthebackbonemediumoftheInternetandlargenetworks.Forallofitsspeedandbandwidthadvantages,fiberhasonemajordrawback—cost.Thecostofusingfiberisatwo-edgedsword.Whenmeasuredby

bandwidth,usingfiberischeaperthanusingcompetingwiredtechnologies.Thelengthofrunsoffibercanbemuchlonger,andthedatacapacityoffiberismuchhigher.Butconnectionstoafiberaredifficult

andexpensive,andfiberisimpossibletosplice.Makingthepreciseconnectionontheendofafiber-opticlineisahighlyskilledjobandisdonebyspeciallytrainedprofessionalswhomaintainalevelofproficiency.Oncetheconnectorisfittedontheend,severalformsofconnectorsandblocksareused,asshownintheimagesabove.

•Atypeoffiberterminator

•Atypicalfiber-opticfiber,terminator,andconnectorblock

Splicingfiberispracticallyimpossible;thesolutionistoaddconnectorsandconnectthrougharepeater.Thisaddstothesecurityoffiberinthatunauthorizedconnectionsareallbutimpossibletomake.Thehighcostofconnectionstofiberandthehighercostoffiberperfootalsomakeitlessattractiveforthefinalmileinpublicnetworkswhereusersareconnectedtothepublicswitchingsystems.Forthisreason,cablecompaniesusecoaxandDSLprovidersusetwisted-pairtohandlethe“lastmile”scenario.

UnguidedMedia

Electromagneticwaveshavebeentransmittedtoconveysignalsliterallysincetheinceptionofradio.Unguidedmediaisaphraseusedtocoveralltransmissionmedianotguidedbywire,fiber,orotherconstraints;itincludesradiofrequency,infrared,andmicrowavemethods.Unguidedmediahaveoneattributeincommon:theyareunguidedandassuchcantraveltomanymachinessimultaneously.Transmissionpatternscanbemodulatedbyantennas,butthetargetmachinecanbeoneofmanyinareceptionzone.Assuch,securityprinciplesareevenmorecritical,astheymustassumethatunauthorizedusershaveaccesstothesignal.

InfraredInfrared(IR)isabandofelectromagneticenergyjustbeyondtheredendofthevisiblecolorspectrum.IRhasbeenusedinremote-controldevicesforyears.IRmadeitsdebutincomputernetworkingasawirelessmethodtoconnecttoprinters.Nowthatwirelesskeyboards,wirelessmice,andmobiledevicesexchangedataviaIR,itseemstobeeverywhere.IRcanalsobeusedtoconnectdevicesinanetworkconfiguration,butitisslowcomparedtootherwirelesstechnologies.IRcannotpenetratewallsbutinsteadbouncesoffthem.Norcanitpenetrateothersolidobjects,soifyoustackafewitemsinfrontofthetransceiver,thesignalislost.

RF/MicrowaveTheuseofradiofrequency(RF)wavestocarrycommunicationsignalsgoesbacktothebeginningofthe20thcentury.RFwavesareacommonmethodofcommunicatinginawirelessworld.Theyuseavarietyoffrequencybands,eachwithspecialcharacteristics.ThetermmicrowaveisusedtodescribeaspecificportionoftheRFspectrumthatisusedforcommunicationandothertasks,suchascooking.Point-to-pointmicrowavelinkshavebeeninstalledbymanynetwork

providerstocarrycommunicationsoverlongdistancesandroughterrain.Manydifferentfrequenciesareusedinthemicrowavebandsformanydifferentpurposes.Today,homeuserscanusewirelessnetworkingthroughouttheirhouseandenablelaptopstosurftheWebwhilethey’re

movedaroundthehouse.Corporateusersareexperiencingthesamephenomenon,withwirelessnetworkingenablingcorporateuserstochecke-mailonlaptopswhileridingashuttlebusonabusinesscampus.ThesewirelesssolutionsarecoveredindetailinChapter12.

TechTip

WirelessOptionsTherearenumerousradio-basedalternativesforcarryingnetworktraffic.Theyvaryincapacity,distance,andotherfeatures.CommonlyfoundexamplesareWiFi,WiMAX,ZigBee,Bluetooth,900MHz,andNFC.UnderstandingthesecurityrequirementsassociatedwitheachisimportantandiscoveredinmoredetailinChapter12.

OnekeyfeatureofmicrowavecommunicationsisthatmicrowaveRFenergycanpenetratereasonableamountsofbuildingstructure.Thisallowsyoutoconnectnetworkdevicesinseparaterooms,anditcanremovetheconstraintsonequipmentlocationimposedbyfixedwiring.Anotherkeyfeatureisbroadcastcapability.Byitsnature,RFenergyisunguidedandcanbereceivedbymultipleuserssimultaneously.Microwavesallowmultipleusersaccessinalimitedarea,andmicrowavesystemsareseeingapplicationasthelastmileoftheInternetindensemetropolitanareas.Point-to-multipointmicrowavedevicescandeliverdatacommunicationtoallthebusinessusersinadowntownmetropolitanareathroughrooftopantennas,reducingtheneedforexpensivebuilding-to-buildingcables.Justasmicrowavescarrycellphoneandotherdatacommunications,thesametechnologiesofferamethodtobridgethelast-milesolution.The“lastmile”problemistheconnectionofindividualconsumerstoa

backbone,anexpensivepropositionbecauseofthesheernumberofconnectionsandunsharedlineatthispointinanetwork.Again,costisanissue,astransceiverequipmentisexpensive,butindenselypopulatedareas,suchasapartmentsandofficebuildingsinmetropolitanareas,theuserdensitycanhelpdefrayindividualcosts.Speedoncommercialmicrowavelinkscanexceed10Gbps,sospeedisnotaproblemfor

connectingmultipleusersorforhigh-bandwidthapplications.

RemovableMediaOneconceptcommontoallcomputerusersisdatastorage.Sometimesstorageoccursonafileserverandsometimesitoccursonmovablemedia,allowingittobetransportedbetweenmachines.Movingstoragemediarepresentsasecurityriskfromacoupleofangles,thefirstbeingthepotentiallossofcontroloverthedataonthemovingmedia.Secondistheriskofintroducingunwanteditems,suchasavirusoraworm,whenthemediaareattachedbacktoanetwork.Bothoftheseissuescanberemediedthroughpoliciesandsoftware.Thekeyistoensurethatthepoliciesareenforcedandthesoftwareiseffective.Todescribemedia-specificissues,mediacanbedividedintothreecategories:magnetic,optical,andelectronic.

Removableandtransportablemediamakethephysicalsecurityofthedataamoredifficulttask.Theonlysolutiontothisproblemisencryption,whichiscoveredinChapter5.

MagneticMediaMagneticmediastoredatathroughtherearrangementofmagneticparticlesonanonmagneticsubstrate.Commonformsincludeharddrives,floppydisks,zipdisks,andmagnetictape.Althoughthespecificformatcandiffer,thebasicconceptisthesame.Allthesedevicessharesomecommoncharacteristics:Eachhassensitivitytoexternalmagneticfields.Attachafloppydisktotherefrigeratordoorwithamagnetifyouwanttotestthesensitivity.Theyarealsoaffectedbyhightemperatures,asinfires,andbyexposuretowater.

HardDrivesHarddrivesusedtorequirelargemachinesinmainframes.Nowtheyaresmallenoughtoattachtomobiledevices.Theconceptsremainthesameamongallofthem:aspinningplatterrotatesthemagneticmediabeneathheadsthatreadthepatternsintheoxidecoating.Asdriveshavegottensmallerandrotationspeedshaveincreased,thecapacitieshavealsogrown.Todaygigabytesofdatacanbestoredinadeviceslightlylargerthanabottlecap.Portableharddrivesinthe1TBto3TBrangearenowavailableandaffordable.

•2TBUSBharddrive

Oneofthesecuritycontrolsavailabletohelpprotecttheconfidentialityofthedataisfulldriveencryptionbuiltintothedrivehardware.Usingakeythatiscontrolled,throughaTrustedPlatformModule(TPM)interface

forinstance,thistechnologyprotectsthedataifthedriveitselfislostorstolen.ThismaynotbeimportantifathieftakesthewholePC,butinlargerstorageenvironments,drivesareplacedinseparateboxesandremotelyaccessed.Inthespecificcaseofnotebookmachines,thislayercanbetiedtosmartcardinterfacestoprovidemoresecurity.Asthisisbuiltintothecontroller,encryptionprotocolssuchasAdvancedEncryptionStandard(AES)andTripleDataEncryptionStandard(3DES)canbeperformedatfulldrivespeed.

DiskettesFloppydiskswerethecomputerindustry’sfirstattemptatportablemagneticmedia.Themovablemediumwasplacedinaprotectivesleeve,andthedriveremainedinthemachine.Capacitiesupto1.4MBwereachieved,butthefragilityofthedeviceasthesizeincreased,aswellascompetingmedia,hasrenderedfloppiesalmostobsolete.Diskettesarepartofhistorynow.

TapeMagnetictapehasheldaplaceincomputercenterssincethebeginningofcomputing.Itsprimaryusehasbeenbulkofflinestorageandbackup.Tapefunctionswellinthisrolebecauseofitslowcost.Thedisadvantageoftapeisitsnatureasaserialaccessmedium,makingitslowtoworkwithforlargequantitiesofdata.Severaltypesofmagnetictapeareinusetoday,rangingfromquarterinchtodigitallineartape(DLT)anddigitalaudiotape(DAT).Thesecartridgescanholdupwardof60GBofcompresseddata.Tapesarestillamajorconcernfromasecurityperspective,astheyare

usedtobackupmanytypesofcomputersystems.Thephysicalprotectionaffordedthetapesisofconcern,becauseifatapeisstolen,anunauthorizedusercouldestablishanetworkandrecoveryourdataonhissystem,becauseit’sallstoredonthetape.Offsitestorageisneededforproperdisasterrecoveryprotection,butsecureoffsitestorageandtransportiswhatisreallyneeded.Thisimportantissueisfrequentlyoverlookedin

manyfacilities.Thesimplesolutiontomaintaincontroloverthedataevenwhenyoucan’tcontrolthetapeisthroughencryption.Backuputilitiescansecurethebackupswithencryption,butthisoptionisfrequentlynotused,foravarietyofreasons.Regardlessoftherationalefornotencryptingdata,onceatapeislost,notusingtheencryptionoptionbecomesalamenteddecision.

•Amagnetictapecartridgeforbackups

OpticalMediaOpticalmediainvolvetheuseofalasertoreaddatastoredonaphysical

device.Insteadofhavingamagneticheadthatpicksupmagneticmarksonadisk,alaserpicksupdeformitiesembeddedinthemediathatcontaintheinformation.Aswithmagneticmedia,opticalmediacanberead-write,althoughtheread-onlyversionisstillmorecommon.

CD-R/DVDThecompactdisc(CD)tookthemusicindustrybystorm,andthenittookthecomputerindustrybystormaswell.AstandardCDholdsmorethan640MBofdata,insomecasesupto800MB.Thedigitalvideodisc(DVD)canholdalmost5GBofdatasinglesided,8.5GBduallayer.Thesedevicesoperateasopticalstorage,withlittlemarksburnedinthemtorepresent1’sand0’sonamicroscopicscale.ThemostcommontypeofCDistheread-onlyversion,inwhichthedataiswrittentothedisconceandonlyreadafterward.Thishasbecomeapopularmethodfordistributingcomputersoftware,althoughhigher-capacityDVDshavereplacedCDsforprogramdistribution.

•ADVD(left)andCD(right)

Asecond-generationdevice,therecordablecompactdisc(CD-R),allowsuserstocreatetheirownCDsusingaburnerdeviceintheirPCandspecialsoftware.Userscannowbackupdata,maketheirownaudioCDs,anduseCDsashigh-capacitystorage.Theirrelativelylowcosthasmadethemeconomicaltouse.CDshaveathinlayerofaluminuminsidetheplastic,uponwhichbumpsareburnedbythelaserwhenrecorded.CD-Rsuseareflectivelayer,suchasgold,uponwhichadyeisplacedthatchangesuponimpactbytherecordinglaser.Anewertype,CD-RW,hasadifferentdyethatallowsdiscstobeerasedandreused.ThecostofthemediaincreasesfromCD,toCD-R,toCD-RW.

Blu-rayDiscsThelatestversionofopticaldiscistheBlu-raydisc.Usingasmaller,violet-bluelaser,thissystemcanholdsignificantlymoreinformationthanaDVD.Blu-raydiscscanholdupto128GBinfourlayers.ThetransferspeedofBlu-rayat>48MbpsisoverfourtimesgreaterthanthatofDVDsystems.Designedforhigh-definition(HD)video,Blu-rayofferssignificantstoragefordataaswell.

TechTip

BackupLifetimesAcommonmisconceptionisthatdatabackedupontomagneticmediawilllastforlongperiodsoftime.Althoughoncetoutedaslastingdecades,modernmicro-encodingmethodsareprovinglessdurablethanexpected,sometimeswithlifetimeslessthantenyears.Asecondaryproblemismaintainingoperatingsystemaccessviadriverstolegacyequipment.Astechnologymovesforward,findingdriversforten-year-oldtapedrivesforWindows7orthelatestversionofLinuxwillprovetobeamajorhurdle.

DVDsnowoccupythesamerolethatCDshaveintherecentpast,exceptthattheyholdmorethanseventimesthedataofaCD.Thismakesfull-lengthmovierecordingpossibleonasingledisc.TheincreasedcapacitycomesfromfinertolerancesandthefactthatDVDscanholddata

onbothsides.AwiderangeofformatsforDVDsincludeDVD+R,DVD-R,duallayer,andnowHDformats,HD-DVDandBlu-ray.Thisvarietyisduetocompeting“standards”andcanresultinconfusion.DVD+Rand-Raredistinguishableonlywhenrecording,andmostdevicessince2004shouldreadboth.Duallayersaddadditionalspacebutrequireappropriatedual-layer–enableddrives.

ElectronicMediaThelatestformofremovablemediaiselectronicmemory.Electroniccircuitsofstaticmemory,whichcanretaindataevenwithoutpower,fillanichewherehighdensityandsmallsizeareneeded.Originallyusedinaudiodevicesanddigitalcameras,theseelectronicmediacomeinavarietyofvendor-specifictypes,suchassmartcards,SmartMedia,SDcards,flashcards,memorysticks,andCompactFlashdevices.Thesememorydevicesrangefromsmallcard-likedevices,ofwhichmicroSDcardsaresmallerthandimesandhold2GB,toUSBsticksthatholdupto64GB.Thesedevicesarebecomingubiquitous,withnewPCsandnetbookscontainingbuilt-inslotstoreadthemlikeanyotherstoragedevice.

•SD,microSD,andCompactFlashcards

Althoughtheyareusedprimarilyforphotosandmusic,thesedevicescouldbeusedtomoveanydigitalinformationfromonemachinetoanother.Toamachineequippedwithaconnectorport,thesedeviceslooklikeanyotherfilestoragelocation.TheycanbeconnectedtoasystemthroughaspecialreaderordirectlyviaaUSBport.InnewerPCsystems,aUSBbootdevicehasreplacedtheolderfloppydrive.Thesedevicesaresmall,canholdasignificantamountofdata—over128GBattimeofwriting—andareeasytomovefrommachinetomachine.Anothernovelinterfaceisamousethathasaslotforamemorystick.Thisdual-purposedeviceconservesspace,conservesUSBports,andiseasytouse.Thememorystickisplacedinthemouse,whichcanthenbeusednormally.Thestickiseasilyremovableandtransportable.Themouseworkswithorwithoutthememorystick;itisjustaconvenientdevicetouseforaportal.

Theadventoflarge-capacityUSBstickshasenableduserstobuildentiresystems,OSs,andtoolsontothemtoensuresecurityandveracityoftheOSandtools.Withtheexpandinguseofvirtualization,ausercouldcarryanentiresystemonaUSBstickandbootitusingvirtuallyanyhardware.WithUSB3.0andits640-Mbpsspeeds,thisisahighlyversatileformofmemorythatenablesmanynewcapabilities.

•128GBUSB3.0memorystick

Solid-StateHardDrivesWiththeriseofsolid-statememorytechnologiescomesasolid-state“harddrive.”Solid-statedrives(SSDs)aremovingintomobiledevices,desktops,andevenservers.Memorydensitiesaresignificantlybeyondphysicaldrives,therearenomovingpartstowearoutorfail,andSSDshavevastlysuperiorperformancespecifications.Figure10.10showsa512GBSSDfromalaptop,onahalf-heightminicardmSATAinterface.Theonlyfactorthathasslowedthespreadofthistechnologyhasbeencost,butrecentcostreductionshavemadethisformofmemoryafirst

choiceinmanysystems.

Figure10.10 512GBsolid-statehalf-heightminicard

SecurityConcernsforTransmissionMediaTheprimarysecurityconcernforasystemadministratorhastobe

preventingphysicalaccesstoaserverbyanunauthorizedindividual.Suchaccesswillalmostalwaysspelldisaster,forwithdirectaccessandthecorrecttools,anysystemcanbeinfiltrated.Oneoftheadministrator’snextmajorconcernsshouldbepreventingunfetteredaccesstoanetworkconnection.Accesstoswitchesandroutersisalmostasbadasdirectaccesstoaserver,andaccesstonetworkconnectionswouldrankthirdintermsofworst-casescenarios.Preventingsuchaccessiscostly,yetthecostofreplacingaserverbecauseoftheftisalsocostly.

PhysicalSecurityConcernsAbalancedapproachisthemostsensibleapproachwhenaddressingphysicalsecurity,andthisappliestotransmissionmediaaswell.Keepingnetworkswitchroomssecureandcablerunssecureseemsobvious,butcasesofusingjanitorialclosetsforthisvitalbusinesspurposeabound.Oneofthekeystomountingasuccessfulattackonanetworkisinformation.Usernames,passwords,serverlocations—allofthesecanbeobtainedifsomeonehastheabilitytoobservenetworktrafficinaprocesscalledsniffing.Asniffercanrecordallthenetworktraffic,andthisdatacanbeminedforaccounts,passwords,andtrafficcontent,allofwhichcanbeusefultoanunauthorizeduser.Onestartingpointformanyintrusionsistheinsertionofanunauthorizedsnifferintothenetwork,withthefruitsofitslaborsdrivingtheremainingunauthorizedactivities.Manycommonscenariosexistwhenunauthorizedentrytoanetworkoccurs,includingthese:

Insertinganodeandfunctionalitythatisnotauthorizedonthenetwork,suchasasnifferdeviceorunauthorizedwirelessaccesspoint

Modifyingfirewallsecuritypolicies

ModifyingACLsforfirewalls,switches,orrouters

Modifyingnetworkdevicestoechotraffictoanexternalnode

Networkdevicesandtransmissionmediabecometargetsbecausetheyaredispersedthroughoutanorganization,andphysicalsecurityofmanydisperseditemscanbedifficulttomanage.Althoughlimitingphysicalaccessisdifficult,itisessential.Theleastlevelofskillisstillmorethansufficienttoaccomplishunauthorizedentryintoanetworkifphysicalaccesstothenetworksignalsisallowed.Thisisonefactordrivingmanyorganizationstousefiber-optics,forthesecablesaremuchmoredifficulttotap.AlthoughmanytrickscanbeemployedwithswitchesandVLANstoincreasesecurity,itisstillessentialthatyoupreventunauthorizedcontactwiththenetworkequipment.

CrossCheckPhysicalInfrastructureSecurityThebestfirsteffortistosecuretheactualnetworkequipmenttopreventthistypeofintrusion.AsyoushouldrememberfromChapter8,physicalaccesstonetworkinfrastructureprovidesamyriadofissues,andmostofthemcanbecatastrophicwithrespecttosecurity.Physicallysecuringaccesstonetworkcomponentsisoneofthe“mustdos”ofacomprehensivesecurityeffort.

Wirelessnetworksmaketheintruder’staskeveneasier,astheytakethenetworktotheusers,authorizedornot.Atechniquecalledwar-drivinginvolvesusingalaptopandsoftwaretofindwirelessnetworksfromoutsidethepremises.Atypicaluseofwar-drivingistolocateawirelessnetworkwithpoor(orno)securityandobtainfreeInternetaccess,butotherusescanbemoredevastating.Asimplesolutionistoplaceafirewallbetweenthewirelessaccesspointandtherestofthenetworkandauthenticateusersbeforeallowingentry.BusinessusersuseVPNtechnologytosecuretheirconnectiontotheInternetandotherresources,andhomeuserscandothesamethingtopreventneighborsfrom“sharing”theirInternetconnections.Toensurethatunauthorizedtrafficdoesnotenteryournetworkthroughawirelessaccesspoint,youmusteitheruseafirewallwithanauthenticationsystemorestablishaVPN.

CloudComputingCloudcomputingisacommontermusedtodescribecomputerservicesprovidedoveranetwork.Thesecomputingservicesarecomputing,storage,applications,andservicesthatareofferedviatheInternetProtocol.Oneofthecharacteristicsofcloudcomputingistransparencytotheenduser.Thisimprovesusabilityofthisformofserviceprovisioning.Cloudcomputingoffersmuchtotheuser:improvementsinperformance,scalability,flexibility,security,andreliability,amongotheritems.Theseimprovementsareadirectresultofthespecificattributesassociatedwithhowcloudservicesareimplemented.Securityisaparticularchallengewhendataandcomputationare

handledbyaremoteparty,asincloudcomputing.Thespecificchallengeishowdoesoneallowdataoutsidetheirenterpriseandyetremainincontroloverhowthedataisused,andthecommonanswerisencryption.Byproperlyencryptingdatabeforeitleavestheenterprise,externalstoragecanstillbeperformedsecurely.Cloudscanbecreatedbymanyentities,internalandexternaltoan

organization.Commercialcloudservicesarealreadyavailableandofferedbyavarietyoffirms,aslargeasGoogleandAmazon,tosmaller,localproviders.Internalservicescanreplicatetheadvantagesofcloudcomputingwhileimprovingtheutilityoflimitedresources.Thepromiseofcloudcomputingisimprovedutilityand,assuch,ismarketedundertheconceptsofSoftwareasaService,PlatformasaService,andInfrastructureasaService.

PrivateIfyourorganizationishighlysensitivetosharingresources,youmaywishtoconsidertheuseofaprivatecloud.Privatecloudsareessentiallyreservedresourcesusedonlyforyourorganization—yourownlittlecloudwithinthecloud.Thisservicewillbeconsiderablymoreexpensive,butitshouldalsocarrylessexposureandshouldenableyourorganizationto

betterdefinethesecurity,processing,andhandlingofdatathatoccurswithinyourcloud.

PublicThetermpubliccloudreferstowhenthecloudserviceisrenderedoverasystemthatisopenforpublicuse.Inmostcases,thereislittleoperationaldifferencebetweenpublicandprivatecloudarchitectures,butthesecurityramificationscanbesubstantial.Althoughpubliccloudserviceswillseparateuserswithsecurityrestrictions,thedepthandleveloftheserestrictions,bydefinition,willbesignificantlylessinapubliccloud.

HybridAhybridcloudstructureisonewhereelementsarecombinedfromprivate,public,andcommunitycloudstructures.Whenexaminingahybridstructure,youneedtoremaincognizantthatoperationallythesedifferingenvironmentsmaynotactuallybejoined,butratherusedtogether.Sensitiveinformationcanbestoredintheprivatecloudandissue-relatedinformationcanbestoredinthecommunitycloud,allofwhichinformationisaccessedbyanapplication.Thismakestheoverallsystemahybridcloudsystem.

CommunityAcommunitycloudsystemisonewhereseveralorganizationswithacommoninterestshareacloudenvironmentforthespecificpurposesofthesharedendeavor.Forexample,localpublicentitiesandkeylocalfirmsmayshareacommunityclouddedicatedtoservingtheinterestsofcommunityinitiatives.Thiscanbeanattractivecost-sharingmechanismforspecificdata-sharinginitiatives.

ExamTip:BesureyouunderstandthedifferencesbetweencloudcomputingservicemodelsPlatformasaService,SoftwareasaService,andInfrastructureasaService.

SoftwareasaServiceSoftwareasaService(SaaS)istheofferingofsoftwaretoendusersfromwithinthecloud.Ratherthaninstallingsoftwareonclientmachines,SaaSactsassoftwareondemandwherethesoftwarerunsfromthecloud.Thishasseveraladvantages,asupdatesareoftenseamlesstoendusersandintegrationbetweencomponentsisenhanced.

PlatformasaServicePlatformasaService(PaaS)isamarketingtermusedtodescribetheofferingofacomputingplatforminthecloud.Multiplesetsofsoftware,workingtogethertoprovideservices,suchasdatabaseservices,canbedeliveredviathecloudasaplatform.

InfrastructureasaServiceInfrastructureasaService(IaaS)isatermusedtodescribecloud-basedsystemsthataredeliveredasavirtualplatformforcomputing.Ratherthanbuildingdatacenters,IaaSallowsfirmstocontractforutilitycomputingasneeded.

Chapter10Review

LabManualExerciseThefollowinglabexercisefromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providespracticalapplicationofmaterialcoveredinthischapter:

Lab7.3lConfiguringaPersonalFirewallinLinux

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaspectsofnetworkingandsecureinfrastructures.

Constructnetworksusingdifferenttypesofnetworkdevices

Understandthedifferencesbetweenbasicnetworkdevices,suchashubs,bridges,switches,androuters.

Understandthesecurityimplicationsofnetworkdevicesandhowtoconstructasecurenetworkinfrastructure.

Enhancesecurityusingsecuritydevices

Understandtheuseoffirewalls,next-generationfirewalls,andintrusiondetectionsystems.

Understandtheroleofloadbalancersandproxyserversaspartofasecurenetworksolution.

Understandtheuseofsecurityappliances,suchaswebsecuritygateways,datalossprevention,andunifiedthreatmanagement.

EnhancesecurityusingNAC/NAPmethodologies

TheCiscoNACprotocolandtheMicrosoftNAPprotocolprovidesecurityfunctionalitywhenattachingdevicestoanetwork.

NACandNAPplayacrucialroleinthesecuringofinfrastructureasdevicesenterandleavethenetwork.

NACandNAPcanbeusedtogethertotakeadvantageofthestrengthsandinvestmentsineachtechnologytoformastrongnetworkadmissionmethodology.

Identifythedifferenttypesofmediausedtocarrynetworksignals

Guidedandunguidedmediacanbothcarrynetworktraffic.

Wiredtechnologyfromcoaxcable,throughtwisted-pairEthernet,providesacost-effectivemeansofcarryingnetworktraffic.

Fibertechnologyisusedtocarryhigherbandwidth.

Unguidedmedia,includinginfraredandRF(includingwirelessandBluetooth),provideshort-rangenetworkconnectivity.

Describethedifferenttypesofstoragemediausedtostoreinformation

Thereareawidearrayofremovablemediatypesfrommemorystickstoopticaldiscstoportabledrives.

Datastorageonremovablemedia,becauseofincreasedphysicalaccess,createssignificantsecurityimplications.

Usebasicterminologyassociatedwithnetworkfunctionsrelatedtoinformationsecurity

Understandingandusingthecorrectvocabularyfordevicenamesandrelationshipstonetworkingisimportantasasecurityprofessional.

Securityappliancesaddterminology,includingspecificitemsforIDSandfirewalls.

Describethedifferenttypesandusesofcloudcomputing

Understandthetypesofcloudsinuse.

UnderstandtheuseofSoftwareasaService,InfrastructureasaService,andPlatformasaService.

KeyTermsbasicpacketfiltering(261)bridge(257)cloudcomputing(283)coaxialcable(274)collisiondomain(257)concentrator(264)datalossprevention(DLP)(272)firewall(260)hub(257)InfrastructureasaService(IaaS)(284)Internetcontentfilter(272)loadbalancer(269)modem(265)networkaccesscontrol(267)NetworkAccessProtection(NAP)(267)NetworkAdmissionControl(NAC)(268)NetworkAttachedStorage(NAS)(255)networkinterfacecard(NIC)(256)networkoperationscenter(NOC)(268)next-generationfirewall(263)PlatformasaService(PaaS)(284)privatebranchexchange(PBX)(266)proxyserver(270)router(258)sandboxing(255)servers(253)

shieldedtwisted-pair(STP)(275)SoftwareasaService(SaaS)(284)solid-statedrive(SSD)(281)switch(257)unifiedthreatmanagement(UTM)(272)unshieldedtwisted-pair(UTP)(275)virtualization(254)websecuritygateway(271)wirelessaccesspoint(264)workstation(253)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.A(n)_______________routespacketsbasedonIPaddresses.2.Tooffersoftwaretoendusersfromthecloudisaformof

_______________.

3.Toconnectacomputertoanetwork,youusea(n)_______________.

4.A(n)_______________or_______________distributestrafficbasedonMACaddresses.

5.Toverifythatacomputerisproperlyconfiguredtoconnecttoanetwork,thenetworkcanuse_______________.

6._______________isanameforthetypicalcomputerauserusesonanetwork.

7.A(n)_______________repeatsalldatatrafficacrossallconnectedports.

8.Cat5isanexampleof_______________cable.9.Basicpacketfilteringoccursatthe____________.

10.A(n)_______________isanextensionofthetelephoneserviceintoafirm’stelecommunicationsnetwork.

Multiple-ChoiceQuiz1.SwitchesoperateatwhichlayeroftheOSImodel?

A.Physicallayer

B.Networklayer

C.Datalinklayer

D.Applicationlayer

2.UTPcablesareterminatedforEthernetusingwhattypeofconnector?

A.ABNCplug

B.AnEthernetconnector

C.Astandardphonejackconnector

D.AnRJ-45connector

3.Coaxialcablecarrieshowmanyphysicalchannels?A.Two

B.Four

C.One

D.Noneoftheabove

4.Networkaccesscontrolisassociatedwithwhichofthefollowing?

A.NAP

B.IPsec

C.IPv6

D.NAT

5.Thepurposeoftwistingthewiresintwisted-paircircuitsisto:A.Increasespeed

B.Increasebandwidth

C.Reducecrosstalk

D.Alloweasiertracing

6.MicrosoftNAPpermits:A.Restrictionofconnectionstoarestrictedsubnetonly

B.CheckingofaclientOSpatchlevelbeforeanetworkconnectionispermitted

C.Denialofaconnectionbasedonclientpolicysettings

D.Alloftheabove

7.SNMPisaprotocolusedforwhichofthefollowingfunctions?A.Securee-mail

B.Secureencryptionofnetworkpackets

C.Remoteaccesstouserworkstations

D.Remoteaccesstonetworkinfrastructure

8.Firewallscanusewhichofthefollowingintheiroperation?A.Statefulpacketinspection

B.Portblockingtodenyspecificservices

C.NATtohideinternalIPaddresses

D.Alloftheabove

9.SMTPisaprotocolusedforwhichofthefollowingfunctions?A.E-mail

B.Secureencryptionofnetworkpackets

C.Remoteaccesstouserworkstations

D.Noneoftheabove

10.USB-basedflashmemoryischaracterizedby:A.Highcost

B.Lowcapacity

C.Slowaccess

D.Noneoftheabove

EssayQuiz1.Compareandcontrastroutersandswitchesbydescribingwhatthe

advantagesanddisadvantagesareofeach.

2.Describethecommonthreatstothetransmissionmediainanetwork,bytypeoftransmissionmedia.

LabProjects

•LabProject10.1UsingtwoPCsandasmallhomeoffice–typerouter,configurethemtocommunicateacrossthenetworkwitheachother.

•LabProject10.2DemonstratenetworkconnectivityusingWindowscommand-linetools.

chapter11 AuthenticationandRemoteAccess

WeshouldsetanationalgoalofmakingcomputersandInternetaccessavailableforeveryAmerican.

O

—WILLIAMJEFFERSONCLINTON

Inthischapter,youwilllearnhowto

Identifythedifferencesamonguser,group,androlemanagement

Implementpasswordanddomainpasswordpolicies

Describemethodsofaccountmanagement(SSO,timeofday,logicaltoken,accountexpiration)

Describemethodsofaccessmanagement(MAC,DAC,andRBAC)

Discussthemethodsandprotocolsforremoteaccesstonetworks

Identifyauthentication,authorization,andaccounting(AAA)protocols

Explainauthenticationmethodsandthesecurityimplicationsintheiruse

Implementvirtualprivatenetworks(VPNs)andtheirsecurityaspects

DescribeInternetProtocolSecurity(IPsec)anditsuseinsecuringcommunications

nsingle-usersystemssuchasPCs,theindividualusertypicallyhasaccesstomostofthesystem’sresources,processingcapability,andstoreddata.Onmultiusersystems,suchasserversandmainframes,an

individualusertypicallyhasverylimitedaccesstothesystemandthedatastoredonthatsystem.Anadministratorresponsibleformanagingandmaintainingthemultiusersystemhasmuchgreateraccess.Sohowdoesthecomputersystemknowwhichusersshouldhaveaccesstowhatdata?Howdoestheoperatingsystemknowwhatapplicationsauserisallowedtouse?Onearlycomputersystems,anyonewithphysicalaccesshadfairly

significantrightstothesystemandcouldtypicallyaccessanyfileorexecuteanyapplication.Ascomputersbecamemorepopularanditbecameobviousthatsomewayofseparatingandrestrictinguserswasneeded,theconceptsofusers,groups,andprivilegescameintobeing(privilegesmeanyouhavetheabilityto“dosomething”onacomputersystemsuchascreateadirectory,deleteafile,orrunaprogram).Theseconceptscontinuetobedevelopedandrefinedandarenowpartofwhat

wecallprivilegemanagement.Privilegemanagementistheprocessofrestrictingauser’sabilityto

interactwiththecomputersystem.Essentially,everythingausercandotoorwithacomputersystemfallsintotherealmofprivilegemanagement.Privilegemanagementoccursatmanydifferentpointswithinanoperatingsystemorevenwithinapplicationsrunningonaparticularoperatingsystem.Remoteaccessisanotherkeyissueformultiusersystemsintoday’s

worldofconnectedcomputers.Isolatedcomputers,notconnectedtonetworksortheInternet,arerareitemsthesedays.Exceptforsomespecial-purposemachines,mostcomputersneedinterconnectivitytofulfilltheirpurpose.Remoteaccessenablesusersoutsideanetworktohavenetworkaccessandprivilegesasiftheywereinsidethenetwork.Beingoutsideanetworkmeansthattheuserisworkingonamachinethatisnotphysicallyconnectedtothenetworkandmustthereforeestablishaconnectionthrougharemotemeans,suchasbydialingin,connectingviatheInternet,orconnectingthroughawirelessconnection.Authenticationistheprocessofestablishingauser’sidentitytoenable

thegrantingofpermissions.Toestablishnetworkconnections,avarietyofmethodsareused,thechoiceofwhichdependsonnetworktype,thehardwareandsoftwareemployed,andanysecurityrequirements.

User,Group,andRoleManagementTomanagetheprivilegesofmanydifferentpeopleeffectivelyonthesamesystem,amechanismforseparatingpeopleintodistinctentities(users)isrequired,soyoucancontrolaccessonanindividuallevel.Atthesametime,it’sconvenientandefficienttobeabletolumpuserstogetherwhengrantingmanydifferentpeople(groups)accesstoaresourceatthesametime.Atothertimes,it’susefultobeabletograntorrestrictaccessbasedonaperson’sjoborfunctionwithintheorganization(role).Whileyoucanmanageprivilegesonthebasisofusersalone,managinguser,group,androleassignmentstogetherisfarmoreconvenientandefficient.

TechTip

UserIDvs.UsernameTheterms“userID”and“username”aresometimesusedinterchangeably,buttraditionallythetermuserIDismoreoftenassociatedwithUNIXoperatingsystems.InUNIXoperatingsystems,eachuserisidentifiedbyanunsignedintegercalledauseridentifier,oftenshortenedtouserID.

UserThetermusergenerallyappliestoanypersonaccessingacomputersystem.Inprivilegemanagement,auserisasingleindividual,suchas“JohnForthright”or“SallyJenkins.”Thisisgenerallythelowestleveladdressedbyprivilegemanagementandthemostcommonareaforaddressingaccess,rights,andcapabilities.Whenaccessingacomputersystem,eachuserisgenerallygivenausername—auniquealphanumericidentifierheorshewillusetoidentifyhimselforherselfwhenloggingintooraccessingthesystem.Whendevelopingaschemeforselectingusernames,youshouldkeepinmindthatusernamesmustbeuniquetoeachuser,buttheymustalsobefairlyeasyfortheusertorememberanduse.

ExamTip:Ausernameisauniquealphanumericidentifierusedtoidentifyausertoacomputersystem.Permissionscontrolwhatauserisallowedtodowithobjectsonacomputersystem—whatfilestheycanopen,whatprinterstheycanuse,andsoon.InWindowssecuritymodels,permissionsdefinetheactionsausercanperformonanobject(openafile,deleteafolder,andsoon).Rightsdefinetheactionsausercanperformonthesystemitself,suchaschangethetime,adjustauditinglevels,andsoon.Rightsaretypicallyappliedtooperatingsystem–leveltasks.

Withsomenotableexceptions,ingeneralauserwhowantstoaccessacomputersystemmustfirsthaveausernamecreatedforhimonthesystem

hewishestouse.Thisisusuallydonebyasystemadministrator,securityadministrator,orotherprivilegeduser,andthisisthefirststepinprivilegemanagement—ausershouldnotbeallowedtocreatetheirownaccount.Oncetheaccountiscreatedandausernameisselected,the

administratorcanassignspecificpermissionstothatuser.Permissionscontrolwhattheuserisallowedtodowithobjectsonthesystem—whichfileshemayaccess,whichprogramshemayexecute,andsoon.WhilePCstypicallyhaveonlyoneortwouseraccounts,largersystemssuchasserversandmainframescanhavehundredsofaccountsonthesamesystem.Figure11.1showstheUsersmanagementtaboftheComputerManagementutilityonaWindowsServer2008system.Notethatseveraluseraccountshavebeencreatedonthissystem,eachidentifiedbyauniqueusername.

•Figure11.1UserstabonaWindowsServer2008system

Afew“special”useraccountsdon’ttypicallymatchupone-to-onewitharealperson.Theseaccountsarereservedforspecialfunctionsandtypicallyhavemuchmoreaccessandcontroloverthecomputersystemthantheaverageuseraccount.TwosuchaccountsaretheadministratoraccountunderWindowsandtherootaccountunderUNIX.Eachoftheseaccountsisalsoknownasthesuperuser—ifsomethingcanbedoneonthesystem,thesuperuserhasthepowertodoit.Theseaccountsarenottypicallyassignedtoaspecificindividualandarerestricted,accessedonlywhenthefullcapabilitiesofthataccountarerequired.

Auditinguseraccounts,groupmembership,andpasswordstrengthonaregularbasisisanextremelyimportantsecuritycontrol.Manycomplianceauditsfocusonthepresenceorlackofindustry-acceptedsecuritycontrols.

Duetothepowerpossessedbytheseaccounts,andthefew,ifany,restrictionsplacedonthem,theymustbeprotectedwithstrongpasswordsthatarenoteasilyguessedorobtained.Theseaccountsarealsothemostcommontargetsofattackers—iftheattackercangainrootaccessorassumetheprivilegelevelassociatedwiththerootaccount,shecanbypassmostaccesscontrolsandaccomplishanythingshewantsonthatsystem.

TechTip

GenericAccountsGenericaccountsareaccountswithoutanameduserbehindthem.Thesecanbeemployedforspecialpurposes,suchasrunningservicesandbatchprocesses,butbecausetheycannotbeattributedtoanindividual,theyshouldnothaveloginability.Itisalsoimportantthatiftheyhaveelevatedprivileges,theiractivitiesbecontinuallymonitoredastowhatfunctionstheyareperformingversuswhattheyareexpectedtobedoing.Generaluseofgenericaccountsshouldbeavoidedbecauseoftheincreasedriskassociatedwithnoattributioncapability.

Anotheraccountthatfallsintothe“special”categoryisthesystemaccountusedbyWindowsoperatingsystems.ThesystemaccounthasthesamefileprivilegesastheadministratoraccountandisusedbytheoperatingsystemandbyservicesthatrununderWindows.Bydefault,thesystemaccountisgrantedfullcontroltoallfilesonanNTFSvolume.ServicesandprocessesthatneedthecapabilitytologoninternallywithinWindowswillusethesystemaccount—forexample,theDNSServerandDHCPServerservicesinWindowsServer2008usetheLocalSystemaccount.

GroupUnderprivilegemanagement,agroupisacollectionofuserswithsomecommoncriteria,suchasaneedforaccesstoaparticulardatasetorgroupofapplications.Agroupcanconsistofoneuserorhundredsofusers,andeachusercanbelongtooneormoregroups.Figure11.2showsacommonapproachtogroupingusers—buildinggroupsbasedonjobfunction.

•Figure11.2Logicalrepresentationofgroups

Byassigningmembershipinaspecificgrouptoauser,youmakeitmucheasiertocontrolthatuser’saccessandprivileges.Forexample,if

everymemberoftheengineeringdepartmentneedsaccesstoproductdevelopmentdocuments,administratorscanplacealltheusersintheengineeringdepartmentinasinglegroupandallowthatgrouptoaccessthenecessarydocuments.Onceagroupisassignedpermissionstoaccessaparticularresource,addinganewusertothatgroupwillautomaticallyallowthatusertoaccessthatresource.Ineffect,theuser“inherits”thepermissionsofthegroupassoonassheisplacedinthatgroup.AsFigure11.3shows,acomputersystemcanhavemanydifferentgroups,eachwithitsownrightsandpermissions.

•Figure11.3GroupstabonaWindowsServer2008system

AsyoucanseefromthedescriptionfortheAdministratorsgroupinFigure11.3,thisgrouphascompleteandunrestrictedaccesstothesystem.

Thisincludesaccesstoallfiles,applications,anddatasets.AnyonewhobelongstotheAdministratorsgrouporisplacedinthisgroupwillhaveagreatdealofaccessandcontroloverthesystem.Someoperatingsystems,suchasWindows,havebuilt-ingroups—

groupsthatarealreadydefinedwithintheoperatingsystem,suchasAdministrators,PowerUsers,andEveryone.Thewholeconceptofgroupsrevolvesaroundmakingthetasksofassigningandmanagingpermissionseasier,andbuilt-ingroupscertainlyhelptomakethesetaskseasier.Individualusersaccountscanbeaddedtobuilt-ingroups,allowingadministratorstograntpermissionsetstousersquicklyandeasilywithouthavingtospecifypermissionsmanually.Forexample,addingauseraccountnamed“bjones”tothePowerUsersgroupgivesbjonesallthepermissionsassignedtothebuilt-inPowerUsersgroup,suchasinstallingdrivers,modifyingsettings,andinstallingsoftware.

RoleAnothercommonmethodofmanagingaccessandprivilegesisbyroles.Aroleisusuallysynonymouswithajoborsetoffunctions.Forexample,theroleofsecurityadmininMicrosoftSQLServermaybeappliedtosomeonewhoisresponsibleforcreatingandmanaginglogins,readingerrorlogs,andauditingtheapplication.Securityadminsneedtoaccomplishspecificfunctionsandneedaccesstocertainresourcesthatotherusersdonot—forexample,theyneedtobeabletocreateanddeletelogins,openandreaderrorlogs,andsoon.Ingeneral,anyoneservingintheroleofsecurityadminneedsthesamerightsandprivilegesaseveryothersecurityadmin.Forsimplicityandefficiency,rightsandprivilegescanbeassignedtotherolesecurityadmin,andanyoneassignedtofulfillthatroleautomaticallyhasthecorrectrightsandprivilegestoperformtherequiredtasks.

PasswordPolicies

Theusername/passwordcombinationisbyfarthemostcommonmeansofcontrollingaccesstoapplications,websites,andcomputersystems.Theaverageusermayhaveadozenormoreusernameandpasswordcombinationsbetweenschool,work,andpersonaluse.Tohelpusersselectagood,difficult-to-guesspassword,mostorganizationsimplementandenforceapasswordpolicy,whichtypicallyhasthefollowingcomponents:

TechTip

TOTPATime-basedOne-TimePassword(TOTP)generatorusesthecurrenttimeasoneoftheseedsinaone-timepassword.Thispreventsreplayattacksutilizingacapturedpassword.

PasswordconstructionHowmanycharactersapasswordshouldhave;theuseofcapitalization,numbers,andspecialcharacters;notbasingthepasswordonadictionarywordorpersonalinformation;notmakingthepasswordaslightmodificationofanexistingpassword;andsoon

ReuserestrictionsWhetherornotpasswordscanbereused,and,ifso,withwhatfrequency(howmanydifferentpasswordsmustyouusebeforeyoucanuseoneyou’veusedbefore)

DurationTheminimumandmaximumnumberofdaysapasswordcanbeusedbeforeitcanbechangedormustbechanged

ProtectionofpasswordsNotwritingdownpasswordswhereotherscanfindthem,notsavingpasswordsandnotallowingautomatedlogins,notsharingpasswordswithotherusers,andsoon

ConsequencesConsequencesassociatedwithviolationofornoncompliancewiththepolicy

TheSANSInstituteoffersseveralexamplesofpasswordpolicies(alongwithmanyothercommoninformationsecuritypolicies)onitswebsite

(www.sans.org—typepasswordpolicyintothesearchboxatthetopoftheSANSwebsite).Theoverallguidanceestablishedbytheorganization’ssecuritypolicyshouldberefinedintospecificguidancethatadministratorscanenforceattheoperatingsystemlevel.

ExamTip:Apasswordpolicyisasetofrulesdesignedtoenhancecomputersecuritybyrequiringuserstoemployandmaintainstrongpasswords.Adomainpasswordpolicyisapasswordpolicythatappliestoaspecificdomain.

DomainPasswordPolicyAdomainpasswordpolicyisapasswordpolicyforaspecificdomain.AsthesepoliciesareusuallyassociatedwiththeWindowsoperatingsystem,adomainpasswordpolicyisimplementedandenforcedonthedomaincontroller,whichisacomputerthatrespondstosecurityauthenticationrequests,suchasloggingintoacomputer,foraWindowsdomain.Thedomainpasswordpolicyusuallyfallsunderagrouppolicyobject(GPO)andhasthefollowingelements(seeFigure11.4):

•Figure11.4PasswordpolicyoptionsinWindowsLocalSecurityPolicy

EnforcepasswordhistoryTellsthesystemhowmanypasswordstorememberanddoesnotallowausertoreuseanoldpassword.

MaximumpasswordageSpecifiesthemaximumnumberofdaysapasswordmaybeusedbeforeitmustbechanged.

MinimumpasswordageSpecifiestheminimumnumberofdaysapasswordmustbeusedbeforeitcanbechangedagain.

MinimumpasswordlengthSpecifiestheminimumnumberof

charactersthatmustbeusedinapassword.

PasswordmustmeetcomplexityrequirementsSpecifiesthatthepasswordmustmeettheminimumlengthrequirementandhavecharactersfromatleastthreeofthefollowingfourgroups:Englishuppercasecharacters(AthroughZ),Englishlowercasecharacters(athroughz),numerals(0through9),andnon-alphabeticcharacters(suchas!,$,#,%).

StorepasswordsusingreversibleencryptionReversibleencryptionisaformofencryptionthatcaneasilybedecryptedandisessentiallythesameasstoringaplaintextversionofthepassword(becauseit’ssoeasytoreversetheencryptionandgetthepassword).Thisshouldbeusedonlywhenapplicationsuseprotocolsthatrequiretheuser’spasswordforauthentication(suchasChallenge-HandshakeAuthenticationProtocol,orCHAP).

Notonlyisitessentialtoensureeveryaccounthasastrongpassword,butalsoitisessentialtodisableordeleteunnecessaryaccounts.Ifyoursystemdoesnotneedtosupportguestoranonymousaccounts,thendisablethem.Whenuseroradministratoraccountsarenolongerneeded,removeordisablethem.Asabestpractice,alluseraccountsshouldbeauditedperiodicallytoensuretherearenounnecessary,outdated,orunneededaccountsonyoursystems.

Domainsarelogicalgroupsofcomputersthatshareacentraldirectorydatabase,knownastheActiveDirectorydatabaseforthemorerecentWindowsoperatingsystems.Thedatabasecontainsinformationabouttheuseraccountsandsecurityinformationforallresourcesidentifiedwithinthedomain.Eachuserwithinthedomainisassignedhisorherownuniqueaccount(thatis,adomainisnotasingleaccountsharedbymultipleusers),whichisthenassignedaccesstospecificresourceswithinthedomain.Inoperatingsystemsthatprovidedomaincapabilities,thepasswordpolicyissetintherootcontainerforthedomainandappliestoalluserswithinthatdomain.Settingapasswordpolicyforadomainissimilartosettingother

passwordpoliciesinthatthesamecriticalelementsneedtobeconsidered(passwordlength,complexity,life,andsoon).Ifachangetooneoftheseelementsisdesiredforagroupofusers,anewdomainneedstobecreatedbecausethedomainisconsideredasecurityboundary.InaWindowsoperatingsystemthatemploysActiveDirectory,thedomainpasswordpolicycanbesetintheActiveDirectoryUsersandComputersmenuintheAdministrativeToolssectionoftheControlPanel.

TechTip

CalculatingUniquePasswordCombinationsOneoftheprimaryreasonsadministratorsrequireuserstohavelongerpasswordsthatuseupper-andlowercaseletters,numbers,andatleastone“special”characteristohelpdeterpassword-guessingattacks.Onepopularpassword-guessingtechnique,calledabrute-forceattack,usessoftwaretoguesseverypossiblepassworduntilonematchesauser’spassword.Essentially,abruteforce-attacktriesa,thenaa,thenaaa,andsoonuntilitrunsoutofcombinationsorgetsapasswordmatch.Increasingboththepoolofpossiblecharactersthatcanbeusedinthepasswordandthenumberofcharactersrequiredinthepasswordcanexponentiallyincreasethenumberof“guesses”abrute-forceprogramneedstoperformbeforeitrunsoutofpossibilities.Forexample,ifourpasswordpolicyrequiresathree-characterpasswordthatusesonlylowercaseletters,thereareonly17,576possiblepasswords(26possiblecharacters,3characterslongis263combinations).Requiringasix-characterpasswordincreasesthatnumberto308,915,776possiblepasswords(266).Aneight-characterpasswordwithupper-andlowercase,specialsymbol,andanumberincreasesthepossiblepasswordsto708orover576trillioncombinationsPrecomputedhashesinrainbowtablescanalsobeusedtobruteforcepastshorter

passwords.Asthelengthincreases,sodoesthesizeoftherainbowtable.

SingleSign-OnTouseasystem,usersmustbeabletoaccessit,whichtheyusuallydobysupplyingtheiruserIDs(orusernames)andcorrespondingpasswords.Asanysecurityadministratorknows,themoresystemsaparticularuserhasaccessto,themorepasswordsthatusermusthaveandremember.The

naturaltendencyforusersistoselectpasswordsthatareeasytoremember,oreventhesamepasswordforuseonthemultiplesystemstheyaccess.Wouldn’titbeeasierfortheusersimplytologinonceandhavetorememberonlyasingle,goodpassword?Thisismadepossiblewithatechnologycalledsinglesign-on.Singlesign-on(SSO)isaformofauthenticationthatinvolvesthe

transferringofcredentialsbetweensystems.Asmoreandmoresystemsarecombinedindailyuse,usersareforcedtohavemultiplesetsofcredentials.Ausermayhavetologintothree,four,five,orevenmoresystemseverydayjusttodoherjob.Singlesign-onallowsausertotransferhercredentials,sothatloggingintoonesystemactstologherintoallofthem.OncetheuserhasenteredauserIDandpassword,thesinglesign-onsystempassesthesecredentialstransparentlytoothersystemssothatrepeatedlogonsarenotrequired.Putsimply,yousupplytherightusernameandpasswordonceandyouhaveaccesstoalltheapplicationsanddatayouneed,withouthavingtologinmultipletimesandremembermanydifferentpasswords.Fromauserstandpoint,SSOmeansyouneedtorememberonlyoneusernameandonepassword.Fromanadministrationstandpoint,SSOcanbeeasiertomanageandmaintain.Fromasecuritystandpoint,SSOcanbeevenmoresecure,asuserswhoneedtorememberonlyonepasswordarelesslikelytochoosesomethingtoosimpleorsomethingsocomplextheyneedtowriteitdown.Figure11.5showsalogicaldepictionoftheSSOprocess:

•Figure11.5Singlesign-onprocess

1.Theusersignsinonce,providingausernameandpasswordtotheSSOserver.

2.TheSSOserverprovidesauthenticationinformationtoanyresourcetheuseraccessesduringthatsession.Theserverinterfaceswiththeotherapplicationsandsystems—theuserdoesnotneedtologintoeachsystemindividually.

ExamTip:TheCompTIASecurity+examwillverylikelycontainquestionsregardingsinglesign-onbecauseitissuchaprevalenttopicandaverycommonapproachtomultisystemauthentication.

Inreality,SSOisusuallyalittlemoredifficulttoimplementthanvendorswouldleadyoutobelieve.Tobeeffectiveanduseful,allyourapplicationsneedtobeabletoaccessandusetheauthenticationprovidedbytheSSOprocess.Themorediverseyournetwork,thelesslikelythisistobethecase.Ifyournetwork,likemost,containsdifferentoperatingsystems,customapplications,andadiverseuserbase,SSOmaynotevenbeaviableoption.

TimeofDayRestrictionsSomeorganizationsneedtotightlycontrolcertainusers,groups,orevenrolesandlimitaccesstocertainresourcestospecificdaysandtimes.Mostserver-classoperatingsystemsenableadministratorstoimplementtimeofdayrestrictionsthatlimitwhenausercanlogin,whencertainresourcescanbeaccessed,andsoon.Timeofdayrestrictionsareusuallyspecifiedforindividualaccounts,asshowninFigure11.6.

•Figure11.6LogonhoursforGuestaccount

Fromasecurityperspective,timeofdayrestrictionscanbeveryuseful.Ifausernormallyaccessescertainresourcesduringnormalbusinesshours,anattempttoaccesstheseresourcesoutsidethistimeperiod(eitheratnightorontheweekend)mightindicateanattackerhasgainedaccesstooristryingtogainaccesstothataccount.Specifyingtimeofdayrestrictionscanalsoserveasamechanismtoenforceinternalcontrolsofcriticalorsensitiveresources.Obviously,adrawbacktoenforcingtimeofdayrestrictionsisthatitmeansthatausercan’tgotoworkoutsideofnormal

hoursto“catchup”withworktasks.Aswithallsecuritypolicies,usabilityandsecuritymustbebalancedinthispolicydecision.

Becarefulimplementingtimeofdayrestrictions.Someoperatingsystemsgiveyoutheoptionofdisconnectingusersassoonastheir“allowedlogintime”expiresregardlessofwhattheuserisdoingatthetime.Themorecommonlyusedapproachistoallowcurrentlylogged-inuserstostayconnectedbutrejectanyloginattemptsthatoccuroutsideofallowedhours.

TokensWhiletheusername/passwordcombinationhasbeenandcontinuestobethecheapestandmostpopularmethodofcontrollingaccesstoresources,manyorganizationslookforamoresecureandtamper-resistantformofauthentication.Usernamesandpasswordsare“somethingyouknow”(whichcanbeusedbyanyoneelsewhoknowsordiscoverstheinformation).Amoresecuremethodofauthenticationistocombinethe“somethingyouknow”with“somethingyouhave.”Atokenisanauthenticationfactorthattypicallytakestheformofaphysicalorlogicalentitythattheusermustbeinpossessionoftoaccesstheiraccountorcertainresources.Mosttokensarephysicaltokensthatdisplayaseriesofnumbersthat

changesevery30to90seconds,suchasthetokenpicturedinFigure11.7fromBlizzardEntertainment.Thissequenceofnumbersmustbeenteredwhentheuserisattemptingtologinoraccesscertainresources.Theever-changingsequenceofnumbersissynchronizedtoaremoteserversuchthatwhentheuserentersthecorrectusername,password,andmatchingsequenceofnumbers,heisallowedtologin.Evenifanattackerobtainstheusernameandpassword,theattackercannotloginwithoutthematchingsequenceofnumbers.OtherphysicaltokensincludeCommonAccessCards(CACs),USBtokens,smartcards,andPCcards.

•Figure11.7TokenauthenticatorfromBlizzardEntertainment

Tokensmayalsobeimplementedinsoftware.Softwaretokensstillprovidetwo-factorauthenticationbutdon’trequiretheusertohaveaphysicaldeviceonhand.Sometokensrequiresoftwareclientsthatstoreasymmetrickey(sometimescalledaseedrecord)inasecuredlocationontheuser’sdevice(laptop,desktop,tablet,andsoon).Othersoftwaretokensusepublickeycryptography.Asymmetriccryptographysolutions,suchaspublickeycryptography,oftenassociateaPINwithaspecificuser’stoken.Tologinoraccesscriticalresources,theusermustsupplythecorrectPIN.ThePINisstoredonaremoteserverandisusedduringtheauthenticationprocesssothatifauserpresentstherighttoken,butnottherightPIN,theuser’saccesscanbedenied.Thishelpspreventanattackerfromgainingaccessifhegetsacopyoforgainsaccesstothesoftwaretoken.

CrossCheckSymmetricandAsymmetricCryptographyYoulearnedaboutsymmetricandasymmetriccryptographyinChapter5.Whatisthedifference

betweenthetwomethods?Whichoneusespublickeys?

TechTip

BestPractice:PasswordExpirationOneofthebestpracticesanorganizationcanimplementistoattachanexpirationdatetouserpasswords.Thishelpsensurethatifapasswordiscompromised,theperiodthattheaccountremainscompromisedislimited.Inmostenvironmentsandoperatingsystems,thisisexpressedintermsofthenumberofdaysbeforethepasswordexpiresandisnolongervalid.Forexample,amaximumpasswordageof90daysmeansthataparticularpasswordwillexpire90daysafterthatpasswordwasinitiallysettoitscurrentvalue.

AccountandPasswordExpirationAnothercommonrestrictionthatcanbeenforcedinmanyaccesscontrolmechanismsiseither(orboth)anaccountexpirationorpasswordexpirationfeature.Thisallowsadministratorstospecifyaperiodoftimeforwhichapasswordoranaccountwillbeactive.Forpasswordexpiration,whentheexpirationdateisreached,theusergenerallyisaskedtocreateanewpassword.Thismeansthatifthepassword(andthustheaccount)hasbeencompromisedwhentheexpirationdateisreachedandanewpasswordisset,theattackerwillagain(hopefully)belockedoutofthesystem.Theattackercan’tchangethepasswordhimself,sincetheuserwouldthenbelockedoutandwouldcontactanadministratortohavethepasswordreset,thusagainlockingouttheattacker.Anotherattackoptionwouldinvolvetheattackersettinganew

passwordonthecompromisedaccountandthenattemptingtoresettheaccountbacktotheoriginal,compromisedpassword.Iftheattackerissuccessful,anewexpirationtimewouldbesetfortheaccountbuttheoldpasswordwouldstillbeusedandtheuserwouldnotbelockedoutoftheiraccount;inmostcases,theuserwouldn’tnoticeanythinghadhappenedatallastheiroldpasswordwouldcontinuetowork.Thisisonereasonwhya

passwordhistorymechanismshouldbeused.Thehistoryisusedtokeeptrackofpreviouslyusedpasswordssothattheycannotbereused.

TechTip

HeartbleedIn2014avulnerabilitythatcouldcauseusercredentialstobeexposedwasdiscoveredinmillionsofsystems.CalledtheHeartbleedincident,thisresultedinnumeroususersbeingtoldtochangetheirpasswordsbecauseofpotentialcompromise.Userswerealsowarnedofthedangersofreusingpasswordsacrossdifferentaccounts.Althoughthismakespasswordseasiertoremember,italsoimprovesguessingchances.Whatmadethiswholeeffortofprotectingyourpasswordsparticularlychallengingisthatthebreachwaswidespread—virtuallyallLinuxsystems—andthepatchingratewasuneven,sopeoplecouldbesufferingmultipleexposuresovertime.Afteroneyear,anestimated40%ofallcompromisedsystemsremainedunpatched.Thishighlightstheimportanceofnotreusingpasswordsacrossmultipleaccounts.

SecurityControlsandPermissionsIfmultipleusersshareacomputersystem,thesystemadministratorlikelyneedstocontrolwhoisallowedtodowhatwhenitcomestoviewing,using,orchangingsystemresources.Whileoperatingsystemsvaryinhowtheyimplementthesetypesofcontrols,mostoperatingsystemsusetheconceptsofpermissionsandrightstocontrolandsafeguardaccesstoresources.Aswediscussedearlier,permissionscontrolwhatauserisallowedtodowithobjectsonasystemandrightsdefinetheactionsausercanperformonthesystemitself.Let’sexaminehowtheWindowsoperatingsystemsimplementthisconcept.TheWindowsoperatingsystemsusetheconceptsofpermissionsand

rightstocontrolaccesstofiles,folders,andinformationresources.WhenusingtheNTFSfilesystem,administratorscangrantusersandgroupspermissiontoperformcertaintasksastheyrelatetofiles,folders,andRegistrykeys.ThebasiccategoriesofNTFSpermissionsareasfollows:

ExamTip:Permissionscanbeappliedtospecificusersorgroupstocontrolthatuser’sorgroup’sabilitytoview,modify,access,use,ordeleteresourcessuchasfoldersandfiles.

FullControlAuser/groupcanchangepermissionsonthefolder/file,takeownershipifsomeoneelseownsthefolder/file,deletesubfoldersandfiles,andperformactionspermittedbyallotherNTFSfolderpermissions.

ModifyUsers/groupscanviewandmodifyfiles/foldersandtheirproperties,candeleteandaddfiles/folders,andcandeleteoraddpropertiestoafile/folder.

Read&ExecuteUsers/groupscanviewthefile/folderandcanexecutescriptsandexecutablesbutcannotmakeanychanges(files/foldersareread-only).

ListFolderContentsAuser/groupcanlistonlywhatisinsidethefolder(appliestofoldersonly).

ReadUsers/groupscanviewthecontentsofthefile/folderandthefile/folderproperties.

WriteUsers/groupscanwritetothefileorfolder.

Figure11.8showsthepermissionsonafoldercalledDatafromaWindowsServersystem.InthetophalfofthePermissionswindowaretheusersandgroupsthathavepermissionsforthisfolder.Inthebottomhalfofthewindowarethepermissionsassignedtothehighlighteduserorgroup.

•Figure11.8PermissionsfortheDatafolder

TheWindowsoperatingsystemalsousesuserrightsorprivilegestodeterminewhatactionsauserorgroupisallowedtoperformoraccess.Theseuserrightsaretypicallyassignedtogroups,asitiseasiertodealwithafewgroupsthantoassignrightstoindividualusers,andtheyareusuallydefinedineitheragrouporalocalsecuritypolicy.Thelistofuserrightsisquiteextensivebutafewexamplesofuserrightsare

LogonlocallyUsers/groupscanattempttologontothelocalsystemitself.

AccessthiscomputerfromthenetworkUsers/groupscanattempttoaccessthissystemthroughthenetworkconnection.

ManageauditingandsecuritylogUsers/groupscanview,modify,anddeleteauditingandsecurityloginformation.

Rightstendtobeactionsthatdealwithaccessingthesystemitself,processcontrol,logging,andsoon.Figure11.9showstheuserrightscontainedinthelocalsecuritypolicyonaWindowssystem.

•Figure11.9UserRightsAssignmentoptionsfromWindowsLocalSecurityPolicy

Foldersandfilesarenottheonlythingsthatcanbesafeguardedorcontrolledusingpermissions.Evenaccessanduseofperipherals,suchasprinters,canbecontrolledusingpermissions.Figure11.10showstheSecuritytabfromaprinterattachedtoaWindowssystem.Permissionscanbeassignedtocontrolwhocanprinttotheprinter,whocanmanagedocumentsandprintjobssenttotheprinter,andwhocanmanagetheprinteritself.Withthistypeofgranularcontrol,administratorshaveagreatdealofcontroloverhowsystemresourcesareusedandwhousesthem.

•Figure11.10SecuritytabshowingprinterpermissionsinWindows

ExamTip:Althoughitisveryimportanttogetsecuritysettings“rightthefirsttime,”itisjustasimportanttoperformroutineauditsofsecuritysettingssuchasuseraccounts,groupmemberships,filepermissions,andsoon.

Averyimportantconcepttoconsiderwhenassigningrightsandprivilegestousersistheconceptofleastprivilege.Leastprivilegerequiresthatusersbegiventheabsoluteminimumnumberofrightsandprivilegesrequiredtoperformtheirauthorizedduties.Forexample,ifauserdoesnotneedtheabilitytoinstallsoftwareontheirowndesktoptoperformtheirjob,thendon’tgivethemthatability.Thisreducesthelikelihoodtheuserwillloadmalware,insecuresoftware,orunauthorizedapplicationsontotheirsystem.

AccessControlListsThetermaccesscontrollist(ACL)isusedinmorethanonemannerinthefieldofcomputersecurity.Whendiscussingroutersandfirewalls,anACLisasetofrulesusedtocontroltrafficflowintooroutofaninterfaceornetwork.Whendiscussingsystemresources,suchasfilesandfolders,anACLlistspermissionsattachedtoanobject—whoisallowedtoview,modify,move,ordeletethatobject.Toillustratethisconcept,consideranexample.Figure11.11showsthe

accesscontrollist(permissions)fortheDatafolder.TheuseridentifiedasBillyWilliamshasRead&Execute,ListFolderContents,andReadpermissions,meaningthisusercanopenthefolder,seewhat’sinthefolder,andsoon.Figure11.12showsthepermissionsforauseridentifiedasLeahJones,whohasonlyReadpermissionsonthesamefolder.

•Figure11.11PermissionsforBillyWilliamsontheDatafolder

•Figure11.12PermissionsforLeahJonesontheDatafolder

Incomputersystemsandnetworks,thereareseveralwaysthataccesscontrolscanbeimplemented.Anaccesscontrolmatrixprovidesthesimplestframeworkforillustratingtheprocess.AnexampleofanaccesscontrolmatrixisprovidedinTable11.1.Inthismatrix,thesystemiskeepingtrackoftwoprocesses,twofiles,andonehardwaredevice.Process1canreadbothFile1andFile2butcanwriteonlytoFile1.Process1cannotaccessProcess2,butProcess2canexecuteProcess1.Bothprocesseshavetheabilitytowritetotheprinter.

Table11.1 AnAccessControlMatrix

Whilesimpletounderstand,theaccesscontrolmatrixisseldomusedincomputersystemsbecauseitisextremelycostlyintermsofstoragespaceandprocessing.Imaginethesizeofanaccesscontrolmatrixforalargenetworkwithhundredsofusersandthousandsoffiles.

MandatoryAccessControl(MAC)Mandatoryaccesscontrol(MAC)istheprocessofcontrollingaccesstoinformationbasedonthesensitivityofthatinformationandwhetherornottheuserisoperatingattheappropriatesensitivitylevelandhastheauthoritytoaccessthatinformation.UnderaMACsystem,eachpieceofinformationandeverysystemresource(files,devices,networks,andsoon)islabeledwithitssensitivitylevel(suchasPublic,Engineering

Private,JonesSecret).Usersareassignedaclearancelevelthatsetstheupperboundaryoftheinformationanddevicesthattheyareallowedtoaccess.

ExamTip:Mandatoryaccesscontrolrestrictsaccessbasedonthesensitivityoftheinformationandwhetherornottheuserhastheauthoritytoaccessthatinformation.

TheaccesscontrolandsensitivitylabelsarerequiredinaMACsystem.Labelsaredefinedandthenassignedtousersandresources.Usersmustthenoperatewithintheirassignedsensitivityandclearancelevels—theydon’thavetheoptiontomodifytheirownsensitivitylevelsorthelevelsoftheinformationresourcestheycreate.Duetothecomplexityinvolved,MACistypicallyrunonlyonsystemswheresecurityisatopprioritysuchasTrustedSolaris,OpenBSD,andSELinux.

TechTip

MACObjectiveMandatoryaccesscontrolsareoftenmentionedindiscussionsofmultilevelsecurity.Formultilevelsecuritytobeimplemented,amechanismmustbepresenttoidentifytheclassificationofallusersandfiles.AfileidentifiedasTopSecret(hasalabelindicatingthatitisTopSecret)maybeviewedonlybyindividualswithaTopSecretclearance.Forthiscontrolmechanismtoworkreliably,allfilesmustbemarkedwithappropriatecontrolsandalluseraccessmustbechecked.ThisistheprimarygoalofMAC.

Figure11.13illustratesMACinoperation.Theinformationresourceonthelefthasbeenlabeled“EngineeringSecret,”meaningonlyusersintheEngineeringgroupoperatingattheSecretsensitivitylevelorabovecanaccessthatresource.ThetopuserisoperatingattheSecretlevelbutisnotamemberofEngineeringandisdeniedaccesstotheresource.ThemiddleuserisamemberofEngineeringbutisoperatingataPublicsensitivity

levelandisthereforedeniedaccesstotheresource.ThebottomuserisamemberofEngineering,isoperatingataSecretsensitivitylevel,andisallowedtoaccesstheinformationresource.

•Figure11.13Logicalrepresentationofmandatoryaccesscontrol

DiscretionaryAccessControl(DAC)Discretionaryaccesscontrol(DAC)istheprocessofusingfilepermissionsandoptionalACLstorestrictaccesstoinformationbasedonauser’sidentityorgroupmembership.DACisthemostcommonaccesscontrolsystemandiscommonlyusedinbothUNIXandWindowsoperatingsystems.The“discretionary”partofDACmeansthatafileor

resourceownerhastheabilitytochangethepermissionsonthatfileorresource.

TechTip

MultilevelSecurityIntheU.S.government,thefollowingsecuritylabelsareusedtoclassifyinformationandinformationresourcesforMACsystems:

TopSecretThehighestsecuritylevelandisdefinedasinformationthatwouldcause“exceptionallygravedamage”tonationalsecurityifdisclosed.

SecretThesecondhighestlevelandisdefinedasinformationthatwouldcause“seriousdamage”tonationalsecurityifdisclosed.

ConfidentialThelowestlevelofclassifiedinformationandisdefinedasinformationthatwould“damage”nationalsecurityifdisclosed.

ForOfficialUseOnlyInformationthatisunclassifiedbutnotreleasabletopublicorunauthorizedparties.SometimescalledSensitiveButUnclassified(SBU)

UnclassifiedNotanofficialclassificationlevel.

Thelabelsworkinatop-downfashionsothatanindividualholdingaSecretclearancewouldhaveaccesstoinformationattheSecret,Confidential,andUnclassifiedlevels.AnindividualwithaSecretclearancewouldnothaveaccesstoTopSecretresources,asthatlabelisabovethehighestleveloftheindividual’sclearance.

UnderUNIXoperatingsystems,filepermissionsconsistofthreedistinctparts:

Ownerpermissions(read,write,andexecute)Theownerofthefile

Grouppermissions(read,write,andexecute)Thegrouptowhichtheownerofthefilebelongs

Worldpermissions(read,write,andexecute)Anyoneelsewhoisnottheowneranddoesnotbelongtothegrouptowhichtheownerofthefilebelongs

ExamTip:Discretionaryaccesscontrolrestrictsaccessbasedontheuser’sidentityorgroupmembership.

Forexample,supposeafilecalledsecretdatahasbeencreatedbytheownerofthefile,Luke,whoispartoftheEngineeringgroup.TheownerpermissionsonthefilewouldreflectLuke’saccesstothefile(astheowner).ThegrouppermissionswouldreflecttheaccessgrantedtoanyonewhoispartoftheEngineeringgroup.TheworldpermissionswouldrepresenttheaccessgrantedtoanyonewhoisnotLukeandisnotpartoftheEngineeringgroup.InUNIX,afile’spermissionsareusuallydisplayedasaseriesofnine

characters,withthefirstthreecharactersrepresentingtheowner’spermissions,thesecondthreecharactersrepresentingthegrouppermissions,andthelastthreecharactersrepresentingthepermissionsforeveryoneelse,orfortheworld.ThisconceptisillustratedinFigure11.14.

•Figure11.14DiscretionaryfilepermissionsintheUNIXenvironment

SupposethefilesecretdataisownedbyLukewithgrouppermissions

forEngineering(becauseLukeispartoftheEngineeringgroup),andthepermissionsonthatfilearerwx,rw-,and---,asshowninFigure11.14.Thiswouldmeanthat:

Lukecanread,write,andexecutethefile(rwx).

MembersoftheEngineeringgroupcanreadandwritethefilebutnotexecuteit(rw-).

Theworldhasnoaccesstothefileandcan’tread,write,orexecuteit(---).

RememberthatundertheDACmodel,thefile’sowner,Luke,canchangethefile’spermissionsanytimehewants.

Role-BasedAccessControl(RBAC)Accesscontrollistscanbecumbersomeandcantaketimetoadministerproperly.Role-basedaccesscontrol(RBAC)istheprocessofmanagingaccessandprivilegesbasedontheuser’sassignedroles.RBACistheaccesscontrolmodelthatmostcloselyresemblesanorganization’sstructure.Inthisscheme,insteadofeachuserbeingassignedspecificaccesspermissionsfortheobjectsassociatedwiththecomputersystemornetwork,thatuserisassignedasetofrolesthattheusermayperform.Therolesareinturnassignedtheaccesspermissionsnecessarytoperformthetasksassociatedwiththerole.Userswillthusbegrantedpermissionstoobjectsintermsofthespecificdutiestheymustperform—notjustbecauseofasecurityclassificationassociatedwithindividualobjects.

Asdefinedbythe“OrangeBook,”aDepartmentofDefensedocument(inthe“rainbowseries”)thatatonetimewasthestandardfordescribingwhatconstitutedatrustedcomputingsystem,adiscretionaryaccesscontrol(DAC)is“ameansofrestrictingaccesstoobjectsbasedontheidentityofsubjectsand/orgroupstowhichtheybelong.Thecontrolsarediscretionaryinthesensethatasubjectwithacertainaccesspermissioniscapableofpassingthatpermission

(perhapsindirectly)ontoanyothersubject(unlessrestrainedbymandatoryaccesscontrol).”

UnderRBAC,youmustfirstdeterminetheactivitiesthatmustbeperformedandtheresourcesthatmustbeaccessedbyspecificroles.Forexample,theroleof“securityadmin”inMicrosoftSQLServermustbeabletocreateandmanagelogins,readerrorlogs,andaudittheapplication.Oncealltherolesarecreatedandtherightsandprivilegesassociatedwiththoserolesaredetermined,userscanthenbeassignedoneormorerolesbasedontheirjobfunctions.Whenaroleisassignedtoaspecificuser,theusergetsalltherightsandprivilegesassignedtothatrole.

ExamTip:Role-basedandrule-basedaccesscontrolcanbothbeabbreviatedasRBAC.StandardconventionisforRBACtobeusedtodenoterole-basedaccesscontrol.Aseldom-seenacronymforrule-basedaccesscontrolisRB-RBAC.Role-basedfocusesontheuser’srole(administrator,backupoperator,andsoon).Rule-basedfocusesonpredefinedcriteriasuchastimeofday(userscanonlyloginbetween8A.M.and6P.M.)ortypeofnetworktraffic(webtrafficisallowedtoleavetheorganization).

Unfortunately,inreality,administratorsoftenfindthemselvesinapositionofworkinginanorganizationwheremorethanoneuserhasmultiplerolesorevenaccesstomultipleaccounts(asituationquitecommoninsmallerorganizations).Userswithmultipleaccountstendtoselectthesameorsimilarpasswordsforthoseaccounts,therebyincreasingthechanceonecompromisedaccountcanleadtothecompromiseofotheraccountsaccessedbythatuser.Wherepossible,administratorsshouldfirsteliminatesharedoradditionalaccountsforusersandthenexaminethepossibilityofcombiningrolesorprivilegestoreducethe“accountfootprint”ofindividualusers.

Rule-BasedAccessControlRule-basedaccesscontrolisyetanothermethodofmanagingaccessand

privileges(andunfortunatelysharesthesameacronymasrole-basedaccesscontrol).Inthismethod,accessiseitherallowedordeniedbasedonasetofpredefinedrules.EachobjecthasanassociatedACL(muchlikeDAC),andwhenaparticularuserorgroupattemptstoaccesstheobject,theappropriateruleisapplied.

ExamTip:TheCompTIASecurity+examwillverylikelyexpectyoutobeabletodifferentiatebetweenthefourmajorformsofaccesscontroldiscussedhere:mandatoryaccesscontrol,discretionaryaccesscontrol,role-basedaccesscontrol,andrule-basedaccesscontrol.

Agoodexampleforrule-basedaccesscontrolispermittedlogonhours.Manyoperatingsystemsgiveadministratorstheabilitytocontrolthehoursduringwhichuserscanlogin.Forexample,abankmayallowitsemployeestologinonlybetweenthehoursof8A.M.and6P.M.MondaythroughSaturday.Ifauserattemptstologinoutsideofthesehours,3A.M.onSundayforexample,thentherulewillrejecttheloginattemptwhetherornottheusersuppliesvalidlogincredentials.

Attribute-BasedAccessControl(ABAC)Attribute-basedaccesscontrol(ABAC)isanewaccesscontrolschemabasedontheuseofattributesassociatedwithanidentity.Thesecanuseanytypeofattributes(userattributes,resourceattributes,environmentattributes,andsoon),suchaslocation,time,activitybeingrequested,andusercredentials.Anexamplewouldbeadoctorgettingonesetofaccessforaspecificpatientversusadifferentpatient.ABACcanberepresentedviatheeXtensibleAccessControlMarkupLanguage(XACML),astandardthatimplementsattribute-andpolicy-basedaccesscontrolschemes.

AccountExpiration

Inadditiontoalltheothermethodsofcontrollingandrestrictingaccess,mostmodernoperatingsystemsallowadministratorstospecifythelengthoftimeanaccountisvalidandwhenit“expires”orisdisabled.Thisisagreatmethodforcontrollingtemporaryaccounts,oraccountsforcontractorsorcontractemployees.Fortheseaccounts,theadministratorcanspecifyanexpirationdate;whenthedateisreached,theaccountautomaticallybecomeslockedoutandcannotbeloggedintowithoutadministratorintervention.Arelatedactioncanbetakenwithaccountsthatneverexpire:theycanautomaticallybemarked“inactive”andlockedoutiftheyhavebeenunusedforaspecifiednumberofdays.Accountexpirationissimilartopasswordexpiration,inthatitlimitsthetimewindowofpotentialcompromise.Whenanaccounthasexpired,itcannotbeusedunlesstheexpirationdeadlineisextended.

TechTip

DisablingAccountsWhenanadministratorneedstoendauser’saccess,forinstanceupontermination,thereareseveraloptions.Thebestoptionistodisabletheaccountbutleaveitinthesystem.ThispreservesaccountpermissionchainsandpreventsreuseofauserID,leadingtopotentialconfusionlaterwhenexamininglogs.

Similarly,organizationsmustdefinewhetheraccountsaredeletedordisabledwhennolongerneeded.Deletinganaccountremovestheaccountfromthesystempermanently,whereasdisablinganaccountleavesitinplacebutmarksitasunusable.Manyorganizationsdisableaccountsforaperiodoftimeafteranemployeedeparts(30ormoredays)priortodeletingtheaccount.Thispreventsanyonefromusingtheaccountandallowsadministratorstoreassignfiles,forwardmail,and“cleanup”beforetakinganypermanentactionsontheaccount.

PreventingDataLossorTheft

Identitytheftandcommercialespionagehavebecomeverylargeandlucrativecriminalenterprisesoverthepastdecade.Hackersarenolongermerelycontenttocompromisesystemsanddefacewebsites.Inmanyattacksperformedtoday,hackersareafterintellectualproperty,businessplans,competitiveintelligence,personalinformation,creditcardnumbers,clientrecords,oranyotherinformationthatcanbesold,traded,ormanipulatedforprofit.Thishascreatedawholeindustryoftechnicalsolutionslabeleddatalossprevention(DLP)solutions.Itcanbeassumedthatahackerhasassumedtheidentityofan

authorizeduser,andDLPsolutionsexisttopreventtheexfiltrationofdataregardlessofaccesscontrolrestrictions.DLPsolutionscomeinmanyforms,andeachofthesesolutionshasstrengthsandweaknesses.Thebestsolutionisacombinationofsecurityelements,sometosecuredatainstorage(encryption)andsomeintheformofmonitoring(proxydevicestomonitordataegressforsensitivedata),andevenNetFlowanalyticstoidentifynewbulkdatatransferroutes.

TheRemoteAccessProcessTheprocessofconnectingbyremoteaccessinvolvestwoelements:atemporarynetworkconnectionandaseriesofprotocolstonegotiateprivilegesandcommands.Thetemporarynetworkconnectioncanoccurviaadial-upservice,theInternet,wirelessaccess,oranyothermethodofconnectingtoanetwork.Oncetheconnectionismade,theprimaryissueisauthenticatingtheidentityoftheuserandestablishingproperprivilegesforthatuser.Thisisaccomplishedusingacombinationofprotocolsandtheoperatingsystemonthehostmachine.Thethreestepsintheestablishmentofproperprivilegesare

authentication,authorization,andaccounting,commonlyreferredtosimplyasAAA.Authenticationisthematchingofuser-suppliedcredentialstopreviouslystoredcredentialsonahostmachine,anditusuallyinvolvesanaccountusernameandpassword.Oncetheuserisauthenticated,theauthorizationsteptakesplace.Authorizationisthe

grantingofspecificpermissionsbasedontheprivilegesheldbytheaccount.Doestheuserhavepermissiontousethenetworkatthistime,orisheruserestricted?Doestheuserhaveaccesstospecificapplications,suchasmailandFTP,oraresomeoftheserestricted?Thesechecksarecarriedoutaspartofauthorization,andinmanycasesthisisafunctionoftheoperatingsysteminconjunctionwithitsestablishedsecuritypolicies.Accountingisthecollectionofbillingandotherdetailrecords.Networkaccessisoftenabillablefunction,andalogofhowmuchtime,bandwidth,filetransferspace,orotherresourceswereusedneedstobemaintained.Otheraccountingfunctionsincludekeepingdetailedsecuritylogstomaintainanaudittrailoftasksbeingperformed.

TechTip

SecuringRemoteConnectionsByusingencryption,remoteaccessprotocolscansecurelyauthenticateandauthorizeauseraccordingtopreviouslyestablishedprivilegelevels.Theauthorizationphasecankeepunauthorizedusersout,butafterthat,encryptionofthecommunicationschannelbecomesveryimportantinpreventingnonauthorizedusersfrombreakinginonanauthorizedsessionandhijackinganauthorizeduser’scredentials.AsmoreandmorenetworksrelyontheInternetforconnectingremoteusers,theneedforandimportanceofsecureremoteaccessprotocolsandsecurecommunicationchannelswillcontinuetogrow.

WhenauserconnectstotheInternetthroughanISP,thisissimilarlyacaseofremoteaccess—theuserisestablishingaconnectiontoherISP’snetwork,andthesamesecurityissuesapply.Theissueofauthentication,thematchingofuser-suppliedcredentialstopreviouslystoredcredentialsonahostmachine,isusuallydoneviaauseraccountnameandpassword.Oncetheuserisauthenticated,theauthorizationsteptakesplace.Remoteauthenticationusuallytakesthecommonformofanendusersubmittinghiscredentialsviaanestablishedprotocoltoaremoteaccessserver(RAS),whichactsuponthosecredentials,eithergrantingordenyingaccess.

Accesscontrolsdefinewhatactionsausercanperformorwhatobjectsauserisallowedtoaccess.Accesscontrolsarebuiltuponthefoundationofelementsdesignedtofacilitatethematchingofausertoaprocess.Theseelementsareidentification,authentication,andauthorization.Thereareamyriadofdetailsandchoicesassociatedwithsettingupremoteaccesstoanetwork,andtoprovideforthemanagementoftheseoptions,itisimportantforanorganizationtohaveaseriesofremoteaccesspoliciesandproceduresspellingoutthedetailsofwhatispermittedandwhatisnotforagivennetwork.

IdentificationIdentificationistheprocessofascribingacomputerIDtoaspecificuser,computer,networkdevice,orcomputerprocess.Theidentificationprocessistypicallyperformedonlyonce,whenauserIDisissuedtoaparticularuser.Useridentificationenablesauthenticationandauthorizationtoformthebasisforaccountability.Foraccountabilitypurposes,userIDsshouldnotbeshared,andforsecuritypurposes,theyshouldnotbedescriptiveofjobfunction.Thispracticeenablesyoutotraceactivitiestoindividualusersorcomputerprocessessothattheycanbeheldresponsiblefortheiractions.IdentificationlinksthelogonIDoruserIDtocredentialsthathavebeensubmittedpreviouslytoeitherHRortheITstaff.ArequiredcharacteristicofuserIDsisthattheymustbeuniquesothattheymapbacktothecredentialspresentedwhentheaccountwasestablished.

TechTip

FederationFederatedidentitymanagementisanagreementbetweenmultipleenterprisesthatletspartiesusethesameidentificationdatatoobtainaccesstothenetworksofallenterprisesinthegroup.Thisfederationenablesaccesstobemanagedacrossmultiplesystemsincommontrustlevels.

AuthenticationAuthenticationistheprocessofbindingaspecificIDtoaspecificcomputerconnection.Twoitemsneedtobepresentedtocausethisbindingtooccur—theuserID,andsome“secret”toprovethattheuseristhevalidpossessorofthecredentials.Historically,threecategoriesofsecretsareusedtoauthenticatetheidentityofauser:whatusersknow,whatusershave,andwhatusersare.Todayanadditionalcategoryisused:whatusersdo.Thesemethodscanbeusedindividuallyorincombination.These

controlsassumethattheidentificationprocesshasbeencompletedandtheidentityoftheuserhasbeenverified.Itisthejobofauthenticationmechanismstoensurethatonlyvalidusersareadmitted.Describedanotherway,authenticationisusingsomemechanismtoprovethatyouarewhoyouclaimedtobewhentheidentificationprocesswascompleted.Themostcommonmethodofauthenticationistheuseofapassword.

Forgreatersecurity,youcanaddanelementfromaseparategroup,suchasasmartcardtoken—somethingauserhasinherpossession.Passwordsarecommonbecausetheyareoneofthesimplestformsanduseusermemoryasaprimecomponent.Becauseoftheirsimplicity,passwordshavebecomeubiquitousacrossawiderangeofauthenticationsystems.Anothermethodtoprovideauthenticationinvolvestheuseofsomething

thatonlyvalidusersshouldhaveintheirpossession.Aphysical-worldexampleofthiswouldbeasimplelockandkey.Onlythoseindividualswiththecorrectkeywillbeabletoopenthelockandthusgainadmittancetoahouse,car,office,orwhateverthelockwasprotecting.Asimilarmethodcanbeusedtoauthenticateusersforacomputersystemornetwork(thoughthekeymaybeelectronicandcouldresideonasmartcardorsimilardevice).Theproblemwiththistechnology,however,isthatpeopledolosetheirkeys(orcards),whichmeansnotonlythattheusercan’tlogintothesystembutthatsomebodyelsewhofindsthekeymaythenbeabletoaccessthesystem,eventhoughtheyarenotauthorized.Toaddressthisproblem,acombinationofthesomething-you-knowandsomething-you-

havemethodsisoftenusedsothattheindividualwiththekeyisalsorequiredtoprovideapasswordorpasscode.Thekeyisuselessunlesstheuserknowsthiscode.

TechTip

CategoriesofSharedSecretsforAuthenticationOriginallypublishedbytheU.S.governmentinoneofthe“rainbowseries”ofmanualsoncomputersecurity,thecategoriesofshared“secrets”are

Whatusersknow(suchasapassword)Whatusershave(suchastokens)

Whatusersare(staticbiometricssuchasfingerprintsoririspattern)Today,becauseoftechnologicaladvances,anewcategoryhasemerged,patternedaftersubconsciousbehavior:

Whatusersdo(dynamicbiometricssuchastypingpatternsorgait)

Thethirdgeneralmethodtoprovideauthenticationinvolvessomethingthatisuniqueaboutyou.Weareaccustomedtothisconceptinourphysicalworld,whereourfingerprintsorasampleofourDNAcanbeusedtoidentifyus.Thissameconceptcanbeusedtoprovideauthenticationinthecomputerworld.Thefieldofauthenticationthatusessomethingaboutyouorsomethingthatyouareisknownasbiometrics.Anumberofdifferentmechanismscanbeusedtoaccomplishthistypeofauthentication,suchasafingerprint,iris,retinal,orhandgeometryscan.Allofthesemethodsobviouslyrequiresomeadditionalhardwareinordertooperate.Theinclusionoffingerprintreadersonlaptopcomputersisbecomingcommonastheadditionalhardwareisbecomingcosteffective.Anewmethod,basedonhowusersperformanaction,suchastheirgait

whenwalking,ortypingpatternshasemergedasasourceofapersonal“signature”.Whilenotdirectlyembeddedintosystemsasyet,thisisanoptionthatwillbecominginthefuture.

Whilethethreemainapproachestoauthenticationappeartobeeasytounderstandandinmostcaseseasytoimplement,authenticationisnottobetakenlightly,sinceitissuchanimportantcomponentofsecurity.Potentialattackersareconstantlysearchingforwaystogetpastthesystem’sauthenticationmechanism,andtheyhaveemployedsomefairlyingeniousmethodstodoso.Consequently,securityprofessionalsareconstantlydevisingnewmethods,buildingonthesethreebasicapproaches,toprovideauthenticationmechanismsforcomputersystemsandnetworks.

BasicAuthenticationBasicauthenticationisthesimplesttechniqueusedtomanageaccesscontrolacrossHTTP.BasicauthenticationoperatesbypassinginformationencodedinBase64formusingstandardHTTPheaders.Thisisaplaintextmethodwithoutanypretenseofsecurity.Figure11.15illustratestheoperationofbasicauthentication.

•Figure11.15Howbasicauthenticationoperates

DigestAuthenticationDigestauthenticationisamethodusedtonegotiatecredentialsacrosstheWeb.Digestauthenticationuseshashfunctionsandanoncetoimprovesecurityoverbasicauthentication.Digestauthenticationworksasfollows,asillustratedinFigure11.16:

•Figure11.16Howdigestauthenticationoperates

1.Theclientrequestslogin.2.Theserverrespondswithachallengeandprovidesanonce.3.Theclienthashesthepasswordandnonce.4.Theclientreturnsthehashedpasswordtotheserver.

5.Theserverrequeststhepasswordfromapasswordstore.6.Theserverhashesthepasswordandnonce.7.Ifbothhashesmatch,loginisgranted.Digestauthentication,althoughitimprovessecurityoverbasic

authentication,doesnotprovideanysignificantlevelofsecurity.Passwordsarenotsentintheclear.Digestauthenticationissubjecttoman-in-the-middleattacksandpotentiallyreplayattacks.

ExamTip:Thebottomlineforbothbasicanddigestauthenticationisthattheseareinsecuremethodsandshouldnotberelieduponforanylevelofsecurity.

KerberosDevelopedaspartofMIT’sprojectAthena,Kerberosisanetworkauthenticationprotocoldesignedforaclient/serverenvironment.ThecurrentversionisKerberos5release1.13.2andissupportedbyallmajoroperatingsystems.KerberossecurelypassesasymmetrickeyoveraninsecurenetworkusingtheNeedham-Schroedersymmetrickeyprotocol.Kerberosisbuiltaroundtheideaofatrustedthirdparty,termedakeydistributioncenter(KDC),whichconsistsoftwologicallyseparateparts:anauthenticationserver(AS)andaticket-grantingserver(TGS).Kerberoscommunicatesvia“tickets”thatservetoprovetheidentityofusers.

ExamTip:TwoticketsareusedinKerberos.Thefirstisaticket-grantingticket(TGT)obtainedfromtheauthenticationserver(AS).TheTGTispresentedtoaticket-grantingserver(TGS)whenaccesstoaserverisrequestedandaclient-to-serverticketisissued,grantingaccesstotheserver.TypicallyboththeASandtheTGSarelogicallyseparatepartsofthekeydistributioncenter

(KDC).

Takingitsnamefromthethree-headeddogofGreekmythology,KerberosisdesignedtoworkacrosstheInternet,aninherentlyinsecureenvironment.Kerberosusesstrongencryptionsothataclientcanproveitsidentitytoaserverandtheservercaninturnauthenticateitselftotheclient.AcompleteKerberosenvironmentisreferredtoasaKerberosrealm.TheKerberosservercontainsuserIDsandhashedpasswordsforallusersthatwillhaveauthorizationstorealmservices.TheKerberosserveralsohassharedsecretkeyswitheveryservertowhichitwillgrantaccesstickets.ThebasisforauthenticationinaKerberosenvironmentistheticket.

Ticketsareusedinatwo-stepprocesswiththeclient.Thefirstticketisaticket-grantingticket(TGT)issuedbytheAStoarequestingclient.TheclientcanthenpresentthistickettotheKerberosserverwitharequestforatickettoaccessaspecificserver.Thisclient-to-serverticket(alsocalledaserviceticket)isusedtogainaccesstoaserver’sserviceintherealm.Sincetheentiresessioncanbeencrypted,thiseliminatestheinherentlyinsecuretransmissionofitemssuchasapasswordthatcanbeinterceptedonthenetwork.Ticketsaretime-stampedandhavealifetime,soattemptingtoreuseaticketwillnotbesuccessful.Figure11.17detailsKerberosoperations.

•Figure11.17Kerberosoperations

TechTip

KerberosAuthenticationKerberosisathird-partyauthenticationservicethatusesaseriesofticketsastokensforauthenticatingusers.Thesixstepsinvolvedareprotectedusingstrongcryptography:

Theuserpresentshiscredentialsandrequestsaticketfromthekeydistributioncenter(KDC).

TheKDCverifiescredentialsandissuesaticket-grantingticket(TGT).

TheuserpresentsaTGTandrequestforservicetotheKDC.TheKDCverifiesauthorizationandissuesaclient-to-serverticket(orserviceticket).

Theuserpresentsarequestandaclient-to-servertickettothedesiredservice.Iftheclient-to-serverticketisvalid,serviceisgrantedtotheclient.

ToillustratehowtheKerberosauthenticationserviceworks,thinkaboutthecommondriver’slicense.Youhavereceivedalicensethatyoucanpresenttootherentitiestoproveyouarewhoyouclaimtobe.Becauseotherentitiestrustthestateinwhichthelicensewasissued,theywillacceptyourlicenseasproofofyouridentity.ThestateinwhichthelicensewasissuedisanalogoustotheKerberosauthenticationservicerealm,andthelicenseactsasaclient-to-serverticket.Itisthetrustedentitybothsidesrelyontoprovidevalididentifications.Thisanalogyisnotperfect,becauseweallprobablyhaveheardofindividualswhoobtainedaphonydriver’slicense,butitservestoillustratethebasicideabehindKerberos.

CertificatesCertificatesareamethodofestablishingauthenticityofspecificobjectssuchasanindividual’spublickeyordownloadedsoftware.Adigitalcertificateisadigitalfilethatissentasanattachmenttoamessageandis

usedtoverifythatthemessagedidindeedcomefromtheentityitclaimstohavecomefrom.DigitalcertificatesarecoveredindetailinChapter6.

CrossCheckDigitalCertificatesandDigitalSignaturesKerberosusesticketstoconveymessages.Partoftheticketisacertificatethatcontainstherequisitekeys.UnderstandinghowcertificatesconveythisvitalinformationisanimportantpartofunderstandinghowKerberos-basedauthenticationworks.CertificatesandhowtheyareusedwascoveredinChapter6,withtheprotocolsassociatedwithPKIcoveredinChapter7.Referbacktothesechaptersasneeded.

TokensAtokenisahardwaredevicethatcanbeusedinachallenge/responseauthenticationprocess.Inthisway,itfunctionsasbothasomething-you-haveandsomething-you-knowauthenticationmechanism.Severalvariationsonthistypeofdeviceexist,buttheyallworkonthesamebasicprinciples.Tokensweredescribedearlierinthechapter,andarecommonlyemployedinremoteauthenticationschemesastheyprovideadditionalsuretyoftheidentityoftheuser,evenuserswhoaresomewhereelseandcannotbeobserved.

ExamTip:Theuseofatokenisacommonmethodofusing“somethingyouhave”forauthentication.Atokencanholdacryptographickeyoractasaone-timepassword(OTP)generator.Itcanalsobeasmartcardthatholdsacryptographickey(examplesincludetheU.S.militaryCommonAccessCardandtheFederalPersonalIdentityVerification[PIV]card).ThesedevicescanbesafeguardedusingaPINandlockoutmechanismtopreventuseifstolen.

MultifactorMultifactorauthenticationisatermthatdescribestheuseofmorethanoneauthenticationmechanismatthesametime.Anexampleofthisisthe

hardwaretoken,whichrequiresbothapersonalIDnumber(PIN)orpasswordandthedeviceitselftodeterminethecorrectresponseinordertoauthenticatetothesystem.Thismeansthatboththesomething-you-haveandsomething-you-knowmechanismsareusedasfactorsinverifyingauthenticityoftheuser.BiometricsarealsooftenusedinconjunctionwithaPINsothatthey,too,canbeusedaspartofamultifactorauthenticationscheme,inthiscasesomethingyouareaswellassomethingyouknow.Thepurposeofmultifactorauthenticationistoincreasethelevelofsecurity,sincemorethanonemechanismwouldhavetobespoofedinorderforanunauthorizedindividualtogainaccesstoacomputersystemornetwork.ThemostcommonexampleofmultifactorsecurityisthecommonATMcardmostofuscarryinourwallets.ThecardisassociatedwithaPINthatonlytheauthorizedcardholdershouldknow.KnowingthePINwithouthavingthecardisuseless,justashavingthecardwithoutknowingthePINwillalsonotprovideyouaccesstoyouraccount.

ExamTip:Therequireduseofmorethanoneauthenticationsystemisknownasmultifactorauthentication.Themostcommonexampleisthecombinationofapasswordwithahardwaretoken.Forhighsecurity,threefactorscanbeused:password,token,andbiometric.

Multifactorauthenticationissometimesreferredtoastwo-factorauthenticationorthree-factorauthentication,referringtothenumberofdifferentfactorsused.Itisimportanttonotethatthisimpliesseparatefactorsfortheauthenticationelement;auserIDandpasswordarenottwofactors,astheuserIDisnotasharedsecretelement.

MutualAuthenticationMutualauthenticationdescribesaprocessinwhicheachsideofanelectroniccommunicationverifiestheauthenticityoftheother.WeareaccustomedtotheideaofhavingtoauthenticateourselvestoourISPbeforeweaccesstheInternet,generallythroughtheuseofauser

ID/passwordpair,buthowdoweactuallyknowthatwearereallycommunicatingwithourISPandnotsomeothersystemthathassomehowinserteditselfintoourcommunication(aman-in-the-middleattack)?Mutualauthenticationprovidesamechanismforeachsideofaclient/serverrelationshiptoverifytheauthenticityoftheothertoaddressthisissue.Acommonmethodofperformingmutualauthenticationinvolvesusingasecureconnection,suchasTransportLayerSecurity(TLS),totheserverandaone-timepasswordgeneratorthatthenauthenticatestheclient.

MutualTLS–basedauthenticationprovidesthesamefunctionsasnormalTLS,withtheadditionofauthenticationandnonrepudiationoftheclient.Thissecondauthentication,theauthenticationoftheclient,isdoneinthesamemannerasthenormalserverauthenticationusingdigitalsignatures.Theclientauthenticationrepresentsthemanysidesofamany-to-onerelationship.MutualTLSauthenticationisnotcommonlyusedbecauseofthecomplexity,cost,andlogisticsassociatedwithmanagingthemultitudeofclientcertificates.Thisreducestheeffectiveness,andmostwebapplicationsarenotdesignedtorequireclient-sidecertificates.

AuthorizationAuthorizationistheprocessofpermittingordenyingaccesstoaspecificresource.Onceidentityisconfirmedviaauthentication,specificactionscanbeauthorizedordenied.Manytypesofauthorizationschemesareused,butthepurposeisthesame:determinewhetheragivenuserwhohasbeenidentifiedhaspermissionsforaparticularobjectorresourcebeingrequested.Thisfunctionalityisfrequentlypartoftheoperatingsystemandistransparenttousers.Theseparationoftasks,fromidentificationtoauthenticationto

authorization,hasseveraladvantages.Manymethodscanbeusedtoperformeachtask,andonmanysystemsseveralmethodsareconcurrentlypresentforeachtask.Separationofthesetasksintoindividualelementsallowscombinationsofimplementationstoworktogether.Anysystemor

resource,beithardware(routerorworkstation)orasoftwarecomponent(databasesystem),thatrequiresauthorizationcanuseitsownauthorizationmethodonceauthenticationhasoccurred.Thismakesforefficientandconsistentapplicationoftheseprinciples.

AccessControlThetermaccesscontrolhasbeenusedtodescribeavarietyofprotectionschemes.Itsometimesreferstoallsecurityfeaturesusedtopreventunauthorizedaccesstoacomputersystemornetwork—orevenanetworkresourcesuchasaprinter.Inthissense,itmaybeconfusedwithauthentication.Moreproperly,accessistheabilityofasubject(suchasanindividualoraprocessrunningonacomputersystem)tointeractwithanobject(suchasafileorhardwaredevice).Oncetheindividualhasverifiedtheiridentity,accesscontrolsregulatewhattheindividualcanactuallydoonthesystem.Justbecauseapersonisgrantedentrytothesystem,thatdoesnotmeanthattheyshouldhaveaccesstoalldatathesystemcontains.

TechTip

AccessControlvs.AuthenticationItmayseemthataccesscontrolandauthenticationaretwowaystodescribethesameprotectionmechanism.This,however,isnotthecase.Authenticationprovidesawaytoverifytothecomputerwhotheuseris.Oncetheuserhasbeenauthenticated,theaccesscontrolsdecidewhatoperationstheusercanperform.Thetwogohand-in-handbutarenotthesamething.

RemoteAccessMethodsWhenauserrequiresaccesstoaremotesystem,theprocessofremoteaccessisusedtodeterminetheappropriatecontrols.Thisisdonethroughaseriesofprotocolsandprocessesdescribedintheremainderofthis

chapter.

IEEE802.1XIEEE802.1Xisanauthenticationstandardthatsupportsport-basedauthenticationservicesbetweenauserandanauthorizationdevice,suchasanedgerouter.IEEE802.1Xisusedbyalltypesofnetworks,includingEthernet,TokenRing,andwireless.Thisstandarddescribesmethodsusedtoauthenticateauserpriortograntingaccesstoanetworkandtheauthenticationserver,suchasaRADIUSserver.802.1Xactsthroughanintermediatedevice,suchasanedgeswitch,enablingportstocarrynormaltrafficiftheconnectionisproperlyauthenticated.Thispreventsunauthorizedclientsfromaccessingthepubliclyavailableportsonaswitch,keepingunauthorizedusersoutofaLAN.Untilaclienthassuccessfullyauthenticateditselftothedevice,onlyExtensibleAuthenticationProtocoloverLAN(EAPOL)trafficispassedbytheswitch.

Onesecurityissueassociatedwith802.1Xisthattheauthenticationoccursonlyuponinitialconnection,andthatanotherusercaninsertthemselvesintotheconnectionbychangingpacketsorusingahub.Thesecuresolutionistopair802.1X,whichauthenticatestheinitialconnection,withaVPNorIPsec,whichprovidespersistentsecurity.

EAPOLisanencapsulatedmethodofpassingEAPmessagesover802.1frames.EAPisageneralprotocolthatcansupportmultiplemethodsofauthentication,includingone-timepasswords,Kerberos,publickeys,andsecuritydevicemethodssuchassmartcards.Onceaclientsuccessfullyauthenticatesitselftothe802.1Xdevice,theswitchopensportsfornormaltraffic.Atthispoint,theclientcancommunicatewiththesystem’sAAAmethod,suchasaRADIUSserver,andauthenticateitselftothenetwork.

WirelessProtocols802.1Xiscommonlyusedonwirelessaccesspointsasaport-basedauthenticationservicepriortoadmissiontothewirelessnetwork.802.1Xoverwirelessuseseither802.11iorEAP-basedprotocols,suchasEAP-TLSorPEAP-TLS.

CrossCheckWirelessRemoteAccessWirelessisacommonmethodofallowingremoteaccesstoanetwork,asitdoesnotrequirephysicalcablingandallowsmobileconnections.Wirelesssecurity,includingprotocolssuchas802.11iandEAP-basedsolutions,iscoveredinChapter12.

RADIUSRemoteAuthenticationDial-InUserService(RADIUS)isanAAAprotocol.ItwassubmittedtotheInternetEngineeringTaskForce(IETF)asaseriesofRFCs:RFC2058(RADIUSspecification),RFC2059(RADIUSaccountingstandard),andupdatedRFCs2865–2869,whicharenowstandardprotocols.RADIUSisdesignedasaconnectionlessprotocolthatusestheUser

DatagramProtocol(UDP)asitstransportlayerprotocol.Connectiontypeissues,suchastimeouts,arehandledbytheRADIUSapplicationinsteadofthetransportlayer.RADIUSutilizesUDPport1812forauthenticationandauthorizationandUDP1813foraccountingfunctions.RADIUSisaclient/serverprotocol.TheRADIUSclientistypicallya

networkaccessserver(NAS).Networkaccessserversactasintermediaries,authenticatingclientsbeforeallowingthemaccesstoanetwork.RADIUS,RRAS(Microsoft),RAS,andVPNserverscanallactasnetworkaccessservers.TheRADIUSserverisaprocessordaemonrunningonaUNIXorWindowsServermachine.CommunicationsbetweenaRADIUSclientandRADIUSserverareencryptedusinga

sharedsecretthatismanuallyconfiguredintoeachentityandnotsharedoveraconnection.Hence,communicationsbetweenaRADIUSclient(typicallyaNAS)andaRADIUSserveraresecure,butthecommunicationsbetweenauser(typicallyaPC)andtheRADIUSclientaresubjecttocompromise.Thisisimportanttonote,foriftheuser’smachine(thePC)isnottheRADIUSclient(theNAS),thencommunicationsbetweenthePCandtheNASaretypicallynotencryptedandarepassedintheclear.

RADIUSAuthenticationTheRADIUSprotocolisdesignedtoallowaRADIUSservertosupportawidevarietyofmethodstoauthenticateauser.Whentheserverisgivenausernameandpassword,itcansupportPoint-to-PointProtocol(PPP),PasswordAuthenticationProtocol(PAP),Challenge-HandshakeAuthenticationProtocol(CHAP),UNIXlogin,andothermechanisms,dependingonwhatwasestablishedwhentheserverwassetup.Auserloginauthenticationconsistsofaquery(Access-Request)fromtheRADIUSclientandacorrespondingresponse(Access-Accept,Access-Challenge,orAccess-Reject)fromtheRADIUSserver,asyoucanseeinFigure11.18.TheAccess-Challengeresponseistheinitiationofachallenge/responsehandshake.Iftheclientcannotsupportchallenge/response,thenittreatstheChallengemessageasanAccess-Reject.

•Figure11.18RADIUScommunicationsequence

TheAccess-Requestmessagecontainstheusername,encryptedpassword,NASIPaddress,andport.Themessagealsocontainsinformationconcerningthetypeofsessiontheuserwantstoinitiate.OncetheRADIUSserverreceivesthisinformation,itsearchesitsdatabaseforamatchontheusername.Ifamatchisnotfound,eitheradefaultprofileisloadedoranAccess-Rejectreplyissenttotheuser.Iftheentryisfoundorthedefaultprofileisused,thenextphaseinvolvesauthorization,forinRADIUS,thesestepsareperformedinsequence.Figure11.18showstheinteractionbetweenauserandtheRADIUSclientandRADIUSserverandthestepstakentomakeaconnection.

RADIUSAuthorizationIntheRADIUSprotocol,theauthenticationandauthorizationstepsareperformedtogetherinresponsetoasingleAccess-Requestmessage,althoughtheyaresequentialsteps(seeFigure11.18).Onceanidentityhasbeenestablished,eitherknownordefault,theauthorizationprocessdetermineswhatparametersarereturnedtotheclient.Typicalauthorizationparametersincludetheservicetypeallowed(shellorframed),theprotocolsallowed,theIPaddresstoassigntotheuser(staticordynamic),andtheaccesslisttoapplyorstaticroutetoplaceintheNASroutingtable.

TechTip

ShellAccountsShellaccountrequestsarethosethatdesirecommand-lineaccesstoaserver.Onceauthenticationissuccessfullyperformed,theclientisconnecteddirectlytotheserversocommand-lineaccesscanoccur.RatherthanbeinggivenadirectIPaddressonthenetwork,theNASactsasapass-throughdeviceconveyingaccess.

TheseparametersarealldefinedintheconfigurationinformationontheRADIUSclientandserverduringsetup.Usingthisinformation,theRADIUSserverreturnsanAccess-AcceptmessagewiththeseparameterstotheRADIUSclient.

RADIUSAccountingTheRADIUSaccountingfunctionisperformedindependentlyofRADIUSauthenticationandauthorization.TheaccountingfunctionusesaseparateUDPport,1813(seeTable11.2inthe“ConnectionSummary”sectionattheendofthechapter).TheprimaryfunctionalityofRADIUSaccountingwasestablishedtosupportISPsintheiruseraccounting,anditsupportstypicalaccountingfunctionsfortimebillingandsecuritylogging.TheRADIUSaccountingfunctionsaredesignedtoallowdatatobetransmittedatthebeginningandendofasession,andtheycanindicateresourceutilization,suchastime,bandwidth,andsoon.

Table11.2 CommonTCP/UDPRemoteAccessNetworkingPortAssignments

DiameterDiameteristhenameofanAAAprotocolsuite,designatedbytheIETFtoreplacetheagingRADIUSprotocol.DiameteroperatesinmuchthesamewayasRADIUSinaclient/serverconfiguration,butitimprovesuponRADIUS,resolvingdiscoveredweaknesses.DiameterisaTCP-based

serviceandhasmoreextensiveAAAcapabilities.Diameterisalsodesignedforalltypesofremoteaccess,notjustmodempools.Asmoreandmoreusersadoptbroadbandandotherconnectionmethods,thesenewerservicesrequiremoreoptionstodeterminepermissibleusageproperlyandtoaccountforandlogtheusage.Diameterisdesignedwiththeseneedsinmind.Diameteralsohasanimprovedmethodofencryptingmessage

exchangestoprohibitreplayandman-in-the-middleattacks.Takenalltogether,Diameter,withitsenhancedfunctionalityandsecurity,isanimprovementontheprovendesignoftheoldRADIUSstandard.

TACACS+TheTerminalAccessControllerAccessControlSystem+(TACACS+)protocolisthecurrentgenerationoftheTACACSfamily.OriginallyTACACSwasdevelopedbyBBNPlanetCorporationforMILNET,anearlymilitarynetwork,butithasbeenenhancedbyCisco,whichhasexpandeditsfunctionalitytwice.TheoriginalBBNTACACSsystemprovidedacombinationprocessofauthenticationandauthorization.CiscoextendedthistoExtendedTerminalAccessControllerAccessControlSystem(XTACACS),whichprovidedforseparateauthentication,authorization,andaccountingprocesses.Thecurrentgeneration,TACACS+,hasextendedattributecontrolandaccountingprocesses.Oneofthefundamentaldesignaspectsistheseparationof

authentication,authorization,andaccountinginthisprotocol.AlthoughthereisastraightforwardlineageoftheseprotocolsfromtheoriginalTACACS,TACACS+isamajorrevisionandisnotbackward-compatiblewithpreviousversionsoftheprotocolseries.TACACS+usesTCPasitstransportprotocol,typicallyoperatingover

TCPport49.ThisportisusedfortheloginprocessandisreservedinRFC3232,“AssignedNumbers,”manifestedinadatabasefromtheInternetAssignedNumbersAuthority(IANA).IntheIANAspecification,bothUDPport49andTCPport49arereservedfortheTACACS+loginhost

protocol(seeTable11.2inthe“ConnectionSummary”sectionattheendofthechapter).TACACS+isaclient/serverprotocol,withtheclienttypicallybeinga

NASandtheserverbeingadaemonprocessonaUNIX,Linux,orWindowsserver.Thisisimportanttonote,foriftheuser’smachine(usuallyaPC)isnottheclient(usuallyaNAS),thencommunicationsbetweenPCandNASaretypicallynotencryptedandarepassedintheclear.CommunicationsbetweenaTACACS+clientandTACACS+serverareencryptedusingasharedsecretthatismanuallyconfiguredintoeachentityandisnotsharedoveraconnection.Hence,communicationsbetweenaTACACS+client(typicallyaNAS)andaTACACS+serveraresecure,butthecommunicationsbetweenauser(typicallyaPC)andtheTACACS+clientaresubjecttocompromise.

TACACS+AuthenticationTACACS+allowsforarbitrarylengthandcontentintheauthenticationexchangesequence,enablingmanydifferentauthenticationmechanismstobeusedwithTACACS+clients.Authenticationisoptionalandisdeterminedasasite-configurableoption.Whenauthenticationisused,commonformsincludePPPPAP,PPPCHAP,PPPEAP,tokencards,andKerberos.Theauthenticationprocessisperformedusingthreedifferentpackettypes:START,CONTINUE,andREPLY.STARTandCONTINUEpacketsoriginatefromtheclientandaredirectedtotheTACACS+server.TheREPLYpacketisusedtocommunicatefromtheTACACS+servertotheclient.TheauthenticationprocessisillustratedinFigure11.19,anditbegins

withaSTARTmessagefromtheclienttotheserver.ThismessagemaybeinresponsetoaninitiationfromaPCconnectedtotheTACACS+client.TheSTARTmessagedescribesthetypeofauthenticationbeingrequested(simpleplaintextpassword,PAP,CHAP,andsoon).ThisSTARTmessagemayalsocontainadditionalauthenticationdata,suchasausernameandpassword.ASTARTmessageisalsosentasaresponsetoarestartrequestfromtheserverinaREPLYmessage.ASTARTmessage

alwayshasitssequencenumbersetto1.

•Figure11.19TACACS+communicationsequence

WhenaTACACS+serverreceivesaSTARTmessage,itsendsaREPLYmessage.ThisREPLYmessageindicateswhethertheauthenticationiscompleteorneedstobecontinued.Iftheprocessneedstobecontinued,theREPLYmessagealsospecifieswhatadditionalinformationisneeded.TheresponsefromaclienttoaREPLYmessagerequestingadditionaldataisaCONTINUEmessage.Thisprocesscontinuesuntiltheserverhasalltheinformationneeded,andtheauthenticationprocessconcludeswithasuccessorfailure.

TACACS+AuthorizationAuthorizationisdefinedasthegrantingofspecificpermissionsbasedontheprivilegesheldbytheaccount.Thisgenerallyoccursafterauthentication,asshowninFigure11.19,butthisisnotafirmrequirement.Adefaultstateof“unknownuser”existsbeforeauserisauthenticated,andpermissionscanbedeterminedforanunknownuser.Aswithauthentication,authorizationisanoptionalprocessandmayormaynotbepartofasite-specificoperation.Whenitisusedinconjunctionwithauthentication,theauthorizationprocessfollowstheauthenticationprocessandusestheconfirmeduseridentityasinputinthedecisionprocess.Theauthorizationprocessisperformedusingtwomessagetypes:

REQUESTandRESPONSE.TheauthorizationprocessisperformedusinganauthorizationsessionconsistingofasinglepairofREQUESTandRESPONSEmessages.TheclientissuesanauthorizationREQUESTmessagecontainingafixedsetoffieldsenumeratingtheauthenticityoftheuserorprocessrequestingpermissionandavariablesetoffieldsenumeratingtheservicesoroptionsforwhichauthorizationisbeingrequested.TheRESPONSEmessageinTACACS+isnotasimpleyesorno;itcan

alsoincludequalifyinginformation,suchasausertimelimitorIPrestrictions.Theselimitationshaveimportantuses,suchasenforcingtime

limitsonshellaccessorenforcingIPaccesslistrestrictionsforspecificuseraccounts.

TACACS+AccountingAswiththetwopreviousservices,accountingisalsoanoptionalfunctionofTACACS+.Whenutilized,ittypicallyfollowstheotherservices.AccountinginTACACS+isdefinedastheprocessofrecordingwhatauserorprocesshasdone.Accountingcanservetwoimportantpurposes:

Itcanbeusedtoaccountforservicesbeingutilized,possiblyforbillingpurposes.

Itcanbeusedforgeneratingsecurityaudittrails.

TACACS+accountingrecordscontainseveralpiecesofinformationtosupportthesetasks.Theaccountingprocesshastheinformationrevealedintheauthorizationandauthenticationprocesses,soitcanrecordspecificrequestsbyuserorprocess.Tosupportthisfunctionality,TACACS+hasthreetypesofaccountingrecords:START,STOP,andUPDATE.Notethatthesearerecordtypes,notmessagetypesasearlierdiscussed.

AuthenticationProtocolsNumerousauthenticationprotocolshavebeendeveloped,used,anddiscardedinthebriefhistoryofcomputing.Somehavecomeandgonebecausetheydidnotenjoymarketshare,othershavehadsecurityissues,andyetothershavebeenrevisedandimprovedinnewerversions.Althoughit’simpossibleandimpracticaltocoverthemall,someofthecommononesfollow.

L2TPandPPTPLayer2TunnelingProtocol(L2TP)andPoint-to-PointTunnelingProtocol(PPTP)arebothOSILayer2tunnelingprotocols.Tunnelingistheencapsulationofonepacketwithinanother,whichallowsyoutohidethe

originalpacketfromvieworchangethenatureofthenetworktransport.Thiscanbedoneforbothsecurityandpracticalreasons.Fromapracticalperspective,assumethatyouareusingTCP/IPto

communicatebetweentwomachines.Yourmessagemaypassovervariousnetworks,suchasanAsynchronousTransferMode(ATM)network,asitmovesfromsourcetodestination.AstheATMprotocolcanneitherreadnorunderstandTCP/IPpackets,somethingmustbedonetomakethempassableacrossthenetwork.Byencapsulatingapacketasthepayloadinaseparateprotocol,soitcanbecarriedacrossasectionofanetwork,amechanismcalledatunneliscreated.Ateachendofthetunnel,calledthetunnelendpoints,thepayloadpacketisreadandunderstood.Asitgoesintothetunnel,youcanenvisionyourpacketbeingplacedinanenvelopewiththeaddressoftheappropriatetunnelendpointontheenvelope.Whentheenvelopearrivesatthetunnelendpoint,theoriginalmessage(thetunnelpacket’spayload)isre-created,read,andsenttoitsappropriatenextstop.Theinformationbeingtunneledisunderstoodonlyatthetunnelendpoints;itisnotrelevanttointermediatetunnelpointsbecauseitisonlyapayload.

PPPPoint-to-PointProtocol(PPP)isanolder,stillwidelyusedprotocolforestablishingdial-inconnectionsoverseriallinesorIntegratedServicesDigitalNetwork(ISDN)services.PPPhasseveralauthenticationmechanisms,includingPAP,CHAP,andtheExtensibleAuthenticationProtocol(EAP).Theseprotocolsareusedtoauthenticatethepeerdevice,notauserofthesystem.PPPisastandardizedInternetencapsulationofIPtrafficoverpoint-to-pointlinks,suchasseriallines.Theauthenticationprocessisperformedonlywhenthelinkisestablished.

TechTip

PPPFunctionsandAuthentication

PPPsupportsthreefunctions:

Encapsulatedatagramsacrossseriallinks

Establish,configure,andtestlinksusingLCPEstablishandconfiguredifferentnetworkprotocolsusingNCP

PPPsupportstwoauthenticationprotocols:

PasswordAuthenticationProtocol(PAP)

Challenge-HandshakeAuthenticationProtocol(CHAP)

PPTPMicrosoftledaconsortiumofnetworkingcompaniestoextendPPPtoenablethecreationofvirtualprivatenetworks(VPNs).TheresultwasthePoint-to-PointTunneling(PPTP),anetworkprotocolthatenablesthesecuretransferofdatafromaremotePCtoaserverbycreatingaVPNacrossaTCP/IPnetwork.Thisremotenetworkconnectioncanalsospanapublicswitchedtelephonenetwork(PSTN)andisthusaneconomicalwayofconnectingremotedial-inuserstoacorporatedatanetwork.TheincorporationofPPTPintotheMicrosoftWindowsproductlineprovidesabuilt-insecuremethodofremoteconnectionusingtheoperatingsystem,andthishasgivenPPTPalargemarketplacefootprint.FormostPPTPimplementations,threecomputersareinvolved:the

PPTPclient,theNAS,andaPPTPserver,asshowninFigure11.20.Theconnectionbetweentheremoteclientandthenetworkisestablishedinstages,asillustratedinFigure11.21.FirsttheclientmakesaPPPconnectiontoaNAS,typicallyanISP.(Intoday’sworldofwidelyavailablebroadband,ifthereisalreadyanInternetconnection,thenthereisnoneedtoperformthePPPconnectiontotheISP.)OncethePPPconnectionisestablished,asecondconnectionismadeoverthePPPconnectiontothePPTPserver.ThissecondconnectioncreatestheVPNconnectionbetweentheremoteclientandthePPTPserver.AtypicalVPNconnectionisoneinwhichtheuserisinahotelwithawirelessInternetconnection,connectingtoacorporatenetwork.Thisconnectionactsasa

tunnelforfuturedatatransfers.Althoughthesediagramsillustrateatelephoneconnection,thisfirstlinkcanbevirtuallyanymethod.CommoninhotelstodayarewiredconnectionstotheInternet.ThesewiredconnectionstypicallyareprovidedbyalocalISPandofferthesameservicesasaphoneconnection,albeitatamuchhigherdatatransferrate.

•Figure11.20PPTPcommunicationdiagram

•Figure11.21PPTPmessageencapsulationduringtransmission

PPTPestablishesatunnelfromtheremotePPTPclienttothePPTPserverandenablesencryptionwithinthistunnel.Thisprovidesasecuremethodoftransport.Todothisandstillenablerouting,anintermediateaddressingscheme,GenericRoutingEncapsulation(GRE),isused.Toestablishtheconnection,PPTPusescommunicationsacrossTCP

port1723(seeTable11.2inthe“ConnectionSummary”sectionattheendofthechapter),sothisportmustremainopenacrossthenetworkfirewallsforPPTPtobeinitiated.AlthoughPPTPallowstheuseofanyPPP

authenticationscheme,CHAPisusedwhenencryptionisspecified,toprovideanappropriatelevelofsecurity.Fortheencryptionmethodology,MicrosoftchosetheRSARC4cipher,witheithera40-or128-bitsessionkeylength,andthisisOSdriven.MicrosoftPoint-to-PointEncryption(MPPE)isanextensiontoPPPthatenablesVPNstousePPTPasthetunnelingprotocol.

EAPExtensibleAuthenticationProtocol(EAP)isauniversalauthenticationframeworkdefinedbyRFC3748thatisfrequentlyusedinwirelessnetworksandpoint-to-pointconnections.AlthoughEAPisnotlimitedtowirelessandcanbeusedforwiredauthentication,itismostoftenusedinwirelessLANs.EAPisdiscussedindetailinChapter12.

CHAPChallenge-HandshakeAuthenticationProtocol(CHAP)isusedtoprovideauthenticationacrossapoint-to-pointlinkusingPPP.Inthisprotocol,authenticationafterthelinkhasbeenestablishedisnotmandatory.CHAPisdesignedtoprovideauthenticationperiodicallythroughtheuseofachallenge/responsesystemthatissometimesdescribedasathree-wayhandshake,asillustratedinFigure11.22.Theinitialchallenge(arandomlygeneratednumber)issenttotheclient.Theclientusesaone-wayhashingfunctiontocalculatewhattheresponseshouldbeandthensendsthisback.Theservercomparestheresponsetowhatitcalculatedtheresponseshouldbe.Iftheymatch,communicationcontinues.Ifthetwovaluesdon’tmatch,thentheconnectionisterminated.Thismechanismreliesonasharedsecretbetweenthetwoentitiessothatthecorrectvaluescanbecalculated.MicrosofthascreatedtwoversionsofCHAP,modifiedtoincreasetheusabilityofCHAPacrossMicrosoft’sproductline.MSCHAPv1,definedinRFC2433,hasbeendeprecatedandwasdroppedinWindowsVista.Thecurrentstandard,version2,definedinRFC2759,wasintroducedwithWindows2000.

•Figure11.22TheCHAPchallenge/responsesequence

NTLMNTLANManager(NTLM)isanauthenticationprotocoldesignedbyMicrosoft,forusewiththeServerMessageBlock(SMB)protocol.SMBisanapplication-levelnetworkprotocolprimarilyusedforsharingoffilesandprintersinWindows-basednetworks.NTLMwasdesignedasareplacementfortheLANMANprotocol.ThecurrentversionisNTLMv2,whichwasintroducedwithWindowsNT4.0SP4.AlthoughMicrosofthasadoptedtheKerberosprotocolforauthentication,NTLMv2isstillusedwhen

AuthenticatingtoaserverusinganIPaddress

AuthenticatingtoaserverthatbelongstoadifferentActiveDirectoryforest

Authenticatingtoaserverthatdoesn’tbelongtoadomain

NoActiveDirectorydomainexists(“workgroup”or“peer-to-peer”connection)

PAPPasswordAuthenticationProtocol(PAP)involvesatwo-wayhandshakein

whichtheusernameandpasswordaresentacrossthelinkincleartext.PAPauthenticationdoesnotprovideanyprotectionagainstplaybackandlinesniffing.PAPisnowadeprecatedstandard.

L2TPLayer2TunnelingProtocol(L2TP)isalsoanInternetstandardandcamefromtheLayer2Forwarding(L2F)protocol,aCiscoinitiativedesignedtoaddressissueswithPPTP.WhereasPPTPisdesignedaroundPPPandIPnetworks,L2F,andhenceL2TP,isdesignedforuseacrossallkindsofnetworks,includingATMandFrameRelay.Additionally,whereasPPTPisdesignedtobeimplementedinsoftwareattheclientdevice,L2TPwasconceivedasahardwareimplementationusingarouteroraspecial-purposeappliance.L2TPcanbeconfiguredinsoftwareandisinMicrosoft’sRRASservers,whichuseL2TPtocreateaVPN.L2TPworksinmuchthesamewayasPPTP,butitopensupseveral

itemsforexpansion.Forinstance,inL2TP,routerscanbeenabledtoconcentrateVPNtrafficoverhigher-bandwidthlines,creatinghierarchicalnetworksofVPNtrafficthatcanbemoreefficientlymanagedacrossanenterprise.L2TPalsohastheabilitytouseIPsecandDataEncryptionStandard(DES)asencryptionprotocols,providingahigherlevelofdatasecurity.L2TPisalsodesignedtoworkwithestablishedAAAservicessuchasRADIUSandTACACS+toaidinuserauthentication,authorization,andaccounting.L2TPisestablishedviaUDPport1701,sothisisanessentialportto

leaveopenacrossfirewallssupportingL2TPtraffic.MicrosoftsupportsL2TPinWindows2000andabove,butbecauseofthecomputingpowerrequired,mostimplementationswillusespecializedhardware(suchasaCiscorouter).

TelnetOneofthemethodstograntremoteaccesstoasystemisthroughTelnet.Telnetisthestandardterminal-emulationprotocolwithintheTCP/IP

protocolseries,anditisdefinedinRFC854.Telnetallowsuserstologinremotelyandaccessresourcesasiftheuserhadalocalterminalconnection.Telnetisanoldprotocolandofferslittlesecurity.Information,includingaccountnamesandpasswords,ispassedincleartextovertheTCP/IPconnection.

ExamTip:TelnetusesTCPport23.Besuretomemorizethecommonportsusedbycommonservicesfortheexam.

TelnetmakesitsconnectionusingTCPport23.AsTelnetisimplementedonmostproductsusingTCP/IP,itisimportanttocontrolaccesstoTelnetonmachinesandrouterswhensettingthemup.Failuretocontrolaccessbyusingfirewalls,accesslists,andothersecuritymethods,orevenbydisablingtheTelnetdaemon,isequivalenttoleavinganopendoorforunauthorizedusersonasystem.

SSHSecureShell(SSH)isaprotocolseriesdesignedtofacilitatesecurenetworkfunctionsacrossaninsecurenetwork.SSHprovidesdirectsupportforsecureremotelogin,securefiletransfer,andsecureforwardingofTCP/IPandXWindowSystemtraffic.AnSSHconnectionisanencryptedchannel,providingforconfidentialityandintegrityprotection.SSHhasitsoriginsasareplacementfortheinsecureTelnetapplication

fromtheUNIXoperatingsystem.AnoriginalcomponentofUNIX,Telnetalloweduserstoconnectbetweensystems.AlthoughTelnetisstillusedtoday,ithassomedrawbacks,asdiscussedintheprecedingsection.SomeenterprisingUniversityofCalifornia,Berkeley,studentssubsequentlydevelopedther-commands,suchasrlogin,topermitaccessbasedontheuserandsourcesystem,asopposedtopassingpasswords.Thiswasnotperfecteither,however,becausewhenaloginwasrequired,itwasstillpassedintheclear.ThisledtothedevelopmentoftheSSHprotocolseries,

designedtoeliminatealloftheinsecuritiesassociatedwithTelnet,r-commands,andothermeansofremoteaccess.

ExamTip:SSHusesTCPport22.SCP(securecopy)andSFTP(secureFTP)useSSH,soeachalsousesTCPport22.

SSHopensasecuretransportchannelbetweenmachinesbyusinganSSHdaemononeachend.ThesedaemonsinitiatecontactoverTCPport22andthencommunicateoverhigherportsinasecuremode.OneofthestrengthsofSSHisitssupportformanydifferentencryptionprotocols.SSH1.0startedwithRSAalgorithms,butatthetimetheywerestillunderpatent,andthisledtoSSH2.0withextendedsupportforTripleDES(3DES)andotherencryptionmethods.Today,SSHcanbeusedwithawiderangeofencryptionprotocols,includingRSA,3DES,Blowfish,InternationalDataEncryptionAlgorithm(IDEA),CAST128,AES256,andothers.TheSSHprotocolhasfacilitiestoencryptdataautomatically,provide

authentication,andcompressdataintransit.Itcansupportstrongencryption,cryptographichostauthentication,andintegrityprotection.Theauthenticationservicesarehost-basedandnotuser-based.Ifuserauthenticationisdesiredinasystem,itmustbesetupseparatelyatahigherlevelintheOSImodel.Theprotocolisdesignedtobeflexibleandsimple,anditisdesignedspecificallytominimizethenumberofround-tripsbetweensystems.Thekeyexchange,publickey,symmetrickey,messageauthentication,andhashalgorithmsareallnegotiatedatconnectiontime.Individualdata-packetintegrityisassuredthroughtheuseofamessageauthenticationcodethatiscomputedfromasharedsecret,thecontentsofthepacket,andthepacketsequencenumber.TheSSHprotocolconsistsofthreemajorcomponents:

TransportlayerprotocolProvidesserverauthentication,

confidentiality,integrity,andcompression

UserauthenticationprotocolAuthenticatestheclienttotheserverConnectionprotocolProvidesmultiplexingoftheencryptedtunnelintoseverallogicalchannels

SSHisverypopularintheUNIXenvironment,anditisactivelyusedasamethodofestablishingVPNsacrosspublicnetworks.BecauseallcommunicationsbetweenthetwomachinesareencryptedattheOSIapplicationlayerbythetwoSSHdaemons,thisleadstotheabilitytobuildverysecuresolutionsandevensolutionsthatdefytheabilityofoutsideservicestomonitor.AsSSHisastandardprotocolserieswithconnectionparametersestablishedviaTCPport22,differentvendorscanbuilddifferingsolutionsthatcanstillinteroperate.

TechTip

RDPRemoteDesktopProtocol(RDP)isaproprietaryMicrosoftprotocoldesignedtoprovideagraphicalconnectiontoanothercomputer.ThecomputerrequestingtheconnectionhasRDPclientsoftware(builtintoWindows),andthetargetusesanRDPserver.ThissoftwarehasbeenavailableformanyversionsofWindowsandwasformerlycalledTerminalServices.ClientandserverversionsalsoexistforLinuxplatforms.RDPusesTCPandUDPports3389,soifRDPisdesired,theseportsneedtobeopenonthefirewall.

AlthoughWindowsServerimplementationsofSSHexist,thishasnotbeenapopularprotocolintheWindowsenvironmentfromaserverperspective.ThedevelopmentofawidearrayofcommercialSSHclientsfortheWindowsplatformindicatesthemarketplacestrengthofinterconnectionfromdesktopPCstoUNIX-basedserversutilizingthisprotocol.

FTP/FTPS/SFTP

OneofthemethodsoftransferringfilesbetweenmachinesisthroughtheuseoftheFileTransferProtocol(FTP).FTPisaplaintextprotocolthatoperatesbycommunicatingoverTCPbetweenaclientandaserver.TheclientinitiatesatransferwithanFTPrequesttotheserver’sTCPport21.Thisisthecontrolconnection,andthisconnectionremainsopenoverthedurationofthefiletransfer.Theactualdatatransferoccursonanegotiateddatatransferport,typicallyahigh-orderportnumber.FTPwasnotdesignedtobeasecuremethodoftransferringfiles.Ifasecuremethodisdesired,thenusingFTPSorSFTPisbest.FTPSistheuseofFTPoveranSSL/TLSsecuredchannel.Thiscanbe

doneeitherinexplicitmode,whereanAUTHTLScommandisissued,orinimplicitmode,wherethetransferoccursoverTCPport990forthecontrolchannelandTCPport989forthedatachannel.SFTPisnotFTPperse,butratheracompletelyseparateSecureFileTransferProtocolasdefinedbyanIETFDraft,thelatestofwhich,version6,expiredinJuly2007,buthasbeenincorporatedintoproductsinthemarketplace.

ExamTip:FTPusesTCPport21asacontrolchannelandTCPport20asatypicalactivemodedataport,assomefirewallsaresettoblockportsabove1024.

ItisalsopossibletorunFTPoverSSH,aslaterversionsofSSHallowsecuringofchannelssuchastheFTPcontrolchannel;thishasalsobeenreferredtoasSecureFTP.Thisleavesthedatachannelunencrypted,aproblemthathasbeensolvedinversion3.0ofSSH,whichsupportsFTPcommands.ThechallengeofencryptingtheFTPdatacommunicationsisthatthemutualportagreementmustbeopenedonthefirewall,andforsecurityreasons,high-orderportsthatarenotexplicitlydefinedaretypicallysecured.Becauseofthischallenge,SecureCopy(SCP)isoftenamoredesirablealternativetoSFTPwhenusingSSH.

VPNsAvirtualprivatenetwork(VPN)isasecurevirtualnetworkbuiltontopofaphysicalnetwork.ThesecurityofaVPNliesintheencryptionofpacketcontentsbetweentheendpointsthatdefinetheVPN.ThephysicalnetworkuponwhichaVPNisbuiltistypicallyapublicnetwork,suchastheInternet.BecausethepacketcontentsbetweenVPNendpointsareencrypted,toanoutsideobserveronthepublicnetwork,thecommunicationissecure,anddependingonhowtheVPNissetup,securitycanevenextendtothetwocommunicatingparties’machines.Virtualprivatenetworkingisnotaprotocolperse,butratheramethod

ofusingprotocolstoachieveaspecificobjective—securecommunications—asshowninFigure11.23.Auserwhowantstohaveasecurecommunicationchannelwithaserveracrossapublicnetworkcansetuptwointermediarydevices,VPNendpoints,toaccomplishthistask.Theusercancommunicatewithhisendpoint,andtheservercancommunicatewithitsendpoint.Thetwoendpointsthencommunicateacrossthepublicnetwork.VPNendpointscanbesoftwaresolutions,routers,orspecificserverssetupforspecificfunctionality.ThisimpliesthatVPNservicesaresetupinadvanceandarenotsomethingnegotiatedon-the-fly.

•Figure11.23VPNserviceoveranInternetconnection

AtypicaluseofVPNservicesisauseraccessingacorporatedatanetworkfromahomePCacrosstheInternet.TheemployeeinstallsVPNsoftwarefromworkonahomePC.Thissoftwareisalreadyconfiguredtocommunicatewiththecorporatenetwork’sVPNendpoint;itknowsthelocation,theprotocolsthatwillbeused,andsoon.Whenthehomeuserwantstoconnecttothecorporatenetwork,sheconnectstotheInternetandthenstartstheVPNsoftware.Theusercanthenlogintothecorporatenetworkbyusinganappropriateauthenticationandauthorizationmethodology.ThesolepurposeoftheVPNconnectionistoprovideaprivateconnectionbetweenthemachines,whichencryptsanydatasentbetweenthehomeuser’sPCandthecorporatenetwork.Identification,authorization,andallotherstandardfunctionsareaccomplishedwiththestandardmechanismsfortheestablishedsystem.VPNscanusemanydifferentprotocolstoofferasecuremethodof

communicatingbetweenendpoints.Commonmethodsofencryptionon

VPNsincludePPTP,IPsec,SSH,andL2TP,allofwhicharediscussedinthischapter.Thekeyisthatbothendpointsknowtheprotocolandshareasecret.AllofthisnecessaryinformationisestablishedwhentheVPNissetup.Atthetimeofuse,theVPNonlyactsasaprivatetunnelbetweenthetwopointsanddoesnotconstituteacompletesecuritysolution.

IPsecInternetProtocolSecurity(IPsec)isasetofprotocolsdevelopedbytheIETFtosecurelyexchangepacketsatthenetworklayer(Layer3)oftheOSImodel(RFCs2401–2412).AlthoughtheseprotocolsworkonlyinconjunctionwithIPnetworks,onceanIPsecconnectionisestablished,itispossibletotunnelacrossothernetworksatlowerlevelsoftheOSImodel.ThesetofsecurityservicesprovidedbyIPsecoccursatthenetworklayeroftheOSImodel,sohigher-layerprotocols,suchasTCP,UDP,InternetControlMessageProtocol(ICMP),BorderGatewayProtocol(BGP),andthelike,arenotfunctionallyalteredbytheimplementationofIPsecservices.TheIPsecprotocolserieshasasweepingarrayofservicesitisdesigned

toprovide,includingbutnotlimitedtoaccesscontrol,connectionlessintegrity,traffic-flowconfidentiality,rejectionofreplayedpackets,datasecurity(encryption),anddata-originauthentication.IPsechastwodefinedmethods—transportandtunneling—thatprovidedifferentlevelsofsecurity.IPsecalsohasthreemodesofconnection:host-to-server,server-to-server,andhost-to-host.Thetransportmethodencryptsonlythedataportionofapacket,thus

enablinganoutsidertoseesourceanddestinationIPaddresses.Thetransportmethodprotectsthehigher-levelprotocolsassociatedwithapacketandprotectsthedatabeingtransmittedbutallowsknowledgeofthetransmissionitself.Protectionofthedataportionofapacketisreferredtoascontentprotection.

ExamTip:Intransportmode(end-to-end),securityofpackettrafficisprovidedbytheendpointcomputers.Intunnelmode(portal-to-portal),securityofpackettrafficisprovidedbetweenendpointnodemachinesineachnetworkandnotattheterminalhostmachines.

TunnelingprovidesencryptionofsourceanddestinationIPaddresses,aswellasofthedataitself.Thisprovidesthegreatestsecurity,butitcanbedoneonlybetweenIPsecservers(orrouters)becausethefinaldestinationneedstobeknownfordelivery.Protectionoftheheaderinformationisknownascontextprotection.Itispossibletousebothmethodsatthesametime,suchasusing

transportwithinone’sownnetworktoreachanIPsecserver,whichthentunnelstothetargetserver’snetwork,connectingtoanIPsecserverthere,andthenusingthetransportmethodfromthetargetnetwork’sIPsecservertothetargethost.

SecurityAssociationsAsecurityassociation(SA)isaformalmannerofdescribingthenecessaryandsufficientportionsoftheIPsecprotocolseriestoachieveaspecificlevelofprotection.Becausemanyoptionsexist,bothcommunicatingpartiesmustagreeontheuseoftheprotocolsthatareavailable,andthisagreementisreferredtoasasecurityassociation.SAsexistbothforintegrity-protectingsystemsandconfidentiality-protectingsystems.IneachIPsecimplementation,asecurityassociationdatabase(SAD)definesparametersassociatedwitheachSA.TheSAisaone-way(simplex)association,andiftwo-waycommunicationsecurityisdesired,twoSAsareused—oneforeachdirection.

ExamTip:Asecurityassociationisalogicalsetofsecurityparametersdesignedtofacilitatethe

sharingofinformationbetweenentities.

IPsecConfigurationsFourbasicconfigurationscanbeappliedtomachine-to-machineconnectionsusingIPsec.Thesimplestisahost-to-hostconnectionbetweentwomachines,asshowninFigure11.24.Inthiscase,theInternetisnotapartoftheSAbetweenthemachines.Ifbidirectionalsecurityisdesired,twoSAsareused.TheSAsareeffectivefromhosttohost.

•Figure11.24Ahost-to-hostconnectionbetweentwomachines

Thesecondcaseplacestwosecuritydevicesinthestream,relievingthehostsofthecalculationandencapsulationduties.ThesetwogatewayshaveanSAbetweenthem.Thenetworkisassumedtobesecurefromeach

machinetoitsgateway,andnoIPsecisperformedacrossthesehops.Figure11.25showsthetwosecuritygatewayswithatunnelacrosstheInternet,althougheithertunnelortransportmodecouldbeused.

•Figure11.25TwosecuritygatewayswithatunnelacrosstheInternet

Thethirdcasecombinesthefirsttwo.AseparateSAexistsbetweenthegatewaydevices,butanSAalsoexistsbetweenhosts.Thiscouldbeconsideredatunnelinsideatunnel,asshowninFigure11.26.

•Figure11.26Atunnelinsideatunnel

RemoteuserscommonlyconnectthroughtheInternettoanorganization’snetwork.Thenetworkhasasecuritygatewaythroughwhichitsecurestraffictoandfromitsserversandauthorizedusers.Inthelastcase,illustratedinFigure11.27,theuserestablishesanSAwiththesecuritygatewayandthenaseparateSAwiththedesiredserver,ifrequired.Thiscanbedoneusingsoftwareonaremotelaptopandhardwareattheorganization’snetwork.

•Figure11.27Tunnelfromhosttogateway

WindowscanactasanIPsecserver,ascanroutersandotherservers.TheprimaryissueisCPUusageandwherethecomputingpowershouldbeimplanted.ThisconsiderationhasledtotheriseofIPsecappliances,whicharehardwaredevicesthatperformtheIPsecfunctionspecificallyforaseriesofcommunications.Dependingonthenumberofconnections,networkbandwidth,andsoon,thesedevicescanbeinexpensiveforsmallofficeorhomeofficeuseorquiteexpensiveforlarge,enterprise-levelimplementations.

IPsecSecurity

IPsecusestwoprotocolstoprovidetrafficsecurity:

AuthenticationHeader(AH)Aheaderaddedtoapacketforthepurposesofintegritychecking

EncapsulatingSecurityPayload(ESP)Amethodofencryptingthedataportionofadatagramtoprovideconfidentiality

Forkeymanagementandexchange,threeprotocolsexist:

InternetSecurityAssociationandKeyManagementProtocol(ISAKMP)

OakleySecureKeyExchangeMechanismforInternet(SKEMI)

ThesekeymanagementprotocolscanbecollectivelyreferredtoasInternetKeyManagementProtocol(IKMP)orInternetKeyExchange(IKE).IPsecdoesnotdefinespecificsecurityalgorithms,nordoesitrequire

specificmethodsofimplementation.IPsecisanopenframeworkthatallowsvendorstoimplementexistingindustry-standardalgorithmssuitedforspecifictasks.ThisflexibilityiskeyinIPsec’sabilitytoofferawiderangeofsecurityfunctions.IPsecallowsseveralsecuritytechnologiestobecombinedintoacomprehensivesolutionfornetwork-basedconfidentiality,integrity,andauthentication.IPsecusesthefollowing:

ExamTip:IPsecAHprotectsintegrity,butitdoesnotprovideprivacy.IPsecESPprovidesconfidentiality,butitdoesnotprotectintegrityofthepacket.Tocoverbothprivacyandintegrity,bothheaderscanbeusedatthesametime.

Diffie-Hellmankeyexchangebetweenpeersonapublicnetwork

PublickeysigningofDiffie-Hellmankeyexchangestoguaranteeidentityandavoidman-in-the-middleattacks

Bulkencryptionalgorithms,suchasIDEAand3DES,forencryptingdata

Keyedhashalgorithms,suchasHMAC,andtraditionalhashalgorithms,suchasMD5andSHA-1,forpacket-levelauthentication

DigitalcertificatestoactasdigitalIDcardsbetweenparties

Toprovidetrafficsecurity,twoheaderextensionshavebeendefinedforIPdatagrams.TheAH,whenaddedtoanIPdatagram,ensurestheintegrityofthedataandalsotheauthenticityofthedata’sorigin.ByprotectingthenonchangingelementsintheIPheader,theAHprotectstheIPaddress,whichenablesdata-originauthentication.TheESPprovidessecurityservicesforthehigher-levelprotocolportionofthepacketonly,nottheIPheader.AHandESPcanbeusedseparatelyorincombination,dependingonthe

levelandtypesofsecuritydesired.BothalsoworkwiththetransportandtunnelmodesofIPsecprotocols.Intransportmode,thetwocommunicationendpointsprovidesecurityprimarilyfortheupper-layerprotocols.Thecryptographicendpoints,whereencryptionanddecryptionoccur,arelocatedatthesourceanddestinationofthecommunicationchannel.WhenAHisintransportmode,theoriginalIPheaderisexposed,butitscontentsareprotectedviatheAHblockinthepacket,asillustratedinFigure11.28.WhenAHisemployedintunnelmode,portionsoftheouterIPheaderaregiventhesameheaderprotectionthatoccursintransportmode,withtheentireinnerpacketreceivingprotection.ThisisillustratedinFigure11.29.Theuseoftunnelmodeallowseasiercrossingoffirewalls,forwithoutit,specificfirewallruleswouldbeneededtopassthemodifiedtransportpacketheader.

•Figure11.28IPsecuseofAHintransportmode

•Figure11.29IPsecuseofAHintunnelmode

Tunnelingisameansofencapsulatingpacketsinsideaprotocolthatisunderstoodonlyattheentryandexitpointsofthetunnel.Thisprovidessecurityduringtransportinthetunnel,becauseoutsideobserverscannot

decipherpacketcontentsoreventheidentitiesofthecommunicatingparties.IPsechasatunnelmodethatcanbeusedfromservertoserveracrossapublicnetwork.Althoughthetunnelendpointsarereferredtoasservers,thesedevicescanberouters,appliances,orservers.Intunnelmode,thetunnelendpointsmerelyencapsulatetheentirepacketwithnewIPheaderstoindicatetheendpoints,andtheyencryptthecontentsofthisnewpacket.ThetruesourceanddestinationinformationiscontainedintheinnerIPheader,whichisencryptedinthetunnel.TheouterIPheadercontainstheaddressesoftheendpointsofthetunnel.ESPprovidesameansofencryptingthepacket’scontents,asshownin

Figure11.30.Inthiscase,intransportmode,thedatagramcontentsareencryptedandauthenticatedviatheESPheaderandfooter/trailerthatareinsertedintothedatagram.Asmentioned,AHandESPcanbeemployedintunnelmode.ESPaffordsthesameencryptionprotectiontothecontentsofthetunneledpacket,whichistheentirepacketfromtheinitialsender,asillustratedinFigure11.31.Together,intunnelmode,AHandESPcanprovidecompleteprotectionacrossthepacket,asshowninFigure11.32.ThespecificcombinationofAHandESPisreferredtoasasecurityassociationinIPsec.

•Figure11.30IPsecuseofESPintransportmode

•Figure11.31IPsecuseofESPintunnelmode

•Figure11.32IPsecESPandAHpacketconstructionintunnelmode

InIPversion4(IPv4),IPsecisanadd-on,anditsacceptanceisvendordriven.ItisnotapartoftheoriginalIP—oneoftheshort-sighteddesignflawsoftheoriginalIP.InIPv6,IPsecisintegratedintoIPandisnativeonallpackets.Itsuseisstilloptional,butitsinclusionintheprotocolsuitewillguaranteeinteroperabilityacrossvendorsolutionswhentheyarecompliantwithIPv6standards.IPsecusescryptographickeysinitssecurityprocessandhasboth

manualandautomaticdistributionofkeysaspartoftheprotocolseries.Manualkeydistributionisincluded,butitispracticalonlyinsmall,staticenvironmentsanddoesnotscaletoenterprise-levelimplementations.Thedefaultmethodofkeymanagement,InternetKeyExchange(IKE),isautomated.IKEauthenticateseachpeerinvolvedinIPsecandnegotiatesthesecuritypolicy,includingtheexchangeofsessionkeys.IKEcreatesasecuretunnelbetweenpeersandthennegotiatesthesecurityassociation

forIPsecacrossthischannel.Thisisdoneintwophases:thefirstdevelopsthechannel,andtheseconddevelopsthesecurityassociation.Figure11.33illustratesthedifferentlevelsofprotectionofferedby

VPNsandIPsec.ThisshowstheadvantagesofIPsecanditsmorecomprehensivecoverage.

•Figure11.33Protectionfromdifferentlevelsofencryption

VulnerabilitiesofRemoteAccessMethods

Theprimaryvulnerabilityassociatedwithmanyofthesemethodsofremoteaccessisthepassingofcriticaldataincleartext.Plaintextpassingofpasswordsprovidesnosecurityifthepasswordissniffed,andsniffersareeasytouseonanetwork.EvenplaintextpassingofuserIDsgivesawayinformationthatcanbecorrelatedandpossiblyusedbyanattacker.PlaintextcredentialpassingisoneofthefundamentalflawswithTelnetandiswhySSHwasdeveloped.ThisisalsooneoftheflawswithRADIUSandTACACS+,astheyhaveasegmentunprotected.Therearemethodsforovercomingtheselimitations,althoughtheyrequiredisciplineandunderstandinginsettingupasystem.Thestrengthoftheencryptionalgorithmisalsoaconcern.Shoulda

specificalgorithmormethodprovetobevulnerable,servicesthatrelysolelyonitarealsovulnerable.Togetaroundthisdependency,manyoftheprotocolsallownumerousencryptionmethods,sothatshouldoneprovevulnerable,ashifttoanotherrestoressecurity.

TechTip

IPsecinaNutshellIPsechastwoprimarymodes,transportmodeandtunnelmode.Transportmodeissimplerandaddsfewerbytestoapacket,butcanhaveissuestransitingitemssuchasfirewalls.Tunnelingmoderesolvesthefirewallissuebytotalencapsulation.IPsechastwoprimarymechanisms,AHandESP.AHprovidesforauthenticationofdatagramcontents,butnoprotectionintheformofsecrecy.ESPencryptsthedatagram,providingsecrecy,andwhenusedwithEH,ESPprovidesauthenticationaswell.

Aswithanysoftwareimplementation,therealwaysexiststhepossibilitythatabugcouldopenthesystemtoattack.Bugshavebeencorrectedinmostsoftwarepackagestocloseholesthatmadesystemsvulnerable,andremoteaccessfunctionalityisnoexception.ThisisnotaMicrosoft-onlyphenomenon,asonemightbelievefromthepopularpress.Criticalflawshavebeenfoundinalmosteveryproduct,fromopensystemimplementationssuchasOpenSSHtoproprietarysystemssuchasCisco

IOS.Theimportantissueisnotthepresenceofsoftwarebugs,forassoftwarecontinuestobecomemorecomplex,thisisanunavoidableissue.Thetruekeyisvendorresponsivenesstofixingthebugsoncetheyarediscovered,andthemajorplayers,suchasCiscoandMicrosoft,havebeenveryresponsiveinthisarea.

ConnectionSummaryTherearemanyprotocolsusedforremoteaccessandauthenticationandrelatedpurposes.ThesemethodshavetheirownassignedportsandtheseassignmentsaresummarizedinTable11.2.

Chapter11Review

ForMoreInformationMicrosoft’sTechNetGroupPolicypagehttp://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx

SANSConsensusPolicyResourceCommunity–PasswordPolicyhttps://www.sans.org/security-resources/policies/general/pdf/password-protection-policy

LabManualExercisesThefollowinglabexercisesfromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providepracticalapplicationofmaterialcoveredinthischapter:

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutprivilegemanagement,authentication,andremoteaccessprotocols.

Identifythedifferencesamonguser,group,androlemanagement

Privilegemanagementistheprocessofrestrictingauser’sabilitytointeractwiththecomputersystem.

Privilegemanagementcanbebasedonanindividualuserbasis,onmembershipinaspecificgrouporgroups,oronafunction/role.

Keyconceptsinprivilegemanagementaretheabilitytorestrictandcontrolaccesstoinformationandinformationsystems.

Oneofthemethodsusedtosimplifyprivilegemanagementissinglesign-on,whichrequiresausertoauthenticatesuccessfullyonce.Thevalidatedcredentialsandassociatedrightsandprivilegesarethenautomaticallycarriedforwardwhentheuseraccessesothersystemsorapplications.

Implementpasswordanddomainpasswordpolicies

Passwordpoliciesaresetsofrulesthathelpusersselect,employ,andstorestrongpasswords.Tokenscombine“somethingyouhave”with“somethingyouknow,”suchasapasswordorPIN,andcanbehardwareorsoftwarebased.

Passwordsshouldhavealimitedspanandshouldexpireonascheduledbasis.

Describemethodsofaccountmanagement(SSO,timeofday,logicaltoken,accountexpiration)

Administratorshavemanydifferenttoolsattheirdisposaltocontrolaccesstocomputerresourcesincludingpasswordandaccountexpirationmethods.

Userauthenticationmethodscanincludeseveralfactorsincludingtokens.

Userscanbelimitedinthehoursduringwhichtheycanaccessresources.

Resourcessuchasfiles,folders,andprinterscanbecontrolledthroughpermissionsoraccesscontrollists.

Permissionscanbeassignedbasedonauser’sidentityortheirmembershipinoneormoregroups.

Describemethodsofaccessmanagement(MAC,DAC,andRBAC)

Mandatoryaccesscontrolisbasedonthesensitivityoftheinformationorprocessitself.

DiscretionaryaccesscontrolusesfilepermissionsandACLstorestrictaccessbasedonauser’sidentityorgroupmembership.

Role-basedaccesscontrolrestrictsaccessbasedontheuser’sassignedroleorroles.

Rule-basedaccesscontrolrestrictsaccessbasedonadefinedsetof

rulesestablishedbytheadministrator.

Discussthemethodsandprotocolsforremoteaccesstonetworks

Remoteaccessprotocolsprovideamechanismtoremotelyconnectclientstonetworks.

Awiderangeofremoteaccessprotocolshasevolvedtosupportvarioussecurityandauthenticationmechanisms.

Remoteaccessisgrantedviaremoteaccessservers,suchasRRASorRADIUS.

Identifyauthentication,authorization,andaccounting(AAA)protocols

Authenticationisacornerstoneelementofsecurity,connectingaccesstoapreviouslyapproveduserID.

Authorizationistheprocessofdeterminingwhetheranauthenticateduserhaspermission.

Accountingprotocolsmanageconnectiontimeandcostrecords.

Explainauthenticationmethodsandthesecurityimplicationsintheiruse

Password-basedauthenticationisstillthemostwidelyusedbecauseofcostandubiquity.

Ticket-basedsystems,suchasKerberos,formthebasisformostmodernauthenticationandcredentialingsystems.

Implementvirtualprivatenetworks(VPNs)andtheirsecurityaspects

VPNsuseprotocolstoestablishaprivatenetworkoverapublicnetwork,shieldingusercommunicationsfromoutsideobservation.

VPNscanbeinvokedviamanydifferentprotocolmechanismsand

involveeitherahardwareorsoftwareclientoneachendofthecommunicationchannel.

DescribeInternetProtocolSecurity(IPsec)anditsuseinsecuringcommunications

IPsecisthenativemethodofsecuringIPpackets;itisoptionalinIPv4andmandatoryinIPv6.

IPsecusesAuthenticationHeaders(AH)toauthenticatepackets.

IPsecusesEncapsulatingSecurityPayload(ESP)toprovideconfidentialityserviceatthedatagramlevel.

KeyTermsAAA(305)accesscontrol(311)accesscontrollist(ACL)(300)accounting(305)administrator(290)attribute-basedaccesscontrol(ABAC)(303)authentication(305)AuthenticationHeader(AH)(41)authenticationserver(AS)(308)authorization(305)contentprotection(324)contextprotection(325)discretionaryaccesscontrol(DAC)(302)domaincontroller(293)domainpasswordpolicy(293)EncapsulatingSecurityPayload(ESP)(41)eXtensibleAccessControlMarkupLanguage(XACML)(304)

group(291)grouppolicyobject(GPO)(293)identification(305)InternetKeyExchange(IKE)(329)InternetProtocolSecurity(IPsec)(324)InternetSecurityAssociationandKeyManagementProtocol

(ISAKMP)(41)Kerberos(308)keydistributioncenter(KDC)(308)Layer2TunnelingProtocol(L2TP)(320)mandatoryaccesscontrol(MAC)(301)Oakley(41)passwordpolicy(292)permissions(290)Point-to-PointTunnelingProtocol(PPTP)(317)privilegemanagement(288)privileges(288)remoteaccessserver(RAS)(305)rights(289)role(292)role-basedaccesscontrol(RBAC)(303)root(290)rule-basedaccesscontrol(303)SecureKeyExchangeMechanismforInternet(SKEMI)(41)securityassociation(SA)(325)singlesign-on(SSO)(294)superuser(290)ticket-grantingserver(TGS)(308)token(296)user(289)username(289)

virtualprivatenetwork(VPN)(323)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1._______________isanauthenticationmodeldesignedaroundtheconceptofusingticketsforaccessingobjects.

2._______________isdesignedaroundthetypeoftaskspeopleperform.

3.AformalmannerofdescribingthenecessaryandsufficientportionsoftheIPsecprotocolseriestoachieveaspecificlevelofprotectionisa(n)_______________.

4._______________describesasystemwhereeveryresourcehasaccessrulessetforitallofthetime.

5._______________isanauthenticationprocesswheretheusercanentertheiruserID(orusername)andpasswordandthenbeabletomovefromapplicationtoapplicationorresourcetoresourcewithouthavingtosupplyfurtherauthenticationinformation.

6.InIPsec,asecurityassociationisdefinedbyaspecificcombinationof_______________and_______________.

7.Theprotectionofthedataportionofapacketis_______________.8.Theprotectionoftheheaderportionofapacketis

_______________.

9._______________isakeymanagementandexchangeprotocolusedwithIPsec.

10.Theprocessofcomparingcredentialstothoseestablishedduringtheidentificationprocessisreferredtoas_______________.

Multiple-ChoiceQuiz1.Authenticationistypicallybaseduponwhat?

A.Somethingauserpossesses

B.Somethingauserknows

C.Somethingmeasuredonauser,suchasafingerprint

D.Alloftheabove

2.OnaVPN,trafficisencryptedanddecryptedat:A.Endpointsofthetunnelonly

B.Users’machines

C.Eachdeviceateachhop

D.Thedatalinklayerofaccessdevices

3.Aticket-grantingserverisanimportantelementinwhichofthefollowingauthenticationmodels?

A.L2TP

B.RADIUS

C.PPP

D.Kerberos

4.WhatprotocolisusedforRADIUS?A.UDP

B.NetBIOS

C.TCP

D.Proprietary

5.Underwhichaccesscontrolsystemiseachpieceofinformationandeverysystemresource(files,devices,networks,andsoon)labeledwithitssensitivitylevel?

A.Discretionaryaccesscontrol

B.Resourceaccesscontrol

C.Mandatoryaccesscontrol

D.Mediaaccesscontrol

6.IPsecprovideswhichoptionsassecurityservices?A.ESPandAH

B.ESPandAP

C.EAandAP

D.EAandAH

7.SecureShelluseswhichporttocommunicate?A.TCPport80

B.UDPport22

C.TCPport22

D.TCPport110

8.ElementsofKerberosincludewhichofthefollowing?A.Tickets,ticket-grantingserver,ticket-authorizingagent

B.Ticket-grantingticket,authenticationserver,ticket

C.Servicesserver,Kerberosrealm,ticketauthenticators

D.Client-to-serverticket,authenticationserverticket,ticket

9.ToestablishaPPTPconnectionacrossafirewall,youmustdo

whichofthefollowing?

A.Donothing;PPTPdoesnotneedtocrossfirewallsbydesign.

B.Donothing;PPTPtrafficisinvisibleandtunnelspastfirewalls.

C.OpenaUDPportofchoiceandassignittoPPTP.

D.OpenTCPport1723.

10.ToestablishanL2TPconnectionacrossafirewall,youmustdowhichofthefollowing?

A.Donothing;L2TPdoesnotcrossfirewallsbydesign.

B.Donothing;L2TPtunnelspastfirewalls.

C.OpenaUDPportofchoiceandassignittoL2TP.

D.OpenUDPport1701.

EssayQuiz1.Aco-workerwithastrongWindowsbackgroundishavingdifficulty

understandingUNIXfilepermissions.DescribeUNIXfilepermissionsforhim.CompareUNIXfilepermissionstoWindowsfilepermissions.

2.Howareauthenticationandauthorizationalikeandhowaretheydifferent.Whatistherelationship,ifany,betweenthetwo?

3.WhatisaVPNandwhattechnologiesareusedtocreateone?

LabProjects

•LabProject11.1

Usingtwoworkstationsandsomerouters,setupasimpleVPN.UsingWireshark(asharewarenetworkprotocolanalyzer,availableathttp://wireshark.com),observetrafficinsideandoutsidethetunneltodemonstrateprotection.

•LabProject11.2UsingfreeSSHdandfreeFTPd(bothsharewareprograms,availableatwww.freesshd.com)andWireshark,demonstratethesecurityfeaturesofSSHcomparedtoTelnetandFTP.

chapter12 WirelessSecurityandMobileDevices

Wemustplanforfreedom,andnotonlyforsecurity,iffornootherreasonthanthatonlyfreedomcanmakesecuritysecure.

W

—KARLPOPPER

Inthischapter,youwilllearnhowto

Describethedifferentwirelesssystemsinusetoday

DetailWAPanditssecurityimplications

Identify802.11’ssecurityissuesandpossiblesolutions

Examinetheelementsneededforenterprisewirelessdeployment

Examinethesecurityofmobilesystems

irelessisincreasinglythewaypeopleaccesstheInternet.Becausewirelessaccessisconsideredaconsumerbenefit,manybusinesseshaveaddedwirelessaccesspointstolurecustomersintotheirshops.

Withtherolloutoffourth-generation(4G)high-speedcellularnetworks,peoplearealsoincreasinglyaccessingtheInternetfromtheirmobilephones.Themassivegrowthinpopularityofnontraditionalcomputerssuchasnetbooks,e-readers,andtabletshasalsodriventhepopularityofwirelessaccess.Aswirelessuseincreases,thesecurityofthewirelessprotocolshas

becomeamoreimportantfactorinthesecurityoftheentirenetwork.Asasecurityprofessional,youneedtounderstandwirelessnetworkapplicationsbecauseoftherisksinherentinbroadcastinganetworksignalwhereanyonecaninterceptit.Sendingunsecuredinformationacrosspublicairwavesistantamounttopostingyourcompany’spasswordsbythefrontdoorofthebuilding.Thischapteropenswithlooksatseveralcurrentwirelessprotocolsandtheirsecurityfeatures.Thechapterfinisheswithanexaminationofmobilesystemsandtheirsecurityconcerns.

IntroductiontoWirelessNetworkingWirelessnetworkingisthetransmissionofpacketizeddatabymeansofaphysicaltopologythatdoesnotusedirectphysicallinks.Thisdefinition

canbenarrowedtoapplytonetworksthatuseradiowavestocarrythesignalsovereitherpublicorprivatebands,insteadofusingstandardnetworkcabling.Someproprietaryapplicationslikelong-distancemicrowavelinksusepoint-to-pointtechnologywithnarrowbandradiosandhighlydirectionalantennas.However,thistechnologyisnotcommonenoughtoproduceanysignificantresearchintoitsvulnerabilities,andanythingthatwasdevelopedwouldhavelimitedusefulness.Sothischapterfocusesonpoint-to-multipointsystems,thetwomostcommonofwhicharethefamilyofcellularprotocolsandIEEE802.11.IEEE802.11isafamilyofprotocolsinsteadofasinglespecification;thisisasummarytableofthe802.11family.

TheIEEE802.11protocolhasbeenstandardizedbytheIEEEforwirelesslocalareanetworks(LANs).Threeversionsarecurrentlyinproduction—802.11g,802.11a,and802.11n.Thelateststandardis802.11ac,butitprovidesbackwardcompatibilitywith802.11ghardware.CellularphonetechnologyhasmovedrapidlytoembracedatatransmissionandtheInternet.TheWirelessApplicationProtocol(WAP)wasoneofthepioneersofmobiledataapplications,butithasbeenovertakenbyavarietyofprotocolspushingustofourth-generation(4G)mobilenetworks.

TechTip

WirelessSystemsThereareseveraldifferentwirelessbandsincommonusetoday,themostcommonofwhichistheWi-Fiseries,referringtothe802.11WirelessLANstandardscertifiedbytheWi-FiAlliance.AnothersetofbandsisWiMAX,whichreferstothesetof802.16wirelessnetworkstandardsratifiedbytheWiMAXForum.Lastly,thereisZigBee,alow-power,personalareanetworkingtechnologydescribedbytheIEEE802.15.4series.

Bluetoothisashort-rangewirelessprotocoltypicallyusedonsmalldevicessuchasmobilephones.EarlyversionsofthesephonesalsohadBluetoothonanddiscoverableasadefault,makingthecompromiseofanearbyphoneeasy.Securityresearchhasfocusedonfindingproblemswiththesedevicessimplybecausethedevicesaresocommon.Thesecurityworldignoredwirelessforalongtime,andthenwithinthe

spaceofafewmonths,itseemedlikeeveryonewasattemptingtobreachthesecurityofwirelessnetworksandtransmissions.Onereasonwirelesssuddenlyfounditselftobesuchatargetisthatwirelessnetworksaresoabundantandsounsecured.Thedramaticproliferationoftheseinexpensiveproductshasmadethesecurityramificationsoftheprotocolastonishing.Nomatterwhatthesystem,wirelesssecurityisaveryimportanttopicas

moreandmoreapplicationsaredesignedtousewirelesstosenddata.Wirelessisparticularlyproblematicfromasecuritystandpoint,becausethereisnocontroloverthephysicallayerofthetraffic.InmostwiredLANs,theadministratorshavephysicalcontroloverthenetworkandcancontroltosomedegreewhocanactuallyconnecttothephysicalmedium.Thispreventslargeamountsofunauthorizedtrafficandmakessnoopingaroundandlisteningtothetrafficdifficult.Wirelessdoesawaywiththephysicallimitations.Ifanattackercangetcloseenoughtothesignal’ssourceasitisbeingbroadcast,hecanattheveryleastlistentotheaccesspointandclientstalkingtocaptureallthepacketsforexamination,asdepictedinFigure12.1.

•Figure12.1Wirelesstransmissionextendingbeyondthefacility’swalls

Attackerscanalsotrytomodifythetrafficbeingsentortrytosendtheirowntraffictodisruptthesystem.Inthischapter,youwilllearnaboutthedifferenttypesofattacksthatwirelessnetworksface.

MobilePhonesWhencellularphonesfirsthitthemarket,securitywasn’tanissue—ifyouwantedtokeepyourphonesafe,you’dsimplykeepitphysicallysecureandnotloanittopeopleyoudidn’twantmakingcalls.Itsonlyfunctionwasthatofatelephone.

•Earlycellphonesjustallowedyoutomakecalls.

Theadvanceofdigitalcircuitryhasaddedamazingpowerinsmallerandsmallerdevices,causingsecuritytobeanissueasthesoftwarebecomesmoreandmorecomplicated.Today’ssmallandinexpensiveproductshavemadethewirelessmarketgrowbyleapsandbounds,astraditionalwirelessdevicessuchascellularphonesandpagershavebeenreplacedbytabletsandsmartphones.

•Today’sphonesallowyoutocarrycomputersinyourpocket.

Today’ssmartphonessupportmultiplewirelessdataaccessmethods,

including802.11,Bluetooth,andcellular.ThesemobilephonesandtabletdeviceshavecausedconsumerstodemandaccesstotheInternetanytimeandanywhere.Thishasgeneratedademandforadditionaldataservices.TheWirelessApplicationProtocol(WAP)attemptedtosatisfytheneedsformoredataonmobiledevices,butitisfallingbythewaysideasthemobilenetworks’capabilitiesincrease.TheneedformoreandmorebandwidthhaspushedcarrierstoadoptamoreIP-centricroutingmethodologywithtechnologiessuchasHighSpeedPacketAccess(HSPA)andEvolutionDataOptimized(EVDO).Mobilephoneshaveruthlesslyadvancedwithnewtechnologiesandservices,causingphonesandthecarriernetworksthatsupportthemtobedescribedingenerations—1G,2G,3G,and4G.1Greferstotheoriginalanalogcellularstandard,AdvancedMobilePhoneSystem(AMPS).2Greferstothedigitalnetworkthatsupersededit.3Gisthesystemofmobilenetworksthatfollowed,withmanydifferentimplementationscarryingdataatupto400Kbps.4GrepresentsthecurrentstateofmobilephoneswithLTEbeingtheprimarymethod.4Gallowscarrierstoofferawiderarrayofservicestotheconsumer,includingbroadbanddataserviceupto14.4Mbpsandvideocalling.4GisalsoamovetoanentirelyIP-basednetworkforallservices,runningvoiceoverIP(VoIP)onyourmobilephoneandspeedsupto1Gbps.Allofthese“gee-whiz”featuresarenice,buthowsecureareyourbits

andbytesgoingtobewhenthey’retravelingacrossamobilecarrier’snetwork?Alltheprotocolsmentionedhavetheirownsecurityimplementations—WAPappliesitsownWirelessTransportLayerSecurity(WTLS)toattempttosecuredatatransmissions,butWAPstillhasissuessuchasthe“WAPgap”(asdiscussednext).3Gnetworkshaveattemptedtopushalargeamountofsecuritydownthestackandrelyontheencryptiondesignedintothewirelessprotocol.

TechTip

RelationshipofWAPandWTLSWirelessApplicationProtocolisalightweightprotocoldesignedformobiledevices.WirelessTransportLayerSecurityisalightweightsecurityprotocoldesignedforWAP.

WirelessApplicationProtocolWAPwasintroducedtocompensatefortherelativelylowamountofcomputingpoweronhandhelddevicesaswellasthegenerallypoornetworkthroughputofcellularnetworks.ItusestheWirelessTransportLayerSecurity(WTLS)encryptionscheme,whichencryptstheplaintextdataandthensendsitovertheairwavesasciphertext.Theoriginatorandtherecipientbothhavekeystodecryptthedataandreproducetheplaintext.Thismethodofensuringconfidentialityisverycommon,andiftheencryptioniswelldesignedandimplemented,itisdifficultforunauthorizeduserstotakecapturedciphertextandreproducetheplaintextthatcreatedit.AsdescribedinChapter5,confidentialityistheabilitytokeepprotecteddataasecret.WTLSusesamodifiedversionoftheTransportLayerSecurity(TLS)protocol,whichisthereplacementforSecureSocketsLayer(SSL).TheWTLSprotocolsupportsseveralpopularbulkencryptionalgorithms,includingDataEncryptionStandard(DES),TripleDES(3DES),RC5,andInternationalDataEncryptionAlgorithm(IDEA).

CrossCheckSymmetricEncryptionInChapter5youlearnedaboutsymmetricencryption,includingDES,3DES,RC5,andIDEA.Inthecontextofwirelesscommunication,whatalgorithmwouldprotectyourdatathebest?Whataresomepossibleproblemswiththesealgorithms?

WTLSimplementsintegritythroughtheuseofmessageauthenticationcodes(MACs).AMACalgorithmgeneratesaone-wayhashofthe

compressedWTLSdata.WTLSsupportstheMD5andSHAMACalgorithms.TheMACalgorithmisalsodecidedduringtheWTLShandshake.TheTLSprotocolthatWTLSisbasedonisdesignedaroundInternet-basedcomputers,machinesthathaverelativelyhighprocessingpower,largeamountsofmemory,andsufficientbandwidthavailableforInternetapplications.DevicesthatWTLSmustaccommodatearelimitedinalltheserespects.Thus,WTLShastobeabletocopewithsmallamountsofmemoryandlimitedprocessorcapacity,aswellaslonground-triptimesthatTLScouldnothandlewell.TheserequirementsaretheprimaryreasonsthatWTLShassecurityissues.Astheprotocolisdesignedaroundmorecapableserversthandevices,

theWTLSspecificationcanallowconnectionswithlittletonosecurity.ClientswithlowmemoryorCPUcapabilitiescannotsupportencryption,andchoosingnullorweakencryptiongreatlyreducesconfidentiality.Authenticationisalsooptionalintheprotocol,andomittingauthenticationreducessecuritybyleavingtheconnectionvulnerabletoaman-in-the-middle–typeattack.Inadditiontothegeneralflawsintheprotocol’simplementation,severalknownsecurityvulnerabilitiesexist,includingthosetothechosen-plaintextattack,thePKCS#1attack,andthealertmessagetruncationattack.Thechosen-plaintextattackworksontheprincipleofapredictable

initializationvector(IV).Bythenatureofthetransportmediumthatitisusing,WAP,WTLSneedstosupportunreliabletransport.ThisforcestheIVtobebasedondataalreadyknowntotheclient,andWTLSusesalinearIVcomputation.BecausetheIVisbasedonthesequencenumberofthepacket,andseveralpacketsaresentunencrypted,entropyisseverelydecreased.Thislackofentropyintheencrypteddatareducesconfidentiality.

TechTip

WeaknessinWAPAggregation

WAPisapoint-to-multipointprotocol,butitcanfacedisruptionsorattacksbecauseitaggregatesatwell-knownpoints:thecellularantennatowers.

NowconsiderthePKCS#1attack.PublicKeyCryptographyStandards(PKCS),usedinconjunctionwithRSAencryption,providestandardsforformattingthepaddingusedtogenerateacorrectlyformattedblocksize.Whentheclientreceivestheblock,itwillreplytothesenderastothevalidityoftheblock.Anattackertakesadvantageofthisbyattemptingtosendmultipleguessesatthepaddingtoforceapaddingerror.Invulnerableimplementations,whenRSAsignaturesandencryptionareperformedperPKCS#1,theRSAmessagescanbedecryptedwithapproximately220chosenciphertextqueries.AlertmessagesinWTLSaresometimessentinplaintextandarenotauthenticated.Thisfactcouldallowanattackertooverwriteanencryptedpacketfromtheactualsenderwithaplaintextalertmessage,leadingtopossibledisruptionoftheconnectionthrough,forinstance,atruncationattack.Someconcernovertheso-calledWAPgapinvolvesconfidentialityof

informationwherethetwodifferentnetworksmeet,theWAPgateway,asshowninFigure12.2.

•Figure12.2TheWAPgapshowsanunencryptedspacebetweentwoencipheredconnections.

WTLSactsasthesecurityprotocolfortheWAPnetwork,andTLSisthestandardfortheInternet,sotheWAPgatewayhastoperformtranslationfromoneencryptionstandardtotheother.ThistranslationforcesallmessagestobeseenbytheWAPgatewayinplaintext.Thisisaweakpointinthenetworkdesign,butfromanattacker’sperspective,it’samuchmoredifficulttargetthantheWTLSprotocolitself.ThreatstotheWAPgatewaycanbeminimizedthroughcarefulinfrastructuredesign,suchasselectingasecurephysicallocationandallowingonlyoutboundtrafficfromthegateway.Ariskofcompromisestillexists,however,andanattackerwouldfindaWAPgatewayanespeciallyappealingtarget,asplaintextmessagesareprocessedthroughitfromallwirelessdevices,notjustasingleuser.Thesolutionforthisistohaveend-to-endsecuritylayeredoveranythingunderlying,ineffectcreatingaVPNfromtheendpointtothemobiledevice,ortostandardizeonafullimplementation

ofTLSforend-to-endencryptionandstrongauthentication.Thelimitednatureofthedeviceshamperstheabilityofthesecurityprotocolstooperateasintended,compromisinganyrealsecuritytobeimplementedonWAPnetworks.

3GMobileNetworksOurcellphonesareoneofthemostvisibleindicatorsofadvancingtechnology.Withinrecentmemory,wewereforcedtoswitchfromoldanalogphonestodigitalmodels.Thenetworkshavebeenupgradedto3G,greatlyenhancingspeedandloweringlatency.Thishasreducedtheneedforlightweightprotocolstohandledatatransmission,andmorestandardprotocolssuchasIPcanbeused.Theincreasedpowerandmemoryofthehandhelddevicesalsoreducetheneedforlighter-weightencryptionprotocols.Thishascausedtheprotocolsusedfor3Gmobiledevicestobuildintheirownencryptionprotocols.Securitywillrelyontheselower-levelprotocolsorstandardapplication-levelsecurityprotocolsusedinnormalIPtraffic.Severalcompetingdatatransmissionstandardsexistfor3Gnetworks,

suchasHSPAandEVDO.However,allthestandardsincludetransportlayerencryptionprotocolstosecurethevoicetraffictravelingacrossthewirelesssignalaswellasthedatasentbythedevice.Thecryptographicstandardproposedfor3GisknownasKASUMI.ThismodifiedversionoftheMISTY1algorithmuses64-bitblocksand128-bitkeys.Multipleattackshavebeenlaunchedagainstthiscipher.Whiletheattackstendtobeimpractical,thisshowsthatapplicationlayersecurityisneededforsecuretransmissionofdataonmobiledevices.WAPandWTLScanbeusedoverthelower-levelprotocols,buttraditionalTLScanalsobeused.

3G,4G,LTE…What’stheDifference?Intoday’smobilemarketingcampaigns,wehearof3G,4G,andLTE.Whatdothesetermsmean?3Gisthe“old”networktoday,butitisstillverycapableforavarietyofpurposes.4Gphonesaresupposedtobeevenfaster,butthat’snotalwaysthecase.Alotdependsonwhatyouusethephonefor.Thereareseveraltechnologiescalled“4G,”eachwithmultipleimplementations.Thismakesthetermalmostmeaninglessfromatechnicalpointofview.The

InternationalTelecommunicationUnion(ITU),astandardsbody,issuedrequirementsthatanetworkneededtomeettobecalled“4G,”butthoserequirementswereignoredbycarriers.NowthemoveistoLTE,whichstandsforLongTermEvolutionoftheUniversalMobileTelecommunicationsSystem(UMTS).UMTSisthegroupofstandardsthatdefines3GforGSMnetworksacrosstheworld,andnowLTE.TherearenumeroustechnicalimplementationsofLTE,butoneofthekeyelementsistheuseoftwodifferenttypesofairinterfaces(radiolinks),onefordownlink(fromtowertodevice)andoneforuplink(fromdevicetotower).ThisisoneofthereasonsLTEismuchfasterwhenuploadinginformationfromthephonetotheInternet.LTEoffershighspeed(upto30Mbps)andlowlatency.ButnotallLTEisequal.Recenttestsindicateasmuchasanorderofmagnitudedifferenceinspeedsbetweencarriers.AsLTEexpands,newerversions,eachwithitsownsetofcharacteristicspickedfromthe

overall“standard,”aredeployedbycarriers.WhiletheLTE-Astandardhasbeenapproved,nocarrierscurrentlymeettheentirestandard.Eachcarrierhaspickedtheelementsofthestandardtheyfeelmeettheirneeds.Bottomline:4Ghasbecomeamarketingterm,andtheonlyguideonehasistouseactual

surveyresultsintheareaofyourservicetodeterminethebestsolutionforyouruserequirements.

4GMobileNetworksJustasthemobilenetworkcarrierswerefinishingtherolloutof3Gservices,4Gnetworksappearedonthehorizon.Thedesireforanywhere,anytimeInternetconnectivityatspeedsnearthatofawiredconnectiondrivesdeploymentofthesenext-generationservices.4Gcansupporthigh-qualityVoIPconnections,videocalls,andreal-timevideostreaming.Justas3Ghadsomeintermediariesthatwereconsidered2.9G,LTEandWiMAXnetworksaresometimesreferredtoas3.5G,3.75G,or3.9G.Thecarriersaremarketingthesenewnetworksas4G,althoughtheydonotadheretotheITUstandardsfor4Gspeeds.True4Gwouldrequireafirmtomeetallofthetechnicalstandards

issuedbytheITU,includingspecificationsthatapplytothetowersideofthesystem.Someofthe4Grequirementsare

Bebasedonanall-IPpacketswitchednetwork

Offerhighqualityofservicefornext-generationmultimediasupport

Smoothhandoversacrossheterogeneousnetworks

Peakdataratesofuptoapproximately100Mbpsforhighmobility(mobileaccess)

Peakdataratesofuptoapproximately1Gbpsforlowmobilitysuchasnomadic/localwirelessaccess

Dynamicallyshareandusethenetworkresourcestosupportmoresimultaneoususerspercell

Usescalablechannelbandwidthsof5–20MHz,optionallyupto40MHz

Peaklinkspectralefficiencyof15-bps/Hzinthedownlink,and6.75-bps/Hzintheuplink

Toachievetheseandothertechnicalelementsrequiresspecifictower-sideequipmentaswellashandsetspecifications.Differentcarriershavechosendifferentsetsofthesetoincludeintheirofferings,eachbuildingupontheirexistingnetworksandexistingtechnologies.Most4Gdeploymentsarecontinuationsoftechnologiesalready

deployed—justnewerevolutionsofstandards.ThisishowLTE,LTEAdvanced,WiMAX,andWiMAX2wereborn.LTEandWiMAXseriescomefromseparateroots,andarenotinterchangeable.Withinthefamilies,interoperabilityispossibleandisdependentuponcarrierimplementation.

BluetoothBluetoothwasoriginallydevelopedbyEricssonandknownasmulti-communicatorlink;in1998,Nokia,IBM,Intel,andToshibajoinedEricssonandadoptedtheBluetoothname.ThisconsortiumbecameknownastheBluetoothSpecialInterestGroup(SIG).TheSIGnowhasmorethan24,000membersanddrivesthedevelopmentofthetechnologyandcontrolsthespecificationtoensureinteroperability.

•Bluetoothicon

MostpeoplearefamiliarwithBluetoothasitispartofmanymobilephonesandheadsets,suchasthoseshowninFigure12.3.Thisshort-range,low-powerwirelessprotocoltransmitsinthe2.4GHzband,thesamebandusedfor802.11.Theconceptfortheshort-range(approx.32feet)wirelessprotocolistotransmitdatainpersonalareanetworks(PANs).

•Figure12.3HeadsetsandcellphonesaretwoofthemostpopulartypesofBluetooth-capabledevices.

Bluetoothtransmitsandreceivesdatafromavarietyofdevices,themostcommonbeingmobilephones,laptops,printers,andaudiodevices.ThemobilephonehasdrivenalotofBluetoothgrowthandhaseven

spreadBluetoothintonewcarsasamobilephonehands-freekit.Bluetoothhasgonethroughafewreleases.Version1.1wasthefirst

commerciallysuccessfulversion,withversion1.2releasedin2007andcorrectingsomeoftheproblemsfoundin1.1.Version1.2allowsspeedsupto721Kbpsandimprovesresistancetointerference.Version1.2isbackward-compatiblewithversion1.1.Withtherateofadvancementandthelifeofmosttechitems,Bluetooth1seriesisbasicallyextinct.Bluetooth2.0introducedenhanceddatarate(EDR),whichallowsthetransmissionofupto3.0Mbps.Bluetooth3.0hasthecapabilitytousean802.11channeltoachievespeedsupto24Mbps.ThecurrentversionistheBluetooth4.0standardwithsupportforthreemodes:classic,highspeed,andlowenergy.Bluetooth4introducesanewmethodtosupportcollectingdatafrom

devicesthatgeneratedataataverylowrate.Somedevices,suchasmedicaldevices,mayonlycollectandtransmitdataatlowrates.Thisfeature,calledLowEnergy(LE),wasdesignedtoaggregatedatafromvarioussensors,likeheartratemonitors,thermometers,andsoforth,andcarriesthecommercialnameBluetoothSmart.

TechTip

BluetoothSecurityBluetoothshouldalwayshavediscoverablemodeturnedoffunlessyou’redeliberatelypairingadevice.

AsBluetoothbecamepopular,peoplestartedtryingtofindholesinit.Bluetoothfeatureseasyconfigurationofdevicestoallowcommunication,withnoneedfornetworkaddressesorports.Bluetoothusespairingtoestablishatrustrelationshipbetweendevices.Toestablishthattrust,thedevicesadvertisecapabilitiesandrequireapasskey.Tohelpmaintainsecurity,mostdevicesrequirethepasskeytobeenteredintobothdevices;thispreventsadefaultpasskey–typeattack.TheBluetooth’sprotocol

advertisementofservicesandpairingpropertiesiswheresomeofthesecurityissuesstart.

TechTip

BluetoothDataRatesDifferentversionsofBluetoothhavedifferingmaximumdatatransferrates.

BluetoothAttacksAsawirelessmethodofcommunication,Bluetoothisopentoconnectionandattackfromoutsidetheintendedsenderandreceiver.SeveraldifferentattackmodeshavebeendiscoveredthatcanbeusedagainstBluetoothsystems.Bluejackingisatermusedforthesendingofunauthorizedmessagesto

anotherBluetoothdevice.Thisinvolvessettingamessageasaphonebookcontact:

ThentheattackersendsthemessagetothepossiblerecipientviaBluetooth.Originally,thisinvolvedsendingtextmessages,butmorerecentphonescansendimagesoraudioaswell.Apopularvariantofthisisthetransmissionof“shock”images,featuringdisturbingorcrudephotos.AsBluetoothisashort-rangeprotocol,theattackandvictimmustbewithinroughly10yardsofeachother.Thevictim’sphonemustalsohaveBluetoothenabledandmustbeindiscoverablemode.Onsomeearlyphones,thiswasthedefaultconfiguration,andwhileitmakesconnectingexternaldeviceseasier,italsoallowsattacksagainstthephone.IfBluetoothisturnedoff,orifthedeviceissettonondiscoverable,

bluejackingcanbeavoided.Bluesnarfingissimilartobluejackinginthatitusesthesamecontact

transmissionprotocol.Thedifferenceisthatinsteadofsendinganunsolicitedmessagetothevictim’sphone,theattackercopiesoffthevictim’sinformation,whichcanincludee-mails,contactlists,calendar,andanythingelsethatexistsonthatdevice.Morerecentphoneswithmediacapabilitiescanbesnarfedforprivatephotosandvideos.BluesnarfingusedtorequirealaptopwithaBluetoothadapter,makingitrelativelyeasytoidentifyapossibleattacker,butbluesnarfingapplicationsarenowavailableformobiledevices.Bloover,acombinationofBluetoothandHoover,isonesuchapplicationthatrunsasaJavaapplet.ThemajorityofBluetoothphonesneedtobediscoverableforthebluesnarfattacktowork,butitdoesnotnecessarilyneedtobepaired.Intheory,anattackercanalsobrute-forcethedevice’sunique48-bitname.AprogramcalledRedFangattemptstoperformthisbrute-forceattackbysendingallpossiblenamesandseeingwhatgetsaresponse.ThisapproachwasaddressedinBluetooth1.2withananonymitymode.Bluebuggingisafarmoreseriousattackthaneitherbluejackingor

bluesnarfing.Inbluebugging,theattackerusesBluetoothtoestablishaserialconnectiontothedevice.ThisallowsaccesstothefullATcommandset—GSMphonesuseATcommandssimilartoHayes-compatiblemodems.Thisconnectionallowsfullcontroloverthephone,includingthe

placingofcallstoanynumberwithoutthephoneowner’sknowledge.Fortunately,thisattackrequirespairingofthedevicestocomplete,andphonesinitiallyvulnerabletotheattackhaveupdatedfirmwaretocorrecttheproblem.Toaccomplishtheattacknow,thephoneownerwouldneedtosurrenderherphoneandallowanattackertophysicallyestablishtheconnection.BluetoothDOSistheuseofBluetoothtechnologytoperformadenial-

of-serviceattackagainstanotherdevice.Inthisattack,anattackerrepeatedlyrequestspairingwiththevictimdevice.Thistypeofattackdoesnotdivulgeinformationorpermitaccess,butisanuisance.And,more

importantly,ifdonerepeatedlyitcandrainadevice’sbattery,orpreventotheroperationsfromoccurringonthevictim’sdevice.AswithallBluetoothattacks,becauseoftheshortrangeinvolved,allonehastodoisleavetheareaandtheattackwouldcease.Bluetoothtechnologyislikelytogrowduetothepopularityofmobile

phones.Softwareandprotocolupdateshavehelpedtoimprovethesecurityoftheprotocol.AlmostallphonesnowkeepBluetoothturnedoffbydefault,andtheyallowyoutomakethephonediscoverableforonlyalimitedamountoftime.Usereducationaboutsecurityrisksisalsoalargefactorinavoidingsecuritybreaches.

NearFieldCommunicationNearfieldcommunication(NFC)isasetofwirelesstechnologiesthatenablessmartphonesandotherdevicestoestablishradiocommunicationoverashortproximity,typicallyadistanceof10cm(3.9in)orless.Thistechnologydidnotseemuchuseuntilrecentlywhenitstartedbeingemployedtomovedatabetweencellphonesandinmobilepaymentsystems.NFCislikelytobecomeahighusetechnologyintheyearstocomeasmultipleusesexistforthetechnology,andthenextgenerationofsmartphonesissurelytoseethisasastandardfunction.

IEEE802.11SeriesThe802.11bprotocolisanIEEEstandardratifiedin1999.Thestandardlaunchedarangeofproducts(suchaswirelessrouters,anexampleofwhichisshowninFigure12.4)thatwouldopenthewaytoawholenewgenreofpossibilitiesforattackersandanewseriesofheadachesforsecurityadministratorseverywhere.802.11wasanewstandardforsendingpacketizeddatatrafficoverradiowavesintheunlicensed2.4GHzband.

•Figure12.4Acommonwirelessrouter

ThisgroupofIEEEstandardsisalsocalledWi-Fi,whichisacertificationownedbyanindustrygroup,theWi-FiAlliance.AdevicemarkedasWi-FiCertifiedadherestothestandardsofthealliance.Astheproductsmaturedandbecameeasytouseandaffordable,securityexpertsbegantodeconstructthelimitedsecuritythathadbeenbuiltintothe

standard.The802.11bstandardwasthefirsttomarket,802.11afollowed,and

802.11gproductscurrentlyarethemostcommononesbeingsold.Thesechipsetshavealsocommonlybeencombinedintodevicesthatsupporta/b/gstandards.802.11nisthelateststandard.Thistableshowsthestandardswiththeirfrequencyranges.

802.11aisthewirelessnetworkingstandardthatsupportstrafficonthe5GHzband,allowingfasterspeedsovershorterranges.Featuresof802.11band802.11awerelaterjoinedtocreate802.11g,anupdatedstandardthatallowsthefasterspeedsofthe5GHzspecificationonthe2.4GHzband.Securityproblemswerediscoveredintheimplementationsoftheseearlywirelessstandards,principallyinvolvingtheWiredEquivalent

Privacy(WEP)protocol.Theseproblemsincludedanattacker’sabilitytobreakthecryptographyandmonitorotherusers’traffic.ThesecurityproblemsinWEPwereatopconcernuntiltheadoptionof802.11i-compliantproductsenhancedthesecuritywithWi-FiProtectedAccess(WPA),discussedlaterinthechapter.802.11acisthelateststandard;itfocusesonachievingmuchhigherspeedsforwirelessnetworks.Direct-sequencespreadspectrum(DSSS)isamodulationtypethatspreadsthetrafficsentovertheentirebandwidth.Itdoesthisbyinjectinganoise-likesignalintotheinformationstreamandtransmittingthenormallynarrowbandinformationoverthewiderbandavailable.Theprimaryreasonthatspread-spectrumtechnologyisusedin802.11protocolsistoavoidinterferenceonthepublic2.4GHzand5GHzbands.Orthogonalfrequencydivisionmultiplexing(OFDM)multiplexes,orseparates,thedatatobetransmittedintosmallerchunksandthentransmitsthechunksonseveralsubchannels.Thisuseofsubchannelsiswhatthe“frequencydivision”portionofthenamerefersto.Bothofthesetechniques,multiplexingandfrequencydivision,areusedtoavoidinterference.Orthogonalreferstothemannerinwhichthesubchannelsareassigned,principallytoavoidcrosstalk,orinterferencewithyourownchannels.

802.11:IndividualStandardsThe802.11bprotocolprovidesformultiple-rateEthernetover2.4GHzspread-spectrumwireless.Itprovidestransferratesof1Mbps,2Mbps,5.5Mbps,and11MbpsandusesDSSS.Themostcommonlayoutisapoint-to-multipointenvironment,withtheavailablebandwidthbeingsharedbyallusers.Typicalrangeisroughly100yardsindoorsand300yardsoutdoors,lineofsight.Whilethewirelesstransmissionsof802.11canpenetratesomewallsandotherobjects,thebestrangeisofferedwhenboththeaccesspointandnetworkclientdeviceshaveanunobstructedviewofeachother.802.11ausesahigherbandandhashigherbandwidth.Itoperatesinthe

5GHzspectrumusingOFDM.Supportingratesofupto54Mbps,itisthe

fasterbrotherof802.11b;however,thehigherfrequencyusedby802.11ashortenstheusablerangeofthedevicesandmakesitincompatiblewith802.11b.Thechipsetstendtobemoreexpensivefor802.11a,whichhasslowedadoptionofthestandard.The802.11gstandardusesportionsofbothoftheotherstandards:it

usesthe2.4GHzbandforgreaterrangebutusestheOFDMtransmissionmethodtoachievethefaster54Mbpsdatarates.Asitusesthe2.4GHzband,thisstandardinteroperateswiththeolder802.11bstandard.Thisallowsan802.11gaccesspoint(AP)togiveaccesstoboth“G”and“B”clients.The802.11nversionimprovesontheolderstandardsbygreatly

increasingspeed.Ithasafunctionaldatarateofupto600Mbps,gainedthroughtheuseofwiderbandsandmultiple-inputmultiple-output(MIMO)processing.MIMOusesmultipleantennasandcanbondseparatechannelstogethertoincreasedatathroughput.802.11acisthelatestinthe5GHzband,withfunctionaldataratesupto

atheoretical6+Gbpsusingmultipleantennas.The802.11acstandardwasratifiedin2014,andchipsetshavebeenavailablesincelate2011.Designedformultimediastreamingandotherhigh-bandwidthoperations,theindividualchannelsaretwicethewidthof802.11nchannels,andasmanyaseightantennascanbedeployedinaMu-MIMOform.802.11proposalsdon’tstopwith“ac”though.Thereareseveralideas

thatextendthe802.11standardfornewandinterestingapplications.Forexample,802.11sisaproposedstandardforwirelessmeshnetworkswhereallnodesonthenetworkareequalinsteadofusinganaccesspointandaclient.802.11pisanotherexample;itdefinesanapplicationwheremobilevehiclescancommunicatewithothervehiclesorroadsidestationsforsafetyinformationortollcollection.Alltheseprotocolsoperateinbandsthatare“unlicensed”bytheFCC.

ThismeansthatpeopleoperatingthisequipmentdonothavetobecertifiedbytheFCC,butitalsomeansthatthedevicescouldpossiblysharethebandwithotherdevices,suchascordlessphones,closed-circuitTV(CCTV)wirelesstransceivers,andothersimilarequipment.Thisother

equipmentcancauseinterferencewiththe802.11equipment,possiblycausingspeeddegradation.

The2.4GHzbandiscommonlyusedbymanyhouseholddevicesthatareconstantlyon,suchascordlessphones.Itisalsothefrequencyusedbymicrowaveovenstoheatfood.SoifyouarehavingintermittentinterferenceonyourWi-FiLAN,checktoseeifthemicrowaveison.

The802.11protocoldesignersexpectedsomesecurityconcernsandattemptedtobuildprovisionsintothe802.11protocolthatwouldensureadequatesecurity.The802.11standardincludesattemptsatrudimentaryauthenticationandconfidentialitycontrols.Authenticationishandledinitsmostbasicformbythe802.11AP,forcingtheclientstoperformahandshakewhenattemptingto“associate”totheAP.

SSIDscanbesettoanythingbythepersonsettingupanaccesspoint.So,while“FBISurveillanceVan#14”mayseemhumorous,whataboutSSIDswiththenameoftheairportyouarein,Starbucks,orthehotelyouarein?Canyoutrustthem?Sinceanyonecanuseanyname,theanswerisno.So,ifyouneedasecureconnection,youshouldusesomeformofsecurechannelsuchasaVPNforcommunicationsecurity.Forevenmoresecurity,youcancarryyourownaccesspointandcreateawirelesschannelthatyoucontrol.

AssociationistheprocessrequiredbeforetheAPwillallowtheclienttotalkacrosstheAPtothenetwork.Associationoccursonlyiftheclienthasallthecorrectparametersneededinthehandshake,amongthemtheservicesetidentifier(SSID).ThisSSIDsettingshouldlimitaccessonlytotheauthorizedusersofthewirelessnetwork.TheSSIDisaphrase-basedmechanismthathelpsensurethatyouareconnectingtothecorrectAP.ThisSSIDphraseistransmittedinalltheaccesspoint’sbeaconframes.Thebeaconframeisan802.11managementframeforthenetworkandcontainsseveraldifferentfields,suchasthetimestampandbeaconinterval,butmostimportantlytheSSID.Thisallowsattackersto

scanforthebeaconframeandretrievetheSSID.Thedesignersofthe802.11standardalsoattemptedtomaintain

confidentialitybyintroducingWiredEquivalentPrivacy(WEP),whichusestheRC4streamciphertoencryptthedataasitistransmittedthroughtheair.WEPhasbeenshowntohaveanimplementationproblemthatcanbeexploitedtobreaksecurity.Tounderstandallthe802.11securityproblems,youmustfirstlookat

someofthereasonsitbecamesuchaprominenttechnology.Wirelessnetworkscamealongin2000andbecameverypopular.Forthefirsttime,itwaspossibletohavealmostfull-speednetworkconnectionswithouthavingtobetieddowntoanEthernetcable.Thetechnologyquicklytookoff,allowingpricestodropintotheconsumerrange.Oncethemarketshiftedtofocusoncustomerswhowerenotnecessarilytechnologists,theproductsalsobecameveryeasytoinstallandoperate.Defaultsettingsweredesignedtogetthenoviceusersupandrunningwithouthavingtoalteranythingsubstantial,andproductsweredescribedasbeingabletojustpluginandwork.Thesedevelopmentsfurtherenlargedthemarketforthelow-cost,easy-to-usewirelessaccesspoints.ThenattackersrealizedthatinsteadofattackingmachinesovertheInternet,theycoulddrivearoundandseekouttheseAPs.Typically,accesstoactualEthernetsegmentsisprotectedbyphysical

securitymeasures.Thisstructureallowssecurityadministratorstoplanforonlyinternalthreatstothenetworkandgivesthemaclearideaofthetypesandnumberofmachinesconnectedtoit.Wirelessnetworkingtakesthekeystothekingdomandtossesthemoutthewindowandintotheparkinglot.Atypicalwirelessinstallationbroadcaststhenetworkrightthroughthephysicalcontrolsthatareinplace.AnattackercandriveupandhavethesameaccessasifhepluggedintoanEthernetjackinsidethebuilding—infact,betteraccess,because802.11isasharedmedium,allowingsnifferstoviewallpacketsbeingsenttoorfromtheAPandallclients.TheseAPsarealsotypicallybehindanysecuritymeasuresthecompanieshaveinplace,suchasfirewallsandintrusiondetectionsystems(IDSs).Thiskindofaccessintotheinternalnetworkhascausedalargestiramongcomputer

securityprofessionalsandeventuallythemedia.War-driving,war-flying,war-walking,war-chalking—allofthesetermshavebeenusedinsecurityarticleaftersecurityarticletodescribeattacksonwirelessnetworks.

CrossCheckIntrusionDetectionSystemsChapter13hasalotmoreinformationaboutintrusiondetectionsystems,whereasthischapterreferencesmethodsofgettingpasttheIDSs.WhenyoulearnmoreaboutthedifferentIDSs,howwouldyoudesignanIDSthatcancatchwirelessattackers?

Attacking802.11Wirelessisapopulartargetforseveralreasons:theaccessgainedfromwireless,thelackofdefaultsecurity,andthewideproliferationofdevices.However,otherreasonsalsomakeitattackable.Thefirstoftheseisanonymity:Anattackercanprobeyourbuildingforwirelessaccessfromthestreet.ThenhecanlogpacketstoandfromtheAPwithoutgivinganyindicationthatanattemptedintrusionistakingplace.TheattackerwillannouncehispresenceonlyifheattemptstoassociatetotheAP.Eventhen,anattemptedassociationisrecordedonlybytheMACaddressofthewirelesscardassociatingtoit,andmostAPsdonothavealertingfunctionalitytoindicatewhenusersassociatetoit.Thisfactgivesadministratorsaverylimitedviewofwhoisgainingaccesstothenetwork,iftheyareevenpayingattentionatall.Itgivesattackerstheabilitytoseekoutandcompromisewirelessnetworkswithrelativeimpunity.Thesecondreasonisthelowcostoftheequipmentneeded.Asingle

wirelessaccesscardcostinglessthan$100cangiveaccesstoanyunsecuredAPwithindrivingrange.Finally,attackingawirelessnetworkisrelativelyeasycomparedtoattackingothertargethosts.Windows-basedtoolsforlocatingandsniffingwireless-basednetworkshaveturnedanyonewhocandownloadfilesfromtheInternetandhasawirelesscardintoapotentialattacker.

Locatingwirelessnetworkswasoriginallytermedwar-driving,anadaptationofthetermwar-dialing.War-dialingcomesfromthe1983movieWarGames;itistheprocessofdialingalistofphonenumberslookingformodem-connectedcomputers.War-driversdrivearoundwithawirelesslocaterprogramrecordingthenumberofnetworksfoundandtheirlocations.Thistermhasevolvedalongwithwar-flyingandwar-walking,whichmeanexactlywhatyouexpect.War-chalkingstartedwithpeopleusingchalkonsidewalkstomarksomeofthewirelessnetworkstheyfound.

Anonymityalsoworksinanotherway;onceanattackerfindsanunsecuredAPwithwirelessaccess,theycanuseanessentiallyuntraceableIPaddresstoattemptattacksonotherInternethosts.

Themostcommontoolsforanattackertousearereception-basedprogramsthatlistentothebeaconframesoutputbyotherwirelessdevices,andprogramsthatpromiscuouslycapturealltraffic.ThemostwidelyusedoftheseprogramsiscalledNetStumbler,createdbyMariusMilnerandshowninFigure12.5.ThisprogramlistensforthebeaconframesofAPsthatarewithinrangeofthecardattachedtotheNetStumblercomputer.Whenitreceivestheframes,itlogsallavailableinformationabouttheAPforlateranalysis.Sinceitlistensonlytobeaconframes,NetStumblerdisplaysonlynetworksthathavetheSSIDbroadcastturnedon.IfthecomputerhasaGPSunitattachedtoit,theprogramalsologstheAP’scoordinates.ThisinformationcanbeusedtoreturntotheAPortoplotmapsofAPsinacity.

•Figure12.5NetStumbleronaWindowsPC

NetStumblerisaWindows-basedapplication,butprogramsforotheroperatingsystemssuchasOSX,BSD,Linux,andothersworkonthesameprinciple.

ExamTip:Becausewirelessantennascantransmitoutsideafacility,thepropertuningandplacementoftheseantennascanbecrucialforsecurity.Adjustingradiatedpowerthroughthesepower-levelcontrolswillassistinkeepingwirelesssignalsfrombeingbroadcastoutsideareas

underphysicalaccesscontrol.

Onceanattackerhaslocatedanetwork,andassumingthathecannotdirectlyconnectandstartactivescanningandpenetrationofthenetwork,hewillusethebestattacktoolthereis:anetworksniffer.Thenetworksniffer,whencombinedwithawirelessnetworkcarditcansupport,isapowerfulattacktool,asthesharedmediumofawirelessnetworkexposesallpacketstointerceptionandlogging.PopularwirelesssniffersareWireshark(formerlyEthereal)andKismet.RegularsniffersusedonwiredEthernethavealsobeenupdatedtoincludesupportforwireless.SniffersarealsoimportantbecausetheyallowyoutoretrievetheMACaddressesofthenodesofthenetwork.APscanbeconfiguredtoallowaccessonlytoprespecifiedMACaddresses,andanattackerspoofingtheMACcanbypassthisfeature.Therearespecializedsniffertoolsdesignedwithasingleobjective:to

crackWiredEquivalentPrivacy(WEP)keys.Asdescribedearlier,WEPisanencryptionprotocolthat802.11usestoattempttoensureconfidentialityofwirelesscommunications.Unfortunately,ithasturnedouttohaveseveralproblems.WEP’sweaknessesarespecificallytargetedforattackbythespecializedsnifferprograms.Theyworkbyexploitingweakinitializationvectorsintheencryptionalgorithm.Toexploitthisweakness,anattackerneedsacertainnumberofciphertextpackets;oncehehascapturedenoughpackets,however,theprogramcanveryquicklydeciphertheencryptionkeybeingused.WEPCrackwasthefirstavailableprogramtousethisflawtocrackWEPkeys;however,WEPCrackdependsonadumpofactualnetworkpacketsfromanothersnifferprogram.AirSnortisastandaloneprogramthatcapturesitsownpackets;onceithascapturedenoughciphertext,itprovidestheWEPkeyofthenetwork.

TechTip

IVAttackBecauseofthesmalllengthoftheinitializationvector(IV)inWEP,theprotectionissubject

toattackovertimebyexaminingpacketsanddeterminingwhentheIV+RC4keyrepeats,enablingthedefeatoftheprotection.

Localusersofthenetworkaresusceptibletohavingtheirentiretrafficdecodedandanalyzed.Apropersitesurveyisanimportantstepinsecuringawirelessnetworktoavoidsendingcriticaldatabeyondcompanywalls.Recurringsitesurveysareimportantbecausewirelesstechnologyischeapandtypicallycomesunsecuredinitsdefaultconfiguration.IfanyoneattachesawirelessAPtoyournetwork,youwanttoknowaboutitimmediately.

TechTip

AnotherMeaningofRogueAccessPointA“rogueaccesspoint”canalsorefertoanattacker’saccesspoint,setupasamaninthemiddletocapturelogininformationfromunsuspectingusers.

Ifunauthorizedwirelessissetup,itisknownasarogueaccesspoint.Rogueaccesspointscanbesetupbywell-meaningemployeesorhiddenbyanattackerwithphysicalaccess.Anattackermightsetuparogueaccesspointiftheyhavealimitedamountofphysicalaccesstoanorganization,perhapsbysneakingintothebuildingbriefly.TheattackercanthensetupanAPonthenetworkand,byplacingitbehindtheexternalfirewallornetworkIDS(NIDS)typeofsecuritymeasures,canattachtothewirelessatalaterdateattheirleisure.Thisapproachreducestheriskofgettingcaughtbyphysicalsecuritystaff,andiftheAPisfound,itdoesnotpointdirectlybacktoanykindoftraceableaddress.Anothertypeof802.11attackisknownastheeviltwinattack.Thisis

theuseofanaccesspointownedbyanattackerthatusuallyhasbeenenhancedwithhigher-powerandhigher-gainantennastolooklikeabetterconnectiontotheusersandcomputersattachingtoit.Bygettinguserstoconnectthroughtheevilaccesspoint,attackerscanmoreeasilyanalyze

trafficandperformman-in-the-middle−typeattacks.Forsimpledenialofservice,anattackercoulduseinterferencetojamthewirelesssignal,notallowinganycomputertoconnecttotheaccesspointsuccessfully.

CrossCheckIdentifyingRogueAccessPointsInChapter8youlearnedabouthowphysicalsecuritycanimpactinformationsecurity,andhowseveraldifferentdevicescanactasawirelessbridgeandbearogueaccesspoint.Canyouthinkofsomephysicalsecuritypoliciesthatcanhelpreducetheriskofrogueaccesspoints?Whataboutsomeinformationsecuritypolicies?

802.11networkshavetwofeaturesusedprimarilyforsecurity:oneisdesignedsolelyforauthentication,andtheotherisdesignedforauthenticationandconfidentiality.Partoftheauthenticationfunction,introducedearlier,isknownastheservicesetidentifier(SSID).Thisunique32-octetidentifierisattachedtotheheaderofthepacket.TheSSIDisbroadcastbydefaultasanetworkname,butbroadcastingofthisbeaconframecanbedisabled.UserscanauthenticatetoanetworkregardlessofwhethertheSSIDisbroadcastornot,buttheydoneedtoknowtheSSIDtoconnect.ManyAPsalsouseadefaultSSID;forCiscoAPs,thisdefaultis

tsunami,whichmayindicateanAPthathasnotbeenconfiguredforanysecurity.RenamingtheSSIDanddisablingSSIDbroadcastarebothgoodideas;however,becausetheSSIDispartofeveryframe,thesemeasuresshouldnotbeconsideredadequatetosecurethenetwork.AstheSSIDis,hopefully,auniqueidentifier,onlypeoplewhoknowtheidentifierwillbeabletocompleteassociationtotheAP.WhiletheSSIDisagoodideaintheory,itissentinplaintextinthepackets,soinpracticeSSIDofferslittlesecuritysignificance—anysniffercandeterminetheSSID.ThisweaknessismagnifiedbymostAPs’defaultsettingstotransmit

beaconframes.Thebeaconframe’spurposeistoannouncethewirelessnetwork’spresenceandcapabilitiessothatWLANcardscanattemptto

associatetoit.ThiscanbedisabledinsoftwareformanyAPs,especiallythemoresophisticatedones.Fromasecurityperspective,thebeaconframeisdamagingbecauseitcontainstheSSID,andthisbeaconframeistransmittedatasetinterval(tentimespersecondbydefault).SinceadefaultAPwithoutanyothertrafficissendingoutitsSSIDinplaintexttentimesasecond,youcanseewhytheSSIDdoesnotprovidetrueauthentication.ScanningprogramssuchasNetStumblerworkbycapturingthebeaconframesandtherebytheSSIDsofallAPs.

ExamTip:MACfilteringcanbeemployedonWAPsbutcanbebypassedbyattackersobservingallowedMACaddressesandspoofingtheallowedMACaddressforthewirelesscard.

MostAPsalsohavetheabilitytolockaccessinonlytoknownMACaddresses,providingalimitedauthenticationcapability.Givensniffers’capacitytograballactiveMACaddressesonthenetwork,thiscapabilityisnotveryeffective.AnattackersimplyconfigureshiswirelesscardstoaknowngoodMACaddress.WEPencryptsthedatatravelingacrossthenetworkwithanRC4stream

cipher,attemptingtoensureconfidentiality.Thissynchronousmethodofencryptionensuressomemethodofauthentication.ThesystemdependsontheclientandtheAPhavingasharedsecretkey,ensuringthatonlyauthorizedpeoplewiththeproperkeyhaveaccesstothewirelessnetwork.WEPsupportstwokeylengths,40and104bits,thoughthesearemoretypicallyreferredtoas64and128bits,because24bitsoftheoverallkeylengthareusedfortheinitializationvector(IV).In802.11aand802.11g,manufacturershaveextendedthisto152-bitWEPkeys,againwith24bitsbeingusedfortheIV.

TechTip

WEPIsn’tEquivalentWEPshouldnotbetrustedalonetoprovideconfidentiality.IfWEPistheonlyprotocolsupportedbyyourAP,placeitoutsidethecorporatefirewallandVPNtoaddmoreprotection.

TheIVistheprimaryreasonfortheweaknessesinWEP.TheIVissentintheplaintextpartofthemessage,andbecausethetotalkeyspaceisapproximately16millionkeys,thesamekeywillbereused.Oncethekeyhasbeenrepeated,anattackerhastwociphertextsencryptedwiththesamekeystream.Thisallowstheattackertoexaminetheciphertextandretrievethekey.ThisattackcanbeimprovedbyexaminingonlypacketsthathaveweakIVs,reducingthenumberofpacketsneededtocrackthekey.UsingonlyweakIVpackets,thenumberofrequiredcapturedpacketsisreducedtoaroundfourorfivemillion,whichcantakeonlyafewhourstocaptureonafairlybusyAP.Forapointofreference,thismeansthatequipmentwithanadvertisedWEPkeyof128bitscanbecrackedinlessthanaday,whereastocrackanormal128-bitkeywouldtakeroughly2,000,000,000,000,000,000yearsonacomputerabletoattemptonetrillionkeysasecond.Asmentioned,AirSnortisamodifiedsniffingprogramthattakesadvantageofthisweaknesstoretrievetheWEPkeys.ThebiggestweaknessofWEPisthattheIVproblemexistsregardless

ofkeylength,becausetheIValwaysremainsat24bits.Afterthelimitedsecurityfunctionsofawirelessnetworkarebroken,the

networkbehavesexactlylikearegularEthernetnetworkandissubjecttotheexactsamevulnerabilities.Thehostmachinesthatareonorattachedtothewirelessnetworkareasvulnerableasiftheyandtheattackerwerephysicallyconnected.Beingonthenetworkopensupallmachinestovulnerabilityscanners,Trojanhorseprograms,virusandwormprograms,andtrafficinterceptionviasnifferprograms.Anyunpatchedvulnerabilityonanymachineaccessiblefromthewirelesssegmentisnowopentocompromise.

CurrentSecurityMethods

WEPwasdesignedtoprovidesomemeasureofconfidentialityonan802.11networksimilartowhatisfoundonawirednetwork,butthathasnotbeenthecase.Accordingly,theWi-FiAlliancedevelopedWi-FiProtectedAccess(WPA)toimproveuponWEP.The802.11istandardistheIEEEstandardforsecurityinwirelessnetworks,alsoknownasWi-FiProtectedAccess2(WPA2).Ituses802.1Xtoprovideauthentication.WPA2canuseAdvancedEncryptionStandard(AES)astheencryptionprotocol.The802.11istandardspecifiestheuseoftheTemporalKeyIntegrityProtocol(TKIP)andusesAESwiththeCounterModewithCBC-MACProtocol(infull,theCounterModewithCipherBlockChaining–MessageAuthenticationCodesProtocol,orsimplyCCMP).Thesetwoprotocolshavedifferentfunctions,buttheybothservetoenhancesecurity.TKIPworksbyusingasharedsecretcombinedwiththecard’sMAC

addresstogenerateanewkey,whichismixedwiththeIVtomakeper-packetkeysthatencryptasinglepacketusingthesameRC4cipherusedbytraditionalWEP.ThisovercomestheWEPkeyweakness,asakeyisusedononlyonepacket.Theotheradvantagetothismethodisthatitcanberetrofittedtocurrenthardwarewithonlyasoftwarechange,unlikeAESand802.1X.CCMPisactuallythemodeinwhichtheAEScipherisusedtoprovidemessageintegrity.UnlikeTKIP,CCMPrequiresnewhardwaretoperformtheAESencryption.Theadvancesof802.11ihavecorrectedtheweaknessesofWEP.

WPAThefirststandardtobeusedinthemarkettoreplaceWEPwasWi-FiProtectedAccess(WPA).ThisstandardusestheflawedWEPalgorithmwiththeTemporalKeyIntegrityProtocol(TKIP).WhileWEPusesa40-bitor104-bitencryptionkeythatmustbe

manuallyenteredonwirelessaccesspointsanddevicesanddoesnotchange,TKIPemploysaper-packetkey,generatinganew128-bitkeyforeachpacket.Thiscangenerallybeaccomplishedwithonlyafirmwareupdate,enablingasimplesolutiontothetypesofattacksthatcompromise

WEP.

TKIPTemporalKeyIntegrityProtocol(TKIP)wascreatedasastopgapsecuritymeasuretoreplacetheWEPprotocolwithoutrequiringthereplacementoflegacyhardware.ThebreakingofWEPhadleftWi-Finetworkswithoutviablelink-layersecurity,andasolutionwasrequiredforalreadydeployedhardware.TKIPworksbymixingasecretrootkeywiththeIVbeforetheRC4encryption.WPA/TKIPusesthesameunderlyingmechanismasWEP,andconsequentlyisvulnerabletoanumberofsimilarattacks.TKIPisnolongerconsideredsecureandhasbeendeprecatedwiththereleaseofWPA2.

WPA2IEEE802.11iisthestandardforsecurityinwirelessnetworksandisalsoknownasWi-FiProtectedAccess2(WPA2).Ituses802.1xtoprovideauthenticationandusestheAdvancedEncryptionStandard(AES)astheencryptionprotocol.WPA2usestheAESblockcipher,asignificantimprovementoverWEP’sandWPA’suseoftheRC4streamcipher.The802.11istandardspecifiestheuseoftheCounterModewithCBC-MACProtocol(infull,theCounterModewithCipherBlockChaining–MessageAuthenticationCodesProtocol,orsimplyCCMP).

WPSWi-FiProtectedSetup(WPS)isanetworksecuritystandardthatwascreatedtoprovideuserswithaneasymethodofconfiguringwirelessnetworks.Designedforhomenetworksandsmallbusinessnetworks,thisstandardinvolvestheuseofaneight-digitPINtoconfigurewirelessdevices.WPSconsistsofaseriesofExtensibleAuthenticationProtocol(EAP)messagesandhasbeenshowntobesusceptibletoabrute-forceattack.AsuccessfulattackcanrevealthePINandsubsequentlytheWPA/WPA2passphraseandallowunauthorizedpartiestogainaccessto

thenetwork.Currently,theonlyeffectivemitigationistodisableWPS.

SettingUpWPA2IfWPSisnotsafeforuse,howdoesonesetupWPA2?TosetupWPA2,youneedtohaveseveralparameters.Figure12.6showsthescreensforaWPA2setupinWindows7.

•Figure12.6WPA2setupoptionsinWindows7

Thefirstelementistochooseasecurityframework.Whenconfiguringanadaptertoconnecttoanexistingnetwork,youneedtomatchthechoiceofthenetwork.Whensettingupyourownnetwork,youcanchoosewhicheveroptionyouprefer.Therearemanyselections,butforsecuritypurposes,youshouldchooseWPA2-PersonalorWPA2-Enterprise.Bothoftheserequirethechoiceofanencryptiontype,eitherTKIPorAES.TKIPhasbeendeprecated,sochooseAES.Thelastelementisthechoiceofthenetworksecuritykey—thesecretthatissharedbyallusers.WPA2-Enterprise,whichisdesignedtobeusedwithan802.1xauthenticationserverthatdistributesdifferentkeystoeachuser,istypicallyusedinbusinessenvironments.

EAPExtensibleAuthenticationProtocol(EAP)isdefinedinRFC2284(obsoletedby3748).EAP-TLSreliesonTransportLayerSecurity(TLS),anattempttostandardizetheSSLstructuretopasscredentials.EAP-TTLS(theacronymstandsforEAP–TunneledTLSprotocol)isavariantoftheEAP-TLSprotocol.EAP-TTLSworksmuchthesamewayasEAP-TLS,withtheserverauthenticatingtotheclientwithacertificate,buttheprotocoltunnelstheclientsideoftheauthentication,allowingtheuseoflegacyauthenticationprotocolssuchasPasswordAuthenticationProtocol(PAP),Challenge-HandshakeAuthenticationProtocol(CHAP),MS-CHAP,orMS-CHAP-V2.

LEAPCiscodesignedaproprietaryEAPknownasLightweightExtensibleAuthenticationProtocol(LEAP);however,thisisbeingphasedoutfornewerprotocolssuchasPEAPorEAP-TLS.Susceptibletoofflinepasswordguessing,andwithtoolsavailablethatactivelybreakLEAPsecurity,thisprotocolhasbeendeprecatedinfavorofstrongermethodsof

EAP.

PEAPPEAP,orProtectedEAP,wasdevelopedtoprotecttheEAPcommunicationbyencapsulatingitwithTLS.ThisisanopenstandarddevelopedjointlybyCisco,Microsoft,andRSA.EAPwasdesignedassumingasecurecommunicationchannel.PEAPprovidesthatprotectionaspartoftheprotocolviaaTLStunnel.PEAPiswidelysupportedbyvendorsforuseoverwirelessnetworks.

Implementing802.1XTheIEEE802.1XprotocolcansupportawidevarietyofauthenticationmethodsandalsofitswellintoexistingauthenticationsystemssuchasRADIUSandLDAP.Thisallows802.1XtointeroperatewellwithothersystemssuchasVPNsanddial-upRAS.Unlikeotherauthenticationmethods,suchasthePoint-to-PointProtocoloverEthernet(PPPoE),802.1Xdoesnotuseencapsulation,sothenetworkoverheadismuchlower.Unfortunately,theprotocolisjustaframeworkforprovidingimplementation,sonospecificsguaranteestrongauthenticationorkeymanagement.Implementationsoftheprotocolvaryfromvendortovendorinmethodofimplementationandstrengthofsecurity,especiallywhenitcomestothedifficulttestofwirelesssecurity.Threecommonmethodsareusedtoimplement802.1X:EAP-TLS,

EAP-TTLS,andEAP-MD5.EAP-TLSreliesonTLS,anattempttostandardizetheSSLstructuretopasscredentials.Thestandard,developedbyMicrosoft,usesX.509certificatesandoffersdynamicWEPkeygeneration.Thismeansthattheorganizationmusthavetheabilitytosupportthepublickeyinfrastructure(PKI)intheformofX.509digitalcertificates.Also,per-user,per-sessiondynamicallygeneratedWEPkeyshelppreventanyonefromcrackingtheWEPkeysinuse,aseachuserindividuallyhasherownWEPkey.EvenifauserwereloggedontotheAPandtransmittedenoughtraffictoallowcrackingoftheWEPkey,accesswouldbegainedonlytothatuser’straffic.Nootheruser’sdata

wouldbecompromised,andtheattackercouldnotusetheWEPkeytoconnecttotheAP.ThisstandardauthenticatestheclienttotheAP,butitalsoauthenticatestheAPtotheclient,helpingtoavoidman-in-the-middleattacks.ThemainproblemwiththeEAP-TLSprotocolisthatitisdesignedtoworkonlywithMicrosoft’sActiveDirectoryandCertificateServices;itwillnottakecertificatesfromothercertificateissuers.Thusamixedenvironmentwouldhaveimplementationproblems.Asdiscussedearlier,EAP-TTLSworksmuchthesamewayasEAP-

TLS,withtheserverauthenticatingtotheclientwithacertificate,buttheprotocoltunnelstheclientsideoftheauthentication,allowingtheuseoflegacyauthenticationprotocolssuchasPasswordAuthenticationProtocol(PAP),Challenge-HandshakeAuthenticationProtocol(CHAP),MS-CHAP,orMS-CHAP-V2.ThismakestheprotocolmoreversatilewhilestillsupportingtheenhancedsecurityfeaturessuchasdynamicWEPkeyassignment.EAP-MD5,whileitdoesimprovetheauthenticationoftheclienttothe

AP,doeslittleelsetoimprovethesecurityofyourAP.TheprotocolworksbyusingtheMD5encryptionprotocoltohashauser’susernameandpassword.Thisprotocol,unfortunately,providesnowayfortheAPtoauthenticatewiththeclient,anditdoesnotprovidefordynamicWEPkeyassignment.Inthewirelessenvironment,withoutstrongtwo-wayauthentication,itisveryeasyforanattackertoperformaman-in-the-middleattack.Normally,thesetypesofattacksaredifficulttoperform,requiringatrafficredirectofsomekind,butwirelesschangesallthoserules.BysettinguparogueAP,anattackercanattempttogetclientstoconnecttoitasifitwereauthorizedandthensimplyauthenticatetotherealAP,asimplewaytohaveaccesstothenetworkandtheclient’scredentials.TheproblemofnotdynamicallygeneratingWEPkeysisthatitsimplyopensupthenetworktothesamelackofconfidentialitytowhichanormalAPisvulnerable.AnattackerhastowaitonlyforenoughtraffictocracktheWEPkey,andhecanthenobservealltrafficpassingthroughthenetwork.BecausethesecurityofwirelessLANshasbeensoproblematic,many

usershavesimplyswitchedtoalayeredsecurityapproach—thatis,theyhavemovedtheirAPstountrustworthyportionsofthenetworkandhaveforcedallclientstoauthenticatethroughthefirewalltoathird-partyVPNsystem.TheadditionalsecuritycomesatapriceofputtingmoreloadonthefirewallandVPNinfrastructureandpossiblyaddingcumbersomesoftwaretotheusers’devices.Whilewirelesscanbesetupinaverysecuremannerinthisfashion,itcanalsobesetuppoorly.Somesystemslackstrongauthenticationofbothendpoints,leadingtopossibilitiesofaman-in-the-middleattack.Also,eventhoughthedataistunneledthrough,IPaddressesarestillsentintheclear,givinganattackerinformationaboutwhatandwhereyourVPNendpointis.Anotherphenomenonofwirelessisborneoutofitswideavailability

andlowprice.AllthesecuritymeasuresofthewiredandwirelessnetworkcanbedefeatedbytherogueAP.Thisisthethirdpossibletypeofrogueaccesspointdiscussedinthischapter;theyallsharethesamenameastheyallrepresentasecuritybreach.However,sincetheyareimplementedwithdifferentmotivesandaccordinglyposeslightlydifferentthreats,wediscussthemallseparately.Inthiscase,awell-intentionedemployeewhoistryingtomaketheworkenvironmentmoreconvenientpurchasesanAPatalocalretailerandinstallsit.Wheninstalled,itworksfine,butittypicallywillhavenosecurityinstalled.SincetheITdepartmentdoesn’tknowaboutit,itisanuncontrolledentrypointintothenetwork.NomatterwhatkindofrogueAPwearedealingwith,therogueAP

mustbedetectedandcontrolled.ThemostcommonwaytocontrolrogueAPsissomeformofwirelessscanningtoensureonlylegitimatewirelessisinplaceatanorganization.WhilecompletewirelessIDSswilldetectAPs,thiscanalsobedonewithalaptopandfreesoftware.

TryThis!ScanningforRogueWirelessOnceyouhavecompletedLabProject12.1andhaveNetStumblerorKismetinstalledonthecomputer,takeittoseverallocationsaroundyourworkplaceorschoolandattempttoscanfor

wirelessaccesspointsthatshouldnotbethere.

CCMPAspreviouslymentionedinthediscussionofWPA2,CCMPstandsforCounterModewithCipherBlockChaining–MessageAuthenticationCodesProtocol(orCounterModewithCBC-MACProtocol).CCMPisadataencapsulationencryptionmechanismdesignedforwirelessuse.CCMPisactuallythemodeinwhichtheAEScipherisusedtoprovidemessageintegrity.UnlikeWPA,CCMPrequiresnewhardwaretoperformtheAESencryption.

MACFilteringMACfilteringistheselectiveadmissionofpacketsbasedonalistofapprovedMediaAccessControl(MAC)addresses.Employedonswitches,thismethodisusedtoprovideameansofmachineauthentication.Inwirednetworks,thisenjoystheprotectionaffordedbythewires,makinginterceptionofsignalstodeterminetheirMACaddressesdifficult.Inwirelessnetworks,thissamemechanismsuffersfromthefactthatanattackercanseetheMACaddressesofalltraffictoandfromtheaccesspoint,andthencanspooftheMACaddressesthatarepermittedtocommunicateviatheaccesspoint.

ExamTip:MACfilteringcanbeemployedonwirelessaccesspoints,butcanbebypassedbyattackersobservingallowedMACaddressesandspoofingtheallowedMACaddressforthewirelesscard.

WirelessSystemsConfigurationWirelesssystemsaremorethanjustprotocols.Puttingupafunctional

wirelesssysteminahouseisaseasyasplugginginawirelessaccesspointandconnecting.Butinanenterprise,wheremultipleaccesspointswillbeneeded,theconfigurationtakessignificantlymorework.Sitesurveysareneededtodetermineproperaccesspointandantennaplacement,aswellaschannelsandpowerlevels.

AntennaTypesThestandardaccesspointisequippedwithanomnidirectionalantenna.Omnidirectionalantennasoperateinalldirections,makingtherelativeorientationbetweendeviceslessimportant.Omnidirectionalantennascoverthegreatestareaperantenna.Theweaknessoccursincornersandhard-to-reachareas,aswellasboundariesofafacilitywheredirectionalantennasareneededtocompletecoverage.Figure12.7showsasamplingofcommonWi-Fiantennas:(a)isacommonhomewirelessrouter,(b)isacommercialindoorwirelessaccesspoint,and(c)isanoutdoordirectionalantenna.Thesecanbevisibleasshown,orhiddenaboveceilingtiles.

•Figure12.7Wirelessaccesspointantennas

WirelessnetworkingproblemscausedbyweaksignalstrengthcansometimesbesolvedbyinstallingupgradedWi-Firadioantennasontheaccesspoints.Onbusinessnetworks,thecomplexityofmultipleaccesspointstypicallyrequiresacomprehensivesitesurveytomaptheWi-Fi

signalstrengthinandaroundofficebuildings.Additionalwirelessaccesspointscanthenbestrategicallyplacedwhereneededtoresolvedeadspotsincoverage.Forsmallbusinessesandhomes,whereasingleaccesspointmaybeallthatisneeded,anantennaupgrademaybeasimplerandmorecost-effectiveoptiontofixWi-Fisignalproblems.TwocommonformsofupgradedantennasaretheYagiantennaandthe

panelantenna.AnexampleofaYagiantennaisshowninFigure12.7(c).BothYagiandpanelantennasaredirectionalinnature,spreadingtheRFenergyinamorelimitedfield,increasingeffectiverangeinonedirectionwhilelimitingitinothers.Panelantennascanprovidesolidroomperformancewhilepreventingsignalbleedbehindtheantennas.Thisworkswellontheedgeofasite,limitingthestrayemissionsthatcouldbecapturedoffsite.Yagiantennasactmorelikearifle,funnelingtheenergyalongabeam.Thisallowsmuchlongercommunicationdistancesusingstandardpower.Thisalsoenableseavesdropperstocapturesignalsfrommuchgreaterdistancesbecauseofthegainprovidedbytheantennaitself.

AntennaPlacementWi-Fiisbynaturearadio-basedmethodofcommunication,andassuchusesantennastotransmitandreceivethesignals.Theactualdesignandplacementoftheantennascanhaveasignificanteffectontheusabilityoftheradiofrequency(RF)mediumforcarryingthetraffic.Antennascomeinavarietyoftypes,eachwithitsowntransmissionpatternandgainfactor.High-gainantennascandealwithweakersignals,butalsohavemore-limitedcoverage.Wide-coverage,omnidirectionalantennascancoverwiderareas,butatlowerlevelsofgain.Theobjectiveofantennaplacementistomaximizethecoverageoveraphysicalareaandreducelow-gainareas.Thiscanbeverycomplexinbuildingswithwalls,electricalinterference,andothersourcesofinterferenceandfrequentlyrequiresasitesurveytodetermineproperplacement.

ExamTip:Becausewirelessantennascantransmitoutsideafacility,tuningandplacementofantennascanbecrucialforsecurity.Adjustingradiatedpowerthroughthepowerlevelcontrolswillassistinkeepingwirelesssignalsfrombeingbroadcastoutsideareasunderphysicalaccesscontrol.

MIMOMIMOisasetofmultiple-inputandmultiple-outputantennatechnologieswheretheavailableantennasarespreadoveramultitudeofindependentaccesspointseachhavingoneormultipleantennas.Thiscanenhancetheusablebandwidthanddatatransmissioncapacitybetweentheaccesspointanduser.ThereareawidevarietyofMIMOmethods,andthistechnology,onceconsideredcuttingedgeoradvanced,isbecomingmainstream.

PowerLevelControlsWi-Fipowerlevelscanbecontrolledbythehardwareforavarietyofreasons.Thelowerthepowerused,thelesstheopportunityforinterference.Butifthepowerlevelsaretoolow,thensignalstrengthlimitsrange.Accesspointscanhavethepowerlevelseteithermanuallyorviaprogrammaticcontrol.Formostusers,powerlevelcontrolsarenotveryuseful,andleavingtheunitindefaultmodeisthebestoption.Incomplexenterprisesetups,withsitesurveysandplannedoverlappingzones,thisaspectofsignalcontrolcanbeusedtoincreasecapacityandcontrolonthenetwork.

SiteSurveysWhendevelopingacoveragemapforacomplexbuildingsite,youneedtotakeintoaccountawidevarietyoffactors,particularlywalls,interferingsources,andfloorplans.Asitesurveyinvolvesseveralsteps:mappingthe

floorplan,testingforRFinterference,testingforRFcoverage,andanalysisofmaterialviasoftware.Thesoftwarecansuggestplacementofaccesspoints.AfterdeployingtheAPs,thesiteissurveyedagain,mappingtheresultsversusthepredicted,watchingsignalstrengthandsignal-to-noiseratios.Figure12.8illustrateswhatasitesurveylookslike.Thedifferentshadesindicatesignalstrength,showingwherereceptionisstrongandwhereitisweak.Sitesurveyscanbeusedtoensureavailabilityofwireless,especiallywhenit’scriticalforuserstohaveconnections.

•Figure12.8Examplesitesurvey

ExamTip:Wirelessnetworksaredependentuponradiosignalstofunction.Itisimportantto

understandthatantennatype,placement,andsitesurveysareusedtoensurepropercoverageofasite,includingareasblockedbywalls,interferingsignals,andechoes.

CaptivePortalsCaptiveportalreferstoaspecifictechniqueofusinganHTTPclienttohandleauthenticationonawirelessnetwork.Frequentlyemployedinpublichotspots,acaptiveportalopensawebbrowsertoanauthenticationpage.Thisoccursbeforetheuserisgrantedadmissiontothenetwork.Theaccesspointusesthissimplemechanismbyinterceptingallpacketsandreturningthewebpageforlogin.Theactualwebserverthatservesuptheauthenticationpagecanbeinawalled-offsectionofthenetwork,blockingaccesstotheInternetuntiltheusersuccessfullyauthenticates.

SecuringPublicWi-FiPublicWi-Fiisacommonperkthatsomefirmsprovidefortheircustomersandvisitors.WhenprovidingaWi-Fihotspot,evenfreeopen-to-the-publicWi-Fi,securityshouldstillbeaconcern.Oneoftheissuesassociatedwithwirelesstransmissionsisthattheyaresubjecttointerceptionbyanyonewithinrangeofthehotspot.Thismakesitpossibleforotherstointerceptandreadtrafficofanyoneusingthehotspot,unlessencryptionisused.Forthisreason,ithasbecomecommonpracticetousewirelesssecurity,evenwhentheintentistoopenthechannelforeveryone.Havingadefaultpassword,evenonethateveryoneknows,willmakeitsothatpeoplecannotobserveothertraffic.Thereisanentireopenwirelessmovement,designedaroundasharing

conceptthatpromotessharingoftheInternettoall.Forinformation,checkouthttps://openwireless.org.

MobileDevicesThissectionwillreviewalargenumberoftopicsspecifictomobile

devices.You’lllikelyfindthatthesecurityprinciplesyou’vealreadylearnedapplyandjustneedtobeadaptedtomobiletechnologies.Thisisoneofthefastest-changingareasofcomputersecuritybecausemobiletechnologyislikelythefastest-changingtechnology.

Althoughthedatatransmissionsbetweenmanymobiledevicesaresecuredviacarriermethods(GSM)anddevicemethods(RIMBlackberry),voicetransmissionshavebeeninterceptedandlaterusedtoembarrasstheparties.Third-partyvoiceencryptionmethodsexistforsmartphones,butareconsideredexpensiveanddifficulttodeploybymostpeople.Theyalsosufferfromtheproblemthatbothendsofaconversationneedthedevicetohaveasecuredcommunication.Asmoreandmorebusinessesfindvalueinsecuredvoicecommunications,thissolutionmaybecomemainstreaminthefuture.

Manymobiledeviceshavesignificantstoragecapacity,allowingthemtotransferfilesanddata.Datamustbeprotected,devicesmustbeproperlyconfigured,andgooduserhabitsmustbeencouraged.Thismakesmobiledevicesnodifferentfromanyothermobilemediasource,capableofcarryinganddeliveringviruses,worms,andotherformsofmalware.Theyarealsocapableofremovingdatafromwithinanetwork,inthecaseofaninsiderattack.MobiledevicesarealsocommonlyBluetoothenabled,makingvariouswirelessattacksagainstthedevicearisk.Onereasontoattackthemobiledeviceistouseittorelaytheattackontotheinternalnetworkwhenthedeviceissyncedup.BluetoothattacksarecoveredinChapter12.

MobileDeviceSecuritySecurityprinciplessimilartothoseapplicabletolaptopcomputersmustbefollowedwhenusingmobiledevicessuchassmartphonesandtabletcomputingdevices.Datamustbeprotected,devicesmustbeproperlyconfigured,andgooduserhabitsmustbeencouraged.Thischapterwillreviewalargenumberoftopicsspecifictomobiledevices.You’lllikelyfindthatthesecurityprinciplesyou’vealreadylearnedapplyandjustneed

tobeadaptedtomobiletechnologies.Thisisoneofthefastest-changingareasofcomputersecuritybecausemobiletechnologyislikelythefastest-changingtechnology.

FullDeviceEncryptionJustaslaptopcomputersshouldbeprotectedwithwholediskencryptiontoprotectthelaptopincaseoflossortheft,youmayneedtoconsiderencryptionformobiledevicesusedbyyourcompany’semployees.Mobiledevicesaremuchmorelikelytobelostorstolen,soyoushouldconsiderencryptingdataonyourdevices.Moreandmore,mobiledevicesareusedwhenaccessingandstoringbusiness-criticaldataorothersensitiveinformation.Protectingtheinformationonmobiledevicesisbecomingabusinessimperative.Thisisanemergingtechnology,soyou’llneedtocompletesomerigorousmarketanalysistodeterminewhatcommercialproductmeetsyourneeds.

RemoteWipingToday’smobiledevicesarealmostinnumerableandareverysusceptibletolossandtheft.Further,itisunlikelythatalostorstolendevicewillberecovered,thusmakingevenencrypteddatastoredonadevicemorevulnerabletodecryption.Ifthethiefcanhaveyourdeviceforalongtime,hecantakeallthetimehewantstotrytodecryptyourdata.Therefore,manycompaniesprefertojustremotelywipealostorstolendevice.Remotewipingamobiledevicetypicallyremovesdatastoredonthedeviceandresetsthedevicetofactorysettings.ThereisadilemmaintheuseofBYOD(bringyourowndevice)devicesthatstorebothpersonalandenterprisedata.Wipingthedeviceusuallyremovesalldata,bothpersonalandenterprise.Therefore,ifcorporatepolicyrequireswipingalostdevicethatmaymeanthedevice’suserlosespersonalphotosanddata.Thesoftwarecontrolsforseparatedatacontainers,oneforbusinessandoneforpersonal,areoneofthereasonsforenterprisestoadoptmobiledevicemanagement(MDM)solutions.

LockoutAuserlikelywilldiscoverinarelativelyshorttimethatthey’velosttheirdevice,soaquickwaytoprotecttheirdeviceistoremotelylockthedeviceassoonastheyrecognizeithasbeenlostorstolen.Severalproductsareavailableonthemarkettodaytohelpenterprisesmanagetheirdevices.Remotelockoutisusuallythefirststeptakeninsecuringamobiledevice.

Screen-locksMostcorporatepoliciesregardingmobiledevicesrequiretheuseofthemobiledevice’sscreen-lockingcapability.ThisusuallyconsistsofenteringapasscodeorPINtounlockthedevice.Itishighlyrecommendedthatscreenlocksbeenforcedforallmobiledevices.Yourpolicyregardingthequalityofthepasscodeshouldbeconsistentwithyourcorporatepasswordpolicy.However,manycompaniesmerelyenforcetheuseofscreen-locking.Thus,userstendtouseconvenientoreasy-to-rememberpasscodes.Somedevicesallowcomplexpasscodes.AsshowninFigure12.9,thedevicescreenontheleftsupportsonlyasimpleiOSpasscode,limitedtofournumbers,whilethedevicescreenontherightsupportsapasscodeofindeterminatelengthandcancontainalphanumericcharacters.

•Figure12.9iOSlockscreens

Somemoreadvancedformsofscreen-locksworkinconjunctionwithdevicewiping.Ifthepasscodeisenteredincorrectlyaspecifiednumberoftimes,thedeviceisautomaticallywiped.ThisisoneofthesecurityfeaturesofBlackBerrythathastraditionallymadeitofinteresttosecurity-conscioususers.ApplehasmadethisanoptiononneweriOSdevices.Applealsoallowsremotelockingofadevicefromtheuser’siCloudaccount.

TechTip

MobileDeviceSecurityMobiledevicesrequirebasicsecuritymechanismsofscreen-locks,lockouts,devicewiping,andencryptiontoprotectsensitiveinformationcontainedonthem.

GPSMostmobiledevicesarenowcapableofusingtheGlobalPositioningSystem(GPS)fortrackingdevicelocation.ManyappsrelyheavilyonGPSlocation,suchasdevice-locatingservices,mappingapps,trafficmonitoringapps,andappsthatlocatenearbybusinessessuchasgasstationsandrestaurants.Suchtechnologycanbeexploitedtotrackmovementlocationofthemobiledevice.Thistrackingcanbeusedtoassistintherecoveryoflostdevices.

StorageSegmentationOnmobiledevices,itcanbeverydifficulttokeeppersonaldataseparatefromcorporatedata.Somecompanieshavedevelopedcapabilitiestocreateseparatevirtualcontainerstokeeppersonaldataseparatefromcorporatedataandapplications.Fordevicesthatareusedtohandlehighly

sensitivecorporatedata,thisformofprotectionishighlyrecommended.

AssetControlBecauseeachusercanhavemultipledevicesconnectingtothecorporatenetwork,itisimportanttoimplementaviableassettrackingandinventorycontrolmechanism.Forsecurityandliabilityreasons,thecompanyneedstoknowwhatdevicesareconnectingtoitssystemsandwhataccesshasbeengranted.JustasinITsystems,maintainingalistofapproveddevicesisacriticalcontrol.

MobileDeviceManagementMobiledevicemanagement(MDM)isoneofthehottesttopicsindevicesecuritytoday.MDMbeganasamarketingtermforacollectivesetofcommonlyemployedprotectionelementsassociatedwithmobiledevices.Whenviewedasacomprehensivesetofsecurityoptionsformobiledevices,everycorporationshouldhaveandenforceanMDMpolicy.Thepolicyshouldrequire

Devicelockingwithastrongpassword

Encryptionofdataonthedevice

Devicelockingautomaticallyafteracertainperiodofinactivity

Thecapabilitytoremotelylockthedeviceifitislostorstolen

Thecapabilitytowipethedeviceautomaticallyafteracertainnumberoffailedloginattempts

Thecapabilitytoremotelywipethedeviceifitislostorstolen

Passwordpoliciesshouldextendtomobiledevices,includinglockoutand,ifpossible,theautomaticwipingofdata.Corporatepolicyfordataencryptiononmobiledevicesshouldbeconsistentwiththepolicyfordataencryptiononlaptopcomputers.Inotherwords,ifyoudon’trequireencryptionofportablecomputers,thenshouldyourequireitformobile

devices?Thereisnotauniformanswertothisquestion;mobiledevicesaremuchmoremobileinpracticethanlaptops,andmorepronetoloss.Thisisultimatelyariskquestionthatmanagementmustaddress:Whatistheriskandwhatarethecostsoftheoptionsemployed?Thisalsoraisesabiggerquestion:Whichdevicesshouldhaveencryptionasabasicsecurityprotectionmechanism?Isitbydevicetype,orbyuserbasedonwhatdatawouldbeexposedtorisk?Fortunately,MDMsolutionsexisttomakethechoicesmanageable.

ExamTip:Mobiledevicemanagement(MDM)isamarketingtermforacollectivesetofcommonlyemployedprotectionelementsassociatedwithmobiledevices.

DeviceAccessControlTheprinciplesofaccesscontrolformobiledevicesneedtobemanagedjustlikeaccesscontrolfromwiredorwirelessdesktopsandlaptops.ThiswillbecomemorecriticalasstorageinthecloudandSoftwareasaService(SaaS)becomemoreprevalent.Emergingtablet/mobiledevicesharingintendstoprovidetheuserwithaseamlessdataaccessexperienceacrossmanydevices.Dataaccesscapabilitieswillcontinuetoevolvetomeetthisneed.Rigorousdataaccessprinciplesneedtobeapplied,andtheybecomeevenmoreimportantwiththeinclusionofmobiledevicesasfullyfunctionalcomputingdevices.Whenreviewingpossiblesolutions,itisimportanttoconsiderseekingproofofsecurityandproceduresratherthanrelyingonmarketingbrochures.

RemovableStorageBecauseremovabledevicescanmovedataoutsideofthecorporate-controlledenvironment,theirsecurityneedsmustbeaddressed.Removabledevicescanbringunprotectedorcorrupteddataintothecorporateenvironment.Allremovabledevicesshouldbescannedby

antivirussoftwareuponconnectiontothecorporateenvironment.Corporatepoliciesshouldaddressthecopyingofdatatoremovabledevices.ManymobiledevicescanbeconnectedviaUSBtoasystemandusedtostoredata—andinsomecasesvastquantitiesofdata.Thiscapabilitycanbeusedtoavoidsomeimplementationsofdatalosspreventionmechanisms.

DisablingUnusedFeaturesAswithallcomputingdevices,featuresthatarenotusedorthatpresentasecurityriskshouldbedisabled.Bluetoothaccessisparticularlyproblematic.ItisbesttomakeBluetoothconnectionsundiscoverable.But,userswillneedtoenableittopairwithanewheadsetorcarconnection,forexample.RequiringBluetoothconnectionstobeundiscoverableisveryhardtoenforcebutshouldbeencouragedasabestpractice.UsersshouldreceivetrainingastotherisksofBluetooth—notsotheyavoidBluetooth,butsotheyunderstandwhentheyshouldturnitoff.Havingamobiledevicewithaccesstosensitiveinformationcarrieswithitalevelofresponsibility.Helpingusersunderstandthisandactaccordinglycangoalongwaytowardsecuringmobiledevices.

BYODConcernsPermittingemployeesto“bringyourowndevice”(BYOD)hasmanyadvantagesinbusiness,andnotjustfromtheperspectiveofdevicecost.Userstendtopreferhavingasingledeviceratherthancarryingmultipledevices.Usershavelessofalearningcurveondevicestheyalreadyhaveaninterestinlearning.

DataOwnershipBYODblursthelinesofdataownershipbecauseitblursthelinesofdevicemanagement.Ifacompanyownsasmartphoneissuedtoanemployee,thecompanycanrepossessthephoneuponemployee

termination.Thispracticemayprotectcompanydatabykeepingthecompany-issueddevicesinthehandsofemployeesonly.However,acompanycannotrelyonasimplefactoryresetbeforereissuingadevice,becausefactoryresettingmaynotremoveallthedataonthedevice.Ifadeviceisreissued,itispossiblethatsomeofthepreviousowner’spersonalinformation,suchasprivatecontacts,stillremainsonthedevice.Ontheotherhand,iftheemployee’sdeviceisapersonaldevicethathasbeenusedforbusinesspurposes,uponterminationoftheemployee,itislikelythatsomecompanydataremainsonthephonedespitethecompany’sbesteffortstoremoveitsdatafromthedevice.Ifthatdeviceisresoldorrecycled,thecompany’sdatamayremainonthedeviceandbepassedontothesubsequentowner.Keepingbusinessdatainseparate,MDM-managedcontainersisonemethodofdealingwiththisissue.

TechTip

BYODConcernsThereisadilemmaintheuseofBYODdevicesthatstorebothpersonalandenterprisedata.Wipingthedeviceusuallyremovesalldata,bothpersonalandenterprise.Therefore,ifcorporatepolicyrequireswipingalostdevice,thatpolicymaymeanthedevice’suserlosespersonalphotosanddata.Thesoftwarecontrolsforseparatedatacontainers,oneforbusinessandoneforpersonal,havebeenproposedbutarenotamainstreamoptionyet.

StorageSegmentationOnmobiledevices,itcanbeverydifficulttokeeppersonaldataseparatefromcorporatedata.Somecompanieshavedevelopedcapabilitiestocreateseparatevirtualcontainerstokeeppersonaldataseparatefromcorporatedataandapplications.Fordevicesthatareusedtohandlehighlysensitivecorporatedata,thisformofprotectionishighlyrecommended.

SupportOwnershipSupportcostsformobiledevicesareanimportantconsiderationfor

corporations.Eachdevicehasitsownimplementationofvariousfunctions.Whilethosefunctionstypicallyareimplementedagainstaspecification,softwareimplementationsmaynotfullyorproperlyimplementthespecification.Thismayresultinincreasedsupportcallstoyourhelpdeskorsupportorganization.Itisverydifficultforacorporatehelpdesktobeknowledgeableonallaspectsofallpossibledevicesthataccessacorporatenetwork.Forexample,yoursupportorganizationmustbeabletotroubleshootiPhones,Androiddevices,tablets,andsoforth.Thesedevicesareupdatedfrequently,newdevicesarereleased,andnewcapabilitiesareaddedonaregularbasis.Yoursupportorganizationwillneedviableknowledgebasearticlesandjobaidsinordertoprovidesufficientsupportforthewidevarietyofever-changingdevices.

PatchManagementJustasyourcorporatepolicyshouldenforcethepromptupdateofdesktopandlaptopcomputerstohelpeliminatesecurityvulnerabilitiesonthoseplatforms,itshouldalsorequiremobiledevicestobekeptcurrentwithrespecttopatches.Havingthelatestapplications,operatingsystem,andsoonisanimportantbestdefenseagainstviruses,malware,andotherthreats.Itisimportanttorecognizethat“jailbreaking”or“rooting”yourdevicemayremovethemanufacturer’ssecuritymechanismsandprotectionagainstmalwareandotherthreats.ThesedevicesmayalsonolongerbeabletoupdatetheirapplicationsorOSagainstknownissues.Jailbreakingorrootingisalsoamethodusedtobypasssecuritymeasuresassociatedwiththedevicemanufacturercontrol,andinsomelocations,thiscanbeillegal.Mobiledevicesthatarejailbrokenorrootedshouldnotbetrustedonyourenterprisenetworkorallowedtoaccesssensitivedata.

AntivirusManagementJustlikedesktopandlaptopcomputers,smartphones,tablets,andothermobiledevicesneedprotectionagainstvirusesandmalware.Itisimportantthatcorporatepolicyandpersonalusagekeepoperatingsystemsandapplicationscurrent.Antivirusandmalwareprotectionshouldbe

employedaswidelyaspossibleandkeptup-to-dateagainstcurrentthreats.

ForensicsMobiledeviceforensicsisarapidlyevolvingandfast-changingfield.Becausedevicesareevolvingsoquicklyandchangingsofast,itisdifficulttostaycurrentinthisfield.Solidforensicsprinciplesshouldalwaysbefollowed.DevicesshouldbeproperlyhandledbyusingRF-shieldedbagsorcontainers.Becauseoftherapidchangesinthisarea,it’sbesttoengagethehelpoftrainedforensicspecialiststoensuredataisn’tcontaminatedandthedevicestateandmemoryareunaltered.Ifforensicsareneededonadevicethathasbothpersonalandbusinessdata,thenpoliciesneedtobeinplacetocovertheappropriateprivacyprotectionsonthepersonalsideofthedevice.

PrivacyWhenanemployeeuseshispersonaldevicetoperformhisworkforthecompany,hemayhavestrongexpectationsthatprivacywillbeprotectedbythecompany.Thecompanypolicyneedstoconsiderthisandaddressitexplicitly.Oncompany-owneddevices,it’squiteacceptableforthecompanytoreservetherighttoaccessandwipeanycompanydataonthedevice.Thecompanycanthusstatethattheusercanhavenoexpectationofprivacywhenusingacompanydevice.Butwhenthedeviceisapersonaldevice,theusermayfeelstrongerownership.Expectationsofprivacyanddataaccessonpersonaldevicesshouldbeincludedinyourcompanypolicy.

On-boardCamera/VideoManymobiledevicesincludeon-boardcameras,andthephotos/videostheytakecandivulgeinformation.Thisinformationcanbeassociatedwithanythingthecameracanimage—whiteboards,documents,eventhelocationofthedevicewhenthephoto/videowastakenviageo-tagging.Anotherchallengepresentedbymobiledevicesisthepossibilitythatthey

willbeusedforillegalpurposes.Thiscancreateliabilityforthecompanyifitisacompany-owneddevice.Despiteallthepotentiallegalconcerns,possiblythegreatestconcernofmobiledeviceusersisthattheirpersonalphotoswillbelostduringadevicewipeoriginatedbythecompany.

On-boarding/Off-boardingMostcompaniesandindividualsfinditrelativelyeasytoconnectmobiledevicestothecorporatenetwork.OftentherearenotcontrolsaroundconnectingadeviceotherthanhavingaMicrosoftExchangeaccount.Whennewemployeesjoinacompany,theon-boardingprocessesneedtoincludeprovisionsformobiledeviceresponsibilities.Itiseasyfornewemployeestobypasssecuritymeasuresiftheyarenotpartofthebusinessprocessofon-boarding.Employeeterminationneedstobemodifiedtoincludeterminationof

accountsonmobiledevices.It’snotuncommontofindterminatedemployeeswithaccountsorevencompanydevicesstillconnectingtothecorporatenetworkmonthsafterbeingterminated.E-mailaccountsshouldberemovedpromptlyaspartoftheemployeeterminationpolicyandprocess.Mobiledevicessuppliedbythecompanyshouldbecollectedupontermination.BYODequipmentshouldhaveitsaccesstocorporateresourcesterminatedaspartoftheoff-boardingprocess.Regularauditsforoldorunterminatedaccountsshouldbeperformedtoensurepromptdeletionofaccountsforterminatedemployees.

AdherencetoCorporatePoliciesYourcorporatepoliciesregardingBYODdevicesshouldbeconsistentwithyourexistingcomputersecuritypolicies.Yourtrainingprogramsshouldincludeinstructiononmobiledevicesecurity.Disciplinaryactionsshouldbeconsistent.Yourmonitoringprogramsshouldbeenhancedtoincludemonitoringandcontrolofmobiledevices.

UserAcceptance

BYODinherentlycreatesaconflictbetweenpersonalandcorporateinterests.Anemployeewhousesherowndevicetoconductcorporatebusinessinherentlyfeelsstrongownershipoverthedeviceandmayresentcorporatedemandstocontrolcorporateinformationdownloadedtothedevice.Ontheotherhand,thecorporationexpectsthatcorporatedatabeproperlycontrolledandprotectedandthusdesirestoimposeremotewipingorlockoutrequirementsinordertoprotectcorporatedata.Anindividualwholosesherpersonalphotosfromaspecialeventwilllikelyharborillfeelingstowardthecorporationifitwipesherdevice,includingthoseirreplaceablephotos.YourcorporateBYODpolicyneedstobewelldefined,approvedbythecorporatelegaldepartment,andclearlycommunicatedtoallemployeesthroughtraining.

Architecture/InfrastructureConsiderationsMobiledevicesconsumeconnectionstoyourcorporateITinfrastructure.Itisnotunusualnowforasingleindividualtobeconnectedtothecorporateinfrastructurewithoneormoresmartphones,tablets,andlaptopordesktopcomputers.Someinfrastructureimplementationsinthepasthavenotbeenefficientintheirdesign,sometimesconsumingmultipleconnectionsforasingledevice.Thiscanreducethenumberofavailableconnectionsforotherendusers.Itisrecommendedthatloadtestingbeperformedtoensurethatyourdesignorexistinginfrastructurecansupportthepotentiallylargenumberofconnectionsfrommultipledevices.Multipleconnectionscanalsocreatesecurityissueswhenthesystem

tracksuseraccountsagainstmultipleconnections.Userswillneedtobeawareofthis,sothattheydon’tinadvertentlycreateincidentresponsesituationsorfindthemselveslockedoutbytheirownactions.Thiscanbeatrickyissuerequiringabitmoreintelligentdesignthanthetraditionalphilosophyofoneuseridequalsonecurrentconnection.

LegalConcernsItshouldbeapparentfromthevarioustopicsdiscussedinthischapterthattherearemanysecuritychallengespresentedbymobiledevicesusedfor

corporatebusiness.Becausethetechnologyisrapidlychanging,it’sbesttomakesureyouhavesolidlegalreviewofpolicies.Therearebothlegalandpublicrelationconcernswhenitcomestomobiledevices.Employeeswhousebothcompany-ownedandpersonaldeviceshaveresponsibilitieswhencompanydataisinvolved.Policiesandproceduresshouldbereviewedonaregularbasistostaycurrentwithtechnology.Anotherchallengepresentedbymobiledevicesisthepossibilitythat

theywillbeusedforillegalpurposes.Thiscancreateliabilityforthecompanyifitisacompany-owneddevice.

AcceptableUsePolicySimilartoyouracceptableusepoliciesforlaptopsanddesktops,yourmobiledevicepoliciesshouldaddressacceptableuseofmobileorBYODdevices.Authorizedusageofcorporatedevicesforpersonalpurposesshouldbeaddressed.Disciplinaryactionsforviolationofmobiledevicepoliciesshouldbedefined.BYODoffersboththecompanyandtheuseradvantages;ramificationsshouldbespecificallyspelledout,alongwiththespecificuserresponsibilities.

ExamTip:Mobiledevicesoffermanyusabilityadvantagesacrosstheenterprise,andtheycanbemanagedsecurelywiththehelpofsecurity-conscioususers.Securitypoliciescangoalongwaytowardassistingusersinunderstandingtheirresponsibilitiesassociatedwithmobiledevicesandsensitivedata.

LocationServicesMobiledevicesbytheirspecificnaturecanmove,andhencelocationofthedevicecanhavesignificantramificationswithrespecttoitsuse.MobiledevicescanconnecttomultiplepublicWi-Filocations,andtheycanprovideuserswithnavigationandotherlocationcontext-sensitiveinformation,suchasalocalsale.Toenablethisfunctionality,location

servicesareasetoffunctionstoenable,yetcontrol,thelocationinformationpossessedbythedevice.

Geo-TaggingGeo-taggingisthepostingoflocationinformationintoadatastreamsignifyingwherethedevicewaswhenthestreamwascreated.Asmanymobiledevicesincludeon-boardcameras,andthephotos/videostheytakecandivulgeinformation,geo-taggingcanmakelocationpartofanypictureorvideo.Thisinformationcanbeassociatedwithanythingthecameracanimage—whiteboards,documents,eventhelocationofthedevicewhenthephoto/videowastakenviageo-tagging.Postingphotoswithgeo-tagsembeddedinthemhasitsuse,butitcan

alsounexpectedlypublishinformationthatusersmaynotwanttoshare.Forexample,ifyouuseyoursmartphonetotakeaphotoofyourcarinthedrivewayandthenpostthephotoontheInternetinanattempttosellyourcar,ifgeo-taggingwasenabledonthesmartphone,thelocationofwherethephotowastakenisembeddedasmetadatainthedigitalphoto.Suchapostingcouldinadvertentlyexposewhereyourhomeislocated.Somesocialmediaapplicationsstripoutthemetadataonaphotobeforeposting,butthentheypostwhereyouposteditfrominthepostingitself.Therehasbeenmuchpublicdiscussiononthistopic,andgeo-taggingcanbedisabledonmostmobiledevices.Itisrecommendedthatitbedisabledunlessyouhaveaspecificreasonforhavingthelocationinformationembeddedinthephoto.

MobileApplicationSecurityDevicesarenottheonlyconcerninthemobileworld.Applicationsthatrunonthedevicesalsorepresentsecuritythreatstotheinformationthatisstoredonandprocessedbythedevice.Applicationsarethesoftwareelementsthatcanbeusedtoviolatesecurity,evenwhentheuserisnotaware.Manygamesandutilitiesoffervaluetotheuser,butatthesametimetheyscrapeinformationstoresonthedeviceforinformation.

ApplicationControlMostmobiledevicevendorsprovidesomekindofappstoreforfindingandpurchasingappsfortheirmobiledevices.Thevendorsdoareasonablejobofmakingsurethatofferedappsareapprovedanddon’tcreateanovertsecurityrisk.Yetmanyappsrequestaccesstovariousinformationstoresonthemobiledeviceaspartoftheirbusinessmodel.Understandingwhataccessisrequestedandapproveduponinstallationofappsisanimportantsecurityprecaution.Yourcompanymayhavetorestrictthetypesofappsthatcanbedownloadedandusedonmobiledevices.Ifyouneedverystrongprotection,yourcompanycanbeveryproactiveandprovideanenterpriseappstorewhereonlycompany-approvedappsareavailable,withacorrespondingpolicythatappscannotbeobtainedfromanyothersource.

KeyandCredentialManagementTheMDMmarketplaceismaturingquickly.KeyandcredentialmanagementservicesarebeingintegratedintomostMDMservicestoensurethatexistingstrongpoliciesandprocedurescanbeextendedtomobileplatformssecurely.TheseservicesincludeprotectionofkeysfordigitalsignaturesandS/MIMEencryptionanddecryption.Keysandcredentialsareamongthehighest-valueitemsthatcanbefoundonmobiledevices,soensuringprotectionforthemisakeyelementinmobiledevicesecurity.Thekeysandcredentialsstoredonthedevicecanbeusedbymultipleapplications.Providingprotectionofthesekeyswhilestillmaintainingusabilityofthemisanessentialelementofmodernmobileapplicationsecurity.

AuthenticationWhenmobiledevicesareusedtoaccessbusinessnetworks,authenticationbecomesanissue.Thereareseverallevelsofauthenticationthatcanbeanissue.Isthedeviceallowedtoaccessthenetwork?Istheuserofthedeviceanetworkuser?Ifso,howdoyouauthenticatetheuser?Mobiledevices

havesomeadvantagesinthattheycanstorecertificates,whichbytheirverynaturearemoresecurethanpasswords.Thismovestheauthenticationproblemtotheendpoint,whereitreliesonpasscodes,screen-locks,andothermobiledeviceprotections.Thesecanberelativelyweakunlessstructuredtogether,includingwipingafteralimitednumberoffailures.Theriskinmobileauthenticationisthatstrongcredentialsstoredinthedeviceareprotectedbythelessrigorouspasscodeandtheenduser.Enduserscansharetheirmobiledevices,andbyproxyunwittinglysharetheirstrongcorporateauthenticationcodes.

ApplicationWhitelistingAsdiscussedinthe“ApplicationControl”sectionearlierinthechapter,controllingwhatapplicationsadevicecanaccessmaybeanimportantelementofyourcompany’smobiledevicepolicy.Applicationwhitelistingandblacklistingenablesyoutocontrolandblockapplicationsavailableonthemobiledevice.ThisisusuallyadministeredthroughsometypeofMDMcapability.Applicationwhitelistingcanimprovesecuritybypreventingunapprovedapplicationsfrombeinginstalledandrunonthedevice.

EncryptionJustasthedeviceshouldbeencrypted,therebyprotectingallinformationonthedevice,applicationsshouldbeencryptedaswell.Justemployingencryptionforthedatastoreisnotsufficient.Ifthedeviceisfullyencrypted,thenallappswouldhavetohaveaccesstothedata,inessencebypassingtheencryptionfromanapppointofview.Appswithsensitiveinformationshouldcontrolaccessviatheirownsetofprotections.Theonlywaytosegregatedatawithinthedeviceisforappstomanagetheirowndatastoresthroughapp-specificencryption.Thiswillallowsensitivedatatobeprotectedfromrogueapplicationsthatwouldleakdataifuniformaccesswasallowed.

TransitiveTrust/AuthenticationSecurityacrossmultipledomains/platformsisprovidedthroughtrustrelationships.Whentrustrelationshipsbetweendomainsorplatformsexist,authenticationforeachdomaintruststheauthenticationforallothertrusteddomains.Thuswhenanapplicationisauthenticated,itsauthenticationisacceptedbyallotherdomains/platformsthattrusttheauthenticatingdomainorplatform.Trustrelationshipscanbeverycomplexinmobiledevices,andoftensecurityaspectsaren’tproperlyimplemented.Mobiledevicestendtobeusedacrossnumeroussystems,includingbusiness,personal,public,andprivate.Thisgreatlyexpandstheriskprofileandopportunityfortransitivetrust–basedattacks.Aswithallotherapplications,mobileapplicationsshouldbecarefullyreviewedtoensurethattrustrelationshipsaresecure.

Chapter12Review

ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutwirelesssecurityandmobiledevices.

Describethedifferentwirelesssystemsinusetoday

WirelessApplicationProtocol(WAP)isusedonsmall,handhelddeviceslikecellphonesforout-of-the-officeconnectivity.

802.11istheIEEEstandardforwirelesslocalareanetworks.Thestandardincludesseveraldifferentspecificationsof802.11networks,suchas802.11b,802.11a,802.11g,and802.11n.

DetailWAPanditssecurityimplications

WAPisthedataprotocolusedbymanycellularphonestodelivere-mailandlightweightwebservices.

DesignerscreatedWTLSasamethodtoensureprivacyofdatabeingbroadcastoverWAP.

WTLShasanumberofinherentsecurityproblems,suchasweakencryptionnecessitatedbythelowcomputingpowerofthedevicesandthenetworktransitionthatmustoccuratthecellularprovider’snetwork,ortheWAPgap.

Identify802.11’ssecurityissuesandpossiblesolutions

802.11doesnotallowphysicalcontrolofthetransportmechanism.

Transmissionofallnetworkdatawirelesslytransmitsframestoallwirelessmachines,notjustasingleclient,similartoEthernethubdevices.

PoorauthenticationiscausedbytheSSIDbeingbroadcasttoanyonelistening.

FlawedimplementationoftheRC4encryptionalgorithmmakesevenencryptedtrafficsubjecttointerceptionanddecryption.

Examinetheelementsneededforenterprisewirelessdeployment

Wirelesscoveragecanbeafunctionofantennatype,placement,andpowerlevels.

Captiveportalscanbeusedtocontrolaccesstowirelesssystems.

Examinethesecurityofmobilesystems

Mobiledeviceshavespecificsecurityconcernsandspecificcontrolstoassistinsecuringthem.

BYODhasitsownconcernsandpoliciesandprocedurestomanagemobiledevicesintheenterprise.

Mobileapplicationsrequiresecurity,andtheissuesassociatedwithmobile,apps,andsecurityneedtobeaddressed.

KeyTerms2.4GHzband(344)5GHzband(348)beaconframes(349)bluebugging(346)bluejacking(345)bluesnarfing(346)BluetoothDOS(346)captiveportal(362)confidentiality(340)direct-sequencespreadspectrum(DSSS)(348)eviltwin(352)geo-tagging(370)IEEE802.1X(357)IEEE802.11(337)initializationvector(IV)(340)jailbreaking(367)MACfiltering(359)MIMO(361)mobiledevicemanagement(MDM)(365)nearfieldcommunication(NFC)(347)orthogonalfrequencydivisionmultiplexing(OFDM)(348)RC4streamcipher(350)remotewiping(363)rogueaccesspoint(352)screenlocking(363)servicesetidentifier(SSID)(349)

sitesurvey(361)TemporalKeyIntegrityProtocol(TKIP)(355)WAPgap(341)Wi-FiProtectedAccess2(WPA2)(355)WiMax(337)WiredEquivalentPrivacy(WEP)(350)WirelessApplicationProtocol(WAP)(339)WirelessTransportLayerSecurity(WTLS)(340)ZigBee(337)

KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.

1.AnAPuses_______________toadvertiseitsexistencetopotentialwirelessclients.

2.The_______________isthepartoftheRC4cipherthathasaweakimplementationinWEP.

3.Twocommonmobiledevicesecuritymeasuresare_______________and_______________.

4.WAPusesthe_______________protocoltoattempttoensureconfidentialityofdata.

5.The32-characteridentifierattachedtotheheaderofapacketusedforauthenticationtoan802.11accesspointisthe_______________.

6._______________isafeaturethatcandiscloseauser’spositionwhensharingphotos.

7.802.11iupdatestheflawedsecuritydeployedin_______________.8.Thestandardforwirelesslocalareanetworksiscalled

_______________.

9.Thetypeofapplicationusedtocontrolsecurityacrossmultiplemobiledevicesinanenterpriseiscalled_______________.

10.802.11ausesfrequenciesinthe_______________.

Multiple-ChoiceQuiz1.Bluebuggingcangiveanattackerwhat?

A.Allofyourcontacts

B.Theabilitytosend“shock”photos

C.Totalcontroloveramobilephone

D.Avirus

2.Howdoes802.11nimprovenetworkspeed?A.Widerbandwidth

B.Higherfrequency

C.Multiple-inputmultiple-output(MIMO)

D.BothAandC

3.WTLSensuresintegritythroughwhatdevice?A.Publickeyencryption

B.Messageauthenticationcodes

C.SourceIP

D.Digitalsignatures

4.WEPhasusedanimplementationofwhichofthefollowingencryptionalgorithms?

A.SHA

B.ElGamal

C.RC4

D.Triple-DES

5.WhatelementdoesnotbelonginamobiledevicesecuritypolicyinanenterpriseemployingBYOD?

A.Separationofpersonalandbusiness-relatedinformation

B.Remotewiping

C.Passwordsandscreen-locking

D.Mobiledevicecarrierselection

6.Whatisbluejacking?A.Stealingaperson’smobilephone

B.SendinganunsolicitedmessageviaBluetooth

C.BreakingaWEPkey

D.LeavingyourBluetoothindiscoverablemode

7.WhiletheSSIDprovidessomemeasureofauthentication,whyisitnotveryeffective?

A.Itisdictatedbythemanufactureroftheaccesspoint.

B.Itisencrypted.

C.Itisbroadcastineverybeaconframe.

D.SSIDisnotanauthenticationfunction.

8.The802.1XprotocolisaprotocolforEthernet:A.Authentication

B.Speed

C.Wireless

D.Cabling

9.WhatisthebestwaytoavoidproblemswithBluetooth?A.Keeppersonalinfooffyourphone

B.KeepBluetoothdiscoverabilityoff

C.Buyanewphoneoften

D.Encryption

10.Whyisattackingwirelessnetworkssopopular?A.Therearemorewirelessnetworksthanwired.

B.TheyallrunWindows.

C.It’seasy.

D.It’smoredifficultandmoreprestigiousthanothernetworkattacks.

EssayQuiz1.Produceareportonwhysensitiveinformationshouldnotbesent

overtheWirelessApplicationProtocol.

2.Whenyouwanttostartscanningforroguewirelessnetworks,yoursupervisorasksyoutowriteamemodetailingthethreatsofroguewirelessaccesspoints.Whatinformationwouldyouincludeinthememo?

3.Writeasecuritypolicyforcompany-ownedcellphonesthatusetheBluetoothprotocol.

4.Writeamemorecommendingupgradingyourorganization’sold

802.11binfrastructuretoan802.11i-compliantnetwork,anddetailthesecurityenhancements.

LabProjects

•LabProject12.1SetupNetStumblerorKismetonacomputer,andthenuseittofindwirelessaccesspoints.Youwillneedthefollowing:

AlaptopwithWindowsorLinuxinstalled

Acompatiblewireless802.11networkadapterThendothefollowing:1.DownloadNetStumblerfromwww.netstumbler.comorKismetfrom

www.kismetwireless.net.2.ForNetStumbler,runtheWindowsInstaller.ForKismet,untarthesourcefileandthen

execute,inorder,./configure,make,andmakeinstall.

3.Starttheprogramandmakesurethatitseesyourwirelessadapter.4.Takethelaptoponyournormalcommute(ordrivearoundyourneighborhood)with

NetStumbler/Kismetrunning.

5.Loganyaccesspointsyoudetect.

•LabProject12.2AttempttoscantheareaforBluetoothdevices.YouwillneedacellphonewithBluetoothinstalledoracomputerwithaBluetoothadapter.Thendothefollowing:

1.Ifyou’reusingaPC,downloadBlueScannerfromSourceForgeathttp://sourceforge.net/projects/bluescanner/.

2.Takeyourphoneorcomputertoaplacewithmanypeople,suchasacafé.

3.StarttheprogramandmakesurethatitseesyourBluetoothadapter.4.AttempttoscanforvulnerableBluetoothdevices.

5.Ifyou’reusingyourphone,tellittoscanforBluetoothdevices.Anydevicesthatyoufindarerunningin“discoverable”modeandarepotentiallyexploitable.

chapter13 IntrusionDetectionSystemsandNetwork

Security

Oneperson’s“paranoia”isanotherperson’s“engineeringredundancy.”

—MARCUSJ.RANUM

A

Inthischapter,youwilllearnhowto

Applytheappropriatenetworktoolstofacilitatenetworksecurity

Determinetheappropriateuseoftoolstofacilitatenetworksecurity

Applyhost-basedsecurityapplications

nintrusiondetectionsystem(IDS)isasecuritysystemthatdetectsinappropriateormaliciousactivityonacomputerornetwork.Mostorganizationsusetheirownapproachestonetworksecurity,choosing

thelayersthatmakesenseforthemaftertheyweighrisks,potentialsforloss,costs,andmanpowerrequirements.Thefoundationforalayerednetworksecurityapproachusuallystarts

withawell-securedsystem,regardlessofthesystem’sfunction(whetherit’sauserPCoracorporatee-mailserver).Awell-securedsystemusesup-to-dateapplicationandoperatingsystempatches,requireswell-chosenpasswords,runstheminimumnumberofservicesnecessary,andrestrictsaccesstoavailableservices.Ontopofthatfoundation,youcanaddlayersofprotectivemeasuressuchasantivirusproducts,firewalls,sniffers,andIDSs.Someofthemorecomplicatedandinterestingtypesofnetwork/data

securitydevicesareIDSs,whicharetothenetworkworldwhatburglaralarmsaretothephysicalworld.ThemainpurposeofanIDSistoidentifysuspiciousormaliciousactivity,noteactivitythatdeviatesfromnormalbehavior,catalogandclassifytheactivity,and,ifpossible,respondtotheactivity.

HistoryofIntrusionDetectionSystemsLikemuchofthenetworktechnologyweseetoday,IDSsgrewfromaneedtosolvespecificproblems.LiketheInternetitself,theIDSconceptcamefromU.S.DepartmentofDefense–sponsoredresearch.Intheearly

1970s,theU.S.governmentandmilitarybecameincreasinglyawareoftheneedtoprotecttheelectronicnetworksthatwerebecomingcriticaltodailyoperations.

EarlyHistoryofIDSIn1972,JamesAndersonpublishedapaperfortheU.S.AirForceoutliningthegrowingnumberofcomputersecurityproblemsandtheimmediateneedtosecureAirForcesystems(JamesP.Anderson,“ComputerSecurityTechnologyPlanningStudyVolume2,”October1972,http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdf).Andersoncontinuedhisresearchandin1980publishedafollow-uppaperoutliningmethodstoimprovesecurityauditingandsurveillancemethods(“ComputerSecurityThreatMonitoringandSurveillance,”April15,1980,http://csrc.nist.gov/publications/history/ande80.pdf).Inthispaper,Andersonpioneeredtheconceptofusingsystemauditfilestodetectunauthorizedaccessandmisuse.Healsosuggestedtheuseofautomateddetectionsystems,whichpavedthewayformisusedetectiononmainframesystemsinuseatthetime.WhileAnderson’sworkgottheeffortsstarted,theconceptofareal-time,rule-basedIDS

didn’treallyexistuntilDorothyDenningandPeterNeumanndevelopedthefirstreal-timeIDSmodel,called“TheIntrusionDetectionExpertSystem(IDES),”fromtheirresearchbetween1984and1986.In1987,Denningpublished“AnIntrusion-DetectionModel,”apaperthatlaidoutthemodelonwhichmostmodernIDSsarebased(andwhichappearsinIEEETransactionsonSoftwareEngineering,Vol.SE-13,No.2[February1987]:222—232).

TheU.S.governmentcontinuedtofundresearchthatledtoprojectssuchasDiscovery,Haystack,MulticsIntrusionDetectionandAlertingSystem(MIDAS),andNetworkAuditDirectorandIntrusionReporter(NADIR).Finally,in1989,HaystackLabsreleasedStalker,thefirstcommercialIDS.Stalkerwashost-basedandworkedbycomparingauditdatatoknownpatternsofsuspiciousactivity.Whilethemilitaryandgovernmentembracedtheconcept,thecommercialworldwasveryslowtoadoptIDSproducts,anditwasseveralyearsbeforeothercommercialproductsbegantoemerge.Intheearlytomid-1990s,ascomputersystemscontinuedtogrow,

companiesstartedtorealizetheimportanceofIDSs;however,thesolutionsavailablewerehost-basedandrequiredagreatdealoftimeandmoneytomanageandoperateeffectively.Focusbegantoshiftawayfromhost-basedsystems,andnetwork-basedIDSsbegantoemerge.In1995,WheelGroupwasformedinSanAntonio,Texas,todevelopthefirst

commercialnetwork-basedIDSproduct,calledNetRanger.NetRangerwasdesignedtomonitornetworklinksandthetrafficmovingacrossthelinkstoidentifymisuseaswellassuspiciousandmaliciousactivity.NetRanger’sreleasewasquicklyfollowedbyInternetSecuritySystems’RealSecurein1996.SeveralotherplayersfollowedsuitandreleasedtheirownIDSproducts,butitwasn’tuntilthenetworkinggiantCiscoSystemsacquiredWheelGroupinFebruary1998thatIDSswererecognizedasavitalpartofanynetworksecurityinfrastructure.Figure13.1offersatimelineforthesedevelopments.

•Figure13.1HistoryoftheInternetandIDS

IDSOverviewAsmentioned,anIDSissomewhatlikeaburglaralarm.Itwatchestheactivitygoingonarounditandtriestoidentifyundesirableactivity.IDSsaretypicallydividedintotwomaincategories,dependingonhowtheymonitoractivity:

ExamTip:Knowthedifferencesbetweenhost-basedandnetwork-basedIDSs.Ahost-basedIDSrunsonaspecificsystem(serverorworkstation)andlooksatalltheactivityonthathost.Anetwork-basedIDSsniffstrafficfromthenetworkandseesonlyactivitythatoccursonthenetwork.

Host-basedIDS(HIDS)Examinesactivityonanindividualsystem,suchasamailserver,webserver,orindividualPC.Itisconcernedonlywithanindividualsystemandusuallyhasnovisibilityintotheactivityonthenetworkorsystemsaroundit.

Network-basedIDS(NIDS)Examinesactivityonthenetworkitself.Ithasvisibilityonlyintothetrafficcrossingthenetworklinkitismonitoringandtypicallyhasnoideaofwhatishappeningonindividualsystems.

Whetheritisnetwork-orhost-based,anIDStypicallyconsistsofseveralspecializedcomponentsworkingtogether,asillustratedinFigure13.2.Thesecomponentsareoftenlogicalandsoftware-basedratherthanphysicalandwillvaryslightlyfromvendortovendorandproducttoproduct.Typically,anIDShasthefollowinglogicalcomponents:

•Figure13.2LogicaldepictionofIDScomponents

Trafficcollector(orsensor)Collectsactivity/eventsfortheIDStoexamine.OnaHIDS,thiscouldbelogfiles,auditlogs,ortrafficcomingtoorleavingaspecificsystem.OnaNIDS,thisistypicallyamechanismforcopyingtrafficoffthenetworklink—basicallyfunctioningasasniffer.Thiscomponentisoftenreferredtoasasensor.

AnalysisengineExaminesthecollectednetworktrafficandcomparesittoknownpatternsofsuspiciousormaliciousactivitystoredinthesignaturedatabase.Theanalysisengineisthe“brains”oftheIDS.

SignaturedatabaseAcollectionofpatternsanddefinitionsofknownsuspiciousormaliciousactivity.

UserinterfaceandreportingInterfaceswiththehumanelement,

providingalertswhenappropriateandgivingtheuserameanstointeractwithandoperatetheIDS.

TechTip

IDSSignaturesAnIDSreliesheavilyonitssignaturedatabasejustlikeantivirusproductsrelyontheirvirusdefinitions.Ifanattackissomethingcompletelynew,anIDSmaynotrecognizethetrafficasmalicious.

Let’slookatanexampletoseehowallthesecomponentsworktogether.Imagineanetworkintruderisscanningyourorganizationforsystemsrunningawebserver.TheintruderlaunchesaseriesofnetworkprobesagainsteveryIPaddressinyourorganization.Thetrafficfromtheintrudercomesintoyournetworkandpassesthroughthetrafficcollector(sensor).Thetrafficcollectorforwardsthetraffictotheanalysisengine.Theanalysisengineexaminesandcategorizesthetraffic—itidentifiesalargenumberofprobescomingfromthesameoutsideIPaddress(theintruder).Theanalysisenginecomparestheobservedbehavioragainstthesignaturedatabaseandgetsamatch.Theintruder’sactivitymatchesaTCPportscan.Theintruderissendingprobestomanydifferentsystemsinashortperiodoftime.Theanalysisenginegeneratesanalarmthatispassedofftotheuserinterfaceandreportingmechanisms.Theuserinterfacegeneratesanotificationtotheadministrator(icon,logentry,andsoon).Theadministratorseesthealertandcannowdecidewhattodoaboutthepotentiallymalicioustraffic.AlarmstorageissimplyarepositoryofalarmstheIDShasrecorded—mostIDSproductsallowadministratorstoruncustomizedreportsthatsiftthroughthecollectedalarmsforitemstheadministratorissearchingfor,suchasallthealarmsgeneratedbyaspecificIPaddress.

MostIDSscanbetunedtofitaparticularenvironment.Certainsignaturescanbeturnedoff,tellingtheIDSnottolookforcertaintypesoftraffic.Forexample,ifyouareoperatinginapureUNIXenvironment,youmaynotwishtoseeWindows-basedalarms,astheywillnotaffectyoursystems.Additionally,theseverityofthealarmlevelscanbeadjusteddependingonhowconcernedyouareovercertaintypesoftraffic.SomeIDSsalsoallowtheusertoexcludecertainpatternsofactivityfromspecifichosts.Inotherwords,youcantelltheIDStoignorethefactthatsomesystemsgeneratetrafficthatlookslikemaliciousactivity,becauseitreallyisn’t.

Inadditiontothenetworkversushostdistinction,someIDSvendorswillfurthercategorizeanIDSbasedonhowitperformsthedetectionofsuspiciousormalicioustraffic.Thedifferentmodelsusedarecoveredinthenextsection.

IDSModelsInadditiontobeingdividedalongthehostandnetworklines,IDSsareoftenclassifiedaccordingtothedetectionmodeltheyuse:anomalyormisuse.ForanIDS,amodelisamethodforexaminingbehaviorsothattheIDScandeterminewhetherthatbehavioris“notnormal”orinviolationofestablishedpolicies.Ananomalydetectionmodelisthemorecomplicatedofthetwo.In

thismodel,theIDSmustknowwhat“normal”behavioronthehostornetworkbeingprotectedreallyis.Oncethe“normal”behaviorbaselineisestablished,theIDScanthengotoworkidentifyingdeviationsfromthenorm,whicharefurtherscrutinizedtodeterminewhetherornotthatactivityismalicious.BuildingtheprofileofnormalactivityisusuallydonebytheIDS,withsomeinputfromsecurityadministrators,andcantakedaystomonths.TheIDSmustbeflexibleandcapableenoughtoaccountforthingssuchasnewsystems,newusers,movementofinformationresources,andotherfactors,butbesensitiveenoughtodetectasingleuserillegallyswitchingfromoneaccounttoanotherat3A.M.onaSaturday.

ExamTip:Anomalydetectionlooksforthingsthatareoutoftheordinary,suchasauserlogginginwhenhe’snotsupposedtoorunusuallyhighnetworktrafficintoandoutofaworkstation.

Anomalydetectionwasdevelopedtomakethesystemcapableofdealingwithvariationsintrafficandbetterabletodeterminewhichactivitypatternsweremalicious.Aperfectlyfunctioninganomaly-basedsystemwouldbeabletoignorepatternsfromlegitimatehostsandusersbutstillidentifythosepatternsassuspiciousshouldtheycomefromapotentialattacker.Unfortunately,mostanomaly-basedsystemssufferfromextremelyhighfalsepositives,especiallyduringthe“break-in”periodwhiletheIDSislearningthenetwork.Ontheotherhand,ananomaly-basedsystemisnotrestrictedtoaspecificsignaturesetandisfarmorelikelytoidentifyanewexploitorattacktoolthatwouldgounnoticedbyatraditionalIDS.

ExamTip:Misusedetectionlooksforthingsthatviolatepolicy,suchasadenial-of-serviceattacklaunchedatyourwebserveroranattackerattemptingtobrute-forceanSSHsession.

Amisusedetectionmodelisalittlesimplertoimplement,andthereforeit’sthemorepopularofthetwomodels.Inamisusedetectionmodel,theIDSlooksforsuspiciousactivityoractivitythatviolatesspecificpoliciesandthenreactsasithasbeenprogrammedtodo.Thisreactioncanbeanalarm,e-mail,routerreconfiguration,orTCPresetmessage.Technically,misusedetectionisthemoreefficientmodel,asittakesfewerresourcestooperate,doesnotneedtolearnwhat“normal”behavioris,andwillgenerateanalarmwheneverapatternissuccessfullymatched.However,themisusemodel’sgreatestweaknessisitsrelianceonapredefinedsignaturebase—anyactivity,maliciousorotherwise,thatthe

misuse-basedIDSdoesnothaveasignatureforwillgoundetected.Despitethatdrawbackandbecauseitiseasierandcheapertoimplement,mostcommercialIDSproductsarebasedonthemisusedetectionmodel.SomeanalystsbreakIDSmodelsdownevenfurtherintofourcategories

dependingonhowtheIDSoperatesanddetectsmalicioustraffic(thesamemodelscanalsobeappliedtointrusionpreventionsystemsaswell—bothNIPSandHIPS):

Behavior-basedThismodelreliesonacollectedsetof“normalbehavior”:whatshouldhappenonthenetworkandisconsidered“normal”or“acceptable”traffic.Behaviorthatdoesnotfitintothe“normal”activitycategoriesorpatternsisconsideredsuspiciousormalicious.Thismodelcanpotentiallydetectzero-dayorunpublishedattacksbutcarriesahighfalsepositiverateasanynewtrafficpatterncanbelabeledas“suspect.”

Signature-basedThismodelreliesonapredefinedsetofpatterns(calledsignatures).TheIDShastoknowwhatbehaviorisconsidered“bad”aheadoftimebeforeitcanidentifyandactuponsuspiciousormalicioustraffic.

Anomaly-basedThismodelisessentiallythesameasbehavior-based.TheIDSisfirsttaughtwhat“normal”trafficlookslikeandthenlooksfordeviationstothose“normal”patterns.

HeuristicThismodelusesartificialintelligencetodetectintrusionsandmalicioustraffic.AheuristicmodelistypicallyimplementedthroughalgorithmsthathelpanIDSdecideifatrafficpatternismaliciousornot.Forexample,aURLcontaining10ormoreofthesamerepeatingcharactermaybeconsidered“bad”trafficasasinglesignature.Withaheuristicmodel,theIDSunderstandsthatif10repeatingcharactersarebad,11arestillbad,and20areevenworse.Thisimplementationoffuzzylogicallowsthismodeltofallsomewherebetweensignature-basedandbehavior-basedmodels.

SignaturesAsyouhaveprobablydeducedfromthediscussionsofar,oneofthecriticalelementsofanygoodIDSisthesignaturedatabase—thesetofpatternstheIDSusestodeterminewhetherornotactivityispotentiallyhostile.Signaturescanbeverysimpleorremarkablycomplicated,dependingontheactivitytheyaretryingtohighlight.Ingeneral,signaturescanbedividedintotwomaingroups,dependingonwhatthesignatureislookingfor:content-basedandcontext-based.Content-basedsignaturesaregenerallythesimplest.Theyare

designedtoexaminethecontentofsuchthingsasnetworkpacketsorlogentries.Content-basedsignaturesaretypicallyeasytobuildandlookforsimplethings,suchasacertainstringofcharactersoracertainflagsetinaTCPpacket.Herearesomeexamplecontent-basedsignatures:

Matchingthecharacters/etc/passwdinaTelnetsession.OnaUNIXsystem,thenamesofvaliduseraccounts(andsometimesthepasswordsforthoseuseraccounts)arestoredinafilecalledpasswdlocatedintheetcdirectory.

Matchingthecharacters“to:decode”intheheaderofane-mailmessage.Oncertainolderversionsofsendmail,sendingane-mailmessageto“decode”wouldcausethesystemtoexecutethecontentsofthee-mail.

Context-basedsignaturesaregenerallymorecomplicated,astheyaredesignedtomatchlargepatternsofactivityandexaminehowcertaintypesofactivityfitintotheotheractivitiesgoingonaroundthem.Contextsignaturesgenerallyaddressthequestion:Howdoesthiseventcomparetoothereventsthathavealreadyhappenedormighthappeninthenearfuture?Context-basedsignaturesaremoredifficulttoanalyzeandtakemoreresourcestomatch,astheIDSmustbeableto“remember”pasteventstomatchcertaincontextsignatures.Herearesomeexamplecontext-basedsignatures:

Matchapotentialintruderscanningforopenwebserversonaspecificnetwork.Apotentialintrudermayuseaportscannertolookforanysystemsacceptingconnectionsonport80.Tomatchthissignature,theIDSmustanalyzeallattemptedconnectionstoport80andthenbeabletodeterminewhichconnectionattemptsarecomingfromthesamesourcebutaregoingtomultiple,differentdestinations.

IdentifyaNessusscan.Nessusisanopen-sourcevulnerabilityscannerthatallowssecurityadministrators(andpotentialattackers)toquicklyexaminesystemsforvulnerabilities.Dependingonthetestschosen,Nessustypicallyperformsthetestsinacertainorder,oneaftertheother.TobeabletodeterminethepresenceofaNessusscan,theIDSmustknowwhichtestsNessusrunsaswellasthetypicalorderinwhichthetestsarerun.

Identifyapingfloodattack.AsingleICMPpacketonitsownisgenerallyregardedasharmless,certainlynotworthyofanIDSsignature.YetthousandsofICMPpacketscomingtoasinglesysteminashortperiodoftimecanhaveadevastatingeffectonthereceivingsystem.ByfloodingasystemwiththousandsofvalidICMPpackets,anattackercankeepatargetsystemsobusyitdoesn’thavetimetodoanythingelse—averyeffectivedenial-of-serviceattack.Toidentifyapingflood,theIDSmustrecognizeeachICMPpacketandkeeptrackofhowmanyICMPpacketsdifferentsystemshavereceivedintherecentpast.

ExamTip:Knowthedifferencesbetweencontent-basedandcontext-basedsignatures.Content-basedsignaturesmatchspecificcontent,suchasacertainstringorseriesofcharacters(matchingthestring/etc/passwdinanFTPsession).Context-basedsignaturesmatchapatternofactivitybasedontheotheractivityaroundit,suchasaportscan.

Tofunction,theIDSmusthaveadecentsignaturebasewithexamplesofknown,undesirableactivitythatitcanusewhenanalyzingtrafficor

events.AnytimeanIDSmatchescurrenteventsagainstasignature,theIDScouldbeconsideredsuccessful,asithascorrectlymatchedthecurrenteventagainstaknownsignatureandreactedaccordingly(usuallywithanalarmoralertofsometype).

FalsePositivesandFalseNegativesViewedinitssimplestform,anIDSisreallyjustlookingatactivity(beithost-basedornetwork-based)andmatchingitagainstapredefinedsetofpatterns.Whenitmatchesactivitytoaspecificpattern,theIDScannotknowthetrueintentbehindthatactivity—whetheritisbenignorhostile—andthereforeitcanreactonlyasithasbeenprogrammedtodo.Inmostcases,thismeansgeneratinganalertthatmustthenbeanalyzedbyahumanwhotriestodeterminetheintentofthetrafficfromwhateverinformationisavailable.WhenanIDSmatchesapatternandgeneratesanalarmforbenigntraffic,meaningthetrafficwasnothostileandnotathreat,thisiscalledafalsepositive.Inotherwords,theIDSmatchedapatternandraisedanalarmwhenitdidn’treallyneedtodoso.KeepinmindthattheIDScanonlymatchpatternsandhasnoabilitytodetermineintentbehindtheactivity,soinsomewaysthisisanunfairlabel.Technically,theIDSisfunctioningcorrectlybymatchingthepattern,butfromahumanstandpointthisisnotinformationtheanalystneededtosee,asitdoesnotconstituteathreatanddoesnotrequireintervention.

Toreducethegenerationoffalsepositives,mostadministratorstunetheIDS.“Tuning”anIDSistheprocessofconfiguringtheIDSsothatitworksinyourspecificenvironment—generatingalarmsformalicioustrafficandnotgeneratingalarmsfortrafficthatis“normal”foryournetwork.EffectivelytuninganIDScanresultinsignificantreductionsinfalse-positivetraffic.

AnIDSisalsolimitedbyitssignatureset—itcanmatchonlyactivityforwhichithasstoredpatterns.HostileactivitythatdoesnotmatchanIDSsignatureandthereforegoesundetectediscalledafalsenegative.Inthis

case,theIDSisnotgeneratinganyalarms,eventhoughitshouldbe,givingafalsesenseofsecurity.

Network-BasedIDSsNetwork-basedIDSs(NIDSs)actuallycamealongafewyearsafterhost-basedsystems.Afterrunninghost-basedsystemsforawhile,manyorganizationsgrewtiredofthetime,energy,andexpenseinvolvedwithmanagingthefirstgenerationofthesesystems—thehost-basedsystemswerenotcentrallymanaged,therewasnoeasywaytocorrelatealertsbetweensystems,andfalse-positiverateswerehigh.Thedesirefora“betterway”grewalongwiththeamountofinterconnectivitybetweensystemsand,consequently,theamountofmaliciousactivitycomingacrossthenetworksthemselves.ThisfueleddevelopmentofanewbreedofIDSdesignedtofocusonthesourceforagreatdealofthemalicioustraffic—thenetworkitself.

TechTip

NetworkVisibilityAnetworkIDShastobeabletoseetraffictofindthemalicioustraffic.EncryptedtrafficsuchasSSHorHTTPSsessionsmustbedecryptedbeforeanetworkIDScanexaminethem.

TheNIDSintegratedverywellintotheconceptofperimetersecurity.Moreandmorecompaniesbegantooperatetheircomputersecuritylikeacastleormilitarybase(seeFigure13.3),withattentionandeffortfocusedonsecuringandcontrollingthewaysinandout—theideabeingthatifyoucouldrestrictandcontrolaccessattheperimeter,youdidn’thavetoworryasmuchaboutactivityinsidetheorganization.Eventhoughtheideaofasecurityperimeterissomewhatflawed(manysecurityincidentsoriginateinsidetheperimeter),itcaughtonveryquickly,asitwaseasytounderstandanddevicessuchasfirewalls,bastionhosts,androuterswere

availabletodefineandsecurethatperimeter.Thebestwaytosecuretheperimeterfromoutsideattackistorejectalltrafficfromexternalentities,butthisisimpossibleandimpracticaltodo,sosecuritypersonnelneededawaytolettrafficinbutstillbeabletodeterminewhetherornotthetrafficwasmalicious.ThisistheproblemthatNIDSdevelopersweretryingtosolve.

•Figure13.3Networkperimetersarealittlelikecastles—firewallsandNIDSsformthegatesandguardstokeepmalicioustrafficout.

Asitsnamesuggests,aNIDSfocusesonnetworktraffic—thebitsandbytestravelingalongthecablesandwiresthatinterconnectthesystems.ANIDSmustexaminethenetworktrafficasitpassesbyandbeabletoanalyzetrafficaccordingtoprotocol,type,amount,source,destination,content,trafficalreadyseen,andotherfactors.Thisanalysismusthappenquickly,andtheNIDSmustbeabletohandletrafficatwhateverspeedthenetworkoperatestobeeffective.NIDSsaretypicallydeployedsothattheycanmonitortrafficinandout

ofanorganization’smajorlinks:connectionstotheInternet,remoteoffices,partners,andsoon.Likehost-basedsystems,NIDSslookforcertainactivitiesthattypifyhostileactionsormisuse,suchasthefollowing:

Denial-of-serviceattacks

Portscansorsweeps

Maliciouscontentinthedatapayloadofapacketorpackets

Vulnerabilityscanning

Trojans,viruses,orworms

Tunneling

Brute-forceattacks

Ingeneral,mostNIDSsoperateinafairlysimilarfashion.Figure13.4showsthelogicallayoutofaNIDS.Byconsideringthefunctionandactivityofeachcomponent,youcangainsomeinsightintohowaNIDSoperates.

•Figure13.4NetworkIDScomponents

Inthesimplestform,aNIDShasthesamemajorcomponents:trafficcollector,analysisengine,reports,andauserinterface.InaNIDS,thetrafficcollectorisspecificallydesignedtopulltraffic

fromthenetwork.Thiscomponentusuallybehavesinmuchthesamewayasanetworktrafficsniffer—itsimplypullseverypacketitcanseeoffthenetworktowhichitisconnected.InaNIDS,thetrafficcollectorwilllogicallyattachitselftoanetworkinterfacecard(NIC)andinstructtheNICtoaccepteverypacketitcan.ANICthatacceptsandprocesseseverypacketregardlessofthepacket’soriginanddestinationissaidtobeinpromiscuousmode.

TechTip

AnotherWaytoLookatNIDSsInitssimplestform,aNIDSisalotlikeamotiondetectorandavideosurveillancesystemrolledintoone.TheNIDSnotestheundesirableactivity,generatesanalarm,andrecordswhathappens.

TheanalysisengineinaNIDSservesthesamefunctionasitshost-basedcounterpart,withsomesubstantialdifferences.Thenetworkanalysisenginemustbeabletocollectpacketsandexaminethemindividuallyor,ifnecessary,reassemblethemintoanentiretrafficsession.Thepatternsandsignaturesbeingmatchedarefarmorecomplicatedthanhost-basedsignatures,sotheanalysisenginemustbeabletorememberwhattrafficprecededthetrafficcurrentlybeinganalyzedsothatitcandeterminewhetherornotthattrafficfitsintoalargerpatternofmaliciousactivity.Additionally,thenetwork-basedanalysisenginemustbeabletokeepupwiththeflowoftrafficonthenetwork,rebuildingnetworksessionsandmatchingpatternsinrealtime.

CrossCheck

NIDSandEncryptedTrafficYoulearnedaboutencryptedtrafficinChapter5,socheckyourmemorywiththesequestions.WhatisSSH?Whatisaone-timepad?Canyounameatleastthreedifferentalgorithms?

TheNIDSsignaturedatabaseisusuallymuchlargerthanthatofahost-basedsystem.Whenexaminingnetworkpatterns,theNIDSmustbeabletorecognizetraffictargetedatmanydifferentapplicationsandoperatingsystemsaswellastrafficfromawidevarietyofthreats(worms,assessmenttools,attacktools,andsoon).Someofthesignaturesthemselvescanbequitelarge,astheNIDSmustlookatnetworktraffic

occurringinaspecificorderoveraperiodoftimetomatchaparticularmaliciouspattern.Usingthelessonslearnedfromearlyhost-basedsystems,NIDS

developersmodifiedthelogicalcomponentdesignsomewhattodistributetheuserinterfaceandreportingfunctions.Asmanycompanieshadmorethanonenetworklink,theywouldneedanIDScapableofhandlingmultiplelinksinmanydifferentlocations.TheearlyIDSvendorssolvedthisdilemmabydividingthecomponentsandassigningthemtoseparateentities.Thetrafficcollector,analysisengine,andsignaturedatabasewerebundledintoasingleentity,usuallycalledasensororappliance.Thesensorswouldreporttoandbecontrolledbyacentralsystemormasterconsole.Thiscentralsystem,showninFigure13.5,consolidatedalarmsandprovidedtheuserinterfaceandreportingfunctionsthatallowedusersinonelocationtomanage,maintain,andmonitorsensorsdeployedinavarietyofremotelocations.

•Figure13.5DistributednetworkIDScomponents

Bycreatingseparatecomponentsdesignedtoworktogether,theNIDSdeveloperswereabletobuildamorecapableandflexiblesystem.Withencryptedcommunications,networksensorscouldbeplacedaroundbothlocalandremoteperimetersandstillbemonitoredandmanagedsecurelyfromacentrallocation.Placementofthesensorsveryquicklybecameanissueformostsecuritypersonnel,asthesensorsobviouslyhadtohavevisibilityofthenetworktrafficinordertoanalyzeit.BecausemostorganizationswithNIDSsalsohadfirewalls,locationoftheNIDSrelativetothefirewallhadtobeconsideredaswell.Placedbeforethefirewall,asshowninFigure13.6,theNIDSwillseealltrafficcominginfromthe

Internet,includingattacksagainstthefirewallitself.Thisincludestrafficthatthefirewallstopsanddoesnotpermitintothecorporatenetwork.Withthistypeofdeployment,theNIDSsensorwillgeneratealargenumberofalarms(includingalarmsfortrafficthatthefirewallwouldstop).Thistendstooverwhelmthehumanoperatorsmanagingthesystem.

•Figure13.6NIDSsensorplacedinfrontoffirewall

Placedafterthefirewall,asshowninFigure13.7,theNIDSsensorseesandanalyzesthetrafficthatisbeingpassedthroughthefirewallandintothecorporatenetwork.WhilethisdoesnotallowtheNIDStoseeattacksagainstthefirewall,itgenerallyresultsinfarfeweralarmsandisthemostpopularplacementforNIDSsensors.

•Figure13.7NIDSsensorplacedbehindfirewall

Asyoualreadyknow,NIDSsexaminethenetworktrafficforsuspiciousormaliciousactivity.HerearetwoexamplesofsuspicioustraffictoillustratetheoperationofaNIDS:

PortscanAportscanisareconnaissanceactivityapotentialattackerusestofindoutinformationaboutthesystemshewantstoattack.Usinganyofanumberoftools,theattackerattemptstoconnecttovariousservices(web,FTP,SMTP,andsoon)toseeiftheyexistontheintendedtarget.Innormalnetworktraffic,asingleusermightconnecttotheFTPserviceprovidedonasinglesystem.Duringaportscan,anattackermayattempttoconnecttotheFTPserviceoneverysystem.Astheattacker’strafficpassesbytheIDS,theIDSwillnoticethispatternofattemptingtoconnecttodifferentservicesondifferentsystemsinarelativelyshortperiodoftime.WhentheIDScompares

theactivitytoitssignaturedatabase,itwillverylikelymatchthistrafficagainsttheportscanningsignatureandgenerateanalarm.

PingofdeathTowardtheendof1996,itwasdiscoveredthatcertainoperatingsystems,suchasWindows,couldbecrashedbysendingaverylargeInternetControlMessageProtocol(ICMP)echorequestpackettothatsystem.ThisisafairlysimpletrafficpatternforaNIDStoidentify,asitsimplyhastolookforICMPpacketsoveracertainsize.

PortscanningactivityisrampantontheInternet.MostorganizationswithNIDSseehundredsorthousandsofportscanalarmseverydayfromsourcesaroundtheworld.Someadministratorsreducethealarmlevelofportscanalarmsorignoreportscanningtrafficbecausethereissimplytoomuchtraffictotrackdownandrespondtoeachalarm.

AdvantagesofaNIDSANIDShascertainadvantagesthatmakeitagoodchoiceforcertainsituations:

ProvidingIDScoveragerequiresfewersystems.Withafewwell-placedNIDSsensors,youcanmonitorallthenetworktrafficgoinginandoutofyourorganization.Fewersensorsusuallyequatestolessoverheadandmaintenance,meaningyoucanprotectthesamenumberofsystemsatalowercost.

Deployment,maintenance,andupgradecostsareusuallylower.ThefewersystemsthathavetobemanagedandmaintainedtoprovideIDScoverage,thelowerthecosttooperatetheIDS.Upgradingandmaintainingafewsensorsisusuallymuchcheaperthanupgradingandmaintaininghundredsofhost-basedprocesses.

ANIDShasvisibilityintoallnetworktrafficandcancorrelateattacks

amongmultiplesystems.Well-placedNIDSsensorscanseethe“bigpicture”whenitcomestonetwork-basedattacks.Thenetworksensorscantellyouwhetherattacksarewidespreadandunorganizedorfocusedandconcentratedonspecificsystems.

DisadvantagesofaNIDSANIDShascertaindisadvantages:

Itisineffectivewhentrafficisencrypted.Whennetworktrafficisencryptedfromapplicationtoapplicationorsystemtosystem,aNIDSsensorwillnotbeabletoexaminethattraffic.Withtheincreasingpopularityofencryptedtraffic,thisisbecomingabiggerproblemforeffectiveIDSoperations.

Itcan’tseetrafficthatdoesnotcrossit.TheIDSsensorcanexamineonlytrafficcrossingthenetworklinkitismonitoring.WithmostIDSsensorsbeingplacedonperimeterlinks,traffictraversingtheinternalnetworkisneverseen.

Itmustbeabletohandlehighvolumesoftraffic.Asnetworkspeedscontinuetoincrease,thenetworksensorsmustbeabletokeeppaceandexaminethetrafficasquicklyasitcanpassthenetwork.WhenNIDSswereintroduced,10-Mbpsnetworkswerethenorm.Now100-Mbpsandeven1-Gbpsnetworksarecommonplace.ThisincreaseintrafficspeedsmeansIDSsensorsmustbefasterandmorepowerfulthaneverbefore.

Itdoesn’tknowaboutactivityonthehoststhemselves.NIDSsfocusonnetworktraffic.ActivitythatoccursonthehoststhemselveswillnotbeseenbyaNIDS.

TechTip

TCPResetThemostcommondefensiveabilityforanactiveNIDSistosendaTCPresetmessage.WithinTCP,theresetmessage(RST)essentiallytellsbothsidesoftheconnectiontodropthesessionandstopcommunicatingimmediately.Whilethismechanismwasoriginallydevelopedtocoversituationssuchassystemsaccidentallyreceivingcommunicationsintendedforothersystems,theresetmessageworksfairlywellforNIDSs—withoneseriousdrawback:aresetmessageaffectsonlythecurrentsession.Nothingpreventstheattackerfromcomingbackandtryingagainandagain.Despitethe“temporariness”ofthissolution,sendingaresetmessageisusuallytheonlydefensivemeasureimplementedonNIDSdeployments,asthefearofblockinglegitimatetrafficanddisruptingbusinessprocesses,evenforafewmoments,oftenoutweighstheperceivedbenefitofdiscouragingpotentialintruders.

Activevs.PassiveNIDSsMostNIDSscanbedistinguishedbyhowtheyexaminethetrafficandwhetherornottheyinteractwiththattraffic.Onapassivesystem,theNIDSsimplywatchesthetraffic,analyzesit,andgeneratesalarms.Itdoesnotinteractwiththetrafficitselfinanyway,anditdoesnotmodifythedefensivepostureofthesystemtoreacttothetraffic.ApassiveNIDSisverysimilartoasimplemotionsensor—itgeneratesanalarmwhenitmatchesapattern,muchasthemotionsensorgeneratesanalarmwhenitseesmovement.AnactiveNIDScontainsallthesamecomponentsandcapabilitiesofthepassiveNIDSwithonecriticaladdition—theactiveNIDScanreacttothetrafficitisanalyzing.Thesereactionscanrangefromsomethingsimple,suchassendingaTCPresetmessagetointerruptapotentialattackanddisconnectasession,tosomethingcomplex,suchasdynamicallymodifyingfirewallrulestorejectalltrafficfromspecificsourceIPaddressesforthenext24hours.

NIDSToolsTherearenumerousexamplesofNIDStoolsinthemarketplace,fromopensourceprojectstocommercialentries.SnorthasbeenthedefactostandardIDSenginesinceitscreationin1998.Ithasalargeuserbaseand

setthestandardformanyIDSelement,includingrulesetsandformats.SnortrulesarethelistofactivitiesthatSnortwillalertonandprovidetheflexiblepowerbehindtheIDSplatform.SnortrulesetsareupdatedbyalargeactivecommunityaswellasSourcefireVulnerabilityResearchTeam,thecompanybehindSnort.SnortVRTrulesetsareavailabletosubscribersandprovidesuchelementsassame-dayprotectionforitemssuchasMicrosoftpatchTuesdayvulnerabilities.Theserulesaremovedtotheopencommunityafter30days.AnewerentranttotheIDSmarketplaceisSuricata.Suricataisanopen

sourceIDS,begunwithgrantmoneyfromtheU.S.governmentandmaintainedbytheOpenSourceSecurityFoundation(OSIF).SuricatahasoneadvantageoverSnort:itsupportsmultithreading,whileSnortonlysupportssingle-threadedoperation.Bothofthesesystemsarehighlyflexibleandscalable,operatingonbothWindowsandLinuxplatforms.

TechTip

SnortRulesThebasicformatforSnortrulesisaruleheaderfollowedbyruleoptions.

Host-BasedIDSsTheveryfirstIDSswerehost-basedanddesignedtoexamineactivityonlyonaspecifichost.Ahost-basedIDS(HIDS)examineslogfiles,audittrails,andnetworktrafficcomingintoorleavingaspecifichost.HIDSscanoperateinrealtime,lookingforactivityasitoccurs,orinbatchmode,lookingforactivityonaperiodicbasis.Host-basedsystemsaretypicallyself-contained,butmanyofthenewercommercialproductshavebeendesignedtoreporttoandbemanagedbyacentralsystem.Host-based

systemsalsotakelocalsystemresourcestooperate.Inotherwords,aHIDSwilluseupsomeofthememoryandCPUcyclesofthesystemitisprotecting.EarlyversionsofHIDSsraninbatchmode,lookingforsuspiciousactivityonanhourlyordailybasis,andtypicallylookedonlyforspecificeventsinthesystem’slogfiles.Asprocessorspeedsincreased,laterversionsofHIDSslookedthroughthelogfilesinrealtimeandevenaddedtheabilitytoexaminethedatatrafficthehostwasgeneratingandreceiving.MostHIDSsfocusonthelogfilesoraudittrailsgeneratedbythelocal

operatingsystem.OnUNIXsystems,theexaminedlogsusuallyincludethosecreatedbysyslog,suchasmessages,kernellogs,anderrorlogs.OnWindowssystems,theexaminedlogsaretypicallythethreeeventlogs:Application,System,andSecu